The following issues were found
test/catch.hpp
30 issues
Line: 4644
Column: 1
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
template <typename T>
typename std::enable_if<std::is_integral<T>::value && !std::is_same<T, bool>::value,
GeneratorWrapper<T>>::type
random(T a, T b) {
return GeneratorWrapper<T>(
pf::make_unique<RandomIntegerGenerator<T>>(a, b)
);
}
Reported by FlawFinder.
Line: 4653
Column: 1
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
template <typename T>
typename std::enable_if<std::is_floating_point<T>::value,
GeneratorWrapper<T>>::type
random(T a, T b) {
return GeneratorWrapper<T>(
pf::make_unique<RandomFloatingGenerator<T>>(a, b)
);
}
Reported by FlawFinder.
Line: 13145
Column: 18
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void seedRng(IConfig const& config) {
if (config.rngSeed() != 0) {
std::srand(config.rngSeed());
rng().seed(config.rngSeed());
}
}
unsigned int rngSeed() {
Reported by FlawFinder.
Line: 2156
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
auto const timeStampSize = sizeof("2017-01-16T17:06:45Z");
char timeStamp[timeStampSize];
const char * const fmt = "%Y-%m-%dT%H:%M:%SZ";
#ifdef _MSC_VER
std::strftime(timeStamp, timeStampSize, fmt, &timeInfo);
#else
Reported by FlawFinder.
Line: 4455
Column: 29
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
private:
T *nullableValue;
alignas(alignof(T)) char storage[sizeof(T)];
};
} // end namespace Catch
// end catch_option.hpp
Reported by FlawFinder.
Line: 5957
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
template<char C>
char const* getLineOfChars() {
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
if( !*line ) {
std::memset( line, C, CATCH_CONFIG_CONSOLE_WIDTH-1 );
line[CATCH_CONFIG_CONSOLE_WIDTH-1] = 0;
}
return line;
Reported by FlawFinder.
Line: 7583
Column: 14
CWE codes:
362
bool isSectionTracker() const override;
bool isGeneratorTracker() const override;
void open();
void close() override;
void fail() override;
void markAsNeedingAnotherRun() override;
Reported by FlawFinder.
Line: 11480
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int32_t convert(float f) {
static_assert(sizeof(float) == sizeof(int32_t), "Important ULP matcher assumption violated");
int32_t i;
std::memcpy(&i, &f, sizeof(f));
return i;
}
int64_t convert(double d) {
static_assert(sizeof(double) == sizeof(int64_t), "Important ULP matcher assumption violated");
Reported by FlawFinder.
Line: 11487
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int64_t convert(double d) {
static_assert(sizeof(double) == sizeof(int64_t), "Important ULP matcher assumption violated");
int64_t i;
std::memcpy(&i, &d, sizeof(d));
return i;
}
template <typename FP>
bool almostEqualUlps(FP lhs, FP rhs, uint64_t maxUlpDiff) {
Reported by FlawFinder.
Line: 12011
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
private:
std::FILE* m_file = nullptr;
#if defined(_MSC_VER)
char m_buffer[L_tmpnam] = { 0 };
#endif
};
class OutputRedirect {
public:
Reported by FlawFinder.
src/components/latency/DNSBase.hpp
8 issues
Line: 38
template<typename E, typename H>
void async_DNS_lookup(E &&e, H &&h)
{
co_enter(*this)
{
if (getAddrHandle)
{
getAddrHandle->once<uvw::ErrorEvent>(coro(async_DNS_lookup));
getAddrHandle->once<uvw::AddrInfoEvent>(coro(async_DNS_lookup));
Reported by Cppcheck.
Line: 38
template<typename E, typename H>
void async_DNS_lookup(E &&e, H &&h)
{
co_enter(*this)
{
if (getAddrHandle)
{
getAddrHandle->once<uvw::ErrorEvent>(coro(async_DNS_lookup));
getAddrHandle->once<uvw::AddrInfoEvent>(coro(async_DNS_lookup));
Reported by Cppcheck.
Line: 38
template<typename E, typename H>
void async_DNS_lookup(E &&e, H &&h)
{
co_enter(*this)
{
if (getAddrHandle)
{
getAddrHandle->once<uvw::ErrorEvent>(coro(async_DNS_lookup));
getAddrHandle->once<uvw::AddrInfoEvent>(coro(async_DNS_lookup));
Reported by Cppcheck.
Line: 82
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rp->ai_family == AF_INET)
{
af = AF_INET;
memcpy(&storage, rp->ai_addr, sizeof(struct sockaddr_in));
}
else if (rp->ai_family == AF_INET6)
{
af = AF_INET6;
memcpy(&storage, rp->ai_addr, sizeof(struct sockaddr_in6));
Reported by FlawFinder.
Line: 87
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (rp->ai_family == AF_INET6)
{
af = AF_INET6;
memcpy(&storage, rp->ai_addr, sizeof(struct sockaddr_in6));
}
break;
}
if (rp == nullptr)
{
Reported by FlawFinder.
Line: 99
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rp->ai_family == AF_INET)
{
af = AF_INET;
memcpy(&storage, rp->ai_addr, sizeof(struct sockaddr_in));
}
else if (rp->ai_family == AF_INET6)
{
af = AF_INET6;
memcpy(&storage, rp->ai_addr, sizeof(struct sockaddr_in6));
Reported by FlawFinder.
Line: 104
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (rp->ai_family == AF_INET6)
{
af = AF_INET6;
memcpy(&storage, rp->ai_addr, sizeof(struct sockaddr_in6));
}
break;
}
}
if (rp)
Reported by FlawFinder.
Line: 122
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
LatencyTestResult data;
LatencyTestHost *testHost;
struct sockaddr_storage storage;
char digitBuffer[20] = { 0 };
std::shared_ptr<uvw::Loop> loop;
std::shared_ptr<uvw::GetAddrInfoReq> getAddrHandle;
};
template<typename T>
DNSBase<T>::~DNSBase()
Reported by FlawFinder.
src/utils/QvHelpers.cpp
6 issues
Line: 21
Column: 43
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
for (int i = 0; i < len; ++i)
{
uint rand = QRandomGenerator::system()->generate();
uint max = static_cast<uint>(possibleCharacters.length());
QChar nextChar = possibleCharacters[rand % max];
randomString.append(nextChar);
}
Reported by FlawFinder.
Line: 40
Column: 20
CWE codes:
362
{
bool wasOpened = source.isOpen();
if (!wasOpened)
source.open(QFile::ReadOnly);
auto byteArray = source.readAll();
if (!wasOpened)
source.close();
#if QT_VERSION >= QT_VERSION_CHECK(6, 0, 0)
for (const auto &encoding : { QStringDecoder::Utf8, QStringDecoder::Utf16, QStringDecoder::System })
Reported by FlawFinder.
Line: 76
Column: 11
CWE codes:
362
info.dir().mkpath(info.dir().path());
}
QSaveFile f{ targetpath };
f.open(QIODevice::WriteOnly);
f.write(text.toUtf8());
f.commit();
return override;
}
QString JsonToString(const QJsonObject &json, QJsonDocument::JsonFormat format)
Reported by FlawFinder.
Line: 177
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
QString FormatBytes(const int64_t b)
{
const static char *sizes[5] = { "B", "KB", "MB", "GB", "TB" };
auto _bytes = b;
char str[64];
int i;
double dblByte = _bytes;
Reported by FlawFinder.
Line: 179
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const static char *sizes[5] = { "B", "KB", "MB", "GB", "TB" };
auto _bytes = b;
char str[64];
int i;
double dblByte = _bytes;
for (i = 0; i < 5 && _bytes >= 1000; i++, _bytes /= 1000)
dblByte = _bytes / 1000.0;
Reported by FlawFinder.
