From de5ed8dee55cda49a4651dd3d9170e409eb53247 Mon Sep 17 00:00:00 2001 From: Sidhanth B H Date: Mon, 12 Jan 2026 15:41:52 +0530 Subject: [PATCH] RDKEMW-12252: Coverity Scan Report - Analyzing and Fixing all the Critical and High issues Reason for change: Resolve Critical and high level issues in coverity Test Procedure: build should be successful Risk: low Priority: P2 --- include/IJavaScriptContext.h | 1 + src/JSRuntimeClient.cpp | 62 ++++++++++++--------- src/JSRuntimeClientContainer.cpp | 46 ++++++++++------ src/JSRuntimeServer.cpp | 1 + src/NativeJSRenderer.cpp | 78 +++++++++++++++++++++----- src/jsc/JavaScriptContext.cpp | 10 +++- src/jsc/JavaScriptEngine.cpp | 2 +- src/jsc/JavaScriptUtils.cpp | 24 +++++++- src/jsc/jsc_lib/jsc_lib.cpp | 94 ++++++++++++++++++++++++++------ src/jsruntime.cpp | 35 ++++++++++-- 10 files changed, 268 insertions(+), 85 deletions(-) diff --git a/include/IJavaScriptContext.h b/include/IJavaScriptContext.h index 7c5ca76..cc9cb52 100644 --- a/include/IJavaScriptContext.h +++ b/include/IJavaScriptContext.h @@ -25,6 +25,7 @@ class IJavaScriptContext { public: + virtual ~IJavaScriptContext() = default; //change added virtual bool runScript(const char *script, bool isModule=true, std::string name="", const char *args = nullptr, bool isApplication=false) = 0; virtual bool runFile(const char *file, const char* args, bool isApplication=false) = 0; virtual std::string getUrl() = 0; diff --git a/src/JSRuntimeClient.cpp b/src/JSRuntimeClient.cpp index 65e4c73..173282b 100644 --- a/src/JSRuntimeClient.cpp +++ b/src/JSRuntimeClient.cpp @@ -76,7 +76,9 @@ bool JSRuntimeClient::run() t.detach(); std::unique_lock lock(mStateMutex); - mStateCondition.wait_for(lock, std::chrono::seconds(5)); + mStateCondition.wait_for(lock, std::chrono::seconds(5), [this]() { + return mState != "none"; + }); return mState == "open"; } @@ -152,37 +154,45 @@ void JSRuntimeClient::onClose(websocketpp::connection_hdl hdl) #ifndef UNIT_TEST_BUILD int main(int argc, char **argv) { - std::string command; - std::string response; + try { + std::string command; + std::string response; - if (argc > 1) - { - NativeJSLogger::log(INFO, "Send input commands at ws://localhost:%s\n", std::to_string(WS_SERVER_PORT).c_str()); - return -1; - } - - JSRuntimeClient *client = JSRuntimeClient::getInstance(); - client->initialize(WS_SERVER_PORT); - if (!client->run()) - { - NativeJSLogger::log(ERROR, "Unable to connect to server\n"); - return -1; - } + if (argc > 1) + { + NativeJSLogger::log(INFO, "Send input commands at ws://localhost:%s\n", std::to_string(WS_SERVER_PORT).c_str()); + return -1; + } - while (client->getState() == "open" && std::getline(std::cin, command)) - { - client->sendCommand(command, response); - if (!response.empty()) + JSRuntimeClient *client = JSRuntimeClient::getInstance(); + client->initialize(WS_SERVER_PORT); + if (!client->run()) { - NativeJSLogger::log(INFO, "Response: %s\n", response.c_str()); + NativeJSLogger::log(ERROR, "Unable to connect to server\n"); + return -1; } - else + + while (client->getState() == "open" && std::getline(std::cin, command)) { - NativeJSLogger::log(WARN, "Missing response\n"); - break; + client->sendCommand(command, response); + if (!response.empty()) + { + NativeJSLogger::log(INFO, "Response: %s\n", response.c_str()); + } + else + { + NativeJSLogger::log(WARN, "Missing response\n"); + break; + } } - } - return 0; + return 0; + } catch (const std::exception& e) { + NativeJSLogger::log(ERROR, "Uncaught exception in main: %s\n", e.what()); + return -1; + } catch (...) { + NativeJSLogger::log(ERROR, "Unknown exception caught in main\n"); + return -1; + } } #endif diff --git a/src/JSRuntimeClientContainer.cpp b/src/JSRuntimeClientContainer.cpp index 8382be2..44ff02a 100644 --- a/src/JSRuntimeClientContainer.cpp +++ b/src/JSRuntimeClientContainer.cpp @@ -6,26 +6,36 @@ #include "NativeJSLogger.h" int main() { - std::string containerId = "com.sky.as.apps_TestApp"; - const std::string basePath = "/opt/twocontext"; // constant base path - const std::vector apps = {"app1", "app2"}; - - std::string ipAddress = JSRuntimeContainer::getContainerIpAddress(containerId); - if (ipAddress.empty()) { - NativeJSLogger::log(ERROR, "Failed to retrieve IP address for container"); - return 1; - } + try { + std::string containerId = "com.sky.as.apps_TestApp"; + const std::string basePath = "/opt/twocontext"; // constant base path + const std::vector apps = {"app1", "app2"}; + + std::string ipAddress = JSRuntimeContainer::getContainerIpAddress(containerId); + if (ipAddress.empty()) { + NativeJSLogger::log(ERROR, "Failed to retrieve IP address for container"); + return 1; + } - for (const auto &app : apps) { - std::string url = basePath + std::string("/") + app + std::string("/index.html"); - if (access(url.c_str(), F_OK) == 0) { - std::string pathAppConfig = basePath + std::string("/") + app + std::string("/app.config"); - std::string options = JSRuntimeContainer::parseAppConfig(pathAppConfig); - std::string message = JSRuntimeContainer::buildLaunchMessage(url, options); - JSRuntimeContainer::connectAndSend(ipAddress, message); + for (const auto &app : apps) { + std::string url = basePath + std::string("/") + app + std::string("/index.html"); + if (access(url.c_str(), F_OK) == 0) { + std::string pathAppConfig = basePath + std::string("/") + app + std::string("/app.config"); + std::string options = JSRuntimeContainer::parseAppConfig(pathAppConfig); + std::string message = JSRuntimeContainer::buildLaunchMessage(url, options); + JSRuntimeContainer::connectAndSend(ipAddress, message); + } } - } - return 0; + return 0; + } + catch (const std::exception& e) { + NativeJSLogger::log(ERROR, "Exception in main: %s", e.what()); + return 1; + } + catch (...) { + NativeJSLogger::log(ERROR, "Unknown exception in main"); + return 1; + } } diff --git a/src/JSRuntimeServer.cpp b/src/JSRuntimeServer.cpp index 342f386..520e7ee 100644 --- a/src/JSRuntimeServer.cpp +++ b/src/JSRuntimeServer.cpp @@ -85,6 +85,7 @@ class JsonWrap if (!itm || !cJSON_IsNumber(itm)) { std::cerr << "Error: " << name << "is not a Uint32_t" << std::endl; + res=0; err = true; } else diff --git a/src/NativeJSRenderer.cpp b/src/NativeJSRenderer.cpp index bee81b9..cfa7d2a 100644 --- a/src/NativeJSRenderer.cpp +++ b/src/NativeJSRenderer.cpp @@ -330,7 +330,6 @@ void NativeJSRenderer::createApplicationInternal(ApplicationRequest& appRequest) context->setCreateApplicationEndTime(endTime, id); mContextMap[id].context=context; - mUserMutex.unlock(); } void NativeJSRenderer::runApplicationInternal(ApplicationRequest& appRequest) @@ -445,7 +444,7 @@ void NativeJSRenderer::terminateApplicationInternal(ApplicationRequest& AppReque else { - NativeJSLogger::log(ERROR, "Unable to find application with id: %d and url: %s\n", id, mContextMap[id].url); + NativeJSLogger::log(ERROR, "Unable to find application with id: %d and url: %s\n", id, mContextMap[id].url.c_str()); return ; } @@ -468,7 +467,6 @@ void NativeJSRenderer::run() { while(mRunning) { - uint32_t id; mUserMutex.lock(); if (mConsoleMode) { processDevConsoleRequests(); @@ -506,6 +504,7 @@ void NativeJSRenderer::run() if(!mTestFileName.empty()) { ModuleSettings settings; + uint32_t id; settings.enableJSDOM = mEnableTestFileDOMSupport; ApplicationRequest