Skip to content

[ML] Resolve SonarQube Hotspots #2868

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

[ML] Resolve SonarQube Hotspots #2868

wants to merge 7 commits into from
+51 −109

Conversation

valeriy42
Copy link
Contributor

  • Add safety comments to CStringCache.cc explaining NULL check safety
  • Add safety comments to vfprog/Main.cc explaining argv safety
  • These are false positives - strlen usage is safe in these contexts
  • No functional changes, documentation only

@valeriy42
Replace sprintf with snprintf in CStringUtils for buffer safety
7ec1809 
- Replace all 13 sprintf calls with snprintf in CStringUtils.cc
- Add sizeof(buf) parameter to prevent buffer overflows
- Maintains same functionality with improved security
- All tests pass after changes
@valeriy42
Replace sprintf with snprintf in CChecksum for buffer safety
fd64f1c 
- Replace sprintf with snprintf in CChecksum.cc line 35
- Add sizeof(buf) parameter to prevent buffer overflows
- Maintains same functionality with improved security
- All tests pass after changes
@valeriy42
Document safe strlen usage patterns
85472dd 
- Add safety comments to CStringCache.cc explaining NULL check safety
- Add safety comments to vfprog/Main.cc explaining argv safety
- These are false positives - strlen usage is safe in these contexts
- No functional changes, documentation only
@prodsecmachine
Copy link

prodsecmachine commented Oct 10, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Licenses 0 0 0 0 0 issues
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@valeriy42
Add security comments for TMPDIR usage
dee306c 
- Add SAFE comments to CNamedPipeFactory.cc explaining secure mkfifo usage
- Add SAFE comments to CSystemCallFilter_MacOSX.cc explaining secure mkstemps usage
- Both usages follow security best practices with restrictive permissions
- Marked corresponding SonarQube hotspots as SAFE (false positives)
@valeriy42
formatting
ad4c8da
@valeriy42
Fix SonarQube issues in CSystemCallFilter_MacOSX.cc
0d97b63 
- Fix LF characters issue by using proper string concatenation instead of literal newlines
- Fix init-statement issue by declaring errorbuf variable inside the if statement
- These changes address the SonarQube issues reported for pull request 2868
@valeriy42
Replace all snprintf calls with std::format in CStringUtils.cc
a51ced3 
- Replace snprintf with std::format for all numeric type conversions
- Add #include <format> for C++20 std::format support
- Simplify typeToString functions by removing buffer management
- Update typeToStringPrecise to use std::format with proper precision
- Maintain existing post-processing logic for scientific notation formatting
- Addresses SonarQube warnings about using modern C++ formatting
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
5 New issues
4 New Critical Issues (required ≤ 0)

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

:ml >non-issue v9.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@valeriy42 @prodsecmachine