RDK-60308-[tr69hostif, RFC] RDK Coverity Defect Resolution for Device Management #143
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -1295,12 +1295,12 @@ void RuntimeFeatureControlProcessor::clearDB(void) | |||||
| std::ofstream touch_file(TR181STOREFILE); | ||||||
| touch_file.close(); | ||||||
|
|
||||||
| set_RFCProperty(name, std::move(ClearDB), clearValue); | ||||||
| set_RFCProperty(name, std::move(BootstrapClearDB), clearValue); | ||||||
| set_RFCProperty(name, std::move(ConfigChangeTimeKey), std::move(ConfigChangeTime)); | ||||||
|
|
||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR, "[%s][%d] Clearing DB Value\n", __FUNCTION__,__LINE__); | ||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR, "[%s][%d] Bootstrap Clearing DB Value\n", __FUNCTION__,__LINE__); | ||||||
|
Comment on lines
+1302
to
+1303
There was a problem hiding this comment. The logging statements were updated to remove the string values because the variables were moved on lines 1298-1299. However, these log statements are now less informative. Consider either: 1) keeping the original code without std::move() for these variables since the performance gain is minimal for short-lived local variables, or 2) logging the values before the move operations.
Contributor
Author
There was a problem hiding this comment. @copilot open a new pull request to apply changes based on this feedback
Contributor
Author
There was a problem hiding this comment. @copilot open a new pull request to apply changes based on this feedback |
||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR, "[%s][%d] ConfigChangeTime: %s\n", __FUNCTION__,__LINE__,ConfigChangeTime.c_str()); | ||||||
|
Contributor
There was a problem hiding this comment. Coverity issue no longer present as of: undefined Show issueCoverity Issue - Using a moved object"ConfigChangeTime" is used after it has been already moved. High Impact, CWE-457
|
||||||
|
|
||||||
| #else | ||||||
|
|
@@ -1342,7 +1342,7 @@ void RuntimeFeatureControlProcessor::rfcStashRetrieveParams(void) | |||||
|
|
||||||
| std::string name = "rfc"; | ||||||
|
|
||||||
| WDMP_STATUS status = set_RFCProperty(name, RFC_ACCOUNT_ID_KEY_STR, std::move(stashAccountId)); | ||||||
|
There was a problem hiding this comment. After moving stashAccountId into the set_RFCProperty function at line 1345, the variable is in a valid but unspecified state. The assignment at line 1356 (_accountId = stashAccountId) will assign this unspecified value to _accountId, which is incorrect. The std::move should be removed from line 1345, or the assignment at line 1356 should use the value before it was moved.
Suggested change
|
||||||
| if (status != WDMP_SUCCESS) | ||||||
| { | ||||||
| #if !defined(RDKB_SUPPORT) | ||||||
|
|
@@ -1371,9 +1371,9 @@ void RuntimeFeatureControlProcessor::clearDBEnd(void){ | |||||
| std::string BootstrapClearDBEndKey = "Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Bootstrap.Control.ClearDBEnd"; | ||||||
| std::string reloadCacheKey = "RFC_CONTROL_RELOADCACHE"; | ||||||
|
|
||||||
| set_RFCProperty(name, std::move(ClearDBEndKey), clearValue); | ||||||
| set_RFCProperty(name, std::move(BootstrapClearDBEndKey), clearValue); | ||||||
| set_RFCProperty(name, std::move(reloadCacheKey), clearValue); | ||||||
|
|
||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR, "[%s][%d] Clearing DBEnd Key Value: %s\n", __FUNCTION__,__LINE__,ClearDBEndKey.c_str()); | ||||||
|
Contributor
There was a problem hiding this comment. Coverity issue no longer present as of: undefined Show issueCoverity Issue - Using a moved object"ClearDBEndKey" is used after it has been already moved. High Impact, CWE-457 |
||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR, "[%s][%d] Bootstrap Clearing DBEnd Key Value: %s\n", __FUNCTION__,__LINE__,BootstrapClearDBEndKey.c_str()); | ||||||
|
Contributor
There was a problem hiding this comment. Coverity issue no longer present as of: undefined Show issueCoverity Issue - Using a moved object"BootstrapClearDBEndKey" is used after it has been already moved. High Impact, CWE-457 |
||||||
|
|
@@ -1387,7 +1387,7 @@ void RuntimeFeatureControlProcessor::updateHashInDB(std::string configSetHash) | |||||
| #if !defined(RDKB_SUPPORT) | ||||||
| std::string ConfigSetHashName = "ConfigSetHash"; | ||||||
| std::string ConfigSetHash_key = "Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Control.ConfigSetHash"; | ||||||
| set_RFCProperty(std::move(ConfigSetHashName), std::move(ConfigSetHash_key), configSetHash); | ||||||
Vismalskumar0 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||||||
| #else | ||||||
| const std::string RFC_RAM_PATH = "/tmp/RFC"; | ||||||
| std::string filePath = RFC_RAM_PATH + "/.hashValue"; | ||||||
|
|
@@ -1415,7 +1415,7 @@ void RuntimeFeatureControlProcessor::updateTimeInDB(std::string timestampString) | |||||
| #if !defined(RDKB_SUPPORT) | ||||||
| std::string ConfigSetTimeName = "ConfigSetTime"; | ||||||
| std::string ConfigSetTime_Key = "Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Control.ConfigSetTime"; | ||||||
| set_RFCProperty(std::move(ConfigSetTimeName), std::move(ConfigSetTime_Key), timestampString); | ||||||
| #else | ||||||
| const std::string RFC_RAM_PATH = "/tmp/RFC"; | ||||||
| std::string filePath = RFC_RAM_PATH + "/.timeValue"; | ||||||
|
|
@@ -1466,15 +1466,15 @@ void RuntimeFeatureControlProcessor::updateHashAndTimeInDB(char *curlHeaderResp) | |||||
| // Output the value | ||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR, "configSetHash value: %s\n", configSetHashValue.c_str()); | ||||||
|
|
||||||
| updateHashInDB(std::move(configSetHashValue)); | ||||||
| } else { | ||||||
| RDK_LOG(RDK_LOG_ERROR, LOG_RFCMGR, "configSetHash not found in httpHeader!"); | ||||||
| } | ||||||
|
|
||||||
|
|
||||||
| std::time_t timestamp = std::time(nullptr); // Get current timestamp | ||||||
| std::string timestampString = std::to_string(timestamp); | ||||||
| updateTimeInDB(std::move(timestampString)); | ||||||
|
|
||||||
| std::fstream fs; | ||||||
| fs.open(RFC_SYNC_DONE, std::ios::out); | ||||||
|
|
@@ -1507,10 +1507,8 @@ bool RuntimeFeatureControlProcessor::IsDirectBlocked() | |||||
| else | ||||||
| { | ||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR,"[%s][%d] RFC: Last direct failed blocking has expired, removing %s, allowing direct \n", __FUNCTION__, __LINE__, DIRECT_BLOCK_FILENAME); | ||||||
| // Attempt to remove the file - if it fails (e.g., already removed), it's not critical | ||||||
| (void)remove(DIRECT_BLOCK_FILENAME); | ||||||
|
Comment on lines
+1510
to
+1511
There was a problem hiding this comment. The TOCTOU fix is correct in removing the race condition between stat() and remove(). However, silently ignoring all remove() failures (via void cast) may hide legitimate errors like permission issues. Consider logging at DEBUG level if remove() fails, checking errno to distinguish between "file not found" (expected race condition) and other errors like EACCES (permission denied).
Contributor
Author
There was a problem hiding this comment. @copilot open a new pull request to apply changes based on this feedback |
||||||
| } | ||||||
| } | ||||||
| #endif | ||||||
|
|
@@ -1988,7 +1986,18 @@ int RuntimeFeatureControlProcessor::DownloadRuntimeFeatutres(DownloadData *pDwnL | |||||
| } | ||||||
| if(file_dwnl.hashData != nullptr) | ||||||
| { | ||||||
| if(file_dwnl.hashData->hashvalue != nullptr) | ||||||
| { | ||||||
| free(file_dwnl.hashData->hashvalue); | ||||||
| file_dwnl.hashData->hashvalue = nullptr; | ||||||
| } | ||||||
| if(file_dwnl.hashData->hashtime != nullptr) | ||||||
| { | ||||||
| free(file_dwnl.hashData->hashtime); | ||||||
| file_dwnl.hashData->hashtime = nullptr; | ||||||
| } | ||||||
| free(file_dwnl.hashData); | ||||||
| file_dwnl.hashData = nullptr; | ||||||
| } | ||||||
|
|
||||||
| if (_url_validation_in_progress) | ||||||
|
|
@@ -2021,7 +2030,10 @@ int RuntimeFeatureControlProcessor::DownloadRuntimeFeatutres(DownloadData *pDwnL | |||||
| case 83: | ||||||
| case 90: | ||||||
| case 91: | ||||||
| NotifyTelemetry2ErrorCode(curl_ret_code); | ||||||
| break; | ||||||
| default: | ||||||
| break; | ||||||
| } | ||||||
|
|
||||||
| if((curl_ret_code == 0) && (httpCode == 404)) | ||||||
|
|
@@ -2133,7 +2145,7 @@ void RuntimeFeatureControlProcessor::GetValidAccountId() | |||||
| } | ||||||
| else | ||||||
| { | ||||||
| _valid_accountId = std::move(value); | ||||||
|
There was a problem hiding this comment. Using std::move on a local variable (value) to assign to a member variable (_valid_accountId) prevents copy elision and doesn't provide any benefit here since the local variable is going out of scope anyway. Additionally, if value is moved and later accessed in the logging or comparisons that follow, it would be in an undefined state. In this case, the move appears safe since value is not used after the assignment, but it's unnecessary and could be confusing. Consider removing std::move and letting the compiler optimize the assignment.
