CWE-691 in code - Githubissues

danielaparker / jsoncons

A C++, header-only library for constructing JSON and JSON-like data formats, with JSON Pointer, JSON Patch, JSON Schema, JSONPath, JMESPath, CSV, MessagePack, CBOR, BSON, UBJSON

https://danielaparker.github.io/jsoncons

Other

717 stars 163 forks source link

CWE-691 in code #357

Closed AndreyAlifanov closed 2 years ago

AndreyAlifanov commented 2 years ago

Code has weaknesses - CWE-691.

Static analyzer PVS-Studio finds several weaknesses in json_options.hpp

[CWE-691] V523: The 'then' statement is equivalent to the 'else' statement. string_type nan_to_num() const line 168 string_type inf_to_num() const line 186 string_type nan_to_str() const line 229 string_type inf_to_str() const line 247

Compiler: Visual Studio 2019 Community Edition, gcc/g++ 6.3/8.3
Architecture (e.g. x86, x64) x64
Operating system: Windows, Linux
Release 0.167.1 (but 0.168.5 contains the same code, so it has CWEs too)

I would be very appreciated if you fix these CWEs.

danielaparker commented 2 years ago

The functions that you've flagged contain #defines, and depending on whether JSONCONS_NO_DEPRECATED is defined, may boil down to something like

        if (enable_nan_to_num_)
        {
            return nan_to_num_;
        }
        else
        {
            return nan_to_num_; 
        }

Those "weaknesses" will go away when we get around to dropping the deprecated code and removing the consequent redundancies. In the meantime they're innocuous and I'd prefer not to touch them.

AndreyAlifanov commented 2 years ago

Thank you for answer. I close issue.