Home / firecracker-microvm / firecracker
Repository Analysis

firecracker-microvm/firecracker

Secure and fast microVMs for serverless computing.

4.0 Likely human-written View on GitHub
4.0
Adjusted Score
4.0
Raw Score
100%
Time Factor
2026-05-29
Last Push
34,666
Stars
Rust
Language
192,767
Lines of Code
659
Files
656
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 2HIGH 5MEDIUM 30LOW 619

Pattern Findings

656 matches across 13 categories. Click a row to expand file-level details.

Over-Commented Block377 hits · 377 pts
SeverityFileLineSnippet
LOWrust-toolchain.toml1# Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtools/ab_test.py321 ), "A and B run produced incomparable data. This is a bug in the test!"
LOWtools/ab_test.py341 # of the parameterization.
LOWresources/rootfs/overlay/usr/local/bin/readmem.c1// Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWresources/rootfs/overlay/usr/local/bin/init.c1// Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWresources/rootfs/overlay/usr/local/bin/fillmem.c1// Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOW…/rootfs/overlay/usr/local/bin/fast_page_fault_helper.c1// Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/conftest.py541# Tests get a microVM by requesting one of:
LOW…sts/integration_tests/security/test_vulnerabilities.py141 # =============================
LOWtests/integration_tests/security/__init__.py1# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/integration_tests/style/__init__.py1# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/integration_tests/style/test_licenses.py141
LOWtests/integration_tests/performance/__init__.py1# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/integration_tests/performance/test_huge_pages.py21
LOWtests/integration_tests/performance/test_huge_pages.py41 # Referenced: 0 kB
LOW…tegration_tests/functional/test_cpu_template_helper.py101 return cpu_config_dict
LOW…tegration_tests/functional/test_cpu_template_helper.py121 # is 0 on all tested platforms. On the other hand, the userspace cpuid
LOW…tegration_tests/functional/test_cpu_template_helper.py141 # CPUID.20000000h is not documented in Intel SDM and AMD APM. KVM doesn't
LOW…tegration_tests/functional/test_cpu_template_helper.py181# List of MSR indices that should not be tested due to its mutability or inavailablility
LOW…tegration_tests/functional/test_cpu_template_helper.py201 # SYSENTER.
LOW…tegration_tests/functional/test_cpu_template_helper.py221 # MSR_KVM_STEAL_TIME indicates CPU steal time filled in by the hypervisor
LOW…/integration_tests/functional/test_net_config_space.py201 #
LOWtests/integration_tests/functional/__init__.py1# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/integration_tests/functional/test_vsock.py101
LOW…on_tests/functional/test_cpu_features_host_vs_guest.py161}
LOW…on_tests/functional/test_cpu_features_host_vs_guest.py301 # physical memory of a system. TME is enabled by system BIOS/hardware and applies to
LOW…on_tests/functional/test_cpu_features_host_vs_guest.py321 # (resource control) capabilities including Cache Allocation Technology (CAT) and
LOW…on_tests/functional/test_cpu_features_host_vs_guest.py361 # Hardware Feedback Interface (HFI) is a feature that gives OSes a performance
LOW…tegration_tests/functional/test_cpu_features_x86_64.py201 # Assert the guest frequency matches the host frequency
LOWtests/framework/utils_vsock.py201 # Link the listening Unix socket into the VM's jail, so that
LOWtests/framework/http_api.py21 def __init__(self):
LOWtests/host_tools/sysgenid.c1// Copyright 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/host_tools/change_net_config_space.c1// Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/host_tools/vmclock.c1// Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/host_tools/vsock_helper.c1// Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/host_tools/test_syscalls.c1// Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOWtests/host_tools/devmem.c1// Copyright 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved.
LOW.cargo/audit.toml1[advisories]
LOWsrc/jailer/src/env.rs41const DEV_NET_TUN_MINOR: u32 = 200;
LOWsrc/jailer/src/env.rs81// pid namespace, we will call clone with a NULL stack pointer. We can do this because we will
LOWsrc/jailer/src/env.rs321 NO_FILE_ARG => resource_limits.set_no_file(limit_value),
LOWsrc/jailer/src/env.rs681 .iter()
LOWsrc/jailer/src/cgroup.rs41 // search PROC_MOUNTS for cgroup mount points
LOWsrc/jailer/src/cgroup.rs241}
LOWsrc/jailer/src/cgroup.rs261// on the following helper function) helps with propagating the values.
