Inconsistency between "RNC shell SH.FLOW.CheckUser example" and "I-code COMDESIGNActiveWait LEX" #158
Labels
Milestone
Comments
furmanc
changed the title
furmanc
changed the title
furmanc
changed the title
|
Another example that justify "read" command shall be excluded from the list of ActiveWait commands is describe below. Indded, in this example read command is a nominal shell use to read each file line. LISTE_PRODUITS=file.txt while read line |
|
Ok, because it generates too many false positive, |
begarco
added a commit
that referenced
this issue
Jan 19, 2020
Merged
begarco
added a commit
that referenced
this issue
Feb 10, 2020
* Refactoring for i-Code 4 (#164) * start of refactoring to remove rcp from command line and core analyzer * Second step * All languages are built * Fix export string problem and add new supported features * All rules integrated. * Finalized command line version. - three languages supported - plugin system available - packaging on build available - directory as argument available - deletion of parallel analysis * Add version information to command line * Add parametrized unit tests * Update .travis.yml * fix encoding issues, prepare new packagings and clean up repository * update pom to fix issues and deploy library * fix shell-rules pom * minor changes * Refactoring * Add functional icode-ide working with a icode-libray jar put in icode-library-plugin // Refactor code // Add some license headers * RCP versions are reintegrated as icode-ide * Update CI (deploy and jdk) + start new readme * Update .travis.yml * Change to icode 4 + README * Change README * Update README.md * Fix compatibility with JRE>8 && update CI * deploy only on build on jdk11 * Remove build on jdk8 * [#166] Fix #166 by adding heredoc support to metrics * [#166] Fix #166 by adding heredoc support to metrics * [#166] Fix #166 by adding here string support to shell metrics * [#145] Add coverage with jacoco * [#142] Add i-Code version in xml reports * Fix #168: support of for with double parentheses * Fix #158 Remove 'read' from active wait functions * #187 Complete contributing requirements * #187 Fix layout * #187 fix plan * #187 Add issue templates * #187 add a template with checklist for PR * Delete PULL_REQUEST_TEMPLATE.md Move template into .github folder * Delete ISSUE_TEMPLATE.md Move template into .github * Update CONTRIBUTING.md * Update CONTRIBUTING.md * Update CONTRIBUTING.md * #165 add execution rights for icode-app scripts * #158 fix tests * #165 Update README to match the new structure * Update .travis.yml * Update .travis.yml * Update .travis.yml * Update README.md * Add coverage for SonarQube * Use Junit Jupiter 5 to run tests * Convert test to JUnit 5 tests with generalisation of chercker tests * add sonar-project.properties
Merged
Merged
|
In the version 4.0, the function "read" is still detected as COM.DESIGN.ActiveWait error. example : RNC shell rule SH.FLOW.CheckUser |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected behavior
The correct example for RNC shell rule SH.FLOW.CheckUser allows the usage of read command:
if [ "${current_user}" == "root" ]; then
echo "! Execution avec les droits de $current_user !"
echo -n "! Voulez-vous continuer (Oui,Non) ?"
read reponse
if [ "${reponse}" == "N" ] || [ "${reponse}" == "Non" ] || [
"${reponse}" == "n" ] || [ "${reponse}" == "non" ]; then
echo "Sortie du script ..."
exit
fi
fi
So if we copy this example in our shell script, we expect no error.
Actual behavior
In i-code LEX of COMDESIGNActiveWait rule "read" is considered as active wait command:
ACTWAIT = "read" | "sleep" | "wait"
So if we copy the RNC correct example of rule SH.FLOW.CheckUser (above) we have an COMDESIGNActiveWait error
Steps to reproduce behavior
Use the example of RNC shell rule SH.FLOW.CheckUser (above) in a script
Detection version
V3.0.1
The text was updated successfully, but these errors were encountered: