The following issues were found
Userland/Libraries/LibC/string.h
6 issues
Line: 32
Column: 87
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
__attribute__((malloc)) char* strdup(const char*);
__attribute__((malloc)) char* strndup(const char*, size_t);
__attribute__((deprecated("use strlcpy or String::copy_characters_to_buffer"))) char* strcpy(char* dest, const char* src);
__attribute__((deprecated("use strlcpy or String::copy_characters_to_buffer"))) char* strncpy(char* dest, const char* src, size_t);
__attribute__((warn_unused_result)) size_t strlcpy(char* dest, const char* src, size_t);
char* strchr(const char*, int c);
char* strchrnul(const char*, int c);
Reported by FlawFinder.
Line: 41
Column: 50
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
char* strstr(const char* haystack, const char* needle);
char* strrchr(const char*, int c);
__attribute__((deprecated("use strncat"))) char* strcat(char* dest, const char* src);
char* strncat(char* dest, const char* src, size_t);
size_t strspn(const char*, const char* accept);
size_t strcspn(const char*, const char* reject);
int strerror_r(int, char*, size_t);
Reported by FlawFinder.
Line: 21
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int strncmp(const char*, const char*, size_t);
int memcmp(const void*, const void*, size_t);
void* memcpy(void*, const void*, size_t);
void* memmove(void*, const void*, size_t);
void* memchr(const void*, int c, size_t);
const void* memmem(const void* haystack, size_t, const void* needle, size_t);
void* memset(void*, int, size_t);
Reported by FlawFinder.
Line: 14
Column: 8
CWE codes:
126
__BEGIN_DECLS
size_t strlen(const char*);
size_t strnlen(const char*, size_t maxlen);
int strcmp(const char*, const char*);
int strncmp(const char*, const char*, size_t);
Reported by FlawFinder.
Line: 33
Column: 87
CWE codes:
120
__attribute__((malloc)) char* strndup(const char*, size_t);
__attribute__((deprecated("use strlcpy or String::copy_characters_to_buffer"))) char* strcpy(char* dest, const char* src);
__attribute__((deprecated("use strlcpy or String::copy_characters_to_buffer"))) char* strncpy(char* dest, const char* src, size_t);
__attribute__((warn_unused_result)) size_t strlcpy(char* dest, const char* src, size_t);
char* strchr(const char*, int c);
char* strchrnul(const char*, int c);
char* strstr(const char* haystack, const char* needle);
Reported by FlawFinder.
Line: 42
Column: 7
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
char* strrchr(const char*, int c);
__attribute__((deprecated("use strncat"))) char* strcat(char* dest, const char* src);
char* strncat(char* dest, const char* src, size_t);
size_t strspn(const char*, const char* accept);
size_t strcspn(const char*, const char* reject);
int strerror_r(int, char*, size_t);
char* strerror(int errnum);
Reported by FlawFinder.
Userland/Libraries/LibTLS/HandshakeClient.cpp
6 issues
Line: 45
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (is_aead) {
iv_size = 4; // Explicit IV size.
} else {
memcpy(m_context.crypto.local_mac, key + offset, mac_size);
offset += mac_size;
memcpy(m_context.crypto.remote_mac, key + offset, mac_size);
offset += mac_size;
}
Reported by FlawFinder.
Line: 47
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(m_context.crypto.local_mac, key + offset, mac_size);
offset += mac_size;
memcpy(m_context.crypto.remote_mac, key + offset, mac_size);
offset += mac_size;
}
auto client_key = key + offset;
offset += key_size;
Reported by FlawFinder.
Line: 81
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CipherAlgorithm::AES_128_CBC:
case CipherAlgorithm::AES_256_CBC: {
VERIFY(!is_aead);
memcpy(m_context.crypto.local_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CipherAlgorithm::AES_256_CBC: {
VERIFY(!is_aead);
memcpy(m_context.crypto.local_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
}
Reported by FlawFinder.