Line: 186
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < 5 && _bytes >= 1000; i++, _bytes /= 1000)
dblByte = _bytes / 1000.0;
sprintf(str, "%.2f", dblByte);
return QString(str) + " " + QString(sizes[i]);
}
bool IsValidFileName(const QString &fileName)
{
Reported by FlawFinder.
src/components/latency/win/ICMPPing.cpp
4 issues
Line: 58
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
hIcmpFile = IcmpCreateFile();
}
unsigned char reply_buf[reply_buf_size]{};
unsigned char payload[payload_size]{ 42 };
HANDLE hIcmpFile;
std::function<void(bool, long, const QString &, HANDLE)> whenIcmpFailed;
~ICMPReply()
{
Reported by FlawFinder.
Line: 59
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
hIcmpFile = IcmpCreateFile();
}
unsigned char reply_buf[reply_buf_size]{};
unsigned char payload[payload_size]{ 42 };
HANDLE hIcmpFile;
std::function<void(bool, long, const QString &, HANDLE)> whenIcmpFailed;
~ICMPReply()
{
if (hIcmpFile != INVALID_HANDLE_VALUE)
Reported by FlawFinder.
Line: 109
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
auto e = GetLastError();
DWORD buf_size = 1000;
TCHAR buf[1000];
GetIpErrorString(e, buf, &buf_size);
message = "IcmpSendEcho returned error (" + QString::fromStdWString(buf) + ")";
}
replyPtr->whenIcmpFailed(isSuccess, res, message, replyPtr->hIcmpFile);
delete replyPtr;
Reported by FlawFinder.
Line: 143
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (af == -1)
{
getAddrHandle = loop->resource<uvw::GetAddrInfoReq>();
sprintf(digitBuffer, "%d", req.port);
}
async_DNS_lookup(0, 0);
}
} // namespace Qv2ray::components::latency::icmping
#endif
Reported by FlawFinder.
src/core/settings/SettingsBackend.cpp
3 issues
Line: 218
Column: 55
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
GlobalConfig.kernelConfig.KernelPath(QV2RAY_DEFAULT_VCORE_PATH);
GlobalConfig.kernelConfig.AssetsPath(QV2RAY_DEFAULT_VASSETS_PATH);
GlobalConfig.logLevel = 3;
GlobalConfig.uiConfig.language = QLocale::system().name();
GlobalConfig.defaultRouteConfig.dnsConfig.servers.append({ "1.1.1.1" });
GlobalConfig.defaultRouteConfig.dnsConfig.servers.append({ "8.8.8.8" });
GlobalConfig.defaultRouteConfig.dnsConfig.servers.append({ "8.8.4.4" });
// Save initial config.
Reported by FlawFinder.
Line: 42
Column: 27
CWE codes:
362
// A temp file used to test file permissions in that folder.
QFile testFile(path + ".qv2ray_test_file" + QSTRN(QTime::currentTime().msecsSinceStartOfDay()));
if (!testFile.open(QFile::OpenModeFlag::ReadWrite))
{
LOG("Directory at: " + path + " cannot be used as a valid config file path.");
LOG("---> Cannot create a new file or open a file for writing.");
return false;
}
Reported by FlawFinder.
Line: 75
Column: 25
CWE codes:
362
if (!configFile.exists())
return false;
if (!configFile.open(QIODevice::ReadWrite))
{
LOG("File: " + configFile.fileName() + " cannot be opened!");
return false;
}
Reported by FlawFinder.
src/ui/qml/Qv2rayQMLProperty.hpp
3 issues
Line: 39
Q_PROPERTY_DECL(ConnectionGroupPair, currentConnection, {});
Q_PROPERTY_DECL(QString, assetsPrefix, "qrc:/assets/icons/ui_dark");
Q_PROPERTY(PROPERTY_ARGS(ConnectionGroupPair, currentConnection))
Q_PROPERTY(PROPERTY_ARGS(QString, assetsPrefix))
public:
explicit Qv2rayQMLProperty(QObject *parent = nullptr);
public slots:
Reported by Cppcheck.
Line: 39
Q_PROPERTY_DECL(ConnectionGroupPair, currentConnection, {});
Q_PROPERTY_DECL(QString, assetsPrefix, "qrc:/assets/icons/ui_dark");
Q_PROPERTY(PROPERTY_ARGS(ConnectionGroupPair, currentConnection))
Q_PROPERTY(PROPERTY_ARGS(QString, assetsPrefix))
public:
explicit Qv2rayQMLProperty(QObject *parent = nullptr);
public slots:
Reported by Cppcheck.
