Newly introduced findings

List of Findings

Error: SHELLCHECK_WARNING (CWE-571): [#def1]
/usr/share/go-fdo-server/fdo-utils.sh:72:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
#   70|     local response
#   71|     response=$(curl --fail --verbose --silent --insecure -w "HTTP_STATUS:%{http_code}" "${owner_url}/api/v1/owner/redirect" 2>/dev/null)
#   72|->   local http_status=$(echo "$response" | grep -o "HTTP_STATUS:[0-9]*" | cut -d: -f2)
#   73|     local body=$(echo "$response" | sed 's/HTTP_STATUS:[0-9]*$//')
#   74|     

Error: SHELLCHECK_WARNING (CWE-571): [#def2]
/usr/share/go-fdo-server/fdo-utils.sh:73:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
#   71|     response=$(curl --fail --verbose --silent --insecure -w "HTTP_STATUS:%{http_code}" "${owner_url}/api/v1/owner/redirect" 2>/dev/null)
#   72|     local http_status=$(echo "$response" | grep -o "HTTP_STATUS:[0-9]*" | cut -d: -f2)
#   73|->   local body=$(echo "$response" | sed 's/HTTP_STATUS:[0-9]*$//')
#   74|     
#   75|     # Return empty string if not found (404) or any error, otherwise return body

Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/share/go-fdo-server/fdo-utils.sh:85:32: warning[SC2034]: ip appears unused. Verify use (or export if used externally).
#   83|   # Helper function for POST/PUT operations on /api/v1/owner/redirect
#   84|   _ownerinfo_request() {
#   85|->   local method=$1 owner_url=$2 ip=$3 dns=$4 port=$5 protocol=$6
#   86|     local json='[{"dns":"'${dns}'","port":"'${port}'","protocol":"'${protocol}'"}]'
#   87|     curl --fail --verbose --silent --insecure -X "${method}" "${owner_url}/api/v1/owner/redirect" \

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.18.3
analyzer-version-gcc	15.2.1
analyzer-version-gcc-analyzer	15.2.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.18.3
diffbase-analyzer-version-gcc	15.2.1
diffbase-analyzer-version-gcc-analyzer	15.2.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-231.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	go-fdo-server-0.0.4-1.20251211114943068747.main.2.gd37e23d
diffbase-store-results-to	/tmp/tmpflzfb1mq/go-fdo-server-0.0.4-1.20251211114943068747.main.2.gd37e23d.tar.xz
diffbase-time-created	2025-12-17 14:57:06
diffbase-time-finished	2025-12-17 14:59:40
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,unicontrol,gcc,shellcheck,clippy' '-o' '/tmp/tmpflzfb1mq/go-fdo-server-0.0.4-1.20251211114943068747.main.2.gd37e23d.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmpflzfb1mq/go-fdo-server-0.0.4-1.20251211114943068747.main.2.gd37e23d.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-231.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	go-fdo-server-0.0.4-1.20251217144735009726.pr130.7.g4fd68f1
store-results-to	/tmp/tmprdqp3vge/go-fdo-server-0.0.4-1.20251217144735009726.pr130.7.g4fd68f1.tar.xz
time-created	2025-12-17 14:59:51
time-finished	2025-12-17 15:01:59
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'cppcheck,unicontrol,gcc,shellcheck,clippy' '-o' '/tmp/tmprdqp3vge/go-fdo-server-0.0.4-1.20251217144735009726.pr130.7.g4fd68f1.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '/tmp/tmprdqp3vge/go-fdo-server-0.0.4-1.20251217144735009726.pr130.7.g4fd68f1.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9