more

BrennanConroy · BrennanConroy · commit 4aea8e3fec3b · 2024-09-30T15:09:40.000-07:00
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/CommonLib/CommonLib.vcxproj b/src/Servers/IIS/AspNetCoreModuleV2/CommonLib/CommonLib.vcxproj
@@ -1,11 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\..\build\Build.Lib.Settings" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>{55494E58-E061-4C4C-A0A8-837008E72F85}</ProjectGuid>
     <RootNamespace>NewCommon</RootNamespace>
-    <RunCodeAnalysis>false</RunCodeAnalysis>
   </PropertyGroup>
+  <Import Project="..\..\build\Build.Lib.Settings" />
   <ItemDefinitionGroup>
     <ClCompile>
       <AdditionalIncludeDirectories>..\iislib;$(LibNetHostPath)</AdditionalIncludeDirectories>
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/CommonLib/RegistryKey.cpp b/src/Servers/IIS/AspNetCoreModuleV2/CommonLib/RegistryKey.cpp
@@ -18,7 +18,7 @@ std::optional<DWORD> RegistryKey::TryGetDWORD(HKEY section, const std::wstring&
 
 std::optional<std::wstring> RegistryKey::TryGetString(HKEY section, const std::wstring& subSectionName, const std::wstring& valueName)
 {
-    DWORD cbData;
+    DWORD cbData{};
 
     if (!CheckReturnValue(RegGetValue(section, subSectionName.c_str(), valueName.c_str(), RRF_RT_REG_SZ, nullptr, nullptr, &cbData)))
     {
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/CommonLib/StandardStreamRedirection.cpp b/src/Servers/IIS/AspNetCoreModuleV2/CommonLib/StandardStreamRedirection.cpp
@@ -156,6 +156,8 @@ void StandardStreamRedirection::Stop()
                 dwThreadStatus == STILL_ACTIVE)
             {
                 LOG_WARN(L"Thread reading stdout/err hit timeout, forcibly closing thread.");
+                // Using TerminateThread does not allow proper thread clean up.
+#pragma warning(suppress: 6258)
                 TerminateThread(m_hErrThread, STATUS_CONTROL_C_EXIT);
             }
         }
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/CommonLib/debugutil.cpp b/src/Servers/IIS/AspNetCoreModuleV2/CommonLib/debugutil.cpp
@@ -114,7 +114,7 @@ std::wstring
 GetModuleName()
 {
     WCHAR path[MAX_PATH];
-    LOG_LAST_ERROR_IF(!GetModuleFileName(g_hModule, path, sizeof(path)));
+    LOG_LAST_ERROR_IF(!GetModuleFileName(g_hModule, path, sizeof(path) / sizeof(WCHAR)));
     return path;
 }
 
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/DefaultRules.ruleset b/src/Servers/IIS/AspNetCoreModuleV2/DefaultRules.ruleset
@@ -12,9 +12,9 @@
     <Rule Id="C26116" Action="Error" />
     <Rule Id="C26117" Action="Error" />
     <Rule Id="C26130" Action="Error" />
-    <Rule Id="C26135" Action="Error" />
+    <Rule Id="C26135" Action="None" /> <!-- Missing annotation <annotation> at function '<func>' -->
     <Rule Id="C26140" Action="Error" />
-    <Rule Id="C26160" Action="Error" />
+    <Rule Id="C26160" Action="None" /> <!-- Caller possibly failing to hold lock '<lock>' before calling function '<func>'. -->
     <Rule Id="C26165" Action="Error" />
     <Rule Id="C26166" Action="Error" />
     <Rule Id="C26167" Action="Error" />
@@ -38,7 +38,7 @@
     <Rule Id="C26426" Action="Error" />
     <Rule Id="C26427" Action="Error" />
     <Rule Id="C26429" Action="None" /> <!-- Symbol is never tested for nullness, it can be marked as gsl::not_null. -->
-    <Rule Id="C26430" Action="Error" />
+    <Rule Id="C26430" Action="None" /> <!-- Symbol '<var>' is not tested for nullness on all paths  -->
     <Rule Id="C26431" Action="Error" />
     <Rule Id="C26432" Action="None" /> <!-- If you define or delete any default operation in the type 'type-name', define or delete them all -->
     <Rule Id="C26433" Action="None" /> <!-- Function should be marked with override -->
@@ -58,23 +58,24 @@
     <Rule Id="C26448" Action="None" /> <!-- Consider using gsl::finally if final action is intended -->
     <Rule Id="C26449" Action="Error" />
     <Rule Id="C26450" Action="Error" />
-    <Rule Id="C26451" Action="Error" />
+    <Rule Id="C26451" Action="None" /> <!-- Arithmetic overflow: Using operator '+' on a 4 byte value and then casting the result to a 8 byte value. Cast the value to the wider type before calling operator '+' to avoid overflow -->
     <Rule Id="C26452" Action="Error" />
     <Rule Id="C26453" Action="Error" />
     <Rule Id="C26454" Action="Error" />
     <Rule Id="C26455" Action="None" /> <!-- Default constructor should not throw. Declare it 'noexcept' -->
+    <Rule Id="C26457" Action="None" /> <!--  (void) should not be used to ignore return values, use 'std::ignore =' instead -->
     <Rule Id="C26459" Action="Error" />
     <Rule Id="C26460" Action="None" /> <!-- The reference argument 'argument' for function 'function' can be marked as const  -->
     <Rule Id="C26461" Action="None" /> <!-- The pointer argument 'argument' for function 'function' can be marked as a pointer to const -->
-    <Rule Id="C26462" Action="Error" />
+    <Rule Id="C26462" Action="None" /> <!--  The value pointed to by '<var>' is assigned only once, mark it as a pointer to const -->
     <Rule Id="C26463" Action="Error" />
     <Rule Id="C26464" Action="Error" />
     <Rule Id="C26465" Action="Error" />
     <Rule Id="C26466" Action="Error" />
     <Rule Id="C26467" Action="None" /> <!-- Converting from floating point to unsigned integral types results in non-portable code if the double/float has a negative value. -->
     <Rule Id="C26471" Action="None" /> <!-- Don't use reinterpret_cast. A cast from void* can use static_cast -->
     <Rule Id="C26472" Action="None" /> <!-- Don't use a static_cast for arithmetic conversions. Use brace initialization, gsl::narrow_cast, or gsl::narrow. -->
-    <Rule Id="C26473" Action="Error" />
+    <Rule Id="C26473" Action="None" /> <!-- Don't cast between pointer types where the source type and the target type are the same -->
     <Rule Id="C26474" Action="Error" />
     <Rule Id="C26475" Action="Error" />
     <Rule Id="C26476" Action="None" /> <!-- Expression/symbol 'name' uses a naked union 'union' with multiple type pointers: Use variant instead -->
@@ -99,6 +100,7 @@
     <Rule Id="C26818" Action="None" /> <!-- Switch statement does not cover all cases. Consider adding a 'default' label -->
     <Rule Id="C26819" Action="Error" />
     <Rule Id="C26826" Action="None" /> <!-- Don't use C-style variable arguments -->
+    <Rule Id="C26859" Action="None" /> <!-- Empty optional '<var>' is unwrapped, will throw exception. -->
     <Rule Id="C28020" Action="None" /> <!-- The expression 'expr' is not true at this call -->
     <Rule Id="C28021" Action="Error" />
     <Rule Id="C28022" Action="Error" />
@@ -220,8 +222,8 @@
     <Rule Id="C28246" Action="Error" />
     <Rule Id="C28250" Action="Error" />
     <Rule Id="C28251" Action="None" /> <!-- Inconsistent annotation for function: this instance has an error -->
-    <Rule Id="C28252" Action="Error" />
-    <Rule Id="C28253" Action="Error" />
+    <Rule Id="C28252" Action="None" /> <!-- Inconsistent annotation for '<func>': <param> has '<annotation>' on the prior instance. -->
+    <Rule Id="C28253" Action="None" /> <!-- Inconsistent annotation for '<func>': <param> has '<annotations>' on this instance -->
     <Rule Id="C28254" Action="Error" />
     <Rule Id="C28260" Action="Error" />
     <Rule Id="C28262" Action="Error" />
@@ -294,7 +296,7 @@
     <Rule Id="C6029" Action="Error" />
     <Rule Id="C6031" Action="None" /> <!-- Return value ignored: '<func>'. -->
     <Rule Id="C6053" Action="Error" />
-    <Rule Id="C6054" Action="Error" />
+    <Rule Id="C6054" Action="None" /> <!-- String '<var>' might not be zero-terminated. -->
     <Rule Id="C6059" Action="Error" />
     <Rule Id="C6063" Action="Error" />
     <Rule Id="C6064" Action="Error" />
@@ -396,7 +398,7 @@
     <Rule Id="C6385" Action="Error" />
     <Rule Id="C6386" Action="Error" />
     <Rule Id="C6387" Action="None" /> <!-- '<expr>' could be '<val>':  this does not adhere to the specification for the function '<func>' -->
-    <Rule Id="C6388" Action="Error" />
+    <Rule Id="C6388" Action="None" /> <!-- '<var>' might not be '<val>':  this does not adhere to the specification for the function '<func>' -->
     <Rule Id="C6400" Action="Error" />
     <Rule Id="C6401" Action="Error" />
     <Rule Id="C6411" Action="Error" />
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/IISLib/IISLib.vcxproj b/src/Servers/IIS/AspNetCoreModuleV2/IISLib/IISLib.vcxproj
@@ -5,7 +5,6 @@
     <ProjectGuid>{09D9D1D6-2951-4E14-BC35-76A23CF9391A}</ProjectGuid>
     <RootNamespace>IISLib</RootNamespace>
     <ProjectName>IISLib</ProjectName>
-    <RunCodeAnalysis>false</RunCodeAnalysis>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Release'" Label="Configuration">
     <WholeProgramOptimization>true</WholeProgramOptimization>
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/IISLib/base64.cpp b/src/Servers/IIS/AspNetCoreModuleV2/IISLib/base64.cpp
@@ -53,10 +53,12 @@ Return Values:
         *pcchEncoded = cchEncoded;
     }
 
