Nightly update

2021-02-18 04:11:09 +00:00 · 2021-02-18 04:11:09 +00:00 · 2c121f494f
commit 2c121f494f
parent 5e3800bfc9
5 changed files with 96 additions and 9 deletions
--- a/rules/S5443/csharp/rule.adoc
+++ b/rules/S5443/csharp/rule.adoc
@ -40,10 +40,7 @@ Out of the box, .NET is missing secure-by-design APIs to create temporary files.
 == Sensitive Code Example

 ----
-using (var writer = new StreamWriter("/tmp/f")) // Sensitive
-{  
-// ...
-}
+using var writer = new StreamWriter("/tmp/f"); // Sensitive
 ----

 ----
@ -56,11 +53,8 @@ var tmp = Environment.GetEnvironmentVariable("TMP"); // Sensitive
 var randomPath = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());

 // Creates a new file with write, non inheritable permissions which is deleted on close.
-using (var fileStream = new FileStream(randomPath, FileMode.CreateNew, FileAccess.Write, FileShare.None, 4096, FileOptions.DeleteOnClose))
-using (var writer = new StreamWriter(fileStream)) 
-{
-// ...
-}
+using var fileStream = new FileStream(randomPath, FileMode.CreateNew, FileAccess.Write, FileShare.None, 4096, FileOptions.DeleteOnClose);
+using var writer = new StreamWriter(fileStream);
 ----

 include::../see.adoc[]
--- a/rules/S6163/cfamily/metadata.json
+++ b/rules/S6163/cfamily/metadata.json
@ -0,0 +1,3 @@
+{
+  
+}
--- a/rules/S6163/cfamily/rule.adoc
+++ b/rules/S6163/cfamily/rule.adoc
@ -0,0 +1 @@
+include::../rule.adoc[]
--- a/rules/S6163/metadata.json
+++ b/rules/S6163/metadata.json
@ -0,0 +1,28 @@
+{
+  "title": "Coroutine parameters should not become dangling references",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "10min"
+  },
+  "tags": [
+    "since-c++20",
+    "pitfall"
+  ],
+  "extra": {
+    "coveredLanguages": [
+      
+    ],
+    "replacementRules": [
+      
+    ]
+  },
+  "defaultSeverity": "Critical",
+  "ruleSpecification": "RSPEC-6163",
+  "sqKey": "S6163",
+  "scope": "All",
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ]
+}
--- a/rules/S6163/rule.adoc
+++ b/rules/S6163/rule.adoc
@ -0,0 +1,61 @@
+Coroutines which are introduced in {cpp}20 are functions which execution can be suspended and resumed. When a coroutine resumes, it takes over where it left thanks to the _coroutine state_.
+
+This _coroutine state_ is an object which contains all the information the coroutine needs to resume its execution correctly: local variables, copy of the parameters...
+
+
+That means that if the coroutine has a parameter which is a reference to an object, this object must exist as long as the coroutine is not destroyed. Otherwise, the reference stored in the _coroutine state_ will become a dangling reference and will lead to undefined behavior when the coroutine resumes.
+
+
+This rule detects when a coroutine parameter becomes a dangling reference. 
+
+To fix this, you can either pass the parameter by value or extend the lifetime of the parameter.
+
+
+== Noncompliant Code Example
+
+----
+generator<char> spell(const std::string& m) {
+    for (char letter : m) {
+        co_yield letter;
+    }
+}
+
+void print() {
+    for (char letter : spell("hello world")) { // Noncompliant, parameter becomes a dangling reference
+        std::cout << letter << '\n';
+    }
+}
+----
+
+
+== Compliant Solution
+
+----
+generator<char> spell(const std::string m) { // Either pass the argument by copy...
+    for (char letter : m) {
+        co_yield letter;
+    }
+}
+
+void print() {
+    for (char letter : spell("hello world")) {
+        std::cout << letter << '\n';
+    }
+}
+
+// Or
+
+generator<char> spell(const std::string& m) {
+    for (char letter : m) {
+        co_yield letter;
+    }
+}
+
+void print() {
+    std::string message = "hello world";
+    for (char letter : spell(message)) { // ... Or increase the lifetime of the parameter
+        std::cout << letter << '\n';
+    }
+}
+----
+