From 08b09fde8efce65f7f8e173874203e69777b5a3c Mon Sep 17 00:00:00 2001 From: Jonathan Hyry Date: Wed, 5 Mar 2025 23:38:49 -0800 Subject: [PATCH 1/3] Add issues list - to be appropriately suppressed --- flawfinder-fix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 flawfinder-fix diff --git a/flawfinder-fix b/flawfinder-fix new file mode 100644 index 0000000..d865311 --- /dev/null +++ b/flawfinder-fix @@ -0,0 +1,6 @@ +include/internal/TestCPPUtil.h:107:33: [2] (buffer) char: + Statically-sized arrays can be improperly restricted, leading to potential + overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use + functions that limit length, or ensure that the size is larger than the + maximum possible length. + alignas(T) unsigned char data[sizeof(T)]; From 8c03d6e97a62cf62f420ed7e84b7303c3199b792 Mon Sep 17 00:00:00 2001 From: Jonathan Hyry Date: Wed, 5 Mar 2025 23:50:30 -0800 Subject: [PATCH 2/3] Fix README, suppress flawfinder false positive Corrected the line count, fixed missing word. Suppress flawfinder false positive in Util definition of no_destroy. --- README.md | 8 ++++---- include/internal/TestCPPUtil.h | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0aa73e1..5fc0fb4 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ The library is most useful for educational projects or small For testing more complex projects I would recommend using [GoogleTest](https://github.com/google/googletest). -The code is ~1.2k lines. +The code is ~1.3k lines. The Release builds are optimized for speed over size, so the build could probably be tweaked to get a smaller binary if desired. @@ -149,9 +149,9 @@ Then add it to your test executable target through *Will be available for 1.5 release* -You be able to include TestCPP in your `vcpkg` project by running the - following in the root of your project (pending vcpkg PR approval that - I have in right now https://github.com/microsoft/vcpkg/pull/37471): +You will be able to include TestCPP in your `vcpkg` project by running + the following in the root of your project (pending vcpkg PR approval + that I have in right now https://github.com/microsoft/vcpkg/pull/37471): ``` vcpkg add port eljonny-testcpp ``` diff --git a/include/internal/TestCPPUtil.h b/include/internal/TestCPPUtil.h index c869e5b..adfb017 100644 --- a/include/internal/TestCPPUtil.h +++ b/include/internal/TestCPPUtil.h @@ -104,6 +104,7 @@ namespace TestCPP { * This type is for suppressing exit-time destructors for statics. */ template class no_destroy { + // Flawfinder: ignore alignas(T) unsigned char data[sizeof(T)]; public: template no_destroy(Ts&&... ts) { new (data) T(std::forward(ts)...); } From 06b6fb06cdbb86156678877d1fddca38c14eec47 Mon Sep 17 00:00:00 2001 From: Jonathan Hyry Date: Wed, 5 Mar 2025 23:53:00 -0800 Subject: [PATCH 3/3] Removes issue list - it has been appropriately suppressed. --- flawfinder-fix | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 flawfinder-fix diff --git a/flawfinder-fix b/flawfinder-fix deleted file mode 100644 index d865311..0000000 --- a/flawfinder-fix +++ /dev/null @@ -1,6 +0,0 @@ -include/internal/TestCPPUtil.h:107:33: [2] (buffer) char: - Statically-sized arrays can be improperly restricted, leading to potential - overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use - functions that limit length, or ensure that the size is larger than the - maximum possible length. - alignas(T) unsigned char data[sizeof(T)];