mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-30 18:41:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/tests/code_quality/flawfinder_ignorelist.json
Anson Chung df35072c8d Refactor GitLab cppcheck and update SAST ignorelists 
Line numbers had to be removed from the ignorelists in order to be
diffed against since locations of the same findings can differ
across runs. Therefore preprocessing has to be done on the CI findings
so that it can be compared to the ignorelist and new findings can be
outputted. However, since line numbers have to be removed, a situation
occurs where it is difficult to reference the location of findings
in code given the output of the CI job.

To lessen this pain, change the cppcheck template to include
code snippets which make it easier to reference where in the code
the finding is referring to, even in the absence of line numbers.
Ignorelisting works as before since locations of the finding may
change but not the code it is referring to.

Furthermore, due to the innate difficulty in maintaining ignorelists
across branches and triaging new findings, allow failure as to not
have constantly failing pipelines as a result of a new findings that
have not been addressed yet.

Lastly, update SAST ignorelists to match the newly refactored cppcheck
job and the current state of the codebase.

All new code of the whole pull request, including one or several
files that are either new files or modified ones, are contributed
under the BSD-new license. I am contributing on behalf of my
employer Amazon Web Services, Inc.
2024-07-08 10:51:48 +01:00

818 lines
27 KiB
JSON
Raw Blame History

{
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "Flawfinder",
"version": "2.0.19",
"informationUri": "https://dwheeler.com/flawfinder/",
"supportedTaxonomies": [
{
"name": "CWE",
"guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
}
]
}
},
"columnKind": "utf16CodeUnits",
"results": [
{
"ruleId": "FF1010",
"level": "error",
"message": {
"text": "buffer/strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/portability/file.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 5,
"endColumn": 39,
"snippet": {
"text": " strncat(buf, path, TOKU_PATH_MAX);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "02af921b7054342955d8e30b196aa5ffdc3b1ac019e26c92823a7ab171d2b1fa"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/logger/logformat.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 5,
"endColumn": 40,
"snippet": {
"text": " chmod(headerpath, S_IRUSR|S_IWUSR);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "085f579f942967e5c81fff75af832721b7b9bc59e54a7a9ebc086065cf56be13"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/portability/file.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 25,
"endColumn": 63,
"snippet": {
"text": " ssize_t s = readlink(fdname, lname, sizeof lname);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "0dba1d2cdc995ccf30ad8fe5ce3ccf8795bd4f5a207f65c627affa2ef388496c"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./extra/mariabackup/xtrabackup.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 17,
"endColumn": 57,
"snippet": {
"text": " ssize_t ret = readlink(\"/proc/self/exe\", buf, size-1);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "11523490c7f8cba115bce125bbce94de5cd5e7f66d4dd07a391aac70fbbdd353"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./client/mysqltest.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 38,
"snippet": {
"text": " err_code= chmod(ds_file.str, mode);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "12a7fa6bbd4c81be975838bae2b7b26fe841acaf9804e6d0299188683e230908"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/writeengine/shared/we_typeext.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 16,
"endColumn": 67,
"snippet": {
"text": " if (fs.chown(fileName.c_str(), uid, gid, funcErrno) == -1)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "16bbd2ed7b8f86182e8f66980ee23b9e0dfe63a9330b7c16a2c2b81a3e8a9377"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 18,
"endColumn": 51,
"snippet": {
"text": " if ((ret = ::chown(objectName, p_uid, p_gid)))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "1882617c363794bedb3e70a4a3be704a3ee928778709b75f971e91ffc7a224b6"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/logger/logformat.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 5,
"endColumn": 38,
"snippet": {
"text": " chmod(codepath, S_IRUSR|S_IWUSR);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "2827dedcdf10af2bf4105f3d48e30575238fa2552603cdcb09d536b288808f0e"
},
"rank": 1.0
},
{
"ruleId": "FF1014",
"level": "error",
"message": {
"text": "buffer/gets:Does not check for buffer overflows (CWE-120, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./extra/readline/tilde.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 24,
"snippet": {
"text": " if (!gets (line))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "34a940ccc6e0248a2cf725e8a0c3f808d1f36d47fc814bd9daadb17f5563d357"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 22,
"endColumn": 51,
"snippet": {
"text": "int PosixFileSystem::chown(const char* objectName,"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "357c9645f4ff806e824ffc5714887bbfaafe92c4387521d0dec855875c0c21e5"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/sql_class.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 10,
"endColumn": 28,
"snippet": {
"text": " (void) chmod(path, 0644);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "3f97fd0452062ab69db87a04222a17c37c216c4e28e2ae3622730da8dd070d2e"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_chmod.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 25,
