The following issues were found
java/core/src/test/java/com/google/protobuf/LiteEqualsAndHashTest.java
24 issues
Line: 48
*/
public class LiteEqualsAndHashTest extends TestCase {
public void testEquals() throws Exception {
// Since the generated equals and hashCode methods for lite messages are a
// mostly complete subset of those for regular messages, we can mostly assume
// that the generated methods are already thoroughly tested by the regular tests.
// This test mostly just verifies is that a proto with
Reported by PMD.
Line: 48
*/
public class LiteEqualsAndHashTest extends TestCase {
public void testEquals() throws Exception {
// Since the generated equals and hashCode methods for lite messages are a
// mostly complete subset of those for regular messages, we can mostly assume
// that the generated methods are already thoroughly tested by the regular tests.
// This test mostly just verifies is that a proto with
Reported by PMD.
Line: 75
.build();
// Check that equals is doing value rather than object equality.
assertEquals(foo1a, foo1b);
assertEquals(foo1a.hashCode(), foo1b.hashCode());
// Check that a different object is not equal.
assertFalse(foo1a.equals(foo2));
Reported by PMD.
Line: 76
// Check that equals is doing value rather than object equality.
assertEquals(foo1a, foo1b);
assertEquals(foo1a.hashCode(), foo1b.hashCode());
// Check that a different object is not equal.
assertFalse(foo1a.equals(foo2));
// Check that two objects which have different types but the same field values are not
Reported by PMD.
Line: 76
// Check that equals is doing value rather than object equality.
assertEquals(foo1a, foo1b);
assertEquals(foo1a.hashCode(), foo1b.hashCode());
// Check that a different object is not equal.
assertFalse(foo1a.equals(foo2));
// Check that two objects which have different types but the same field values are not
Reported by PMD.
Line: 76
// Check that equals is doing value rather than object equality.
assertEquals(foo1a, foo1b);
assertEquals(foo1a.hashCode(), foo1b.hashCode());
// Check that a different object is not equal.
assertFalse(foo1a.equals(foo2));
// Check that two objects which have different types but the same field values are not
Reported by PMD.
Line: 79
assertEquals(foo1a.hashCode(), foo1b.hashCode());
// Check that a different object is not equal.
assertFalse(foo1a.equals(foo2));
// Check that two objects which have different types but the same field values are not
// considered to be equal.
Bar bar = Bar.newBuilder().setName("bar").build();
BarPrime barPrime = BarPrime.newBuilder().setName("bar").build();
Reported by PMD.
Line: 79
assertEquals(foo1a.hashCode(), foo1b.hashCode());
// Check that a different object is not equal.
assertFalse(foo1a.equals(foo2));
// Check that two objects which have different types but the same field values are not
// considered to be equal.
Bar bar = Bar.newBuilder().setName("bar").build();
BarPrime barPrime = BarPrime.newBuilder().setName("bar").build();
Reported by PMD.
Line: 85
// considered to be equal.
Bar bar = Bar.newBuilder().setName("bar").build();
BarPrime barPrime = BarPrime.newBuilder().setName("bar").build();
assertFalse(bar.equals(barPrime));
}
public void testOneofEquals() throws Exception {
TestOneofEquals.Builder builder = TestOneofEquals.newBuilder();
TestOneofEquals message1 = builder.build();
Reported by PMD.
Line: 85
// considered to be equal.
Bar bar = Bar.newBuilder().setName("bar").build();
BarPrime barPrime = BarPrime.newBuilder().setName("bar").build();
assertFalse(bar.equals(barPrime));
}
public void testOneofEquals() throws Exception {
TestOneofEquals.Builder builder = TestOneofEquals.newBuilder();
TestOneofEquals message1 = builder.build();
Reported by PMD.
java/lite/src/test/java/com/google/protobuf/Proto2MessageLiteInfoFactory.java
24 issues
Line: 1317
try {
return clazz.getDeclaredField(name);
} catch (NoSuchFieldException | SecurityException e) {
throw new RuntimeException(e);
}
}
private static FieldInfo mapFieldInfo(Class<?> clazz, String fieldName, int fieldNumber) {
try {
Reported by PMD.
Line: 1329
SchemaUtil.getMapDefaultEntry(clazz, fieldName),
fieldName.contains("_enum_") ? TestEnum.internalGetVerifier() : null);
} catch (Throwable t) {
throw new RuntimeException(t);
}
}
}
Reported by PMD.
Line: 31
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.google.protobuf;
import static com.google.protobuf.FieldInfo.forField;
import static com.google.protobuf.FieldInfo.forFieldWithEnumVerifier;
import static com.google.protobuf.FieldInfo.forMapField;
import static com.google.protobuf.FieldInfo.forOneofMemberField;
Reported by PMD.
