Code analysis to provide the safest desktop environment

[theLOICofFRANCE]

Hi all,

I have performed a static code analysis and I have 78 errors with 43 potential security issues. If you when have time to look at the report in detail.

report_caja-1.12.7.txt

Thanks.

MATE general version

1.12

Package version

caja-1.12.7

Linux Distribution

Ubuntu 16.04 LTS

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/47537209-static-code-analysis?utm_campaign=plugin&utm_content=tracker%2F651521&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F651521&utm_medium=issues&utm_source=github).

[alexarnaud]

Le 23/07/2017 à 14:22, Loïc a écrit :

Hi all,

I have performed a static code analysis and I have 78 errors with 43 potential security issues. If you when have time to look at the report in detail.

Hi Loïc,

Mate 1.12 is no longer maintained by the Mate team. If you want to do a static code analysis you should use a development environment or the last stable release (1.18.X).

Best regards. -- Alex ARNAUD Visual-Impairment Project Manager Hypra - "Humanizing technology"

[theLOICofFRANCE]

@alexarnaud

Hi Alex,

Sure enough, but some mistakes may still be in upstream. Moreover, if there are indeed security problems then this will be corrected by the security teams of GNU/Linux distributions.

Thanks, best regards.

[theLOICofFRANCE]

Integration into OSS-Fuzz would be nice. Example.

[lukefromdc]

If I run cppcheck on Caja 1.20.0 and exclude performance, portability, and information items I get this report, which I had to hand-transcribe as you can't cut and paste out of cppcheck-gui and print to pdf cannot suppress the numerous style warnings:

Caja_1.20_Cppcheck_errors_and_warnings.txt