Line: 39
Q_PROPERTY_DECL(ConnectionGroupPair, currentConnection, {});
Q_PROPERTY_DECL(QString, assetsPrefix, "qrc:/assets/icons/ui_dark");
Q_PROPERTY(PROPERTY_ARGS(ConnectionGroupPair, currentConnection))
Q_PROPERTY(PROPERTY_ARGS(QString, assetsPrefix))
public:
explicit Qv2rayQMLProperty(QObject *parent = nullptr);
public slots:
Reported by Cppcheck.
src/ui/Qv2rayPlatformApplication.cpp
2 issues
Line: 112
Column: 51
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
// Install a default translater. From the OS/DE
Qv2rayTranslator = std::make_unique<QvTranslator>();
Qv2rayTranslator->InstallTranslation(QLocale::system().name());
const auto allTranslations = Qv2rayTranslator->GetAvailableLanguages();
const auto osLanguage = QLocale::system().name();
//
LocateConfiguration();
if (!allTranslations.contains(GlobalConfig.uiConfig.language))
Reported by FlawFinder.
Line: 114
Column: 38
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
Qv2rayTranslator = std::make_unique<QvTranslator>();
Qv2rayTranslator->InstallTranslation(QLocale::system().name());
const auto allTranslations = Qv2rayTranslator->GetAvailableLanguages();
const auto osLanguage = QLocale::system().name();
//
LocateConfiguration();
if (!allTranslations.contains(GlobalConfig.uiConfig.language))
{
// If we need to reset the language.
Reported by FlawFinder.
src/ui/common/autolaunch/QvAutoLaunch.cpp
2 issues
Line: 32
}
bool GetLaunchAtLoginStatus()
{
#ifdef Q_OS_WIN
QString appName = QCoreApplication::applicationName();
QSettings reg("HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", QSettings::NativeFormat);
return reg.contains(appName);
}
Reported by Cppcheck.
Line: 182
Column: 26
CWE codes:
362
QFile iniFile(desktopFileLocation);
if (!iniFile.open(QIODevice::WriteOnly))
{
// qCWarning(lcUtility) << "Could not write auto start entry" <<
// desktopFileLocation;
return;
}
Reported by FlawFinder.
src/components/latency/unix/ICMPPing.cpp
2 issues
Line: 79
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (isAddr() == -1)
{
getAddrHandle = loop->resource<uvw::GetAddrInfoReq>();
sprintf(digitBuffer, "%d", req.port);
}
async_DNS_lookup(0, 0);
}
bool ICMPPing::notifyTestHost()
Reported by FlawFinder.
Line: 138
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
sockaddr_in addr;
socklen_t slen = sizeof(sockaddr_in);
int rlen = 0;
char buf[1024];
do
{
do
{
rlen = recvfrom(socketId, buf, 1024, 0, (struct sockaddr *) &addr, &slen);
Reported by FlawFinder.
src/core/kernel/V2RayKernelInteractions.cpp
2 issues
Line: 160
{
const auto kernelPath = GlobalConfig.kernelConfig.KernelPath();
const auto assetsPath = GlobalConfig.kernelConfig.AssetsPath();
if (const auto &[result, msg] = ValidateKernel(kernelPath, assetsPath); result)
{
DEBUG("V2Ray version: " + *msg);
// Append assets location env.
auto env = QProcessEnvironment::systemEnvironment();
env.insert("v2ray.location.asset", assetsPath);
Reported by Cppcheck.
Line: 63
Column: 23
CWE codes:
362
// Use open() here to prevent `executing` a folder, which may have the
// same name as the V2Ray core.
if (!coreFile.open(QFile::ReadOnly))
return { false, tr("V2Ray core file cannot be opened, please ensure there's a file instead of a folder.") };
coreFile.close();
#if QV2RAY_FEATURE(kernel_check_abi)
Reported by FlawFinder.