Line: 55
import java.lang.reflect.Field;
/** A factory that generates a hard-coded info for {@link Proto2MessageLite}. */
public final class Proto2MessageLiteInfoFactory implements MessageInfoFactory {
private static final Proto2MessageLiteInfoFactory instanceForRawMessageInfo =
new Proto2MessageLiteInfoFactory(true);
private static final Proto2MessageLiteInfoFactory instanceForStructuralMessageInfo =
new Proto2MessageLiteInfoFactory(false);
Reported by PMD.
Line: 55
import java.lang.reflect.Field;
/** A factory that generates a hard-coded info for {@link Proto2MessageLite}. */
public final class Proto2MessageLiteInfoFactory implements MessageInfoFactory {
private static final Proto2MessageLiteInfoFactory instanceForRawMessageInfo =
new Proto2MessageLiteInfoFactory(true);
private static final Proto2MessageLiteInfoFactory instanceForStructuralMessageInfo =
new Proto2MessageLiteInfoFactory(false);
Reported by PMD.
Line: 55
import java.lang.reflect.Field;
/** A factory that generates a hard-coded info for {@link Proto2MessageLite}. */
public final class Proto2MessageLiteInfoFactory implements MessageInfoFactory {
private static final Proto2MessageLiteInfoFactory instanceForRawMessageInfo =
new Proto2MessageLiteInfoFactory(true);
private static final Proto2MessageLiteInfoFactory instanceForStructuralMessageInfo =
new Proto2MessageLiteInfoFactory(false);
Reported by PMD.
Line: 55
import java.lang.reflect.Field;
/** A factory that generates a hard-coded info for {@link Proto2MessageLite}. */
public final class Proto2MessageLiteInfoFactory implements MessageInfoFactory {
private static final Proto2MessageLiteInfoFactory instanceForRawMessageInfo =
new Proto2MessageLiteInfoFactory(true);
private static final Proto2MessageLiteInfoFactory instanceForStructuralMessageInfo =
new Proto2MessageLiteInfoFactory(false);
Reported by PMD.
Line: 69
return instanceForStructuralMessageInfo;
}
private final boolean produceRawMessageInfo;
private Proto2MessageLiteInfoFactory(boolean produceRawMessageInfo) {
this.produceRawMessageInfo = produceRawMessageInfo;
}
Reported by PMD.
Line: 93
}
}
private MessageInfo newRawMessageInfoForProto2MessageLite() {
java.lang.Object[] objects =
new java.lang.Object[] {
"testOneof_",
"testOneofCase_",
"bitField0_",
Reported by PMD.
Line: 98
new java.lang.Object[] {
"testOneof_",
"testOneofCase_",
"bitField0_",
"bitField1_",
"fieldDouble1_",
"fieldFloat2_",
"fieldInt643_",
"fieldUint644_",
Reported by PMD.
java/core/src/test/java/com/google/protobuf/ArrayDecodersTest.java
23 issues
Line: 250
return byteStringOutput.toByteString();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
Reported by PMD.
Line: 43
import org.junit.runners.JUnit4;
@RunWith(JUnit4.class)
public class ArrayDecodersTest {
private static final int TAG = WireFormat.makeTag(1, WireFormat.WIRETYPE_LENGTH_DELIMITED);
private static final ByteString NEGATIVE_SIZE_0 = generateNegativeLength(0);
private static final ByteString NEGATIVE_SIZE_1 = generateNegativeLength(1);
Reported by PMD.
Line: 49
private static final ByteString NEGATIVE_SIZE_0 = generateNegativeLength(0);
private static final ByteString NEGATIVE_SIZE_1 = generateNegativeLength(1);
private Registers registers;
@Before
public void setUp() {
registers = new Registers();
registers.int1 = TAG;
Reported by PMD.
Line: 61
public void testException_decodeString() {
try {
ArrayDecoders.decodeString(NEGATIVE_SIZE_0.toByteArray(), 0, registers);
assertWithMessage("should throw exception").fail();
} catch (InvalidProtocolBufferException expected) {
}
}
@Test
Reported by PMD.
Line: 70
public void testException_decodeStringRequireUtf8() {
try {
ArrayDecoders.decodeStringRequireUtf8(NEGATIVE_SIZE_0.toByteArray(), 0, registers);
assertWithMessage("should throw an exception").fail();
} catch (InvalidProtocolBufferException expected) {
}
}
@Test
Reported by PMD.
Line: 70
public void testException_decodeStringRequireUtf8() {
try {
ArrayDecoders.decodeStringRequireUtf8(NEGATIVE_SIZE_0.toByteArray(), 0, registers);
assertWithMessage("should throw an exception").fail();
} catch (InvalidProtocolBufferException expected) {
}
}
@Test
Reported by PMD.
Line: 79
public void testException_decodeBytes() {
try {
ArrayDecoders.decodeBytes(NEGATIVE_SIZE_0.toByteArray(), 0, registers);
assertWithMessage("should throw an exception").fail();
} catch (InvalidProtocolBufferException expected) {
}
}
@Test
Reported by PMD.
Line: 94
NEGATIVE_SIZE_0.size(),
new ProtobufArrayList<Object>(),
registers);
assertWithMessage("should throw an exception").fail();
} catch (InvalidProtocolBufferException expected) {
}
}
@Test
Reported by PMD.
Line: 109
NEGATIVE_SIZE_1.size(),
new ProtobufArrayList<Object>(),
registers);
assertWithMessage("should throw an exception").fail();
} catch (InvalidProtocolBufferException expected) {
}
}
@Test
Reported by PMD.
Line: 124
NEGATIVE_SIZE_0.size(),
new ProtobufArrayList<Object>(),
registers);
assertWithMessage("should throw an exception").fail();
} catch (InvalidProtocolBufferException expected) {
}
}
@Test
Reported by PMD.
src/google/protobuf/compiler/csharp/csharp_field_base.cc
23 issues
Line: 66
Column: 27
CWE codes:
120
uint tag = internal::WireFormat::MakeTag(descriptor_);
uint8 tag_array[5];
io::CodedOutputStream::WriteTagToArray(tag, tag_array);
std::string tag_bytes = StrCat(tag_array[0]);
for (int i = 1; i < part_tag_size; i++) {
tag_bytes += ", " + StrCat(tag_array[i]);
}
(*variables)["tag"] = StrCat(tag);
Reported by FlawFinder.
Line: 68
Column: 25
CWE codes:
120
io::CodedOutputStream::WriteTagToArray(tag, tag_array);
std::string tag_bytes = StrCat(tag_array[0]);
for (int i = 1; i < part_tag_size; i++) {
tag_bytes += ", " + StrCat(tag_array[i]);
}
(*variables)["tag"] = StrCat(tag);
(*variables)["tag_size"] = StrCat(tag_size);
(*variables)["tag_bytes"] = tag_bytes;
Reported by FlawFinder.
Line: 71
Column: 25
CWE codes:
120
tag_bytes += ", " + StrCat(tag_array[i]);
}
(*variables)["tag"] = StrCat(tag);
(*variables)["tag_size"] = StrCat(tag_size);
(*variables)["tag_bytes"] = tag_bytes;
if (descriptor_->type() == FieldDescriptor::Type::TYPE_GROUP) {
tag = internal::WireFormatLite::MakeTag(
Reported by FlawFinder.
Line: 72
Column: 30
CWE codes:
120
}
(*variables)["tag"] = StrCat(tag);
(*variables)["tag_size"] = StrCat(tag_size);
(*variables)["tag_bytes"] = tag_bytes;
if (descriptor_->type() == FieldDescriptor::Type::TYPE_GROUP) {
tag = internal::WireFormatLite::MakeTag(
descriptor_->number(),
Reported by FlawFinder.
Line: 80
Column: 17
CWE codes:
120
descriptor_->number(),
internal::WireFormatLite::WIRETYPE_END_GROUP);
io::CodedOutputStream::WriteTagToArray(tag, tag_array);
tag_bytes = StrCat(tag_array[0]);
for (int i = 1; i < part_tag_size; i++) {
tag_bytes += ", " + StrCat(tag_array[i]);
}
variables_["end_tag"] = StrCat(tag);
Reported by FlawFinder.
Line: 82
Column: 29
CWE codes:
120
io::CodedOutputStream::WriteTagToArray(tag, tag_array);
tag_bytes = StrCat(tag_array[0]);
for (int i = 1; i < part_tag_size; i++) {
tag_bytes += ", " + StrCat(tag_array[i]);
}
variables_["end_tag"] = StrCat(tag);
variables_["end_tag_bytes"] = tag_bytes;
}
Reported by FlawFinder.
Line: 85
Column: 29
CWE codes:
120
tag_bytes += ", " + StrCat(tag_array[i]);
}
variables_["end_tag"] = StrCat(tag);
variables_["end_tag_bytes"] = tag_bytes;
}
(*variables)["access_level"] = "public";
Reported by FlawFinder.
Line: 111
Column: 35
CWE codes:
120
(*variables)["has_not_property_check"] = "!" + (*variables)["has_property_check"];
(*variables)["other_has_not_property_check"] = "!" + (*variables)["other_has_property_check"];
if (presenceIndex_ != -1) {
std::string hasBitsNumber = StrCat(presenceIndex_ / 32);
std::string hasBitsMask = StrCat(1 << (presenceIndex_ % 32));
(*variables)["has_field_check"] = "(_hasBits" + hasBitsNumber + " & " + hasBitsMask + ") != 0";
(*variables)["set_has_field"] = "_hasBits" + hasBitsNumber + " |= " + hasBitsMask;
(*variables)["clear_has_field"] = "_hasBits" + hasBitsNumber + " &= ~" + hasBitsMask;
}
Reported by FlawFinder.
