Skip to content

Commit

Permalink
Fix static analysis issues
Browse files Browse the repository at this point in the history
  • Loading branch information
Danielius1922 committed Sep 12, 2024
1 parent b58ea74 commit 0c2c0f3
Show file tree
Hide file tree
Showing 16 changed files with 94 additions and 86 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/cmake-linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ concurrency:
cancel-in-progress: ${{ github.ref_name != 'master' }}

on:
# push:
# branches:
# - master
# pull_request:
# types: [opened, synchronize, reopened]
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/plgd-device-test-with-cfg.yml
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ jobs:
if: ${{ inputs.coverage }}
id: coverage
run: |
SUFFIX=`echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} ${{ inputs.name }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' '`
SUFFIX=$(echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} ${{ inputs.name }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' ')
echo "filename=coverage-plgd-device-${SUFFIX}.json" >> $GITHUB_OUTPUT
echo "artifact=plgd-device-${SUFFIX}-coverage" >> $GITHUB_OUTPUT
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/plgd-dps-test-with-cfg.yml
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ jobs:
if: ${{ inputs.coverage }}
id: coverage
run: |
SUFFIX=`echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} -DBUILD_TESTING=ON ${{ inputs.args }}" | sha1sum | cut -f 1 -d ' '`
SUFFIX=$(echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} -DBUILD_TESTING=ON ${{ inputs.args }}" | sha1sum | cut -f 1 -d ' ')
echo "filename=coverage-plgd-dps-${SUFFIX}.json" >> $GITHUB_OUTPUT
echo "filename_obt=coverage-plgd-dps-obt-${SUFFIX}.json" >> $GITHUB_OUTPUT
echo "artifact=plgd-dps-${SUFFIX}-coverage" >> $GITHUB_OUTPUT
Expand Down
10 changes: 7 additions & 3 deletions .github/workflows/plgd-dps-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,16 @@

name: Run plgd/hub/dps tests with dps_cloud_server

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref_name != 'master' }}

on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
# branches: [master]
# pull_request:
# branches: [master]
branches: [master]
pull_request:
branches: [master]

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/plgd-hub-test-with-cfg.yml
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ jobs:
if: ${{ inputs.coverage }}
id: coverage
run: |
SUFFIX=`echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} ${{ inputs.args }} ${{ inputs.docker_args }} ${{ inputs.hub_args }} ${{ inputs.name }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' '`
SUFFIX=$(echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} ${{ inputs.args }} ${{ inputs.docker_args }} ${{ inputs.hub_args }} ${{ inputs.name }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' ')
echo "filename=coverage-plgd-hub-${SUFFIX}.json" >> $GITHUB_OUTPUT
echo "artifact=plgd-hub-${SUFFIX}-coverage" >> $GITHUB_OUTPUT
Expand Down
87 changes: 43 additions & 44 deletions .github/workflows/sonar-cloud-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,48 +44,48 @@ jobs:
build_type: Debug
coverage: true

# plgd-device-tests:
# strategy:
# fail-fast: false
# matrix:
# include:
# - name: cloud-server
# build_args: ""
# - name: cloud-server-access-in-RFOTM-concurrent-requests-1
# build_args: "-DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
# - name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc
# build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
# # try with SHA384
# cert_signature_algorithm: ECDSA-SHA384
# cert_elliptic_curve: P384
# uses: ./.github/workflows/plgd-device-test-with-cfg.yml
# with:
# name: ${{ matrix.name }}
# build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}"
# build_type: Debug
# cert_signature_algorithm: ${{ matrix.cert_signature_algorithm }}
# cert_elliptic_curve: ${{ matrix.cert_elliptic_curve }}
# coverage: true

