sonarqube scan flagged usage of sprintf

EnterpriseDB / system_stats

A Postgres extension for exposing system metrics such as CPU, memory and disk information

Other

111 stars 24 forks source link

sonarqube scan flagged usage of sprintf #30

Closed BillSmith-EDB closed 2 months ago

BillSmith-EDB commented 2 months ago

There are about 14 places where sprintf is use throughout system_stats codebase. The issue is that there's potential for buffer overrun and the suggestion is to use snprintf

Here's one example: sprintf(cpu_desc, "%s model %s family %s", vendor_id, model, cpu_family);

The above snipped could be changed to: snprintf(cpu_desc, MAXPGPATH, "%s model %s family %s", vendor_id, model, cpu_family);

This has actually been done in some other places. It would be good to complete this work.

neel5481 commented 2 months ago

PR has been raised - https://github.com/EnterpriseDB/system_stats/pull/33

neel5481 commented 2 months ago

Merged the PR. Thank you.