Line: 112
Column: 33
CWE codes:
120
(*variables)["other_has_not_property_check"] = "!" + (*variables)["other_has_property_check"];
if (presenceIndex_ != -1) {
std::string hasBitsNumber = StrCat(presenceIndex_ / 32);
std::string hasBitsMask = StrCat(1 << (presenceIndex_ % 32));
(*variables)["has_field_check"] = "(_hasBits" + hasBitsNumber + " & " + hasBitsMask + ") != 0";
(*variables)["set_has_field"] = "_hasBits" + hasBitsNumber + " |= " + hasBitsMask;
(*variables)["clear_has_field"] = "_hasBits" + hasBitsNumber + " &= ~" + hasBitsMask;
}
} else {
Reported by FlawFinder.
Line: 323
Column: 80
CWE codes:
120
else
return "global::System.Text.Encoding.UTF8.GetString(global::System."
"Convert.FromBase64String(\"" +
StringToBase64(descriptor->default_value_string()) + "\"), 0, " + StrCat(descriptor->default_value_string().length()) + ")";
}
std::string FieldGeneratorBase::GetBytesDefaultValueInternal(const FieldDescriptor* descriptor) {
if (descriptor->default_value_string().empty())
return "pb::ByteString.Empty";
Reported by FlawFinder.
java/core/src/test/java/com/google/protobuf/TextFormatParseLocationTest.java
23 issues
Line: 47
@Test
public void testCreateEmpty() {
TextFormatParseLocation location = TextFormatParseLocation.create(-1, -1);
assertThat(location).isEqualTo(TextFormatParseLocation.EMPTY);
}
@Test
public void testCreate() {
TextFormatParseLocation location = TextFormatParseLocation.create(2, 1);
Reported by PMD.
Line: 51
}
@Test
public void testCreate() {
TextFormatParseLocation location = TextFormatParseLocation.create(2, 1);
assertThat(location.getLine()).isEqualTo(2);
assertThat(location.getColumn()).isEqualTo(1);
}
Reported by PMD.
Line: 53
@Test
public void testCreate() {
TextFormatParseLocation location = TextFormatParseLocation.create(2, 1);
assertThat(location.getLine()).isEqualTo(2);
assertThat(location.getColumn()).isEqualTo(1);
}
@Test
public void testCreateThrowsIllegalArgumentExceptionForInvalidIndex() {
Reported by PMD.
Line: 53
@Test
public void testCreate() {
TextFormatParseLocation location = TextFormatParseLocation.create(2, 1);
assertThat(location.getLine()).isEqualTo(2);
assertThat(location.getColumn()).isEqualTo(1);
}
@Test
public void testCreateThrowsIllegalArgumentExceptionForInvalidIndex() {
Reported by PMD.
Line: 54
public void testCreate() {
TextFormatParseLocation location = TextFormatParseLocation.create(2, 1);
assertThat(location.getLine()).isEqualTo(2);
assertThat(location.getColumn()).isEqualTo(1);
}
@Test
public void testCreateThrowsIllegalArgumentExceptionForInvalidIndex() {
try {
Reported by PMD.
Line: 54
public void testCreate() {
TextFormatParseLocation location = TextFormatParseLocation.create(2, 1);
assertThat(location.getLine()).isEqualTo(2);
assertThat(location.getColumn()).isEqualTo(1);
}
@Test
public void testCreateThrowsIllegalArgumentExceptionForInvalidIndex() {
try {
Reported by PMD.
Line: 58
}
@Test
public void testCreateThrowsIllegalArgumentExceptionForInvalidIndex() {
try {
TextFormatParseLocation.create(-1, 0);
assertWithMessage("Should throw IllegalArgumentException if line is less than 0").fail();
} catch (IllegalArgumentException unused) {
// pass
Reported by PMD.
Line: 61
public void testCreateThrowsIllegalArgumentExceptionForInvalidIndex() {
try {
TextFormatParseLocation.create(-1, 0);
assertWithMessage("Should throw IllegalArgumentException if line is less than 0").fail();
} catch (IllegalArgumentException unused) {
// pass
}
try {
TextFormatParseLocation.create(0, -1);
Reported by PMD.
Line: 62
try {
TextFormatParseLocation.create(-1, 0);
assertWithMessage("Should throw IllegalArgumentException if line is less than 0").fail();
} catch (IllegalArgumentException unused) {
// pass
}
try {
TextFormatParseLocation.create(0, -1);
assertWithMessage("Should throw, column < 0").fail();
Reported by PMD.
