database/mariadb
database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-04-18 21:44:20 +03:00
Code
mariadb/tests/code_quality/flawfinder_ignorelist.json
Otto Kekalainen d1ba623677 All-green GitLab CI in main branch in January 2025 
Ensure that the GitLab CI is green again. Ideally all failures would be
fixed, but at the moment it is not feasible. As the purpose of a CI is
to protect the code base from having new testable regressions slip in,
update the CI pipeline to be all green by disabling multiple failing
test or reduce their scope.

- Avoid timeouts and make buid faster with
  '-DCPACK_RPM_DEBUGINFO_PACKAGE=OFF'

- Remove 'GIT_CLONE_PATH' which isn't universally supported on all
  GitLab instances

- Bump 'MARIADB_MAJOR_VERSION' to current 'main' contents (11.8). Also
  update the upgrade test matrix to modern MariaDB versions.

- Remove UBsan builds as they are failing and can't quickly be fixed,
  along with the MTR test that depended on it.

- Switch the CentOS 7 build to use Amazon Linux 2 instead, which has
  equivalent Fedora package versions, but is still maintained and
  package archive mirrors active.

- Extend skiplist to include currently failing MTR tests. These are not
  quick to fix, so adding them to the skiplist will at least make the
  CI green and allow us to catch any new regressions.

- Drop the default QPS limit in the mini-benchmark.sh to match what is
  currently passing. The drop is large because it wasn't adjusted after
  4016c905 got merged.

- Remove the currently failing faketime tests for 2028 compatibility.

- Remove unnecessary `dependencies:` definitions that have no effect in
  the presence of `needs:`

- Reduce the scope of `cppcheck` to avoid timeouts from job.

- Update the ignorelists for both `cppcheck` and `flawfinder` as the
  jobs were failing. This way the jobs will be green again, and reveal
  is any new commits introduce issues.

- Drop the duplicate `cppcheck` and `flawfinder` job definitions that
  got erroneously merged when both 9c287c0 and f4ce1e4 got merged on the
  `main` branch, when the original intent was to have the latter commit
  only on old MariaDB versions.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer
Amazon Web Services, Inc.
2025-01-29 10:56:08 +11:00

