本文介绍了Coverity为使用'cov-build'的构建定义了哪些预处理器符号?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们为免费和开源项目使用Coverity的扫描构建服务.我正在研究两个关于污染参数( TAINTED_SCALAR )的Coverity发现.污点是假阳性,因此我正尝试使用Coverity的 __ coverity_tainted_data_sanitize __ 来检测代码.

我想保护需要使用 __ coverity_tainted_data_sanitize __ 的代码,因为该功能仅与使用Coverity的 cov-build 工具.也就是说,我想做类似的事情:

  void Foo(std :: istream& is,...){std :: string名称;是>>名称;#if< SOME_COVERITY_PREPROCESSOR_MACRO>__coverity_tainted_data_sanitize __(名称);#万一...} 

Coverity有几个使用 __ coverity_tainted_data_sanitize __ 的示例,但是它们没有显示如何保护它.例如,参见污染标量的功能模型示例明确说明文件参数传递机制.问预处理器时,我也找不到它.(见下文).

Coverity定义了哪些预处理器宏来确定分析构建?


预处理输出

  $ cov-build --dir〜/temp cpp -x c ++ -dM</dev/null 2& 1 |egrep -i((cov | anal)")Linux 3.13.0-68通用x86_64上的Coverity Build Capture(64位)版本7.7.0.4 


环境变量

我确实找到了一些环境变量,但是我更喜欢避免将环境变量映射到预处理器定义.

  $ cov-build --dir〜/temp printenv 2>& 1 |egrep -i((cov | anal)")Linux 3.13.0-68通用x86_64上的Coverity Build Capture(64位)版本7.7.0.4LD_LIBRARY_PATH =/home/cov-analysis/jarsLD_PRELOAD =/home/cov-analysis/bin/libcapture-linux64-$ {PLATFORM} .soCOVERITY_TEMP =/tmp/cov-98db841699284e11e33be37fe7061776COVERITY_LD_LIBRARY_PATH =/home/cov-analysis/jarsCOVERITY_JAVA14_WARNING_FILE =/home/temp/warn_about_java14_compilationsCOVERITY_ENABLE_CEJ_PER_CLASS_ERROR_RECOVERY = 1COVERITY_IS_COMPILER_DESCENDANT = 0COVERITY_CONFIG_FILE =/home/cov-analysis/config/coverity_config.xmlCOVERITY_COMMON_TEMP =/tmpCOVERITY_JAVA_CONFIG = javac#TEMPLATE ## java#TEMPLATE ## apt#TEMPLATE ## javaw#TEMPLATE ###COVERITY_PREV_XML_CATALOG_FILES =COVERITY_OUTPUT_ENCODING = UTF-8COVERITY_COMPILER_PATH_MISMATCH_FILE =/home/temp/has_path_mismatchesCOVERITY_ENABLE_CECS_WATCHDOG = 1COVERITY_PATHLESS_CONFIGS_FILE =/home/temp/has_pathless_configsCOVERITY_LD_PRELOAD =/home/cov-analysis/bin/libcapture-linux64-$ {PLATFORM} .soCOVERITY_BUILD_INVOCATION_ID = 1PATH =/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/cov-analysis/箱COVERITY_BIN =/home/cov-analysis/binCOVERITY_IDIR =/home/tempCOVERITY_TOP_PROCESS = 0COVERITY_OUTPUT =/home/temp/build-log.txtCOVERITY_EMIT =/home/temp/emitPWD =/home/cov-analysisCOVERITY_SITE_CC = VBCSCompiler; apt; c ++; cc; cl; clang; clang ++; csc; csc2; devenv; g ++; g ++-4.8; g ++-4.9; g ++-5.1.0; gcc; gcc-4.8; gcc-4.9; gcc-5.1.0; java; javac; javaw; ld; msbuild; xgccCOVERITY_LOG =/home/temp/build-log.txtCOVERITY_SYSTEM_ENCODING = UTF-8COVERITY_TOP_CONFIG =/tmp/cov-98db841699284e11e33be37fe7061776/cov-configure/coverity_config.xmlCOVERITY_IS_COMPILER = 0 


以防万一,在讨论中...该库确实读取了似乎有污点的值.但是,它是用于自检的数据文件,位于/usr/share 中,并且不是任意的用户输入.该库不会向用户公开此特定功能,因此我认为它不会以意想不到的方式被滥用.

解决方案

cov-emit和cov-internal-emit-clang都预定义了 __ COVERITY __ 宏,这可能就是您想要的.>

也就是说,我认为您应该能够在Coverity Scan网络用户界面中将该缺陷标记为误报,并且该缺陷将不再显示.

顺便说一句,这是在查看由 cpp 预定义的宏,而不是cov-translate.据我所知,目前尚没有直接的方法来转储由cov-build/cov-translate定义的所有宏.

We use Coverity's Scan Build service for free and open source projects. I am working through two Coverity findings on tainted parameters (TAINTED_SCALAR). The taint is a false positive, so I am trying to instrument the code with Coverity's __coverity_tainted_data_sanitize__ to clear the issue.

I want to guard the code that needs to use __coverity_tainted_data_sanitize__ because the function is only used with analysis builds using Coverity's cov-build tool. That is, I want to do something like:

void Foo(std::istream& is, ...)
{
    std::string name;
    is >> name;

#if <SOME_COVERITY_PREPROCESSOR_MACRO>
    __coverity_tainted_data_sanitize__(name);
#endif

    ...
}

Coverity has a couple of examples on using __coverity_tainted_data_sanitize__, but they don't show how to guard it. See for example, Function model example for Tainted Scalar and Explicitly document parameter passing mechanisms. I also could not find it when asking the preprocessor (see below).

What preprocessor macros does Coverity define to determine an analysis build?


Preprocessor Output

$ cov-build --dir ~/temp cpp -x c++ -dM </dev/null 2>&1 | egrep -i "(cov|anal)"
Coverity Build Capture (64-bit) version 7.7.0.4 on Linux 3.13.0-68-generic x86_64


Environmental Variables

I did find some environmental variables, but I prefer to avoid mapping environmental variables to preprocessor defines.

$ cov-build --dir ~/temp printenv 2>&1 | egrep -i "(cov|anal)"
Coverity Build Capture (64-bit) version 7.7.0.4 on Linux 3.13.0-68-generic x86_64
LD_LIBRARY_PATH=/home/cov-analysis/jars
LD_PRELOAD=/home/cov-analysis/bin/libcapture-linux64-${PLATFORM}.so
COVERITY_TEMP=/tmp/cov-98db841699284e11e33be37fe7061776
COVERITY_LD_LIBRARY_PATH=/home/cov-analysis/jars
COVERITY_JAVA14_WARNING_FILE=/home/temp/warn_about_java14_compilations
COVERITY_ENABLE_CEJ_PER_CLASS_ERROR_RECOVERY=1
COVERITY_IS_COMPILER_DESCENDANT=0
COVERITY_CONFIG_FILE=/home/cov-analysis/config/coverity_config.xml
COVERITY_COMMON_TEMP=/tmp
COVERITY_JAVA_CONFIG=javac#TEMPLATE##java#TEMPLATE##apt#TEMPLATE##javaw#TEMPLATE###
COVERITY_PREV_XML_CATALOG_FILES=
COVERITY_OUTPUT_ENCODING=UTF-8
COVERITY_COMPILER_PATH_MISMATCH_FILE=/home/temp/has_path_mismatches
COVERITY_ENABLE_CECS_WATCHDOG=1
COVERITY_PATHLESS_CONFIGS_FILE=/home/temp/has_pathless_configs
COVERITY_LD_PRELOAD=/home/cov-analysis/bin/libcapture-linux64-${PLATFORM}.so
COVERITY_BUILD_INVOCATION_ID=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/cov-analysis/bin
COVERITY_BIN=/home/cov-analysis/bin
COVERITY_IDIR=/home/temp
COVERITY_TOP_PROCESS=0
COVERITY_OUTPUT=/home/temp/build-log.txt
COVERITY_EMIT=/home/temp/emit
PWD=/home/cov-analysis
COVERITY_SITE_CC=VBCSCompiler;apt;c++;cc;cl;clang;clang++;csc;csc2;devenv;g++;g++-4.8;g++-4.9;g++-5.1.0;gcc;gcc-4.8;gcc-4.9;gcc-5.1.0;java;javac;javaw;ld;msbuild;xgcc
COVERITY_LOG=/home/temp/build-log.txt
COVERITY_SYSTEM_ENCODING=UTF-8
COVERITY_TOP_CONFIG=/tmp/cov-98db841699284e11e33be37fe7061776/cov-configure/coverity_config.xml
COVERITY_IS_COMPILER=0


Just in case its discussed... the library does read what appears to be a tainted value. However, its a datafile used for self tests, its located in /usr/share, and its not arbitrary user input. The library does not expose this particular functions to users, so I dont believe it can be abused in unexpected ways.

解决方案

Both cov-emit and cov-internal-emit-clang predefine the __COVERITY__ macro, which is probably what you want.

That said, I think you should be able to mark the defect as a false positive in the Coverity Scan web UI, and it won't show up anymore.

As an aside, this is looking at the macros predefined by cpp, not cov-translate. As far as I know, there is currently no straightforward way to dump all the macros predefined by cov-build/cov-translate.

这篇关于Coverity为使用'cov-build'的构建定义了哪些预处理器符号?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-15 02:55