Line: 91
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CipherAlgorithm::AES_128_GCM:
case CipherAlgorithm::AES_256_GCM: {
VERIFY(is_aead);
memcpy(m_context.crypto.local_aead_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_aead_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
Reported by FlawFinder.
Line: 92
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CipherAlgorithm::AES_256_GCM: {
VERIFY(is_aead);
memcpy(m_context.crypto.local_aead_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_aead_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
}
Reported by FlawFinder.
Userland/Libraries/LibTLS/Socket.cpp
6 issues
Line: 15
Column: 30
CWE codes:
120
20
namespace TLS {
Optional<ByteBuffer> TLSv12::read()
{
if (m_context.application_buffer.size()) {
auto buf = m_context.application_buffer.slice(0, m_context.application_buffer.size());
m_context.application_buffer.clear();
return buf;
Reported by FlawFinder.
Line: 25
Column: 20
CWE codes:
120
20
return {};
}
ByteBuffer TLSv12::read(size_t max_size)
{
if (m_context.application_buffer.size()) {
auto length = min(m_context.application_buffer.size(), max_size);
auto buf = m_context.application_buffer.slice(0, length);
m_context.application_buffer = m_context.application_buffer.slice(length, m_context.application_buffer.size() - length);
Reported by FlawFinder.
Line: 159
Column: 27
CWE codes:
120
20
if (!check_connection_state(true))
return;
consume(Core::Socket::read(4096));
// If anything new shows up, tell the client about the event.
notify_client_for_app_data();
}
Reported by FlawFinder.
Line: 182
Column: 42
CWE codes:
120
20
on_tls_ready_to_write(*this);
}
bool TLSv12::check_connection_state(bool read)
{
if (!Core::Socket::is_open() || !Core::Socket::is_connected() || Core::Socket::eof()) {
// an abrupt closure (the server is a jerk)
dbgln_if(TLS_DEBUG, "Socket not open, assuming abrupt closure");
m_context.connection_finished = true;
Reported by FlawFinder.
Line: 196
Column: 11
CWE codes:
120
20
on_tls_error((AlertDescription)m_context.critical_error);
return false;
}
if (((read && m_context.application_buffer.size() == 0) || !read) && m_context.connection_finished) {
if (m_context.application_buffer.size() == 0 && m_context.connection_status != ConnectionStatus::Disconnected) {
if (on_tls_finished)
on_tls_finished();
}
if (m_context.tls_buffer.size()) {
Reported by FlawFinder.
Line: 196
Column: 65
CWE codes:
120
20
on_tls_error((AlertDescription)m_context.critical_error);
return false;
}
if (((read && m_context.application_buffer.size() == 0) || !read) && m_context.connection_finished) {
if (m_context.application_buffer.size() == 0 && m_context.connection_status != ConnectionStatus::Disconnected) {
if (on_tls_finished)
on_tls_finished();
}
if (m_context.tls_buffer.size()) {
Reported by FlawFinder.
Userland/Libraries/LibRegex/RegexByteCode.cpp
6 issues
Line: 569
Column: 10
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
Optional<String> str;
Vector<u16> utf16;
auto compare_view = input_view.construct_as_same({ &ch1, 1 }, str, utf16);
bool equal;
if (input.regex_options & AllFlags::Insensitive)
equal = input_view.equals_ignoring_case(compare_view);
else
equal = input_view.equals(compare_view);
Reported by FlawFinder.
Line: 575
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
else
equal = input_view.equals(compare_view);
if (equal) {
if (inverse)
inverse_matched = true;
else
advance_string_position(state, input.view, ch1);
}
Reported by FlawFinder.
Line: 741
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
u32 code_point = input.view[state.string_position_in_code_units];
bool equal = Unicode::code_point_has_property(code_point, property);
if (equal) {
if (inverse)
inverse_matched = true;
else
advance_string_position(state, input.view, code_point);
}
Reported by FlawFinder.
Line: 757
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
u32 code_point = input.view[state.string_position_in_code_units];
bool equal = Unicode::code_point_has_general_category(code_point, general_category);
if (equal) {
if (inverse)
inverse_matched = true;
else
advance_string_position(state, input.view, code_point);
}
Reported by FlawFinder.
Line: 773
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
u32 code_point = input.view[state.string_position_in_code_units];
bool equal = Unicode::code_point_has_script(code_point, script);
if (equal) {
if (inverse)
inverse_matched = true;
else
advance_string_position(state, input.view, code_point);
}
Reported by FlawFinder.
Line: 789
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
u32 code_point = input.view[state.string_position_in_code_units];
bool equal = Unicode::code_point_has_script_extension(code_point, script);
if (equal) {
if (inverse)
inverse_matched = true;
else
advance_string_position(state, input.view, code_point);
}
Reported by FlawFinder.
Userland/Libraries/LibC/time.cpp
6 issues
Line: 183
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char* asctime(const struct tm* tm)
{
static char buffer[69];
return asctime_r(tm, buffer);
}
char* asctime_r(const struct tm* tm, char* buffer)
{
Reported by FlawFinder.
Line: 202
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
//FIXME: Some formats are not supported.
size_t strftime(char* destination, size_t max_size, const char* format, const struct tm* tm)
{
const char wday_short_names[7][4] = {
"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
};
const char wday_long_names[7][10] = {
"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"
};
Reported by FlawFinder.
Line: 205
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char wday_short_names[7][4] = {
"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
};
const char wday_long_names[7][10] = {
"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"
};
const char mon_short_names[12][4] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
Reported by FlawFinder.
Line: 208
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char wday_long_names[7][10] = {
"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"
};
const char mon_short_names[12][4] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
const char mon_long_names[12][10] = {
"January", "February", "March", "April", "May", "June",
Reported by FlawFinder.
Line: 212
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
const char mon_long_names[12][10] = {
"January", "February", "March", "April", "May", "June",
"July", "August", "September", "October", "November", "December"
};
StringBuilder builder { max_size };
Reported by FlawFinder.
Line: 219
Column: 28
CWE codes:
126
StringBuilder builder { max_size };
const int format_len = strlen(format);
for (int i = 0; i < format_len; ++i) {
if (format[i] != '%') {
builder.append(format[i]);
} else {
if (++i >= format_len)
Reported by FlawFinder.
Kernel/UserOrKernelBuffer.h
6 issues
Line: 69
Column: 24
CWE codes:
120
20
return write(bytes.data(), bytes.size());
}
[[nodiscard]] bool read(void* dest, size_t offset, size_t len) const;
[[nodiscard]] bool read(void* dest, size_t len) const
{
return read(dest, 0, len);
}
[[nodiscard]] bool read(Bytes bytes) const
Reported by FlawFinder.
Line: 70
Column: 24
CWE codes:
120
20
}
[[nodiscard]] bool read(void* dest, size_t offset, size_t len) const;
[[nodiscard]] bool read(void* dest, size_t len) const
{
return read(dest, 0, len);
}
[[nodiscard]] bool read(Bytes bytes) const
{
Reported by FlawFinder.
Line: 72
Column: 16
CWE codes:
120
20
[[nodiscard]] bool read(void* dest, size_t offset, size_t len) const;
[[nodiscard]] bool read(void* dest, size_t len) const
{
return read(dest, 0, len);
}
[[nodiscard]] bool read(Bytes bytes) const
{
return read(bytes.data(), bytes.size());
}
Reported by FlawFinder.
Line: 74
Column: 24
CWE codes:
120
20
{
return read(dest, 0, len);
}
[[nodiscard]] bool read(Bytes bytes) const
{
return read(bytes.data(), bytes.size());
}
[[nodiscard]] bool memset(int value, size_t offset, size_t len);
Reported by FlawFinder.
