fix some codeql warnings. (#663)

* fix some codeql warnings.

* use c++11 z length modifier in format strings with size_t format arguments.

* don't attempt to upload coverage if token is null or not set.

with the github action flow the CODACY_PROJECT_TOKEN is set and null
for foreign pull requests that don't have access to the secrets.

* double protect token

diff --git a/delgpl.cc b/delgpl.cc
index 6e7ae6e4ee5f5d4986fe879a6fac07a96558d387..4b911793c056d4fa429f1b1731f6ec1d1b0a1572 100644 (file)
--- a/delgpl.cc
+++ b/delgpl.cc
@@ -43,8 +43,8 @@ gpl_rd_init(const QString& fname)
 {
   gplfile_in = gbfopen_le(fname, "rb", MYNAME);
   if (sizeof(gpl_point_t) != 56) {
-    fatal(MYNAME ": gpl_point is %lu instead of 56.\n",
-          (unsigned long) sizeof(gpl_point_t));
+    fatal(MYNAME ": gpl_point is %zu instead of 56.\n",
+          sizeof(gpl_point_t));
   }
 }
 

diff --git a/gtrnctr.cc b/gtrnctr.cc
index 0d362f93ce69397f3d04fc7c2ac9c4e85926665b..efd134b80c430b0e5e1ef310818c7922da3991f7 100644 (file)
--- a/gtrnctr.cc
+++ b/gtrnctr.cc
@@ -348,7 +348,7 @@ gtc_fake_hdr(const computed_trkdata& tdata)
   }
 
   /* write these in either case, course or activity format */
-  gtc_write_xml(0, "<TotalTimeSeconds>%d</TotalTimeSeconds>\n", secs);
+  gtc_write_xml(0, "<TotalTimeSeconds>%ld</TotalTimeSeconds>\n", secs);
   gtc_write_xml(0, "<DistanceMeters>%.2f</DistanceMeters>\n", tdata.distance_meters);
   if (gtc_course_flag) { /* course format */
     gtc_write_xml(1, "<BeginPosition>\n");

diff --git a/jeeps/gpslibusb.cc b/jeeps/gpslibusb.cc
index bcdd8d141f2385fbc9816e919d8c986c6a38084f..48014cc357ca962ff018db9acabb24f047d0033f 100644 (file)
--- a/jeeps/gpslibusb.cc
+++ b/jeeps/gpslibusb.cc
@@ -133,8 +133,7 @@ gusb_libusb_send(const garmin_usb_packet* opkt, size_t sz)
           libusb_strerror(static_cast<enum libusb_error>(ret)));
   }
   if (transferred != (int) sz) {
-    warning("Bad cmdsend transferred %d sz %lud\n", transferred,
-            (unsigned long) sz);
+    warning("Bad cmdsend transferred %d sz %zu\n", transferred, sz);
   }
 
   return transferred;

diff --git a/jeeps/gpsusbcommon.cc b/jeeps/gpsusbcommon.cc
index 47a320fd372af4c430ea5a22b3f5641ab3f13a27..548c54885f69033f7e347bfbc1896d7a606a08ee 100644 (file)
--- a/jeeps/gpsusbcommon.cc
+++ b/jeeps/gpsusbcommon.cc
@@ -163,7 +163,7 @@ gusb_cmd_send(const garmin_usb_packet* opkt, size_t sz)
   if (gps_show_bytes) {
     const unsigned short pkttype = le_read16(&opkt->gusb_pkt.databuf[0]);
     const unsigned short pkt_id = le_read16(&opkt->gusb_pkt.pkt_id);
-    GPS_Diag("TX [%d]:", sz);
+    GPS_Diag("TX [%zu]:", sz);
 
     for (i=0; i<sz; i++) {
       GPS_Diag("%02x ", obuf[i]);

diff --git a/mtk_logger.cc b/mtk_logger.cc
index cfffac61ce384389c64f8494bfddd81542c656b6..5e11dddbf6d0a2196b5da359e8aecff2de93b0be 100644 (file)
--- a/mtk_logger.cc
+++ b/mtk_logger.cc
@@ -560,7 +560,7 @@ static void mtk_read()
   fseek(dout, 0L,SEEK_END);
   unsigned long dsize = ftell(dout);
   if (dsize > 1024) {
-    dbg(1, "Temp %s file exists. with size %d\n", qPrintable(TEMP_DATA_BIN),
+    dbg(1, "Temp %s file exists. with size %lu\n", qPrintable(TEMP_DATA_BIN),
         dsize);
     dpos = 0;
     init_scan = 1;
@@ -1302,7 +1302,7 @@ static int mtk_parse(unsigned char* data, int dataLen, unsigned int bmask)
     } else {
       dbg(1,"Missing '*' !\n");
       if (data[i] == 0xff) {  // in some case star-crc hasn't been written on power off.
-        dbg(1, "Bad data point @0x%.6x - skip %d bytes\n", (fl!=nullptr)?ftell(fl):-1, i+2);
+        dbg(1, "Bad data point @0x%.6lx - skip %d bytes\n", (fl!=nullptr)?ftell(fl):-1, i+2);
         return i+2; // include '*' and crc
       }
     }
@@ -1315,7 +1315,7 @@ static int mtk_parse(unsigned char* data, int dataLen, unsigned int bmask)
   }
 
   if (data[i] != crc) {
-    dbg(0,"%2d: Bad CRC %.2x != %.2x (pos 0x%.6x)\n", count, data[i], crc, (fl!=nullptr)?ftell(fl):-1);
+    dbg(0,"%2d: Bad CRC %.2x != %.2x (pos 0x%.6lx)\n", count, data[i], crc, (fl!=nullptr)?ftell(fl):-1);
   }
   i++; // crc
   count++;

diff --git a/skytraq.cc b/skytraq.cc
index 5fd096402bc275949808bd86a4e204ed209c9369..9e92ddc0663c282a43e38eec0fbe436b42ad962e 100644 (file)
--- a/skytraq.cc
+++ b/skytraq.cc
@@ -1557,7 +1557,7 @@ static void miniHomer_get_poi()
 
     // todo - how to determine not-set POIs ?
     if (ecef_x < 100.0 && ecef_y < 100.0 && ecef_z < 100.0) {
-      db(2, MYNAME" : skipped poi %d for X=%f, y=%f, Z=%f\n", ecef_x, ecef_y, ecef_z);
+      db(2, MYNAME" : skipped poi %u for X=%f, y=%f, Z=%f\n", poi, ecef_x, ecef_y, ecef_z);
     } else {
       ECEF_to_LLA(ecef_x, ecef_y, ecef_z, &lat, &lng, &alt);
 
@@ -1604,7 +1604,7 @@ static int miniHomer_set_poi(uint16_t poinum, const char* opt_poi)
        */
       int n = sscanf(opt_poi, "%lf:%lf:%lf", &lat, &lng, &alt);
       if (n >= 2) {
-        db(3, "found %d elems '%s':poi=%s@%d, lat=%f, lng=%f, alt=%f over=%s\n", n, opt_poi, poinames[poinum], poinum, lat, lng, alt);
+        db(3, "found %d elems '%s':poi=%s@%d, lat=%f, lng=%f, alt=%f\n", n, opt_poi, poinames[poinum], poinum, lat, lng, alt);
         lla2ecef(lat, lng, alt, &ecef_x, &ecef_y, &ecef_z);
         db(1, MYNAME ": set POI[%s]='%f %f %f/%f %f %f'\n", poinames[poinum], lat, lng, alt, ecef_x, ecef_y, ecef_z);
         be_write16(MSG_SET_POI+1, poinum);

diff --git a/tools/ci_tokens b/tools/ci_tokens
index c7171763dada5f3a304df0b44fbb119153fca0b9..ff42cd6d2896d94859516416d719a3bc26d9e002 100755 (executable)
--- a/tools/ci_tokens
+++ b/tools/ci_tokens
@@ -8,16 +8,16 @@
 # don't leak unhashed tokens!
 #!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 set +x
-if [ ! -z "${CODACY_PROJECT_TOKEN+x}" ] ; then
+if [ -n "${CODACY_PROJECT_TOKEN:+x}" ] ; then
   echo -n "CODACY_PROJECT_TOKEN hash: "
   echo -n "$CODACY_PROJECT_TOKEN" | openssl dgst -sha512 | cut -d " " -f 2
 else
-  echo CODACY_PROJECT_TOKEN not set.
+  echo CODACY_PROJECT_TOKEN null or not set.
 fi
-if [ ! -z "${GITHUB_TOKEN+x}" ] ; then
+if [ -n "${GITHUB_TOKEN:+x}" ] ; then
   echo -n "GITHUB_TOKEN hash: "
   echo -n "$GITHUB_TOKEN" | openssl dgst -sha512 | cut -d " " -f 2
 else
-  echo GITHUB_TOKEN not set.
+  echo GITHUB_TOKEN null or not set.
 fi
 set -x

diff --git a/tools/travis_script_linux_coverage b/tools/travis_script_linux_coverage
index 8cd6bd42faf5f4d59a57a05bc370329539fdfff1..acedd294d7959b1abee1e94d60ff15209fa50dbc 100755 (executable)
--- a/tools/travis_script_linux_coverage
+++ b/tools/travis_script_linux_coverage
@@ -15,7 +15,10 @@ make -j 3 coverage
 #!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 # don't leak unhashed tokens!
 #!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-if [ -v CODACY_PROJECT_TOKEN ] ; then
+set +x
+# this shell parameter expansion also protects the token from accidental exposure
+# by substituting x for the token if the token is set and not null.
+if [ -n "${CODACY_PROJECT_TOKEN:+x}" ] ; then
   # upload coverate report to codacy.
   bash <(curl -Ls https://coverage.codacy.com/get.sh) report -l CPP -r gpsbabel_coverage.xml
 else

diff --git a/util.cc b/util.cc
index 8c88cee2a8da02d3edd86e39976e1df452cb61cd..96390bdaed6f73dac5cd4a28133bae9a4a468ca5 100644 (file)
--- a/util.cc
+++ b/util.cc
@@ -67,7 +67,7 @@ xmalloc(size_t size)
   void* obj = malloc(size);
 
   if (!obj) {
-    fatal("gpsbabel: Unable to allocate %ld bytes of memory.\n", (unsigned long) size);
+    fatal("gpsbabel: Unable to allocate %zu bytes of memory.\n", size);
   }
 
   return obj;
@@ -79,7 +79,7 @@ xcalloc(size_t nmemb, size_t size)
   void* obj = calloc(nmemb, size);
 
   if (!obj) {
-    fatal("gpsbabel: Unable to allocate %ld units of %ld bytes of memory.\n", (unsigned long) nmemb, (unsigned long) size);
+    fatal("gpsbabel: Unable to allocate %zu units of %zu bytes of memory.\n", nmemb, size);
   }
 
   return obj;
@@ -97,7 +97,7 @@ xstrdup(const char* s)
   char* o = s ? strdup(s) : strdup("");
 
   if (!o) {
-    fatal("gpsbabel: Unable to allocate %ld bytes of memory.\n", (unsigned long) strlen(s));
+    fatal("gpsbabel: Unable to allocate %zu bytes of memory.\n", strlen(s));
   }
 
   return o;
@@ -135,7 +135,7 @@ xrealloc(void* p, size_t s)
   char* o = (char*) realloc(p, s);
 
   if (!o) {
-    fatal("gpsbabel: Unable to realloc %ld bytes of memory.\n", (unsigned long) s);
+    fatal("gpsbabel: Unable to realloc %zu bytes of memory.\n", s);
   }
 
   return o;

diff --git a/wbt-200.cc b/wbt-200.cc
index 0df98eb758dd20261bd08d2e8982bb4b0fcfb83f..3121eceb77a805f14cba6f0300c636b229758b48 100644 (file)
--- a/wbt-200.cc
+++ b/wbt-200.cc
@@ -226,8 +226,8 @@ static void buf_update_checksum(struct buf_head* h, const void* data, size_t len
 {
   auto* cp = (unsigned char*) data;
 
-  db(4, "Updating checksum with %p, %lu, before: %02x ",
-     data, (unsigned long) len, h->checksum);
+  db(4, "Updating checksum with %p, %zu, before: %02x ",
+     data, len, h->checksum);
   for (unsigned i = 0; i < len; i++) {
     h->checksum ^= cp[i];
   }
@@ -678,7 +678,7 @@ static int want_bytes(struct buf_head* h, size_t len)
 {
   char buf[512];
 
-  db(3, "Reading %lu bytes from device\n", (unsigned long) len);
+  db(3, "Reading %zu bytes from device\n", len);
 
   while (len > 0) {
     size_t want = sizeof(buf);
@@ -739,7 +739,7 @@ static void wbt200_data_read()
       fatal(MYNAME ": Internal error: formats not ordered in ascending size order\n");
     }
 
-    db(3, "Want %lu bytes of data\n", (unsigned long) want);
+    db(3, "Want %zu bytes of data\n", want);
 
     /* Top up the buffer */
     want_bytes(&st.data, want - st.data.used);
@@ -891,7 +891,7 @@ static int wbt201_read_chunk(struct read_state* st, unsigned pos, unsigned limit
   }
 
   if (cs != st->data.checksum) {
-    db(2, "Checksums don't match. Got %02x, expected %02\n", cs, st->data.checksum);
+    db(2, "Checksums don't match. Got %02lx, expected %02\n", cs, st->data.checksum);
     return 0;
   }