mirror of
https://github.com/kuhyx/testsAndMisc.git
synced 2026-07-04 17:03:05 +02:00
- Add +x to Python scripts with shebangs (3 files) - Remove -x from non-script files like .cpp, .txt, makefile (23 files) - Move shebang to first line in C/imageViewer/lint.sh
80 lines
2.9 KiB
Markdown
80 lines
2.9 KiB
Markdown
# Security Notes for ImageViewer
|
|
|
|
## Static Analysis Warnings
|
|
|
|
The imageviewer project uses secure coding practices with proper bounds checking. However, clang-analyzer may report warnings about "insecure" functions like `memcpy` and `snprintf`. These warnings are related to the clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling check.
|
|
|
|
### Why These Warnings Appear
|
|
|
|
The static analyzer flags standard C library functions like:
|
|
- `memcpy()` - suggests using `memcpy_s()`
|
|
- `snprintf()` - suggests using `snprintf_s()`
|
|
- `strncpy()` - suggests using `strncpy_s()`
|
|
|
|
### Why These Are Safe in Our Code
|
|
|
|
1. **Proper Bounds Checking**: All string operations include explicit length validation before copying
|
|
2. **Buffer Size Validation**: We check that destination buffers are large enough
|
|
3. **Null Termination**: All strings are properly null-terminated
|
|
4. **Return Value Checking**: We validate snprintf return values for buffer overflow detection
|
|
|
|
### Example of Secure Usage
|
|
|
|
```c
|
|
// We validate length before copying
|
|
size_t filename_len = strlen(filename);
|
|
size_t copy_len = (filename_len < MAX_PATH_LEN - 1) ? filename_len : MAX_PATH_LEN - 1;
|
|
memcpy(viewer->current_file, filename, copy_len);
|
|
viewer->current_file[copy_len] = '\0'; // Always null-terminate
|
|
|
|
// We check snprintf return value
|
|
int ret = snprintf(full_path, sizeof(full_path), "%s/%s", path, entry->d_name);
|
|
if (ret < 0 || ret >= sizeof(full_path)) {
|
|
continue; // Skip if path is too long
|
|
}
|
|
```
|
|
|
|
### Microsoft-Specific _s Functions
|
|
|
|
The suggested `_s` functions (like `memcpy_s`, `snprintf_s`) are:
|
|
- Microsoft-specific extensions
|
|
- Not part of standard C
|
|
- Not portable to Linux/Unix systems
|
|
- Not available in our build environment
|
|
|
|
### Security Assessment
|
|
|
|
**Status**: ✅ **SECURE**
|
|
|
|
The current implementation is secure because:
|
|
- All buffer operations are bounds-checked
|
|
- No user input is directly copied without validation
|
|
- File paths are validated for maximum length
|
|
- Memory allocation is checked for success
|
|
- All arrays have defined maximum sizes
|
|
|
|
### Suppressing Warnings
|
|
|
|
For development, these specific warnings can be suppressed since the code has been manually reviewed for security:
|
|
|
|
```bash
|
|
# Suppress in clang-tidy configuration
|
|
-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling
|
|
```
|
|
|
|
Or use NOLINT comments for specific lines:
|
|
```c
|
|
memcpy(dest, src, len); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
|
|
```
|
|
|
|
### Verification
|
|
|
|
To verify security:
|
|
1. ✅ All string operations use explicit length checking
|
|
2. ✅ Buffer overflow conditions are detected and handled
|
|
3. ✅ No direct user input to buffer operations
|
|
4. ✅ Static buffers have sufficient size for all use cases
|
|
5. ✅ Dynamic memory is properly allocated and freed
|
|
|
|
This codebase follows secure coding practices and the static analysis warnings are false positives due to the analyzer's conservative approach to C library functions.
|