spaces in filenames causes "scope_check" in rulesets to fail

[yilmazdurmaz]

I have some files with spaces in their names.

I was getting errors because names are split before use and seen as if there are multiple files. I first thought it was my shell scripts causing the issue. Instead of using wildcards, I pull all file names with find and process them within a loop.

But after fixing issues and making sure scripts are fine, I traced it throught the rules and found this and similar lines in other rules all having the same issue: file's name is not read as a whole thus it complains with multiple "cannot open file" errors.

scope_check -N1 -c rn $FLAGS $ARGS

If I try to use this scope_check in console, with quoted names, then it works fine. But running it in rulesets, it gives this name split problem.

After a bit of hacking into cobra_prim.c (commented out 235 and 241), I could see $ARGS holds the name of the file. I tried adding quotes around it as I did in shell scripts, then it errors out saying "Unterminated quoted string".

For small number of file, or for files I own renaming is the solution to go. But that is applicable for multi-user or remote projects.

Since it is not common to have such names and not all rulesets use this scope_check, this is not such an urgent problem to fix asap. But, of course, would be nice to have it gone.

[yilmazdurmaz]

I will include another issue, relating $COBRA and $ARGS used in this scope, namely using them in an interactive shell to send commands to host

[nimble-code]

yes, this is an issue on windows systems only, where filenames can contain space.
in those cases the spaces have to be escaped or the filename has to be enclosed in quotes.
scope_check is called as an external tool in a couple of the rule-libraries (jpl, p10, and the misra rules).
it looks like the escapes or quotes from the command-line aren't passed along in that case.
I'm not sure yet how that could be remedied...

[yilmazdurmaz]

unfortunately, it is not staying in Windows. Desktop versions of Mac and Linux also permits spaces in names. But when going to console, then the headache starts.

This case I have is in Linux. I work in an Ubuntu machine and I fetched some public repos to test from the internet.

[yilmazdurmaz]

@nimble-code,

I made a small change in cobra_prim.c, in the next 4 lines from line 234. I basically wrapped file names in quotes and now rules with scope_check seemingly work without any change in them.

		{	strcat(c, " \"");
			assert(strlen(c)+strlen(f->s) < n);
			strcat(c, f->s);
			strcat(c, "\"");

However, I am not sure if this brokes anything else later. My knowledge of C is only around mid-levels.

Can you please check your asserts in the parent function? if it conforms well, please add this to your codebase.

YILMAZ

[nimble-code]

checked -- just needed to add +2 to the assertion as well
will be updated in the version 3.8 release later today