You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Below is a summary of compliance checks for this PR:
Security Compliance
⚪
Unsafe file write
Description: The function now writes inav_enums.json to the current working directory without validation or user control, which can overwrite existing files and enables potential path confusion or unintended distribution of data if run in untrusted directories. gen_enum_md.py [259-279]
Referred Code
out.append(f"- [{e.name}](#enum-{e.name.lower()})")
out.append("")
foreinsorted(enums, key=lambdax: x.name.lower()):
jsonfile[e.name] = {}
out.append("---")
out.append(f"## <a id=\"enum-{e.name.lower()}\"></a>`{e.name}`\n")
ife.source_note:
out.append(f"> Source: {e.source_note}\n")
jsonfile[e.name]['_source'] =e.source_noteout.append("| Enumerator | Value | Condition |")
out.append("|---|---:|---|")
foritine.items:
name_md=f"`{it.name}`"val=it.value_displaycond=it.condout.append(f"| {name_md} | {val} | {cond} |")
jsonfile[e.name][name_md.strip('`')] = [val, cond] iflen(cond)>0elsevalout.append("")
# While we're at it, chuck this all into a JSON filePath("inav_enums.json").write_text(json.dumps(jsonfile,indent=4), encoding="utf-8")
return"\n".join(out)
Integrity check bypass
Description: The script echoes the checksum hash and updates msp_messages.checksum automatically on mismatch without verification or user confirmation, which could allow unnoticed tampering of msp_messages.json to persist by updating the trusted checksum. gen_docs.sh [1-17]
Description: Adding an interactive read -n 1 -s -r -p "Press any key to continue" blocks non-interactive or CI executions and can cause stuck pipelines, enabling denial-of-service in automated environments. gen_docs.sh [24-27]
Referred Code
echo gen_enum_md.py
python gen_enum_md.py
rm all_enums.h
read -n 1 -s -r -p "Press any key to continue"
Unvalidated path input
Description: The --inav-root argument is used to construct a path without validation or sandboxing, which could read arbitrary files if untrusted input is supplied; at minimum, it lacks checks to ensure it points inside the expected repository tree. get_all_inav_enums_h.py [94-107]
Referred Code
parser=argparse.ArgumentParser(description='Collect all enums from INAV sources.')
parser.add_argument(
'--inav-root',
default='../inav/src/main',
help="Path to the INAV 'src/main' directory (default: %(default)s)",
)
returnparser.parse_args()
args=parse_args()
base_dir=Path(args.inav_root).expanduser()
forsdinSUBDIRS:
root=base_dir/sdifnotroot.is_dir():
Ticket Compliance
⚪
🎫 No ticket provided
Create ticket/issue
Codebase Duplication Compliance
⚪
Codebase context is not defined
Follow the guide to enable codebase context checks.
Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code
Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: Missing audit log: The new generation of an external JSON file inav_enums.json lacks any logging of the action (who/when/what), making auditability of this critical generation step unclear.
Referred Code
out.append(f"- [{e.name}](#enum-{e.name.lower()})")
out.append("")
foreinsorted(enums, key=lambdax: x.name.lower()):
jsonfile[e.name] = {}
out.append("---")
out.append(f"## <a id=\"enum-{e.name.lower()}\"></a>`{e.name}`\n")
ife.source_note:
out.append(f"> Source: {e.source_note}\n")
jsonfile[e.name]['_source'] =e.source_noteout.append("| Enumerator | Value | Condition |")
out.append("|---|---:|---|")
foritine.items:
name_md=f"`{it.name}`"val=it.value_displaycond=it.condout.append(f"| {name_md} | {val} | {cond} |")
jsonfile[e.name][name_md.strip('`')] = [val, cond] iflen(cond)>0elsevalout.append("")
# While we're at it, chuck this all into a JSON filePath("inav_enums.json").write_text(json.dumps(jsonfile,indent=4), encoding="utf-8")
return"\n".join(out)
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: No write error handling: Writing inav_enums.json via Path(...).write_text(...) occurs without try/except or validation, so file I/O errors or serialization issues would fail without context.
Referred Code
# While we're at it, chuck this all into a JSON filePath("inav_enums.json").write_text(json.dumps(jsonfile,indent=4), encoding="utf-8")
return"\n".join(out)
Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data.
Status: Unstructured logging: The script echoes raw hashes and messages without structured format, which may hinder automated auditing and could inadvertently expose internal paths or metadata depending on environment.
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities
Status: Input not validated: The new --inav-root argument is used to construct paths without validation or safeguards (e.g., existence checks beyond per-subdir, traversal constraints), which could lead to unexpected file scanning.
