SYNERGY-512 SonarCloud vulnerabilities in Synergy-Core

* Fix all vulnerablilities from SonarCloud besides TLS * Update ChangeLog
symless · Mar 31, 2021 · 732d21a · 732d21a
1 parent 3c2810a
commit 732d21a
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 15 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -33,6 +33,7 @@ Bug fixes:
 - #6946 Add build stage to filename
 - #6950 Synergy client doesn't save the server address when rebooted
 - #6951 Fix issue creating standard version for Raspberry Pi
+- #6971 Fix vulnerabilities from SonarCloud
 
 Enhancements:
 - #6912 Removes UI for Screen Saver Sync and Files Drag and Drop

diff --git a/src/gui/src/QUtility.cpp b/src/gui/src/QUtility.cpp
@@ -22,6 +22,7 @@
 
 #if defined(Q_OS_LINUX)
 #include <QProcess>
+#include <QFile>
 #endif
 
 #if defined(Q_OS_WIN)
@@ -97,17 +98,14 @@ QString getOSInformation()
 
 #if defined(Q_OS_LINUX)
     result = "Linux";
-    try {
-        QStringList arguments;
-        arguments.append("/etc/os-release");
-        CommandProcess cp("/bin/cat", arguments);
-        QString output = cp.run();
 
+    QFile paramFile("/etc/os-release");
+    if(paramFile.open(QFile::ReadOnly | QFile::Text)) {
+        const QString fileStrings = QTextStream(&paramFile).readAll();
         QRegExp resultRegex(".*PRETTY_NAME=\"([^\"]+)\".*");
-        if (resultRegex.exactMatch(output)) {
+        if (resultRegex.exactMatch(fileStrings)) {
             result = resultRegex.cap(1);
         }
-    } catch (...) {
     }
 #endif
 

diff --git a/src/lib/arch/unix/ArchMultithreadPosix.cpp b/src/lib/arch/unix/ArchMultithreadPosix.cpp
@@ -728,6 +728,8 @@ ArchMultithreadPosix::doThreadFunc(ArchThread thread)
 
     catch (XThreadCancel&) {
         // client called cancel()
+        // set base value
+        result = NULL;
     }
     catch (...) {
         // note -- don't catch (...) to avoid masking bugs

diff --git a/src/lib/base/XBase.cpp b/src/lib/base/XBase.cpp
@@ -69,6 +69,7 @@ XBase::format(const char* /*id*/, const char* fmt, ...) const throw()
     }
     catch (...) {
         // ignore
+        result.clear();
     }
     va_end(args);
 

diff --git a/src/lib/net/SecureSocket.h b/src/lib/net/SecureSocket.h
@@ -44,7 +44,7 @@ class SecureSocket : public TCPSocket {
     SecureSocket& operator=(SecureSocket &&) =delete;
 
     // ISocket overrides
-    void                close();
+    virtual void        close();
 
     // IDataSocket overrides
     virtual void        connect(const NetworkAddress&);

diff --git a/src/lib/net/TCPListenSocket.cpp b/src/lib/net/TCPListenSocket.cpp
@@ -28,6 +28,7 @@
 #include "mt/Mutex.h"
 #include "arch/Arch.h"
 #include "arch/XArch.h"
+#include "base/Log.h"
 #include "base/IEventQueue.h"
 
 //
@@ -57,6 +58,7 @@ TCPListenSocket::~TCPListenSocket()
     }
     catch (...) {
         // ignore
+        LOG((CLOG_INFO "error while closing TCP socket"));
     }
     delete m_mutex;
 }

diff --git a/src/lib/net/TCPSocket.cpp b/src/lib/net/TCPSocket.cpp
@@ -77,10 +77,11 @@ TCPSocket::TCPSocket(IEventQueue* events, SocketMultiplexer* socketMultiplexer,
 TCPSocket::~TCPSocket()
 {
     try {
+        // warning virtual function in destructor is very danger practice
         close();
     }
     catch (...) {
-        // ignore
+        LOG((CLOG_DEBUG "error while TCP socket destruction"));
     }
 }
 
@@ -209,8 +210,9 @@ TCPSocket::shutdownInput()
         try {
             ARCH->closeSocketForRead(m_socket);
         }
-        catch (XArchNetwork&) {
-            // ignore
+        catch (XArchNetwork& e) {
+            // ignore, there's not much we can do
+            LOG((CLOG_WARN "error closing socket: %s", e.what()));
         }
 
         // shutdown buffer for reading
@@ -236,8 +238,9 @@ TCPSocket::shutdownOutput()
         try {
             ARCH->closeSocketForWrite(m_socket);
         }
-        catch (XArchNetwork&) {
-            // ignore
+        catch (XArchNetwork& e) {
+            // ignore, there's not much we can do
+            LOG((CLOG_WARN "error closing socket: %s", e.what()));
         }
 
         // shutdown buffer for writing
@@ -322,8 +325,9 @@ TCPSocket::init()
             ARCH->closeSocket(m_socket);
             m_socket = NULL;
         }
-        catch (XArchNetwork&) {
-            // ignore
+        catch (XArchNetwork& e) {
+            // ignore, there's not much we can do
+            LOG((CLOG_WARN "error closing socket: %s", e.what()));
         }
         throw XSocketCreate(e.what());
     }

diff --git a/src/lib/platform/XWindowsClipboard.cpp b/src/lib/platform/XWindowsClipboard.cpp
@@ -188,6 +188,7 @@ XWindowsClipboard::addSimpleRequest(Window requestor,
                 }
                 catch (...) {
                     // ignore -- cannot convert
+                    LOG((CLOG_WARN "error while converting clipboard data"));
                 }
             }
         }