Startsida Utforska Hjälp
Registrera dig Logga in
PSG
/
civetweb
spegling av https://github.com/civetweb/civetweb.git
5
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

Fix static analysis findings

We (devolo AG) have rather strict requirements about source code
passing static analysis (among other things, we require a good
deal of SEI CERT compliance). This PR eliminates the following
findings:

```
civetweb/src/civetweb.c:5942:22: warning: pointer parameter 'stop_flag' can be pointer to const [readability-non-const-parameter]
civetweb/src/civetweb.c:6172:13: warning: 'atof' used to convert a string to a floating-point value, but function will not report conversion errors; consider using 'strtod' instead [cert-err34-c]
civetweb/src/civetweb.c:6440:13: warning: 'atof' used to convert a string to a floating-point value, but function will not report conversion errors; consider using 'strtod' instead [cert-err34-c]
civetweb/src/civetweb.c:10816:21: warning: 'atof' used to convert a string to a floating-point value, but function will not report conversion errors; consider using 'strtod' instead [cert-err34-c]
civetweb/src/civetweb.c:10819:7: warning: 'atof' used to convert a string to a floating-point value, but function will not report conversion errors; consider using 'strtod' instead [cert-err34-c]
civetweb/src/civetweb.c:10824:8: warning: 'atof' used to convert a string to a floating-point value, but function will not report conversion errors; consider using 'strtod' instead [cert-err34-c]
civetweb/src/civetweb.c:13264:19: warning: redundant cast to the same type [google-readability-casting]
civetweb/src/civetweb.c:13506:12: warning: redundant 'mg_construct_local_link' declaration [readability-redundant-declaration]
civetweb/src/civetweb.c:14068:2: warning: Value stored to 'uri_len' is never read [clang-analyzer-deadcode.DeadStores]
civetweb/src/civetweb.c:18110:40: warning: pointer parameter 'error_buffer' can be pointer to const [readability-non-const-parameter]
civetweb/src/md5.inl:288:6: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:288:30: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:289:2: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:315:6: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:315:30: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:316:2: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:342:6: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:342:30: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:343:2: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:369:6: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:369:30: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
civetweb/src/md5.inl:370:2: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
```

In addition, some uses of `sscanf` were flagged as `NOLINT` (=exclude
from static analysis). Eventually these should also be reworked.

Static analysis was performed with clang-tidy 12.0.0.
Wolfram Rösler 4 år sedan
förälder
a82f2b8056
incheckning
c6eb8f9104
2 ändrade filer med 23 tillägg och 32 borttagningar
Delad Vy Visa Diff Statistik
  1. 15 24
      src/civetweb.c
  2. 8 8
      src/md5.inl

+ 15 - 24
src/civetweb.c
Visa fil 

@@ -5906,7 +5906,7 @@ static int
 
 mg_poll(struct mg_pollfd *pfd,
 
         unsigned int n,
 
         int milliseconds,
 
-        stop_flag_t *stop_flag)
 
+        const stop_flag_t *stop_flag)
 
 {
 
 	/* Call poll, but only for a maximum time of a few seconds.
 
 	 * This will allow to stop the server after some seconds, instead
 
@@ -6149,7 +6149,7 @@ push_all(struct mg_context *ctx,
 
 		timeout = atoi(ctx->dd.config[REQUEST_TIMEOUT]) / 1000.0;
 
 	}
 
 	if (timeout <= 0.0) {
 
-		timeout = atof(config_options[REQUEST_TIMEOUT].default_value) / 1000.0;
 
+		timeout = strtod(config_options[REQUEST_TIMEOUT].default_value, NULL) / 1000.0;
 
 	}
 
 
 	while ((len > 0) && STOP_FLAG_IS_ZERO(&ctx->stop_flag)) {
 
@@ -6417,7 +6417,7 @@ pull_all(FILE *fp, struct mg_connection *conn, char *buf, int len)
 
 		timeout = atoi(conn->dom_ctx->config[REQUEST_TIMEOUT]) / 1000.0;
 
 	}
 
 	if (timeout <= 0.0) {
 
-		timeout = atof(config_options[REQUEST_TIMEOUT].default_value) / 1000.0;
 
+		timeout = strtod(config_options[REQUEST_TIMEOUT].default_value, NULL) / 1000.0;
 
 	}
 
 	start_time = mg_get_current_time_ns();
 
 	timeout_ns = (uint64_t)(timeout * 1.0E9);
 
@@ -9827,7 +9827,7 @@ send_file_data(struct mg_connection *conn,
 
 static int
 
 parse_range_header(const char *header, int64_t *a, int64_t *b)
 
 {
 
-	return sscanf(header, "bytes=%" INT64_FMT "-%" INT64_FMT, a, b);
 
+	return sscanf(header, "bytes=%" INT64_FMT "-%" INT64_FMT, a, b); // NOLINT(cert-err34-c) 'sscanf' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead
 
 }
 
 
 
@@ -10792,15 +10792,15 @@ read_message(FILE *fp,
 
 
 	if (conn->dom_ctx->config[REQUEST_TIMEOUT]) {
 
 		/* value of request_timeout is in seconds, config in milliseconds */
 
-		request_timeout = atof(conn->dom_ctx->config[REQUEST_TIMEOUT]) / 1000.0;
 
+		request_timeout = strtod(conn->dom_ctx->config[REQUEST_TIMEOUT], NULL) / 1000.0;
 
 	} else {
 
 		request_timeout =
 
-		    atof(config_options[REQUEST_TIMEOUT].default_value) / 1000.0;
 
+		    strtod(config_options[REQUEST_TIMEOUT].default_value, NULL) / 1000.0;
 
 	}
 
 	if (conn->handled_requests > 0) {
 
 		if (conn->dom_ctx->config[KEEP_ALIVE_TIMEOUT]) {
 
 			request_timeout =
 
-			    atof(conn->dom_ctx->config[KEEP_ALIVE_TIMEOUT]) / 1000.0;
 
+			    strtod(conn->dom_ctx->config[KEEP_ALIVE_TIMEOUT], NULL) / 1000.0;
 
 		}
 
 	}
 
 
@@ -13231,9 +13231,9 @@ parse_match_net(const struct vec *vec, const union usa *sa, int no_strict)
 
 	int n;
 
 	unsigned int a, b, c, d, slash;
 
 
-	if (sscanf(vec->ptr, "%u.%u.%u.%u/%u%n", &a, &b, &c, &d, &slash, &n) != 5) {
 
+	if (sscanf(vec->ptr, "%u.%u.%u.%u/%u%n", &a, &b, &c, &d, &slash, &n) != 5) { // NOLINT(cert-err34-c) 'sscanf' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead
 
 		slash = 32;
 
-		if (sscanf(vec->ptr, "%u.%u.%u.%u%n", &a, &b, &c, &d, &n) != 4) {
 
+		if (sscanf(vec->ptr, "%u.%u.%u.%u%n", &a, &b, &c, &d, &n) != 4) { // NOLINT(cert-err34-c) 'sscanf' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead
 
 			n = 0;
 
 		}
 
 	}
 
@@ -13242,7 +13242,7 @@ parse_match_net(const struct vec *vec, const union usa *sa, int no_strict)
 
 		if ((a < 256) && (b < 256) && (c < 256) && (d < 256) && (slash < 33)) {
 
 			/* IPv4 format */
 
 			if (sa->sa.sa_family == AF_INET) {
 
-				uint32_t ip = (uint32_t)ntohl(sa->sin.sin_addr.s_addr);
 
+				uint32_t ip = ntohl(sa->sin.sin_addr.s_addr);
 
 				uint32_t net = ((uint32_t)a << 24) | ((uint32_t)b << 16)
 
 				               | ((uint32_t)c << 8) | (uint32_t)d;
 
 				uint32_t mask = slash ? (0xFFFFFFFFu << (32 - slash)) : 0;
 
@@ -13338,7 +13338,7 @@ set_throttle(const char *spec, const union usa *rsa, const char *uri)
 
 
 	while ((spec = next_option(spec, &vec, &val)) != NULL) {
 
 		mult = ',';
 
-		if ((val.ptr == NULL) || (sscanf(val.ptr, "%lf%c", &v, &mult) < 1)
 
+		if ((val.ptr == NULL) || (sscanf(val.ptr, "%lf%c", &v, &mult) < 1) // NOLINT(cert-err34-c) 'sscanf' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead
 
 		    || (v < 0)
 
 		    || ((lowercase(&mult) != 'k') && (lowercase(&mult) != 'm')
 
 		        && (mult != ','))) {
 
@@ -13484,14 +13484,6 @@ switch_domain_context(struct mg_connection *conn)
 
 }
 
 
 
-static int mg_construct_local_link(const struct mg_connection *conn,
 
-                                   char *buf,
 
-                                   size_t buflen,
 
-                                   const char *define_proto,
 
-                                   int define_port,
 
-                                   const char *define_uri);
 
-
 
-
 
 static void
 
 redirect_to_https_port(struct mg_connection *conn, int port)
 
 {
 
@@ -14046,7 +14038,6 @@ handle_request(struct mg_connection *conn)
 
 	ri->local_uri = tmp;
 
 
 	/* step 1. completed, the url is known now */
 
-	uri_len = (int)strlen(ri->local_uri);
 
 	DEBUG_TRACE("URL: %s", ri->local_uri);
 
 
 	/* 2. if this ip has limited speed, set it for this connection */
 
@@ -14686,7 +14677,7 @@ parse_port_string(const struct vec *vec, struct socket *so, int *ip_version)
 
 	len = 0;
 