Suggested change
|
||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR,"[%s][%d] NEW valid Account ID: %s\n", __FUNCTION__, __LINE__, _valid_accountId.c_str()); | ||||||
|
|
||||||
| std::string unknown_str = "Unknown"; | ||||||
|
|
@@ -2185,7 +2197,7 @@ void RuntimeFeatureControlProcessor::GetValidPartnerId() | |||||
| } | ||||||
| else | ||||||
| { | ||||||
| _valid_partnerId = std::move(value); | ||||||
|
There was a problem hiding this comment. Using std::move on a local variable (value) to assign to a member variable (_valid_partnerId) prevents copy elision and doesn't provide any benefit here since the local variable is going out of scope anyway. Additionally, if value is moved and later accessed in logging or comparisons that follow, it would be in an undefined state. In this case, the move appears safe since value is not used after the assignment, but it's unnecessary and could be confusing. Consider removing std::move and letting the compiler optimize the assignment.
Suggested change
|
||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR,"[%s][%d] NEW valid Partner ID: %s\n", __FUNCTION__, __LINE__, _valid_partnerId.c_str()); | ||||||
|
|
||||||
| std::string unknown_str = "Unknown"; | ||||||
|
|
@@ -2230,7 +2242,7 @@ void RuntimeFeatureControlProcessor::GetXconfSelect() | |||||
| if(!XconfUrl.empty()) | ||||||
| { | ||||||
| _xconf_server_url.clear(); | ||||||
| _xconf_server_url = std::move(XconfUrl); | ||||||
|
There was a problem hiding this comment. Using std::move on a local variable (XconfUrl) to assign to a member variable (_xconf_server_url) prevents copy elision and doesn't provide any benefit here since the local variable is going out of scope anyway. Consider removing std::move and letting the compiler optimize the assignment.
Suggested change
|
||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR,"[%s][%d] NEW Xconf URL configured=%s\n", __FUNCTION__, __LINE__, _xconf_server_url.c_str()); | ||||||
| } | ||||||
|
|
||||||
|
|
@@ -2413,7 +2425,7 @@ void RuntimeFeatureControlProcessor::processXconfResponseConfigDataPart(JSON *fe | |||||
| } | ||||||
| else | ||||||
| { | ||||||
| if (currentValue.empty()) | ||||||
|
|
||||||
| { | ||||||
| RDK_LOG(RDK_LOG_INFO, LOG_RFCMGR, "[%s][%d] EMPTY value for %s is rejected\n", __FUNCTION__, __LINE__, newKey.c_str()); | ||||||
| continue; | ||||||
|
|
@@ -2478,7 +2490,7 @@ void RuntimeFeatureControlProcessor::processXconfResponseConfigDataPart(JSON *fe | |||||
| } | ||||||
| std::string data = "TR181: " + newKey + " " + newValue; | ||||||
|
|
||||||
| paramList.push_back(std::move(data)); | ||||||
| } | ||||||
|
|
||||||
| updateTR181File(TR181_FILE_LIST, paramList); | ||||||
|
|
@@ -2883,7 +2895,7 @@ int RuntimeFeatureControlProcessor::ProcessXconfUrl(const char *XconfUrl) | |||||
| std::string FQDN = _xconf_server_url; | ||||||
| _xconf_server_url = std::string(XconfUrl) + "/featureControl/getSettings"; | ||||||
| std::stringstream url = CreateXconfHTTPUrl(); | ||||||
| _xconf_server_url = std::move(FQDN); | ||||||
|
Contributor
There was a problem hiding this comment. why stb:move needed only for few params? |
||||||
|
|
||||||
| DownloadData DwnLoc, HeaderDwnLoc; | ||||||
| InitDownloadData(&DwnLoc); | ||||||
|
|
||||||
| Original file line number | Diff line number | Diff line change | ||
|---|---|---|---|---|
| @@ -1,3 +1,4 @@ | ||||
|
|
||||
|
There was a problem hiding this comment. An unnecessary blank line was added at the beginning of the file. This appears to be unintentional and should be removed to maintain code consistency.
Suggested change
|
||||
| /** | ||||
| * If not stated otherwise in this file or this component's LICENSE | ||||
| * file the following copyright and licenses apply: | ||||
|
|
||||
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why we removing the log?