Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The unit tests for PR #273 #274

Closed
wants to merge 2 commits into from
Closed

The unit tests for PR #273 #274

wants to merge 2 commits into from

Conversation

henrybear327
Copy link
Collaborator

This PR ported the unit tests for path sanitation from the Golang library.

Reference: https://cs.opensource.google/go/go/+/refs/tags/go1.21.4:src/path/path_test.go

@henrybear327 henrybear327 force-pushed the feat/elf_path_check_unit_test branch from 5fb08f1 to 7aa3835 Compare November 22, 2023 23:06
@henrybear327 henrybear327 requested a review from jserv November 22, 2023 23:06
@henrybear327
Copy link
Collaborator Author

henrybear327 commented Nov 22, 2023
edited
Loading

Issues:

  • I am not certain how we should be including unit tests in the rv32emu codebase
  • The current diff is messy, as the base PR Implement file path sanitation #273 can't be used as the base commit for this PR

@henrybear327 henrybear327 self-assigned this Nov 22, 2023
@henrybear327 henrybear327 force-pushed the feat/elf_path_check_unit_test branch from 7aa3835 to 110bf20 Compare November 22, 2023 23:09
@henrybear327 henrybear327 force-pushed the feat/elf_path_check_unit_test branch from 110bf20 to 02238fa Compare November 22, 2023 23:11
@henrybear327 henrybear327 mentioned this pull request Nov 22, 2023
Merged
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2023
View reviewed changes
src/utils.c

char *sanitize_path(const char *orig_path)
{
size_t n = strlen(orig_path);

Check notice

Code scanning / Flawfinder (reported by Codacy)

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Note

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2023
View reviewed changes
src/utils.c
size_t n = strlen(orig_path);

char *ret = (char *) malloc(n + 1);
memset(ret, '\0', n + 1);

Check warning

Code scanning / Semgrep (reported by Codacy)

When handling sensitive information in a buffer, it's important to ensure that the data is securely erased before the buffer is deleted or reused. Warning

When handling sensitive information in a buffer, it's important to ensure that the data is securely erased before the buffer is deleted or reused.
src/utils.c

char *sanitize_path(const char *orig_path)
{
size_t n = strlen(orig_path);

Check warning

Code scanning / Semgrep (reported by Codacy)

The strlen family of functions does not handle strings that are not null terminated. This can lead to buffer over reads and cause the application to crash by accessing unintended memory locations. It is recommended that strnlen be used instead as a maxlen value can be provided. For more information please see: https://linux.die.net/man/3/strnlen If developing for C Runtime Library (CRT), more secure versions of these functions should be used, see: https://learn.microsoft.com/en-us/cpp/c- Warning

The strlen family of functions does not handle strings that are not null
terminated. This can lead to buffer over reads and cause the application to
crash by accessing unintended memory locations. It is recommended that strnlen
be used instead as a maxlen value can be provided. For more information please see: https://linux.die.net/man/3/strnlen If developing for C Runtime Library (CRT), more secure versions of these functions should be
used, see:
https://learn.microsoft.com/en-us/cpp/c-
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2023
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cppcheck (reported by Codacy) found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

@jserv
Copy link
Contributor

jserv commented Nov 23, 2023

Close in favor of #273

@jserv jserv closed this Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jserv jserv Awaiting requested review from jserv

Assignees

@henrybear327 henrybear327

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@henrybear327 @jserv