The following issues were found
python/google/__init__.py
3 issues
Line: 1
Column: 1
try:
__import__('pkg_resources').declare_namespace(__name__)
except ImportError:
__path__ = __import__('pkgutil').extend_path(__path__, __name__)
Reported by Pylint.
Line: 2
Column: 1
try:
__import__('pkg_resources').declare_namespace(__name__)
except ImportError:
__path__ = __import__('pkgutil').extend_path(__path__, __name__)
Reported by Pylint.
Line: 4
Column: 1
try:
__import__('pkg_resources').declare_namespace(__name__)
except ImportError:
__path__ = __import__('pkgutil').extend_path(__path__, __name__)
Reported by Pylint.
src/google/protobuf/stubs/common.cc
3 issues
Line: 46
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define WIN32_LEAN_AND_MEAN // We only need minimal includes
#endif
#include <windows.h>
#define snprintf _snprintf // see comment in strutil.cc
#elif defined(HAVE_PTHREAD)
#include <pthread.h>
#else
#error "No suitable threading library available."
#endif
Reported by FlawFinder.
Line: 46
Column: 18
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define WIN32_LEAN_AND_MEAN // We only need minimal includes
#endif
#include <windows.h>
#define snprintf _snprintf // see comment in strutil.cc
#elif defined(HAVE_PTHREAD)
#include <pthread.h>
#else
#error "No suitable threading library available."
#endif
Reported by FlawFinder.
Line: 106
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// 128 bytes should always be enough, but we use snprintf() anyway to be
// safe.
char buffer[128];
snprintf(buffer, sizeof(buffer), "%d.%d.%d", major, minor, micro);
// Guard against broken MSVC snprintf().
buffer[sizeof(buffer)-1] = '\0';
Reported by FlawFinder.
src/google/protobuf/compiler/objectivec/objectivec_field.cc
3 issues
Line: 78
Column: 34
CWE codes:
120
(*variables)["raw_field_name"] = raw_field_name;
(*variables)["field_number_name"] =
classname + "_FieldNumber_" + capitalized_name;
(*variables)["field_number"] = StrCat(descriptor->number());
(*variables)["field_type"] = GetCapitalizedType(descriptor);
(*variables)["deprecated_attribute"] = GetOptionalDeprecatedAttribute(descriptor);
std::vector<std::string> field_flags;
if (descriptor->is_repeated()) field_flags.push_back("GPBFieldRepeated");
if (descriptor->is_required()) field_flags.push_back("GPBFieldRequired");
Reported by FlawFinder.
Line: 229
Column: 29
CWE codes:
120
}
void FieldGenerator::SetRuntimeHasBit(int has_index) {
variables_["has_index"] = StrCat(has_index);
}
void FieldGenerator::SetNoHasBit(void) {
variables_["has_index"] = "GPBNoHasBit";
}
Reported by FlawFinder.
Line: 253
Column: 31
CWE codes:
120
if (oneof != NULL) {
int index = oneof->index() + index_base;
// Flip the sign to mark it as a oneof.
variables_["has_index"] = StrCat(-index);
}
}
bool FieldGenerator::WantsHasProperty(void) const {
return descriptor_->has_presence() && !descriptor_->real_containing_oneof();
Reported by FlawFinder.
php/ext/google/protobuf/protobuf.c
2 issues
Line: 244
Column: 57
CWE codes:
126
void NameMap_AddMessage(const upb_msgdef *m) {
char *k = GetPhpClassname(upb_msgdef_file(m), upb_msgdef_fullname(m));
zend_hash_str_add_ptr(&PROTOBUF_G(name_msg_cache), k, strlen(k), (void*)m);
free(k);
}
void NameMap_AddEnum(const upb_enumdef *e) {
char *k = GetPhpClassname(upb_enumdef_file(e), upb_enumdef_fullname(e));
Reported by FlawFinder.
