Skip to content

File created without restricting permissions in unit test tools #780

New issue
New issue
Closed
#835
#827
Closed
File created without restricting permissions in unit test tools#780
#835
#827
Assignees
zanzaben
Labels
bugsecurityunit-testTickets related to the OSAL unit testing (functional and/or coverage)
Milestone
Caelum
@skliper

Description

@skliper
skliper
opened on Feb 9, 2021

Is your feature request related to a problem? Please describe.
CodelQL security warnings against following code:

osal/ut_assert/src/uttools.c

Line 60 in 09a2c5e

if ((fp = fopen(Filename, "w")))

osal/ut_assert/src/uttools.c

Lines 102 to 124 in 09a2c5e

if ((fp = fopen(Filename, "w")))
{
for (i = 0; i < Length; i += 16)
{
fprintf(fp, " %06lX: ", (unsigned long)i);
for (j = 0; j < 16; j++)
{
if ((i + j) < Length)
fprintf(fp, "%02X ", ((uint8 *)Memory)[i + j]);
else
fprintf(fp, " ");
}
fprintf(fp, " ");
for (j = 0; j < 16; j++)
{
if ((i + j) < Length)
fprintf(fp, "%c", isprint(((uint8 *)Memory)[i + j]) ? ((uint8 *)Memory)[i + j] : '.');
}
fprintf(fp, "\n");
}
fclose(fp);
return (true);

Describe the solution you'd like
https://github.com/nasa/elf2cfetbl/blob/6d1d12ea2d4ab7bcc7044f8e4c60a268d7a1f640/elf2cfetbl.c#L1455-L1464

Describe alternatives you've considered
None

Additional context
CodeQL analysis results

Requester Info
Jacob Hageman - NASA/GSFC

Metadata

Metadata

Assignees

Labels

bugsecurityunit-testTickets related to the OSAL unit testing (functional and/or coverage)

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions