Fix coverity & test
- Fix coverity issues - Prevent fails of test_ds_misc.sh Resolves: rhbz#2041782
This commit is contained in:
Jan Černý
parent
f07ad354e3
commit
543039ae7b
|
|
@ -0,0 +1,104 @@
|
|||
From f141dfd0311ec2be4c4c27814d9d6693551cfd76 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Thu, 27 Jan 2022 15:00:33 +0100
|
||||
Subject: [PATCH 1/3] Fix shellcheck warning
|
||||
|
||||
Addressing:
|
||||
|
||||
Error: SHELLCHECK_WARNING (CWE-138): [#def1]
|
||||
/usr/libexec/oscap-remediate:110:12: error[SC2145]: Argument mixes string and array. Use * or separate argument.
|
||||
108| args+=( "--remediate" )
|
||||
109| args+=( "${OSCAP_REMEDIATE_DS}" )
|
||||
110|-> log "Args: ${args[@]}"
|
||||
111|
|
||||
112| # Now we are good to go
|
||||
---
|
||||
utils/oscap-remediate | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/utils/oscap-remediate b/utils/oscap-remediate
|
||||
index fc0b7715f..52e29aa66 100755
|
||||
--- a/utils/oscap-remediate
|
||||
+++ b/utils/oscap-remediate
|
||||
@@ -107,7 +107,7 @@ args+=( ${OSCAP_REMEDIATE_HTML_REPORT:+"--report=${OSCAP_REMEDIATE_HTML_REPORT}"
|
||||
args+=( "--progress-full" )
|
||||
args+=( "--remediate" )
|
||||
args+=( "${OSCAP_REMEDIATE_DS}" )
|
||||
-log "Args: ${args[@]}"
|
||||
+log "Args: ${args[*]}"
|
||||
|
||||
# Now we are good to go
|
||||
header="OpenSCAP is checking the system for compliance using"$'\n'"${profile_title}"$'\n\n'"Evaluating..."
|
||||
|
||||
From d3e7d5be1fcd55ef396de6070f877df0f2c2c58e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Thu, 27 Jan 2022 15:09:02 +0100
|
||||
Subject: [PATCH 2/3] Remove superfluous strdup
|
||||
|
||||
We can do this because xccdf_session_set_rule calls strdup on the rule
|
||||
parameter internally.
|
||||
|
||||
Addressing:
|
||||
|
||||
Error: RESOURCE_LEAK (CWE-772): [#def2] [important]
|
||||
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4148: alloc_fn: Storage is returned from allocation function "strdup".
|
||||
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4148: var_assign: Assigning: "n_rule" = storage returned from "strdup(rule)".
|
||||
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4149: noescape: Resource "n_rule" is not freed or pointed-to in "xccdf_session_set_rule".
|
||||
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4150: leaked_storage: Variable "n_rule" going out of scope leaks the storage it points to.
|
||||
4148| char *n_rule = strdup(rule);
|
||||
4149| xccdf_session_set_rule(sess, n_rule);
|
||||
4150|-> }
|
||||
4151|
|
||||
4152| void xccdf_session_free_py(struct xccdf_session *sess){
|
||||
---
|
||||
swig/openscap.i | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/swig/openscap.i b/swig/openscap.i
|
||||
index 2fe1cce99..158a22675 100644
|
||||
--- a/swig/openscap.i
|
||||
+++ b/swig/openscap.i
|
||||
@@ -559,8 +559,7 @@ struct xccdf_session {
|
||||
};
|
||||
|
||||
void xccdf_session_set_rule_py(struct xccdf_session *sess, char *rule) {
|
||||
- char *n_rule = strdup(rule);
|
||||
- xccdf_session_set_rule(sess, n_rule);
|
||||
+ xccdf_session_set_rule(sess, rule);
|
||||
}
|
||||
|
||||
void xccdf_session_free_py(struct xccdf_session *sess){
|
||||
|
||||
From 6ef54336a018566a32f6a95177635ada7f20794e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Thu, 27 Jan 2022 15:16:02 +0100
|
||||
Subject: [PATCH 3/3] Add a missing free
|
||||
|
||||
Addressing:
|
||||
Error: RESOURCE_LEAK (CWE-772): [#def4] [important]
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2144: alloc_fn: Storage is returned from allocation function "oscap_htable_iterator_new".
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2144: var_assign: Assigning: "rit" = storage returned from "oscap_htable_iterator_new(policy->rules)".
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2145: noescape: Resource "rit" is not freed or pointed-to in "oscap_htable_iterator_has_more".
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2146: noescape: Resource "rit" is not freed or pointed-to in "oscap_htable_iterator_next_key".
