diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml index 0d92e30b61..cfabed490b 100644 --- a/.github/workflows/static_analysis.yml +++ b/.github/workflows/static_analysis.yml @@ -6,6 +6,9 @@ name: Polaris Coverity Static Analysis permissions: packages: write + pull-requests: write + discussions: write + contents: write runs-on: ubuntu-latest env: VCPKG_NUGET_USER: ${{secrets.VCPKG_NUGET_USER || github.repository_owner}} @@ -24,7 +27,7 @@ - name: Setup build dependencies run: | sudo apt-get update - sudo apt-get install -y gcc-10 g++-10 make mono-complete libtool autoconf-archive autoconf + sudo apt-get install -y gcc-10 g++-10 make mono-complete libkrb5-dev libsasl2-dev - name: Setup VCPKG cache run: | @@ -55,4 +58,9 @@ coverity_build_command: make -j ${{ steps.cpu-cores.outputs.count }} coverity_clean_command: make clean github_token: ${{ secrets.GITHUB_TOKEN }} - project_directory: ${{github.workspace}}/cpp/out/linux-debug-build \ No newline at end of file + project_directory: ${{github.workspace}}/cpp/out/linux-debug-build + include_diagnostics: true + polaris_reports_sarif_create: true + polaris_reports_sarif_groupSCAIssues: true + polaris_upload_sarif_report: true + polaris_prComment_severities: "high,critical,medium,low" \ No newline at end of file diff --git a/cpp/arcticdb/CMakeLists.txt b/cpp/arcticdb/CMakeLists.txt index c9824e1895..e6eaa4be87 100644 --- a/cpp/arcticdb/CMakeLists.txt +++ b/cpp/arcticdb/CMakeLists.txt @@ -387,6 +387,10 @@ set(arcticdb_srcs version/version_store_objects.hpp version/version_utils.hpp # CPP files + + # TODO: Remove used only to test Coverity PR comments + test_coverity_pr_comments.cpp + async/async_store.cpp async/bit_rate_stats.cpp async/task_scheduler.cpp @@ -998,9 +1002,6 @@ if(${TEST}) GTest::gtest GTest::gmock Python::Python # + pybind11::pybind11 (transitively included) = pybind11::embed, but latter is sometimes not found... - curl - krb5support - k5crypto util # TODO: find out where we lost the transitive link to it ) if(NOT APPLE) diff --git a/cpp/arcticdb/test_coverity_pr_comments.cpp b/cpp/arcticdb/test_coverity_pr_comments.cpp new file mode 100644 index 0000000000..872065325e --- /dev/null +++ b/cpp/arcticdb/test_coverity_pr_comments.cpp @@ -0,0 +1,20 @@ +#include +#include + +void my_function_with_errors() { + { + std::vector a = { 1, 2, 3 }; + auto b = std::move(a); + + // Use after move + std::cout << a.size(); + } + + { + int* b = new int(5); + delete b; + + // Use after free + std::cout << *b; + } +} \ No newline at end of file diff --git a/cpp/vcpkg.json b/cpp/vcpkg.json index 9527b6d41c..796910d8e9 100644 --- a/cpp/vcpkg.json +++ b/cpp/vcpkg.json @@ -64,15 +64,7 @@ "azure-core-cpp", "azure-identity-cpp", "azure-storage-blobs-cpp", - "benchmark", - { - "name": "krb5", - "platform": "!windows" - }, - { - "name": "cyrus-sasl", - "platform": "!windows" - } + "benchmark" ], "overrides": [ { "name": "openssl", "version-string": "3.3.0" }, @@ -158,14 +150,12 @@ { "name": "boost-vcpkg-helpers", "version": "1.84.0" }, { "name": "boost-winapi", "version": "1.84.0" }, { "name": "curl", "version": "8.4.0" }, - { "name": "cyrus-sasl", "version": "2.1.28#2" }, { "name": "double-conversion", "version": "3.2.1" }, { "name": "fmt", "version": "10.2.1" }, { "name": "folly", "version-string": "2023.09.25.00" }, { "name": "gflags", "version": "2.2.2#5" }, { "name": "glog", "version": "0.6.0#2" }, { "name": "gtest", "version": "1.12.1" }, - { "name": "krb5", "version": "1.21.3#1" }, { "name": "libbson", "version": "1.28.0" }, { "name": "libevent", "version": "2.1.12#7" }, { "name": "libiconv", "version": "1.17#0" },