Line: 250
Column: 58
CWE codes:
126
void NameMap_AddEnum(const upb_enumdef *e) {
char *k = GetPhpClassname(upb_enumdef_file(e), upb_enumdef_fullname(e));
zend_hash_str_add_ptr(&PROTOBUF_G(name_enum_cache), k, strlen(k), (void*)e);
free(k);
}
const upb_msgdef *NameMap_GetMessage(zend_class_entry *ce) {
const upb_msgdef *ret =
Reported by FlawFinder.
php/ext/google/protobuf/map.c
2 issues
Line: 645
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MapField_class_entry->create_object = MapField_create;
h = &MapField_object_handlers;
memcpy(h, &std_object_handlers, sizeof(zend_object_handlers));
h->dtor_obj = MapField_destructor;
#if PHP_VERSION_ID < 80000
h->compare_objects = MapField_compare_objects;
#else
h->compare = MapField_compare_objects;
Reported by FlawFinder.
Line: 666
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MapFieldIter_class_entry->create_object = MapFieldIter_create;
h = &MapFieldIter_object_handlers;
memcpy(h, &std_object_handlers, sizeof(zend_object_handlers));
h->dtor_obj = map_field_iter_dtor;
}
Reported by FlawFinder.
php/ext/google/protobuf/array.c
2 issues
Line: 649
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
RepeatedField_class_entry->create_object = RepeatedField_create;
h = &RepeatedField_object_handlers;
memcpy(h, &std_object_handlers, sizeof(zend_object_handlers));
h->dtor_obj = RepeatedField_destructor;
#if PHP_VERSION_ID < 80000
h->compare_objects = RepeatedField_compare_objects;
#else
h->compare = RepeatedField_compare_objects;
Reported by FlawFinder.
Line: 670
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
RepeatedFieldIter_class_entry->create_object = RepeatedFieldIter_create;
h = &repeated_field_iter_object_handlers;
memcpy(h, &std_object_handlers, sizeof(zend_object_handlers));
h->dtor_obj = RepeatedFieldIter_dtor;
}
Reported by FlawFinder.
java/core/src/main/java/com/google/protobuf/Writer.java
2 issues
Line: 31
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.google.protobuf;
import java.io.IOException;
import java.util.List;
import java.util.Map;
Reported by PMD.
Line: 39
/** A writer that performs serialization of protobuf message fields. */
@ExperimentalApi
interface Writer {
/** The order in which the fields are written by a {@link Writer}. */
enum FieldOrder {
/** Fields are written in ascending order by field number. */
ASCENDING,
Reported by PMD.
java/core/src/main/java/com/google/protobuf/TextFormatParseLocation.java
2 issues
Line: 93
return false;
}
TextFormatParseLocation that = (TextFormatParseLocation) o;
return (this.line == that.getLine()) && (this.column == that.getColumn());
}
@Override
public int hashCode() {
int[] values = {line, column};
Reported by PMD.
Line: 93
return false;
}
TextFormatParseLocation that = (TextFormatParseLocation) o;
return (this.line == that.getLine()) && (this.column == that.getColumn());
}
@Override
public int hashCode() {
int[] values = {line, column};
Reported by PMD.
java/core/src/main/java/com/google/protobuf/Reader.java
2 issues
Line: 31
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.google.protobuf;
import java.io.IOException;
import java.util.List;
import java.util.Map;
Reported by PMD.
Line: 40
/** A reader of fields from a serialized protobuf message. */
// TODO(nathanmittler): Refactor to allow the reader to allocate properly sized lists.
@ExperimentalApi
interface Reader {
/** Value used to indicate that the end of input has been reached. */
int READ_DONE = Integer.MAX_VALUE;
/** Value used to indicate that the reader does not know the tag about the field. */
int TAG_UNKNOWN = 0;
Reported by PMD.
java/core/src/main/java/com/google/protobuf/MessageLite.java
2 issues
Line: 133
Builder toBuilder();
/** Abstract interface implemented by Protocol Message builders. */
interface Builder extends MessageLiteOrBuilder, Cloneable {
/** Resets all fields to their default values. */
Builder clear();
/**
* Constructs the message based on the state of the Builder. Subsequent changes to the Builder
Reported by PMD.
Line: 159
*
* @see Object#clone()
*/
Builder clone();
/**
* Parses a message of this type from the input and merges it with this message.
*
* <p>Warning: This does not verify that all required fields are present in the input message.
Reported by PMD.