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2150: leaked_storage: Variable "rit" going out of scope leaks the storage it points to.
|
||||
2148| oscap_seterr(OSCAP_EFAMILY_XCCDF,
|
||||
2149| "Rule '%s' not found in selected profile.", rule_id);
|
||||
2150|-> return NULL;
|
||||
2151| }
|
||||
2152| }
|
||||
---
|
||||
src/XCCDF_POLICY/xccdf_policy.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/XCCDF_POLICY/xccdf_policy.c b/src/XCCDF_POLICY/xccdf_policy.c
|
||||
index b63853a38..4d4b7ad0a 100644
|
||||
--- a/src/XCCDF_POLICY/xccdf_policy.c
|
||||
+++ b/src/XCCDF_POLICY/xccdf_policy.c
|
||||
@@ -2147,6 +2147,7 @@ struct xccdf_result * xccdf_policy_evaluate(struct xccdf_policy * policy)
|
||||
if (oscap_htable_get(policy->rules_found, rule_id) == NULL) {
|
||||
oscap_seterr(OSCAP_EFAMILY_XCCDF,
|
||||
"Rule '%s' not found in selected profile.", rule_id);
|
||||
+ oscap_htable_iterator_free(rit);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
From e49669a0dde7e3a9123925347fbf3234602371ee Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 13:45:15 +0100
|
||||
Subject: [PATCH] Prevent fails of test_ds_misc.sh
|
||||
|
||||
The SOURCE_DATE_EPOCH environment variable is effective only when it's
|
||||
set to a value that's older than mtime of the processed file. See the
|
||||
implementation in ds_sds_compose_add_component_internal in src/DS/sds.c.
|
||||
However, the file in our test suite has originally been created before
|
||||
(in 2019) and this mtime can be used when a tarball is produced. To
|
||||
avoid the test failing, we can modify the mtime using the touch command
|
||||
just before we run the tests.
|
||||
---
|
||||
tests/DS/test_ds_misc.sh | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/tests/DS/test_ds_misc.sh b/tests/DS/test_ds_misc.sh
|
||||
index 159007518..cffbef303 100755
|
||||
--- a/tests/DS/test_ds_misc.sh
|
||||
+++ b/tests/DS/test_ds_misc.sh
|
||||
@@ -269,6 +269,8 @@ function test_source_date_epoch() {
|
||||
local timestamp="2020-03-05T12:09:37"
|
||||
export SOURCE_DATE_EPOCH="1583410177"
|
||||
export TZ=UTC
|
||||
+ # ensure the file mtime is always newer than the $timestamp
|
||||
+ touch -c "$xccdf"
|
||||
$OSCAP ds sds-compose "$xccdf" "$result"
|
||||
assert_exists 3 '//ds:component[@timestamp="'$timestamp'"]'
|
||||
rm -f "$result"
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
From 650656bdac5e8e4df30c11bb4dbc830aab8baa78 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Tue, 1 Feb 2022 15:06:33 +0100
|
||||
Subject: [PATCH] Prevent fails of test_ds_misc.sh
|
||||
|
||||
Other files from which the datastream is composed might also
|
||||
affect the timestamp attributes in result document depending
|
||||
on their mtime.
|
||||
---
|
||||
tests/DS/test_ds_misc.sh | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/DS/test_ds_misc.sh b/tests/DS/test_ds_misc.sh
|
||||
index cffbef303..1777c44f4 100755
|
||||
--- a/tests/DS/test_ds_misc.sh
|
||||
+++ b/tests/DS/test_ds_misc.sh
|
||||
@@ -270,7 +270,9 @@ function test_source_date_epoch() {
|
||||
export SOURCE_DATE_EPOCH="1583410177"
|
||||
export TZ=UTC
|
||||
# ensure the file mtime is always newer than the $timestamp
|
||||
- touch -c "$xccdf"
|
||||
+ touch -c "$srcdir/sds_multiple_oval/first-oval.xml"
|
||||
+ touch -c "$srcdir/sds_multiple_oval/multiple-oval-xccdf.xml"
|
||||
+ touch -c "$srcdir/sds_multiple_oval/second-oval.xml"
|
||||
$OSCAP ds sds-compose "$xccdf" "$result"
|
||||
assert_exists 3 '//ds:component[@timestamp="'$timestamp'"]'
|
||||
rm -f "$result"
|
||||
|
|
@ -1,12 +1,14 @@
|
|||
Name: openscap
|
||||
Version: 1.3.6
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Epoch: 1
|
||||
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
||||
License: LGPLv2+
|
||||
URL: http://www.open-scap.org/
|
||||
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||
|
||||
Patch1: openscap-1.3.7-PR-1841-coverity.patch
|
||||
Patch2: openscap-1.3.7-PR-1843-fix-test-ds-misc.patch
|
||||
Patch3: openscap-1.3.7-PR-1844-fix-test-ds-misc-2.patch
|
||||
BuildRequires: make
|
||||
BuildRequires: cmake >= 2.6
|
||||
BuildRequires: gcc
|
||||
|
|
@ -208,6 +210,10 @@ ln -sf ../oscap-remediate.service %{buildroot}%{_unitdir}/system-update.target.w
|
|||
%{_bindir}/oscap-run-sce-script
|
||||
|
||||
%changelog
|
||||
* Mon Jan 31 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-2
|
||||
- Fix coverity issues
|
||||
- Prevent fails of test_ds_misc.sh
|
||||
|
||||
* Thu Jan 20 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-1
|
||||
- Upgrade to the latest upstream release (rhbz#2041782)
|
||||
- Select and exclude groups of rules on the command line (rhbz#2020580, rhbz#2020581)
|
||||
|
|
|
|||
Loading…
Reference in New Issue