# plgd-hub-tests:
# strategy:
# fail-fast: false
# matrix:
# include:
# - name: cloud-server-discovery-resource-observable-access-in-RFOTM
# build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON"
# - name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc-concurrent-requests-1
# build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
# - name: dtls-cloud-server-rep-realloc
# build_args: "-DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
# hub_args: "-e COAP_GATEWAY_UDP_ENABLED=true"
# uses: ./.github/workflows/plgd-hub-test-with-cfg.yml
# with:
# name: ${{ matrix.name }}
# build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}"
# build_type: Debug
# coverage: true
# hub_args: ${{ matrix.hub_args }}
plgd-device-tests:
strategy:
fail-fast: false
matrix:
include:
- name: cloud-server
build_args: ""
- name: cloud-server-access-in-RFOTM-concurrent-requests-1
build_args: "-DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
- name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
# try with SHA384
cert_signature_algorithm: ECDSA-SHA384
cert_elliptic_curve: P384
uses: ./.github/workflows/plgd-device-test-with-cfg.yml
with:
name: ${{ matrix.name }}
build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}"
build_type: Debug
cert_signature_algorithm: ${{ matrix.cert_signature_algorithm }}
cert_elliptic_curve: ${{ matrix.cert_elliptic_curve }}
coverage: true

plgd-hub-tests:
strategy:
fail-fast: false
matrix:
include:
- name: cloud-server-discovery-resource-observable-access-in-RFOTM
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON"
- name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc-concurrent-requests-1
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
- name: dtls-cloud-server-rep-realloc
build_args: "-DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
hub_args: "-e COAP_GATEWAY_UDP_ENABLED=true"
uses: ./.github/workflows/plgd-hub-test-with-cfg.yml
with:
name: ${{ matrix.name }}
build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}"
build_type: Debug
coverage: true
hub_args: ${{ matrix.hub_args }}

plgd-dps-tests:
uses: ./.github/workflows/plgd-dps-test-with-cfg.yml
Expand All @@ -99,8 +99,7 @@ jobs:
runs-on: ubuntu-22.04
env:
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
needs: [unit-tests, plgd-dps-tests]
# needs: [unit-tests, plgd-device-tests, plgd-hub-tests, plgd-dps-tests]
needs: [unit-tests, plgd-device-tests, plgd-hub-tests, plgd-dps-tests]
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/unit-test-with-cfg.yml
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ jobs:
if: ${{ inputs.coverage }}
id: coverage
run: |
SUFFIX=`echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ steps.cmake_flags.outputs.compiler }} ${{ inputs.build_args }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' '`
SUFFIX=$(echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ steps.cmake_flags.outputs.compiler }} ${{ inputs.build_args }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' ')
echo "filename=coverage-unix-${SUFFIX}.json" >> $GITHUB_OUTPUT
echo "artifact=unit-test-${SUFFIX}-coverage" >> $GITHUB_OUTPUT
Expand Down
4 changes: 3 additions & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -682,7 +682,9 @@ if(OC_SECURITY_ENABLED)
endif()

if(PLGD_DEV_DEVICE_PROVISIONING_ENABLED)
include(api/plgd/plgd.cmake)
file(GLOB PLGD_DPS_SRC
${PROJECT_SOURCE_DIR}/api/plgd/device-provisioning-client/*.c
)
endif()

add_library(client-server-obj OBJECT ${COMMON_SRC} ${CLIENT_SRC} ${PLGD_DPS_SRC})
Expand Down
5 changes: 0 additions & 5 deletions api/plgd/plgd.cmake

This file was deleted.

2 changes: 1 addition & 1 deletion api/plgd/unittest/plgd_dps_endpoints.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ TEST_F(DPSEndpointsTest, EndpointsAPI)
ep3_newname.length());
verify_selected_endpoint(ep3, ep3_uri, ep3_newname);

EXPECT_TRUE(plgd_dps_remove_endpoint_address(ctx.get(), toSelect));
ASSERT_TRUE(plgd_dps_remove_endpoint_address(ctx.get(), toSelect));
}

