Error: SHELLCHECK_WARNING (CWE-398): [#def1] /usr/share/skopeo/test/system/010-inspect.bats:39:18: warning[SC2038]: Use 'find .. -print0 | xargs -0 ..' or 'find .. -exec .. +' to allow non-alphanumeric filenames. # 37| # but not the digest of the config blob ($config_digest), if any. # 38| layers=$(jq -r '.Layers' <<<"$inspect_local") # 39|-> for sha in $(find $workdir -type f | xargs -l1 basename | egrep '^[0-9a-f]{64}$'); do # 40| if [ "sha256:$sha" != "$config_digest" ]; then # 41| expect_output --from="$layers" --substring "sha256:$sha" \ Error: SHELLCHECK_WARNING (CWE-88): [#def2] /usr/share/skopeo/test/system/010-inspect.bats:86:19: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 84| check_array=(FGC=f31 DISTTAG=f31container) # 85| remote=$(jq '.Env[]' <<<"$inspect_remote") # 86|-> for substr in ${check_array[@]}; do # 87| expect_output --from="$remote" --substring "$substr" # 88| done Error: SHELLCHECK_WARNING (CWE-571): [#def3] /usr/share/skopeo/test/system/020-copy.bats:56:11: warning[SC2155]: Declare and assign separately to avoid masking return values. # 54| # 55| # zstd magic number # 56|-> local magic=$(printf "\x28\xb5\x2f\xfd") # 57| # 58| # Check there is at least one file that has the zstd magic number as the first 4 bytes Error: SHELLCHECK_WARNING (CWE-156): [#def4] /usr/share/skopeo/test/system/050-signing.bats:20:10: warning[SC2046]: Quote this to prevent word splitting. # 18| # 19| PASSPHRASE_FILE_WRONG=$TESTDIR/passphrase-file-wrong # 20|-> echo $(random_string 10) > $PASSPHRASE_FILE_WRONG # 21| # 22| # gpg on f30 needs this, otherwise: Error: SHELLCHECK_WARNING (CWE-563): [#def5] /usr/share/skopeo/test/system/050-signing.bats:117:25: warning[SC2034]: comments appears unused. Verify use (or export if used externally). # 115| # Push a bunch of images. Do so *without* --policy flag; this lets us # 116| # sign or not, creating images that will or won't conform to policy. # 117|-> while read path sig comments; do # 118| local sign_opt= # 119| if [[ $sig != '-' ]]; then Error: SHELLCHECK_WARNING (CWE-398): [#def6] /usr/share/skopeo/test/system/050-signing.bats:210:5: warning[SC2010]: Don't use ls | grep. Use a glob or a for loop with a condition to allow non-alphanumeric filenames. # 208| docker://localhost:5000/myns/alice:signed \ # 209| dir:$TESTDIR/busybox-unsigned # 210|-> ls $TESTDIR/busybox-signed | grep "signature" # 211| [ -z "$(ls $TESTDIR/busybox-unsigned | grep "signature")" ] # 212| } Error: SHELLCHECK_WARNING (CWE-398): [#def7] /usr/share/skopeo/test/system/050-signing.bats:211:13: warning[SC2010]: Don't use ls | grep. Use a glob or a for loop with a condition to allow non-alphanumeric filenames. # 209| dir:$TESTDIR/busybox-unsigned # 210| ls $TESTDIR/busybox-signed | grep "signature" # 211|-> [ -z "$(ls $TESTDIR/busybox-unsigned | grep "signature")" ] # 212| } # 213| Error: SHELLCHECK_WARNING (CWE-670): [#def8] /usr/share/skopeo/test/system/helpers.bash:4:46: warning[SC2128]: Expanding an array without an index only gives the first element. # 2| # 3| # Directory containing system test sources # 4|-> TEST_SOURCE_DIR=${TEST_SOURCE_DIR:-$(dirname ${BASH_SOURCE})} # 5| # 6| # Skopeo executable Error: SHELLCHECK_WARNING (CWE-457): [#def9] /usr/share/skopeo/test/system/helpers.bash:88:11: warning[SC2154]: status is referenced but not assigned. # 86| echo "$output" # 87| fi # 88|-> if [ "$status" -ne 0 ]; then # 89| echo -n "[ rc=$status "; # 90| if [ -n "$expected_rc" ]; then Error: SHELLCHECK_WARNING (CWE-477): [#def10] /usr/share/skopeo/test/system/helpers.bash:100:28: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined. # 98| fi # 99| # 100|-> if [ "$status" -eq 124 -o "$status" -eq 137 ]; then # 101| # FIXME: 'timeout -v' requires coreutils-8.29; travis seems to have # 102| # an older version. If/when travis updates, please add -v Error: SHELLCHECK_WARNING (CWE-571): [#def11] /usr/share/skopeo/test/system/helpers.bash:174:15: warning[SC2155]: Declare and assign separately to avoid masking return values. # 172| local opt # 173| for opt; do # 174|-> local value=$(expr "$opt" : '[^=]*=\(.*\)') # 175| case "$opt" in # 176| --from=*) actual="$value"; shift;; Error: SHELLCHECK_WARNING (CWE-457): [#def12] /usr/share/skopeo/test/system/helpers.bash:226:19: warning[SC2154]: lines is referenced but not assigned (did you mean 'line'?). # 224| local testname="${2:-${MOST_RECENT_SKOPEO_COMMAND:-[no test name given]}}" # 225| # 226|-> local actual="${#lines[@]}" # 227| if [ "$actual" -eq "$expect" ]; then # 228| return Error: SHELLCHECK_WARNING (CWE-571): [#def13] /usr/share/skopeo/test/system/helpers.bash:273:15: warning[SC2155]: Declare and assign separately to avoid masking return values. # 271| local opt # 272| for opt; do # 273|-> local value=$(expr "$opt" : '[^=]*=\(.