Task #236 - clevis-20-2.fc41/scan-results.err
back to task #236download
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/clevis:30:16: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
# 28|
# 29| cmd=clevis
# 30|-> input_commands="$cmd $@"
# 31|
# 32| while [ $# -gt 0 ]; do
Error: SHELLCHECK_WARNING (CWE-88):
/usr/bin/clevis-decrypt-tpm2:24:34: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
# 22| if command -v clevis-pin-tpm2 >/dev/null;
# 23| then
# 24|-> exec clevis-pin-tpm2 decrypt $@
# 25| fi
# 26|
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/clevis-luks-bind:81:10: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
# 79| fi
# 80|
# 81|-> if ! PIN="${@:$((OPTIND++)):1}" || [ -z "$PIN" ]; then
# 82| echo "Did not specify a pin!" >&2
# 83| usage
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/clevis-luks-bind:89:10: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
# 87| fi
# 88|
# 89|-> if ! CFG="${@:$((OPTIND++)):1}" || [ -z "$CFG" ]; then
# 90| echo "Did not specify a pin config!" >&2
# 91| usage
Error: SHELLCHECK_WARNING (CWE-156):
/usr/bin/clevis-luks-common-functions:545:17: warning[SC2046]: Quote this to prevent word splitting.
# 543| "${SLOT}" "$(jose jwe fmt --input="${JWE}")")
# 544| if ! printf '%s' "${metadata}" | cryptsetup token import \
# 545|-> $([ -n "${TKN_ID}" ] && printf -- '--token-id %s' "${TKN_ID}") \
# 546| "${DEV}"; then
# 547| echo "Error saving metadata to LUKS2 header in device ${DEV}" >&2
Error: SHELLCHECK_WARNING (CWE-563):
/usr/bin/clevis-luks-unbind:95:13: warning[SC2034]: slot appears unused. Verify use (or export if used externally).
# 93| fi
# 94|
# 95|-> read -r slot state uuid < <(luksmeta show -d "$DEV" | grep "^$SLT *")
# 96|
# 97| if [ "$uuid" == "empty" ]; then
Error: SHELLCHECK_WARNING (CWE-457):
/usr/lib/dracut/modules.d/60clevis-pin-tang/module-setup.sh:38:11: warning[SC2154]: hostonly_cmdline is referenced but not assigned.
# 36|
# 37| install() {
# 38|-> if [ "${hostonly_cmdline}" = "yes" ] && have_tang_bindings; then
# 39| echo "rd.neednet=1" > "${initdir}/etc/cmdline.d/99clevis-pin-tang.conf"
# 40| fi
Error: SHELLCHECK_WARNING (CWE-457):
/usr/lib/dracut/modules.d/60clevis-pin-tang/module-setup.sh:39:32: warning[SC2154]: initdir is referenced but not assigned.
# 37| install() {
# 38| if [ "${hostonly_cmdline}" = "yes" ] && have_tang_bindings; then
# 39|-> echo "rd.neednet=1" > "${initdir}/etc/cmdline.d/99clevis-pin-tang.conf"
# 40| fi
# 41|
Error: SHELLCHECK_WARNING:
/usr/lib/dracut/modules.d/60clevis-pin-tpm2/module-setup.sh:39:26: error[SC2283]: Remove spaces around = to assign (or use [ ] to compare, or quote '=' if literal).
# 37|
# 38| installkernel() {
# 39|-> hostonly='' instmods =drivers/char/tpm
# 40| }
Error: SHELLCHECK_WARNING (CWE-457):
/usr/lib/dracut/modules.d/60clevis/module-setup.sh:33:13: warning[SC2154]: systemdsystemunitdir is referenced but not assigned.
# 31| if dracut_module_included "systemd"; then
# 32| inst_multiple \
# 33|-> $systemdsystemunitdir/clevis-luks-askpass.service \
# 34| $systemdsystemunitdir/clevis-luks-askpass.path \
# 35| /usr/lib/systemd/systemd-reply-password \
Error: SHELLCHECK_WARNING (CWE-457):
/usr/lib/dracut/modules.d/60clevis/module-setup.sh:38:30: warning[SC2154]: initdir is referenced but not assigned.
# 36| /usr/libexec/clevis-luks-askpass
# 37|
# 38|-> systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path
# 39| else
# 40| inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"
Error: SHELLCHECK_WARNING (CWE-457):
/usr/lib/dracut/modules.d/60clevis/module-setup.sh:40:40: warning[SC2154]: moddir is referenced but not assigned.
# 38| systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path
# 39| else
# 40|-> inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"
# 41| inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh"
# 42| inst_multiple \
Error: CPPCHECK_WARNING:
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[0]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
# 285| if (*fd >= 0)
# 286| close(*fd);
# 287|-> *fd = -1;
# 288| }
# 289|
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[1]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
# 285| if (*fd >= 0)
# 286| close(*fd);
# 287|-> *fd = -1;
# 288| }
# 289|
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[0]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
# 285| if (*fd >= 0)
# 286| close(*fd);
# 287|-> *fd = -1;
# 288| }
# 289|
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[1]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
# 285| if (*fd >= 0)
# 286| close(*fd);
# 287|-> *fd = -1;
# 288| }
# 289|
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[t]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
# 285| if (*fd >= 0)
# 286| close(*fd);
# 287|-> *fd = -1;
# 288| }
# 289|
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:391:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[0]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
# 389|
# 390| safeclose(&pull[PIPE_RD]);
# 391|-> return bytes;
# 392|
# 393| error:
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:391:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[1]’
/usr/include/glib-2.0/glib/gtestutils.h:32: included_from: Included from here.
/usr/include/glib-2.0/glib.h:89: included_from: Included from here.
/usr/include/glib-2.0/gobject/gbinding.h:30: included_from: Included from here.
/usr/include/glib-2.0/glib-object.h:24: included_from: Included from here.
/usr/include/glib-2.0/gio/gioenums.h:30: included_from: Included from here.
/usr/include/glib-2.0/gio/giotypes.h:30: included_from: Included from here.
/usr/include/glib-2.0/gio/gio.h:28: included_from: Included from here.
/usr/include/udisks2/udisks/udiskstypes.h:28: included_from: Included from here.
/usr/include/udisks2/udisks/udisks.h:25: included_from: Included from here.
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:20: included_from: Included from here.
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
# 389|
# 390| safeclose(&pull[PIPE_RD]);
# 391|-> return bytes;
# 392|
# 393| error:
Error: GCC_ANALYZER_WARNING (CWE-401):
clevis-20/src/pins/sss/clevis-decrypt-sss.c: scope_hint: In function ‘main’
clevis-20/src/pins/sss/clevis-decrypt-sss.c:226:20: warning[-Wanalyzer-malloc-leak]: leak of ‘*pin.pt’
clevis-20/src/pins/sss/sss.h:21: included_from: Included from here.
clevis-20/src/pins/sss/clevis-decrypt-sss.c:39: included_from: Included from here.
# 224|
# 225| pin->pt = malloc(ptl);
# 226|-> if (!pin->pt)
# 227| goto egress;
# 228|
Error: CPPCHECK_WARNING:
clevis-20/src/pins/sss/clevis-encrypt-sss.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING:
clevis-20/src/pins/sss/sss.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/pins/sss/sss.c: scope_hint: In function ‘call’
clevis-20/src/pins/sss/sss.c:363:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dump[0], 0)’
# 361|
# 362| if (*pid == 0) {
# 363|-> if (dup2(dump[PIPE_RD], STDIN_FILENO) < 0 ||
# 364| dup2(load[PIPE_WR], STDOUT_FILENO) < 0)
# 365| exit(EXIT_FAILURE);
Error: GCC_ANALYZER_WARNING (CWE-775):
clevis-20/src/pins/sss/sss.c:363:51: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(load[1], 1)’
# 361|
# 362| if (*pid == 0) {
# 363|-> if (dup2(dump[PIPE_RD], STDIN_FILENO) < 0 ||
# 364| dup2(load[PIPE_WR], STDOUT_FILENO) < 0)
# 365| exit(EXIT_FAILURE);