From 46a2cbfb73f7fade3426fd07c5830e9fac82883c Mon Sep 17 00:00:00 2001
From: ShyamsundarR <srangana@redhat.com>
Date: Tue, 24 Jul 2018 20:23:14 -0400
Subject: coverity: Ignore most of SECURE_TEMP issues

mkstemp as per the Linux man page, uses 0600 as the permission
bits when creating the file. This is hence safe and a Coverity
warning that should be ignored.

Further, we are mostly a multi-threaded program in all our daemons
and cannot set and unset umask at will in a multi-threaded
program, to address the coverity issue.

This change attempts to nudge coverity to ignore this warning,
using the pattern,
/* coverity[EVENT_TAG_NAME] ... */
<line of code that has the issue>

This commit is an experiment, if post merge the next coverity
report ignores these errors, the above pattern (as found using
an internet search) works and can be applied to certain other
warnings as well.

Change-Id: I73a184ce1a54dd9e66542952b1190a74438c826a
Updates: bz#789278
Signed-off-by: ShyamsundarR <srangana@redhat.com>
---
 libglusterfs/src/graph.c      | 1 +
 libglusterfs/src/graph.y      | 1 +
 libglusterfs/src/monitoring.c | 1 +
 3 files changed, 3 insertions(+)

(limited to 'libglusterfs')

diff --git a/libglusterfs/src/graph.c b/libglusterfs/src/graph.c
index 2d560b7f265..d690047cb68 100644
--- a/libglusterfs/src/graph.c
+++ b/libglusterfs/src/graph.c
@@ -968,6 +968,7 @@ gf_volfile_reconfigure (int oldvollen, FILE *newvolfile_fp,
                         LG_MSG_ACTIVE_GRAPH_NULL,
                         "glusterfs_ctx->active is NULL");
 
+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
                 file_desc = mkstemp(temp_file);
                 if (file_desc < 0) {
                         gf_msg ("glusterfsd-mgmt", GF_LOG_ERROR, errno,
diff --git a/libglusterfs/src/graph.y b/libglusterfs/src/graph.y
index ddd2c9672fb..bf7886b5a8e 100644
--- a/libglusterfs/src/graph.y
+++ b/libglusterfs/src/graph.y
@@ -563,6 +563,7 @@ glusterfs_graph_construct (FILE *fp)
                 goto err;
 
         strcpy (template, "/tmp/tmp.XXXXXX");
+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
         tmp_fd = mkstemp (template);
         if (-1 == tmp_fd)
                 goto err;
diff --git a/libglusterfs/src/monitoring.c b/libglusterfs/src/monitoring.c
index 62738c79e74..10b0a817e40 100644
--- a/libglusterfs/src/monitoring.c
+++ b/libglusterfs/src/monitoring.c
@@ -237,6 +237,7 @@ gf_monitor_metrics (glusterfs_ctx_t *ctx)
                 return NULL;
         }
 
+        /* coverity[secure_temp] mkstemp uses 0600 as the mode and is safe */
         fd = mkstemp (filepath);
         if (fd < 0) {
                 gf_msg ("monitoring", GF_LOG_ERROR, 0, LG_MSG_STRDUP_ERROR,
-- 
cgit