LOWsrc/jailer/src/resource_limits.rs21 RlimitFsize,
LOWsrc/jailer/src/resource_limits.rs41 // c_uint (which is an u32)
LOWsrc/clippy-tracing/src/main.rs21#[derive(Parser)]
LOWsrc/acpi-tables/src/aml.rs201}
LOWsrc/acpi-tables/src/aml.rs1241
LOWsrc/acpi-tables/src/aml.rs1301 .unwrap()
LOWsrc/acpi-tables/src/aml.rs1321 // 0x0CF8, // Length
LOWsrc/acpi-tables/src/aml.rs1341 // 0x00000000, // Translation Offset
LOWsrc/acpi-tables/src/aml.rs1621 [0x14, 0x09, 0x5F, 0x53, 0x54, 0x41, 0x00, 0xA4, 0x0A, 0x0F]
LOWsrc/acpi-tables/src/aml.rs1861
LOWsrc/acpi-tables/src/aml.rs1981 // {
LOWsrc/acpi-tables/src/fadt.rs21
LOWsrc/acpi-tables/src/rsdp.rs1// Copyright © 2019 Intel Corporation
LOWsrc/utils/src/time.rs181/// Converts a timestamp in seconds to an equivalent one in nanoseconds.
LOWsrc/vmm/src/persist.rs101/// This describes the mapping between Firecracker base virtual address and
317 more matches not shown…
Hyper-Verbose Identifiers191 hits · 192 pts
SeverityFileLineSnippet
LOWtests/conftest.py95def pytest_runtest_makereport(item, call): # pylint:disable=unused-argument
LOWtests/conftest.py225def test_fc_session_root_path():
LOWtests/conftest.py263def change_net_config_space_bin(test_fc_session_root_path):
LOWtests/README.md476def test_with_any_microvm_and_my_init(test_microvm_any):
LOWtests/integration_tests/security/test_fips.py55def test_fips_rng_reseed_on_snapshot_restore(uvm_with_fips, microvm_factory):
LOWtests/integration_tests/security/test_fips.py70def test_fips_reseeded_kernel_csprng(fips_snapshot_pair):
LOWtests/integration_tests/security/test_fips.py83def test_fips_reseeded_userspace_csprng(fips_snapshot_pair):
LOWtests/integration_tests/security/test_seccomp.py180def test_default_seccomp_level(uvm):
LOWtests/integration_tests/security/test_jail.py114def test_exec_destination_path_is_symlink(uvm):
LOWtests/integration_tests/security/test_jail.py134def test_exec_destination_path_is_hardlink(uvm):
LOWtests/integration_tests/security/test_jail.py154def test_default_chroot_hierarchy(uvm):
LOWtests/integration_tests/security/test_jail.py209def test_arbitrary_usocket_location(uvm):
LOWtests/integration_tests/security/test_jail.py245 def enable_controller_in_subtree(self, cgname, controller):
LOWtests/integration_tests/security/test_jail.py372def test_cgroups_custom_parent(uvm, cgroups_info):
LOWtests/integration_tests/security/test_jail.py427def test_cgroups_without_numa(uvm, cgroups_info):
LOWtests/integration_tests/security/test_jail.py464def test_cgroups_parent_cgroup_but_no_cgroup(
LOWtests/integration_tests/security/test_jail.py527def test_args_default_resource_limits(uvm):
LOWtests/integration_tests/security/test_jail.py551def test_args_resource_limits(uvm):
LOWtests/integration_tests/security/test_jail.py567def test_positive_file_size_limit(uvm):
LOWtests/integration_tests/security/test_jail.py585def test_negative_file_size_limit(uvm):
LOWtests/integration_tests/security/test_jail.py621def test_negative_no_file_limit(uvm):
LOWtests/integration_tests/security/test_jail.py640def test_new_pid_ns_resource_limits(uvm):
LOWtests/integration_tests/security/test_jail.py696def test_firecracker_kill_by_pid(uvm, daemonize, new_pid_ns):
LOW…sts/integration_tests/security/test_vulnerabilities.py102def download_spectre_meltdown_checker(tmp_path_factory):
LOW…sts/integration_tests/security/test_vulnerabilities.py116def test_spectre_meltdown_checker_on_host(spectre_meltdown_checker):
LOW…sts/integration_tests/security/test_vulnerabilities.py127def test_vulnerabilities_on_host():
LOW…sts/integration_tests/security/test_vulnerabilities.py134def get_vuln_files_exception_dict(template):
LOW…sts/integration_tests/security/test_vulnerabilities.py167def check_vulnerabilities_files_on_guest(microvm):
LOW…sts/integration_tests/security/test_vulnerabilities.py232def test_check_vulnerability_files_ab(request, uvm_any):
LOW…sts/integration_tests/security/test_vulnerabilities.py246def test_spectre_meltdown_checker_on_guest(
LOWtests/integration_tests/security/test_nv.py23def test_no_nested_virtualization(uvm_booted):
LOWtests/integration_tests/style/test_repo.py15def test_repo_no_spaces_in_paths():
LOWtests/integration_tests/style/test_repo.py39def test_repo_validate_changelog():
LOWtests/integration_tests/style/test_markdown.py25def test_markdown_internal_links():
LOWtests/integration_tests/performance/test_boottime.py70def get_systemd_analyze_times(microvm):
LOWtests/integration_tests/performance/test_boottime.py101def launch_vm_with_boot_timer(
LOW…s/integration_tests/performance/test_hotplug_memory.py255def test_virtio_mem_hotplug_hotunplug(uvm_any_memhp):
LOW…s/integration_tests/performance/test_hotplug_memory.py313def test_snapshot_restore_persistence(uvm, microvm_factory, snapshot_type):
LOW…s/integration_tests/performance/test_hotplug_memory.py353def test_snapshot_restore_incremental(uvm, microvm_factory, snapshot_type):
LOW…s/integration_tests/performance/test_hotplug_memory.py474def test_memory_hotplug_latency(
LOWtests/integration_tests/performance/test_block.py160def test_block_vhost_user_performance(
LOWtests/integration_tests/performance/test_vsock.py99def consume_vsock_ping_output(ping_output):
LOWtests/integration_tests/performance/test_initrd.py27def test_microvm_initrd_with_serial(uvm_with_initrd, huge_pages):
LOWtests/integration_tests/performance/test_network.py98def test_network_tcp_throughput(
LOW…tegration_tests/performance/test_vhost_user_metrics.py16def test_vhost_user_block_metrics(uvm, vcpu_count, metrics):
LOWtests/integration_tests/performance/test_steal_time.py21def test_pvtime_steal_time_increases(uvm):
LOW…sts/integration_tests/performance/test_rate_limiter.py97def test_rx_rate_limiting_cpu_load(uvm):
LOW…sts/integration_tests/performance/test_rate_limiter.py235def _check_tx_rate_limit_patch(test_microvm):
LOW…sts/integration_tests/performance/test_rate_limiter.py261def _check_rx_rate_limit_patch(test_microvm):
LOW…sts/integration_tests/performance/test_rate_limiter.py337def _start_iperf_server_on_guest(test_microvm):
LOW…sts/integration_tests/performance/test_rate_limiter.py354def _start_iperf_server_on_host(netns_cmd_prefix):
LOWtests/integration_tests/performance/test_snapshot.py151def test_post_restore_latency(
LOWtests/integration_tests/performance/test_snapshot.py264def test_snapshot_create_latency(
LOWtests/integration_tests/performance/test_pmem.py155def emit_fio_single_read_metrics(logs_dir, metrics):
LOWtests/integration_tests/performance/test_balloon.py51def test_hinting_reporting_cpu(
LOWtests/integration_tests/performance/test_balloon.py131def test_hinting_fault_latency(
LOW…gration_tests/performance/test_process_startup_time.py19def test_startup_time_new_pid_ns(microvm_factory, guest_kernel, rootfs, metrics):
LOW…gration_tests/performance/test_process_startup_time.py31def test_startup_time_daemonize(microvm_factory, guest_kernel, rootfs, metrics):
LOW…gration_tests/performance/test_process_startup_time.py42def test_startup_time_custom_seccomp(microvm_factory, guest_kernel, rootfs, metrics):
LOWtests/integration_tests/functional/test_rng.py69def assert_virtio_rng_is_current_hwrng_device(ssh_connection: SSHConnection):
131 more matches not shown…
Self-Referential Comments18 hits · 54 pts
SeverityFileLineSnippet
MEDIUMtools/release-tag.sh12# Create a tag for the specified release.
MEDIUMresources/rebuild.sh130 # Create a temporary branch where we can apply patches and then
MEDIUMresources/rebuild.sh305 # Create the directory in which we will store the kernels and rootfs
MEDIUMtests/integration_tests/security/test_jail.py487 # Create the parent cgroup.