Referred Code
parser=argparse.ArgumentParser(description='Collect all enums from INAV sources.')
parser.add_argument(
'--inav-root',
default='../inav/src/main',
help="Path to the INAV 'src/main' directory (default: %(default)s)",
)
returnparser.parse_args()
args=parse_args()
base_dir=Path(args.inav_root).expanduser()
forsdinSUBDIRS:
root=base_dir/sdifnotroot.is_dir():
Description: The function now writes a JSON file inav_enums.json to the current working directory without validation or user control, which could overwrite existing files or leak data depending on where the script is run; this uncontrolled file output presents a possible path for data exposure or unintended file modification. gen_enum_md.py [253-279]
Referred Code
jsonfile= {}
out= []
out.append("# Enumerations\n")
out.append("**Auto-generated reference for MSP, refer to source for development, not this file, due to variations with #ifdefs which needs verification.**\n")
out.append("## Table of contents\n")
foreinsorted(enums, key=lambdax: x.name.lower()):
out.append(f"- [{e.name}](#enum-{e.name.lower()})")
out.append("")
foreinsorted(enums, key=lambdax: x.name.lower()):
jsonfile[e.name] = {}
out.append("---")
out.append(f"## <a id=\"enum-{e.name.lower()}\"></a>`{e.name}`\n")
ife.source_note:
out.append(f"> Source: {e.source_note}\n")
jsonfile[e.name]['_source'] =e.source_noteout.append("| Enumerator | Value | Condition |")
out.append("|---|---:|---|")
foritine.items:
name_md=f"`{it.name}`"val=it.value_displaycond=it.cond
... (clipped6lines)
Insecure build script usage
Description: The script derives expected by awk '{print $1}' msp_messages.checksum and updates the checksum file with only the raw hash, altering the previously two-field format and echoing the hash; while primarily integrity logic, invoking external tools and modifying files based on computed hashes could be abused if run in an untrusted directory (e.g., path injection in tools or manipulated files), representing a possible integrity risk in automation contexts. gen_docs.sh [1-17]
Description: The script accepts a user-provided --inav-root path and recursively scans it without sandboxing or validation, which could enable unintended traversal and processing of large or sensitive directory trees if misused, posing a possible information exposure or DoS risk when run with broad permissions. get_all_inav_enums_h.py [94-107]
Referred Code
parser=argparse.ArgumentParser(description='Collect all enums from INAV sources.')
parser.add_argument(
'--inav-root',
default='../inav/src/main',
help="Path to the INAV 'src/main' directory (default: %(default)s)",
)
returnparser.parse_args()
args=parse_args()
base_dir=Path(args.inav_root).expanduser()
forsdinSUBDIRS:
root=base_dir/sdifnotroot.is_dir():
Ticket Compliance
⚪
🎫 No ticket provided
Create ticket/issue
Codebase Duplication Compliance
⚪
Codebase context is not defined
Follow the guide to enable codebase context checks.
Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code
Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: Unlogged Action: The function now writes a JSON file (inav_enums.json) to disk without any accompanying audit/log entry indicating who triggered it, when, and the outcome.
Referred Code
# While we're at it, chuck this all into a JSON filePath("inav_enums.json").write_text(json.dumps(jsonfile,indent=4), encoding="utf-8")
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: Missing Error Handling: New file write of inav_enums.json does not handle potential I/O errors (exceptions, permissions, disk full) or report actionable context.
Referred Code
# While we're at it, chuck this all into a JSON filePath("inav_enums.json").write_text(json.dumps(jsonfile,indent=4), encoding="utf-8")
return"\n".join(out)
Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data.
Status: Unstructured Logging: The script echoes raw checksum values and messages without structured logging, which may hinder automated auditing though no sensitive data is exposed.
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities
Status: Input Validation: The new --inav-root argument is accepted and used to traverse the filesystem without validation or safeguards (e.g., path existence already checked per subdir, but no normalization or restriction), which may pose risks depending on execution context.
Referred Code
parser=argparse.ArgumentParser(description='Collect all enums from INAV sources.')
parser.add_argument(
'--inav-root',
default='../inav/src/main',
help="Path to the INAV 'src/main' directory (default: %(default)s)",
)
returnparser.parse_args()
args=parse_args()
base_dir=Path(args.inav_root).expanduser()
forsdinSUBDIRS:
root=base_dir/sdifnotroot.is_dir():
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Final-ish revision to structure and docgen for now, will focus on other stuff, correct various type errors in the spec and removes redundant fields
PR Type
Enhancement, Documentation
Description
Restructured array field definitions in MSP JSON schema
array_ctypefield from all array definitionsctypenow contains base element typearray_size_definefield for symbolic size referencesEnhanced documentation generation tools
format_ctype()function for proper array type formattingdescribe_array_bytes()helper for size calculationssizeof_entry()logic for array size handlingGenerated JSON enum export and improved build tooling
inav_enums.json)Corrected enum references and field descriptions throughout spec
accHardware_e→accelerationSensor_e)Diagram Walkthrough
File Walkthrough
4 files
Enhanced array formatting and size calculation logicAdded JSON enumeration export functionalityMade INAV source path configurable via argumentsUpdated build script with path configuration and checksums1 files
Restructured array definitions and corrected enum references5 files
Updated documentation format and array size notationsAdded new enums and corrected existing enum definitionsUpdated schema documentation with new array field structureSimplified revision header formatAdded deprecation warning to obsolete reference2 files
Updated checksum for revised JSON schemaIncremented revision number to version 2