zypper-1.14.88-1.fc43

List of Findings

Error: SHELLCHECK_WARNING (CWE-477): [#def1]
/usr/bin/installation_sources:11:17: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#    9|     $ZYPPER "$@" 2>&1
#   10|     E=$?
#   11|->   if [ $E -gt 0 -a $E -lt 100 ]; then
#   12|       echo ERROR
#   13|     fi

Error: SHELLCHECK_WARNING (CWE-477): [#def2]
/usr/bin/installation_sources:28:20: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   26|   fi
#   27|   
#   28|-> if [ "x$1" = "x-a" -a -n "$2" ]; then
#   29|      Zypper service-add $ENABLED "$2"
#   30|   fi

Error: SHELLCHECK_WARNING (CWE-138): [#def3]
/usr/bin/zypp-needs-restarting:42:34: error[SC2145]: Argument mixes string and array. Use * or separate argument.
#   40|   function errexit()
#   41|   {
#   42|->   echo "needs-restarting: error: $@" >&2
#   43|     exit 2
#   44|   }

Error: SHELLCHECK_WARNING (CWE-563): [#def4]
/usr/bin/zypp-needs-restarting:48:1: warning[SC2034]: CMD_ERR appears unused. Verify use (or export if used externally).
#   46|   CMD_R=0
#   47|   CMD_S=''
#   48|-> CMD_ERR=0
#   49|   for ARG in "$@"; do
#   50|     case "$ARG" in

Error: COMPILER_WARNING (CWE-457): [#def5]
zypper-1.14.88/src/Command.cc:66:34: warning[-Wmaybe-uninitialized]: ‘SR.7761’ may be used uninitialized
#   66 |       ZypperCommand::CmdFactory( [ aliases, args... ]() {
#      |                                  ^~~~~~~~~~~~~~~~~~~~~~~~
#   67 |         return std::make_shared<T>( std::vector<std::string>( aliases.begin(), aliases.end() ), args... );
#      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   68 |       })
#      |       ~                           
zypper-1.14.88/src/Command.cc: scope_hint: In function ‘(anonymous namespace)::newStyleCommands()’
zypper-1.14.88/src/Command.cc:66:34: note: ‘SR.7761’ was declared here
#   66 |       ZypperCommand::CmdFactory( [ aliases, args... ]() {
#      |                                  ^~~~~~~~~~~~~~~~~~~~~~~~
#   67 |         return std::make_shared<T>( std::vector<std::string>( aliases.begin(), aliases.end() ), args... );
#      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   68 |       })
#      |       ~                           
#   64|     ZypperCommand::CmdDesc makeCmd ( ZypperCommand::Command comm, std::string &&category, std::vector< const char * > &&aliases, Args&&... args ) {
#   65|       return std::make_tuple(comm, std::move( category ), aliases,
#   66|->       ZypperCommand::CmdFactory( [ aliases, args... ]() {
#   67|           return std::make_shared<T>( std::vector<std::string>( aliases.begin(), aliases.end() ), args... );
#   68|         })

Error: COMPILER_WARNING: [#def6]
zypper-1.14.88/src/SolverRequester.cc:624:2: warning[-Wcpp]: #warning TODO handle pseudoinstalled objects
#  624 | #warning TODO handle pseudoinstalled objects
#      |  ^~~~~~~
#  622|       INT << "no installed object, nothing to update, returning" << endl;
#  623|       return;
#  624|-> #warning TODO handle pseudoinstalled objects
#  625|     }
#  626|   

Error: COMPILER_WARNING: [#def7]
zypper-1.14.88/src/commands/repos/refresh.cc:190:2: warning[-Wcpp]: #warning RefreshFlagsBits::AllArchs is a NO-OP - propagate it to libzypp
#  190 | #warning RefreshFlagsBits::AllArchs is a NO-OP - propagate it to libzypp
#      |  ^~~~~~~
#  188|     // and honoured by libzypp. Actually we'd prefer using the single-arch
#  189|     // repos rather than filtering, but we will see how Leap evolves.
#  190|-> #warning RefreshFlagsBits::AllArchs is a NO-OP - propagate it to libzypp
#  191|   
#  192|     // raw metadata refresh

Error: COMPILER_WARNING (CWE-252): [#def8]
zypper-1.14.88/src/main.cc: scope_hint: In function ‘void signal_handler(int)’
zypper-1.14.88/src/main.cc:71:11: warning[-Wunused-result]: ignoring return value of ‘ssize_t write(int, const void*, size_t)’ declared with attribute ‘warn_unused_result’
#   71 |     write ( STDERR_FILENO, exit_requested_twice_str, strlen(exit_requested_twice_str) );
#      |     ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69|     Zypper & zypper( Zypper::instance( true ) );
#   70|     if ( zypper.exitRequested() >= 1 ) {
#   71|->     write ( STDERR_FILENO, exit_requested_twice_str, strlen(exit_requested_twice_str) );
#   72|       zypper.requestImmediateExit();
#   73|     } else {

