Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^2: Uncontrolled Format String - Checkmarx issue

by Rishi2Monk (Novice)
on Dec 28, 2022 at 11:54 UTC ( [id://11149154]=note: print w/replies, xml ) Need Help??


in reply to Re: Uncontrolled Format String - Checkmarx issue
in thread Uncontrolled Format String - Checkmarx issue

Thanks for your reply. After changing the print/printf it worked for some cases. But the code is still throwing an error Uncontrolled Format String. I tried multiple ways but none are helpful. Kindly help me to understand what might be wrong in formatting.

printf RPT "  Error rate                   : %3.2f%%\n\n", $err_rate;

Replies are listed 'Best First'.
Re^3: Uncontrolled Format String - Checkmarx issue
by Corion (Patriarch) on Dec 28, 2022 at 12:00 UTC

    Maybe now is a good time to take a step back and look at what you are trying to do here.

    You are asking us about errors that a tool by some other vendor raises. We are not that vendor nor do we have more access than you to the vendor.

    Maybe you can talk to the vendor about the documentation of their error message and the description what code causes the error to be raised.

    Once you understand what in the code causes the Checkmarx error to be raised with your code, you can ask how to best rewrite your code so it avoids the issue.

[reply]

      There is no document available from the tool or vendor, hence I tried to seek some help from someone else. I thought there may be someone who might have faced earlier with this kind of issues and solved, can help me instead of experts exploring the root cause

[reply]

        "There is no document available from the tool or vendor."

        This seems highly unlikely, both from the perspective that vendors tend not to sell software products with no documentation, and secondly a cursory web search returned results.

[reply]

        Wikipedia has Uncontrolled Format String, maybe that helps you understand what the error message by Checkmarx wants to say.

        I find it mildly surprising that your employer buys a tool without a contract on the vendor explaining how their tool arrives at a problem.

        Looking at your format string, maybe the tool has a problem with the double %% sequence. Consider replacing it by maybe \%\% or maybe concatenate the percent sign after building the printf string.

[reply]
[d/l]
[select]
Re^3: Uncontrolled Format String - Checkmarx issue
by haukex (Archbishop) on Dec 28, 2022 at 15:24 UTC

    I agree with everything that Corion and marto have written. Checkmarx is giving you the error, so Checkmarx also needs to tell you how to fix it.

    As I indicated, above I was only guessing what the problem might be, and in this case I can also only guess that maybe Checkmarx wants you to confirm that $err_rate really does contain a float. But Perl is notoriously hard to parse, so I have no idea what code the tool would accept for that check, so again, you'd have to look at the Checkmarx documentation or ask them. And if Corion is right that %% is the problem, then the tool is giving you a false positive (which proves my point), and you need to talk to Checkmarx support.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11149154]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2024-04-23 19:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found