Line: 76
Column: 16
CWE codes:
120
20
}
[[nodiscard]] bool read(Bytes bytes) const
{
return read(bytes.data(), bytes.size());
}
[[nodiscard]] bool memset(int value, size_t offset, size_t len);
[[nodiscard]] bool memset(int value, size_t len)
{
Reported by FlawFinder.
Line: 136
Column: 18
CWE codes:
120
20
size_t nread = 0;
while (nread < len) {
auto to_copy = min(sizeof(buffer), len - nread);
if (!read(buffer, nread, to_copy))
return EFAULT;
KResultOr<size_t> copied_or_error = f(buffer, to_copy);
if (copied_or_error.is_error())
return copied_or_error.error();
auto copied = copied_or_error.value();
Reported by FlawFinder.
Userland/Libraries/LibWasm/Types.h
6 issues
Line: 82
Column: 12
CWE codes:
120
20
void unread(ReadonlyBytes data) { m_buffer.append(data.data(), data.size()); }
private:
size_t read(Bytes bytes) override
{
size_t bytes_read_from_buffer = 0;
if (!m_buffer.is_empty()) {
auto read_size = min(bytes.size(), m_buffer.size());
m_buffer.span().slice(0, read_size).copy_to(bytes);
Reported by FlawFinder.
Line: 94
Column: 25
CWE codes:
120
20
bytes_read_from_buffer = read_size;
}
return m_stream.read(bytes) + bytes_read_from_buffer;
}
bool unreliable_eof() const override
{
return m_buffer.is_empty() && m_stream.unreliable_eof();
}
Reported by FlawFinder.
Line: 102
Column: 13
CWE codes:
120
20
}
bool read_or_error(Bytes bytes) override
{
if (read(bytes))
return true;
set_recoverable_error();
return false;
}
bool discard_or_error(size_t count) override
Reported by FlawFinder.
Line: 133
Column: 12
CWE codes:
120
20
}
private:
size_t read(Bytes bytes) override
{
auto to_read = min(m_bytes_left, bytes.size());
auto nread = m_stream.read(bytes.slice(0, to_read));
m_bytes_left -= nread;
return nread;
Reported by FlawFinder.
Line: 136
Column: 31
CWE codes:
120
20
size_t read(Bytes bytes) override
{
auto to_read = min(m_bytes_left, bytes.size());
auto nread = m_stream.read(bytes.slice(0, to_read));
m_bytes_left -= nread;
return nread;
}
bool unreliable_eof() const override
{
Reported by FlawFinder.
Line: 146
Column: 13
CWE codes:
120
20
}
bool read_or_error(Bytes bytes) override
{
if (read(bytes))
return true;
set_recoverable_error();
return false;
}
bool discard_or_error(size_t count) override
Reported by FlawFinder.
Meta/check-newlines-at-eof.py
6 issues
Line: 1
Column: 1
#!/usr/bin/env python3
import os
import subprocess
import sys
def run():
"""Check files checked in to git for trailing newlines at end of file."""
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
import os
import subprocess
import sys
def run():
"""Check files checked in to git for trailing newlines at end of file."""
Reported by Pylint.
Line: 4
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
#!/usr/bin/env python3
import os
import subprocess
import sys
def run():
"""Check files checked in to git for trailing newlines at end of file."""
Reported by Bandit.
Line: 10
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
def run():
"""Check files checked in to git for trailing newlines at end of file."""
files = subprocess.run(
[
"git", "ls-files", "--",
"*.cpp",
"*.h",
"*.gml",
Reported by Bandit.
Line: 10
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
def run():
"""Check files checked in to git for trailing newlines at end of file."""
files = subprocess.run(
[
"git", "ls-files", "--",
"*.cpp",
"*.h",
"*.gml",
Reported by Bandit.
