- 
                Notifications
    You must be signed in to change notification settings 
- Fork 66
[ML] Resolve SonarQube Hotspots #2868
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
          
     Draft
      
      
            valeriy42
  wants to merge
  7
  commits into
  elastic:main
  
    
      
        
          
  
    
      Choose a base branch
      
     
    
      
        
      
      
        
          
          
        
        
          
            
              
              
              
  
           
        
        
          
            
              
              
           
        
       
     
  
        
          
            
          
            
          
        
       
    
      
from
valeriy42:refactor/sonarqube-hotspots
  
      
      
   
  
    
  
  
  
 
  
      
    base: main
Could not load branches
            
              
  
    Branch not found: {{ refName }}
  
            
                
      Loading
              
            Could not load tags
            
            
              Nothing to show
            
              
  
            
                
      Loading
              
            Are you sure you want to change the base?
            Some commits from the old base branch may be removed from the timeline,
            and old review comments may become outdated.
          
          
                
     Draft
            
            
          
      
        
          +51
        
        
          −109
        
        
          
        
      
    
  
Conversation
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
    
      
  
    Contributor
      
  
  
       valeriy42
  
      
      
      commented
      
            valeriy42
  
      
      
      commented
        Oct 10, 2025 
      
    
  
- Add safety comments to CStringCache.cc explaining NULL check safety
- Add safety comments to vfprog/Main.cc explaining argv safety
- These are false positives - strlen usage is safe in these contexts
- No functional changes, documentation only
- Replace all 13 sprintf calls with snprintf in CStringUtils.cc - Add sizeof(buf) parameter to prevent buffer overflows - Maintains same functionality with improved security - All tests pass after changes
- Replace sprintf with snprintf in CChecksum.cc line 35 - Add sizeof(buf) parameter to prevent buffer overflows - Maintains same functionality with improved security - All tests pass after changes
- Add safety comments to CStringCache.cc explaining NULL check safety - Add safety comments to vfprog/Main.cc explaining argv safety - These are false positives - strlen usage is safe in these contexts - No functional changes, documentation only
| ✅ Snyk checks have passed. No issues have been found so far.
 💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. | 
- Add SAFE comments to CNamedPipeFactory.cc explaining secure mkfifo usage - Add SAFE comments to CSystemCallFilter_MacOSX.cc explaining secure mkstemps usage - Both usages follow security best practices with restrictive permissions - Marked corresponding SonarQube hotspots as SAFE (false positives)
- Fix LF characters issue by using proper string concatenation instead of literal newlines - Fix init-statement issue by declaring errorbuf variable inside the if statement - These changes address the SonarQube issues reported for pull request 2868
- Replace snprintf with std::format for all numeric type conversions - Add #include <format> for C++20 std::format support - Simplify typeToString functions by removing buffer management - Update typeToStringPrecise to use std::format with proper precision - Maintain existing post-processing logic for scientific notation formatting - Addresses SonarQube warnings about using modern C++ formatting
| 
 | 
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
      
  Add this suggestion to a batch that can be applied as a single commit.
  This suggestion is invalid because no changes were made to the code.
  Suggestions cannot be applied while the pull request is closed.
  Suggestions cannot be applied while viewing a subset of changes.
  Only one suggestion per line can be applied in a batch.
  Add this suggestion to a batch that can be applied as a single commit.
  Applying suggestions on deleted lines is not supported.
  You must change the existing code in this line in order to create a valid suggestion.
  Outdated suggestions cannot be applied.
  This suggestion has been applied or marked resolved.
  Suggestions cannot be applied from pending reviews.
  Suggestions cannot be applied on multi-line comments.
  Suggestions cannot be applied while the pull request is queued to merge.
  Suggestion cannot be applied right now. Please check back later.
  
    
  
    


