coverity: Ignore most of SECURE_TEMP issues

mkstemp as per the Linux man page, uses 0600 as the permission bits when creating the file. This is hence safe and a Coverity warning that should be ignored. Further, we are mostly a multi-threaded program in all our daemons and cannot set and unset umask at will in a multi-threaded program, to address the coverity issue. This change attempts to nudge coverity to ignore this warning, using the pattern, /* coverity[EVENT_TAG_NAME] ... */ <line of code that has the issue> This commit is an experiment, if post merge the next coverity report ignores these errors, the above pattern (as found using an internet search) works and can be applied to certain other warnings as well. Change-Id: I73a184ce1a54dd9e66542952b1190a74438c826a Updates: bz#789278 Signed-off-by: ShyamsundarR <srangana@redhat.com>
2018-07-24 20:23:14 -04:00 · 2018-07-24 20:23:14 -04:00 · 46a2cbfb73
commit 46a2cbfb73
parent 1739f7e0b2
7 changed files with 9 additions and 0 deletions
--- a/libglusterfs/src/graph.c
+++ b/libglusterfs/src/graph.c
@ -968,6 +968,7 @@ gf_volfile_reconfigure (int oldvollen, FILE *newvolfile_fp,
                        LG_MSG_ACTIVE_GRAPH_NULL,
                        "glusterfs_ctx->active is NULL");

+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
                file_desc = mkstemp(temp_file);
                if (file_desc < 0) {
                        gf_msg ("glusterfsd-mgmt", GF_LOG_ERROR, errno,
--- a/libglusterfs/src/graph.y
+++ b/libglusterfs/src/graph.y
@ -563,6 +563,7 @@ glusterfs_graph_construct (FILE *fp)
                goto err;

        strcpy (template, "/tmp/tmp.XXXXXX");
+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
        tmp_fd = mkstemp (template);
        if (-1 == tmp_fd)
                goto err;
--- a/libglusterfs/src/monitoring.c
+++ b/libglusterfs/src/monitoring.c
@ -237,6 +237,7 @@ gf_monitor_metrics (glusterfs_ctx_t *ctx)
                return NULL;
        }

+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
        fd = mkstemp (filepath);
        if (fd < 0) {
                gf_msg ("monitoring", GF_LOG_ERROR, 0, LG_MSG_STRDUP_ERROR,
--- a/xlators/cluster/ec/src/ec-code.c
+++ b/xlators/cluster/ec/src/ec-code.c
@ -417,6 +417,7 @@ ec_code_space_create(ec_code_t *code, size_t size)

        /* We need to create a temporary file as the backend storage for the
         * memory mapped areas. */
+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
        fd = mkstemp(path);
        if (fd < 0) {
                err = errno;
--- a/xlators/mgmt/glusterd/src/glusterd-gfproxyd-svc-helper.c
+++ b/xlators/mgmt/glusterd/src/glusterd-gfproxyd-svc-helper.c
@ -101,6 +101,7 @@ glusterd_svc_get_gfproxyd_volfile (glusterd_volinfo_t *volinfo, char *svc_name,

        snprintf (tmpvol, path_len, "/tmp/g%s-XXXXXX", svc_name);

+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
        tmp_fd = mkstemp (tmpvol);
        if (tmp_fd < 0) {
                gf_msg ("glusterd", GF_LOG_WARNING, errno,
--- a/xlators/mgmt/glusterd/src/glusterd-svc-helper.c
+++ b/xlators/mgmt/glusterd/src/glusterd-svc-helper.c
@ -180,6 +180,7 @@ glusterd_svc_check_volfile_identical (char *svc_name,

        snprintf (tmpvol, sizeof (tmpvol), "/tmp/g%s-XXXXXX", svc_name);

+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
        tmp_fd = mkstemp (tmpvol);
        if (tmp_fd < 0) {
                gf_msg (this->name, GF_LOG_WARNING, errno,
@ -231,6 +232,7 @@ glusterd_svc_check_topology_identical (char *svc_name,

        /* Create the temporary volfile */
        snprintf (tmpvol, sizeof (tmpvol), "/tmp/g%s-XXXXXX", svc_name);
+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
        tmpfd = mkstemp (tmpvol);
        if (tmpfd < 0) {
                gf_msg (this->name, GF_LOG_WARNING, errno,
--- a/xlators/mgmt/glusterd/src/glusterd-tierd-svc-helper.c
+++ b/xlators/mgmt/glusterd/src/glusterd-tierd-svc-helper.c
@ -105,6 +105,7 @@ glusterd_svc_check_tier_volfile_identical (char *svc_name,

        snprintf (tmpvol, sizeof (tmpvol), "/tmp/g%s-XXXXXX", svc_name);

+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
        tmp_fd = mkstemp (tmpvol);
        if (tmp_fd < 0) {
                gf_msg (this->name, GF_LOG_WARNING, errno,
@ -158,6 +159,7 @@ glusterd_svc_check_tier_topology_identical (char *svc_name,

        snprintf (tmpvol, sizeof (tmpvol), "/tmp/g%s-XXXXXX", svc_name);

+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
        tmpfd = mkstemp (tmpvol);
        if (tmpfd < 0) {
                gf_msg (this->name, GF_LOG_WARNING, errno,