Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-124457: Remove coverity from CPython repo (GH-124460) 

Remove coverity from CPython repo.
This commit is contained in:
Mariatta 2024-09-27 13:42:32 -07:00 committed by GitHub
parent 3387f76b8f
commit 6cba6e1df2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 2 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Misc/NEWS.d/next/Documentation/2024-09-24-11-52-36.gh-issue-124457.yrCjSV.rst Normal file
View File

@ -0,0 +1,2 @@
Remove coverity scan from the CPython repo. It has not been used since 2020
and is currently unmaintained.

1
Misc/README
View File

@ -17,7 +17,6 @@ python.man UNIX man page for the python interpreter
python.pc.in Package configuration info template for pkg-config
README The file you're reading now
README.AIX Information about using Python on AIX
README.coverity Information about running Coverity's Prevent on Python
README.valgrind Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt Describes extra symbols you can set for debug builds
svnmap.txt Map of old SVN revs and branches to hg changeset ids,

22
Misc/README.coverity
View File

@ -1,22 +0,0 @@
Coverity has a static analysis tool (Prevent) which is similar to Klocwork.
They run their tool on the Python source code (SVN head) on a daily basis.
The results are available at:
http://scan.coverity.com/
About 20 people have access to the analysis reports. Other
people can be added by request.
Prevent was first run on the Python 2.5 source code in March 2006.
There were originally about 100 defects reported. Some of these
were false positives. Over 70 issues were uncovered.
Each warning has a unique id and comments that can be made on it.
When checking in changes due to a warning, the unique id
as reported by the tool was added to the SVN commit message.
False positives were annotated so that the comments can
be reviewed and reversed if the analysis was incorrect.
Contact python-dev@python.org for more information.

179
Misc/coverity_model.c
View File

@ -1,179 +0,0 @@
/* Coverity Scan model
*
* This is a modeling file for Coverity Scan. Modeling helps to avoid false
* positives.
*
* - A model file can't import any header files.
* - Therefore only some built-in primitives like int, char and void are
* available but not wchar_t, NULL etc.
* - Modeling doesn't need full structs and typedefs. Rudimentary structs
* and similar types are sufficient.
* - An uninitialized local pointer is not an error. It signifies that the
* variable could be either NULL or have some data.
*
* Coverity Scan doesn't pick up modifications automatically. The model file
* must be uploaded by an admin in the analysis settings of
* http://scan.coverity.com/projects/200
*/
/* dummy definitions, in most cases struct fields aren't required. */
#define NULL (void *)0
#define assert(op) /* empty */
typedef int sdigit;
typedef long Py_ssize_t;
typedef unsigned short wchar_t;
typedef struct {} PyObject;
typedef struct {} grammar;
typedef struct {} DIR;
typedef struct {} RFILE;
/* Python/pythonrun.c
* resource leak false positive */
void Py_FatalError(const char *msg) {
__coverity_panic__();
}
/* Objects/longobject.c
* NEGATIVE_RETURNS false positive */
static PyObject *get_small_int(sdigit ival)
{
/* Never returns NULL */
PyObject *p;
assert(p != NULL);
return p;
}
PyObject *PyLong_FromLong(long ival)
{
PyObject *p;
int maybe;
if ((ival >= -5) && (ival < 257 + 5)) {
p = get_small_int(ival);
assert(p != NULL);
return p;
}
if (maybe)
return p;
else
return NULL;
}
PyObject *PyLong_FromLongLong(long long ival)
{
return PyLong_FromLong((long)ival);
}
PyObject *PyLong_FromSsize_t(Py_ssize_t ival)
{
return PyLong_FromLong((long)ival);
}
/* tainted sinks
*
* Coverity considers argv, environ, read() data etc as tainted.
*/
PyObject *PyErr_SetFromErrnoWithFilename(PyObject *exc, const char *filename)
{
__coverity_tainted_data_sink__(filename);
return NULL;
}
/* Python/fileutils.c */
wchar_t *Py_DecodeLocale(const char* arg, size_t *size)
{
wchar_t *w;
__coverity_tainted_data_sink__(arg);
__coverity_tainted_data_sink__(size);
return w;
}
/* Python/marshal.c */
static Py_ssize_t r_string(char *s, Py_ssize_t n, RFILE *p)
{
__coverity_tainted_string_argument__(s);
return 0;
}
static long r_long(RFILE *p)
{
long l;
unsigned char buffer[4];
r_string((char *)buffer, 4, p);
__coverity_tainted_string_sanitize_content__(buffer);
l = (long)buffer;
return l;
}
/* Coverity doesn't understand that fdopendir() may take ownership of fd. */
DIR *fdopendir(int fd)
{
DIR *d;
if (d) {
__coverity_close__(fd);
}
return d;
}
/* Modules/_datetime.c
*
* Coverity thinks that the input values for these function come from a
* tainted source PyDateTime_DATE_GET_* macros use bit shifting.
*/
static PyObject *
build_struct_time(int y, int m, int d, int hh, int mm, int ss, int dstflag)
{
PyObject *result;
__coverity_tainted_data_sanitize__(y);
__coverity_tainted_data_sanitize__(m);
__coverity_tainted_data_sanitize__(d);
__coverity_tainted_data_sanitize__(hh);
__coverity_tainted_data_sanitize__(mm);
__coverity_tainted_data_sanitize__(ss);
__coverity_tainted_data_sanitize__(dstflag);
return result;
}
static int
ymd_to_ord(int year, int month, int day)
{
int ord = 0;
__coverity_tainted_data_sanitize__(year);
__coverity_tainted_data_sanitize__(month);
__coverity_tainted_data_sanitize__(day);
return ord;
}
static int
normalize_date(int *year, int *month, int *day)
{
__coverity_tainted_data_sanitize__(*year);
__coverity_tainted_data_sanitize__(*month);
__coverity_tainted_data_sanitize__(*day);
return 0;
}
static int
weekday(int year, int month, int day)
{
int w = 0;
__coverity_tainted_data_sanitize__(year);
__coverity_tainted_data_sanitize__(month);
__coverity_tainted_data_sanitize__(day);
return w;
}