Line: 67
}
try {
TextFormatParseLocation.create(0, -1);
assertWithMessage("Should throw, column < 0").fail();
} catch (IllegalArgumentException unused) {
// pass
}
}
Reported by PMD.
ruby/src/main/java/com/google/protobuf/jruby/RubyDescriptorPool.java
23 issues
Line: 78
@JRubyMethod
public IRubyObject build(ThreadContext context, Block block) {
RubyBuilder ctx = (RubyBuilder) cBuilder.newInstance(context, this, Block.NULL_BLOCK);
ctx.instance_eval(context, block);
ctx.build(context); // Needs to be called to support the deprecated syntax
return context.nil;
}
/*
Reported by PMD.
Line: 79
public IRubyObject build(ThreadContext context, Block block) {
RubyBuilder ctx = (RubyBuilder) cBuilder.newInstance(context, this, Block.NULL_BLOCK);
ctx.instance_eval(context, block);
ctx.build(context); // Needs to be called to support the deprecated syntax
return context.nil;
}
/*
* call-seq:
Reported by PMD.
Line: 117
try {
fd = FileDescriptor.buildFrom(builder.build(), existingFileDescriptors());
} catch (DescriptorValidationException e) {
throw context.runtime.newRuntimeError(e.getMessage());
}
String packageName = fd.getPackage();
if (!packageName.isEmpty()) {
packageName = packageName + ".";
Reported by PMD.
Line: 117
try {
fd = FileDescriptor.buildFrom(builder.build(), existingFileDescriptors());
} catch (DescriptorValidationException e) {
throw context.runtime.newRuntimeError(e.getMessage());
}
String packageName = fd.getPackage();
if (!packageName.isEmpty()) {
packageName = packageName + ".";
Reported by PMD.
Line: 120
throw context.runtime.newRuntimeError(e.getMessage());
}
String packageName = fd.getPackage();
if (!packageName.isEmpty()) {
packageName = packageName + ".";
}
// Need to make sure enums are registered first in case anything references them
Reported by PMD.
Line: 121
}
String packageName = fd.getPackage();
if (!packageName.isEmpty()) {
packageName = packageName + ".";
}
// Need to make sure enums are registered first in case anything references them
for (EnumDescriptor ed : fd.getEnumTypes()) registerEnumDescriptor(context, ed, packageName);
Reported by PMD.
Line: 136
private void registerDescriptor(ThreadContext context, Descriptor descriptor, String parentPath) {
String fullName = parentPath + descriptor.getName();
String fullPath = fullName + ".";
RubyString name = context.runtime.newString(fullName);
RubyDescriptor des = (RubyDescriptor) cDescriptor.newInstance(context, Block.NULL_BLOCK);
des.setName(name);
des.setDescriptor(context, descriptor, this);
symtab.put(name, des);
Reported by PMD.
Line: 139
RubyString name = context.runtime.newString(fullName);
RubyDescriptor des = (RubyDescriptor) cDescriptor.newInstance(context, Block.NULL_BLOCK);
des.setName(name);
des.setDescriptor(context, descriptor, this);
symtab.put(name, des);
// Need to make sure enums are registered first in case anything references them
for (EnumDescriptor ed : descriptor.getEnumTypes()) registerEnumDescriptor(context, ed, fullPath);
Reported by PMD.
Line: 140
RubyDescriptor des = (RubyDescriptor) cDescriptor.newInstance(context, Block.NULL_BLOCK);
des.setName(name);
des.setDescriptor(context, descriptor, this);
symtab.put(name, des);
// Need to make sure enums are registered first in case anything references them
for (EnumDescriptor ed : descriptor.getEnumTypes()) registerEnumDescriptor(context, ed, fullPath);
for (Descriptor message : descriptor.getNestedTypes()) registerDescriptor(context, message, fullPath);
Reported by PMD.
Line: 149
}
private void registerEnumDescriptor(ThreadContext context, EnumDescriptor descriptor, String parentPath) {
RubyString name = context.runtime.newString(parentPath + descriptor.getName());
RubyEnumDescriptor des = (RubyEnumDescriptor) cEnumDescriptor.newInstance(context, Block.NULL_BLOCK);
des.setName(name);
des.setDescriptor(context, descriptor);
symtab.put(name, des);
}
Reported by PMD.
src/google/protobuf/io/io_win32_unittest.cc
23 issues
Line: 285
return result;
}
TEST_F(IoWin32Test, AccessTest) {
ASSERT_INITIALIZED;
string path = test_tmpdir;
while (path.size() < MAX_PATH - 30) {
path += "\\accesstest";
Reported by Cppcheck.
Line: 301
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPECT_TRUE(false);
}
EXPECT_EQ(access(test_tmpdir.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), W_OK), 0);
EXPECT_EQ(access(file.c_str(), F_OK | W_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), F_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), W_OK), 0);
Reported by FlawFinder.
Line: 302
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
EXPECT_EQ(access(test_tmpdir.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), W_OK), 0);
EXPECT_EQ(access(file.c_str(), F_OK | W_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), F_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), W_OK), 0);
Reported by FlawFinder.
Line: 303
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPECT_EQ(access(test_tmpdir.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), W_OK), 0);
EXPECT_EQ(access(file.c_str(), F_OK | W_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), F_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), W_OK), 0);
EXPECT_EQ(access(".", F_OK), 0);
Reported by FlawFinder.
Line: 304
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPECT_EQ(access(test_tmpdir.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), W_OK), 0);
EXPECT_EQ(access(file.c_str(), F_OK | W_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), F_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), W_OK), 0);
EXPECT_EQ(access(".", F_OK), 0);
EXPECT_EQ(access(".", W_OK), 0);
Reported by FlawFinder.
Line: 305
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPECT_EQ(access(path.c_str(), F_OK), 0);
EXPECT_EQ(access(path.c_str(), W_OK), 0);
EXPECT_EQ(access(file.c_str(), F_OK | W_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), F_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), W_OK), 0);
EXPECT_EQ(access(".", F_OK), 0);
EXPECT_EQ(access(".", W_OK), 0);
EXPECT_EQ(access((test_tmpdir + "/accesstest").c_str(), F_OK | W_OK), 0);
Reported by FlawFinder.
Line: 306
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPECT_EQ(access(path.c_str(), W_OK), 0);
EXPECT_EQ(access(file.c_str(), F_OK | W_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), F_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), W_OK), 0);
EXPECT_EQ(access(".", F_OK), 0);
EXPECT_EQ(access(".", W_OK), 0);
EXPECT_EQ(access((test_tmpdir + "/accesstest").c_str(), F_OK | W_OK), 0);
ASSERT_EQ(access((test_tmpdir + "/./normalize_me/.././accesstest").c_str(),
Reported by FlawFinder.
Line: 308
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPECT_NE(access((file + ".blah").c_str(), F_OK), 0);
EXPECT_NE(access((file + ".blah").c_str(), W_OK), 0);
EXPECT_EQ(access(".", F_OK), 0);
EXPECT_EQ(access(".", W_OK), 0);
EXPECT_EQ(access((test_tmpdir + "/accesstest").c_str(), F_OK | W_OK), 0);
ASSERT_EQ(access((test_tmpdir + "/./normalize_me/.././accesstest").c_str(),
F_OK | W_OK),
0);
Reported by FlawFinder.
Line: 309
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPECT_NE(access((file + ".blah").c_str(), W_OK), 0);
EXPECT_EQ(access(".", F_OK), 0);
EXPECT_EQ(access(".", W_OK), 0);
EXPECT_EQ(access((test_tmpdir + "/accesstest").c_str(), F_OK | W_OK), 0);
ASSERT_EQ(access((test_tmpdir + "/./normalize_me/.././accesstest").c_str(),
F_OK | W_OK),
0);
EXPECT_NE(access("io_win32_unittest.AccessTest.nonexistent", F_OK), 0);
Reported by FlawFinder.
Line: 310
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
EXPECT_EQ(access(".", F_OK), 0);
EXPECT_EQ(access(".", W_OK), 0);
EXPECT_EQ(access((test_tmpdir + "/accesstest").c_str(), F_OK | W_OK), 0);
ASSERT_EQ(access((test_tmpdir + "/./normalize_me/.././accesstest").c_str(),
F_OK | W_OK),
0);
EXPECT_NE(access("io_win32_unittest.AccessTest.nonexistent", F_OK), 0);
EXPECT_NE(access("io_win32_unittest.AccessTest.nonexistent", W_OK), 0);
Reported by FlawFinder.
java/core/src/test/java/com/google/protobuf/ParseExceptionsTest.java
22 issues
Line: 56
* @author jh@squareup.com (Joshua Humphries)
*/
@RunWith(JUnit4.class)
public class ParseExceptionsTest {
private interface ParseTester {
DescriptorProto parse(InputStream in) throws IOException;
}
Reported by PMD.
Line: 62
DescriptorProto parse(InputStream in) throws IOException;
}
private byte[] serializedProto;
private void setup() {
serializedProto = DescriptorProto.getDescriptor().toProto().toByteArray();
}
Reported by PMD.
Line: 65
private byte[] serializedProto;
private void setup() {
serializedProto = DescriptorProto.getDescriptor().toProto().toByteArray();
}
private void setupDelimited() {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try {
Reported by PMD.
Line: 65
private byte[] serializedProto;
private void setup() {
serializedProto = DescriptorProto.getDescriptor().toProto().toByteArray();
}
private void setupDelimited() {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try {
Reported by PMD.
Line: 71
private void setupDelimited() {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try {
DescriptorProto.getDescriptor().toProto().writeDelimitedTo(bos);
} catch (IOException e) {
fail("Exception not expected: " + e);
}
serializedProto = bos.toByteArray();
}
Reported by PMD.
