mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-29 02:05:57 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/tests/code_quality/flawfinder_ignorelist.json
Robin Newhouse f4ce1e487e All-green GitLab CI in 10.4 branch 
Note to mergers: Do not merge this commit to 10.5+. An additional PR
will be created for the 10.5 branch which is compatible with later
branches.

Include cppcheck and FlawFinder for SAST scanning.

From 10.6, cherry-picked 12bf5c46 (Remove unused French translations in
Connect engine) and c6072ed9 (Ensure that source files contain only
valid UTF8 encodings). Necessary for FlawFinder to execute and useful
anyway.

Removing MSAN build and test as it was not introduced until 10.5 and
does not successfully build.

Remove failing upgrade test since Fedora installs MariaDB 10.5 and the
10.5->10.4 upgrade rightfully complains

Add to skiplist failing test: main.func_math (MDEV-20966)

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer
Amazon Web Services, Inc.
2023-05-19 13:21:34 +01:00

622 lines
21 KiB
JSON
Raw Blame History

{
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "Flawfinder",
"version": "2.0.19",
"informationUri": "https://dwheeler.com/flawfinder/",
"supportedTaxonomies": [
{
"name": "CWE",
"guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
}
]
}
},
"columnKind": "utf16CodeUnits",
"results": [
{
"ruleId": "FF1010",
"level": "error",
"message": {
"text": "buffer/strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/portability/file.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 5,
"endColumn": 39,
"snippet": {
"text": " strncat(buf, path, TOKU_PATH_MAX);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "02af921b7054342955d8e30b196aa5ffdc3b1ac019e26c92823a7ab171d2b1fa"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/logger/logformat.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 5,
"endColumn": 40,
"snippet": {
"text": " chmod(headerpath, S_IRUSR|S_IWUSR);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "085f579f942967e5c81fff75af832721b7b9bc59e54a7a9ebc086065cf56be13"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/portability/file.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 25,
"endColumn": 63,
"snippet": {
"text": " ssize_t s = readlink(fdname, lname, sizeof lname);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "0dba1d2cdc995ccf30ad8fe5ce3ccf8795bd4f5a207f65c627affa2ef388496c"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./extra/mariabackup/xtrabackup.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 17,
"endColumn": 57,
"snippet": {
"text": " ssize_t ret = readlink(\"/proc/self/exe\", buf, size-1);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "11523490c7f8cba115bce125bbce94de5cd5e7f66d4dd07a391aac70fbbdd353"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./client/mysqltest.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 38,
"snippet": {
"text": " err_code= chmod(ds_file.str, mode);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "12a7fa6bbd4c81be975838bae2b7b26fe841acaf9804e6d0299188683e230908"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/logger/logformat.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 5,
"endColumn": 38,
"snippet": {
"text": " chmod(codepath, S_IRUSR|S_IWUSR);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "2827dedcdf10af2bf4105f3d48e30575238fa2552603cdcb09d536b288808f0e"
},
"rank": 1.0
},
{
"ruleId": "FF1014",
"level": "error",
"message": {
"text": "buffer/gets:Does not check for buffer overflows (CWE-120, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./extra/readline/tilde.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 24,
"snippet": {
"text": " if (!gets (line))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "34a940ccc6e0248a2cf725e8a0c3f808d1f36d47fc814bd9daadb17f5563d357"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/sql_class.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 10,
"endColumn": 28,
"snippet": {
"text": " (void) chmod(path, 0644);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "3f97fd0452062ab69db87a04222a17c37c216c4e28e2ae3622730da8dd070d2e"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_chmod.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 25,
"snippet": {
"text": " if (chmod(name, mode))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "46805eec1d288b072d4edb3214822220d394307195be79a33ec3bce455d14750"
},
"rank": 1.0
},
{
"ruleId": "FF1010",
"level": "error",
"message": {
"text": "buffer/strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/tests/recovery-datadir-is-file.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 47,
"snippet": {
"text": " strncat(buf, testfile, TOKU_PATH_MAX);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "4ca2dff1e35445f7997a9979cdd006d89befcc89922cf5d4a60bc9c07126a78d"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_symlink.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 56,
"snippet": {
"text": " if ((length=readlink(filename, to, FN_REFLEN-1)) < 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "7da5207ac0f5baba73c026472a2d3805eed92931852575db64f513702977dd70"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_redel.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 49,
"snippet": {
"text": " if (chown(to, statbuf.st_uid, statbuf.st_gid))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "97d2cfe4cb9428e812b796eb39c27f28dc8b198ab9655c2aff8c442de39bdcfe"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/logger/logformat.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 50,
"snippet": {
"text": " chmod(codepath, S_IRUSR|S_IRGRP|S_IROTH);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "a62b28fca5c6218ee4731e78bb3eacb93604fae20c91c69cccad3834973e70d5"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/rocksdb/rocksdb/port/stack_trace.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 54,
"snippet": {
"text": " auto read = readlink(link, name, sizeof(name) - 1);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "acb399f2a4a15ef8da36c47631bc4ee4bcc1bb0577dfbda141d2eb5d7723af40"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/signal_handler.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 66,
"snippet": {
"text": " if ((len= readlink(\"/proc/self/cwd\", buff, sizeof(buff))) >= 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "b55a5f3db29b1ce25e12f94e4ea344ed7fb0e63a230cf6b6deb42c28de924457"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_copy.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 46,
"snippet": {
"text": " if (chmod(to, stat_buff.st_mode & 07777))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "bddb795a7efbd73a4387bbd33fd4f9e505b4f759d784e5d51f60cc43011ee610"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_copy.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 55,
"snippet": {
"text": " if (chown(to, stat_buff.st_uid, stat_buff.st_gid))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "c63a81105d753de4762cbcab48d9700f7069da3cd9d57bf4329a6d20fad288aa"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/logger/logformat.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 52,
"snippet": {
"text": " chmod(headerpath, S_IRUSR|S_IRGRP|S_IROTH);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "cc51b21d9b803a08b6c619b63abf77f4ca9ce247db0ef1b81f4bd83dfb95f3d8"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/mysqld.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 71,
"snippet": {
"text": " (void) chmod(mysqld_unix_port,S_IFSOCK);\t/* Fix solaris 2.6 bug */"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "d0c4f1302290e2367e246ef7c8d3ea69589cbc4bc148e0efdd4c283fa03cbe01"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_redel.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 42,
"snippet": {
"text": " if (chmod(to, statbuf.st_mode & 07777))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "e11b8df9cbb9e459e4d67a0af5e627b6b1285c78fe23f5a1c823285da96495a8"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/portability/file.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 29,
"endColumn": 67,
"snippet": {
"text": " ssize_t n = readlink(fname, symname, MY_MAX_PATH);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "e307b1923cc852324e3050b3e4423be7ac4d1d64af274b70b897a85b1cde815f"
},
"rank": 1.0
}
],
"externalPropertyFileReferences": {
"taxonomies": [
{
"location": {
"uri": "https://raw.githubusercontent.com/sarif-standard/taxonomies/main/CWE_v4.4.sarif"
},
"guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
}
]
}
}
]
}
Reference in a new issue View git blame Copy permalink