-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security fixes, build-break fix, and best-practices fixes #523
Conversation
Instead, use platformio_user.ini to allow users to override these settings.
This helps catch implementation bugs, such as accidentally hiding a base class's virtual function due to parameter mismatch. While the FSM classes don't currently require an explicit destructor, it's just (a good habit)[http://www.gotw.ca/publications/mill18.htm] to get used to writing.
FSM abstract class virtual functions take a pointer, but presume non-null values. Change them take a reference instead.
This may mitigate at least two potential issues when using unvalidated data.
`c_ExternalInput` should never have a null pointer stored in the FSM member variable. Therefore, convert it to a reference (not a pointer).
Note that this file is listed in .gitignore, so changes will not (by default) be noticed by git, and thus changes will be difficult to happen without explicitly attempting / forcing git ... which is good.
This is by request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change does not help the user. As with the secrets.h file, a user does not get a user.ini file by default and worse yet, there will be no compiler / linker error to tell them they forgot a step. At the moment creating a secrets.h file is an intentional requirement. Coding it this way makes adding this information optional, which it is not.
I'm trying to understand your concerns. There are no other references to a file similar to
Unlike what the sample file says, I also reviewed the code for any attempt to load a
Summarizing the disagreement:
For the above disagreement, I will defer to Shelby's decision, as we both appear to feel strongly.(*) Not technically accurate, but close enough.
FTDI chips have serial numbers, and thus can be assigned a fixed COM port number. Thus, while technically there are other times where a user could get a fixed COM port, Even then, I'd recommend the readme suggesting folks could just as easily use github |
INCLUDES POTENTIAL SECURITY FIXES.
CHECKS IN A DEFAULT
secrets.h
FILE -- REVIEW REQUESTED. See comments.I've not written any proof-of-concepts for the potential security issues. I've also not tested the resulting binary yet, so I'm marking as a "Draft" PR for now, to enable early review and comments.
secrets.h
file. Added the file;.gitignore
already prevents changes from being tracked, and already makes it difficult to push this file. REVIEW OF LOCATION REQUESTED (currently sits next to .INO file).c_ExternalInput
should be markedfinal
, and its destructor marked non-virtual.InputValue_t
defines unused states. RemoveshortOn
andlongOn
.fsm_ExternalInput_state
(FSM abstract class) has not declared a virtual destructor. Bad practice... Easy Fix.fsm_ExternalInput_***
(FSM implementation classes) should be markedfinal
.fsm_ExternalInput_***
(FSM implementation classes) should declare functions withoverride
.-Wformat-overflow=
. Potential stack overflows. Fairly easy fix.c_ExternalInput
should use reference (not pointer) for FSM member variable, as it is not valid for that to be a null pointer