MEDIUMtests/integration_tests/performance/test_vsock.py138 # Create a vsock device
MEDIUM…/integration_tests/functional/test_net_config_space.py32 # Create the control ssh connection.
MEDIUM…/integration_tests/functional/test_drive_vhost_user.py53 # Create a rw rootfs file that is unique to the microVM
MEDIUM…/integration_tests/functional/test_drive_vhost_user.py180 # Create a rw rootfs file that is unique to the microVM
MEDIUM…/integration_tests/functional/test_drive_vhost_user.py236 # Create a rootfs with partuuid unique to this microVM
MEDIUMtests/integration_tests/functional/test_vsock.py279 # Create a socat process in the guest which will connect to the host socat
MEDIUM…sts/functional/test_snapshot_not_losing_dirty_pages.py51 # Create a large file dynamically based on available space
MEDIUMtests/integration_tests/functional/test_api.py972 # Create a vsock device.
MEDIUMtests/integration_tests/functional/test_api.py1004 # Create a new entropy device should be OK.
MEDIUM…ts/integration_tests/functional/test_snapshot_basic.py158 # Create a snapshot from a microvm.
MEDIUMtests/framework/utils.py310 # Create the async process
MEDIUMtests/framework/microvm.py238 # Create the jailer context associated with this microvm.
MEDIUMtests/host_tools/udp_offload.py37 # Create a UDP socket
MEDIUMtests/host_tools/network.py276 # Create the tap device tap0 directly in the network namespace to avoid
Cross-Language Confusion5 hits · 25 pts
SeverityFileLineSnippet
HIGHtests/integration_tests/security/test_sec_audit.py39 "cargo install --locked cargo-audit && cargo audit --deny warnings -q --json",
HIGH…/integration_tests/functional/test_drive_vhost_user.py305 mkfs_mount_cmd = "mkfs.ext4 /dev/vdb && mkdir -p /tmp/tmp && mount /dev/vdb /tmp/tmp && umount /tmp/tmp"
HIGHtests/framework/utils.py537 cmd = "cd ../src/firecracker && cargo pkgid | cut -d# -f2 | cut -d: -f2"
HIGH.buildkite/pipeline_release_qa.py69 "| jq '(..|select(.priority? != null).priority) += 100' "
HIGH.buildkite/pipeline_pr.py39 "./tools/devtool -y build_devctr && DEVCTR_IMAGE_TAG=latest ./tools/devtool test --no-build -- integration_tests
Deep Nesting21 hits · 21 pts
SeverityFileLineSnippet
LOWtools/ab_plot.py106
LOWtools/ab_plot.py184
LOWtests/conftest.py377
LOW…ts/integration_tests/security/test_seccomp_validate.py29
LOWtests/integration_tests/functional/test_vsock.py389
LOW…tegration_tests/functional/test_cpu_features_x86_64.py449
LOW…tegration_tests/functional/test_cpu_features_x86_64.py704
LOWtests/framework/swagger_validator.py52
LOWtests/framework/swagger_validator.py156
LOWtests/framework/gitlint_rules.py24
LOWtests/framework/guest_stats.py62
LOWtests/framework/jailer.py85
LOWtests/framework/jailer.py180
LOWtests/framework/utils.py378
LOWtests/framework/microvm.py591
LOWtests/framework/static_analysis.py441
LOWtests/framework/utils_cpuid.py103
LOWtests/host_tools/fcmetrics.py28
LOWtests/host_tools/fcmetrics.py437
LOW.buildkite/pipeline_perf.py176
LOW.buildkite/common.py305
Decorative Section Separators6 hits · 21 pts
SeverityFileLineSnippet
MEDIUMtests/conftest.py537# =============================================================================
MEDIUMtests/conftest.py539# =============================================================================
MEDIUM…sts/integration_tests/security/test_vulnerabilities.py141 # =============================
MEDIUM…sts/integration_tests/security/test_vulnerabilities.py144 # --------------------------------------------
MEDIUMsrc/vmm/src/logger/rate_limited.rs16//! ┌───────────────────┬────────────────────────────────────────┐
MEDIUMsrc/vmm/src/logger/rate_limited.rs18//! └───────────────────┴────────────────────────────────────────┘
Hallucination Indicators2 hits · 20 pts
SeverityFileLineSnippet
CRITICALsrc/vmm/src/devices/virtio/transport/pci/device.rs576 let bar_offset: u32 = self.cap_pci_cfg_info.cap.cap.offset.into();
CRITICALsrc/vmm/src/devices/virtio/transport/pci/device.rs601 let bar_offset: u32 = self.cap_pci_cfg_info.cap.cap.offset.into();
Redundant / Tautological Comments11 hits · 16 pts
SeverityFileLineSnippet
LOWtools/ab_plot.py208 # Check if difference is significant
LOWtests/integration_tests/performance/test_huge_pages.py161 # Verify if guest can run commands, and also wake up the fast page fault helper to trigger page faults.
LOWtests/integration_tests/functional/test_net.py55 # Check if the high ingress traffic broke the net interface.
LOWtests/integration_tests/functional/test_metrics.py53 # Verify if guest can run commands.
LOWtests/integration_tests/functional/test_error_code.py35 # Check if FC process is closed
LOWtests/integration_tests/functional/test_max_devices.py54 # Verify if guest can run commands.
LOWtests/integration_tests/functional/test_uffd.py101 # Verify if the restored guest works.
LOWtests/integration_tests/functional/test_uffd.py107 # Verify if the restored guest works.
LOWtests/integration_tests/functional/test_drive_virtio.py49 # Check if reading from the entire disk results in a file of the same size
LOWtests/integration_tests/functional/test_serial_io.py180 # Check if the total memory size changed.
LOWtests/framework/swagger_validator.py176 # Check if it's a parameter placeholder or exact match
Excessive Try-Catch Wrapping11 hits · 12 pts
SeverityFileLineSnippet
LOWtests/framework/properties.py123 except Exception:
LOWtests/framework/utils_vsock.py54 except Exception as err:
LOWtests/framework/http_api.py65 except Exception as e:
LOWtests/framework/http_api.py93 except Exception as e:
LOWtests/framework/http_api.py109 except Exception as e:
LOWtests/framework/utils.py74 except Exception as exc:
LOWtests/framework/utils.py83 except Exception as exc:
MEDIUMtests/host_tools/udp_offload.py57 eprint(f"Error sending message: {e}")
LOWtests/host_tools/network.py59 except Exception as exc:
LOWtests/host_tools/network.py149 except Exception:
LOWtests/host_tools/network.py225 except Exception as exc:
AI Slop Vocabulary4 hits · 10 pts
SeverityFileLineSnippet
LOW…ts/integration_tests/security/test_seccomp_validate.py79 # We just add 1000000 to the allowed arg and assume it
MEDIUM.github/codecov.yml2 # We utilize optional statuses that are okay to fail, so
MEDIUMsrc/vmm/src/vstate/vm.rs734 // TODO: Once Host 5.10 goes out of support, we can make this more robust and work on
MEDIUMsrc/firecracker/examples/uffd/uffd_utils.rs80 // happening, but let's try to be a bit more robust and retry a few times
Fake / Example Data6 hits · 8 pts
SeverityFileLineSnippet
LOWtests/data/metadata.json3 "meta-data": "Lorem ipsum dolor sit amet, consectetur adipiscing elit",
LOWtests/data/metadata.json3 "meta-data": "Lorem ipsum dolor sit amet, consectetur adipiscing elit",
LOWtests/data/metadata.json7 "meta-data": "Lorem ipsum dolor sit amet"
LOWtests/data/metadata.json7 "meta-data": "Lorem ipsum dolor sit amet"
LOWtests/data/metadata_invalid.json3 "meta-data": "Lorem ipsum dolor sit amet, consectetur adipiscing elit",
LOWtests/data/metadata_invalid.json3 "meta-data": "Lorem ipsum dolor sit amet, consectetur adipiscing elit",
Slop Phrases3 hits · 8 pts
SeverityFileLineSnippet
MEDIUMtests/pyproject.toml29# to run only the similarities checker, you can use "--disable=all
LOWsrc/vmm/src/devices/virtio/balloon/util.rs62 // Don't forget to push the last range to the result.
MEDIUMsrc/firecracker/src/main.rs134 // It's worth noting that the abort is caused by sending a SIG_ABORT signal to the process.
Verbosity Indicators1 hit · 2 pts
SeverityFileLineSnippet
LOWsrc/vmm/src/devices/virtio/queue.rs991 // With firecracker's batching of used IRQs, we need to check if addition of the last