707 lines
24 KiB
JSON
Raw Blame History

{
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "Flawfinder",
"version": "2.0.19",
"informationUri": "https://dwheeler.com/flawfinder/",
"supportedTaxonomies": [
{
"name": "CWE",
"guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
}
]
}
},
"columnKind": "utf16CodeUnits",
"results": [
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_getexe.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 17,
"endColumn": 57,
"snippet": {
"text": " ssize_t ret = readlink(\"/proc/self/exe\", buf, size-1);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "11523490c7f8cba115bce125bbce94de5cd5e7f66d4dd07a391aac70fbbdd353"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./client/mysqltest.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 38,
"snippet": {
"text": " err_code= chmod(ds_file.str, mode);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "12a7fa6bbd4c81be975838bae2b7b26fe841acaf9804e6d0299188683e230908"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/writeengine/shared/we_typeext.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 63,
"snippet": {
"text": " if (fs.chown(fileName.c_str(), uid, gid, funcErrno) == -1)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "16bbd2ed7b8f86182e8f66980ee23b9e0dfe63a9330b7c16a2c2b81a3e8a9377"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 16,
"endColumn": 49,
"snippet": {
"text": " if ((ret = ::chown(objectName, p_uid, p_gid)))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "1882617c363794bedb3e70a4a3be704a3ee928778709b75f971e91ffc7a224b6"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./libmariadb/external/zlib/examples/gun.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 11,
"endColumn": 45,
"snippet": {
"text": " (void)chown(to, was.st_uid, was.st_gid);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "29cdc74512c56c56c73604ac5fd1c08bf2b38845b3aa91f4129ef9424bdb7f7f"
},
"rank": 1.0
},
{
"ruleId": "FF1014",
"level": "error",
"message": {
"text": "buffer/gets:Does not check for buffer overflows (CWE-120, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./extra/readline/tilde.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 24,
"snippet": {
"text": " if (!gets (line))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "34a940ccc6e0248a2cf725e8a0c3f808d1f36d47fc814bd9daadb17f5563d357"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/sql_class.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 10,
"endColumn": 28,
"snippet": {
"text": " (void) chmod(path, 0644);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "3f97fd0452062ab69db87a04222a17c37c216c4e28e2ae3622730da8dd070d2e"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_chmod.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 25,
"snippet": {
"text": " if (chmod(name, mode))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "46805eec1d288b072d4edb3214822220d394307195be79a33ec3bce455d14750"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/signal_handler.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 68,
"snippet": {
"text": " if ((len= readlink(\"/proc/self/cwd\", buff, sizeof(buff)-1)) >= 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "4c4d621e451a67f86c3e999e9dd3ceb2639bf4f63b0a946b7836b01d752ca557"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/primitives/blockcache/fsutils.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 25,
"endColumn": 77,
"snippet": {
"text": " ssize_t realnamelen = readlink(path.string().c_str(), realname, PATH_MAX);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "52b685022ce9db6c7c332217d74745fc48b65e3e00f2cfdbde8f858d28b8aa9f"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/IDBFileSystem.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 104,
"snippet": {
"text": " virtual int chown(const char* objectName, const uid_t p_uid, const gid_t p_pid, int& funcErrno) const"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "5eb02dbd4395b5c1a30be2665e0db914b8a6fcc6997ae18f8cc8651ec2e788cb"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./libmariadb/external/zlib/examples/gun.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 11,
"endColumn": 42,
"snippet": {
"text": " (void)chmod(to, was.st_mode & 07777);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "6044966208b061aada8a837a2be969922745fc7d445f7429417ab77f19c40fa5"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/tools/passwd/secrets.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 40,
"snippet": {
"text": " if (chmod(filepathc, S_IRUSR) == 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "6f7b5195eb8526770ad61729bd310387d05d0407d1be5dc902f7116e365f4232"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/tools/passwd/secrets.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 13,
"endColumn": 71,
"snippet": {
"text": " if (chown(filepathc, userinfo->pw_uid, userinfo->pw_gid) == 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "745b105be1b6a7c1e78f52a190edb9aaa848acd9c284c18f40e8a613520ae3df"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/versioning/BRM/oidserver.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 86,
"snippet": {
"text": " chmod(fFilename.c_str(), 0664); // XXXPAT: override umask at least for testing"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "7ccf3c7811cbce45e635a9fd32003a9477eeee78679105dd973ad921fb72672a"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_symlink.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 56,
"snippet": {
"text": " if ((length=readlink(filename, to, FN_REFLEN-1)) < 0)"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "7da5207ac0f5baba73c026472a2d3805eed92931852575db64f513702977dd70"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.h",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 106,
"snippet": {
"text": " int chown(const char* objectName, const uid_t p_uid, const gid_t p_pid, int& funcErrno) const override;"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "837ef3ca85cb450e25a7db58e83d60ce5268b46e9130f6e47d781aff97b9a832"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/columnstore/columnstore/utils/idbdatafile/PosixFileSystem.cpp",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 22,
"endColumn": 111,
"snippet": {
"text": "int PosixFileSystem::chown(const char* objectName, const uid_t p_uid, const gid_t p_gid, int& funcErrno) const"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "92873ab0b24cc9dc2ab7ec959968b3d3568e0d9e92b1659c4f823c322397f33a"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_redel.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 49,
"snippet": {
"text": " if (chown(to, statbuf.st_uid, statbuf.st_gid))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "97d2cfe4cb9428e812b796eb39c27f28dc8b198ab9655c2aff8c442de39bdcfe"
},
"rank": 1.0
},
{
"ruleId": "FF1035",
"level": "error",
"message": {
"text": "race/readlink:This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./storage/rocksdb/rocksdb/port/stack_trace.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 15,
"endColumn": 54,
"snippet": {
"text": " auto read = readlink(link, name, sizeof(name) - 1);"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "acb399f2a4a15ef8da36c47631bc4ee4bcc1bb0577dfbda141d2eb5d7723af40"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_copy.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 46,
"snippet": {
"text": " if (chmod(to, stat_buff.st_mode & 07777))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "bddb795a7efbd73a4387bbd33fd4f9e505b4f759d784e5d51f60cc43011ee610"
},
"rank": 1.0
},
{
"ruleId": "FF1031",
"level": "error",
"message": {
"text": "race/chown:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_copy.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 9,
"endColumn": 55,
"snippet": {
"text": " if (chown(to, stat_buff.st_uid, stat_buff.st_gid))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "c63a81105d753de4762cbcab48d9700f7069da3cd9d57bf4329a6d20fad288aa"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./sql/mysqld.cc",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 12,
"endColumn": 71,
"snippet": {
"text": " (void) chmod(mysqld_unix_port,S_IFSOCK);\t/* Fix solaris 2.6 bug */"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "d0c4f1302290e2367e246ef7c8d3ea69589cbc4bc148e0efdd4c283fa03cbe01"
},
"rank": 1.0
},
{
"ruleId": "FF1033",
"level": "error",
"message": {
"text": "race/chmod:This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362)."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "./mysys/my_redel.c",
"uriBaseId": "SRCROOT"
},
"region": {
"startColumn": 7,
"endColumn": 42,
"snippet": {
"text": " if (chmod(to, statbuf.st_mode & 07777))"
}
}
}
}
],
"fingerprints": {
"contextHash/v1": "e11b8df9cbb9e459e4d67a0af5e627b6b1285c78fe23f5a1c823285da96495a8"
},
"rank": 1.0
}
],
"externalPropertyFileReferences": {
"taxonomies": [
{
"location": {
"uri": "https://raw.githubusercontent.com/sarif-standard/taxonomies/main/CWE_v4.4.sarif"
},
"guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
}
]
}
}
]
}
View Git Blame Copy Permalink