Bug 1544767 - Add description at review phase about defects found - coverity. r=bastien
authorAndi-Bogdan Postelnicu <bpostelnicu@mozilla.com>
Thu, 18 Apr 2019 08:52:31 +0000
changeset 470062 b6b08e336e6f236189da007f79b6dcd4f3521b5e
parent 470061 db411f941b862836f10050c056b8e55c3fd2f4e2
child 470063 dc185b8ee50e252d3219e71de31b28b098ec86db
push id112843
push useraiakab@mozilla.com
push dateFri, 19 Apr 2019 09:50:22 +0000
treeherdermozilla-inbound@c06f27cbfe40 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbastien
bugs1544767
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1544767 - Add description at review phase about defects found - coverity. r=bastien Differential Revision: https://phabricator.services.mozilla.com/D27876
python/mozbuild/mozbuild/mach_commands.py
tools/coverity/config.yaml
--- a/python/mozbuild/mozbuild/mach_commands.py
+++ b/python/mozbuild/mozbuild/mach_commands.py
@@ -1673,16 +1673,17 @@ class StaticAnalysis(MachCommandBase):
     """Utilities for running C++ static analysis checks and format."""
 
     # List of file extension to consider (should start with dot)
     _format_include_extensions = ('.cpp', '.c', '.cc', '.h', '.m', '.mm')
     # File contaning all paths to exclude from formatting
     _format_ignore_file = '.clang-format-ignore'
 
     _clang_tidy_config = None
+    _cov_config = None
 
     @Command('static-analysis', category='testing',
              description='Run C++ static analysis checks')
     def static_analysis(self):
         # If not arguments are provided, just print a help message.
         mach = Mach(os.getcwd())
         mach.run(['static-analysis', '--help'])
 
@@ -1821,21 +1822,25 @@ class StaticAnalysis(MachCommandBase):
 
         rc = self._build_compile_db(verbose=verbose)
         rc = rc or self._build_export(jobs=2, verbose=verbose)
 
         if rc != 0:
             return rc
 
         commands_list = self.get_files_with_commands(source)
-
         if len(commands_list) == 0:
             self.log(logging.INFO, 'static-analysis', {}, 'There are no files that need to be analyzed.')
             return 0
 
+        # Load the configuration file for coverity static-analysis
+        # For the moment we store only the reliability index for each checker
+        # as the rest is managed on the https://github.com/mozilla/release-services side.
+        self._cov_config = self._get_cov_config()
+
         rc = self.setup_coverity()
         if rc != 0:
             return rc
 
         # First run cov-run-desktop --setup in order to setup the analysis env
         cmd = [self.cov_run_desktop, '--setup']
         self.log(logging.INFO, 'static-analysis', {}, 'Running {} --setup'.format(self.cov_run_desktop))
 
@@ -1875,16 +1880,39 @@ class StaticAnalysis(MachCommandBase):
         self.log(logging.INFO, 'static-analysis', {}, 'Running Coverity Analysis for {}'.format(cmd))
         rc = self.run_process(cmd, cwd=self.cov_state_path, pass_thru=True)
         if rc != 0:
             self.log(logging.ERROR, 'static-analysis', {}, 'Coverity Analysis failed!')
 
         if output is not None:
             self.dump_cov_artifact(cov_result, output)
 
+    def get_reliability_index_for_cov_checker(self, checker_name):
+        if self._cov_config is None:
+            self.log(logging.INFO, 'static-analysis', {}, 'Coverity config file not found, '
+                'using default-value \'reliablity\' = medium. for checker {}'.format(checker_name))
+            return 'medium'
+
+        checkers = self._cov_config['coverity_checkers']
+        if checker_name not in checkers:
+            self.log(logging.INFO, 'static-analysis', {},
+                'Coverity checker {} not found to determine reliability index. '
+                'For the moment we shall use the default \'reliablity\' = medium.'.format(checker_name))
+            return 'medium'
+
+        if 'reliability' not in checkers[checker_name]:
+            # This checker doesn't have a reliability index
+            self.log(logging.INFO, 'static-analysis', {},
+                'Coverity checker {} doesn\'t have a reliability index set, '
+                'field \'reliability is missing\', please cosinder adding it. '
+                'For the moment we shall use the default \'reliablity\' = medium.'.format(checker_name))
+            return 'medium'
+
+        return checkers[checker_name]['reliability']
+
     def dump_cov_artifact(self, cov_results, output):
         # Parse Coverity json into structured issues
         with open(cov_results) as f:
             result = json.load(f)
 
             # Parse the issues to a standard json format
             issues_dict = {'files': {}}
 
@@ -1893,16 +1921,17 @@ class StaticAnalysis(MachCommandBase):
             def build_element(issue):
                 # We look only for main event
                 event_path = next((event for event in issue['events'] if event['main'] is True), None)
 
                 dict_issue = {
                     'line': issue['mainEventLineNumber'],
                     'flag': issue['checkerName'],
                     'message': event_path['eventDescription'],
+                    'reliability': self.get_reliability_index_for_cov_checker(issue['checkerName']),
                     'extra': {
                         'category': issue['checkerProperties']['category'],
                         'stateOnServer': issue['stateOnServer'],
                         'stack': []
                     }
                 }
 
                 # Embed all events into extra message
@@ -2205,17 +2234,28 @@ class StaticAnalysis(MachCommandBase):
         return checkers, excludes
 
     def _get_clang_tidy_config(self):
         try:
             file_handler = open(mozpath.join(self.topsrcdir, "tools", "clang-tidy", "config.yaml"))
             config = yaml.safe_load(file_handler)
         except Exception:
             print('Looks like config.yaml is not valid, we are going to use default'
-                  ' values for the rest of the analysis.')
+                  ' values for the rest of the analysis for clang-tidy.')
+            return None
+        return config
+
+    def _get_cov_config(self):
+        try:
+            file_handler = open(mozpath.join(self.topsrcdir, "tools", "coverity", "config.yaml"))
+            config = yaml.safe_load(file_handler)
+        except Exception:
+            self.log(logging.ERROR, 'static-analysis', {},
+                    'Looks like config.yaml is not valid, we are going to use default'
+                    ' values for the rest of the analysis for coverity.')
             return None
         return config
 
     def _is_version_eligible(self):
         # make sure that we've cached self._clang_tidy_config
         if self._clang_tidy_config is None:
             self._clang_tidy_config = self._get_clang_tidy_config()
 
new file mode 100644
--- /dev/null
+++ b/tools/coverity/config.yaml
@@ -0,0 +1,502 @@
+---
+# It is used by 'mach static-analysis check-coverity' and
+# 'phabricator static-analysis bot', on automation, in order to determine
+# how prone to false-positive a checker is.
+#
+# In order to update this file please do the following:
+# 1. Obtain the coverity-analysis package.
+# 2. Run cov-analyze `./cov-analyze --list-checkers.
+# 3. Add the new checker(s) from step 2. to the list.
+# 4. Depending on the reliability of the checker please set `reliability` field,
+#    otherwise `medium` will be used as an reliability index.
+coverity_checkers:
+  COPY_PASTE_ERROR:
+    reliability: low
+  DEADCODE:
+    reliability: low
+  FORWARD_NULL:
+    reliability: high
+  IDENTICAL_BRANCHES:
+    reliability: high
+  CONSTANT_EXPRESSION_RESULT:
+    reliability: high
+  UNREACHABLE:
+    reliability: low
+  REVERSE_INULL:
+    reliability: high
+  UNEXPECTED_CONTROL_FLOW:
+    reliability: medium
+  NESTING_INDENT_MISMATCH:
+    reliability: high
+  STRAY_SEMICOLON:
+    reliability: medium
+  RESOURCE_LEAK:
+    reliability: medium
+  NULL_RETURNS:
+    reliability: medium
+  DIVIDE_BY_ZERO:
+    reliability: medium
+  OVERFLOW_BEFORE_WIDEN:
+    reliability: high
+  UNINTENDED_INTEGER_DIVISION:
+    reliability: medium
+  SWAPPED_ARGUMENTS:
+    reliability: low
+  NO_EFFECT:
+    reliability: medium
+  BAD_SHIFT:
+    reliability: low
+  INFINITE_LOOP:
+    reliability: medium
+  MISSING_RESTORE:
+    reliability: low
+  UNUSED_VALUE:
+    reliability: medium
+  USELESS_CALL:
+    reliability: low
+  MISSING_BREAK:
+    reliability: low
+  CHECKED_RETURN:
+    reliability: low
+  PROPERTY_MIXUP:
+    reliability: medium
+  CALL_SUPER:
+    reliability: medium
+  IDENTIFIER_TYPO:
+    reliability: medium
+  USE_AFTER_FREE:
+    reliability: low
+  ALLOC_FREE_MISMATCH:
+    reliability: medium
+  ARRAY_VS_SINGLETON:
+    reliability: low
+  ASSERT_SIDE_EFFECT:
+    reliability: medium
+  BAD_ALLOC_ARITHMETIC:
+    reliability: medium
+  BAD_ALLOC_STRLEN:
+    reliability: medium
+  BAD_COMPARE:
+    reliability: medium
+  BAD_FREE:
+    reliability: medium
+  BAD_SIZEOF:
+    reliability: medium
+  CHAR_IO:
+    reliability: low
+  EVALUATION_ORDER:
+    reliability: medium
+  INCOMPATIBLE_CAST:
+    reliability: medium
+  MISSING_COMMA:
+    reliability: high
+  MISSING_RETURN:
+    reliability: medium
+  NEGATIVE_RETURNS:
+    reliability: low
+  OVERRUN:
+    reliability: low
+  PASS_BY_VALUE:
+    reliability: high
+  PRINTF_ARGS:
+    reliability: medium
+  READLINK:
+    reliability: medium
+  RETURN_LOCAL:
+    reliability: low
+  REVERSE_NEGATIVE:
+    reliability: medium
+  SIGN_EXTENSION:
+    reliability: low
+  SIZEOF_MISMATCH:
+    reliability: low
+  UNINIT:
+    reliability: high
+  VARARGS:
+    reliability: medium
+  INVALIDATE_ITERATOR:
+    reliability: medium
+  BAD_LOCK_OBJECT:
+    reliability: medium
+  GUARDED_BY_VIOLATION:
+    reliability: medium
+  LOCK_EVASION:
+    reliability: medium
+  MISSING_THROW:
+    reliability: medium
+  NON_STATIC_GUARDING_STATIC:
+    reliability: medium
+  VOLATILE_ATOMICITY:
+    reliability: medium
+  OVERLAPPING_COPY:
+    reliability: medium
+  BAD_OVERRIDE:
+    reliability: medium
+  CTOR_DTOR_LEAK:
+    reliability: low
+  DELETE_ARRAY:
+    reliability: low
+  DELETE_VOID:
+    reliability: medium
+  MISMATCHED_ITERATOR:
+    reliability: medium
+  MISSING_MOVE_ASSIGNMENT:
+    reliability: low
+  STREAM_FORMAT_STATE:
+    reliability: medium
+  UNCAUGHT_EXCEPT:
+    reliability: medium
+  UNINIT_CTOR:
+    reliability: high
+  VIRTUAL_DTOR:
+    reliability: medium
+  WRAPPER_ESCAPE:
+    reliability: low
+  BAD_EQ:
+    reliability: medium
+  BAD_EQ_TYPES:
+    reliability: medium
+  LOCK_INVERSION:
+    reliability: medium
+  BAD_CHECK_OF_WAIT_COND:
+    reliability: medium
+  DC.DANGEROUS:
+    reliability: medium
+  DC.DEADLOCK:
+    reliability: medium
+  HIBERNATE_BAD_HASHCODE:
+    reliability: medium
+  ORM_LOAD_NULL_CHECK:
+    reliability: medium
+  ORM_UNNECESSARY_GET:
+    reliability: medium
+  REGEX_CONFUSION:
+    reliability: medium
+  SERVLET_ATOMICITY:
+    reliability: medium
+  SINGLETON_RACE:
+    reliability: medium
+  WRONG_METHOD:
+    reliability: medium
+  PATH_MANIPULATION:
+    reliability: medium
+  SQLI:
+    reliability: medium
+  HARDCODED_CREDENTIALS:
+    reliability: medium
+  SENSITIVE_DATA_LEAK:
+    reliability: medium
+  SCRIPT_CODE_INJECTION:
+    reliability: medium
+  REGEX_INJECTION:
+    reliability: medium
+  BAD_CERT_VERIFICATION:
+    reliability: medium
+  COM.BAD_FREE:
+    reliability: medium
+  COM.BSTR.CONV:
+    reliability: medium
+  EXPLICIT_THIS_EXPECTED:
+    reliability: medium
+  UNINTENDED_GLOBAL:
+    reliability: medium
+  OS_CMD_INJECTION:
+    reliability: medium
+  XSS:
+    reliability: medium
+  WEAK_PASSWORD_HASH:
+    reliability: medium
+  UNSAFE_DESERIALIZATION:
+    reliability: medium
+  OPEN_REDIRECT:
+    reliability: medium
+  CSRF:
+    reliability: medium
+  UNSAFE_REFLECTION:
+    reliability: medium
+  BLACKLIST_FOR_AUTHN:
+    reliability: medium
+  DYNAMIC_OBJECT_ATTRIBUTES:
+    reliability: medium
+  RAILS_DEFAULT_ROUTES:
+    reliability: medium
+  RAILS_DEVISE_CONFIG:
+    reliability: medium
+  RAILS_MISSING_FILTER_ACTION:
+    reliability: medium
+  REGEX_MISSING_ANCHOR:
+    reliability: medium
+  RUBY_VULNERABLE_LIBRARY:
+    reliability: medium
+  SESSION_MANIPULATION:
+    reliability: medium
+  UNSAFE_BASIC_AUTH:
+    reliability: medium
+  UNSAFE_SESSION_SETTING:
+    reliability: medium
+  XPATH_INJECTION:
+    reliability: medium
+  RISKY_CRYPTO:
+    reliability: medium
+  UNENCRYPTED_SENSITIVE_DATA:
+    reliability: medium
+  XML_EXTERNAL_ENTITY:
+    reliability: medium
+  CONFIG.ATS_INSECURE:
+    reliability: medium
+  CUSTOM_KEYBOARD_DATA_LEAK:
+    reliability: medium
+  INSECURE_COMMUNICATION:
+    reliability: medium
+  INSECURE_MULTIPEER_CONNECTION:
+    reliability: medium
+  WEAK_BIOMETRIC_AUTH:
+    reliability: medium
+  BUFFER_SIZE:
+    reliability: high
+  CHROOT:
+    reliability: medium
+  DC.PREDICTABLE_KEY_PASSWORD:
+    reliability: medium
+  DC.STREAM_BUFFER:
+    reliability: medium
+  DC.WEAK_CRYPTO:
+    reliability: low
+  OPEN_ARGS:
+    reliability: medium
+  STRING_NULL:
+    reliability: medium
+  STRING_OVERFLOW:
+    reliability: low
+  STRING_SIZE:
+    reliability: medium
+  TAINTED_SCALAR:
+    reliability: low
+  TAINTED_STRING:
+    reliability: medium
+  TOCTOU:
+    reliability: low
+  SECURE_TEMP:
+    reliability: medium
+  UNSAFE_XML_PARSE_CONFIG:
+    reliability: medium
+  ATOMICITY:
+    reliability: medium
+  LOCK:
+    reliability: medium
+  MISSING_LOCK:
+    reliability: medium
+  ORDER_REVERSAL:
+    reliability: medium
+  SLEEP:
+    reliability: medium
+  ASSIGN_NOT_RETURNING_STAR_THIS:
+    reliability: medium
+  COPY_WITHOUT_ASSIGN:
+    reliability: medium
+  MISSING_COPY_OR_ASSIGN:
+    reliability: medium
+  SELF_ASSIGN:
+    reliability: medium
+  WEAK_GUARD:
+    reliability: medium
+  AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK:
+    reliability: medium
+  DC.STRING_BUFFER:
+    reliability: medium
+  ENUM_AS_BOOLEAN:
+    reliability: medium
+  INTEGER_OVERFLOW:
+    reliability: low
+  MISRA_CAST:
+    reliability: medium
+  MIXED_ENUMS:
+    reliability: low
+  STACK_USE:
+    reliability: medium
+  USER_POINTER:
+    reliability: medium
+  PARSE_ERROR:
+    reliability: low
+  FLOATING_POINT_EQUALITY:
+    reliability: medium
+  ORM_LOST_UPDATE:
+    reliability: medium
+  HFA:
+    reliability: medium
+  COM.ADDROF_LEAK:
+    reliability: medium
+  COM.BSTR.ALLOC:
+    reliability: medium
+  COM.BSTR.BAD_COMPARE:
+    reliability: medium
+  COM.BSTR.NE_NON_BSTR:
+    reliability: medium
+  VCALL_IN_CTOR_DTOR:
+    reliability: medium
+  INSECURE_DIRECT_OBJECT_REFERENCE:
+    reliability: medium
+  UNESCAPED_HTML:
+    reliability: medium
+  SECURE_CODING:
+    reliability: medium
+  SIZECHECK:
+    reliability: medium
+  MISSING_AUTHZ:
+    reliability: medium
+  NOSQL_QUERY_INJECTION:
+    reliability: medium
+  HEADER_INJECTION:
+    reliability: medium
+  INSECURE_RANDOM:
+    reliability: medium
+  CONFIG.DYNAMIC_DATA_HTML_COMMENT:
+    reliability: medium
+  LDAP_INJECTION:
+    reliability: medium
+  UNLOGGED_SECURITY_EXCEPTION:
+    reliability: medium
+  UNRESTRICTED_DISPATCH:
+    reliability: medium
+  UNSAFE_NAMED_QUERY:
+    reliability: medium
+  TAINT_ASSERT:
+    reliability: medium
+  UNKNOWN_LANGUAGE_INJECTION:
+    reliability: medium
+  URL_MANIPULATION:
+    reliability: medium
+  TAINTED_ENVIRONMENT_WITH_EXECUTION:
+    reliability: medium
+  ASPNET_MVC_VERSION_HEADER:
+    reliability: medium
+  CONFIG.ASPNET_VERSION_HEADER:
+    reliability: medium
+  CONFIG.ASP_VIEWSTATE_MAC:
+    reliability: medium
+  CONFIG.CONNECTION_STRING_PASSWORD:
+    reliability: medium
+  CONFIG.COOKIES_MISSING_HTTPONLY:
+    reliability: medium
+  CONFIG.DEAD_AUTHORIZATION_RULE:
+    reliability: medium
+  CONFIG.ENABLED_DEBUG_MODE:
+    reliability: medium
+  CONFIG.ENABLED_TRACE_MODE:
+    reliability: medium
+  CONFIG.MISSING_CUSTOM_ERROR_PAGE:
+    reliability: medium
+  PREDICTABLE_RANDOM_SEED:
+    reliability: medium
+  ATTRIBUTE_NAME_CONFLICT:
+    reliability: medium
+  CONFIG.DUPLICATE_SERVLET_DEFINITION:
+    reliability: medium
+  CONFIG.DWR_DEBUG_MODE:
+    reliability: medium
+  CONFIG.HTTP_VERB_TAMPERING:
+    reliability: medium
+  CONFIG.JAVAEE_MISSING_HTTPONLY:
+    reliability: medium
+  CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER:
+    reliability: medium
+  CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT:
+    reliability: medium
+  CONFIG.SPRING_SECURITY_DEBUG_MODE:
+    reliability: medium
+  CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS:
+    reliability: medium
+  CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS:
+    reliability: medium
+  CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY:
+    reliability: medium
+  CONFIG.SPRING_SECURITY_SESSION_FIXATION:
+    reliability: medium
+  CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN:
+    reliability: medium
+  CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION:
+    reliability: medium
+  CONFIG.STRUTS2_ENABLED_DEV_MODE:
+    reliability: medium
+  CONFIG.UNSAFE_SESSION_TIMEOUT:
+    reliability: medium
+  EL_INJECTION:
+    reliability: medium
+  JAVA_CODE_INJECTION:
+    reliability: medium
+  JCR_INJECTION:
+    reliability: medium
+  JSP_DYNAMIC_INCLUDE:
+    reliability: medium
+  JSP_SQL_INJECTION:
+    reliability: medium
+  OGNL_INJECTION:
+    reliability: medium
+  SESSION_FIXATION:
+    reliability: medium
+  TRUST_BOUNDARY_VIOLATION:
+    reliability: medium
+  UNSAFE_JNI:
+    reliability: medium
+  CONFIG.HANA_XS_PREVENT_XSRF_DISABLED:
+    reliability: medium
+  CONFIG.SEQUELIZE_ENABLED_LOGGING:
+    reliability: medium
+  COOKIE_INJECTION:
+    reliability: medium
+  CSS_INJECTION:
+    reliability: medium
+  DOM_XSS:
+    reliability: medium
+  INSECURE_SALT:
+    reliability: medium
+  INSUFFICIENT_LOGGING:
+    reliability: medium
+  LOCALSTORAGE_MANIPULATION:
+    reliability: medium
+  MISSING_IFRAME_SANDBOX:
+    reliability: medium
+  SESSIONSTORAGE_MANIPULATION:
+    reliability: medium
+  TEMPLATE_INJECTION:
+    reliability: medium
+  UNCHECKED_ORIGIN:
+    reliability: medium
+  UNRESTRICTED_MESSAGE_TARGET:
+    reliability: medium
+  ANGULAR_EXPRESSION_INJECTION:
+    reliability: medium
+  CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED:
+    reliability: medium
+  SYMFONY_EL_INJECTION:
+    reliability: medium
+  LOG_INJECTION:
+    reliability: medium
+  SQL_NOT_CONSTANT:
+    reliability: medium
+  XML_INJECTION:
+    reliability: medium
+  INSECURE_COOKIE:
+    reliability: medium
+  ANGULAR_BYPASS_SECURITY:
+    reliability: medium
+  ANGULAR_ELEMENT_REFERENCE:
+    reliability: medium
+  LOCALSTORAGE_WRITE:
+    reliability: medium
+  ANDROID_CAPABILITY_LEAK:
+    reliability: medium
+  ANDROID_DEBUG_MODE:
+    reliability: medium
+  EXPOSED_PREFERENCES:
+    reliability: medium
+  IMPLICIT_INTENT:
+    reliability: medium
+  MISSING_PERMISSION_FOR_BROADCAST:
+    reliability: medium
+  MISSING_PERMISSION_ON_EXPORTED_COMPONENT:
+    reliability: medium
+  MOBILE_ID_MISUSE:
+    reliability: medium
+  UNRESTRICTED_ACCESS_TO_FILE:
+    reliability: medium