*\)') # 274| case "$opt" in # 275| --port=*) port="$value"; shift;; Error: SHELLCHECK_WARNING (CWE-140): [#def14] /usr/share/skopeo/test/system/helpers.bash:293:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 291| mkdir -p $AUTHDIR # 292| # 293|-> local -a reg_args=(-v $AUTHDIR:/auth:Z -p $port:5000) # 294| if [[ "$enable_delete" == "true" ]]; then # 295| reg_args+=( -e REGISTRY_STORAGE_DELETE_ENABLED=true) Error: SHELLCHECK_WARNING (CWE-140): [#def15] /usr/share/skopeo/test/system/helpers.bash:293:47: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 291| mkdir -p $AUTHDIR # 292| # 293|-> local -a reg_args=(-v $AUTHDIR:/auth:Z -p $port:5000) # 294| if [[ "$enable_delete" == "true" ]]; then # 295| reg_args+=( -e REGISTRY_STORAGE_DELETE_ENABLED=true) Error: SHELLCHECK_WARNING: [#def16] /usr/share/skopeo/test/system/make-noarch-manifest:14:30: warning[SC3020]: In POSIX sh, &> is undefined. # 12| # 13| # (In case older image exists from a prior run) # 14|-> buildah rmi $imgname:$imgtag &>/dev/null || true # 15| # 16| # Error: GCC_ANALYZER_WARNING (CWE-775): [#def17] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’ skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:118:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(list, 0)’ # 116| new_size = used + BUFSTEP; # 117| new_buf = realloc(buf, new_size); # 118|-> if (new_buf == NULL) { # 119| free(buf); # 120| fprintf(stderr, "realloc(%ld): out of memory\n", (long)(size + BUFSTEP)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def18] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:125:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(list, 0)’ # 123| buf = new_buf; # 124| size = new_size; # 125|-> memset(buf + used, '\0', size - used); # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’ skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:125:28: warning[-Wanalyzer-malloc-leak]: leak of ‘parse_proc_stringlist("/proc/self/cmdline")’ # 123| buf = new_buf; # 124| size = new_size; # 125|-> memset(buf + used, '\0', size - used); # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { # 128|-> fprintf(stderr, "read(): %m\n"); # 129| return NULL; # 130| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’ skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’ # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { # 128|-> fprintf(stderr, "read(): %m\n"); # 129| return NULL; # 130| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def22] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:154:16: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 152| } # 153| } # 154|-> ret[i] = NULL; # 155| return ret; # 156| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def23] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:154:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’ # 152| } # 153| } # 154|-> ret[i] = NULL; # 155| return ret; # 156| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def24] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’ skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:291:12: warning[-Wanalyzer-malloc-leak]: leak of ‘parse_proc_stringlist("/proc/self/cmdline")’ skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/containers/storage/pkg/unshare/unshare.c:18: included_from: Included from here. # 289| return fd; # 290| # 291|-> if (fexecve(fd, argv, environ) == -1) { # 292| close(fd); # 293| fprintf(stderr, "Error during reexec(...): %m\n"); Error: COMPILER_WARNING (CWE-1164): [#def25] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/mattn/go-sqlite3/sqlite3.go:85:1: warning[-Wunused-function]: ‘_sqlite3_exec’ defined but not used # 85 | _sqlite3_exec(sqlite3* db, const char* pcmd, long long* rowid, long long* changes) # | ^~~~~~~~~~~~~ # 83| # 84| static int # 85|-> _sqlite3_exec(sqlite3* db, const char* pcmd, long long* rowid, long long* changes) # 86| { # 87| int rv = sqlite3_exec(db, pcmd, 0, 0, 0); Error: GCC_ANALYZER_WARNING (CWE-476): [#def26] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function 'New' skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'c' # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: GCC_ANALYZER_WARNING (CWE-476): [#def27] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘New’ skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘c’ # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘GetAttributeValue.part.0’ skopeo-1.16.1-build/skopeo-1.16.1/vendor/github.com/miekg/pkcs11/pkcs11.go:316:32: warning[-Wanalyzer-malloc-leak]: leak of ‘*((CK_ATTRIBUTE *)temp).pValue’ # 314| continue; # 315| } # 316|-> temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE)); # 317| } # 318| return c->sym->C_GetAttributeValue(session, object, temp, templen);
| analyzer-version-clippy | 1.82.0 |
| analyzer-version-cppcheck | 2.16.0 |
| analyzer-version-gcc | 14.2.1 |
| analyzer-version-gcc-analyzer | 15.0.0 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-103.us-west-2.compute.internal |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | skopeo-1.16.1-2.fc42 |
| store-results-to | /tmp/tmp8q38e383/skopeo-1.16.1-2.fc42.tar.xz |
| time-created | 2024-11-13 03:29:38 |
| time-finished | 2024-11-13 03:33:02 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmp8q38e383/skopeo-1.16.1-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp8q38e383/skopeo-1.16.1-2.fc42.src.rpm' |
| tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |