Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File created without restricting permissions in unit test tools #780

Closed
skliper opened this issue Feb 9, 2021 · 0 comments · Fixed by #827 or #835
Closed

File created without restricting permissions in unit test tools #780

skliper opened this issue Feb 9, 2021 · 0 comments · Fixed by #827 or #835
Assignees
@zanzaben
Labels
bug security unit-test Tickets related to the OSAL unit testing (functional and/or coverage)
Milestone
Caelum

Comments

@skliper
Copy link
Contributor

skliper commented Feb 9, 2021
edited
Loading

Is your feature request related to a problem? Please describe.
CodelQL security warnings against following code:

osal/ut_assert/src/uttools.c

Line 60 in 09a2c5e

if ((fp = fopen(Filename, "w")))

osal/ut_assert/src/uttools.c

Lines 102 to 124 in 09a2c5e

if ((fp = fopen(Filename, "w")))
{
for (i = 0; i < Length; i += 16)
{
fprintf(fp, " %06lX: ", (unsigned long)i);
for (j = 0; j < 16; j++)
{
if ((i + j) < Length)
fprintf(fp, "%02X ", ((uint8 *)Memory)[i + j]);
else
fprintf(fp, " ");
}
fprintf(fp, " ");
for (j = 0; j < 16; j++)
{
if ((i + j) < Length)
fprintf(fp, "%c", isprint(((uint8 *)Memory)[i + j]) ? ((uint8 *)Memory)[i + j] : '.');
}
fprintf(fp, "\n");
}
fclose(fp);
return (true);

Describe the solution you'd like
https://github.com/nasa/elf2cfetbl/blob/6d1d12ea2d4ab7bcc7044f8e4c60a268d7a1f640/elf2cfetbl.c#L1455-L1464

Describe alternatives you've considered
None

Additional context
CodeQL analysis results

Requester Info
Jacob Hageman - NASA/GSFC
@skliper skliper added the unit-test Tickets related to the OSAL unit testing (functional and/or coverage) label Feb 9, 2021
@skliper skliper added this to the 6.0.0 milestone Feb 9, 2021
zanzaben added a commit to zanzaben/osal that referenced this issue Feb 22, 2021
@zanzaben
Fix nasa#780, restrict permissions on file create
9e64376
zanzaben added a commit to zanzaben/osal that referenced this issue Feb 22, 2021
@zanzaben
Fix nasa#780, restrict permissions on file create
32a5f5f
@zanzaben zanzaben mentioned this issue Feb 23, 2021
Merged
@astrogeco astrogeco mentioned this issue Mar 1, 2021
Merged
astrogeco added a commit that referenced this issue Mar 1, 2021
@astrogeco
Merge pull request #827 from zanzaben/fix780_restrict_file_create
9725f44 
Fix #780, restrict permissions on file create
jphickey pushed a commit to jphickey/osal that referenced this issue Aug 10, 2022
@skliper
Fix nasa#780, Hex output for return checking ASSERTs
c4fe4bb
jphickey pushed a commit to jphickey/osal that referenced this issue Aug 10, 2022
@astrogeco
Merge pull request nasa#1121 from skliper/fix780-assert_hex
f6c6737 
Fix nasa#780, Hex output for return checking ASSERTs
@jphickey jphickey mentioned this issue Oct 4, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zanzaben zanzaben

Labels
bug security unit-test Tickets related to the OSAL unit testing (functional and/or coverage)
Projects
None yet
Milestone
Caelum
3 participants
@zanzaben @skliper @astrogeco