#endif /* OC_HAS_FEATURE_PLGD_DEVICE_PROVISIONING */
2 changes: 1 addition & 1 deletion api/plgd/unittest/plgd_dps_log.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ static void
printLog(oc_log_level_t log_level, const char *file, int line,
const char *func_name, const char *format, va_list args)
{
printf("[%s:%d %s]<%s:%s>: ", file, line, func_name,
printf("[%s:%d %s]<%s>: ", file, line, func_name,
oc_log_level_to_label(log_level));
vprintf(format, args);
printf("\n");
Expand Down
3 changes: 3 additions & 0 deletions api/plgd/unittest/plgd_dps_manager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ TEST_F(TestDPSManager, StartAlreadyStarted)

plgd_dps_manager_stop(&ctx);
dps_context_list_remove(&ctx);
dps_context_deinit(&ctx);
ASSERT_TRUE(oc_sec_remove_cred_by_credid(mfg_credid, kDeviceID));
}

Expand All @@ -114,6 +115,7 @@ TEST_F(TestDPSManager, GetProvisionAndCloudObserverFlags)
plgd_time_set_time(oc_clock_time());

plgd_dps_context_t ctx{};
dps_context_init(&ctx, kDeviceID);
auto pof = dps_get_provision_and_cloud_observer_flags(&ctx);
uint32_t provision_flags = PLGD_DPS_HAS_TIME;
uint8_t cloud_observer_status = 0;
Expand Down Expand Up @@ -181,6 +183,7 @@ TEST_F(TestDPSManager, GetProvisionAndCloudObserverFlags)
ASSERT_TRUE(oc_sec_remove_cred_by_credid(root_credid, kDeviceID));
#endif /* OC_DYNAMIC_ALLOCATION */

dps_context_deinit(&ctx);
plgd_time_set_time(0);
plgd_time_set_status(PLGD_TIME_STATUS_IN_SYNC);
}
Expand Down
2 changes: 1 addition & 1 deletion api/plgd/unittest/plgd_dps_provision_owner.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ TEST_F(TestProvisionOwnerWithDevice, GetOwner_FailInvalidDOSState)
pstat->s = OC_DOS_RFOTM;

plgd_dps_context_t ctx{};
ctx.device = 42;
ctx.device = kDeviceID;
EXPECT_FALSE(dps_get_owner(&ctx));

pstat->s = OC_DOS_RFNOP;
Expand Down
2 changes: 1 addition & 1 deletion api/plgd/unittest/plgd_dps_time.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ TEST_F(TestDPSTimeWithDevice, GetTime_FailInvalidDOSState)
pstat->s = OC_DOS_RFOTM;

plgd_dps_context_t ctx{};
ctx.device = 42;
ctx.device = kDeviceID;
EXPECT_FALSE(dps_get_plgd_time(&ctx));

pstat->s = OC_DOS_RFNOP;
Expand Down
41 changes: 23 additions & 18 deletions apps/dps_cloud_server.c
Original file line number Diff line number Diff line change
Expand Up @@ -957,6 +957,21 @@ dps_read_pem(const char *file_path, char *buffer, size_t *buffer_size)
return -1;
}

static void
dps_concat_paths(char *buffer, size_t buffer_size, const char *cert_dir,
const char *file)
{
memset(buffer, 0, buffer_size);
size_t cert_dir_len = strlen(cert_dir);
if (cert_dir_len >= buffer_size) {
abort();
}
memcpy(buffer, cert_dir, cert_dir_len);
buffer[cert_dir_len] = '\0';
// NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.strcpy)
strcat(buffer, file);
}

/**
* @brief Add manufacturer's trusted root certificate authority and
* manufacturer's certificate to the device.
Expand All @@ -981,10 +996,7 @@ dps_add_certificates(const plgd_dps_context_t *dps_ctx, const char *cert_dir)
} else {
unsigned char dps_ca[CERT_BUFFER_SIZE];
size_t dps_ca_size = sizeof(dps_ca) / sizeof(unsigned char);
memset(path, 0, sizeof(path));
strncpy(path, cert_dir, sizeof(path));
strcat(path,
"/dpsca.pem"); // NOLINT(clang-analyzer-security.insecureAPI.strcpy)
dps_concat_paths(path, sizeof(path), cert_dir, "/dpsca.pem");
if (dps_read_pem(path, (char *)dps_ca, &dps_ca_size) < 0) {
printf("ERROR: unable to read %s\n", path);
goto error;
Expand All @@ -1000,20 +1012,14 @@ dps_add_certificates(const plgd_dps_context_t *dps_ctx, const char *cert_dir)