Error: COMPILER_WARNING (CWE-252): [#def9]
zypper-1.14.88/src/main.cc:74:11: warning[-Wunused-result]: ignoring return value of ‘ssize_t write(int, const void*, size_t)’ declared with attribute ‘warn_unused_result’
#   74 |     write ( STDERR_FILENO, exit_requested_once_str, strlen(exit_requested_once_str) );
#      |     ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   72|       zypper.requestImmediateExit();
#   73|     } else {
#   74|->     write ( STDERR_FILENO, exit_requested_once_str, strlen(exit_requested_once_str) );
#   75|       zypper.requestExit();
#   76|     }

Error: COMPILER_WARNING: [#def10]
zypper-1.14.88/src/solve-commit.cc: scope_hint: In function ‘bool dist_upgrade(Zypper&)’
zypper-1.14.88/src/solve-commit.cc:514:28: warning[-Wrange-loop-construct]: loop variable ‘specifiedRepo’ creates a copy from type ‘const zypp::RepoInfo’
#  514 |       for ( const RepoInfo specifiedRepo : specified )
#      |                            ^~~~~~~~~~~~~
zypper-1.14.88/src/solve-commit.cc:514:28: note: use reference type to prevent copying
#  514 |       for ( const RepoInfo specifiedRepo : specified )
#      |                            ^~~~~~~~~~~~~
#      |                            &
#  512|         Resolver_Ptr resolver( God->resolver() );
#  513|         ResPool      pool    ( God->pool() );
#  514|->       for ( const RepoInfo specifiedRepo : specified )
#  515|         {
#  516|           Repository repo( pool.reposFind( specifiedRepo.alias() ) );

Error: COMPILER_WARNING (CWE-457): [#def11]
zypper-1.14.88/src/utils/flags/flagtypes.h:78:5: warning[-Wuninitialized]: ‘MEM <unsigned char> [(const struct optional &)&D.359940 + 1]’ is used uninitialized
#   78 |     [defVal]() -> boost::optional<std::string>{
#      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   79 |       if (!defVal)
#      |       ~~~~~~~~~~~~
#   80 |         return boost::optional<std::string>();
#      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   81 |       return std::string( (*defVal) ? "true" : "false" );
#      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   82 |     },
#      |     ~
zypper-1.14.88/src/commands/locale/addlocalecmd.cc: scope_hint: In member function ‘AddLocaleCmd::cmdOptions() const’
zypper-1.14.88/src/commands/locale/addlocalecmd.cc:33:79: note: ‘<anonymous>’ declared here
#   33 |     { "no-packages", 'n', ZyppFlags::NoArgument, ZyppFlags::BoolCompatibleType( that._packages, ZyppFlags::StoreFalse ), _("Do not install corresponding packages for given locale(s).") },
#      |                                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   76|   {
#   77|     return Value (
#   78|->     [defVal]() -> boost::optional<std::string>{
#   79|         if (!defVal)
#   80|           return boost::optional<std::string>();

Error: COMPILER_WARNING (CWE-457): [#def12]
zypper-1.14.88/src/utils/flags/flagtypes.h:78:5: warning[-Wuninitialized]: ‘MEM <unsigned char> [(const struct optional &)&D.360007 + 1]’ is used uninitialized
#   78 |     [defVal]() -> boost::optional<std::string>{
#      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   79 |       if (!defVal)
#      |       ~~~~~~~~~~~~
#   80 |         return boost::optional<std::string>();
#      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   81 |       return std::string( (*defVal) ? "true" : "false" );
#      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   82 |     },
#      |     ~
zypper-1.14.88/src/commands/locale/removelocalecmd.cc: scope_hint: In member function ‘RemoveLocaleCmd::cmdOptions() const’
zypper-1.14.88/src/commands/locale/removelocalecmd.cc:46:79: note: ‘<anonymous>’ declared here
#   46 |     { "no-packages", 'n', ZyppFlags::NoArgument, ZyppFlags::BoolCompatibleType( that._packages, ZyppFlags::StoreFalse ), _("Do not remove corresponding packages for given locale(s).") },
#      |                                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   76|   {
#   77|     return Value (
#   78|->     [defVal]() -> boost::optional<std::string>{
#   79|         if (!defVal)
#   80|           return boost::optional<std::string>();

Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-254.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	zypper-1.14.88-1.fc43
store-results-to	/tmp/tmpg616gsmx/zypper-1.14.88-1.fc43.tar.xz
time-created	2025-04-25 16:14:34
time-finished	2025-04-25 16:18:24
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpg616gsmx/zypper-1.14.88-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpg616gsmx/zypper-1.14.88-1.fc43.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9