The branch, master has been updated
via 6d86e6e8919 coverity: Add some additional check for strequal()
via bcbd1f9bed8 coverity: Update README.md
via 2334a352395 coverity: Rename README to README.md
via 9dc69dd5043 coverity: Add makefile to build/test the modelling file
via 97fa6f9ffb8 coverity: Add some documentation for the modelling file
via 31bd815c40f gitlab-ci: Update build instructions for Coverity
from 3c9ab8e211e lib/tdb: let tdbtool return error on failure
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6d86e6e891939858461dd839f2bfecc446e5c2d0
Author: Andreas Schneider <[email protected]>
Date: Tue Jul 29 14:44:50 2025 +0200
coverity: Add some additional check for strequal()
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Shwetha K Acharya <[email protected]>
Autobuild-User(master): Anoop C S <[email protected]>
Autobuild-Date(master): Tue Aug 5 07:09:04 UTC 2025 on atb-devel-224
commit bcbd1f9bed885f7c33d530197306205329aed851
Author: Andreas Schneider <[email protected]>
Date: Fri Feb 3 11:30:34 2023 +0100
coverity: Update README.md
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Shwetha K Acharya <[email protected]>
commit 2334a352395de836b83e84d8364c3b4ba254d411
Author: Andreas Schneider <[email protected]>
Date: Fri Feb 3 11:22:40 2023 +0100
coverity: Rename README to README.md
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Shwetha K Acharya <[email protected]>
commit 9dc69dd50438efeb58b80604f6c9bd59d94c83ba
Author: Andreas Schneider <[email protected]>
Date: Fri Feb 3 11:20:17 2023 +0100
coverity: Add makefile to build/test the modelling file
This allows to check that it compiles at least with gcc.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Shwetha K Acharya <[email protected]>
commit 97fa6f9ffb8d8781b7d8c09a45b1df8024c771e6
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 2 17:27:01 2023 +0100
coverity: Add some documentation for the modelling file
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Shwetha K Acharya <[email protected]>
commit 31bd815c40f5e02fe94174cd6695d6b0b64055f0
Author: Andreas Schneider <[email protected]>
Date: Tue Jul 29 15:59:08 2025 +0200
gitlab-ci: Update build instructions for Coverity
See https://scan.coverity.com/download?tab=other
ref:
https://documentation.blackduck.com/bundle/coverity-docs/page/cli/topics/command_reference.html
ref:
https://documentation.blackduck.com/bundle/coverity-docs/page/cli/topics/options_reference.html
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Shwetha K Acharya <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 3 ++-
coverity.yaml | 19 ++++++++++++++
coverity/Makefile | 12 +++++++++
coverity/README | 6 -----
coverity/README.md | 27 ++++++++++++++++++++
coverity/coverity_assert_model.c | 40 +++++++++++++++++++++++++++++
coverity/coverity_builtins.h | 54 ++++++++++++++++++++++++++++++++++++++++
7 files changed, 154 insertions(+), 7 deletions(-)
create mode 100644 coverity.yaml
create mode 100644 coverity/Makefile
delete mode 100644 coverity/README
create mode 100644 coverity/README.md
create mode 100644 coverity/coverity_builtins.h
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index a9eb27ea6ec..49e1e1792e8 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -193,6 +193,7 @@ others:
- script/autobuild.py tevent $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE
--verbose --nocleanup --keeplogs --tail --full-testbase
/builds/samba-testbase/tevent
- script/autobuild.py samba-xc $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE
--verbose --nocleanup --keeplogs --tail --full-testbase
/builds/samba-testbase/samba-xc
- script/autobuild.py docs-xml $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE
--verbose --nocleanup --keeplogs --tail --full-testbase
/builds/samba-testbase/docs-xml
+ - make -C coverity
.shared_template_build_only:
extends: .shared_template
@@ -572,7 +573,7 @@ coverity:
- wget https://scan.coverity.com/download/linux64 --post-data
"token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O
/tmp/coverity_tool.tgz
- tar xf /tmp/coverity_tool.tgz
- ./configure.developer --with-cluster-support
- - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$(nproc)
+ - cov-analysis-linux64-*/bin/coverity capture --dir cov-int --project-dir
./
- tar czf cov-int.tar.gz cov-int
- curl
--form token=$COVERITY_SCAN_TOKEN
diff --git a/coverity.yaml b/coverity.yaml
new file mode 100644
index 00000000000..571e84ececd
--- /dev/null
+++ b/coverity.yaml
@@ -0,0 +1,19 @@
+---
+# To see all config options, visit:
+#
https://documentation.blackduck.com/bundle/coverity-docs/page/cli/topics/options_reference.html
+version: 1
+
+capture:
+ languages:
+ include:
+ - c-family
+ build:
+ build-command: make -j$(nproc)
+ clean-command: make clean
+
+analyze:
+ model-file: coverity/user_models.xmldb
+ checkers:
+ c-family-security: true
+ concurrency: false
+ rule: true
diff --git a/coverity/Makefile b/coverity/Makefile
new file mode 100644
index 00000000000..cce27c1ac9f
--- /dev/null
+++ b/coverity/Makefile
@@ -0,0 +1,12 @@
+.PHONY: check-gcc
+
+# Part of Coverity
+COV_MAKE_LIBRARY ?= cov-make-library
+
+CFLAGS ?= -Wall -Wno-uninitialized -Wno-unused-variable
-Wno-unused-but-set-variable -Werror
+
+check-gcc:
+ gcc -o /dev/null -fPIC -shared -include ./coverity_builtins.h $(CFLAGS)
coverity_assert_model.c
+
+cov-user-model: check-gcc
+ $(COV_MAKE_LIBRARY) -of user_models.xmldb --security
coverity_assert_model.c
diff --git a/coverity/README b/coverity/README
deleted file mode 100644
index 84795d9fe10..00000000000
--- a/coverity/README
+++ /dev/null
@@ -1,6 +0,0 @@
-coverity_assert_model.c:
-
-This file is a Coverity Modeling file for which currently adds the needed
models
-for using the cmocka unit test framework. The assert functions could create
-false positives, to avoid that you can load this modeling file in the Coverity
-web interface. If needed add models for torture_ and talloc_ macros.
diff --git a/coverity/README.md b/coverity/README.md
new file mode 100644
index 00000000000..31f1e4e4d61
--- /dev/null
+++ b/coverity/README.md
@@ -0,0 +1,27 @@
+# Coverity Scan Modelling File
+
+The `coverity_assert_model.c` is a file for
+(Coverity Models)[https://scan.coverity.com/models]. You can find the
+documentation for it
+(here)[https://documentation.blackduck.com/bundle/coverity-docs/page/customizing_coverity/topics/models_primitives/c_models_primitives.html]
+
+- A model file can't import any header files.
+- Therefore only some built-in primitives like int, char and void are
+ available but not NULL etc.
+- Modeling doesn't need full structs and typedefs. Rudimentary structs
+ and similar types are sufficient.
+- An uninitialized local pointer is not an error. It signifies that the
+ variable could be either NULL or have some data.
+
+Coverity Scan doesn't pick up modifications automatically. The model file must
+be uploaded by an admin.
+
+## Testing the coverity_assert_model.c
+
+Whenever you modify the `coverity_assert_model.c` please run:
+
+```sh
+make -C coverity
+```
+
+This will check if the file compiles with gcc.
diff --git a/coverity/coverity_assert_model.c b/coverity/coverity_assert_model.c
index ba5c17d0a58..a14df9c2c1c 100644
--- a/coverity/coverity_assert_model.c
+++ b/coverity/coverity_assert_model.c
@@ -1,4 +1,29 @@
+/*
+ * Modelling file for Coverity Scan
+ *
+ * This is a modeling file for Coverity Scan. Modeling helps to avoid false
+ * positives.
+ *
+ * - A model file can't import any header files.
+ * - Therefore only some built-in primitives like int, char and void are
+ * available but not NULL etc.
