coverity

Race condition with stat and mkdir in sequence

[亡魂溺海] 提交于 2019-12-24 06:51:25
问题 Coverity complains of . toctou: Calling function mkdir that uses DIR after a check function. This can cause a time-of-check, time-of-use race condition if (stat(DIR, &st) != 0) { if (mkdir(DIR, 0755) < 0) { return ERROR; } } Is it good enough to change the code to ,I was using stat only for file exist check if (mkdir(NDUID_DIR, 0755) < 0) { if(errno != EEXIST) { return ERROR; } } Is there a better way to fix the code? 回答1: Both of your snippets appear to be incorrect and/or incomplete. On

Tainted string in C

不想你离开。 提交于 2019-12-19 19:53:02
问题 I'm running Coverity tool in my file operation function and getting the following error. As you can see below, I'm using an snprintf() before passing this variable in question to the line number shown in the error message. I guess that some sanitization of the string has to be done as a part of that snprintf(). But still the warning is shown. Error:TAINTED_STRING (TAINTED string "fn" was passed to a tainted string sink content.) [coverity] char fn[100]; int id = 0; char* id_str = getenv("ID")

How do I ignore /usr/include in Coverity Scan?

余生颓废 提交于 2019-12-12 19:51:05
问题 I've set up a project to use Coverity Scan. Under Analysis Settings→Project Components I have Component name Pattern Ignore in analysis cxxopts .*/src/cxxopts.hpp Yes STL /usr/include/c++/.* Yes but still when I go to View defects I see 9 issues, all from files like /usr/include/c++/5.4.1/functional . How do I actually exclude them? Confusingly, the Overview tab shows 12 Total defects 2 Outstanding 7 Dismissed 3 Fixed even though View defects shows 9 issues (is that the 7+2? Why are some

Run Coverity scan for every Travis pull request build

試著忘記壹切 提交于 2019-12-12 07:27:30
问题 I want to automate student assignment grading system as much as possible. Ideally these steps will be taken when submitting the assignment. Student forks my Github repository and modifies files Student pushes the local code to his repository and creates pull request Travis CI detects pull request and run Pull Request build If code builds successfully, Coverity runs static code analysis for the pull request Student gets build status from the Github pull request page I've successfully set

Does Coverity have Rest API

∥☆過路亽.° 提交于 2019-12-12 06:16:46
问题 I want to store results from Coverity® to InfluxDB and I was wondering does Coverity have REST API? 回答1: If you're only trying to dump data to InfluxDB, you can curl data from REST API and insert resulting json to the database. I do something similar, but in CSV format. Create a view in coverity 'Issues: By Snapshot' that contains all your defects. Curl data from coverity view json format curl --user <userid>:<password> "http://<coverity_url>/api/viewContents/issues/v1/<View Name>?projectId=

C++ : Coverity reports leaks for peculiar use of references and containers

末鹿安然 提交于 2019-12-11 12:11:20
问题 Coverity reports leaks for the following code. I would like some help understanding the errors and to re-write this code to be error free. ( The errors are annotated as comments in the code below ) int main() { ... B* b = ... // (1) Coverity: Storage is returned from // allocation function operator new // (2) Coverity: Assigning ... A* a = new A(); // (3) Coverity: noescape: Resource a is not freed // or pointed-to in add_a_to_b b->add_a_to_b( *a ); ... // (4) Coverity: Resource leak:

Coverity Scan fails to build <stdlib.h> with _GNU_SOURCE defined

情到浓时终转凉″ 提交于 2019-12-07 11:41:47
问题 The Coverity Scan Build Tool fails to compile any C file that includes <stdlib.h> on Ubuntu 18.04 when _GNU_SOURCE is defined: $ cat > main.c #include <stdlib.h> int main() { } $ $ gcc -D_GNU_SOURCE=1 -o main main.c $ $ /opt/cov-analysis/bin/cov-build --dir cov-int gcc -D_GNU_SOURCE=1 -o main main.c Coverity Build Capture (64-bit) version 2017.07 on Linux 4.15.0-20-generic x86_64 ... [WARNING] Emitted 0 C/C++ compilation units (0%) successfully ... $ The same build works perfectly on Ubuntu

how to remove a project from coverity-scan

删除回忆录丶 提交于 2019-12-06 06:23:41
I've registered a project with coverity-scan in the past. I would now like to remove that project from coverity-scan (or at least from my dashboard; but preferrably i'd like to remove the project entirely). I'm stuck as there seems to be no such option in the web-interface. am i missing something? You can't. I've just asked Coverity's support to delete one and got the reply: We generally do not delete projects from SCAN as we keep aggregate metrics on the projects. There's a "Delete Your Project" button in the very bottom of "Project Settings" page. 来源: https://stackoverflow.com/questions

Can't get Coverity Scan to work (Java/Kotlin/Gradle 3.3 on Windows and Travis)

折月煮酒 提交于 2019-12-05 05:00:54
UPDATE: See the solution in Caleb's answer I am trying really hard to make Coverity work for my build, but so far with little success. First the details: My project is run of the mill java library (no web or fancy containers), very few compile-only dependencies, built using Gradle The production code is written in Java and Kotlin The complete project is available on github: https://github.com/ddimtirov/nuggets And on Coverity Scan: https://scan.coverity.com/projects/ddimtirov-nuggets?tab=project_settings My development environment is Windows 10, Java 1.8.0_92, Gradle 3.3, CMD shell (though I

TravisCI / Coverity: Warning - No files were emitted

巧了我就是萌 提交于 2019-12-05 02:33:10
问题 I have a medium size github repository for which I configured Travis-CI/Coverity tools. About a month ago my setup had worked just fine: Travis compiled and built my application, and then performed the Coverity scan and I could see the results on my Coverity page. However, lately, the Coverity analysis stopped working. I looked through the Travis log files and compared to the old logs when the builds were successful and that's what I found: At the end of the log, the failed version contains
订阅 coverity