The following issues were found

Userland/Libraries/LibWeb/CodeGenerators/WrapperGenerator.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 398 Column: 38 CWE codes: 362 

                  args_parser.add_positional_argument(path, "IDL file", "idl-file");
    args_parser.parse(argc, argv);

    auto file_or_error = Core::File::open(path, Core::OpenMode::ReadOnly);
    if (file_or_error.is_error()) {
        warnln("Failed to open {}: {}", path, file_or_error.error());
        return 1;
    }

Reported by FlawFinder.

Userland/Libraries/LibWeb/HTML/AttributeNames.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 164 Column: 32 CWE codes: 362 

                  __ENUMERATE_HTML_ATTRIBUTE(onwebkitanimationstart)     \
    __ENUMERATE_HTML_ATTRIBUTE(onwebkittransitionend)      \
    __ENUMERATE_HTML_ATTRIBUTE(onwheel)                    \
    __ENUMERATE_HTML_ATTRIBUTE(open)                       \
    __ENUMERATE_HTML_ATTRIBUTE(pattern)                    \
    __ENUMERATE_HTML_ATTRIBUTE(ping)                       \
    __ENUMERATE_HTML_ATTRIBUTE(placeholder)                \
    __ENUMERATE_HTML_ATTRIBUTE(playsinline)                \
    __ENUMERATE_HTML_ATTRIBUTE(poster)                     \

Reported by FlawFinder.

Userland/Libraries/LibWeb/HTML/EventNames.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 44 Column: 28 CWE codes: 362 

                  __ENUMERATE_HTML_EVENT(messageerror)            \
    __ENUMERATE_HTML_EVENT(offline)                 \
    __ENUMERATE_HTML_EVENT(online)                  \
    __ENUMERATE_HTML_EVENT(open)                    \
    __ENUMERATE_HTML_EVENT(pagehide)                \
    __ENUMERATE_HTML_EVENT(pageshow)                \
    __ENUMERATE_HTML_EVENT(paste)                   \
    __ENUMERATE_HTML_EVENT(popstate)                \
    __ENUMERATE_HTML_EVENT(readystatechange)        \

Reported by FlawFinder.

Userland/Libraries/LibWeb/HTML/WebSocket.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 179 Column: 51 CWE codes: 362 

                  // 1. Change the readyState attribute's value to OPEN (1).
    // 2. Change the extensions attribute's value to the extensions in use, if it is not the null value. [WSP]
    // 3. Change the protocol attribute's value to the subprotocol in use, if it is not the null value. [WSP]
    dispatch_event(DOM::Event::create(EventNames::open));
}

// https://html.spec.whatwg.org/multipage/web-sockets.html#feedback-from-the-protocol
void WebSocket::on_error()
{

Reported by FlawFinder.

Userland/Libraries/LibWeb/HTML/WebSocket.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 23 Column: 33 CWE codes: 362 

              #define ENUMERATE_WEBSOCKET_EVENT_HANDLERS(E) \
    E(onerror, HTML::EventNames::error)       \
    E(onclose, HTML::EventNames::close)       \
    E(onopen, HTML::EventNames::open)         \
    E(onmessage, HTML::EventNames::message)

namespace Protocol {
class WebSocketClient;
class WebSocket;

Reported by FlawFinder.

Userland/Libraries/LibWeb/Loader/ResourceLoader.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 136 Column: 17 CWE codes: 362 

                  if (url.protocol() == "file") {
        auto f = Core::File::construct();
        f->set_filename(url.path());
        if (!f->open(Core::OpenMode::ReadOnly)) {
            dbgln("ResourceLoader::load: Error: {}", f->error_string());
            if (error_callback)
                error_callback(f->error_string(), {});
            return;
        }

Reported by FlawFinder.

Userland/Libraries/LibWeb/WebAssembly/WebAssemblyInstanceObjectPrototype.cpp
1 issues
syntax error
Error

Line: 19 

                  define_native_accessor("exports", exports_getter, {}, JS::Attribute::Enumerable | JS::Attribute::Configurable);
}

JS_DEFINE_NATIVE_FUNCTION(WebAssemblyInstancePrototype::exports_getter)
{
    auto this_value = vm.this_value(global_object);
    auto this_object = this_value.to_object(global_object);
    if (vm.exception())
        return {};

Reported by Cppcheck.

Userland/Libraries/LibWeb/WebAssembly/WebAssemblyMemoryPrototype.cpp
1 issues
syntax error
Error

Line: 20 

                  define_native_function("grow", grow, 1, JS::Attribute::Writable | JS::Attribute::Enumerable | JS::Attribute::Configurable);
}

JS_DEFINE_NATIVE_FUNCTION(WebAssemblyMemoryPrototype::grow)
{
    auto page_count = vm.argument(0).to_u32(global_object);
    if (vm.exception())
        return {};
    auto* this_object = vm.this_value(global_object).to_object(global_object);

Reported by Cppcheck.

Userland/Libraries/LibWeb/WebAssembly/WebAssemblyObject.cpp
1 issues
syntax error
Error

Line: 82 

                  }
}

JS_DEFINE_NATIVE_FUNCTION(WebAssemblyObject::validate)
{
    // FIXME: Implement this once module validation is implemented in LibWasm.
    dbgln("Hit WebAssemblyObject::validate() stub!");
    return JS::Value { true };
}

Reported by Cppcheck.

Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 109 Column: 40 CWE codes: 362 

              }

// https://xhr.spec.whatwg.org/#dom-xmlhttprequest-open
DOM::ExceptionOr<void> XMLHttpRequest::open(const String& method, const String& url)
{
    // FIXME: Let settingsObject be this’s relevant settings object.

    // FIXME: If settingsObject has a responsible document and it is not fully active, then throw an "InvalidStateError" DOMException.

Reported by FlawFinder.