+ * - Modeling doesn't need full structs and typedefs. Rudimentary structs
+ * and similar types are sufficient.
+ * - An uninitialized local pointer is not an error. It signifies that the
+ * variable could be either NULL or have some data.
+ *
+ * Coverity Scan doesn't pick up modifications automatically. The model file
+ * must be uploaded by an admin.
+ *
+ * See also https://scan.coverity.com/models
+ */
+
#define LargestIntegralType unsigned long long
+#define NULL (void *)0
+#define bool unsigned int
+#define true 1
+#define false 0
+/* size_t is already defined by Coverity */
void _assert_true(const LargestIntegralType result,
const char* const expression,
@@ -84,3 +109,18 @@ void _assert_not_in_set(
{
__coverity_panic__();
}
+
+/***********************************************************
+ * SAMBA
+ ***********************************************************/
+
+/* ./lib/util */
+
+bool strequal(const char *a, const char *b)
+{
+ /* Require NUL-terminated arguments */
+ __coverity_string_null_sink__(a);
+ __coverity_string_null_sink__(b);
+
+ return true;
+}
diff --git a/coverity/coverity_builtins.h b/coverity/coverity_builtins.h
new file mode 100644
index 00000000000..44c3e385fb2
--- /dev/null
+++ b/coverity/coverity_builtins.h
@@ -0,0 +1,54 @@
+#define TAINTED_SCALAR_GENERIC 1
+#define ALLOCATION 1
+#define ENVIRONMENT 1
+#define FILESYSTEM 1
+#define FORMAT_STRING 1
+#define GENERIC 1
+#define OS_CMD_ARGUMENTS 1
+#define OS_CMD_FILENAME 1
+#define OS_CMD_ONE_STRING 1
+#define OVERRUN 1
+#define PATH 1
+#define TAINT_TYPE_CONSOLE 1
+#define TAINT_TYPE_ENVIRONMENT 1
+#define TAINT_TYPE_FILESYSTEM 1
+#define TAINT_TYPE_NETWORK 1
+
+struct va_list_str;
+
+typedef unsigned long size_t;
+
+void*__coverity_alloc__(size_t);
+void*__coverity_alloc_nosize__(void);
+void __coverity_always_check_return_internal__(void);
+void __coverity_close__(int);
+void __coverity_escape__(void *);
+void __coverity_escape_const__(const void *);
+void __coverity_exclusive_lock_acquire__(void *lock);
+void __coverity_exclusive_lock_release__(void *lock);
+void __coverity_free__(void *);
+void __coverity_mark_as_uninitialized_buffer__(void *);
+void __coverity_mark_as_afm_allocated__(const void *, const char *);
+void __coverity_mark_as_afm_freed__(const void *, const char *);
+void __coverity_mark_pointee_as_sanitized__(const void *, int);
+void __coverity_mark_pointee_as_tainted__(const void *, int);
+void __coverity_negative_sink__(long);
+int __coverity_open__(void);
+void __coverity_panic__(void) __attribute__((__noreturn__));
+void __coverity_printf_function_varargs__(int, const char *);
+void __coverity_printf_function_valist__(int, const char *, struct va_list_str
*);
+void __coverity_read_buffer_bytes__(const void *, size_t);
+void __coverity_recursive_lock_acquire__(void *lock);
+void __coverity_string_size_sink__(const void *);
+void __coverity_string_size_sink_vararg__(int);
+void __coverity_string_null_argument__(void *, size_t);
+void __coverity_string_null_copy__(void *, const void *, size_t);
+void __coverity_string_null_sink__(const void *);
+void __coverity_string_null_sink_vararg__(int);
+void __coverity_taint_sink__(const void *, int);
+void __coverity_tainted_data_transitive__(void *, const void *);
+void __coverity_tainted_string_sanitize_content__(const char *);
+void __coverity_use_handle__(int);
+void __coverity_write_buffer_bytes__(char *, size_t);
+void __coverity_writeall__(void *);
+void __coverity_writeall0__(void *);
--
Samba Shared Repository
