Error: SHELLCHECK_WARNING (CWE-563): [#def1] /usr/libexec/ebtables-helper:23:1: warning[SC2034]: EBTABLES_SAVE_ON_RESTART appears unused. Verify use (or export if used externally). # 21| # ebtables-config defaults # 22| EBTABLES_SAVE_ON_STOP="no" # 23|-> EBTABLES_SAVE_ON_RESTART="no" # 24| EBTABLES_SAVE_COUNTER="no" # 25| Error: SHELLCHECK_WARNING (CWE-153): [#def2] /usr/libexec/ebtables-helper:49:17: warning[SC2053]: Quote the right-hand side of == in [[ ]] to prevent glob matching. # 47| local found=false # 48| for t in $EBTABLES_TABLES; do # 49|-> if [[ $t == $table ]]; then # 50| found=true # 51| break Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] iptables-1.8.11/iptables/../include/linux/netfilter_ipv4/ip_tables.h:221:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fw’ iptables-1.8.11/iptables/iptables.c:659:5: enter_function: entry to ‘do_command4’ iptables-1.8.11/iptables/iptables.c:726:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables.c:731:13: branch_false: ...to here iptables-1.8.11/iptables/iptables.c:736:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables.c:741:28: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables.c:744:25: branch_false: ...to here iptables-1.8.11/iptables/iptables.c:749:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables.c:750:32: branch_true: ...to here iptables-1.8.11/iptables/iptables.c:767:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables.c:774:29: branch_true: ...to here iptables-1.8.11/iptables/iptables.c:774:28: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables.c:779:25: branch_false: ...to here iptables-1.8.11/iptables/iptables.c:811:23: call_function: calling ‘replace_entry’ from ‘do_command4’ # 219| ipt_get_target(struct ipt_entry *e) # 220| { # 221|-> return (void *)e + e->target_offset; # 222| } # 223| Error: GCC_ANALYZER_WARNING (CWE-476): [#def4] iptables-1.8.11/iptables/../include/linux/netfilter_ipv6/ip6_tables.h:261:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fw’ iptables-1.8.11/iptables/ip6tables.c:665:5: enter_function: entry to ‘do_command6’ iptables-1.8.11/iptables/ip6tables.c:733:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/ip6tables.c:738:13: branch_false: ...to here iptables-1.8.11/iptables/ip6tables.c:743:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/ip6tables.c:748:28: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/ip6tables.c:751:25: branch_false: ...to here iptables-1.8.11/iptables/ip6tables.c:756:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/ip6tables.c:757:32: branch_true: ...to here iptables-1.8.11/iptables/ip6tables.c:772:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/ip6tables.c:779:29: branch_true: ...to here iptables-1.8.11/iptables/ip6tables.c:779:28: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/ip6tables.c:784:25: branch_false: ...to here iptables-1.8.11/iptables/ip6tables.c:816:23: call_function: calling ‘replace_entry’ from ‘do_command6’ # 259| ip6t_get_target(struct ip6t_entry *e) # 260| { # 261|-> return (void *)e + e->target_offset; # 262| } # 263| Error: GCC_ANALYZER_WARNING (CWE-775): [#def5] iptables-1.8.11/iptables/iptables-save.c:62:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*afinfo.proc_exists, "re")’ iptables-1.8.11/iptables/iptables-save.c:262:1: enter_function: entry to ‘ip6tables_save_main’ iptables-1.8.11/iptables/iptables-save.c:267:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-save.c:276:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-save.c:276:15: call_function: calling ‘do_iptables_save’ from ‘ip6tables_save_main’ # 60| # 61| while (fgets(tablename, sizeof(tablename), procfile)) { # 62|-> if (tablename[strlen(tablename) - 1] != '\n') # 63| xtables_error(OTHER_PROBLEM, # 64| "Badly formed tablename `%s'", tablename); Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] iptables-1.8.11/iptables/iptables-save.c:62:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*afinfo.proc_exists, "re")’ iptables-1.8.11/iptables/iptables-save.c:262:1: enter_function: entry to ‘ip6tables_save_main’ iptables-1.8.11/iptables/iptables-save.c:267:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-save.c:276:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-save.c:276:15: call_function: calling ‘do_iptables_save’ from ‘ip6tables_save_main’ # 60| # 61| while (fgets(tablename, sizeof(tablename), procfile)) { # 62|-> if (tablename[strlen(tablename) - 1] != '\n') # 63| xtables_error(OTHER_PROBLEM, # 64| "Badly formed tablename `%s'", tablename); Error: GCC_ANALYZER_WARNING (CWE-775): [#def7] iptables-1.8.11/iptables/iptables-save.c:164:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "w")’ iptables-1.8.11/iptables/iptables-save.c:262:1: enter_function: entry to ‘ip6tables_save_main’ iptables-1.8.11/iptables/iptables-save.c:267:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-save.c:276:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-save.c:276:15: call_function: calling ‘do_iptables_save’ from ‘ip6tables_save_main’ # 162| } # 163| ret = dup2(fileno(file), STDOUT_FILENO); # 164|-> if (ret == -1) { # 165| fprintf(stderr, "Failed to redirect stdout, error: %s\n", # 166| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] iptables-1.8.11/iptables/iptables-save.c:164:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "w")’ iptables-1.8.11/iptables/iptables-save.c:262:1: enter_function: entry to ‘ip6tables_save_main’ iptables-1.8.11/iptables/iptables-save.c:267:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-save.c:276:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-save.c:276:15: call_function: calling ‘do_iptables_save’ from ‘ip6tables_save_main’ # 162| } # 163| ret = dup2(fileno(file), STDOUT_FILENO); # 164|-> if (ret == -1) { # 165| fprintf(stderr, "Failed to redirect stdout, error: %s\n", # 166| strerror(errno)); Error: CPPCHECK_WARNING (CWE-457): [#def9] iptables-1.8.11/iptables/nft-cache.c:207: error[uninitvar]: Uninitialized variable: c # 205| # 206| hlist_for_each_entry(c, node, chain_name_hlist(h, t, chain), hnode) { # 207|-> if (!strcmp(nftnl_chain_get_str(c->nftnl, NFTNL_CHAIN_NAME), # 208| chain)) # 209| return c; Error: GCC_ANALYZER_WARNING (CWE-476): [#def10] iptables-1.8.11/iptables/nft-ruleparse.c:870:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ iptables-1.8.11/iptables/nft-ruleparse.c:890:6: enter_function: entry to ‘nft_rule_to_iptables_command_state’ iptables-1.8.11/iptables/nft-ruleparse.c:903:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/nft-ruleparse.c:906:16: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:907:16: branch_true: following ‘true’ branch (when ‘expr’ is non-NULL)... iptables-1.8.11/iptables/nft-ruleparse.c:909:25: branch_true: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:911:20: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:913:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:913:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:915:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:915:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:917:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:917:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:919:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:919:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:921:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:921:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:923:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:923:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:925:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:925:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:927:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:927:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:929:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:929:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:931:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:931:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:933:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:933:25: branch_true: following ‘true’ branch (when the strings are equal)... iptables-1.8.11/iptables/nft-ruleparse.c:934:25: branch_true: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:934:25: call_function: calling ‘nft_parse_range’ from ‘nft_rule_to_iptables_command_state’ # 868| sreg = nft_xt_ctx_get_sreg(ctx, reg); # 869| # 870|-> switch (sreg->type) { # 871| case NFT_XT_REG_UNDEF: # 872| ctx->errmsg = "range sreg undef"; Error: CPPCHECK_WARNING (CWE-457): [#def11] iptables-1.8.11/iptables/nft.c:251: error[uninitvar]: Uninitialized variable: nlh->nlmsg_seq # 249| if (ret == -1) { # 250| mnl_err_list_node_add(&h->err_list, errno, # 251|-> nlh->nlmsg_seq); # 252| err = -1; # 253| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def12] iptables-1.8.11/iptables/xtables-save.c:176:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "w")’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 174| } # 175| ret = dup2(fileno(file), STDOUT_FILENO); # 176|-> if (ret == -1) { # 177| fprintf(stderr, "Failed to redirect stdout, error: %s\n", # 178| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] iptables-1.8.11/iptables/xtables-save.c:176:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "w")’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 174| } # 