mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-27 17:33:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/tests/code_quality/flawfinder_ignorelist.json
Robin Newhouse 9c287c0a90 All-green GitLab CI in 11.0 branch 
Include cppcheck and FlawFinder for SAST scanning.
Ignorelists are present for both, so only new problems will trigger a CI
failure.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer
Amazon Web Services, Inc.
2023-03-30 14:55:24 +03:00

706 lines
24 KiB
JSON
Raw Blame History

{
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "Flawfinder",
"version": "2.0.19",
"informationUri": "https://dwheeler.com/flawfinder/",
"supportedTaxonomies": [
{
"name": "CWE",
"guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
}
]
}
},
"columnKind": "utf16CodeUnits",
"results": [
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./extra/mariabackup/xtrabackup.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 17,
"endColumn": 57,
"snippet": {
"text": " ssize_t ret = readlink(\"/proc/self/exe\", buf, size-1);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "11523490c7f8cba115bce125bbce94de5cd5e7f66d4dd07a391aac70fbbdd353"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./client/mysqltest.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 38,
"snippet": {
"text": " err_code= chmod(ds_file.str, mode);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "12a7fa6bbd4c81be975838bae2b7b26fe841acaf9804e6d0299188683e230908"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/writeengine/shared/we_typeext.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 63,
"snippet": {
"text": " if (fs.chown(fileName.c_str(), uid, gid, funcErrno) == -1)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "16bbd2ed7b8f86182e8f66980ee23b9e0dfe63a9330b7c16a2c2b81a3e8a9377"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 16,
"endColumn": 49,
"snippet": {
"text": " if ((ret = ::chown(objectName, p_uid, p_gid)))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "1882617c363794bedb3e70a4a3be704a3ee928778709b75f971e91ffc7a224b6"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./libmariadb/external/zlib/examples/gun.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 11,
"endColumn": 45,
"snippet": {
"text": " (void)chown(to, was.st_uid, was.st_gid);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "29cdc74512c56c56c73604ac5fd1c08bf2b38845b3aa91f4129ef9424bdb7f7f"
},
"rank": 1.0
},
{
"ruleId": "FF1014",
"level": "error",
"message": {
"text": "buffer/gets:Does not check for buffer overflows (CWE-120, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./extra/readline/tilde.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 24,
"snippet": {
"text": " if (!gets (line))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "34a940ccc6e0248a2cf725e8a0c3f808d1f36d47fc814bd9daadb17f5563d357"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/sql_class.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 10,
"endColumn": 28,
"snippet": {
"text": " (void) chmod(path, 0644);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "3f97fd0452062ab69db87a04222a17c37c216c4e28e2ae3622730da8dd070d2e"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_chmod.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 25,
"snippet": {
"text": " if (chmod(name, mode))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "46805eec1d288b072d4edb3214822220d394307195be79a33ec3bce455d14750"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/signal_handler.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 68,
"snippet": {
"text": " if ((len= readlink(\"/proc/self/cwd\", buff, sizeof(buff)-1)) >= 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "4c4d621e451a67f86c3e999e9dd3ceb2639bf4f63b0a946b7836b01d752ca557"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/primitives/blockcache/fsutils.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 25,
"endColumn": 77,
"snippet": {
"text": " ssize_t realnamelen = readlink(path.string().c_str(), realname, PATH_MAX);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "52b685022ce9db6c7c332217d74745fc48b65e3e00f2cfdbde8f858d28b8aa9f"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/IDBFileSystem.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 104,
"snippet": {
"text": " virtual int chown(const char* objectName, const uid_t p_uid, const gid_t p_pid, int& funcErrno) const"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "5eb02dbd4395b5c1a30be2665e0db914b8a6fcc6997ae18f8cc8651ec2e788cb"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./libmariadb/external/zlib/examples/gun.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 11,
"endColumn": 42,
"snippet": {
"text": " (void)chmod(to, was.st_mode & 07777);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "6044966208b061aada8a837a2be969922745fc7d445f7429417ab77f19c40fa5"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/tools/passwd/secrets.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 40,
"snippet": {
"text": " if (chmod(filepathc, S_IRUSR) == 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "6f7b5195eb8526770ad61729bd310387d05d0407d1be5dc902f7116e365f4232"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/tools/passwd/secrets.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 71,
"snippet": {
"text": " if (chown(filepathc, userinfo->pw_uid, userinfo->pw_gid) == 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "745b105be1b6a7c1e78f52a190edb9aaa848acd9c284c18f40e8a613520ae3df"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/versioning/BRM/oidserver.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 86,
"snippet": {
"text": " chmod(fFilename.c_str(), 0664); // XXXPAT: override umask at least for testing"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "7ccf3c7811cbce45e635a9fd32003a9477eeee78679105dd973ad921fb72672a"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_symlink.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 56,
"snippet": {
"text": " if ((length=readlink(filename, to, FN_REFLEN-1)) < 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "7da5207ac0f5baba73c026472a2d3805eed92931852575db64f513702977dd70"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 106,
"snippet": {
"text": " int chown(const char* objectName, const uid_t p_uid, const gid_t p_pid, int& funcErrno) const override;"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "837ef3ca85cb450e25a7db58e83d60ce5268b46e9130f6e47d781aff97b9a832"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 22,
"endColumn": 111,
"snippet": {
"text": "int PosixFileSystem::chown(const char* objectName, const uid_t p_uid, const gid_t p_gid, int& funcErrno) const"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "92873ab0b24cc9dc2ab7ec959968b3d3568e0d9e92b1659c4f823c322397f33a"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_redel.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 49,
"snippet": {
"text": " if (chown(to, statbuf.st_uid, statbuf.st_gid))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "97d2cfe4cb9428e812b796eb39c27f28dc8b198ab9655c2aff8c442de39bdcfe"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/rocksdb/rocksdb/port/stack_trace.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 54,
"snippet": {
"text": " auto read = readlink(link, name, sizeof(name) - 1);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "acb399f2a4a15ef8da36c47631bc4ee4bcc1bb0577dfbda141d2eb5d7723af40"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_copy.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 46,
"snippet": {
"text": " if (chmod(to, stat_buff.st_mode & 07777))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "bddb795a7efbd73a4387bbd33fd4f9e505b4f759d784e5d51f60cc43011ee610"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_copy.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 55,
"snippet": {
"text": " if (chown(to, stat_buff.st_uid, stat_buff.st_gid))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "c63a81105d753de4762cbcab48d9700f7069da3cd9d57bf4329a6d20fad288aa"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/mysqld.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 71,
"snippet": {
"text": " (void) chmod(mysqld_unix_port,S_IFSOCK);\t/* Fix solaris 2.6 bug */"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "d0c4f1302290e2367e246ef7c8d3ea69589cbc4bc148e0efdd4c283fa03cbe01"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_redel.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 42,
"snippet": {
"text": " if (chmod(to, statbuf.st_mode & 07777))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "e11b8df9cbb9e459e4d67a0af5e627b6b1285c78fe23f5a1c823285da96495a8"
},
"rank": 1.0
}
],
"externalPropertyFileReferences": {
"taxonomies": [
{
"location": {
"uri": "https://raw.githubusercontent.com/sarif-standard/taxonomies/main/CWE_v4.4.sarif"
},
"guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
}
]
}
}
]
}
Reference in a new issue View git blame Copy permalink