Line: 71
private void setupDelimited() {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try {
DescriptorProto.getDescriptor().toProto().writeDelimitedTo(bos);
} catch (IOException e) {
fail("Exception not expected: " + e);
}
serializedProto = bos.toByteArray();
}
Reported by PMD.
Line: 218
}
@Test
public void messageBuilder_mergeDelimitedFrom_InputStream_malformed() throws Exception {
byte[] body = new byte[80];
CodedOutputStream cos = CodedOutputStream.newInstance(body);
cos.writeRawVarint32(90); // Greater than bytes in stream
cos.writeTag(DescriptorProto.ENUM_TYPE_FIELD_NUMBER, WireFormat.WIRETYPE_LENGTH_DELIMITED);
cos.writeRawVarint32(98); // Nested message with size larger than parent
Reported by PMD.
Line: 221
public void messageBuilder_mergeDelimitedFrom_InputStream_malformed() throws Exception {
byte[] body = new byte[80];
CodedOutputStream cos = CodedOutputStream.newInstance(body);
cos.writeRawVarint32(90); // Greater than bytes in stream
cos.writeTag(DescriptorProto.ENUM_TYPE_FIELD_NUMBER, WireFormat.WIRETYPE_LENGTH_DELIMITED);
cos.writeRawVarint32(98); // Nested message with size larger than parent
cos.writeTag(1000, WireFormat.WIRETYPE_LENGTH_DELIMITED);
cos.writeRawVarint32(100); // Unknown field with size larger than parent
ByteArrayInputStream bais = new ByteArrayInputStream(body);
Reported by PMD.
Line: 222
byte[] body = new byte[80];
CodedOutputStream cos = CodedOutputStream.newInstance(body);
cos.writeRawVarint32(90); // Greater than bytes in stream
cos.writeTag(DescriptorProto.ENUM_TYPE_FIELD_NUMBER, WireFormat.WIRETYPE_LENGTH_DELIMITED);
cos.writeRawVarint32(98); // Nested message with size larger than parent
cos.writeTag(1000, WireFormat.WIRETYPE_LENGTH_DELIMITED);
cos.writeRawVarint32(100); // Unknown field with size larger than parent
ByteArrayInputStream bais = new ByteArrayInputStream(body);
try {
Reported by PMD.
Line: 223
CodedOutputStream cos = CodedOutputStream.newInstance(body);
cos.writeRawVarint32(90); // Greater than bytes in stream
cos.writeTag(DescriptorProto.ENUM_TYPE_FIELD_NUMBER, WireFormat.WIRETYPE_LENGTH_DELIMITED);
cos.writeRawVarint32(98); // Nested message with size larger than parent
cos.writeTag(1000, WireFormat.WIRETYPE_LENGTH_DELIMITED);
cos.writeRawVarint32(100); // Unknown field with size larger than parent
ByteArrayInputStream bais = new ByteArrayInputStream(body);
try {
DescriptorProto.parseDelimitedFrom(bais);
Reported by PMD.
src/google/protobuf/compiler/command_line_interface.cc
22 issues
Line: 218
Column: 13
CWE codes:
362
20
Suggestion:
Reconsider approach
}
#else
char buffer[PATH_MAX];
int len = readlink("/proc/self/exe", buffer, PATH_MAX);
#endif
if (len > 0) {
path->assign(buffer, len);
return true;
} else {
Reported by FlawFinder.
Line: 108
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#if defined(_WIN32)
// DO NOT include <io.h>, instead create functions in io_win32.{h,cc} and import
// them like we do below.
using google::protobuf::io::win32::access;
using google::protobuf::io::win32::close;
using google::protobuf::io::win32::mkdir;
using google::protobuf::io::win32::open;
using google::protobuf::io::win32::setmode;
using google::protobuf::io::win32::write;
Reported by FlawFinder.
Line: 160
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
bool VerifyDirectoryExists(const std::string& path) {
if (path.empty()) return true;
if (access(path.c_str(), F_OK) == -1) {
std::cerr << path << ": " << strerror(errno) << std::endl;
return false;
} else {
return true;
}
Reported by FlawFinder.
Line: 233
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
bool IsInstalledProtoPath(const std::string& path) {
// Checking the descriptor.proto file should be good enough.
std::string file_path = path + "/google/protobuf/descriptor.proto";
return access(file_path.c_str(), F_OK) != -1;
}
// Add the paths where google/protobuf/descriptor.proto and other well-known
// type protos are installed.
void AddDefaultProtoPaths(
Reported by FlawFinder.
Line: 1349
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
// If the input file path is not a physical file path, it must be a virtual
// path.
if (access(proto->c_str(), F_OK) < 0) {
std::string disk_file;
if (source_tree->VirtualFileToDiskFile(*proto, &disk_file) ||
in_fallback_database) {
return true;
} else {
Reported by FlawFinder.
