Skip to content

refactor: resolve some warnings from static check#102

Merged
ComixHe merged 1 commit into
OpenAtom-Linyaps:masterfrom
ComixHe:master
Jul 23, 2025
Merged

refactor: resolve some warnings from static check#102
ComixHe merged 1 commit into
OpenAtom-Linyaps:masterfrom
ComixHe:master

Conversation

@ComixHe

@ComixHe ComixHe commented Jul 23, 2025

Copy link
Copy Markdown
Collaborator

No description provided.

Signed-off-by: ComixHe <ComixHe1895@outlook.com>
@deepsource-io

deepsource-io Bot commented Jul 23, 2025

Copy link
Copy Markdown

Here's the code health analysis summary for commits e31f62f..b17b5fe. View details on DeepSource ↗.

Analysis Summary

AnalyzerStatusSummaryLink
DeepSource C & C++ LogoC & C++❌ Failure
❗ 8 occurences introduced
🎯 5 occurences resolved
View Check ↗
DeepSource Shell LogoShell✅ SuccessView Check ↗
DeepSource Secrets LogoSecrets✅ SuccessView Check ↗
DeepSource Test coverage LogoTest coverage⚠️ Artifact not reportedTimed out: Artifact was never reportedView Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

@ComixHe
ComixHe merged commit ee4e07a into OpenAtom-Linyaps:master Jul 23, 2025
15 of 17 checks passed
Comment thread src/linyaps_box/app.cpp
Comment on lines 38 to 44
std::stringstream result;
for (int i = 0; i < argc; ++i) {
result << " \"";
for (char *c = argv[i]; *c; ++c) {
for (const char *c = argv[i]; *c != '\0'; ++c) {
if (*c == '\\') {
result << "\\\\";
} else if (*c == '"') {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The manual handling of character escaping in the command line arguments is both error-prone and hard to maintain. Consider using a standard library function or a dedicated utility for escaping strings to improve security and maintainability. This approach would reduce the risk of missing edge cases and make the code cleaner and easier to understand.

For example, you could use a function like std::string escape_string(const std::string& input) that handles all escaping internally, simplifying the main logic flow.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inclusion of <cstring> suggests the use of C-style string functions. In modern C++ projects, it's generally recommended to use C++ strings and standard library functions which provide better safety and are more in line with modern C++ practices. If possible, consider replacing C-style string manipulations with their C++ counterparts to enhance code safety and readability.

@@ -77,7 +76,7 @@ bool force_log_to_stderr()

bool stderr_is_a_tty()
{

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using syslog directly with str.c_str() can lead to format string vulnerabilities if str contains format specifiers. This is a security risk as it might allow attackers to execute arbitrary code or cause a crash.

Recommendation:
Ensure that the string passed to syslog is sanitized or use a format string that treats the input as a literal, e.g., syslog(level, "%s", str.c_str());.

Comment on lines 79 to 80

unsigned int get_current_log_level()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use of a static variable for storing the result of isatty(fileno(stderr)) is not thread-safe in C++ standards before C++11. This might lead to data races if multiple threads attempt to initialize this static variable concurrently.

Recommendation:
Consider using std::call_once along with std::once_flag to ensure thread-safe initialization of the static variable.

}

private:
std::ostringstream ss;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Logger class uses std::ostringstream to accumulate log messages, which is not inherently thread-safe. In a multi-threaded application, this could lead to data races or corrupted log outputs when multiple threads use the same logger instance. Recommendation: Consider implementing a thread-safety mechanism, such as mutexes, to synchronize access to the std::ostringstream instance, or ensure that each thread has its own logger instance.

Comment on lines 99 to 101
if (code == EINTR || code == EAGAIN) {
continue;
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The handling of the ENOSYS error code immediately sets support_openat2 to false and breaks the loop, which might lead to performance issues if openat2 is not supported, as the system repeatedly tries an unsupported syscall. Consider checking the availability of openat2 once statically or at the start of the function to avoid unnecessary syscall attempts.

Suggested Change:

static bool checked_openat2 = false;
if (!checked_openat2) {
    // Attempt to call openat2 once to check support
    checked_openat2 = true;
    // Set support_openat2 based on the result or catch block
}
if (support_openat2) {
    // existing code
}

Comment on lines 30 to 31
throw std::system_error(errno, std::system_category(), "symlinkat");
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message provided in the std::system_error is very generic ("symlinkat"). It would be more helpful to include a detailed message that describes the context or reason for the failure. This can be achieved by appending std::strerror(errno) to the error message, which provides a description of the error code. For example:

throw std::system_error(errno, std::system_category(), "Failed to create symlink: " + std::string(std::strerror(errno)));

Comment on lines +13 to +17
void symlink(const std::filesystem::path &target, const std::filesystem::path &link_path);

void symlink_at(const std::filesystem::path &target,
const file_descriptor &dirfd,
const std::filesystem::path &link_path);
const file_descriptor &dirfd,
const std::filesystem::path &link_path);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function Naming Conflict

The function symlink defined here conflicts with the standard POSIX symlink function. This can lead to confusion or linking errors in environments where POSIX functions are also used.

Recommendation: Consider renaming the function to something more unique, such as create_symlink, to avoid naming conflicts and enhance code clarity.

Comment on lines +13 to +17
void symlink(const std::filesystem::path &target, const std::filesystem::path &link_path);

void symlink_at(const std::filesystem::path &target,
const file_descriptor &dirfd,
const std::filesystem::path &link_path);
const file_descriptor &dirfd,
const std::filesystem::path &link_path);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing Error Handling

The functions symlink and symlink_at do not provide any mechanism for error handling. Operations on file systems can fail for various reasons (e.g., permissions issues, non-existent paths), and handling these errors is crucial for robust software.

Recommendation: Modify the function signatures to return a status code or throw exceptions to indicate failure, allowing client code to handle these situations appropriately.

{
LINYAPS_BOX_DEBUG() << "touch " << path << " at " << inspect_fd(root.get());
int fd = ::openat(root.get(), path.c_str(), O_CREAT | O_WRONLY, 0666);
const auto fd = ::openat(root.get(), path.c_str(), O_CREAT | O_WRONLY, 0666);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file is created with permissions set to 0666, which allows read and write access to all users. This could lead to security vulnerabilities if the file contains sensitive information. Consider using more restrictive permissions, such as 0644 (readable by everyone, writable only by the owner), to enhance security.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant