CWE 398 #8
Merged
CWE 398 #8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes error: Uninitialized variable: in [uninitvar] from Cppcheck.
The error is: Variable 'len' is modified inside assert statement. Assert statements are removed from release builds so the code inside assert statement is not executed. If the code is needed also in release builds, this is a bug.
* CI(title): Create a validation of PR titles workflow on pull_request_target * CI(title): Add extra required dummy arguments
* Show name, not just username, for new contributors if available and different from the username using GitHub API. * Fix heading level for What's changed section. * Add empty Highlights section with a call to fill it. * Update to the current badge image for Binder badge.
The generated release notes now contain members of supporters tier on Open Collective. We want to highlight financial contributions in the release notes. Monthly supporters seem like a fitting category in context of release. Current (draft) release notes are already updated. The list is randomized when generated. Images are not included because that would require generating content for the missing images and making them circular (more work and circular did not work for me). They are included under a heading at the end of highlights section, so not at the end, but not at the very beginning either. Also: Specify number of highlight items. Add heading for new addons. Use title case. Use 'tools' not 'modules' for heading. Add requests as pip dependency to get the URL
* contributing: Optimize text in release procedure Small working improvements. * finetune procedure
* i.segment: remove unused variable * lib/dspf: remove unused code. Moreover there was 3 unused variables
Use parson to have JSON as an output format support. The module has various flags to control the fields being output in case of plain shell format controlled by flags. All (-get) of these are enabled when using format=shell. format=plain now allows use of flags. This may need special handling in the future to resolve the edge cases in a better way.
Fixes cppcheck error: Uninitialized variable: buf [uninitvar]
…n source (#3873) The C translation of the Fortran alnfac() function was flawed, originated from confusion of Fortran 1-based array index and C's 0-based. An incorrect constant (A0) is also updated. This corrects the C code to mirror the original Fortran code (https://lib.stat.cmu.edu/apstat/177). Source: Royston, J. P. (1982). Algorithm AS 177: Expected Normal Order Statistics (Exact and Approximate). Journal of the Royal Statistical Society. Series C (Applied Statistics), 31(2), 161–165. https://doi.org/10.2307/2347982
The message now includes the expressions (except the excluded ones typically used only by maintainers) and examples (newly added).
#3818) * CI(deps): Update dependency flake8 to v7 * Use pipx to install Python packages * Move pytest-github-actions-annotate-failures install near pytest install * Use Python 3.10 and add toml and sarif extra to bandit install * Inject other python packages into pylint's pipx environment * Inject pytest dependencies in pylint pipx env * Include app pytest into pylint's pipx env * Split pytest-pylint pipx inject to not fail on no installable apps for pytest plugins --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Edouard Choinière <27212526+echoix@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* CI: Switch Travis to Ubuntu 22.04 (jammmy) Default Python version reported by Travis for 20.04 is 3.7.13. While that's still a supported version for 8.3 release if it would be released now, 2023-06-27 is end of support for 3.7, so it seems safe to not test the main branch with 3.7 at this point. Ubuntu 22.04 in Travis uses Python 3.10 by default according to the documentation. * Update wxgtk pkg to 4.0 * Replace custom install list by apt.txt file from GitHub Actions * Change shebang to use bash instead of POSIX sh (#3) * CI(travis): Add --with-pdal in linux.script.sh * CI(travis): Remove sudo: required as it has no effect * CI(travis): Fix warning os and dist missing from root * CI(travis): Fix warning matrix is an alias for jobs * CI(travis): Run make with make -j $(nproc) * CI(travis): Show MAKEFLAGS at start of script * CI(travis): use c++17 standard * CI(travis): Remove duplicated dist key in include array * CI(travis): Remove invalid --with-python from configure flags * CI(travis): Remove unused codecov upload * CI(travis): Remove irc notification * CI(travis): Add -Werror and -fPIC to CFLAGS and CXXFLAGS on make call * CI(travis): Limit runs on branches to main and release branches * CI(travis): Add -Wfatal-errors * db: Fix -Wdeprecated-non-prototype in describe.c for clang builds * CI(travis): Add --no-keep-going in MAKEFLAGS to stop on errors * db: Fix -Wdeprecated-non-prototype in odbc driver's fetch.c for clang builds * db: Fix -Wdeprecated-non-prototype in odbc driver's listtab.c for clang builds --------- Co-authored-by: Edouard Choinière <27212526+echoix@users.noreply.github.com>
The _grass.script.setup.init_ function modifies os.environ. While os.environ is fit for many, if not most, cases, usage in tests and parallel processing is limited and in all cases, os.environ stays partially modified even after session is finished (we don't destroy the runtime environment, i.e., variables such as GISBASE). With this change, _init_ takes _env_ parameter specifying the environment to modify and it modifies that environment. When no _env_ is provided, it still modifies os.environ, so the default behavior is not changed. This required only few changes to the initialization code, but more changes were needed for the cleanup code. A lot of tests can now take advantage of this functionality and this PR updates some of them. I plan to update all where it is applicable, but will leave as is some others, namely those which use ctypes (situation is more complex there) and _grass.jupyter_ (_env_ parameter is not implemented for most of them). There is plenty of tests covering it, but the cleanup part which needed most changes does not have any coverage. I don't think there is much concern in terms of API because _env_ parameters is what we now have in many functions. The only uncertainty with that is whether it should create its own copy or modify the provided environment. I go with modify because that makes the copy explicit in the call which is more clear (caller or reader is sure a copy is created) and it is consistent with how os.environ is modified.
* pytest: Create slow and needs_solo_run markers * python: Apply needs_solo_run marker to two pygrass grid tests * CI(pytest): Run tests marked need_solo_run separately with a single runner * pytest: Revert timeout to 300 seconds
) * wxGUI/gmodeler: fix conflicting flags in 'Create relation' dialog * meanwhile, fix the button size to see them in the default pop-up * fix #3862
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
According to LAS specification, the first return number is 1. Fixes #3827
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* location is renamed to project in 8.4
Fix dead store warning in d.linegraph module Co-authored-by: Shubham Vasudeo Desai <sdesai8@vclvm179-48.vcl.ncsu.edu>
nix: improve nix development environment * inherit build dependencies from grass package * add `dev-help` function
* CI(pre-commit): Enable markdownlint fixes * CI: Add fix: true in .markdownlint.yml for tools using that config key * Update .markdownlint.yml * Update v.surf.rst.html to remove trailing whitespaces
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
d.linegraph: Initialize uninitialized variable for input files (OSGeo#3852
lib/gis: Fix CWE 398 in user_config (https://github.com/OSGeo/grass/pull/3874[)](https://github.com/a0x8o/grass/commit/6e7787bc7dcf52a46f20ab21a4bb33e74c0433af)
CI(Titles): Validate PR titles in CI (https://github.com/OSGeo/grass/pull/3877[)](https://github.com/a0x8o/grass/commit/a2d9ad8523332a1a372d7661204aac4061c2b691)
contributing: Refine generated release notes (https://github.com/OSGeo/grass/pull/3876[)](https://github.com/a0x8o/grass/commit/8566e31e2688f97a134cb22c9575a24ec03e4d6b)
contributing: Add monthly financial supporters to release notes (OSGeo#3883
contributing: Optimize text in release procedure (https://github.com/OSGeo/grass/pull/3882[)](https://github.com/a0x8o/grass/commit/b787bcc9700e61b93ad899cbed12d86047a249d5)
style: Remove some unused variables (https://github.com/OSGeo/grass/pull/3866[)](https://github.com/a0x8o/grass/commit/04fd63ca07b6ffd5d9531e714b05f89b2a642fe1)
v.info: add JSON support (https://github.com/OSGeo/grass/pull/3755[)](https://github.com/a0x8o/grass/commit/f3204e7783dcaf42fb42c756026a22f49bf233e1)
lib/gis: Fix uninitialized variable env.c (https://github.com/OSGeo/grass/pull/3892[)](https://github.com/a0x8o/grass/commit/fd508b23e3bb9eb78f181ad1158717214c665177)
lib/cdhc: correct C translation of Cdhc_alnfac() from original Fortra…
contributing: Improve message for failing PR title check (https://github.com/OSGeo/grass/pull/3891[)](https://github.com/a0x8o/grass/commit/75cd34a04b5e93cc45ceceabb5bc2e84eb28b333)
CI(deps): Update dependency flake8 to v7 and use pipx to isolate tools (
renovate[bot] and echoix committed last week
CI(deps): Update pre-commit hook pycqa/flake8 to v7 (https://github.com/OSGeo/grass/pull/3855[)](https://github.com/a0x8o/grass/commit/784741708f46e1d43b5da868296e232620d6a4c7)
renovate[bot] committed last week
CI: Switch Travis to Ubuntu 22.04 and fix non-prototype in ODBC (OSGeo#3002
wenzeslaus and echoix committed last week
grass.script: Allow init to modify only specified environment (OSGeo#3438
CI(pytest): Run tests marked need_solo_run separately (https://github.com/OSGeo/grass/pull/3879[)](https://github.com/a0x8o/grass/commit/afd76107b0235d29c6eb7cff7b78f456922dc32b)
wxGUI/gmodeler: fix conflicting flags in 'Create relation' dialog (OSGeo#3865
CI(deps): Update peter-evans/create-pull-request action to v6.1.0 (](982b9b1339b0e2c11baf0f9ef79b373a3ee29c89)https://github.com/OSGeo/grass/pull/3895
wxGUI/gmodeler: fix adding data from menu (https://github.com/OSGeo/grass/pull/3881[)](https://github.com/a0x8o/grass/commit/55b14b176b94d9d5422dffd17b1d06b21d721fca)
CI(deps): Update docker/build-push-action action to v6 (https://github.com/OSGeo/grass/pull/3897[)](https://github.com/a0x8o/grass/commit/318251dae4c086b7de987fabf1c894a0523fa707)