Line: 38
Column: 37
did_fail = False
for filename in files:
with open(filename, "r") as f:
f.seek(0, os.SEEK_END)
f.seek(f.tell() - 1, os.SEEK_SET)
if f.read(1) != '\n':
did_fail = True
Reported by Pylint.
Kernel/Syscalls/uname.cpp
6 issues
Line: 17
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
REQUIRE_PROMISE(stdio);
utsname buf {};
memcpy(buf.sysname, "SerenityOS", 11);
memcpy(buf.release, "1.0-dev", 8);
memcpy(buf.version, "FIXME", 6);
#if ARCH(I386)
memcpy(buf.machine, "i686", 5);
#else
Reported by FlawFinder.
Line: 18
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
utsname buf {};
memcpy(buf.sysname, "SerenityOS", 11);
memcpy(buf.release, "1.0-dev", 8);
memcpy(buf.version, "FIXME", 6);
#if ARCH(I386)
memcpy(buf.machine, "i686", 5);
#else
memcpy(buf.machine, "x86_64", 7);
Reported by FlawFinder.
Line: 19
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
utsname buf {};
memcpy(buf.sysname, "SerenityOS", 11);
memcpy(buf.release, "1.0-dev", 8);
memcpy(buf.version, "FIXME", 6);
#if ARCH(I386)
memcpy(buf.machine, "i686", 5);
#else
memcpy(buf.machine, "x86_64", 7);
#endif
Reported by FlawFinder.
Line: 21
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(buf.release, "1.0-dev", 8);
memcpy(buf.version, "FIXME", 6);
#if ARCH(I386)
memcpy(buf.machine, "i686", 5);
#else
memcpy(buf.machine, "x86_64", 7);
#endif
hostname().with_shared([&](const auto& name) {
Reported by FlawFinder.
Line: 23
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if ARCH(I386)
memcpy(buf.machine, "i686", 5);
#else
memcpy(buf.machine, "x86_64", 7);
#endif
hostname().with_shared([&](const auto& name) {
memcpy(buf.nodename, name.characters(), name.length() + 1);
});
Reported by FlawFinder.
Line: 27
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif
hostname().with_shared([&](const auto& name) {
memcpy(buf.nodename, name.characters(), name.length() + 1);
});
if (!copy_to_user(user_buf, &buf))
return EFAULT;
return 0;
Reported by FlawFinder.
Userland/Utilities/test.cpp
6 issues
Line: 18
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
bool g_there_was_an_error = false;
[[noreturn, gnu::format(printf, 1, 2)]] static void fatal_error(const char* format, ...)
{
fputs("\033[31m", stderr);
va_list ap;
va_start(ap, format);
Reported by FlawFinder.
Line: 24
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, format);
vfprintf(stderr, format, ap);
va_end(ap);
fputs("\033[0m\n", stderr);
exit(126);
}
Reported by FlawFinder.
Line: 168
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
switch (m_kind) {
case Read:
return access(m_path.characters(), R_OK) == 0;
case Write:
return access(m_path.characters(), W_OK) == 0;
case Execute:
return access(m_path.characters(), X_OK) == 0;
case Any:
Reported by FlawFinder.
Line: 170
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
case Read:
return access(m_path.characters(), R_OK) == 0;
case Write:
return access(m_path.characters(), W_OK) == 0;
case Execute:
return access(m_path.characters(), X_OK) == 0;
case Any:
return access(m_path.characters(), F_OK) == 0;
default:
Reported by FlawFinder.
Line: 172
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
case Write:
return access(m_path.characters(), W_OK) == 0;
case Execute:
return access(m_path.characters(), X_OK) == 0;
case Any:
return access(m_path.characters(), F_OK) == 0;
default:
VERIFY_NOT_REACHED();
}
Reported by FlawFinder.
Line: 174
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
case Execute:
return access(m_path.characters(), X_OK) == 0;
case Any:
return access(m_path.characters(), F_OK) == 0;
default:
VERIFY_NOT_REACHED();
}
}
Reported by FlawFinder.