Resolves: RHEL-30424 - Addressing findings from static application security testing

ci.fmf

@@ -1,13 +1 @@
-/test:
+resultsdb-testcase: separate
-    summary:
-        CI plan, picks Tier1 tests, runs in beakerlib.
-    description:
-        This special plan has to be named ci.fmf to run in CI.
-        It selects test which have 'tier 1' in their main.fmf file
-    discover:
-      - name: tier1
-        how: fmf
-        filter: 'tier: 1'
-        url: "https://src.fedoraproject.org/tests/libmaxminddb.git"
-    execute:
-        how: beakerlib

gating.yaml

@@ -1,7 +1,27 @@
 --- !Policy
 product_versions:
-  - rhel-9
+  - fedora-*
+decision_context: bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional}
+
+#Rawhide
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_stable
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional}
+
+#gating rhel
+--- !Policy
+product_versions:
+  - rhel-*
 decision_context: osci_compose_gate
 rules:
   - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
   - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/public.functional}

libmaxminddb-0000-sast-findings.patch

@@ -0,0 +1,16 @@
+diff --git a/t/libtap/tap.c b/t/libtap/tap.c
+index 152e39e..8b4c325 100644
+--- a/t/libtap/tap.c
++++ b/t/libtap/tap.c
+@@ -214,8 +214,10 @@ diag (const char *fmt, ...) {
+     char *mesg, *line;
+     int i;
+     va_start(args, fmt);
+-    if (!fmt)
++    if (!fmt) {
++        va_end(args);
+         return 0;
++    }
+     mesg = vstrdupf(fmt, args);
+     line = mesg;
+     for (i = 0; *line; i++) {

libmaxminddb.spec

@@ -1,7 +1,7 @@
 Name:           libmaxminddb
 Summary:        C library for the MaxMind DB file format
 Version:        1.5.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 URL:            https://maxmind.github.io/libmaxminddb
 Source:         https://github.com/maxmind/libmaxminddb/releases/download/%{version}/%{name}-%{version}.tar.gz
 
@@ -16,6 +16,7 @@ BuildRequires:  libtool
 BuildRequires:  perl-interpreter
 BuildRequires:  perl(FindBin)
 BuildRequires:  make
+BuildRequires:  git-core
 
 %description
 The package contains libmaxminddb library.
@@ -29,7 +30,7 @@ The package contains development header files for the libmaxminddb library
 and the mmdblookup utility which allows IP address lookup in a MaxMind DB file.
 
 %prep
-%autosetup
+%autosetup -S git
 sed -i -e '/AM_CFLAGS=/d' common.mk
 sed -i -e '/CFLAGS=/d' configure.ac
 
@@ -77,6 +78,9 @@ EOF
 %{_mandir}/man3/*.3*
 
 %changelog
+* Mon Apr 29 2024 Michal Ruprich <mruprich@redhat.com> - 1.5.2-4
+- Resolves: RHEL-30424 - Addressing findings from static application security testing
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.2-3
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688

plans/public.fmf

@@ -0,0 +1,6 @@
+summary: Test plan with all Fedora tests
+discover:
+       how: fmf
+       url: https://src.fedoraproject.org/tests/libmaxminddb.git
+execute:
+       how: tmt

plans/tier1-internal.fmf

@@ -0,0 +1,12 @@
+summary: CI plan, picks internal Tier1 tests, runs in beakerlib.
+discover:
+  - name: rhel
+    how: fmf
+    filter: 'tier: 1'
+    url: git://pkgs.devel.redhat.com/tests/libmaxminddb
+execute:
+    how: tmt 
+adjust:
+    enabled: false
+    when: distro == centos-stream, fedora
+    because: They don't have access to internal repos.