diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-10-26 11:19:05 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-10-26 11:35:30 +0200 |
| commit | 25944e2089d89830d630efae0e4c3042069f64f2 (patch) | |
| tree | 29973ba92ace4789b2d9acfa913254404a175e3d | |
| parent | 542379726789720c569d7130567068f40d03ac6f (diff) | |
Fixed some SonarCloud issues
* fixed dependabot werkzeug (3.0.3 to 3.0.6)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | Dockerfile | 4 | ||||
| -rw-r--r-- | examples/c-analysed/c-analysed.c | 30 | ||||
| -rw-r--r-- | examples/c-collectd/c-collectd.c | 7 | ||||
| -rw-r--r-- | examples/py-flow-dashboard/requirements.txt | 2 | ||||
| -rw-r--r-- | nDPId.c | 9 | ||||
| -rw-r--r-- | utils.c | 76 |
6 files changed, 79 insertions, 49 deletions
diff --git a/Dockerfile b/Dockerfile index d5f42a670..b79579498 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ FROM ubuntu:22.04 AS builder WORKDIR /root -RUN apt-get -y update && apt-get install -y --no-install-recommends autoconf automake build-essential ca-certificates wget unzip git make cmake pkg-config libpcap-dev autoconf libtool && apt-get clean +RUN apt-get -y update && apt-get install -y --no-install-recommends \ + autoconf automake build-essential ca-certificates cmake git \ + libpcap-dev libtool make pkg-config unzip wget && apt-get clean RUN git clone https://github.com/utoni/nDPId.git WORKDIR /root/nDPId diff --git a/examples/c-analysed/c-analysed.c b/examples/c-analysed/c-analysed.c index 2811f70f8..a78720da8 100644 --- a/examples/c-analysed/c-analysed.c +++ b/examples/c-analysed/c-analysed.c @@ -23,7 +23,7 @@ typedef char csv_buf_t[(NETWORK_BUFFER_MAX_SIZE / 3) + 1]; static int main_thread_shutdown = 0; static int analysed_timerfd = -1; -static struct nDPIsrvd_socket * sock = NULL; +static struct nDPIsrvd_socket * distributor = NULL; static char * pidfile = NULL; static char * serv_optarg = NULL; @@ -452,9 +452,9 @@ static void sighandler(int signum) if (signum == SIGUSR1) { - nDPIsrvd_flow_info(sock, nDPIsrvd_write_flow_info_cb, NULL); + nDPIsrvd_flow_info(distributor, nDPIsrvd_write_flow_info_cb, NULL); - HASH_ITER(hh, sock->instance_table, current_instance, itmp) + HASH_ITER(hh, distributor->instance_table, current_instance, itmp) { if (nDPIsrvd_verify_flows(current_instance, nDPIsrvd_verify_flows_cb, NULL) != 0) { @@ -794,7 +794,7 @@ static int analysed_map_flow_u8(struct nDPIsrvd_socket * const sock, } ssize_t const map_index = analysed_map_index(str, len, map, map_length); - if (map_index < 0 || map_index > UCHAR_MAX) + if (map_index < 0 || map_index >= UCHAR_MAX) { return 1; } @@ -972,6 +972,10 @@ static void process_flow_stats(struct nDPIsrvd_socket * const sock, struct nDPIs { break; } + if (numeric_risk_value > UCHAR_MAX) + { + logger(1, "BUG: Numeric risk value > 255"); + } ANALYSED_STATS_GAUGE_INC(flow_risk_count[numeric_risk_value - 1]); flow_user_data->risks[i] = numeric_risk_value - 1; @@ -1974,15 +1978,15 @@ int main(int argc, char ** argv) goto failure; } - sock = nDPIsrvd_socket_init( + distributor = nDPIsrvd_socket_init( 0, 0, 0, (stats_csv_outfile != NULL ? sizeof(struct flow_user_data) : 0), analysed_json_callback, NULL, NULL); - if (sock == NULL) + if (distributor == NULL) { logger_early(1, "%s", "nDPIsrvd socket memory allocation failed!"); goto failure; } - if (nDPIsrvd_setup_address(&sock->address, serv_optarg) != 0) + if (nDPIsrvd_setup_address(&distributor->address, serv_optarg) != 0) { fprintf(stderr, "%s: Could not parse address `%s'\n", argv[0], serv_optarg); goto failure; @@ -1991,13 +1995,13 @@ int main(int argc, char ** argv) printf("Recv buffer size: %u\n", NETWORK_BUFFER_MAX_SIZE); printf("Connecting to `%s'..