commit: 95aaed5e566e6cda2ada55d1bd7bd5a9a17311ab
parent 495d4089eecf0a4c369b302c9e42dee531471c41
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Thu, 24 Feb 2022 01:37:36 +0100
Add static analysis via flawfinder(1)
Diffstat:
7 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
@@ -63,6 +63,7 @@ test: $(EXE_test)
lint:
$(MANDOC) -Tlint -Wunsupp,error,warning ./badwolf.1
$(SHELLCHECK) ./configure
+ $(FLAWFINDER) .
.PHONY: install
install: all
diff --git a/README.md b/README.md
@@ -61,6 +61,9 @@ You need to have gettext installed. If you want a GUI, poedit exists and Weblate
- (optional) gettext implementation (such as GNU Gettext)
- (optional, lint) [mandoc](https://mdocml.bsd.lv/) (the command) for linting the manpage
- (optional, lint) [shellcheck](https://www.shellcheck.net/) for linting the `./configure` script
+- (optional, lint) [flawfinder](https://www.dwheeler.com/flawfinder/) for examining C source code for flaws
+
+Note: Packagers can safely ignore the lint dependencies.
### Compiling
```
diff --git a/badwolf.c b/badwolf.c
@@ -710,6 +710,7 @@ new_browser(struct Window *window, const gchar *target_url, struct Client *old_b
web_context = webkit_web_view_get_context(old_browser->webView);
}
+ /* flawfinder: ignore. Consider that g_strsplit is safe enough */
badwolf_l10n = getenv("BADWOLF_L10N");
if(badwolf_l10n != NULL)
@@ -1101,6 +1102,7 @@ main(int argc, char *argv[])
gtk_window_set_icon_name(GTK_WINDOW(window->main_window), "badwolf");
gchar *provider_path_app = g_build_filename(DATADIR, "interface.css", NULL);
+ /* flawfinder: ignore, just a presence check */
if(access(provider_path_app, R_OK) == 0)
{
GtkCssProvider *css_provider_app = gtk_css_provider_new();
@@ -1114,6 +1116,7 @@ main(int argc, char *argv[])
gchar *provider_path_user =
g_build_filename(g_get_user_data_dir(), "badwolf", "interface.css", NULL);
+ /* flawfinder: ignore, just a presence check */
if(access(provider_path_user, R_OK) == 0)
{
GtkCssProvider *css_provider_user = gtk_css_provider_new();
diff --git a/bookmarks.c b/bookmarks.c
@@ -76,6 +76,7 @@ bookmarks_completion_init()
xmlXPathObjectPtr xpathObj = NULL;
GtkListStore *list_store = gtk_list_store_new(1, G_TYPE_STRING);
+ /* flawfinder: ignore, just a presence check */
if(access(filename, R_OK) != 0)
{
g_fprintf(stderr, _("Bookmarks: No loadable file found at %s\n"), filename);
diff --git a/configure b/configure
@@ -28,6 +28,7 @@ Variables:
EXTRA_CFLAGS=OPTIONS
MANDOC=BIN
SHELLCHECK=BIN
+ FLAWFINDER=BIN
WITH_WEBKITGTK=(4.0|4.1)
WITH_URI_PARSER=(guri|libsoup2)
@@ -71,6 +72,7 @@ CC="${CC:-cc}"
CFLAGS="${CFLAGS:--g -O2 -pie -fPIE}"
MANDOC="${MANDOC:-mandoc}"
SHELLCHECK="${SHELLCHECK:-shellcheck}"
+FLAWFINDER="${FLAWFINDER:-flawfinder}"
# Also allow variables through arguments
@@ -121,7 +123,7 @@ if command -v "${MANDOC}" >/dev/null ; is_ok
then
:
else
- printf 'Warning: Tests depending on mandoc disabled'
+ printf 'Warning: manpage linting via mandoc(1) disabled'
MANDOC="true"
fi
@@ -130,10 +132,20 @@ if command -v "${SHELLCHECK}" >/dev/null ; is_ok
then
:
else
- printf 'Warning: Tests depending on shellcheck disabled'
+ printf 'Warning: shell linting via shellcheck(1) disabled'
SHELLCHECK="true"
fi
+printf 'Checking %s command existance ...' "${FLAWFINDER}"
+if command -v "${FLAWFINDER}" >/dev/null ; is_ok
+then
+ :
+else
+ printf 'Warning: C analysis via flawfinder(1) disabled'
+ SHELLCHECK="true"
+fi
+
+
echo
# pkg-config
diff --git a/downloads.c b/downloads.c
@@ -19,8 +19,12 @@ download_stop_iconCb_clicked(GtkButton *stop_icon, gpointer user_data)
}
void
-download_format_elapsed(char *formatted, size_t formatted_size, char *format, int total)
+download_format_elapsed(char *restrict formatted,
+ size_t formatted_size,
+ char *restrict format,
+ int total)
{
+ /* flawfinder: ignore, format string only passed by ourselves */
snprintf(formatted,
formatted_size,
format,
@@ -107,6 +111,7 @@ void
downloadCb_failed(WebKitDownload *webkit_download, GError *error, gpointer user_data)
{
struct Download *download = (struct Download *)user_data;
+ /* flawfinder: ignore. proper buffer limits are used */
char formatted[BUFSIZ];
int total = (int)webkit_download_get_elapsed_time(webkit_download);
char *format;
@@ -130,6 +135,7 @@ void
downloadCb_finished(WebKitDownload *webkit_download, gpointer user_data)
{
struct Download *download = (struct Download *)user_data;
+ /* flawfinder: ignore. proper buffer limits are used */
char formatted[BUFSIZ];
int total = (int)webkit_download_get_elapsed_time(webkit_download);
@@ -157,6 +163,7 @@ downloadCb_received_data(WebKitDownload *webkit_download, guint64 data_lenght, g
{
(void)data_lenght;
struct Download *download = (struct Download *)user_data;
+ /* flawfinder: ignore. proper buffer limits are used */
char formatted[BUFSIZ];
int total = (int)webkit_download_get_elapsed_time(webkit_download);
diff --git a/uri.c b/uri.c
@@ -20,11 +20,13 @@ badwolf_ensure_uri_scheme(const gchar *text, gboolean try_file)
if(try_file)
{
+ /* flawfinder: ignore. `path` is allocated by realpath itself */
path = realpath(text, NULL);
gchar *f = NULL;
if(path != NULL)
{
+ /* flawfinder: ignore. only used as presence check, no way to pass file descriptor */
if(access(path, R_OK) == 0)
{
f = g_strdup_printf("file://%s", path);