unsigned char mfg_crt[CERT_BUFFER_SIZE];
size_t mfg_crt_size = sizeof(mfg_crt) / sizeof(unsigned char);
memset(path, 0, sizeof(path));
strncpy(path, cert_dir, sizeof(path));
strcat(path,
"/mfgcrt.pem"); // NOLINT(clang-analyzer-security.insecureAPI.strcpy)
dps_concat_paths(path, sizeof(path), cert_dir, "/mfgcrt.pem");
if (dps_read_pem(path, (char *)mfg_crt, &mfg_crt_size) < 0) {
printf("ERROR: unable to read %s\n", path);
goto error;
}
unsigned char mfg_key[CERT_BUFFER_SIZE];
size_t mfg_key_size = sizeof(mfg_key) / sizeof(unsigned char);
memset(path, 0, sizeof(path));
strncpy(path, cert_dir, sizeof(path));
strcat(path,
"/mfgkey.pem"); // NOLINT(clang-analyzer-security.insecureAPI.strcpy)
dps_concat_paths(path, sizeof(path), cert_dir, "/mfgkey.pem");
if (dps_read_pem(path, (char *)mfg_key, &mfg_key_size) < 0) {
printf("ERROR: unable to read %s\n", path);
goto error;
Expand Down Expand Up @@ -1617,12 +1623,13 @@ static bool
add_endpoint(const char *endpoint)
{
#if OC_DYNAMIC_ALLOCATION
g_dps_endpoint = (char **)realloc(g_dps_endpoint, (g_dps_endpoint_count + 1) *
sizeof(char *));
if (g_dps_endpoint == NULL) {
char **new_dps_endpoint_buffer = (char **)realloc(
g_dps_endpoint, (g_dps_endpoint_count + 1) * sizeof(char *));
if (new_dps_endpoint_buffer == NULL) {
printf("ERROR: failed to allocate memory for list of endpoints\n");
return false;
}
g_dps_endpoint = new_dps_endpoint_buffer;
g_dps_endpoint[g_dps_endpoint_count] = strdup(endpoint);
if (g_dps_endpoint[g_dps_endpoint_count] == NULL) {
printf("ERROR: failed to allocate memory for endpoint\n");
Expand Down Expand Up @@ -1813,9 +1820,7 @@ parse_options(int argc, char *argv[], parse_options_result_t *parsed_options)
printf("ERROR: failed to resolve parent directory\n");
return false;
}
strncpy(g_dps_cert_dir, dir, sizeof(g_dps_cert_dir) - 1);
strcat(g_dps_cert_dir,
"/pki_certs"); // NOLINT(clang-analyzer-security.insecureAPI.strcpy)
dps_concat_paths(g_dps_cert_dir, sizeof(g_dps_cert_dir), dir, "/pki_certs");
free(dir);

#ifdef PLGD_DPS_FAKETIME
Expand Down
4 changes: 2 additions & 2 deletions security/oc_pstat.c
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ oc_sec_get_pstat(size_t device)
bool
oc_sec_is_operational(size_t device)
{
return g_pstat[device].isop;
return oc_sec_get_pstat(device)->isop;
}

bool
Expand All @@ -456,7 +456,7 @@ oc_sec_pstat_is_in_dos_state(const oc_sec_pstat_t *ps, unsigned dos_mask)
bool
oc_device_is_in_dos_state(size_t device, unsigned dos_mask)
{
return oc_sec_pstat_is_in_dos_state(&g_pstat[device], dos_mask);
return oc_sec_pstat_is_in_dos_state(oc_sec_get_pstat(device), dos_mask);
}

void
Expand Down

0 comments on commit 0c2c0f3

Please sign in to comment.