-    if (cchEncodedStringSize == 0 && pszEncodedString == NULL) {
+    if (pszEncodedString == NULL) {
         return ERROR_SUCCESS;
     }
 
+    *pszEncodedString = 0;
+
     if (cchEncodedStringSize < cchEncoded) {
         // Given buffer is too small to hold encoded string.
         return ERROR_INSUFFICIENT_BUFFER;
@@ -66,8 +68,16 @@ Return Values:
     ib = ich = 0;
     while (ib < cbDecodedBufferSize) {
         b0 = pbDecodedBuffer[ib++];
-        b1 = (ib < cbDecodedBufferSize) ? pbDecodedBuffer[ib++] : 0;
-        b2 = (ib < cbDecodedBufferSize) ? pbDecodedBuffer[ib++] : 0;
+        b1 = 0;
+        b2 = 0;
+        if (ib < cbDecodedBufferSize)
+        {
+            b1 = pbDecodedBuffer[ib++];
+        }
+        if (ib < cbDecodedBufferSize)
+        {
+            b2 = pbDecodedBuffer[ib++];
+        }
 
         //
         // The checks below for buffer overflow seems redundant to me.
@@ -176,11 +186,20 @@ constexpr auto NA = (255);
     BYTE    b0, b1, b2, b3;
     BYTE *  pbDecodeBuffer = (BYTE *) pDecodeBuffer;
 
-    cchEncodedSize = (DWORD)wcslen(pszEncodedString);
-    if (NULL != pcbDecoded) {
+    if (NULL != pcbDecoded)
+    {
         *pcbDecoded = 0;
     }
 
+    if (pDecodeBuffer == NULL)
+    {
+        return ERROR_SUCCESS;
+    }
+
+    *pbDecodeBuffer = 0;
+
+    cchEncodedSize = (DWORD)wcslen(pszEncodedString);
+
     if ((0 == cchEncodedSize) || (0 != (cchEncodedSize % 4))) {
         // Input string is not sized correctly to be base64.
         return ERROR_INVALID_PARAMETER;
@@ -292,10 +311,12 @@ Return Values:
         *pcchEncoded = cchEncoded;
     }
 
-    if (cchEncodedStringSize == 0 && pszEncodedString == NULL) {
+    if (pszEncodedString == NULL) {
         return ERROR_SUCCESS;
     }
 
+    *pszEncodedString = 0;
+
     if (cchEncodedStringSize < cchEncoded) {
         // Given buffer is too small to hold encoded string.
         return ERROR_INSUFFICIENT_BUFFER;
@@ -305,8 +326,16 @@ Return Values:
     ib = ich = 0;
     while (ib < cbDecodedBufferSize) {
         b0 = pbDecodedBuffer[ib++];
-        b1 = (ib < cbDecodedBufferSize) ? pbDecodedBuffer[ib++] : 0;
-        b2 = (ib < cbDecodedBufferSize) ? pbDecodedBuffer[ib++] : 0;
+        b1 = 0;
+        b2 = 0;
+        if (ib < cbDecodedBufferSize)
+        {
+            b1 = pbDecodedBuffer[ib++];
+        }
+        if (ib < cbDecodedBufferSize)
+        {
+            b2 = pbDecodedBuffer[ib++];
+        }
 
         //
         // The checks below for buffer overflow seems redundant to me.
@@ -415,11 +444,18 @@ Return Values:
     BYTE    b0, b1, b2, b3;
     BYTE *  pbDecodeBuffer = (BYTE *) pDecodeBuffer;
 
-    cchEncodedSize = (DWORD)strlen(pszEncodedString);
     if (NULL != pcbDecoded) {
         *pcbDecoded = 0;
     }
 
+    if (pDecodeBuffer == NULL) {
+        return ERROR_SUCCESS;
+    }
+
+    *pbDecodeBuffer = 0;
+
+    cchEncodedSize = (DWORD)strlen(pszEncodedString);
+
     if ((0 == cchEncodedSize) || (0 != (cchEncodedSize % 4))) {
         // Input string is not sized correctly to be base64.
         return ERROR_INVALID_PARAMETER;
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/IISLib/stringa.cpp b/src/Servers/IIS/AspNetCoreModuleV2/IISLib/stringa.cpp
@@ -135,6 +135,12 @@ STRA::QueryStr(
     return m_Buff.QueryPtr();
 }
 
+VOID STRA::EnsureNullTerminated()
+{
+    // m_cchLen represents the strings length, not the underlying buffer length
+    m_Buff.QueryPtr()[m_cchLen] = '\0';
+}
+
 VOID
 STRA::Reset(
 )
@@ -695,7 +701,7 @@ Return Value:
 
     _ASSERTE( pch );
 
-    while (pch[i] != NULL)
+    while ((DWORD)i < m_cchLen && pch[i] != NULL)
     {
         //
         //  Escape characters that are in the non-printable range
@@ -1153,7 +1159,7 @@ STRA::AuxAppendW(
     // ensure we're still NULL terminated in the right spot
     // (regardless of success or failure)
     //
-    QueryStr()[m_cchLen] = '\0';
+    EnsureNullTerminated();
 
     return hr;
 }
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/IISLib/stringa.h b/src/Servers/IIS/AspNetCoreModuleV2/IISLib/stringa.h
@@ -143,6 +143,9 @@ class STRA
     QueryStr(
     ) const;
 
+
+    VOID EnsureNullTerminated();
+
     VOID
     Reset(
     );
diff --git a/src/Servers/IIS/AspNetCoreModuleV2/IISLib/util.cpp b/src/Servers/IIS/AspNetCoreModuleV2/IISLib/util.cpp
@@ -47,6 +47,9 @@ Return Values:
                 // we need to change it to Win32 from ("\\?\")
                 //
 
+                // Buffer overrun while writing to 'pstrPath->QueryStr()'
+                // We know it's not an overrun because we just copied pszName into pstrPath and pszName is at least 4 in length
+#pragma warning(suppress: 6386)
                 pstrPath->QueryStr()[2] = L'?';
             }
 

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ std::optional<DWORD> RegistryKey::TryGetDWORD(HKEY section, const std::wstring&`
`18`	`18`
`19`	`19`	`std::optional<std::wstring> RegistryKey::TryGetString(HKEY section, const std::wstring& subSectionName, const std::wstring& valueName)`
`20`	`20`	`{`
`21`		`- DWORD cbData;`
	`21`	`+ DWORD cbData{};`
`22`	`22`
`23`	`23`	`if (!CheckReturnValue(RegGetValue(section, subSectionName.c_str(), valueName.c_str(), RRF_RT_REG_SZ, nullptr, nullptr, &cbData)))`
`24`	`24`	`{`
Original file line number	Diff line number	Diff line change
`@@ -156,6 +156,8 @@ void StandardStreamRedirection::Stop()`
`156`	`156`	`dwThreadStatus == STILL_ACTIVE)`
`157`	`157`	`{`
`158`	`158`	`LOG_WARN(L"Thread reading stdout/err hit timeout, forcibly closing thread.");`
	`159`	`+ // Using TerminateThread does not allow proper thread clean up.`
	`160`	`+#pragma warning(suppress: 6258)`
`159`	`161`	`TerminateThread(m_hErrThread, STATUS_CONTROL_C_EXIT);`
`160`	`162`	`}`
`161`	`163`	`}`
Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,7 @@ std::wstring`
`114`	`114`	`GetModuleName()`
`115`	`115`	`{`
`116`	`116`	`WCHAR path[MAX_PATH];`
`117`		`- LOG_LAST_ERROR_IF(!GetModuleFileName(g_hModule, path, sizeof(path)));`
	`117`	`+ LOG_LAST_ERROR_IF(!GetModuleFileName(g_hModule, path, sizeof(path) / sizeof(WCHAR)));`
`118`	`118`	`return path;`
`119`	`119`	`}`
`120`	`120`
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,9 @@ Return Values:`
`47`	`47`	`// we need to change it to Win32 from ("\\?\")`
`48`	`48`	`//`
`49`	`49`
	`50`	`+ // Buffer overrun while writing to 'pstrPath->QueryStr()'`
	`51`	`+ // We know it's not an overrun because we just copied pszName into pstrPath and pszName is at least 4 in length`
	`52`	`+#pragma warning(suppress: 6386)`
`50`	`53`	`pstrPath->QueryStr()[2] = L'?';`
`51`	`54`	`}`
`52`	`55`