Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-27306

Coverity scan reported new defects related to ESP

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • master
    • 8.8.0
    • ESP
    • None
    • Coverity

    Description

       

      CID Type Impact Status First Detected Component Category File Function
      1514430 Untrusted value as argument Medium New 02/21/22 Esp Insecure data handling HPCC-Platform/esp/test/httptest/main.cpp main

       

              390. Condition add_soap_headers, taking true branch.
      264            if(add_soap_headers)
      265            {
         	391. identity_transfer: Passing times as argument 2 to constructor for class HttpClient, which sets client.m_times to that argument. [show details]
         	392. tainted_data_transitive: Call to function HttpClient with tainted argument times transitively taints client.m_times. [show details]
      266                HttpClient client(threads, times, ofile);
         	393. Condition delay > 0, taking true branch.
      267                if(delay > 0)
      268                    client.setDelay(delay);
         	394. upper_bounds: Checking upper bounds of signed scalar client.m_times by taking the true branch of client.m_times < 1.
         	395. upper_bounds: Checking upper bounds of signed scalar client.m_times by taking the true branch of client.m_threads > client.m_times.
         	
      CID 1514430 (#1-6 of 6): Untrusted value as argument (TAINTED_SCALAR)
              396. tainted_data: Passing tainted expression client.m_times to sendSoapRequest, which uses it as an allocation size. [show details]
         	Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
      269                client.sendSoapRequest(url.str(), soapaction, in_fname.str());
      270            }
      27

      Attachments

        Activity

          People

            wangkx Kevin Wang
            attilavamos Attila Vamos
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: