Add CodeQL static code analysis.

Also fix some minor issues identified, specifically using gmtime_r()/localtime_r() vs gmtime()/localtime().
2024-12-12 10:04:14 +02:00 · 2021-07-09 14:16:10 -04:00 · 2021-07-09 14:16:10 -04:00 · 3c8819e10f
commit 3c8819e10f
parent 849ab343aa
9 changed files with 67 additions and 12 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -7,6 +7,10 @@ on:
      - '**-ci'
      - '**-cig'
  pull_request:
+    branches:
+      - integration
+      - '**-ci'
+      - '**-cig'

 jobs:
  test:
@ -50,3 +54,32 @@ jobs:

      - name: Run Test
        run: cd ${HOME?} && ${GITHUB_WORKSPACE?}/pgbackrest/test/ci.pl ${{matrix.param}} --param=build-max=2
+
+  codeql:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - cpp
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v2
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{matrix.language}}
+
+      - name: Build
+        run: ${GITHUB_WORKSPACE?}/src/configure && make -j 2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
--- a/doc/xml/release.xml
+++ b/doc/xml/release.xml
@ -127,6 +127,17 @@

            <release-test-list>
                <release-improvement-list>
+                    <release-item>
+                        <github-pull-request id="1457"/>
+
+                        <release-item-contributor-list>
+                            <release-item-contributor id="david.steele"/>
+                            <release-item-reviewer id="cynthia.shang"/>
+                        </release-item-contributor-list>
+
+                        <p>Add CodeQL static code analysis.</p>
+                    </release-item>
+
                    <release-item>
                        <commit subject="Update command/expire test to use standard patterns.">
                            <github-pull-request id="1420"/>
--- a/src/command/backup/common.c
+++ b/src/command/backup/common.c
@ -30,9 +30,12 @@ backupLabelFormat(BackupType type, const String *backupLabelPrior, time_t timest
    ASSERT(timestamp > 0);

    // Format the timestamp
+    struct tm timePart;
    char buffer[16];
+
    THROW_ON_SYS_ERROR(
-        strftime(buffer, sizeof(buffer), "%Y%m%d-%H%M%S", localtime(&timestamp)) == 0, AssertError, "unable to format time");
+        strftime(buffer, sizeof(buffer), "%Y%m%d-%H%M%S", localtime_r(&timestamp, &timePart)) == 0, AssertError,
+        "unable to format time");

    // If full label
    String *result = NULL;
--- a/src/command/info/info.c
+++ b/src/command/info/info.c
@ -785,13 +785,14 @@ formatTextBackup(const DbGroup *dbGroup, String *resultStr)
        // Get and format the backup start/stop time
        KeyValue *timestampInfo = varKv(kvGet(backupInfo, BACKUP_KEY_TIMESTAMP_VAR));

+        struct tm timePart;
        char timeBufferStart[20];
        char timeBufferStop[20];
        time_t timeStart = (time_t)varUInt64(kvGet(timestampInfo, KEY_START_VAR));
        time_t timeStop = (time_t)varUInt64(kvGet(timestampInfo, KEY_STOP_VAR));

-        strftime(timeBufferStart, sizeof(timeBufferStart), "%Y-%m-%d %H:%M:%S", localtime(&timeStart));
-        strftime(timeBufferStop, sizeof(timeBufferStop), "%Y-%m-%d %H:%M:%S", localtime(&timeStop));
+        strftime(timeBufferStart, sizeof(timeBufferStart), "%Y-%m-%d %H:%M:%S", localtime_r(&timeStart, &timePart));
+        strftime(timeBufferStop, sizeof(timeBufferStop), "%Y-%m-%d %H:%M:%S", localtime_r(&timeStop, &timePart));

        strCatFmt(resultStr, "            timestamp start/stop: %s / %s\n", timeBufferStart, timeBufferStop);
        strCatZ(resultStr, "            wal start/stop: ");
--- a/src/command/restore/restore.c
+++ b/src/command/restore/restore.c
@ -1831,9 +1831,11 @@ restoreRecoveryWrite(const Manifest *manifest)
        else
        {
            // Generate a label used to identify this restore in the recovery file
+            struct tm timePart;
            char restoreTimestamp[20];
            time_t timestamp = time(NULL);
-            strftime(restoreTimestamp, sizeof(restoreTimestamp), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
+
+            strftime(restoreTimestamp, sizeof(restoreTimestamp), "%Y-%m-%d %H:%M:%S", localtime_r(&timestamp, &timePart));
            const String *restoreLabel = STR(restoreTimestamp);