Line: 1729
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
// Make sure disk path exists, warn otherwise.
if (access(disk_path.c_str(), F_OK) < 0) {
// Try the original path; it may have just happened to have a '=' in it.
if (access(parts[i].c_str(), F_OK) < 0) {
std::cerr << disk_path << ": warning: directory does not exist."
<< std::endl;
} else {
Reported by FlawFinder.
Line: 1731
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
// Make sure disk path exists, warn otherwise.
if (access(disk_path.c_str(), F_OK) < 0) {
// Try the original path; it may have just happened to have a '=' in it.
if (access(parts[i].c_str(), F_OK) < 0) {
std::cerr << disk_path << ": warning: directory does not exist."
<< std::endl;
} else {
virtual_path = "";
disk_path = parts[i];
Reported by FlawFinder.
Line: 206
Column: 5
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
char dirtybuffer[PATH_MAX];
uint32_t size = sizeof(dirtybuffer);
if (_NSGetExecutablePath(dirtybuffer, &size) == 0) {
realpath(dirtybuffer, buffer);
len = strlen(buffer);
}
#elif defined(__FreeBSD__)
char buffer[PATH_MAX];
size_t len = PATH_MAX;
Reported by FlawFinder.
Line: 111
Column: 36
CWE codes:
362
using google::protobuf::io::win32::access;
using google::protobuf::io::win32::close;
using google::protobuf::io::win32::mkdir;
using google::protobuf::io::win32::open;
using google::protobuf::io::win32::setmode;
using google::protobuf::io::win32::write;
#endif
static const char* kDefaultDirectDependenciesViolationMsg =
Reported by FlawFinder.
Line: 197
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Get the absolute path of this protoc binary.
bool GetProtocAbsolutePath(std::string* path) {
#ifdef _WIN32
char buffer[MAX_PATH];
int len = GetModuleFileNameA(NULL, buffer, MAX_PATH);
#elif defined(__APPLE__)
char buffer[PATH_MAX];
int len = 0;
Reported by FlawFinder.
examples/list_people.py
22 issues
Line: 6
Column: 1
# See README.txt for information and build instructions.
from __future__ import print_function
import addressbook_pb2
import sys
# Iterates though all people in the AddressBook and prints info about them.
def ListPeople(address_book):
Reported by Pylint.
Line: 11
Column: 16
# Iterates though all people in the AddressBook and prints info about them.
def ListPeople(address_book):
for person in address_book.people:
print("Person ID:", person.id)
print(" Name:", person.name)
if person.email != "":
print(" E-mail address:", person.email)
Reported by Pylint.
Line: 1
Column: 1
#! /usr/bin/env python
# See README.txt for information and build instructions.
from __future__ import print_function
import addressbook_pb2
import sys
Reported by Pylint.
Line: 7
Column: 1
from __future__ import print_function
import addressbook_pb2
import sys
# Iterates though all people in the AddressBook and prints info about them.
def ListPeople(address_book):
for person in address_book.people:
Reported by Pylint.
Line: 11
Column: 1
# Iterates though all people in the AddressBook and prints info about them.
def ListPeople(address_book):
for person in address_book.people:
print("Person ID:", person.id)
print(" Name:", person.name)
if person.email != "":
print(" E-mail address:", person.email)
Reported by Pylint.
Line: 11
Column: 1
# Iterates though all people in the AddressBook and prints info about them.
def ListPeople(address_book):
for person in address_book.people:
print("Person ID:", person.id)
print(" Name:", person.name)
if person.email != "":
print(" E-mail address:", person.email)
Reported by Pylint.
Line: 12
Column: 1
# Iterates though all people in the AddressBook and prints info about them.
def ListPeople(address_book):
for person in address_book.people:
print("Person ID:", person.id)
print(" Name:", person.name)
if person.email != "":
print(" E-mail address:", person.email)
Reported by Pylint.
Line: 13
Column: 1
# Iterates though all people in the AddressBook and prints info about them.
def ListPeople(address_book):
for person in address_book.people:
print("Person ID:", person.id)
print(" Name:", person.name)
if person.email != "":
print(" E-mail address:", person.email)
for phone_number in person.phones:
Reported by Pylint.
Line: 14
Column: 1
def ListPeople(address_book):
for person in address_book.people:
print("Person ID:", person.id)
print(" Name:", person.name)
if person.email != "":
print(" E-mail address:", person.email)
for phone_number in person.phones:
if phone_number.type == addressbook_pb2.Person.MOBILE:
Reported by Pylint.
Line: 15
Column: 1
for person in address_book.people:
print("Person ID:", person.id)
print(" Name:", person.name)
if person.email != "":
print(" E-mail address:", person.email)
for phone_number in person.phones:
if phone_number.type == addressbook_pb2.Person.MOBILE:
print(" Mobile phone #:", end=" ")
Reported by Pylint.