clevis-20-2.fc41

List of Defects

Error: SHELLCHECK_WARNING (CWE-569): [#def1]
/usr/bin/clevis:30:16: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
#   28|   
#   29|   cmd=clevis
#   30|-> input_commands="$cmd $@"
#   31|   
#   32|   while [ $# -gt 0 ]; do

Error: SHELLCHECK_WARNING (CWE-88): [#def2]
/usr/bin/clevis-decrypt-tpm2:24:34: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
#   22|   if command -v clevis-pin-tpm2 >/dev/null;
#   23|   then
#   24|->     exec clevis-pin-tpm2 decrypt $@
#   25|   fi
#   26|   

Error: SHELLCHECK_WARNING (CWE-569): [#def3]
/usr/bin/clevis-luks-bind:81:10: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
#   79|   fi
#   80|   
#   81|-> if ! PIN="${@:$((OPTIND++)):1}" || [ -z "$PIN" ]; then
#   82|       echo "Did not specify a pin!" >&2
#   83|       usage

Error: SHELLCHECK_WARNING (CWE-569): [#def4]
/usr/bin/clevis-luks-bind:89:10: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
#   87|   fi
#   88|   
#   89|-> if ! CFG="${@:$((OPTIND++)):1}" || [ -z "$CFG" ]; then
#   90|       echo "Did not specify a pin config!" >&2
#   91|       usage

Error: SHELLCHECK_WARNING (CWE-156): [#def5]
/usr/bin/clevis-luks-common-functions:545:17: warning[SC2046]: Quote this to prevent word splitting.
#  543|                  "${SLOT}" "$(jose jwe fmt --input="${JWE}")")
#  544|       if ! printf '%s' "${metadata}" | cryptsetup token import \
#  545|->                 $([ -n "${TKN_ID}" ] && printf -- '--token-id %s' "${TKN_ID}") \
#  546|                   "${DEV}"; then
#  547|           echo "Error saving metadata to LUKS2 header in device ${DEV}" >&2

Error: SHELLCHECK_WARNING (CWE-563): [#def6]
/usr/bin/clevis-luks-unbind:95:13: warning[SC2034]: slot appears unused. Verify use (or export if used externally).
#   93|       fi
#   94|   
#   95|->     read -r slot state uuid < <(luksmeta show -d "$DEV" | grep "^$SLT *")
#   96|   
#   97|       if [ "$uuid" == "empty" ]; then

Error: SHELLCHECK_WARNING (CWE-457): [#def7]
/usr/lib/dracut/modules.d/60clevis-pin-tang/module-setup.sh:38:11: warning[SC2154]: hostonly_cmdline is referenced but not assigned.
#   36|   
#   37|   install() {
#   38|->     if [ "${hostonly_cmdline}" = "yes" ] && have_tang_bindings; then
#   39|           echo "rd.neednet=1" > "${initdir}/etc/cmdline.d/99clevis-pin-tang.conf"
#   40|       fi

Error: SHELLCHECK_WARNING (CWE-457): [#def8]
/usr/lib/dracut/modules.d/60clevis-pin-tang/module-setup.sh:39:32: warning[SC2154]: initdir is referenced but not assigned.
#   37|   install() {
#   38|       if [ "${hostonly_cmdline}" = "yes" ] && have_tang_bindings; then
#   39|->         echo "rd.neednet=1" > "${initdir}/etc/cmdline.d/99clevis-pin-tang.conf"
#   40|       fi
#   41|   

Error: SHELLCHECK_WARNING: [#def9]
/usr/lib/dracut/modules.d/60clevis-pin-tpm2/module-setup.sh:39:26: error[SC2283]: Remove spaces around = to assign (or use [ ] to compare, or quote '=' if literal).
#   37|   
#   38|   installkernel() {
#   39|->     hostonly='' instmods =drivers/char/tpm
#   40|   }

Error: SHELLCHECK_WARNING (CWE-457): [#def10]
/usr/lib/dracut/modules.d/60clevis/module-setup.sh:33:13: warning[SC2154]: systemdsystemunitdir is referenced but not assigned.
#   31|       if dracut_module_included "systemd"; then
#   32|           inst_multiple \
#   33|->             $systemdsystemunitdir/clevis-luks-askpass.service \
#   34|               $systemdsystemunitdir/clevis-luks-askpass.path \
#   35|               /usr/lib/systemd/systemd-reply-password \

Error: SHELLCHECK_WARNING (CWE-457): [#def11]
/usr/lib/dracut/modules.d/60clevis/module-setup.sh:38:30: warning[SC2154]: initdir is referenced but not assigned.
#   36|               /usr/libexec/clevis-luks-askpass
#   37|   
#   38|->         systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path
#   39|       else
#   40|           inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"

Error: SHELLCHECK_WARNING (CWE-457): [#def12]
/usr/lib/dracut/modules.d/60clevis/module-setup.sh:40:40: warning[SC2154]: moddir is referenced but not assigned.
#   38|           systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path
#   39|       else
#   40|->         inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"
#   41|           inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh"
#   42|           inst_multiple \

Error: CPPCHECK_WARNING: [#def13]
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-775): [#def14]
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[0]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
#  285|       if (*fd >= 0)
#  286|           close(*fd);
#  287|->     *fd = -1;
#  288|   }
#  289|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def15]
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[1]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
#  285|       if (*fd >= 0)
#  286|           close(*fd);
#  287|->     *fd = -1;
#  288|   }
#  289|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def16]
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[0]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
#  285|       if (*fd >= 0)
#  286|           close(*fd);
#  287|->     *fd = -1;
#  288|   }
#  289|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def17]
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[1]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
#  285|       if (*fd >= 0)
#  286|           close(*fd);
#  287|->     *fd = -1;
#  288|   }
#  289|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def18]
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘push[t]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
#  285|       if (*fd >= 0)
#  286|           close(*fd);
#  287|->     *fd = -1;
#  288|   }
#  289|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def19]
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:391:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[0]’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
#  389|   
#  390|       safeclose(&pull[PIPE_RD]);
#  391|->     return bytes;
#  392|   
#  393|   error:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def20]
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:391:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pull[1]’
/usr/include/glib-2.0/glib/gtestutils.h:32: included_from: Included from here.
/usr/include/glib-2.0/glib.h:89: included_from: Included from here.
/usr/include/glib-2.0/gobject/gbinding.h:30: included_from: Included from here.
/usr/include/glib-2.0/glib-object.h:24: included_from: Included from here.
/usr/include/glib-2.0/gio/gioenums.h:30: included_from: Included from here.
/usr/include/glib-2.0/gio/giotypes.h:30: included_from: Included from here.
/usr/include/glib-2.0/gio/gio.h:28: included_from: Included from here.
/usr/include/udisks2/udisks/udiskstypes.h:28: included_from: Included from here.
/usr/include/udisks2/udisks/udisks.h:25: included_from: Included from here.
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c:20: included_from: Included from here.
clevis-20/src/luks/udisks2/clevis-luks-udisks2.c: scope_hint: In function ‘recover_key’
#  389|   
#  390|       safeclose(&pull[PIPE_RD]);
#  391|->     return bytes;
#  392|   
#  393|   error:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
clevis-20/src/pins/sss/clevis-decrypt-sss.c: scope_hint: In function ‘main’
clevis-20/src/pins/sss/clevis-decrypt-sss.c:226:20: warning[-Wanalyzer-malloc-leak]: leak of ‘*pin.pt’
clevis-20/src/pins/sss/sss.h:21: included_from: Included from here.
clevis-20/src/pins/sss/clevis-decrypt-sss.c:39: included_from: Included from here.
#  224|   
#  225|                   pin->pt = malloc(ptl);
#  226|->                 if (!pin->pt)
#  227|                       goto egress;
#  228|   

Error: CPPCHECK_WARNING: [#def22]
clevis-20/src/pins/sss/clevis-encrypt-sss.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def23]
clevis-20/src/pins/sss/sss.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-775): [#def24]
clevis-20/src/pins/sss/sss.c: scope_hint: In function ‘call’
clevis-20/src/pins/sss/sss.c:363:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dump[0], 0)’
#  361|   
#  362|       if (*pid == 0) {
#  363|->         if (dup2(dump[PIPE_RD], STDIN_FILENO) < 0 ||
#  364|               dup2(load[PIPE_WR], STDOUT_FILENO) < 0)
#  365|               exit(EXIT_FAILURE);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def25]
clevis-20/src/pins/sss/sss.c:363:51: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(load[1], 1)’
#  361|   
#  362|       if (*pid == 0) {
#  363|->         if (dup2(dump[PIPE_RD], STDIN_FILENO) < 0 ||
#  364|               dup2(load[PIPE_WR], STDOUT_FILENO) < 0)
#  365|               exit(EXIT_FAILURE);

Scan Properties

analyzer-version-clang18.1.4
analyzer-version-cppcheck2.14.0
analyzer-version-gcc14.1.1
analyzer-version-gcc-analyzer14.1.1
analyzer-version-shellcheck0.10.0
enabled-pluginsclang, cppcheck, gcc, shellcheck
exit-code0
hostip-172-16-1-234.us-west-2.compute.internal
mock-configfedora-rawhide-x86_64
project-nameclevis-20-2.fc41
store-results-to/tmp/tmp9ff669hc/clevis-20-2.fc41.tar.xz
time-created2024-05-16 15:03:31
time-finished2024-05-16 15:05:22
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'clang,cppcheck,shellcheck,gcc' '-o' '/tmp/tmp9ff669hc/clevis-20-2.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp9ff669hc/clevis-20-2.fc41.src.rpm'
tool-versioncsmock-3.5.3-1.el9