Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| // Check if file exists and is readable | ||
| FILE *file = fopen(path, "r"); | ||
| // Sicheres Öffnen der Konfigurationsdatei | ||
| int cfd = open(path, O_RDONLY | O_NOFOLLOW); |
Check warning
Code scanning / Flawfinder (reported by Codacy)
Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Warning
| // Try to read from VERSION file | ||
| FILE *fp = fopen("VERSION", "r"); | ||
| // Try to read from VERSION file sicher | ||
| int vfd = open("VERSION", O_RDONLY | O_NOFOLLOW); |
Check warning
Code scanning / Flawfinder (reported by Codacy)
Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Warning
| { | ||
| // Try alternative path for installed version | ||
| fp = fopen("/opt/coolerdash/VERSION", "r"); | ||
| vfd = open("/opt/coolerdash/VERSION", O_RDONLY | O_NOFOLLOW); |
Check warning
Code scanning / Flawfinder (reported by Codacy)
Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Warning
| FILE *image_file = fopen(shutdown_image_path, "r"); | ||
| if (image_file) | ||
| // Check if shutdown image file exists and is a regular file | ||
| int img_fd = open(shutdown_image_path, O_RDONLY | O_NOFOLLOW); |
Check warning
Code scanning / Flawfinder (reported by Codacy)
Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Warning
| FILE *file = NULL; | ||
| if (cfd != -1) | ||
| { | ||
| struct stat cst; |
Check notice
Code scanning / Cppcheck (reported by Codacy)
stat is Y2038-unsafe Note
| if (cfd != -1) | ||
| { | ||
| struct stat cst; | ||
| if (fstat(cfd, &cst) == 0 && S_ISREG(cst.st_mode)) |
Check notice
Code scanning / Cppcheck (reported by Codacy)
fstat is Y2038-unsafe Note
| if (cfd != -1) | ||
| { | ||
| struct stat cst; | ||
| if (fstat(cfd, &cst) == 0 && S_ISREG(cst.st_mode)) |
Check notice
Code scanning / Cppcheck (reported by Codacy)
MISRA 12.1 rule Note
| FILE *fp = NULL; | ||
| if (vfd != -1) | ||
| { | ||
| struct stat vst; |
Check notice
Code scanning / Cppcheck (reported by Codacy)
stat is Y2038-unsafe Note
| if (vfd != -1) | ||
| { | ||
| struct stat vst; | ||
| if (fstat(vfd, &vst) == 0 && S_ISREG(vst.st_mode)) |
Check notice
Code scanning / Cppcheck (reported by Codacy)
fstat is Y2038-unsafe Note
| fclose(image_file); | ||
| send_image_to_lcd(g_config_ptr, shutdown_image_path, device_uid); | ||
| send_image_to_lcd(g_config_ptr, shutdown_image_path, device_uid); // Send twice for better reliability | ||
| struct stat img_st; |
Check notice
Code scanning / Cppcheck (reported by Codacy)
stat is Y2038-unsafe Note
| send_image_to_lcd(g_config_ptr, shutdown_image_path, device_uid); | ||
| send_image_to_lcd(g_config_ptr, shutdown_image_path, device_uid); // Send twice for better reliability | ||
| struct stat img_st; | ||
| if (fstat(img_fd, &img_st) == 0 && S_ISREG(img_st.st_mode)) |
Check notice
Code scanning / Cppcheck (reported by Codacy)
MISRA 12.1 rule Note
| send_image_to_lcd(g_config_ptr, shutdown_image_path, device_uid); | ||
| send_image_to_lcd(g_config_ptr, shutdown_image_path, device_uid); // Send twice for better reliability | ||
| struct stat img_st; | ||
| if (fstat(img_fd, &img_st) == 0 && S_ISREG(img_st.st_mode)) |
Check notice
Code scanning / Cppcheck (reported by Codacy)
fstat is Y2038-unsafe Note
| // Not a regular file | ||
| close(img_fd); | ||
| log_message(LOG_WARNING, "Shutdown image '%s' ist kein reguläres File oder nicht lesbar", shutdown_image_path); | ||
| goto shutdown_image_missing; |
Check notice
Code scanning / Cppcheck (reported by Codacy)
MISRA 15.1 rule Note
| // Not a regular file | ||
| close(img_fd); | ||
| log_message(LOG_WARNING, "Shutdown image '%s' ist kein reguläres File oder nicht lesbar", shutdown_image_path); | ||
| goto shutdown_image_missing; |
Check notice
Code scanning / Cppcheck (reported by Codacy)
MISRA 15.3 rule Note
1 participant
No description provided.