解决和修复静态分析工具SPLINT指出的漏洞
Solving and fixing vulnerability pointed by the static analysis tool SPLINT
我正在处理我的项目并尝试 运行 夹板以查看一些隐藏的漏洞并提高我的代码质量,我 运行 夹板在我的项目的一个 .c 文件上我遇到了这 4 个警告
Splint 3.1.2 --- 20 Feb 2018
quit_again_final.c: (in function quit)
quit_again_final.c:10:5: Return value (type int) ignored: scanf("%s", ans)
Result returned by function call is not used. If this is intended, can cast
result to (void) to eliminate message. (Use -retvalint to inhibit warning)
quit_again_final.c:11:9: Incompatible types for == (char, char):
tolower(ans[0]) == 'y'
A character constant is used as an int. Use +charintliteral to allow
character constants to be used as ints. (This is safe since the actual type
of a char constant is int.)
quit_again_final.c: (in function again)
quit_again_final.c:26:5: Return value (type int) ignored: scanf("%s", ans1)
quit_again_final.c:27:9: Incompatible types for == (char, char):
tolower(ans1[0]) == 'y'
Finished checking --- 4 code warnings
我不太确定我应该采取哪些步骤来消除漏洞
.c文件如下
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<ctype.h>
#include"server.h"
void quit()
{
char ans[5];
printf("ARE YOU SURE YOU WANT TO QUIT THE WIZARD? Y OR N\n");
scanf("%s", ans);
if (tolower(ans[0]) == 'y')
{
final_print();
printf("\n\n");
printf("---THANK YOU FOR USING OUR PORTAL--\n");
}
else
{
main2();
}
}
void again()
{
char ans1[5];
printf("SEARCH AGAIN USING ID AND PASSWORD? Y OR N\n");
scanf("%s", ans1);
if (tolower(ans1[0]) == 'y')
{
main2();//FOR RE-LOGIN PROCESS
}
else
{
quit();
}
printf("\n\n\n\n\n\n");
}
void final_print()
{
printf("----------------FINAL STATEMENT OF LEAVE OF EACH EMPLOYEE------------------------\n\n");
int i;
for (i = 0; i < 5; i++)
{
printf("NAME : %s\n",emp[i].name);
printf("USER ID : %s\n",emp[i].id);
printf("CASUAL LEAVE LEFT : %d\n",emp[i].casual);
printf("MEDICAL LEAVE LEFT : %d\n",emp[i].medical);
printf("EARNED LEAVE LEFT : %d\n\n",emp[i].earned);
}
printf("---------THANK YOU FOR USING LEAVE MANEGMENT PORTAL-----\n");
}
有人可以指导我解决这些错误,因为我是处理这些错误的新手
错误重复出现,只需解决其中的 2 个错误即可解决整个文件
要消除 scanf 的警告,请尝试工具建议的操作:
(void)scanf("%s", ans);
要消除 tolower(ans[0]) == 'y' 的警告,试试这个:
if (tolower(ans[0]) == (int)'y')
但后者不应该是警告,因为在 C 中,char 文字(例如 'y')的类型是 int,因此 IMO 警告无论如何都是虚假的。
我正在处理我的项目并尝试 运行 夹板以查看一些隐藏的漏洞并提高我的代码质量,我 运行 夹板在我的项目的一个 .c 文件上我遇到了这 4 个警告
Splint 3.1.2 --- 20 Feb 2018
quit_again_final.c: (in function quit)
quit_again_final.c:10:5: Return value (type int) ignored: scanf("%s", ans)
Result returned by function call is not used. If this is intended, can cast
result to (void) to eliminate message. (Use -retvalint to inhibit warning)
quit_again_final.c:11:9: Incompatible types for == (char, char):
tolower(ans[0]) == 'y'
A character constant is used as an int. Use +charintliteral to allow
character constants to be used as ints. (This is safe since the actual type
of a char constant is int.)
quit_again_final.c: (in function again)
quit_again_final.c:26:5: Return value (type int) ignored: scanf("%s", ans1)
quit_again_final.c:27:9: Incompatible types for == (char, char):
tolower(ans1[0]) == 'y'
Finished checking --- 4 code warnings
我不太确定我应该采取哪些步骤来消除漏洞 .c文件如下
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<ctype.h>
#include"server.h"
void quit()
{
char ans[5];
printf("ARE YOU SURE YOU WANT TO QUIT THE WIZARD? Y OR N\n");
scanf("%s", ans);
if (tolower(ans[0]) == 'y')
{
final_print();
printf("\n\n");
printf("---THANK YOU FOR USING OUR PORTAL--\n");
}
else
{
main2();
}
}
void again()
{
char ans1[5];
printf("SEARCH AGAIN USING ID AND PASSWORD? Y OR N\n");
scanf("%s", ans1);
if (tolower(ans1[0]) == 'y')
{
main2();//FOR RE-LOGIN PROCESS
}
else
{
quit();
}
printf("\n\n\n\n\n\n");
}
void final_print()
{
printf("----------------FINAL STATEMENT OF LEAVE OF EACH EMPLOYEE------------------------\n\n");
int i;
for (i = 0; i < 5; i++)
{
printf("NAME : %s\n",emp[i].name);
printf("USER ID : %s\n",emp[i].id);
printf("CASUAL LEAVE LEFT : %d\n",emp[i].casual);
printf("MEDICAL LEAVE LEFT : %d\n",emp[i].medical);
printf("EARNED LEAVE LEFT : %d\n\n",emp[i].earned);
}
printf("---------THANK YOU FOR USING LEAVE MANEGMENT PORTAL-----\n");
}
有人可以指导我解决这些错误,因为我是处理这些错误的新手
错误重复出现,只需解决其中的 2 个错误即可解决整个文件
要消除 scanf 的警告,请尝试工具建议的操作:
(void)scanf("%s", ans);
要消除 tolower(ans[0]) == 'y' 的警告,试试这个:
if (tolower(ans[0]) == (int)'y')
但后者不应该是警告,因为在 C 中,char 文字(例如 'y')的类型是 int,因此 IMO 警告无论如何都是虚假的。