grass.jupyter: Add LayerControl to InteractiveMap by default (OSGeo#3880
r.in.pdal: use 1 based return numbers in LAS info output (https://github.com/OSGeo/grass/pull/3907[)](https://github.com/a0x8o/grass/commit/da134529232a2784706d455cbb5b773deb1bd493)
Commits on Jun 20, 2024
CI(deps): Update softprops/action-gh-release action to v2.0.6 (OSGeo#3908
CI(deps): Update docker/dockerfile:1.8 Docker digest to e87caa7 (OSGeo#3894
contributing: move GitHub workflow docs into separate file (https://github.com/OSGeo/grass/pull/3875[)](https://github.com/a0x8o/grass/commit/30751a026e99f0c9f5ca913d43c761d057a68b03)
packaging: Add Nix files for creating development environment and the…
Commits on Jun 21, 2024
CI(deps): Update docker/build-push-action action to v6.1.0 (https://github.com/OSGeo/grass/pull/3913[)](https://github.com/a0x8o/grass/commit/7ad3e34c069bb2387451ed3d0ab4a17f01a776be)
CI(deps): Update alpine:3.20 Docker digest to b89d9c9 (https://github.com/OSGeo/grass/pull/3914[)](https://github.com/a0x8o/grass/commit/004b916c4f66a12b5e2b713f4925570666fb73e2)
renovate[bot] committed last week
doc: help_loc_structure -> help_project_structure (https://github.com/OSGeo/grass/pull/3910[)](https://github.com/a0x8o/grass/commit/e18a39994cbab1940755855a16b0bf7cfaa731e4)
v.external: delete duplicated layer requirement definition (https://github.com/OSGeo/grass/pull/3902[)](https://github.com/a0x8o/grass/commit/1efff48a456acbb068cb5e31ea0e0f93cf0d03ac)
Commits on Jun 22, 2024
CI: Cancel in progress jobs for other workflows (https://github.com/OSGeo/grass/pull/3904[)](https://github.com/a0x8o/grass/commit/acee505efeb8a8b1ba7923bfbb754da6320ce712)
libvector/neta: fix memory leaks (https://github.com/OSGeo/grass/pull/3618[)](https://github.com/a0x8o/grass/commit/af6e7da9da7ce81fe2cc16c36b97bf37c977bb7a)
r.texture: support parallel computing by OpenMP (https://github.com/OSGeo/grass/pull/3857[)](https://github.com/a0x8o/grass/commit/a24714ec1fcca3699d1b1d810c48ed5dac9f0bee)
Commits on Jun 23, 2024
grass.app: Refactor PATH setup in grass init script and grass.script.…
d.linegraph: Fix null pointer issue in qsort call (https://github.com/OSGeo/grass/pull/3878[)](https://github.com/a0x8o/grass/commit/3f124c5c789681a9f7996ebbea4d7c43b9478415)
v.surf.rst: Cross-validation OpenMP support (https://github.com/OSGeo/grass/pull/3590[)](https://github.com/a0x8o/grass/commit/f825a223c28f7cd5ab6d075bd02b8f5e73956c4a)
d.legend.vect: Fix dead store warnings in draw.c (https://github.com/OSGeo/grass/pull/3922[)](https://github.com/a0x8o/grass/commit/f49bdf48bdcbe9e64c87c573066139f8348c1e35)
wxGUI: update menu creation explanations (https://github.com/OSGeo/grass/pull/3920[)](https://github.com/a0x8o/grass/commit/5d25c53517ab6eb339ad07177cfc8ec9d79f0df8)
CI(super-linter): Specify linter rules path to pick up configuration …
d.linegraph: Fix dead store warning in main.c (https://github.com/OSGeo/grass/pull/3918[)](https://github.com/a0x8o/grass/commit/541276ac7e4a568d92692951a5c3076475f22f2a)
CI: add nix to the list of allowed commit prefixes (https://github.com/OSGeo/grass/pull/3925[)](https://github.com/a0x8o/grass/commit/df371ecc93efb0d342d54e013b68a19bd9e2692e)
packaging: improve nix development environment (https://github.com/OSGeo/grass/pull/3924[)](https://github.com/a0x8o/grass/commit/9599acab14702d2b7907e229f20610d9e9f9a0dd)
CI(pre-commit): Enable markdownlint fixes (https://github.com/OSGeo/grass/pull/3916[)](https://github.com/a0x8o/grass/commit/4b5b6cf9a7fa77da6e1de5e3e99a1eddf19acde0)
CI(deps): Update clang-format to v17 (https://github.com/OSGeo/grass/pull/3860[)](https://github.com/a0x8o/grass/commit/4a35e80a1856cfc3b185c0c333a4508adaf34437)
CI(deps): Update docker/build-push-action action to v6.2.0 (https://github.com/OSGeo/grass/pull/3931[)](https://github.com/a0x8o/grass/commit/093895168e8e67595eceb00a747d837157b0085a)