Skip to content

Configure Codacy/cppcheck to suppress missing includes and add bounded read helpers#77

Merged
NathanNeurotic merged 8 commits into
mainfrom
codex/audit-codacy-critical-issues-and-plan-fixes
Jan 7, 2026
Merged

Configure Codacy/cppcheck to suppress missing includes and add bounded read helpers#77
NathanNeurotic merged 8 commits into
mainfrom
codex/audit-codacy-critical-issues-and-plan-fixes

Conversation

@NathanNeurotic

Copy link
Copy Markdown
Owner

Motivation

  • Codacy/Cppcheck reported many missingInclude/missingIncludeSystem issues because PS2SDK headers are not available in the analysis environment, and the repo should not remove real includes to silence the warnings.
  • Provide a repo-level fix so Codacy stops flagging unresolved system/non-system includes while preserving meaningful static checks.
  • Address Codacy CWE-120/CWE-20 findings by centralizing bounded read helpers to reduce repeated ad-hoc read() usages and avoid buffer overreads.
  • Harden a couple of lightweight runtime hazards (format-string usage and rm -rf on unsafe TARGET values) surfaced during edits.

Description

  • Added a Codacy engine configuration file /.codacy.yml that tells the cppcheck engine to suppress missingIncludeSystem and missingInclude warnings so analysis stops reporting false positives for PS2SDK/system headers.
  • Updated scripts/cppcheck.sh to pass a suppressions list (cppcheck-suppressions.txt) and the --suppress=missingIncludeSystem/--suppress=missingInclude flags for local/CI parity with Codacy.
  • Introduced bounded read helpers in include/util_safeio.h and src/util_safeio.c (safe_read_once_nt, safe_read_fully, safe_read_fully_nt) and replaced ad-hoc read() usages across multiple sources (src/*) to follow CWE-120/CWE-20 guidance, and added util_safeio.o to the Makefile.
  • Minor safety hardening: added a format-string guard debug_vprintf_safe in include/debugprintf.h and added an explicit TARGET guard plus null-check in mk_kelf.sh to prevent unsafe removals.

Testing

  • No automated tests were run for this change set (configuration and source refactors only), so CI / Codacy should be run to validate behavior in the target analysis environment.
  • The scripts/cppcheck.sh script was updated to include the suppressions list and suppress flags for local/CI parity, but cppcheck was not executed as part of this PR verification.

Codex Task

@codacy-production

codacy-production Bot commented Jan 7, 2026

Copy link
Copy Markdown

Codacy's Analysis Summary

0 new issue (≤ 0 issue)
0 new security issue
4 complexity
0 duplications

Review Pull Request in Codacy →

AI Reviewer available: add the codacy-review label to get contextual insights without leaving GitHub.

@NathanNeurotic NathanNeurotic merged commit 197558f into main Jan 7, 2026
49 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant