-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The unit tests for PR #273 #274
The unit tests for PR #273 #274
Conversation
5fb08f1
to
7aa3835
Compare
Issues:
|
7aa3835
to
110bf20
Compare
The logic is ported from Golang to C. Reference code: https://cs.opensource.google/go/go/+/refs/tags/go1.21.4:src/path/path.go;l=70
110bf20
to
02238fa
Compare
|
||
char *sanitize_path(const char *orig_path) | ||
{ | ||
size_t n = strlen(orig_path); |
Check notice
Code scanning / Flawfinder (reported by Codacy)
Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Note
size_t n = strlen(orig_path); | ||
|
||
char *ret = (char *) malloc(n + 1); | ||
memset(ret, '\0', n + 1); |
Check warning
Code scanning / Semgrep (reported by Codacy)
When handling sensitive information in a buffer, it's important to ensure that the data is securely erased before the buffer is deleted or reused. Warning
|
||
char *sanitize_path(const char *orig_path) | ||
{ | ||
size_t n = strlen(orig_path); |
Check warning
Code scanning / Semgrep (reported by Codacy)
The strlen family of functions does not handle strings that are not null terminated. This can lead to buffer over reads and cause the application to crash by accessing unintended memory locations. It is recommended that strnlen be used instead as a maxlen value can be provided. For more information please see: https://linux.die.net/man/3/strnlen If developing for C Runtime Library (CRT), more secure versions of these functions should be used, see: https://learn.microsoft.com/en-us/cpp/c- Warning
terminated. This can lead to buffer over reads and cause the application to
crash by accessing unintended memory locations. It is recommended that strnlen
be used instead as a maxlen value can be provided. For more information please see: https://linux.die.net/man/3/strnlen If developing for C Runtime Library (CRT), more secure versions of these functions should be
used, see:
https://learn.microsoft.com/en-us/cpp/c-
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cppcheck (reported by Codacy) found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
Close in favor of #273 |
This PR ported the unit tests for path sanitation from the Golang library.
Reference: https://cs.opensource.google/go/go/+/refs/tags/go1.21.4:src/path/path_test.go