How to get rid of "tainted parameter" in static analysis report?

Question

I am using Parasoft to analyze my code. I go this violation:

Tainted parameter of entry point method ("inFileName") has been printed on the console

This is the code where the error is:

static void printUsage(char *inFileName)
{
    printf("Usage: %s %s\n", inFileName, "[-h|-help|-usage]\n");
}

int main(int argc, char **argv)
{
    printUsage(argv[0]);
    return 0;
}

where inFileNAme is actually argv[0].

How can I fix the violation or at least make Parasoft satisfied?

Can you please try to create a [Minimal, Complete, and Verifiable Example](http://stackoverflow.com/help/mcve) and show us? — Some programmer dude, Jan 31 '17 at 07:52
Do you understand *why* `inFileName` is tainted, and just want to know how to fix it? Or are you unclear on the concept of tainted parameters in general, or specifically in this code? — hyde, Jan 31 '17 at 08:02
the problem is probably that "argv[0]" is signed as tainted because it is coming from out side and used with no check. — eyalm, Jan 31 '17 at 08:03
Doesn't Parasoft documentation cover, how to "sanitize" (or whatever word) a user-input string? — hyde, Jan 31 '17 at 08:03
i would like to know what kind of testing may make it purified. — eyalm, Jan 31 '17 at 08:04

Magisch · Accepted Answer · 2017-01-31T08:37:58.937

You're probably getting this warning because you don't sanitize your program parameter properly. For instance, if you would get a non-terminated string, the %s specifier in your printf would make your program keep reading (and printing) memory, causing undefined behavior and security concerns.

As to what a "Tainted parameter" is:

In software security analysis, a value is said to be tainted if it comes from an untrusted source (outside of the program’s control) and has not been sanitized to ensure that it conforms to any constraints on its value that consumers of the value require — for example, that all strings are null-terminated.

(source) (emphasis mine)

In order to ensure that your input value is proper, you can use a function like strdup.... :

static void printUsage(char *inFileName)
{
    char *inFile = strdup(inFileName);
    if (inFile == 0) {
    printf("Error with program Argument.");
    }else{
    printf("Usage: %s %s\n", inFile, "[-h|-help|-usage]\n");
    free(inFile);}
}

int main(int argc, char **argv)
{
    printUsage(argv[0]);
    return 0;
}

Huh? How strdup would sanitize string? – gizlu Jun 28 '22 at 17:26 — gizlu, Jun 28 '22 at 17:26

score 1 · Answer 2 · answered Jun 28 '22 at 17:02

1

I am assuming that strdup knows what to do with a NULL pointer (since you didn't check)?

Also, looking at the man page strdup adds a '\0' so this satisfies correctly terminating the string. Is this enough though to stop Coverity from considering this string tainted?

A more general answer might include an additional check for inFileName != NULL before anything else is done.

answered Jun 28 '22 at 17:02

World Python Developer

51
3

This appears to be a comment on another answer rather than an answer to the question itself (which anything posted in this area should be). – Adrian Mole Jul 02 '22 at 04:52
The very simple answer is to copy with a for loop from one memory location to another. The original memory location is considered tainted, the new one isn't. In your for loop you would likely check what is "valid" about your contents. I am skipping over many Coverity reason why this works, but is the easiest and most general approach. Although you double your memory requirements. – World Python Developer Nov 16 '22 at 15:51

How to get rid of "tainted parameter" in static analysis report?

2 Answers2