From 1c77aad39c1cad71195a932a68ac21ec72345266 Mon Sep 17 00:00:00 2001 From: Erik Boasson Date: Mon, 24 Feb 2020 13:13:23 +0100 Subject: [PATCH] Fix Clang static analyzer warnings Signed-off-by: Erik Boasson --- .../authentication/src/authentication.c | 2 +- .../cryptographic/src/crypto_key_factory.c | 2 ++ .../src/decode_serialized_payload_utests.c | 6 +++++ .../src/encode_datareader_submessage_utests.c | 7 ++++++ .../src/encode_datawriter_submessage_utests.c | 9 +++++++ .../src/encode_rtps_message_utests.c | 25 +++++++++++-------- .../src/encode_serialized_payload_utests.c | 4 +++ ...thenticated_peer_credential_token_utests.c | 13 ++++++++++ .../src/get_xxx_sec_attributes_utests.c | 2 +- .../src/listeners_authentication_utests.c | 12 +++++++-- .../src/process_handshake_utests.c | 21 +++++++++++++++- .../src/register_local_datareader_utests.c | 9 +++++-- .../src/register_local_datawriter_utests.c | 13 +++++++--- .../src/register_local_participant_utests.c | 4 +++ ...egister_matched_remote_datareader_utests.c | 10 +++++--- ...egister_matched_remote_datawriter_utests.c | 12 ++++++--- .../validate_begin_handshake_reply_utests.c | 22 ++++++++-------- .../src/validate_local_identity_utests.c | 3 +++ .../src/validate_local_permissions_utests.c | 1 + .../src/validate_remote_permissions_utests.c | 2 ++ .../mock_authentication.c | 6 +++++ .../mock_authentication.c | 6 +++++ 22 files changed, 154 insertions(+), 37 deletions(-) diff --git a/src/security/builtin_plugins/authentication/src/authentication.c b/src/security/builtin_plugins/authentication/src/authentication.c index 257debc..09d3425 100644 --- a/src/security/builtin_plugins/authentication/src/authentication.c +++ b/src/security/builtin_plugins/authentication/src/authentication.c @@ -660,7 +660,7 @@ free_binary_properties( uint32_t length) { uint32_t i; - + assert (seq); for (i = 0; i < length; i++) { ddsrt_free(seq[i].name); ddsrt_free(seq[i].value._buffer); diff --git a/src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c b/src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c index 833ca01..e77c99c 100644 --- a/src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c +++ b/src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c @@ -1150,6 +1150,8 @@ crypto_factory_set_datawriter_crypto_tokens( endpoint_relation *relation; uint32_t key_id, i; + assert (num_key_mat > 0); + remote_writer_crypto = (remote_datawriter_crypto *)crypto_object_table_find(impl->crypto_objects, remote_writer_handle); if (!remote_writer_crypto) { diff --git a/src/security/builtin_plugins/tests/decode_serialized_payload/src/decode_serialized_payload_utests.c b/src/security/builtin_plugins/tests/decode_serialized_payload/src/decode_serialized_payload_utests.c index 91d7e55..05fcf46 100644 --- a/src/security/builtin_plugins/tests/decode_serialized_payload/src/decode_serialized_payload_utests.c +++ b/src/security/builtin_plugins/tests/decode_serialized_payload/src/decode_serialized_payload_utests.c @@ -9,6 +9,8 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ +#include + #include #include #include @@ -218,6 +220,7 @@ static DDS_Security_DatawriterCryptoHandle register_local_datawriter(bool encryp printf("register_local_datawriter: %s\n", exception.message ? exception.message : "Error message missing"); } + assert (writer_crypto != 0); return writer_crypto; } @@ -239,6 +242,7 @@ static DDS_Security_DatawriterCryptoHandle register_remote_datawriter(DDS_Securi printf("register_matched_remote_datareader: %s\n", exception.message ? exception.message : "Error message missing"); } + assert (writer_crypto != 0); return writer_crypto; } @@ -839,6 +843,7 @@ CU_Test(ddssec_builtin_decode_serialized_payload, invalid_data, .init = suite_de } CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(exception.code == 0); CU_ASSERT(exception.message == NULL); @@ -846,6 +851,7 @@ CU_Test(ddssec_builtin_decode_serialized_payload, invalid_data, .init = suite_de result = split_encoded_data(encoded_buffer._buffer, encoded_buffer._length, &header, &contents, (uint32_t *) &length, &footer); CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer /* use incorrect transformation kind */ { diff --git a/src/security/builtin_plugins/tests/encode_datareader_submessage/src/encode_datareader_submessage_utests.c b/src/security/builtin_plugins/tests/encode_datareader_submessage/src/encode_datareader_submessage_utests.c index 2513a39..7d97531 100644 --- a/src/security/builtin_plugins/tests/encode_datareader_submessage/src/encode_datareader_submessage_utests.c +++ b/src/security/builtin_plugins/tests/encode_datareader_submessage/src/encode_datareader_submessage_utests.c @@ -804,6 +804,7 @@ static void encode_datareader_submessage_not_signed(uint32_t transformation_kind reader_crypto = register_local_datareader(&datareader_security_attributes, &datareader_properties); CU_ASSERT_FATAL(reader_crypto != 0); + assert(reader_crypto != 0); // for Clang's static analyzer session_keys = get_datareader_session(reader_crypto); @@ -829,6 +830,7 @@ static void encode_datareader_submessage_not_signed(uint32_t transformation_kind } CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(exception.code == 0); CU_ASSERT(exception.message == NULL); @@ -836,6 +838,7 @@ static void encode_datareader_submessage_not_signed(uint32_t transformation_kind result = check_encoded_data(&encoded_buffer, is_encrypted, &header, &footer, &data); CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(header->transform_identifier.transformation_kind[3] == transformation_kind); @@ -951,6 +954,7 @@ static void encode_datareader_submessage_sign(uint32_t transformation_kind) reader_crypto = register_local_datareader(&datareader_security_attributes, &datareader_properties); CU_ASSERT_FATAL(reader_crypto != 0); + assert(reader_crypto != 0); // for Clang's static analyzer session_keys = get_datareader_session(reader_crypto); @@ -960,6 +964,7 @@ static void encode_datareader_submessage_sign(uint32_t transformation_kind) { writer_crypto = register_remote_datawriter(reader_crypto); CU_ASSERT_FATAL(writer_crypto != 0); + assert(writer_crypto != 0); // for Clang's static analyzer writer_list._buffer[i] = writer_crypto; } @@ -980,6 +985,7 @@ static void encode_datareader_submessage_sign(uint32_t transformation_kind) } CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(exception.code == 0); CU_ASSERT(exception.message == NULL); @@ -988,6 +994,7 @@ static void encode_datareader_submessage_sign(uint32_t transformation_kind) result = check_encoded_data(&encoded_buffer, is_encrypted, &header, &footer, &data); CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(header->transform_identifier.transformation_kind[3] == transformation_kind); diff --git a/src/security/builtin_plugins/tests/encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c b/src/security/builtin_plugins/tests/encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c index e4c7428..f7433ac 100644 --- a/src/security/builtin_plugins/tests/encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c +++ b/src/security/builtin_plugins/tests/encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c @@ -810,11 +810,13 @@ static void encode_datawriter_submessage_not_signed(DDS_Security_CryptoTransform writer_crypto = register_local_datawriter(&datawriter_security_attributes, &datawriter_properties); CU_ASSERT_FATAL(writer_crypto != 0); + assert(writer_crypto != 0); // for Clang's static analyzer session_keys = get_datawriter_session(writer_crypto); reader_crypto = register_remote_datareader(writer_crypto); CU_ASSERT_FATAL(reader_crypto != 0); + assert(reader_crypto != 0); // for Clang's static analyzer reader_list._length = reader_list._maximum = 1; reader_list._buffer = DDS_Security_DatareaderCryptoHandleSeq_allocbuf(1); @@ -837,6 +839,8 @@ static void encode_datawriter_submessage_not_signed(DDS_Security_CryptoTransform } CU_ASSERT_FATAL(result); + assert(result != 0); // for Clang's static analyzer + CU_ASSERT(exception.code == 0); CU_ASSERT(exception.message == NULL); @@ -844,6 +848,7 @@ static void encode_datawriter_submessage_not_signed(DDS_Security_CryptoTransform result = check_encoded_data(&encoded_buffer, is_encrypted, &header, &footer, &data); CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(header->transform_identifier.transformation_kind[3] == transformation_kind); @@ -961,6 +966,7 @@ static void encode_datawriter_submessage_sign(DDS_Security_CryptoTransformKind_E writer_crypto = register_local_datawriter(&datawriter_security_attributes, &datawriter_properties); CU_ASSERT_FATAL(writer_crypto != 0); + assert(writer_crypto != 0); // for Clang's static analyzer session_keys = get_datawriter_session(writer_crypto); @@ -970,6 +976,7 @@ static void encode_datawriter_submessage_sign(DDS_Security_CryptoTransformKind_E { reader_crypto = register_remote_datareader(writer_crypto); CU_ASSERT_FATAL(reader_crypto != 0); + assert(reader_crypto != 0); // for Clang's static analyzer reader_list._buffer[i] = reader_crypto; } index = 0; @@ -994,6 +1001,7 @@ static void encode_datawriter_submessage_sign(DDS_Security_CryptoTransformKind_E } CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(exception.code == 0); CU_ASSERT(exception.message == NULL); @@ -1003,6 +1011,7 @@ static void encode_datawriter_submessage_sign(DDS_Security_CryptoTransformKind_E result = check_encoded_data(&encoded_buffer, is_encrypted, &header, &footer, &data); CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(header->transform_identifier.transformation_kind[3] == transformation_kind); diff --git a/src/security/builtin_plugins/tests/encode_rtps_message/src/encode_rtps_message_utests.c b/src/security/builtin_plugins/tests/encode_rtps_message/src/encode_rtps_message_utests.c index d65a0c7..bdcbb95 100644 --- a/src/security/builtin_plugins/tests/encode_rtps_message/src/encode_rtps_message_utests.c +++ b/src/security/builtin_plugins/tests/encode_rtps_message/src/encode_rtps_message_utests.c @@ -40,7 +40,7 @@ static DDS_Security_IdentityHandle local_participant_identity = 1; static DDS_Security_IdentityHandle remote_participant_identities[] = {2, 3, 4, 5}; static DDS_Security_ParticipantCryptoHandle local_particpant_crypto = 0; -static DDS_Security_ParticipantCryptoHandle remote_particpant_cryptos[4]; +static DDS_Security_ParticipantCryptoHandle remote_particpant_cryptos[sizeof(remote_participant_identities) / sizeof(remote_participant_identities[0])]; static DDS_Security_SharedSecretHandleImpl *shared_secret_handle_impl = NULL; static DDS_Security_SharedSecretHandle shared_secret_handle; @@ -63,7 +63,7 @@ struct submsg_header struct crypto_header { struct CryptoTransformIdentifier transform_identifier; - unsigned char session_id[4]; + unsigned char session_id[sizeof(remote_participant_identities) / sizeof(remote_participant_identities[0])]; unsigned char init_vector_suffix[8]; }; @@ -167,7 +167,7 @@ static int register_remote_participants(void) unsigned i; int result = 0; - for (i = 0; i < 4; ++i) + for (i = 0; i < sizeof(remote_particpant_cryptos) / sizeof(remote_particpant_cryptos[0]); ++i) { remote_particpant_cryptos[i] = crypto->crypto_key_factory->register_matched_remote_participant( @@ -194,7 +194,7 @@ unregister_remote_participants(void) { unsigned i; DDS_Security_SecurityException exception = {NULL, 0, 0}; - for (i = 0; i < 4; ++i) + for (i = 0; i < sizeof(remote_particpant_cryptos) / sizeof(remote_particpant_cryptos[0]); ++i) { if (remote_particpant_cryptos[i]) { @@ -825,6 +825,7 @@ static void encode_rtps_message_not_authenticated(DDS_Security_CryptoTransformKi } CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(exception.code == 0); CU_ASSERT(exception.message == NULL); @@ -832,6 +833,7 @@ static void encode_rtps_message_not_authenticated(DDS_Security_CryptoTransformKi result = check_encoded_data(&encoded_buffer, encrypted, &header, &footer, &data); CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(header->transform_identifier.transformation_kind[3] == transformation_kind); @@ -922,7 +924,7 @@ static void encode_rtps_message_sign(DDS_Security_CryptoTransformKind_Enum trans struct crypto_header *header = NULL; struct crypto_footer *footer = NULL; uint32_t session_id; - int i; + size_t i; CU_ASSERT_FATAL(crypto != NULL); CU_ASSERT_FATAL(crypto->crypto_transform != NULL); @@ -943,9 +945,9 @@ static void encode_rtps_message_sign(DDS_Security_CryptoTransformKind_Enum trans register_remote_participants(); - reader_list._length = reader_list._maximum = 4; - reader_list._buffer = DDS_Security_ParticipantCryptoHandleSeq_allocbuf(4); - for (i = 0; i < 4; i++) + reader_list._length = reader_list._maximum = (uint32_t) (sizeof(remote_particpant_cryptos) / sizeof(remote_particpant_cryptos[0])); + reader_list._buffer = DDS_Security_ParticipantCryptoHandleSeq_allocbuf(reader_list._maximum); + for (i = 0; i < sizeof(remote_particpant_cryptos) / sizeof(remote_particpant_cryptos[0]); i++) { set_remote_participant_protection_kind(remote_particpant_cryptos[i], protection_kind); reader_list._buffer[i] = remote_particpant_cryptos[i]; @@ -955,7 +957,7 @@ static void encode_rtps_message_sign(DDS_Security_CryptoTransformKind_Enum trans /* Now call the function. */ buffer = &plain_buffer; - while (index != 4) + while ((uint32_t) index != reader_list._length) { result = crypto->crypto_transform->encode_rtps_message( crypto->crypto_transform, @@ -1082,14 +1084,17 @@ CU_Test(ddssec_builtin_encode_rtps_message, invalid_args, .init = suite_encode_r memset(&empty_reader_list, 0, sizeof(empty_reader_list)); CU_ASSERT_FATAL(local_particpant_crypto != 0); + assert(local_particpant_crypto != 0); // for Clang's static analyzer register_remote_participants(); - for (i = 0; i < 4; i++) + for (i = 0; i < sizeof (remote_particpant_cryptos) / sizeof (remote_particpant_cryptos[0]); i++) { + assert (remote_particpant_cryptos[i]); // for Clang's static analyzer set_remote_participant_protection_kind(remote_particpant_cryptos[i], DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION); } CU_ASSERT_FATAL(remote_particpant_cryptos[0] != 0); + assert(remote_particpant_cryptos[0] != 0); // for Clang's static analyzer reader_list._length = reader_list._maximum = 1; reader_list._buffer = DDS_Security_ParticipantCryptoHandleSeq_allocbuf(1); diff --git a/src/security/builtin_plugins/tests/encode_serialized_payload/src/encode_serialized_payload_utests.c b/src/security/builtin_plugins/tests/encode_serialized_payload/src/encode_serialized_payload_utests.c index f477ea3..e4cd8ea 100644 --- a/src/security/builtin_plugins/tests/encode_serialized_payload/src/encode_serialized_payload_utests.c +++ b/src/security/builtin_plugins/tests/encode_serialized_payload/src/encode_serialized_payload_utests.c @@ -566,6 +566,8 @@ static void encode_serialized_payload_check(uint32_t key_size, bool encrypted) writer_crypto = register_local_datawriter(encrypted); CU_ASSERT_FATAL(writer_crypto != 0); + assert(writer_crypto != 0); // for Clang's static analyzer + CU_ASSERT(check_protection_kind(writer_crypto, encrypted ? DDS_SECURITY_BASICPROTECTION_KIND_ENCRYPT : DDS_SECURITY_BASICPROTECTION_KIND_SIGN)); session_keys = get_datawriter_session(writer_crypto); @@ -586,12 +588,14 @@ static void encode_serialized_payload_check(uint32_t key_size, bool encrypted) printf("[ERROR] encode_serialized_payload: %s\n", exception.message ? exception.message : "Error message missing"); } CU_ASSERT_FATAL(result); + assert(result); // for Clang's static analyzer CU_ASSERT(exception.code == 0); CU_ASSERT(exception.message == NULL); reset_exception(&exception); result = split_encoded_data(encoded_buffer._buffer, encoded_buffer._length, &header, &encoded_payload, &footer, encrypted); CU_ASSERT_FATAL(result == true); + assert(result); // for Clang's static analyzer CU_ASSERT(check_payload_encoded(&encoded_payload, &plain_buffer, encrypted)); session_id = ddsrt_fromBE4u(*(uint32_t *)header->session_id); diff --git a/src/security/builtin_plugins/tests/get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c b/src/security/builtin_plugins/tests/get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c index 160ae83..6ae66d7 100644 --- a/src/security/builtin_plugins/tests/get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c +++ b/src/security/builtin_plugins/tests/get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c @@ -1256,6 +1256,7 @@ fill_handshake_message_token( CU_ASSERT(hash1_from_request != NULL); CU_ASSERT(hash2_from_reply != NULL); + assert(hash1_from_request && hash2_from_reply); // for Clang's static analyzer set_binary_property_value(hash_c1, "hash_c1", hash1_from_request->value._buffer, hash1_from_request->value._length); set_binary_property_value(hash_c2, "hash_c2", hash2_from_reply->value._buffer, hash2_from_reply->value._length); @@ -1382,6 +1383,7 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_request ) &exception); CU_ASSERT_FATAL(result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE); + assert(result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE); // for Clang's static analyzer /* mock reply */ dh1 = find_binary_property(&handshake_token_out, "dh1"); @@ -1414,6 +1416,7 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_request ) handshake_handle, &exception); CU_ASSERT_FATAL(result == DDS_SECURITY_VALIDATION_OK_FINAL_MESSAGE); + assert(result == DDS_SECURITY_VALIDATION_OK_FINAL_MESSAGE); // for Clang's static analyzer /* * Actual test. @@ -1425,8 +1428,10 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_request ) &exception); CU_ASSERT_TRUE (success); + assert(success); // for Clang's static analyzer CU_ASSERT_FATAL(credential_token.class_id != NULL); + assert(credential_token.class_id); // for Clang's static analyzer CU_ASSERT(strcmp(credential_token.class_id, AUTH_PROTOCOL_CLASS_ID) == 0); CU_ASSERT(credential_token.properties._length == 2); CU_ASSERT(credential_token.binary_properties._length == 0); @@ -1434,12 +1439,14 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_request ) c_id = find_property(&credential_token, "c.id"); CU_ASSERT_FATAL(c_id != NULL); CU_ASSERT_FATAL(c_id->value != NULL); + assert(c_id && c_id->value); // for Clang's static analyzer //printf("c_id->value: %s\n", c_id->value); CU_ASSERT(strcmp(c_id->value, REMOTE_IDENTITY_CERTIFICATE) == 0); c_perm = find_property(&credential_token, "c.perm"); CU_ASSERT_FATAL(c_perm != NULL); CU_ASSERT_FATAL(c_perm->value != NULL); + assert(c_perm && c_perm->value); // for Clang's static analyzer //printf("c_perm->value: %s\n", c_perm->value); CU_ASSERT(strcmp(c_perm->value, PERMISSIONS_DOCUMENT) == 0); @@ -1506,6 +1513,7 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_reply ) &exception); CU_ASSERT_FATAL(result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE); + assert(result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE); // for Clang's static analyzer /* mock final */ dh2 = find_binary_property(&handshake_token_out, "dh2"); @@ -1539,6 +1547,7 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_reply ) &exception); CU_ASSERT_FATAL(result == DDS_SECURITY_VALIDATION_OK); + assert(result == DDS_SECURITY_VALIDATION_OK); // for Clang's static analyzer /* * Actual test. @@ -1550,6 +1559,7 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_reply ) &exception); CU_ASSERT_TRUE (success); + assert(success); // for Clang's static analyzer CU_ASSERT_FATAL(credential_token.class_id != NULL); CU_ASSERT(strcmp(credential_token.class_id, AUTH_PROTOCOL_CLASS_ID) == 0); @@ -1559,12 +1569,14 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_reply ) c_id = find_property(&credential_token, "c.id"); CU_ASSERT_FATAL(c_id != NULL); CU_ASSERT_FATAL(c_id->value != NULL); + assert(c_id && c_id->value); // for Clang's static analyzer //printf("c_id->value: %s\n", c_id->value); CU_ASSERT(strcmp(c_id->value, REMOTE_IDENTITY_CERTIFICATE) == 0); c_perm = find_property(&credential_token, "c.perm"); CU_ASSERT_FATAL(c_perm != NULL); CU_ASSERT_FATAL(c_perm->value != NULL); + assert(c_perm && c_perm->value); // for Clang's static analyzer //printf("c_perm->value: %s\n", c_perm->value); CU_ASSERT(strcmp(c_perm->value, PERMISSIONS_DOCUMENT) == 0); @@ -1581,6 +1593,7 @@ CU_Test(ddssec_builtin_get_authenticated_peer_credential,token_after_reply ) success = g_auth->return_handshake_handle(g_auth, handshake_handle, &exception); CU_ASSERT_TRUE (success); + assert(success); // for Clang's static analyzer reset_exception(&exception); diff --git a/src/security/builtin_plugins/tests/get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c b/src/security/builtin_plugins/tests/get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c index 91381aa..04df354 100644 --- a/src/security/builtin_plugins/tests/get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c +++ b/src/security/builtin_plugins/tests/get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c @@ -1279,7 +1279,7 @@ static void test_liveliness_discovery_reader_attr( DDS_Security_DataTagQosPolicy data_tag; DDS_Security_PartitionQosPolicy *partition = NULL; bool result; - return; + CU_ASSERT_FATAL(access_control->get_datareader_sec_attributes != NULL); memset(&attr, 0, sizeof(attr)); diff --git a/src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c b/src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c index a039d25..779b254 100644 --- a/src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c +++ b/src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c @@ -1724,7 +1724,8 @@ fill_handshake_message_token( set_binary_property_string(c_kagree_algo, "c.kagree_algox", "rubbish"); } - CU_ASSERT(hash1_from_request != NULL); + CU_ASSERT_FATAL(hash1_from_request != NULL); + assert(hash1_from_request != NULL); // for Clang's static analyzer set_binary_property_value(hash_c1, "hash_c1", hash1_from_request->value._buffer, hash1_from_request->value._length); @@ -1786,6 +1787,7 @@ fill_handshake_message_token( EVP_PKEY *private_key_x509; unsigned char *sign; size_t signlen; + DDS_Security_ValidationResult_t rc; const DDS_Security_BinaryProperty_t * binary_properties[ HANDSHAKE_SIGNATURE_SIZE ]; @@ -1802,10 +1804,14 @@ fill_handshake_message_token( binary_properties[4] = dh1; binary_properties[5] = hash_c1; - if (create_signature_for_test(private_key_x509, binary_properties, HANDSHAKE_SIGNATURE_SIZE , &sign, &signlen, &exception) != DDS_SECURITY_VALIDATION_OK) + rc = create_signature_for_test(private_key_x509, binary_properties, HANDSHAKE_SIGNATURE_SIZE , &sign, &signlen, &exception); + if (rc != DDS_SECURITY_VALIDATION_OK) { printf("Exception: %s\n", exception.message); } + CU_ASSERT_FATAL (rc == DDS_SECURITY_VALIDATION_OK); + assert(rc == DDS_SECURITY_VALIDATION_OK); // for Clang's static analyzer + set_binary_property_value(signature, "signature", sign, (uint32_t)signlen); ddsrt_free(sign); @@ -2008,8 +2014,10 @@ CU_Test(ddssec_builtin_listeners_auth, local_remote_set_before_validation) hash1_sent_in_request = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert(dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert(dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer dh1_pub_key.data = dh1->value._buffer; dh1_pub_key.length = dh1->value._length; diff --git a/src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c b/src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c index 5b2f5d6..dabd5a8 100644 --- a/src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c +++ b/src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c @@ -1292,7 +1292,8 @@ fill_handshake_message_token( set_binary_property_string(c_kagree_algo, "c.kagree_algox", "rubbish"); } - CU_ASSERT(hash1_from_request != NULL); + CU_ASSERT_FATAL(hash1_from_request != NULL); + assert(hash1_from_request != NULL); // for Clang's static analyzer set_binary_property_value(hash_c1, "hash_c1", hash1_from_request->value._buffer, hash1_from_request->value._length); @@ -1587,8 +1588,10 @@ CU_Test(ddssec_builtin_process_handshake,happy_day_after_request ) hash1_sentrequest = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert(dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert(dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer dh1_pub_key.data = dh1->value._buffer; dh1_pub_key.length = dh1->value._length; @@ -1875,8 +1878,10 @@ CU_Test(ddssec_builtin_process_handshake,invalid_certificate ) hash1_sentrequest = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert(dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert(dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer /* prepare reply */ dh1_pub_key.data = dh1->value._buffer; @@ -1959,8 +1964,10 @@ CU_Test(ddssec_builtin_process_handshake,invalid_dsign_algo ) hash1_sentrequest = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert(dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert(dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer /* prepare reply */ dh1_pub_key.data = dh1->value._buffer; @@ -2037,8 +2044,10 @@ CU_Test(ddssec_builtin_process_handshake,invalid_kagree_algo ) hash1_sentrequest = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert (dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert (dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer /* prepare reply */ dh1_pub_key.data = dh1->value._buffer; @@ -2114,8 +2123,10 @@ CU_Test(ddssec_builtin_process_handshake,invalid_diffie_hellman ) hash1_sentrequest = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert (dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert (dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer /* prepare reply */ fill_handshake_message_token( @@ -2244,6 +2255,8 @@ CU_Test(ddssec_builtin_process_handshake,extended_certificate_check ) if (result != DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE) { printf("begin_handshake_request failed: %s\n", exception.message ? exception.message : "Error message missing"); } + CU_ASSERT_FATAL(result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE); + assert(result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE); // for Clang's static analyzer /* get challenge 1 from the message */ challenge1_glb = find_binary_property(&handshake_token_out, "challenge1"); @@ -2254,8 +2267,10 @@ CU_Test(ddssec_builtin_process_handshake,extended_certificate_check ) hash1_sentrequest = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert(dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert(dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer dh1_pub_key.data = dh1->value._buffer; dh1_pub_key.length = dh1->value._length; @@ -2328,8 +2343,10 @@ CU_Test(ddssec_builtin_process_handshake,extended_certificate_check ) hash1_sentrequest = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert (dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert (dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer dh1_pub_key.data = dh1->value._buffer; dh1_pub_key.length = dh1->value._length; @@ -2397,8 +2414,10 @@ CU_Test(ddssec_builtin_process_handshake,extended_certificate_check ) hash1_sentrequest = find_binary_property(&handshake_token_out, "hash_c1"); CU_ASSERT_FATAL(dh1 != NULL); + assert (dh1 != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(dh1->value._length > 0); CU_ASSERT_FATAL(dh1->value._buffer != NULL); + assert (dh1->value._length > 0 && dh1->value._buffer != NULL); // for Clang's static analyzer dh1_pub_key.data = dh1->value._buffer; dh1_pub_key.length = dh1->value._length; diff --git a/src/security/builtin_plugins/tests/register_local_datareader/src/register_local_datareader_utests.c b/src/security/builtin_plugins/tests/register_local_datareader/src/register_local_datareader_utests.c index 327ddb7..5747ac3 100644 --- a/src/security/builtin_plugins/tests/register_local_datareader/src/register_local_datareader_utests.c +++ b/src/security/builtin_plugins/tests/register_local_datareader/src/register_local_datareader_utests.c @@ -9,6 +9,8 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ +#include + #include #include #include @@ -166,6 +168,7 @@ CU_Test(ddssec_builtin_register_local_datareader, happy_day, .init = suite_regis /* A valid handle to be returned */ CU_ASSERT(result != 0); + assert(result != 0); // for Clang's static analyzer CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); @@ -220,6 +223,7 @@ CU_Test(ddssec_builtin_register_local_datareader, builtin_endpoint, .init = suit /* A valid handle to be returned */ CU_ASSERT(result != 0); CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); + assert(result != 0); // for Clang's static analyzer /* NOTE: It would be better to check if the keys have been generated but there is no interface to get them from handle */ reader_crypto = (local_datareader_crypto *)result; @@ -268,8 +272,9 @@ CU_Test(ddssec_builtin_register_local_datareader, special_endpoint_name, .init = printf("register_local_datareader: %s\n", exception.message ? exception.message : "Error message missing"); /* A valid handle to be returned */ - CU_ASSERT(result != 0); - CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); + CU_ASSERT_FATAL(result != 0); + assert(result != 0); // for Clang's static analyzer + CU_ASSERT_FATAL(exception.code == DDS_SECURITY_ERR_OK_CODE); CU_ASSERT_FATAL(((local_datareader_crypto *)result)->is_builtin_participant_volatile_message_secure_reader); reset_exception(&exception); DDS_Security_PropertySeq_deinit(&datareader_properties); diff --git a/src/security/builtin_plugins/tests/register_local_datawriter/src/register_local_datawriter_utests.c b/src/security/builtin_plugins/tests/register_local_datawriter/src/register_local_datawriter_utests.c index c6d1adc..16d13f3 100644 --- a/src/security/builtin_plugins/tests/register_local_datawriter/src/register_local_datawriter_utests.c +++ b/src/security/builtin_plugins/tests/register_local_datawriter/src/register_local_datawriter_utests.c @@ -9,6 +9,8 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ +#include + #include #include #include @@ -172,6 +174,7 @@ CU_Test(ddssec_builtin_register_local_datawriter, happy_day, .init = suite_regis /* A valid handle to be returned */ CU_ASSERT(result != 0); CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); + assert(result != 0); // for Clang's static analyzer /* NOTE: It would be better to check if the keys have been generated but there is no interface to get them from handle */ writer_crypto = (local_datawriter_crypto *)result; @@ -230,8 +233,9 @@ CU_Test(ddssec_builtin_register_local_datawriter, builtin_endpoint, .init = suit printf("register_local_datawriter: %s\n", exception.message ? exception.message : "Error message missing"); /* A valid handle to be returned */ - CU_ASSERT(result != 0); - CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); + CU_ASSERT_FATAL(result != 0); + CU_ASSERT_FATAL(exception.code == DDS_SECURITY_ERR_OK_CODE); + assert(result != 0); // for Clang's static analyzer /* NOTE: It would be better to check if the keys have been generated but there is no interface to get them from handle */ writer_crypto = (local_datawriter_crypto *)result; @@ -289,8 +293,9 @@ CU_Test(ddssec_builtin_register_local_datawriter, special_endpoint_name, .init = printf("register_local_datawriter: %s\n", exception.message ? exception.message : "Error message missing"); /* A valid handle to be returned */ - CU_ASSERT(result != 0); - CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); + CU_ASSERT_FATAL(result != 0); + CU_ASSERT_FATAL(exception.code == DDS_SECURITY_ERR_OK_CODE); + assert(result != 0); // for Clang's static analyzer CU_ASSERT_FATAL(((local_datawriter_crypto *)result)->is_builtin_participant_volatile_message_secure_writer); reset_exception(&exception); diff --git a/src/security/builtin_plugins/tests/register_local_participant/src/register_local_participant_utests.c b/src/security/builtin_plugins/tests/register_local_participant/src/register_local_participant_utests.c index 967cf67..1602d9a 100644 --- a/src/security/builtin_plugins/tests/register_local_participant/src/register_local_participant_utests.c +++ b/src/security/builtin_plugins/tests/register_local_participant/src/register_local_participant_utests.c @@ -9,6 +9,8 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ +#include + #include #include #include @@ -146,6 +148,8 @@ CU_Test(ddssec_builtin_register_local_participant, empty_identity, .init = suite printf("register_local_participant: %s\n", exception.message ? exception.message : "Error message missing"); CU_ASSERT(exception.code == DDS_SECURITY_ERR_IDENTITY_EMPTY_CODE); + CU_ASSERT_FATAL(exception.message != NULL); + assert(exception.message != NULL); // for Clang's static analyzer CU_ASSERT(!strcmp(exception.message, DDS_SECURITY_ERR_IDENTITY_EMPTY_MESSAGE)); CU_ASSERT(result == 0); diff --git a/src/security/builtin_plugins/tests/register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c b/src/security/builtin_plugins/tests/register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c index 6c6d6ff..2f0eadb 100644 --- a/src/security/builtin_plugins/tests/register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c +++ b/src/security/builtin_plugins/tests/register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c @@ -9,6 +9,8 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ +#include + #include #include #include @@ -200,8 +202,9 @@ CU_Test(ddssec_builtin_register_remote_datareader, happy_day, .init = suite_regi printf("register_remote_datareader: %s\n", exception.message ? exception.message : "Error message missing"); /* A valid handle to be returned */ - CU_ASSERT(result != 0); - CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); + CU_ASSERT_FATAL(result != 0); + CU_ASSERT_FATAL(exception.code == DDS_SECURITY_ERR_OK_CODE); + assert(result != 0); // for Clang's static analyzer /* NOTE: It would be better to check if the keys have been generated but there is no interface to get them from handle */ reader_crypto = (remote_datareader_crypto *)result; @@ -265,6 +268,7 @@ CU_Test(ddssec_builtin_register_remote_datareader, volatile_secure, .init = suit /* A valid handle to be returned */ CU_ASSERT_FATAL(result != 0); + assert(result != 0); // for Clang's static analyzer CU_ASSERT_FATAL(((remote_datareader_crypto *)result)->is_builtin_participant_volatile_message_secure_reader); CU_ASSERT_FATAL(exception.code == DDS_SECURITY_ERR_OK_CODE); reset_exception(&exception); @@ -293,7 +297,6 @@ CU_Test(ddssec_builtin_register_remote_datareader, with_origin_authentication, . /*set writer protection kind */ writer_crypto = (local_datawriter_crypto *)local_writer_handle; writer_crypto->metadata_protectionKind = DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION; - writer_crypto = (local_datawriter_crypto *)local_writer_handle; /* Now call the function. */ result = crypto->crypto_key_factory->register_matched_remote_datareader( @@ -310,6 +313,7 @@ CU_Test(ddssec_builtin_register_remote_datareader, with_origin_authentication, . /* A valid handle to be returned */ CU_ASSERT(result != 0); CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); + assert(result != 0); // for Clang's static analyzer /* NOTE: It would be better to check if the keys have been generated but there is no interface to get them from handle */ reader_crypto = (remote_datareader_crypto *)result; diff --git a/src/security/builtin_plugins/tests/register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c b/src/security/builtin_plugins/tests/register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c index 635c018..c9dc669 100644 --- a/src/security/builtin_plugins/tests/register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c +++ b/src/security/builtin_plugins/tests/register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c @@ -9,6 +9,8 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ +#include + #include #include #include @@ -199,10 +201,12 @@ CU_Test(ddssec_builtin_register_remote_datawriter, happy_day, .init = suite_regi /* A valid handle to be returned */ CU_ASSERT_FATAL(result != 0); CU_ASSERT_FATAL(exception.code == DDS_SECURITY_ERR_OK_CODE); + assert(result != 0); // for Clang's static analyzer /* NOTE: It would be better to check if the keys have been generated but there is no interface to get them from handle */ writer_crypto = (remote_datawriter_crypto *)result; CU_ASSERT_FATAL(writer_crypto->reader2writer_key_material != NULL); + assert(writer_crypto->reader2writer_key_material != NULL); // for Clang's static analyzer CU_ASSERT(master_salt_not_empty(writer_crypto->reader2writer_key_material)); CU_ASSERT(master_key_not_empty(writer_crypto->reader2writer_key_material)); CU_ASSERT_FATAL(writer_crypto->reader2writer_key_material->receiver_specific_key_id == 0); @@ -254,6 +258,7 @@ CU_Test(ddssec_builtin_register_remote_datawriter, volatile_secure, .init = suit /* A valid handle to be returned */ CU_ASSERT_FATAL(result != 0); + assert(result != 0); // for Clang's static analyzer CU_ASSERT_FATAL(((remote_datawriter_crypto *)result)->is_builtin_participant_volatile_message_secure_writer); CU_ASSERT_FATAL(exception.code == DDS_SECURITY_ERR_OK_CODE); reset_exception(&exception); @@ -282,7 +287,6 @@ CU_Test(ddssec_builtin_register_remote_datawriter, with_origin_authentication, . /*set reader protection kind */ reader_crypto = (local_datareader_crypto *)local_reader_handle; reader_crypto->metadata_protectionKind = DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION; - reader_crypto = (local_datareader_crypto *)local_reader_handle; /* Now call the function. */ result = crypto->crypto_key_factory->register_matched_remote_datawriter( @@ -296,12 +300,14 @@ CU_Test(ddssec_builtin_register_remote_datawriter, with_origin_authentication, . printf("register_remote_datawriter: %s\n", exception.message ? exception.message : "Error message missing"); /* A valid handle to be returned */ - CU_ASSERT(result != 0); - CU_ASSERT(exception.code == DDS_SECURITY_ERR_OK_CODE); + CU_ASSERT_FATAL(result != 0); + CU_ASSERT_FATAL(exception.code == DDS_SECURITY_ERR_OK_CODE); + assert(result != 0); // for Clang's static analyzer /* NOTE: It would be better to check if the keys have been generated but there is no interface to get them from handle */ writer_crypto = (remote_datawriter_crypto *)result; CU_ASSERT_FATAL(writer_crypto->reader2writer_key_material != NULL); + assert(writer_crypto->reader2writer_key_material != NULL); // for Clang's static analyzer CU_ASSERT(master_salt_not_empty(writer_crypto->reader2writer_key_material)); CU_ASSERT(master_key_not_empty(writer_crypto->reader2writer_key_material)); CU_ASSERT_FATAL(writer_crypto->reader2writer_key_material->receiver_specific_key_id != 0); diff --git a/src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c b/src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c index 90cb2a7..e8f5259 100644 --- a/src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c +++ b/src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c @@ -1586,6 +1586,7 @@ CU_Test(ddssec_builtin_validate_begin_handshake_reply,invalid_participant_data , property = find_binary_property(&handshake_token_in, "c.pdata"); CU_ASSERT_FATAL(property != NULL); + assert(property != NULL); // for Clang's static analyzer ddsrt_free(property->name); property->name = ddsrt_strdup("c.pdatax"); @@ -1835,17 +1836,18 @@ CU_Test(ddssec_builtin_validate_begin_handshake_reply,invalid_challenge , .init CU_ASSERT_FATAL (remote_identity_handle2 != DDS_SECURITY_HANDLE_NIL); CU_ASSERT_FATAL (auth->begin_handshake_reply != NULL); - fill_handshake_message_token_default(&handshake_token_in, remote_participant_data2, challenge2->value._buffer, challenge2->value._length); + fill_handshake_message_token_default(&handshake_token_in, remote_participant_data2, challenge2->value._buffer, challenge2->value._length); - result = auth->begin_handshake_reply( - auth, - &handshake_handle, - &handshake_token_out, - &handshake_token_in, - remote_identity_handle1, - local_identity_handle, - &serialized_participant_data, - &exception); + result = auth->begin_handshake_reply( + auth, + &handshake_handle, + &handshake_token_out, + &handshake_token_in, + remote_identity_handle1, + local_identity_handle, + &serialized_participant_data, + &exception); + CU_ASSERT_FATAL (result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE); handshake_message_deinit(&handshake_token_in); handshake_message_deinit(&handshake_token_out); diff --git a/src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c b/src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c index 59a5567..721e854 100644 --- a/src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c +++ b/src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c @@ -1133,6 +1133,7 @@ CU_Test(ddssec_builtin_validate_local_identity,missing_certificate_property) CU_ASSERT (result != DDS_SECURITY_VALIDATION_OK); CU_ASSERT (exception.minor_code != 0); CU_ASSERT_FATAL (exception.message != NULL); + assert(exception.message != NULL); // for Clang's static analyzer CU_ASSERT(strcmp(exception.message, "validate_local_identity: missing property 'dds.sec.auth.identity_certificate'") == 0); dds_security_property_deinit(&participant_qos.property.value); @@ -1189,6 +1190,7 @@ CU_Test(ddssec_builtin_validate_local_identity,missing_ca_property) CU_ASSERT (result != DDS_SECURITY_VALIDATION_OK); CU_ASSERT (exception.minor_code != 0); CU_ASSERT_FATAL (exception.message != NULL); + assert(exception.message != NULL); // for Clang's static analyzer CU_ASSERT(strcmp(exception.message, "validate_local_identity: missing property 'dds.sec.auth.identity_ca'") == 0); dds_security_property_deinit(&participant_qos.property.value); @@ -1240,6 +1242,7 @@ CU_Test(ddssec_builtin_validate_local_identity,missing_private_key_property) CU_ASSERT (result != DDS_SECURITY_VALIDATION_OK); CU_ASSERT (exception.minor_code != 0); CU_ASSERT_FATAL (exception.message != NULL); + assert(exception.message != NULL); // for Clang's static analyzer CU_ASSERT(strcmp(exception.message, "validate_local_identity: missing property 'dds.sec.auth.private_key'") == 0); dds_security_property_deinit(&participant_qos.property.value); diff --git a/src/security/builtin_plugins/tests/validate_local_permissions/src/validate_local_permissions_utests.c b/src/security/builtin_plugins/tests/validate_local_permissions/src/validate_local_permissions_utests.c index b690fdb..f0a4cb5 100644 --- a/src/security/builtin_plugins/tests/validate_local_permissions/src/validate_local_permissions_utests.c +++ b/src/security/builtin_plugins/tests/validate_local_permissions/src/validate_local_permissions_utests.c @@ -605,6 +605,7 @@ static DDS_Security_long test_corrupted_signature(bool corrupt_permissions, bool /* Just some (hardcoded) sanity checks. */ CU_ASSERT_FATAL(prop != NULL); CU_ASSERT_FATAL(prop->value != NULL); + assert(prop && prop->value); // for Clang's static analyzer len = strlen(prop->value); CU_ASSERT_FATAL(len > 2250); diff --git a/src/security/builtin_plugins/tests/validate_remote_permissions/src/validate_remote_permissions_utests.c b/src/security/builtin_plugins/tests/validate_remote_permissions/src/validate_remote_permissions_utests.c index 137137a..84c413f 100644 --- a/src/security/builtin_plugins/tests/validate_remote_permissions/src/validate_remote_permissions_utests.c +++ b/src/security/builtin_plugins/tests/validate_remote_permissions/src/validate_remote_permissions_utests.c @@ -277,6 +277,7 @@ static void corrupt_permission_signature(DDS_Security_AuthenticatedPeerCredentia /* It is expected that the permissions are available in a fixed location. */ CU_ASSERT_FATAL(token != NULL); CU_ASSERT_FATAL(token->properties._buffer != NULL); + assert(token->properties._buffer != NULL); // for Clang's static analyzer CU_ASSERT_FATAL(token->properties._length == 2); CU_ASSERT_FATAL(token->properties._buffer[1].name != NULL); CU_ASSERT_FATAL(token->properties._buffer[1].value != NULL); @@ -285,6 +286,7 @@ static void corrupt_permission_signature(DDS_Security_AuthenticatedPeerCredentia /* Corrupt a byte somewhere in the signature. */ permissions = token->properties._buffer[1].value; CU_ASSERT_FATAL(permissions != NULL); + assert(permissions != NULL); // for Clang's static analyzer len = strlen(permissions); CU_ASSERT_FATAL(len > 100); permissions[len - 75]--; diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c index a072b00..68f53ad 100644 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c @@ -15,6 +15,7 @@ #include "dds/ddsrt/misc.h" #include "mock_authentication.h" #include +#include #include #include @@ -72,6 +73,11 @@ DDS_Security_ValidationResult_t validate_local_identity( } } + /* for Clang's static analyzer */ + assert(identity_certificate != NULL); + assert(identity_ca != NULL); + assert(private_key != NULL); + if( strcmp(identity_certificate, test_identity_certificate) != 0){ result = DDS_SECURITY_VALIDATION_FAILED; diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c index ee4efe2..c80c8d1 100644 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c @@ -13,6 +13,7 @@ #include "dds/ddsrt/misc.h" #include "mock_authentication.h" #include +#include #include #include @@ -73,6 +74,11 @@ DDS_Security_ValidationResult_t validate_local_identity( } } + /* for Clang's static analyzer */ + assert(identity_certificate != NULL); + assert(identity_ca != NULL); + assert(private_key != NULL); + if( strcmp(identity_certificate, test_identity_certificate) != 0){ result = DDS_SECURITY_VALIDATION_FAILED;