We use Coverity's Scan Build service for free and open source projects. I am working through two Coverity findings on tainted parameters (TAINTED_SCALAR
). The taint is a false positive, so I am trying to instrument the code with Coverity's __coverity_tainted_data_sanitize__
to clear the issue.
I want to guard the code that needs to use __coverity_tainted_data_sanitize__
because the function is only used with analysis builds using Coverity's cov-build
tool. That is, I want to do something like:
void Foo(std::istream& is, ...)
{
std::string name;
is >> name;
#if <SOME_COVERITY_PREPROCESSOR_MACRO>
__coverity_tainted_data_sanitize__(name);
#endif
...
}
Coverity has a couple of examples on using __coverity_tainted_data_sanitize__
, but they don't show how to guard it. See for example, Function model example for Tainted Scalar and Explicitly document parameter passing mechanisms. I also could not find it when asking the preprocessor (see below).
What preprocessor macros does Coverity define to determine an analysis build?
Preprocessor Output
$ cov-build --dir ~/temp cpp -x c++ -dM </dev/null 2>&1 | egrep -i "(cov|anal)"
Coverity Build Capture (64-bit) version 7.7.0.4 on Linux 3.13.0-68-generic x86_64
Environmental Variables
I did find some environmental variables, but I prefer to avoid mapping environmental variables to preprocessor defines.
$ cov-build --dir ~/temp printenv 2>&1 | egrep -i "(cov|anal)"
Coverity Build Capture (64-bit) version 7.7.0.4 on Linux 3.13.0-68-generic x86_64
LD_LIBRARY_PATH=/home/cov-analysis/jars
LD_PRELOAD=/home/cov-analysis/bin/libcapture-linux64-${PLATFORM}.so
COVERITY_TEMP=/tmp/cov-98db841699284e11e33be37fe7061776
COVERITY_LD_LIBRARY_PATH=/home/cov-analysis/jars
COVERITY_JAVA14_WARNING_FILE=/home/temp/warn_about_java14_compilations
COVERITY_ENABLE_CEJ_PER_CLASS_ERROR_RECOVERY=1
COVERITY_IS_COMPILER_DESCENDANT=0
COVERITY_CONFIG_FILE=/home/cov-analysis/config/coverity_config.xml
COVERITY_COMMON_TEMP=/tmp
COVERITY_JAVA_CONFIG=javac#TEMPLATE##java#TEMPLATE##apt#TEMPLATE##javaw#TEMPLATE###
COVERITY_PREV_XML_CATALOG_FILES=
COVERITY_OUTPUT_ENCODING=UTF-8
COVERITY_COMPILER_PATH_MISMATCH_FILE=/home/temp/has_path_mismatches
COVERITY_ENABLE_CECS_WATCHDOG=1
COVERITY_PATHLESS_CONFIGS_FILE=/home/temp/has_pathless_configs
COVERITY_LD_PRELOAD=/home/cov-analysis/bin/libcapture-linux64-${PLATFORM}.so
COVERITY_BUILD_INVOCATION_ID=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/cov-analysis/bin
COVERITY_BIN=/home/cov-analysis/bin
COVERITY_IDIR=/home/temp
COVERITY_TOP_PROCESS=0
COVERITY_OUTPUT=/home/temp/build-log.txt
COVERITY_EMIT=/home/temp/emit
PWD=/home/cov-analysis
COVERITY_SITE_CC=VBCSCompiler;apt;c++;cc;cl;clang;clang++;csc;csc2;devenv;g++;g++-4.8;g++-4.9;g++-5.1.0;gcc;gcc-4.8;gcc-4.9;gcc-5.1.0;java;javac;javaw;ld;msbuild;xgcc
COVERITY_LOG=/home/temp/build-log.txt
COVERITY_SYSTEM_ENCODING=UTF-8
COVERITY_TOP_CONFIG=/tmp/cov-98db841699284e11e33be37fe7061776/cov-configure/coverity_config.xml
COVERITY_IS_COMPILER=0
Just in case its discussed... the library does read what appears to be a tainted value. However, its a datafile used for self tests, its located in /usr/share
, and its not arbitrary user input. The library does not expose this particular functions to users, so I dont believe it can be abused in unexpected ways.
Basically, cov-build append the data (emitted data) into idir, if the file / path is not identical to the existing one in idir. As a result, with cov-analyze, we will get results from all files emitted by cov-build in each run.
Coverity Scan is a free service for static code analysis of Open Source projects. It is based on Coverity's commercial product and is able to analyze C, C++ and Java code. Coverity's static code analysis doesn't run the code.
Both cov-emit and cov-internal-emit-clang predefine the __COVERITY__
macro, which is probably what you want.
That said, I think you should be able to mark the defect as a false positive in the Coverity Scan web UI, and it won't show up anymore.
$ cov-build --dir ~/temp cpp -x c++ -dM &1 | egrep -i "(cov|anal)" Coverity Build Capture (64-bit) version 7.7.0.4 on Linux 3.13.0-68-generic x86_64
As an aside, this is looking at the macros predefined by cpp
, not cov-translate. As far as I know, there is currently no straightforward way to dump all the macros predefined by cov-build/cov-translate.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With