Tainted string in C

Question

I\'m running Coverity tool in my file operation function and getting the following error.

As you can see below, I\'m using an snprintf() before passing this variable

Answer 1

Error:TAINTED_STRING is warning that (as far as Coverity can tell) some aspect of the behaviour is influenced by some external input and that the external input is not examined for 'safeness' before it influences execution.

In this particular example it would appear that Coverity is wrong because the value of LOG_FILE is "/log/test%d.log" and is used with an int in the snprintf, meaning that the content of char fn[100] is always well defined.

So a reasonable course of action would be to mark the error as a non-issue so that it is ignored on future runs.

Answer 2

Try the following:

char* id_str = getenv("ID");
if (id_str) {
   id_str = strdup(id_str);
   id = atoi(id_str);
   free( id_str );
}

The fn string passed to fopen is tainted by an environment variable. Using strdup may act as "sanitizing".

Answer 3

Coverity wants to make sure you sanitize any string which is coming from outside of your program, be it getenv, argv, or from some file read.

You may have a function to sanitize the input(Tainted string) and have a comment provided by Coverty which tells Coverty that input string is sanitized and the SA warning will go away.

// coverity[ +tainted_string_sanitize_content : arg-0 ]
int sanitize_mystring(char* s) 
{
    // Do some string validation
    if validated()
        return SUCCESS;
    else
        return FAILED;
}

// coverity[ +tainted_string_sanitize_content : arg-0 ] is the line Coverty is looking

Hope this helps.