search

nasa / fprime

F´ - A flight software and embedded systems framework
https://fprime.jpl.nasa.gov
Apache License 2.0
10.04k stars 1.3k forks source link

Resolve Static Analysis Warnings #678

Open saba-ja opened 3 years ago

saba-ja commented 3 years ago
F´ Version 1.5
Affected Component All

Problem Description

There are 444 warnings after running CodeSonar on Ref deployment. This ticket will be used to track series of PRs resolving these warnings.

Category and significance of the warnings is listed below:

significance count
Security 399
Reliability 10
Redundancy 35
Class Count
Uninitialized Variable 255
Cast Alters Value 120
Unreachable Data Flow 15
Redundant Condition 11
No Space For Null Terminator 9
File System Race Condition 7
Useless Assignment 7
Coercion Alters Value 6
Ignored Return Value 6
Null Pointer Dereference 3
Integer Overflow of Allocation Size 1
Dangerous Function Cast 1
Tainted Buffer Access 1
Unreachable Computation 1
Unreachable Conditional 1

How to Reproduce

  1. Run CodeSonar on Ref deployment

Expected Behavior

Warnings should be either resolved or descoped with a rational.

LeStarch commented 1 year ago

As part of this we need to run static analysis in CI and continue to fix.