New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Fortify findings caused by point2grid changes in #1345. #1509
Comments
Two PDF files show the number of new high and low findings but not where (filename and line number). I'm not sure how many findings are from nc_utils.cc. I started #1492 already and some refactoring were done at nc_utils.cc which could affect the fortify result. I will working this after #1492. It's not good practice but some of fortify issues will be fixed with #1492. |
One high on point2grid
Please let me know if this should be corrected. There are more instances of this case. |
On 20201020, the counts successfully decreased, as described below: Fortify Counts for develop on 20201019: Critical=0 High=355 Medium=0 Low=1068 |
Howard, a compilation problem popped up via the automated Docker build for the develop branch after merging these changes. Specifically on lines 1845 and 1882 pb2nc.cc:
The version of the compiler used by the container doesn't like that syntax. Since we want to make MET compile on as many compiler families and versions possible, I'd recommend fixing this issue. Here's the compiler error:
|
Describe the Task
After feature 1345 was merged into the develop branch, 2 new high and 29 new low Fortify findings appeared in the nightly run of Fortify on the develop branch.
This task is to refine the code to make those findings go away.
I have attached PDF's of the Fortify findings from 20201004 and 20201006. The corresponding FPR and MBS files can be found on dakota:
/d3/projects/MET/MET_regression/develop/SAVE-NB20201004/fortify_sca
/d3/projects/MET/MET_regression/develop/SAVE-NB20201006/fortify_sca
There were additional increases for Fortify noted on kiowa for the develop branch. Also fix these.
Foritfy Counts for develop on 20201014: Critical=0 High=353 Medium=0 Low=1053
Fortify Counts for develop on 20201015: Critical=0 High=355 Medium=0 Low=1068
/d1/projects/MET/MET_regression/MET-develop/scripts/fortify/run_nightly.sh: The Fortify counts have CHANGED in NB20201015.
Time Estimate
Estimate the amount of work required here.
Issues should represent approximately 1 to 3 days of work.
Sub-Issues
Consider breaking the task down into sub-issues.
Relevant Deadlines
List relevant project deadlines here or state NONE.
Funding Source
Define the source of funding and account keys here or state NONE.
Define the Metadata
Assignee
Labels
Projects and Milestone
Define Related Issue(s)
Consider the impact to the other METplus components.
Task Checklist
See the METplus Workflow for details.
Branch name:
feature_<Issue Number>_<Description>
Pull request:
feature <Issue Number> <Description>
Select: Reviewer(s), Project(s), Milestone, and Linked issues
The text was updated successfully, but these errors were encountered: