Skip to content

Commit

Permalink
Use open then fdopen to avoid TOCTOU code scanning alert.
Browse files Browse the repository at this point in the history
  • Loading branch information
@a-h-abdelsalam
a-h-abdelsalam committed Sep 18, 2024
1 parent 014b635 commit 21f7251
Showing 1 changed file with 10 additions and 9 deletions.
19 changes: 10 additions & 9 deletions src/manage_sql_secinfo.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2860,20 +2860,20 @@ if (failure_condition) { \
static int
update_epss_scores ()
{
GStatBuf state;
gchar *current_json_path;
gchar *error_message = NULL;

Check warning on line 2864 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2864 

Added line #L2864 was not covered by tests
FILE *epss_scores_file;
cJSON *epss_entry;
gvm_json_pull_event_t event;
gvm_json_pull_parser_t parser;
gvm_json_path_elem_t *path_tail = NULL;
inserts_t inserts;

current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
"epss-scores-current.json",
NULL);
if (g_stat (current_json_path, &state))
int fd = open(current_json_path, O_RDONLY);

Check warning on line 2874 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2874 

Added line #L2874 was not covered by tests

if (fd < 0)
{
int ret;
if (errno == ENOENT)
Expand All @@ -2884,21 +2884,22 @@ update_epss_scores ()
}
else
{
g_warning ("%s: Failed to stat EPSS scores file: %s",
__func__, strerror (errno));
g_warning ("%s: Failed to open EPSS scores file: %s",

Check warning on line 2887 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2887 

Added line #L2887 was not covered by tests
__func__, strerror (errno));
ret = -1;
}
g_free (current_json_path);
g_free (current_json_path);

Check warning on line 2891 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2891 

Added line #L2891 was not covered by tests
return ret;
}

epss_scores_file = fopen (current_json_path, "r");
epss_scores_file = fdopen(fd, "r");

Check warning on line 2895 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2895 

Added line #L2895 was not covered by tests
if (epss_scores_file == NULL)
{
g_warning ("%s: Failed to open EPSS scores file: %s",
g_warning ("%s: Failed to convert file descriptor to FILE*: %s",

Check warning on line 2898 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2898 

Added line #L2898 was not covered by tests
__func__,
strerror (errno));
g_free (current_json_path);
close(fd);
return -1;

Check warning on line 2903 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2901-L2903 

Added lines #L2901 - L2903 were not covered by tests
}

Expand All @@ -2916,7 +2917,7 @@ update_epss_scores ()
while (!epss_scores_found)
{
gvm_json_pull_parser_next (&parser, &event);
path_tail = g_queue_peek_tail (event.path);
gvm_json_path_elem_t *path_tail = g_queue_peek_tail (event.path);

Check warning on line 2920 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2919-L2920 

Added lines #L2919 - L2920 were not covered by tests
if (event.type == GVM_JSON_PULL_EVENT_ARRAY_START
&& path_tail && strcmp (path_tail->key, "epss_scores") == 0)

Check warning on line 2922 in src/manage_sql_secinfo.c

View check run for this annotation

Codecov / codecov/patch

src/manage_sql_secinfo.c#L2922 

Added line #L2922 was not covered by tests
{
Expand Down

0 comments on commit 21f7251

Please sign in to comment.