 
 	/* Test for different ways to format this string */
 
-	if (sscanf(vec->ptr, "%u.%u.%u.%u:%u%n", &a, &b, &c, &d, &port, &len)
 
+	if (sscanf(vec->ptr, "%u.%u.%u.%u:%u%n", &a, &b, &c, &d, &port, &len) // NOLINT(cert-err34-c) 'sscanf' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead
 
 	    == 5) {
 
 		/* Bind to a specific IPv4 address, e.g. 192.168.1.5:8080 */
 
 		so->lsa.sin.sin_addr.s_addr =
 
@@ -14707,7 +14698,7 @@ parse_port_string(const struct vec *vec, struct socket *so, int *ip_version)
 
 #endif
 
 
 	} else if ((vec->ptr[0] == '+')
 
-	           && (sscanf(vec->ptr + 1, "%u%n", &port, &len) == 1)) {
 
+	           && (sscanf(vec->ptr + 1, "%u%n", &port, &len) == 1)) { // NOLINT(cert-err34-c) 'sscanf' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead
 
 
 		/* Port is specified with a +, bind to IPv6 and IPv4, INADDR_ANY */
 
 		/* Add 1 to len for the + character we skipped before */
 
@@ -14755,7 +14746,7 @@ parse_port_string(const struct vec *vec, struct socket *so, int *ip_version)
 
 
 		if (mg_inet_pton(
 
 		        AF_INET, hostname, &so->lsa.sin, sizeof(so->lsa.sin), 1)) {
 
-			if (sscanf(cb + 1, "%u%n", &port, &len) == 1) {
 
+			if (sscanf(cb + 1, "%u%n", &port, &len) == 1) { // NOLINT(cert-err34-c) 'sscanf' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead
 
 				*ip_version = 4;
 
 				so->lsa.sin.sin_port = htons((uint16_t)port);
 
 				len += (int)(hostnlen + 1);
 
@@ -18089,7 +18080,7 @@ websocket_client_thread(void *data)
 
 static struct mg_connection *
 
 mg_connect_websocket_client_impl(const struct mg_client_options *client_options,
 
                                  int use_ssl,
 
-                                 char *error_buffer,
 
+                                 const char *error_buffer,
 
                                  size_t error_buffer_size,
 
                                  const char *path,
 
                                  const char *origin,

+ 8 - 8
src/md5.inl
Visa fil 

@@ -285,8 +285,8 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 
    a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */
 
 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
 
 #define SET(a, b, c, d, k, s, Ti)                                              \
 
-	t = a + F(b, c, d) + X[k] + Ti;                                            \
 
-	a = ROTATE_LEFT(t, s) + b
 
+	t = (a) + F(b, c, d) + X[k] + (Ti);                                        \
 
+	(a) = ROTATE_LEFT(t, s) + (b)
 
 
 	/* Do the following 16 operations. */
 
 	SET(a, b, c, d, 0, 7, T1);
 
@@ -312,8 +312,8 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 
 	 a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */
 
 #define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
 
 #define SET(a, b, c, d, k, s, Ti)                                              \
 
-	t = a + G(b, c, d) + X[k] + Ti;                                            \
 
-	a = ROTATE_LEFT(t, s) + b
 
+	t = (a) + G(b, c, d) + X[k] + (Ti);                                        \
 
+	(a) = ROTATE_LEFT(t, s) + (b)
 
 
 	/* Do the following 16 operations. */
 
 	SET(a, b, c, d, 1, 5, T17);
 
@@ -339,8 +339,8 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 
 	 a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */
 
 #define H(x, y, z) ((x) ^ (y) ^ (z))
 
 #define SET(a, b, c, d, k, s, Ti)                                              \
 
-	t = a + H(b, c, d) + X[k] + Ti;                                            \
 
-	a = ROTATE_LEFT(t, s) + b
 
+	t = (a) + H(b, c, d) + X[k] + (Ti);                                        \
 
+	(a) = ROTATE_LEFT(t, s) + b
 
 
 	/* Do the following 16 operations. */
 
 	SET(a, b, c, d, 5, 4, T33);
 
@@ -366,8 +366,8 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 
 	 a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */
 
 #define I(x, y, z) ((y) ^ ((x) | ~(z)))
 
 #define SET(a, b, c, d, k, s, Ti)                                              \
 
-	t = a + I(b, c, d) + X[k] + Ti;                                            \
 
-	a = ROTATE_LEFT(t, s) + b
 
+	t = (a) + I(b, c, d) + X[k] + (Ti);                                        \
 
+	(a) = ROTATE_LEFT(t, s) + (b)
 
 
 	/* Do the following 16 operations. */
 
 	SET(a, b, c, d, 0, 6, T49);