"snippet": {
"text": " if (chmod(name, mode))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "46805eec1d288b072d4edb3214822220d394307195be79a33ec3bce455d14750"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/signal_handler.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 68,
"snippet": {
"text": " if ((len= readlink(\"/proc/self/cwd\", buff, sizeof(buff)-1)) >= 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "4c4d621e451a67f86c3e999e9dd3ceb2639bf4f63b0a946b7836b01d752ca557"
},
"rank": 1.0
},
{
"ruleId": "FF1010",
"level": "error",
"message": {
"text": "buffer/strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/tests/recovery-datadir-is-file.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 47,
"snippet": {
"text": " strncat(buf, testfile, TOKU_PATH_MAX);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "4ca2dff1e35445f7997a9979cdd006d89befcc89922cf5d4a60bc9c07126a78d"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/primitives/blockcache/fsutils.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 27,
"endColumn": 79,
"snippet": {
"text": " ssize_t realnamelen = readlink(path.string().c_str(), realname, PATH_MAX);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "52b685022ce9db6c7c332217d74745fc48b65e3e00f2cfdbde8f858d28b8aa9f"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_symlink.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 56,
"snippet": {
"text": " if ((length=readlink(filename, to, FN_REFLEN-1)) < 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "7da5207ac0f5baba73c026472a2d3805eed92931852575db64f513702977dd70"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_redel.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 49,
"snippet": {
"text": " if (chown(to, statbuf.st_uid, statbuf.st_gid))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "97d2cfe4cb9428e812b796eb39c27f28dc8b198ab9655c2aff8c442de39bdcfe"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/IDBFileSystem.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 17,
"endColumn": 46,
"snippet": {
"text": " virtual int chown(const char* objectName,"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "9d9d3ce8ec5fe165af2a81280b5f9cccf73ba9fbb388bc2ffff6abdbdeb37458"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/logger/logformat.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 50,
"snippet": {
"text": " chmod(codepath, S_IRUSR|S_IRGRP|S_IROTH);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "a62b28fca5c6218ee4731e78bb3eacb93604fae20c91c69cccad3834973e70d5"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/rocksdb/rocksdb/port/stack_trace.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 54,
"snippet": {
"text": " auto read = readlink(link, name, sizeof(name) - 1);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "acb399f2a4a15ef8da36c47631bc4ee4bcc1bb0577dfbda141d2eb5d7723af40"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_copy.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 46,
"snippet": {
"text": " if (chmod(to, stat_buff.st_mode & 07777))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "bddb795a7efbd73a4387bbd33fd4f9e505b4f759d784e5d51f60cc43011ee610"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_copy.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 55,
"snippet": {
"text": " if (chown(to, stat_buff.st_uid, stat_buff.st_gid))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "c63a81105d753de4762cbcab48d9700f7069da3cd9d57bf4329a6d20fad288aa"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/ft/logger/logformat.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 52,
"snippet": {
"text": " chmod(headerpath, S_IRUSR|S_IRGRP|S_IROTH);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "cc51b21d9b803a08b6c619b63abf77f4ca9ce247db0ef1b81f4bd83dfb95f3d8"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/mysqld.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 71,
"snippet": {
"text": " (void) chmod(mysqld_unix_port,S_IFSOCK);\t/* Fix solaris 2.6 bug */"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "d0c4f1302290e2367e246ef7c8d3ea69589cbc4bc148e0efdd4c283fa03cbe01"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_redel.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 42,
"snippet": {
"text": " if (chmod(to, statbuf.st_mode & 07777))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "e11b8df9cbb9e459e4d67a0af5e627b6b1285c78fe23f5a1c823285da96495a8"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/tokudb/PerconaFT/portability/file.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 29,
"endColumn": 67,
"snippet": {
"text": " ssize_t n = readlink(fname, symname, MY_MAX_PATH);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "e307b1923cc852324e3050b3e4423be7ac4d1d64af274b70b897a85b1cde815f"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 38,
"snippet": {
"text": " int chown(const char* objectName,"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "edadf52c51b65383fbcdec8fcf70136a279635c3c98024e456b364d81f9605f7"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/versioning/BRM/oidserver.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 93,
"snippet": {
"text": " chmod(fFilename.c_str(), 0664); // XXXPAT: override umask at least for testing"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "fab02b6c6609db1b8bb60e7d58130b030d12cced8cf09f8b6ae499171f612a7b"
},
"rank": 1.0
}
],
"externalPropertyFileReferences": {
"taxonomies": [
{
"location": {
"uri": "https://raw.githubusercontent.com/sarif-standard/taxonomies/main/CWE_v4.4.sarif"
},
"guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
}
]
}
}
]
}
Reference in a new issue View git blame Copy permalink