Security fixes, build-break fix, and best-practices fixes #523
Conversation
Instead, use platformio_user.ini to allow users to override these settings.
This helps catch implementation bugs, such as accidentally hiding a base class's virtual function due to parameter mismatch. While the FSM classes don't currently require an explicit destructor, it's just (a good habit)[http://www.gotw.ca/publications/mill18.htm] to get used to writing.
FSM abstract class virtual functions take a pointer, but presume non-null values. Change them take a reference instead.
This may mitigate at least two potential issues when using unvalidated data.
`c_ExternalInput` should never have a null pointer stored in the FSM member variable. Therefore, convert it to a reference (not a pointer).
Note that this file is listed in .gitignore, so changes will not (by default) be noticed by git, and thus changes will be difficult to happen without explicitly attempting / forcing git ... which is good.
This is by request.
henrygab
changed the title
henrygab
changed the title
There was a problem hiding this comment.
This change does not help the user. As with the secrets.h file, a user does not get a user.ini file by default and worse yet, there will be no compiler / linker error to tell them they forgot a step. At the moment creating a secrets.h file is an intentional requirement. Coding it this way makes adding this information optional, which it is not.
|
I'm trying to understand your concerns. There are no other references to a file similar to
Unlike what the sample file says, I also reviewed the code for any attempt to load a
Summarizing the disagreement:
For the above disagreement, I will defer to Shelby's decision, as we both appear to feel strongly.(*) Not technically accurate, but close enough.
FTDI chips have serial numbers, and thus can be assigned a fixed COM port number. Thus, while technically there are other times where a user could get a fixed COM port, Even then, I'd recommend the readme suggesting folks could just as easily use github |
INCLUDES POTENTIAL SECURITY FIXES.
CHECKS IN A DEFAULT
secrets.hFILE -- REVIEW REQUESTED. See comments.I've not written any proof-of-concepts for the potential security issues. I've also not tested the resulting binary yet, so I'm marking as a "Draft" PR for now, to enable early review and comments.
secrets.hfile. Added the file;.gitignorealready prevents changes from being tracked, and already makes it difficult to push this file. REVIEW OF LOCATION REQUESTED (currently sits next to .INO file).c_ExternalInputshould be markedfinal, and its destructor marked non-virtual.InputValue_tdefines unused states. RemoveshortOnandlongOn.fsm_ExternalInput_state(FSM abstract class) has not declared a virtual destructor. Bad practice... Easy Fix.fsm_ExternalInput_***(FSM implementation classes) should be markedfinal.fsm_ExternalInput_***(FSM implementation classes) should declare functions withoverride.-Wformat-overflow=. Potential stack overflows. Fairly easy fix.c_ExternalInputshould use reference (not pointer) for FSM member variable, as it is not valid for that to be a null pointer