\n", serv_optarg); - if (nDPIsrvd_connect(sock) != CONNECT_OK) + if (nDPIsrvd_connect(distributor) != CONNECT_OK) { logger_early(1, "nDPIsrvd socket connect to %s failed!", serv_optarg); goto failure; } - if (nDPIsrvd_set_nonblock(sock) != 0) + if (nDPIsrvd_set_nonblock(distributor) != 0) { logger_early(1, "nDPIsrvd set nonblock failed: %s", strerror(errno)); goto failure; @@ -2099,8 +2103,8 @@ int main(int argc, char ** argv) } { - struct epoll_event socket_event = {.data.fd = sock->fd, .events = EPOLLIN}; - if (epoll_ctl(epollfd, EPOLL_CTL_ADD, sock->fd, &socket_event) < 0) + struct epoll_event socket_event = {.data.fd = distributor->fd, .events = EPOLLIN}; + if (epoll_ctl(epollfd, EPOLL_CTL_ADD, distributor->fd, &socket_event) < 0) { logger_early(1, "Error adding nDPIsrvd socket fd to epoll: %s", strerror(errno)); goto failure; @@ -2108,9 +2112,9 @@ int main(int argc, char ** argv) } logger(0, "%s", "Initialization succeeded."); - retval = mainloop(epollfd, sock); + retval = mainloop(epollfd, distributor); failure: - nDPIsrvd_socket_free(&sock); + nDPIsrvd_socket_free(&distributor); daemonize_shutdown(pidfile); shutdown_logging(); diff --git a/examples/c-collectd/c-collectd.c b/examples/c-collectd/c-collectd.c index 7d7d65244..6696dc9e1 100644 --- a/examples/c-collectd/c-collectd.c +++ b/examples/c-collectd/c-collectd.c @@ -29,7 +29,7 @@ logger(is_error, fmt, __VA_ARGS__); \ } \ } while (0) -//#define GENERATE_TIMESTAMP 1 +// #define GENERATE_TIMESTAMP 1 struct flow_user_data { @@ -836,7 +836,7 @@ static void print_collectd_exec_output(void) COLLECTD_STATS_GAUGE_SUB(flow_guessed_count); COLLECTD_STATS_GAUGE_SUB(flow_not_detected_count); - for (size_t i = 0; i < NDPI_MAX_RISK - 1 /* NDPI_NO_RISK */; ++i) + for (i = 0; i < NDPI_MAX_RISK - 1 /* NDPI_NO_RISK */; ++i) { COLLECTD_STATS_GAUGE_SUB(flow_risk_count[i]); } @@ -1358,9 +1358,8 @@ static void process_flow_stats(struct nDPIsrvd_socket * const sock, struct nDPIs if (flow_user_data->confidence == 0 && flow_user_data->confidence_ndpid_invalid == 0) { struct nDPIsrvd_json_token const * const token = TOKEN_GET_SZ(sock, "ndpi", "confidence"); - struct nDPIsrvd_json_token const * current = NULL; - int next_child_index = -1; + next_child_index = -1; if ((current = nDPIsrvd_get_next_token(sock, token, &next_child_index)) == NULL) { flow_user_data->confidence_ndpid_invalid = 1; diff --git a/examples/py-flow-dashboard/requirements.txt b/examples/py-flow-dashboard/requirements.txt index 1adede5dc..3793eba16 100644 --- a/examples/py-flow-dashboard/requirements.txt +++ b/examples/py-flow-dashboard/requirements.txt @@ -1,3 +1,3 @@ dash dash_daq -Werkzeug==3.0.3 +Werkzeug==3.0.6 @@ -5551,6 +5551,15 @@ static int validate_options(void) } } } + if (GET_CMDARG_ULL(nDPId_options.max_packets_per_flow_to_analyse) < 2 || + GET_CMDARG_ULL(nDPId_options.max_packets_per_flow_to_analyse) > USHRT_MAX) + { + logger_early(1, + "Value not in range: 2 < max-packets-per-flow-to-analyse[%llu] < %d", + GET_CMDARG_ULL(nDPId_options.max_packets_per_flow_to_analyse), + USHRT_MAX); + retval = 1; + } if (GET_CMDARG_ULL(nDPId_options.max_flows_per_thread) < 128 || GET_CMDARG_ULL(nDPId_options.max_flows_per_thread) > nDPId_MAX_FLOWS_PER_THREAD) { @@ -340,8 +340,7 @@ int daemonize_shutdown(char const * const pidfile) int change_user_group(char const * const user, char const * const group, char const * const pidfile) { - struct passwd * pwd; - struct group * grp; + struct passwd pwd; gid_t gid; if (user == NULL) @@ -349,37 +348,46 @@ int change_user_group(char const * const user, char const * const group, char co return 1; } - errno = 0; - pwd = getpwnam(user); - if (pwd == NULL) { - return (errno != 0 ? -errno : -ENOENT); + struct passwd * result; + char buf[BUFSIZ]; + int retval; + + retval = getpwnam_r(user, &pwd, buf, sizeof(buf), &result); + if (result == NULL) + { + return (retval != 0 ? -retval : -ENOENT); + } } if (group != NULL) { - errno = 0; - grp = getgrnam(group); - if (grp == NULL) + struct group grp; + struct group * result; + char buf[BUFSIZ]; + int retval; + + retval = getgrnam_r(group, &grp, buf, sizeof(buf), &result); + if (result == NULL) { - return (errno != 0 ? -errno : -ENOENT); + return (retval != 0 ? -retval : -ENOENT); } - gid = grp->gr_gid; + gid = grp.gr_gid; } else { - gid = pwd->pw_gid; + gid = pwd.pw_gid; } if (daemonize != 0 && pidfile != NULL) { errno = 0; - if (chown(pidfile, pwd->pw_uid, gid) != 0) + if (chown(pidfile, pwd.pw_uid, gid) != 0) { return -errno; } } - return setregid(gid, gid) != 0 || setreuid(pwd->pw_uid, pwd->pw_uid); + return setregid(gid, gid) != 0 || setreuid(pwd.pw_uid, pwd.pw_uid); } WARN_UNUSED @@ -398,27 +406,35 @@ int chmod_chown(char const * const path, mode_t mode, char const * const user, c if (user != NULL) { - errno = 0; - - struct passwd * const pwd = getpwnam(user); - if (pwd == NULL) { - return (errno != 0 ? -errno : -ENOENT); + struct passwd pwd; + struct passwd * result; + char buf[BUFSIZ]; + int retval; + + retval = getpwnam_r(user, &pwd, buf, sizeof(buf), &result); + if (result == NULL) + { + return (retval != 0 ? -retval : -ENOENT); + } + path_uid = pwd.pw_uid; + path_gid = pwd.pw_gid; } - path_uid = pwd->pw_uid; - path_gid = pwd->pw_gid; } if (group != NULL) { - errno = 0; + struct group grp; + struct group * result; + char buf[BUFSIZ]; + int retval; - struct group * const grp = getgrnam(group); - if (grp == NULL) + retval = getgrnam_r(group, &grp, buf, sizeof(buf), &result); + if (result == NULL) { - return (errno != 0 ? -errno : -ENOENT); + return (retval != 0 ? -retval : -ENOENT); } - path_gid = grp->gr_gid; + path_gid = grp.gr_gid; } if (path_uid != (uid_t)-1 || path_gid != (gid_t)-1) @@ -617,17 +633,17 @@ static char * ini_rstrip(char * s) } /* Return pointer to first non-whitespace char in given string. */ -static char * ini_lskip(const char * s) +static char * ini_lskip(char * s) { while (*s && isspace((unsigned char)(*s))) s++; - return (char *)s; + return s; } /* Return pointer to first char (of chars) or inline comment in given string, or pointer to NUL at end of string if neither found. Inline comment must be prefixed by a whitespace character to register as a comment. */ -static char * ini_find_chars_or_comment(const char * s, const char * chars) +static char * ini_find_chars_or_comment(char * s, const char * chars) { int was_space = 0; while (*s && (!chars || !strchr(chars, *s)) && !(was_space && strchr(INI_INLINE_COMMENT_PREFIXES, *s))) @@ -635,7 +651,7 @@ static char * ini_find_chars_or_comment(const char * s, const char * chars) was_space = isspace((unsigned char)(*s)); s++; } - return (char *)s; + return s; } /* See: https://github.com/benhoyt/inih/blob/master/ini.c#L97C67-L97C74 */ |