175| ret = dup2(fileno(file), STDOUT_FILENO); # 176|-> if (ret == -1) { # 177| fprintf(stderr, "Failed to redirect stdout, error: %s\n", # 178| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def14] iptables-1.8.11/iptables/xtables-save.c:229:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 227| default: # 228| fprintf(stderr, "Unknown family %d\n", family); # 229|-> return 1; # 230| } # 231| Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] iptables-1.8.11/libiptc/libiptc.c:559:33: warning[-Wanalyzer-null-dereference]: dereference of NULL '*h.chain_index' iptables-1.8.11/libiptc/libiptc.c:2226:1: enter_function: entry to 'iptc_create_chain' iptables-1.8.11/libiptc/libiptc.c:2236:12: branch_false: following 'false' branch... iptables-1.8.11/libiptc/libiptc.c:2237:16: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2236:13: branch_false: following 'false' branch (when the strings are non-equal)... iptables-1.8.11/libiptc/libiptc.c:2238:16: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2236:13: branch_false: following 'false' branch (when the strings are non-equal)... iptables-1.8.11/libiptc/libiptc.c:2239:16: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2236:13: branch_false: following 'false' branch (when the strings are non-equal)... iptables-1.8.11/libiptc/libiptc.c:2240:16: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2236:13: branch_false: following 'false' branch (when the strings are non-equal)... iptables-1.8.11/libiptc/libiptc.c:2246:13: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2246:12: branch_false: following 'false' branch... iptables-1.8.11/libiptc/libiptc.c:2252:13: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2252:13: call_function: calling 'iptcc_alloc_chain_head' from 'iptc_create_chain' iptables-1.8.11/libiptc/libiptc.c:2252:13: return_function: returning to 'iptc_create_chain' from 'iptcc_alloc_chain_head' iptables-1.8.11/libiptc/libiptc.c:2253:12: branch_false: following 'false' branch... iptables-1.8.11/libiptc/libiptc.c:2259:9: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2262:9: call_function: calling 'iptc_insert_chain' from 'iptc_create_chain' iptables-1.8.11/libiptc/libiptc.c:2262:9: return_function: returning to 'iptc_create_chain' from 'iptc_insert_chain' iptables-1.8.11/libiptc/libiptc.c:2272:12: branch_true: following 'true' branch (when 'exceeded > 355')... iptables-1.8.11/libiptc/libiptc.c:2275:17: branch_true: ...to here iptables-1.8.11/libiptc/libiptc.c:2275:17: call_function: calling 'iptcc_chain_index_rebuild' from 'iptc_create_chain' # 557| if ((chains % list_length)== 0) { # 558| debug("\nIndex[%d] Chains:", cindex); # 559|-> h->chain_index[cindex] = c; # 560| } # 561| chains++; Error: CPPCHECK_WARNING (CWE-457): [#def16] iptables-1.8.11/libxtables/xtables.c:284: warning[uninitvar]: Uninitialized variables: n.next, n.pprev # 282| # 283| for (i = 0; i < NOTARGET_HSIZE; i++) { # 284|-> hlist_for_each_entry_safe(cur, pos, n, ¬argets[i], node) { # 285| hlist_del(&cur->node); # 286| free(cur); Error: CPPCHECK_WARNING (CWE-457): [#def17] iptables-1.8.11/libxtables/xtables.c:286: warning[uninitvar]: Uninitialized variable: cur # 284| hlist_for_each_entry_safe(cur, pos, n, ¬argets[i], node) { # 285| hlist_del(&cur->node); # 286|-> free(cur); # 287| } # 288| } Error: CPPCHECK_WARNING (CWE-457): [#def18] iptables-1.8.11/libxtables/xtables.c:308: error[uninitvar]: Uninitialized variable: cur # 306| # 307| hlist_for_each_entry(cur, node, ¬argets[key], node) { # 308|-> if (!strcmp(name, cur->name)) # 309| return cur; # 310| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def19] iptables-1.8.11/libxtables/xtoptions.c:766:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p' iptables-1.8.11/libxtables/xtoptions.c:760:12: branch_false: following 'false' branch... iptables-1.8.11/libxtables/xtoptions.c:764:16: branch_false: ...to here iptables-1.8.11/libxtables/xtoptions.c:766:9: danger: dereference of NULL 'p' # 764| work = xtables_strdup(orig_arg); # 765| p = strchr(work, '/'); /* by def this can't be NULL now */ # 766|-> *p++ = '\0'; # 767| /* # 768| * Because xtopt_parse_host and xtopt_parse_plenmask would store
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-225.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | iptables-1.8.11-6.fc43 |
| store-results-to | /tmp/tmpc2llly5g/iptables-1.8.11-6.fc43.tar.xz |
| time-created | 2025-04-25 13:07:01 |
| time-finished | 2025-04-25 13:08:45 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpc2llly5g/iptables-1.8.11-6.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpc2llly5g/iptables-1.8.11-6.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |