Tag[coverity] Recent Newest Questions

cov-build compilation errors with golang 1.19

I'm running a scan of a golang project but I face unexpected compilation errors. In the summary there is a note preventing successful submission: H ...

Limit coverity scan to main and dev, to stop covering feature branches

I am trying to setup yml for coverity scan in Devops only for main and dev and not other branches ...

How to configure Coverity for IAR ARM (iccarm)

I configured Coverity with The build is successful, but I receive Recoverable errors in the system headers (see build-log.txt) For me it’s not c ...

coverity STDIN dereference errors

In my C application I attempt to take in a single char from a user (no need to sanitize it) for commands. Functions such as getchar(), fgetc(stdin), a ...

C++ coverity issue STRING_OVERFLOW

I see a coverity issue for the following code: The issue says - "Copy into fixed size buffer (STRING_OVERFLOW)" for the strcpy() line. I see that ...

always allocates and returns a new instance of resource class System.Threading.Tasks.Dataflow.Internal.Disposables

alloc_fn: Method LinkTo<X.Offers.Core.DataFlow.RefreshOfferMatching.RefreshUsersOffersContext> always allocates and returns a new instance of ...

How to solve this Coverity issue called OVERRUN

I write a C++ code as below and use Coverity to check it. Coverity report OVERRUN error of it, as attached picture shown. But I don't understand what ...

Setting axios timeout value has no effect

we have set the timeout in the code like However in the static code analysis(polaris synopsis) test it shows as Is this setting or assignment of ...

Cross side scripting vulnerability detected in javascript code

Please check the vulnerability on cross side scripting - "The untrusted data reaches a sink that may allow an attacker to control part of the response ...

Can I add custom rules to coverity?

I am using coverity for java static code analysis, I need to add some custom rules so that scan happens according to the custom rule set. ...

How to sanitize ajax success response Polaris scan XSS

I am running Synopsys' Coverity scanning tool and it says the following function needs to sanitize "success". I have tried DomPurify, DomParser etc an ...

Coverity Scan for JS

I have initiated the Coverity scan for the JS using Coverity Wizards. The capture build step has been completed & failed in to Run analysis step. ...

suppress all occurrences of a certain coverity report anywhere

Somehow coverity does not like my way of indenting and I'm getting NESTING_IDENT_MISMATCH errors from all over the source code. This had not the inte ...

Coverity Scan on GitLab pipeline failing

Trying to run Coverity scan on python files, this Job is automated as pipeline on Gitlab. Running the scan on runner with below kubernetes configurat ...

How COVERITY cov-build coverage mechanism works?

I am new to a c/c++ and I have recently came across coverity static analysis tool and at the build end I can see that it says number of files that got ...

Build command not found. 'go'

.... jobs: setup: name: Setup runs-on: [self-hosted, Linux, X64] steps: - name: Set up Go 1.17 uses: actions/setup ...

How to fix the tainted source of data in Coverity issue

Trying to read the URL from json file which in Coverity report shows as taint (untrusted source of data). And the issue is called as URL Manipulation ...

How do I get the event tags for a Coverity issue?

If I am looking at an issue in the Coverity user interface, how do I get the event tag or tags? I need to know a tag in order to suppress the finding ...

Disable Rule 2.2 checker

My shop is using Coverity 2019.3. We have MISRA-C 2004 enabled. I want to disable MISRA-C 2004 Rule 2.2: Source code shall only use /* ... */ comment ...

Will Coverity treat global variables as 0-initialized in embedded C?

In embedded C code, we don't explicitly initialize global variables to 0, as the boot code will do that when system boots. There are two global variab ...