From d115829db7c2749be42a4e0498407127a15e96e9 Mon Sep 17 00:00:00 2001 From: agievich Date: Fri, 14 Jun 2024 22:19:52 +0300 Subject: [PATCH] Declare strIsValid() a sanitizer for Coverity --- cmd/core/cmd_pwd.c | 5 +++-- src/core/str.c | 7 ++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/cmd/core/cmd_pwd.c b/cmd/core/cmd_pwd.c index 127c18da..4e48d56c 100644 --- a/cmd/core/cmd_pwd.c +++ b/cmd/core/cmd_pwd.c @@ -138,8 +138,9 @@ static err_t cmdPwdReadPass(cmd_pwd_t* pwd, const char* cmdline) static const char* cmdEnvGet(const char* name) { - ASSERT(strIsValid(name)); - return getenv(name); + const char* val; + val = getenv(name); + return strIsValid(val) ? val : 0; } static err_t cmdPwdGenEnv(cmd_pwd_t* pwd, const char* cmdline) diff --git a/src/core/str.c b/src/core/str.c index 0d2af3f2..1b709c52 100644 --- a/src/core/str.c +++ b/src/core/str.c @@ -4,7 +4,7 @@ \brief Strings \project bee2 [cryptographic library] \created 2013.02.04 -\version 2023.09.18 +\version 2024.06.14 \copyright The Bee2 authors \license Licensed under the Apache License, Version 2.0 (see LICENSE.txt). ******************************************************************************* @@ -19,6 +19,10 @@ Характеристики / проверка \warning В strLen() нельзя вызывать strIsValid() -- будет рекурсия. + +\remark Комментарий перед функцией strIsValid() -- это декларация для +Coverity Scan о том, что функция является санитайзером строк +(https://community.synopsys.com/s/article/From-Case-Clearing-TAINTED-STRING). ******************************************************************************* */ @@ -33,6 +37,7 @@ size_t strLen2(const char* str, size_t count) return str ? strnlen(str, count) : SIZE_0; } +// coverity[ +tainted_string_sanitize_content : arg-0 ] bool_t strIsValid(const char* str) { return memIsValid(str, strLen(str) + (str ? 1 : 0));