Merge remote-tracking branches 'ariel/SecurityPolicy' and 'zanzaben/c…

…rc_overhaul' into main
nasa · Mar 5, 2021 · 262c396 · 262c396
3 parents b02864b + dc17629 + 558b20c
commit 262c396
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 23 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,12 +4,38 @@
 
 To report a vulnerability for the tblCRCTool subsystem please [submit an issue](https://github.com/nasa/tblCRCTool/issues/new/choose).
 
-For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose) and see our [top-level security policy](https://github.com/nasa/cFS/security/policy).
+For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose) and see our [top-level security policy](https://github.com/nasa/cFS/security/policy) for additional information.
 
 In either case please use the "Bug Report" template and provide as much information as possible. Apply appropraite labels for each report. For security related reports, tag the issue with the "security" label.
 
+## Testing
+
+**Disclaimer: nasa/tblCRCTool is not responsible for any liability incurred under the [Apache License 2.0](https://github.com/nasa/tblCRCTool/blob/main/LICENSE).**
+
+Testing is an important aspect our team values to improve tblCRCTool. 
+
+To view tools used for the cFS bundle, see our [top-level security policy](https://github.com/nasa/cFS/security/policy). 
+
+### CodeQL
+
+The [tblCRCTool CodeQL GitHub Actions workflow](https://github.com/nasa/tblCRCTool/actions/workflows/codeql-build.yml) is available to the public. To review the results, fork the tblCRCTool repository and run the CodeQL workflow. 
+
+CodeQL is ran for every push and pull-request on all branches of tblCRCTool in GitHub Actions. 
+
+For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-action. 
+
+### Cppcheck
+
+The [tblCRCTool Cppcheck GitHub Actions workflow and results](https://github.com/nasa/tblCRCTool/actions/workflows/static-analysis.yml) are available to the public. To view the results, select a workflow and download the artifacts. 
+
+Cppcheck is ran for every push on the main branch and every pull request on all branches of tblCRCTool in Github Actions. 
+
+For more information about Cppcheck, visit http://cppcheck.sourceforge.net/.
+
 ## Additional Support
 
-For additional support, email us at cfs-program@lists.nasa.gov. For help using OSAL and cFS, [subscribe to our mailing list](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc.
+For additional support, submit a GitHub issue. You can also email the cfs community at cfs-community@lists.nasa.gov. 
+
+You can subscribe to the mailing list [here](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc.
 
-If you wish to report a cybersecurity incident or concern please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov.
+If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov.
diff --git a/cfe_ts_crc.c b/cfe_ts_crc.c
@@ -31,7 +31,7 @@
  *  Inputs: One string containing the filename of the table file to CRC.
  *
  *  Outputs: Prints to the terminal the filename, size, and CRC.
- *           Returns the CRC.
+ *           Returns 0 if successful.
  *
  *  Author: Mike Blau, GSFC Code 582
  */
@@ -40,6 +40,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <errno.h>
 
 #include "cfe_ts_crc_version.h"
 
@@ -102,20 +103,20 @@ uint32 CalculateCRC(void *DataPtr, uint32 DataLength, uint32 InputCRC)
 
 int main(int argc, char **argv)
 {
-    int    readSize;
-    int    skipSize = 0;
-    int    fileSize = 0;
-    uint32 fileCRC  = 0;
-    int    fd;
-    int    done = 0;
-    char   buffer[100];
+    ssize_t readSize;
+    off_t   skipSize = 0;
+    ssize_t fileSize = 0;
+    uint32  fileCRC  = 0;
+    int     fd;
+    char    buffer[100];
+    off_t   offsetReturn = 0;
 
     /* check for valid input */
     if ((argc != 2) || (strncmp(argv[1], "--help", 100) == 0))
     {
         printf("%s\n", CFE_TS_CRC_VERSION_STRING);
         printf("\nUsage: cfe_ts_crc [filename]\n");
-        exit(0);
+        exit(1);
     }
     /* Set to skip the header (116 bytes) */
     skipSize = sizeof(CFE_FS_Header_t) + sizeof(CFE_TBL_File_Hdr_t);
@@ -125,31 +126,44 @@ int main(int argc, char **argv)
     if (fd < 0)
     {
         printf("\ncfe_ts_crc error: can't open input file!\n");
-        exit(0);
+        perror(argv[1]);
+        exit(1);
     }
     /* seek past the number of bytes requested */
-    lseek(fd, skipSize, SEEK_SET);
+    offsetReturn = lseek(fd, skipSize, SEEK_SET);
+    if (offsetReturn != skipSize)
+    {
+        printf("\ncfe_ts_crc error: lseek failed!\n");
+        printf("%s\n", strerror(errno));
+        exit(1);
+    }
 
     /* read the input file 100 bytes at a time */
-    while (done == 0)
+    do
     {
-        readSize = read(fd, buffer, 100);
-        fileCRC  = CalculateCRC(buffer, readSize, fileCRC);
+        readSize = read(fd, buffer, sizeof(buffer));
+        if (readSize < 0)
+        {
+            printf("\ncfe_ts_crc error: file read failed!\n");
+            printf("%s\n", strerror(errno));
+            exit(1);
+        }
+        fileCRC = CalculateCRC(buffer, readSize, fileCRC);
         fileSize += readSize;
-        if (readSize != 100)
-            done = 1;
-    }
+    } while (readSize > 0);
+
     /* print the size/CRC results */
-    printf("\nTable File Name:            %s\nTable Size:                 %d Bytes\nExpected TS Validation CRC: "
+    printf("\nTable File Name:            %s\nTable Size:                 %ld Bytes\nExpected TS Validation CRC: "
            "0x%08X\n\n",
            argv[1], fileSize, fileCRC);
 
     /* Close file and check*/
     if (close(fd) != 0)
     {
         printf("\nerror: Cannot close file!\n");
-        exit(0);
+        printf("%s\n", strerror(errno));
+        exit(1);
     }
 
-    return (fileCRC);
+    return (0);
 }