Use check with FAIL instead of assertions to avoid CWE-404 faults in tests for pdalc_pipeline

jimmysoda · jimmysoda · commit 58976a551b6c · 2019-05-15T13:45:08.000-04:00
Addresses resource leaks identified by Coverity Scan. See: * http://cwe.mitre.org/data/definitions/404.html * https://scan4.coverity.com/doc/en/cov_checker_ref.html#static_checker_RESOURCE_LEAK
diff --git a/tests/pdal/test_pdalc_pipeline.c.in b/tests/pdal/test_pdalc_pipeline.c.in
@@ -1,4 +1,3 @@
-
 /******************************************************************************
  * Copyright (c) 2019, Simverge Software LLC. All rights reserved.
  *
@@ -61,13 +60,35 @@ static void teardown_test_pdalc_pipeline(void *arg)
 TEST testPDALCreateAndDisposePipeline(void)
 {
     PDALPipelinePtr pipeline = PDALCreatePipeline(NULL);
-    ASSERT_EQ(NULL, pipeline);
+
+    // Use check with FAIL instead of assertions to avoid CWE-404
+    // See http://cwe.mitre.org/data/definitions/404.html
+    // See https://scan4.coverity.com/doc/en/cov_checker_ref.html#static_checker_RESOURCE_LEAK
+
+    if (pipeline)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALCreatePipeline returned a non-null pipeline when given a NULL argument");
+    }
 
     pipeline = PDALCreatePipeline("");
-    ASSERT_EQ(NULL, pipeline);
+
+    if (pipeline)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALCreatePipeline returned a non-null pipeline when given an empty string argument");
+    }
 
     pipeline = PDALCreatePipeline("This is not a valid pipeline, it's not even JSON");
-    ASSERT_EQ(NULL, pipeline);
+
+    if (pipeline)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALCreatePipeline returned a non-null pipeline when given a string argument with an invalid pipeline");
+    }
 
     pipeline = PDALCreatePipeline(gPipelineJson);
     ASSERT(pipeline);
@@ -81,15 +102,33 @@ TEST testPDALCreateAndDisposePipeline(void)
 TEST testPDALGetPipelineAsString(void)
 {
     PDALPipelinePtr pipeline = PDALCreatePipeline(gPipelineJson);
-    ASSERT_FALSE(pipeline == NULL);
+    ASSERT(pipeline);
 
     int64_t count = PDALExecutePipeline(pipeline);
-    ASSERT(count > 0);
+
+    if (count <= 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALExecutePipeline returned a non-positive point count for a valid pipeline");
+    }
 
     char json[1024];
     size_t size = PDALGetPipelineAsString(pipeline, json, 1024);
-    ASSERT(size > 0 && size <= 1024);
-    ASSERT_FALSE(json[0] == '\0');
+
+    if (size == 0 || size > 1024)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineAsString returned a string size equal to zero or greater than the provided buffer size");
+    }
+
+    if (json[0] == '\0')
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineAsString generated a JSON string whose first character is null");
+    }
 
     // Make sure that the JSON object's name is "pipeline"
     char jsonName[16];
@@ -98,7 +137,13 @@ TEST testPDALGetPipelineAsString(void)
 #else
     sscanf(json, "%*s\n\t%10s", jsonName);
 #endif
-    ASSERT_STR_EQ("\"pipeline\"", jsonName);
+
+    if (strncmp("\"pipeline\"", jsonName, 10) != 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineMetadata generated a JSON string whose object name is not \"pipeline\"");
+    }
 
     PDALDisposePipeline(pipeline);
     PASS();
@@ -110,12 +155,34 @@ TEST testPDALGetPipelineMetadata(void)
     ASSERT(pipeline);
 
     int64_t count = PDALExecutePipeline(pipeline);
-    ASSERT(count > 0);
+
+    // Use check with FAIL instead of assertions to avoid CWE-404
+    // See http://cwe.mitre.org/data/definitions/404.html
+    // See https://scan4.coverity.com/doc/en/cov_checker_ref.html#static_checker_RESOURCE_LEAK
+
+    if (count <= 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALExecutePipeline returned a non-positive point count for a valid pipeline");
+    }
 
     char json[1024];
     size_t size = PDALGetPipelineMetadata(pipeline, json, 1024);
-    ASSERT(size > 0 && size <= 1024);
-    ASSERT_FALSE(json[0] == '\0');
+
+    if (size == 0 || size > 1024)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineMetadata returned a string size equal to zero or greater than the provided buffer size");
+    }
+
+    if (json[0] == '\0')
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineMetadata generated a JSON string whose first character is null");
+    }
 
     // Make sure that the JSON object's name is "metadata"
     char jsonName[16];
@@ -124,7 +191,13 @@ TEST testPDALGetPipelineMetadata(void)
 #else
     sscanf(json, "%*s\n\t%10s", jsonName);
 #endif
-    ASSERT_STR_EQ("\"metadata\"", jsonName);
+
+    if (strncmp("\"metadata\"", jsonName, 10) != 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineMetadata generated a JSON string whose object name is not \"schema\"");
+    }
 
     PDALDisposePipeline(pipeline);
     PASS();
@@ -136,12 +209,34 @@ TEST testPDALGetPipelineSchema(void)
     ASSERT(pipeline);
 
     int64_t count = PDALExecutePipeline(pipeline);
-    ASSERT(count > 0);
+
+    // Use check with FAIL instead of assertions to avoid CWE-404
+    // See http://cwe.mitre.org/data/definitions/404.html
+    // See https://scan4.coverity.com/doc/en/cov_checker_ref.html#static_checker_RESOURCE_LEAK
+
+    if (count <= 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALExecutePipeline returned a non-positive point count for a valid pipeline");
+    }
 
     char json[2048];
     size_t size = PDALGetPipelineSchema(pipeline, json, 2048);
-    ASSERT(size > 0 && size <= 2048);
-    ASSERT_FALSE(json[0] == '\0');
+
+    if (size == 0 || size > 2048)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineSchema returned a string size equal to zero or greater than the provided buffer size");
+    }
+
+    if (json[0] == '\0')
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineSchema generated a JSON string whose first character is null");
+    }
 
     // Make sure that the JSON object's name is "schema"
     char jsonName[16];
@@ -150,7 +245,13 @@ TEST testPDALGetPipelineSchema(void)
 #else
     sscanf(json, "%*s\n\t%10s", jsonName);
 #endif
-    ASSERT_STR_EQ("\"schema\"", jsonName);
+
+    if (strncmp("\"schema\"", jsonName, 8) != 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALGetPipelineSchema generated a JSON string whose object name is not \"schema\"");
+    }
 
     PDALDisposePipeline(pipeline);
     PASS();
@@ -162,22 +263,49 @@ TEST testPDALGetSetPipelineLog(void)
     ASSERT(pipeline);
 
     int64_t count = PDALExecutePipeline(pipeline);
-    ASSERT(count > 0);
+
+    // Use check with FAIL instead of assertions to avoid CWE-404
+    // See http://cwe.mitre.org/data/definitions/404.html
+    // See https://scan4.coverity.com/doc/en/cov_checker_ref.html#static_checker_RESOURCE_LEAK
+
+    if (count <= 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALExecutePipeline returned a non-positive point count for a valid pipeline");
+    }
 
     // Test valid cases: 0 to 8
     char log[1024];
 
     for (int i = 0; i < 9; ++i)
     {
         PDALSetPipelineLogLevel(pipeline, i);
-        int j = PDALGetPipelineLogLevel(pipeline);
-        ASSERT_EQ(i, j);
+
+        if (i != PDALGetPipelineLogLevel(pipeline))
+        {
+            PDALDisposePipeline(pipeline);
+            pipeline = NULL;
+            FAILm("PDALGetPipelineLogLevel returned a number different than the immediately preceding PDALSetPipelineLogLevel call's argument");
+        }
     }
 
     // TODO Determine why all levels yield empty logs
     size_t size = PDALGetPipelineLog(pipeline, log, 1024);
-    //ASSERT(size > 0 && size <= 1024);
-    //ASSERT_FALSE(log[0] == '\0');
+
+    //  if (size == 0 || size > 1024)
+    //  {
+    //      PDALDisposePipeline(pipeline);
+    //      pipeline = NULL;
+    //      FAILm("PDALGetPipelineLog returned a string size equal to zero or greater than the provided buffer size");
+    //  }
+
+    //  if (log[0] == '\0')
+    //  {
+    //      PDALDisposePipeline(pipeline);
+    //      pipeline = NULL;
+    //      FAILm("PDALGetPipelineLog generated a JSON string whose first character is null");
+    //  }
 
     PDALDisposePipeline(pipeline);
 
@@ -190,10 +318,26 @@ TEST testPDALExecutePipeline(void)
     ASSERT(pipeline);
 
     int64_t count = PDALExecutePipeline(pipeline);
-    ASSERT(count > 0);
+
+    // Use check with FAIL instead of assertions to avoid CWE-404
+    // See http://cwe.mitre.org/data/definitions/404.html
+    // See https://scan4.coverity.com/doc/en/cov_checker_ref.html#static_checker_RESOURCE_LEAK
+
+    if (count <= 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALExecutePipeline returned a non-positive point count for a valid pipeline");
+    }
 
     count = PDALExecutePipeline(NULL);
-    ASSERT_EQ(0, count);
+
+    if (count != 0)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALExecutePipeline returned a positive count for a null pipeline");
+    }
 
     PDALDisposePipeline(pipeline);
     PASS();
@@ -202,11 +346,18 @@ TEST testPDALExecutePipeline(void)
 TEST testPDALValidatePipeline(void)
 {
     bool valid = PDALValidatePipeline(NULL);
-    ASSERT_FALSEm("Null pipeline evaluated as valid when it should be invalid", valid);
+    ASSERT_FALSEm("PDALValidatePipeline returned true for a NULL pipeline argument", valid);
 
     PDALPipelinePtr pipeline = PDALCreatePipeline(gPipelineJson);
     ASSERT(pipeline);
     valid = PDALValidatePipeline(pipeline);
+
+    if (!valid)
+    {
+        PDALDisposePipeline(pipeline);
+        pipeline = NULL;
+        FAILm("PDALValidatePipeline returned false for a valid pipeline");
+    }
     ASSERTm("Valid pipeline evaluated as invalid", valid);
 
     PASS();