            // Write recovery file based on PostgreSQL version
--- a/src/common/io/http/common.c
+++ b/src/common/io/http/common.c
@ -53,19 +53,20 @@ httpDateToTime(const String *lastModified)
 }

 String *
-httpDateFromTime(time_t time)
+httpDateFromTime(const time_t time)
 {
    FUNCTION_TEST_BEGIN();
        FUNCTION_TEST_PARAM(TIME, time);
    FUNCTION_TEST_END();

-    struct tm *timePart = gmtime(&time);
+    struct tm timePart;
+    gmtime_r(&time, &timePart);

    FUNCTION_TEST_RETURN(
        strNewFmt(
-            "%s, %02d %s %04d %02d:%02d:%02d GMT", httpCommonDayList[timePart->tm_wday], timePart->tm_mday,
-            httpCommonMonthList[timePart->tm_mon], timePart->tm_year + 1900, timePart->tm_hour, timePart->tm_min,
-            timePart->tm_sec));
+            "%s, %02d %s %04d %02d:%02d:%02d GMT", httpCommonDayList[timePart.tm_wday], timePart.tm_mday,
+            httpCommonMonthList[timePart.tm_mon], timePart.tm_year + 1900, timePart.tm_hour, timePart.tm_min,
+            timePart.tm_sec));
 }

 /**********************************************************************************************************************************/
--- a/src/common/log.c
+++ b/src/common/log.c
@ -371,11 +371,13 @@ logPre(LogLevel logLevel, unsigned int processId, const char *fileName, const ch
    // Add time
    if (logTimestamp)
    {
+        struct tm timePart;
        TimeMSec logTimeMSec = timeMSec();
        time_t logTimeSec = (time_t)(logTimeMSec / MSEC_PER_SEC);

        result.bufferPos += strftime(
-            logBuffer + result.bufferPos, sizeof(logBuffer) - result.bufferPos, "%Y-%m-%d %H:%M:%S", localtime(&logTimeSec));
+            logBuffer + result.bufferPos, sizeof(logBuffer) - result.bufferPos, "%Y-%m-%d %H:%M:%S",
+            localtime_r(&logTimeSec, &timePart));
        result.bufferPos += (size_t)snprintf(
            logBuffer + result.bufferPos, sizeof(logBuffer) - result.bufferPos, ".%03d ", (int)(logTimeMSec % 1000));
    }
--- a/src/common/type/convert.c
+++ b/src/common/type/convert.c
@ -374,7 +374,8 @@ cvtTimeToZ(time_t value, char *buffer, size_t bufferSize)

    ASSERT(buffer != NULL);

-    size_t result = strftime(buffer, bufferSize, "%s", localtime(&value));
+    struct tm timePart;
+    size_t result = strftime(buffer, bufferSize, "%s", localtime_r(&value, &timePart));

    if (result == 0)
        THROW(AssertError, "buffer overflow");
--- a/src/storage/s3/storage.c
+++ b/src/storage/s3/storage.c
@ -141,10 +141,11 @@ storageS3DateTime(time_t authTime)
        FUNCTION_TEST_PARAM(TIME, authTime);
    FUNCTION_TEST_END();

+    struct tm timePart;
    char buffer[ISO_8601_DATE_TIME_SIZE + 1];

    THROW_ON_SYS_ERROR(
-        strftime(buffer, sizeof(buffer), "%Y%m%dT%H%M%SZ", gmtime(&authTime)) != ISO_8601_DATE_TIME_SIZE, AssertError,
+        strftime(buffer, sizeof(buffer), "%Y%m%dT%H%M%SZ", gmtime_r(&authTime, &timePart)) != ISO_8601_DATE_TIME_SIZE, AssertError,
        "unable to format date");

    FUNCTION_TEST_RETURN(strNewZ(buffer));