Flawfinder报告的缺陷,但我认为这没有道理

时间:2019-12-11 20:25:07

标签: flawfinder

该问题特定于Flawfinder报告的模式:

摘要

    unsigned char child_report;
    ...
    auto readlen = read(pipefd[0], (void *) &child_report, sizeof(child_report));
    if(readlen == -1 || readlen != sizeof(child_report)) {
      _ret.failure = execute_result::PREIO ; // set some flags to report to the caller
      close(pipefd[0]);
      return _ret;
    }
    ...
    int sec_read = read(pipefd[0], (void *) &child_report, sizeof(child_report));
    child_report = 0; // we are not using the read data at all
                      // we just want to know if the read is successful or not
    if (sec_read != 0 && sec_read != -1) { // if success
      _ret.failure = execute_result::EXEC; // it means that the child is not able to exec
      close(pipefd[0]);                    // as we set the close-on-exec flag
      return _ret;                         // and we do write after exec in the child 
    }

我发现Codacy(因此发现了缺陷)在这两个方面均报告了此类问题:

Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20).

我不明白。

  1. 没有循环。
  2. 在第二种情况下,我们根本不使用读取的数据
  3. 这不是典型的C字符串,我们不依赖于结尾的'\ 0'

代码中是否存在我不知道的任何缺陷?

1 个答案:

答案 0 :(得分:0)

我最后得出结论,这应该是假阳性。我检查了Flawfinder的代码,看来它基本上是在进行模式匹配。

https://github.com/david-a-wheeler/flawfinder/blob/293ca17d8212905c7788aca1df7837d4716bd456/flawfinder#L1057