appRequest(id, RUN, mTestFileName, settings.enableHttp, settings.enableXHR, settings.enableWebSocket, settings.enableWebSocketEnhanced, settings.enableFetch, settings.enableJSDOM, settings.enableWindow, settings.enablePlayer); NativeJSRenderer::createApplicationInternal(appRequest); @@ -620,18 +619,67 @@ bool NativeJSRenderer::downloadFile(std::string& url, MemoryStruct& chunk) curl = curl_easy_init(); if (curl) { - curl_easy_setopt(curl, CURLOPT_URL, url.c_str()); - curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); - curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, HeaderCallback); - curl_easy_setopt(curl, CURLOPT_HEADERDATA, (void *)&chunk); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk); - curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30); - curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true); - curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0"); - curl_easy_setopt(curl, CURLOPT_PROXY, ""); + res = curl_easy_setopt(curl, CURLOPT_URL, url.c_str()); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_URL: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_FOLLOWLOCATION: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, HeaderCallback); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_HEADERFUNCTION: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_HEADERDATA, (void *)&chunk); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_HEADERDATA: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_WRITEFUNCTION: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_WRITEDATA: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_TIMEOUT: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_NOSIGNAL: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYHOST: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYPEER: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } + res = curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0"); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_USERAGENT: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + + } + res = curl_easy_setopt(curl, CURLOPT_PROXY, ""); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_PROXY: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + } //curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp); diff --git a/src/jsc/JavaScriptContext.cpp b/src/jsc/JavaScriptContext.cpp index a0af753..2d818f4 100644 --- a/src/jsc/JavaScriptContext.cpp +++ b/src/jsc/JavaScriptContext.cpp @@ -119,6 +119,14 @@ if (mModuleSettings.enablePlayer) gTopLevelContext = nullptr; } mPriv->releaseAllProtected(); + + //changed added + if (mNetworkMetricsData) + { + delete mNetworkMetricsData; + mNetworkMetricsData = nullptr; + } + JSGlobalContextRelease(mContext); JSContextGroupRelease(mContextGroup); rtLogInfo("%s end", __FUNCTION__); @@ -394,7 +402,7 @@ if (mModuleSettings.enablePlayer) gAAMPJSBindings = new AAMPJSBindings(); loadAAMPJSBindingsLib(); } - if (gAAMPJSBindings->fnLoadJS) + if (gAAMPJSBindings && gAAMPJSBindings->fnLoadJS) { gAAMPJSBindings->fnLoadJS(mContext); } diff --git a/src/jsc/JavaScriptEngine.cpp b/src/jsc/JavaScriptEngine.cpp index bafd1d7..84190ee 100644 --- a/src/jsc/JavaScriptEngine.cpp +++ b/src/jsc/JavaScriptEngine.cpp @@ -135,7 +135,7 @@ bool JavaScriptEngine::initialize() if (garbageCollectInterval) { garbageCollectIntervalValue = atof(garbageCollectInterval); - NativeJSLogger::log(INFO, "garbage collection interval value: %d\n", garbageCollectIntervalValue); + NativeJSLogger::log(INFO, "garbage collection interval value: %f\n", garbageCollectIntervalValue); } mGarbageCollectionTag = installTimeout(garbageCollectIntervalValue, true, [engine] () mutable { diff --git a/src/jsc/JavaScriptUtils.cpp b/src/jsc/JavaScriptUtils.cpp index 5476746..5b9bcde 100644 --- a/src/jsc/JavaScriptUtils.cpp +++ b/src/jsc/JavaScriptUtils.cpp @@ -115,7 +115,7 @@ void dispatchPending() { std::unique_lock lock(gDispatchMutex); std::list> pending = std::move(gPendingFun); - gDispatchMutex.unlock(); + lock.unlock(); for(auto& fun : pending) fun(); } @@ -321,17 +321,32 @@ rtError rtReadBinaryBinding(int numArgs, const rtValue* args, rtValue* result, v const char *fd = "hello.wasm"; struct stat buf; - stat(fd, &buf); + if (stat(fd, &buf) != 0) + { + rtLogError("Failed to stat file: %s", fd); + fclose(ptr); + return RT_ERROR; + } + int size = buf.st_size; buffer = (char*)malloc(size); - fread(buffer,size,1,ptr); // read 10 bytes to our buffer + size_t bytesRead = fread(buffer, size, 1, ptr); fclose(ptr); + if (bytesRead != 1) + { + rtLogError("Failed to read file: expected 1 item, read %zu items", bytesRead); + free(buffer); + return RT_ERROR; + } + if (result) { result->setString(buffer); } + + free(buffer); return RT_OK; } @@ -693,6 +708,7 @@ rtError rtJSRuntimeDownloadMetrics(int numArgs, const rtValue* args, rtValue* re rtValue keys; if (map->Get("allKeys", &keys) != RT_OK) { rtLogWarn("Could not retrieve url for network metrics data."); + delete netMetricsArray; //newly added return RT_FAIL; } rtObjectRef objRef = keys.toObject(); @@ -700,6 +716,7 @@ rtError rtJSRuntimeDownloadMetrics(int numArgs, const rtValue* args, rtValue* re if (!keysArray) { rtLogWarn("No url found in the network metrics data."); + delete netMetricsArray; //newly added return RT_FAIL; } @@ -715,6 +732,7 @@ rtError rtJSRuntimeDownloadMetrics(int numArgs, const rtValue* args, rtValue* re NetworkMetrics* metrics = (NetworkMetrics*)storedValue.toVoidPtr(); if (!metrics) { rtLogError("Failed to cast stored value to NetworkMetrics structure for url: %s.", key.cString()); + delete netMetricsArray; //newly added return RT_FAIL; } rtMapObject* metricsMap = new rtMapObject(); diff --git a/src/jsc/jsc_lib/jsc_lib.cpp b/src/jsc/jsc_lib/jsc_lib.cpp index b759135..36cc29f 100644 --- a/src/jsc/jsc_lib/jsc_lib.cpp +++ b/src/jsc/jsc_lib/jsc_lib.cpp @@ -29,9 +29,10 @@ static bool supportsRichSourceInfo(const JSGlobalObject*) { return true; } static bool shouldInterruptScript(const JSGlobalObject*) { return true; } static bool shouldInterruptScriptBeforeTimeout(const JSGlobalObject*) { return false; } static RuntimeFlags javaScriptRuntimeFlags(const JSGlobalObject*) { return RuntimeFlags(); } -static void reportUncaughtExceptionAtEventLoop(JSGlobalObject*, Exception* exception) +static void reportUncaughtExceptionAtEventLoop(JSGlobalObject* globalObject, Exception* exception) { - NativeJSLogger::log(ERROR, "Uncaught Exception at run loop: %s\n", exception->value()); + auto exceptionString = exception->value().toWTFString(globalObject); + NativeJSLogger::log(ERROR, "Uncaught Exception at run loop: %s\n", exceptionString.utf8().data()); } static JSObject* currentScriptExecutionOwner(JSGlobalObject* global) { return global; } static ScriptExecutionStatus scriptExecutionStatus(JSGlobalObject*, JSObject*) { return ScriptExecutionStatus::Running; } @@ -150,18 +151,78 @@ bool downloadFile(std::string& url, MemoryStruct& chunk) curl = curl_easy_init(); if (curl) { - curl_easy_setopt(curl, CURLOPT_URL, url.c_str()); - curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); - curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, CallbackHeader); - curl_easy_setopt(curl, CURLOPT_HEADERDATA, (void *)&chunk); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CallbackOnMemoryWrite); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk); - curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30); - curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true); - curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0"); - curl_easy_setopt(curl, CURLOPT_PROXY, ""); + res = curl_easy_setopt(curl, CURLOPT_URL, url.c_str()); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_URL: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_FOLLOWLOCATION: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, CallbackHeader); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_HEADERFUNCTION: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_HEADERDATA, (void *)&chunk); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_HEADERDATA: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CallbackOnMemoryWrite); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_WRITEFUNCTION: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_WRITEDATA: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_TIMEOUT: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_NOSIGNAL: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYHOST: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYPEER: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0"); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_USERAGENT: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } + res = curl_easy_setopt(curl, CURLOPT_PROXY, ""); + if (res != CURLE_OK) { + NativeJSLogger::log(ERROR, "Failed to set CURLOPT_PROXY: %s\n", curl_easy_strerror(res)); + curl_easy_cleanup(curl); + return ret; + } //curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp); @@ -388,8 +449,9 @@ static URL currentWorkingDirectory() return { }; // Add a trailing slash if needed so the URL resolves to a directory and not a file. - if (directoryString[directoryString.length() - 1] != pathSeparator()) - directoryString = makeString(directoryString, pathSeparator()); + auto separator = pathSeparator(); + if (!directoryString.endsWith(separator)) + directoryString = makeString(directoryString, separator); return URL::fileURLWithFileSystemPath(directoryString); } diff --git a/src/jsruntime.cpp b/src/jsruntime.cpp index fdbf989..1ca0310 100644 --- a/src/jsruntime.cpp +++ b/src/jsruntime.cpp @@ -37,6 +37,7 @@ using namespace JsRuntime; #ifndef UNIT_TEST_BUILD int main(int argc, char* argv[]) { + try { if (argc < 2) { NativeJSLogger::log(WARN, "Pass the URL to run\n"); @@ -108,15 +109,32 @@ int main(int argc, char* argv[]) i++; } + //CID:430751:Use of untrusted string value (TAINTED_STRING) + // Validate waylanddisplay to prevent injection attacks + if (!waylanddisplay.empty()) { + if (waylanddisplay.length() > 256) { + NativeJSLogger::log(ERROR, "Invalid Wayland display name: too long\n"); + waylanddisplay = ""; + } else { + bool valid = true; + for (char c : waylanddisplay) { + if (!isalnum(c) && c != '-' && c != '_' && c != '/' && c != '.') { + valid = false; + break; + } + } + if (!valid) { + NativeJSLogger::log(ERROR, "Invalid Wayland display name: contains invalid characters\n"); + waylanddisplay = ""; + } + } + } + + std::shared_ptr renderer = std::make_shared(waylanddisplay); if (consoleMode) { renderer->setEnvForConsoleMode(moduleSettings); } - if (!renderer) - { - NativeJSLogger::log(ERROR, "Unable to run application\n"); - return -1; - } #if defined(ENABLE_JSRUNTIME_SERVER) if (runServer == true) @@ -172,6 +190,13 @@ int main(int argc, char* argv[]) } return 0; + } catch (const std::exception& e) { + NativeJSLogger::log(ERROR, "Uncaught exception in main: %s\n", e.what()); + return -1; + } catch (...) { + NativeJSLogger::log(ERROR, "Unknown exception caught in main\n"); + return -1; + } } #endif