225 lines
8.0 KiB
Diff
225 lines
8.0 KiB
Diff
From ea375b56fb92a954fcf16901773b3b8442128a5c Mon Sep 17 00:00:00 2001
|
|
From: zgzxx <zhangguangzhi3@huawei.com>
|
|
Date: Wed, 13 Dec 2023 15:34:53 +0800
|
|
Subject: [PATCH 2/4] modify for code review
|
|
|
|
---
|
|
.../cases/file_block/secDetector_file_block.c | 16 ++++++++--------
|
|
.../secDetector_kmodule_baseline.c | 5 ++++-
|
|
.../secDetector_mc_kmodule_baseline.c | 4 ++--
|
|
.../cases/task_block/secDetector_task_block.c | 16 ++++++++--------
|
|
.../core/analyze_unit/secDetector_analyze.c | 4 ++--
|
|
kerneldriver/core/secDetector_manager.c | 4 +++-
|
|
lib/secDetector_sdk.cpp | 6 +++---
|
|
7 files changed, 30 insertions(+), 25 deletions(-)
|
|
|
|
diff --git a/kerneldriver/cases/file_block/secDetector_file_block.c b/kerneldriver/cases/file_block/secDetector_file_block.c
|
|
index 7e0963d..b4972ee 100644
|
|
--- a/kerneldriver/cases/file_block/secDetector_file_block.c
|
|
+++ b/kerneldriver/cases/file_block/secDetector_file_block.c
|
|
@@ -35,7 +35,7 @@ static int file_write_check(struct secDetector_workflow *wf, struct file *file)
|
|
char *pathname = NULL;
|
|
response_data_t log;
|
|
bool matched = false;
|
|
- struct file_block_rules_item *item;
|
|
+ struct file_block_rules_item *item = NULL;
|
|
int ret = 0;
|
|
|
|
buf = kzalloc(BUF_SIZE, GFP_ATOMIC);
|
|
@@ -87,7 +87,7 @@ static struct secDetector_workflow workflow_array[] = {
|
|
|
|
static int proc_show(struct seq_file *m, void *v)
|
|
{
|
|
- struct file_block_rules_item *item;
|
|
+ struct file_block_rules_item *item = NULL;
|
|
|
|
mutex_lock(&rules_mutex);
|
|
list_for_each_entry (item, &file_block_rule_list, list) {
|
|
@@ -104,8 +104,8 @@ static int proc_open(struct inode *inode, struct file *file)
|
|
|
|
static void clear_file_rule_list(void)
|
|
{
|
|
- struct file_block_rules_item *item;
|
|
- struct file_block_rules_item *tmp;
|
|
+ struct file_block_rules_item *item = NULL;
|
|
+ struct file_block_rules_item *tmp = NULL;
|
|
|
|
mutex_lock(&rules_mutex);
|
|
list_for_each_entry_safe (item, tmp, &file_block_rule_list, list) {
|
|
@@ -121,10 +121,10 @@ static void clear_file_rule_list(void)
|
|
static ssize_t proc_write(struct file *file, const char __user *buffer,
|
|
size_t len, loff_t *offset)
|
|
{
|
|
- char *data;
|
|
- char *str;
|
|
- char *rule;
|
|
- struct file_block_rules_item *item;
|
|
+ char *data = NULL;
|
|
+ char *str = NULL;
|
|
+ char *rule = NULL;
|
|
+ struct file_block_rules_item *item = NULL;
|
|
ssize_t r = -EINVAL;
|
|
|
|
data = memdup_user_nul(buffer, len);
|
|
diff --git a/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c b/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
|
|
index 85411c0..4f59c14 100644
|
|
--- a/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
|
|
+++ b/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
|
|
@@ -17,7 +17,10 @@ DEFINE_MUTEX(case_kmodule_mutex);
|
|
|
|
static void check_watching_kmodule(void)
|
|
{
|
|
- mutex_lock(&case_kmodule_mutex);
|
|
+ if (mutex_trylock(&case_kmodule_mutex) == 0) {
|
|
+ pr_warn("[secDetector case kmodule baseline] check cann't getlock, ret\n");
|
|
+ return;
|
|
+ }
|
|
check_kmodule_baseline();
|
|
mutex_unlock(&case_kmodule_mutex);
|
|
}
|
|
diff --git a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
|
|
index cff1ff5..9a051ca 100644
|
|
--- a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
|
|
+++ b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
|
|
@@ -43,7 +43,7 @@ static int add_kmodule_baseline_name(const char *name)
|
|
return -1;
|
|
}
|
|
|
|
- name_len = strlen(name) < NAME_LEN ? strlen(name) : NAME_LEN;
|
|
+ name_len = strlen(name) < NAME_LEN ? strlen(name) : NAME_LEN - 1;
|
|
memcpy(module->module_name, name, name_len);
|
|
list_add(&module->list, &chkrkatt_module_list);
|
|
return 0;
|
|
@@ -86,7 +86,7 @@ static void report_kmodule_baseline(void)
|
|
list_for_each_entry_safe(get_module_name, get_module_name_next, &chkrkatt_module_list, list) {
|
|
if (get_module_name != NULL && get_module_name_next != NULL) {
|
|
/* 2: ', ' */
|
|
- if(sizeof(module_name_all) + sizeof(get_module_name->module_name) < NAME_LEN - 2 - header_msg_len) {
|
|
+ if(strlen(module_name_all) + strlen(get_module_name->module_name) < NAME_LEN - 2 - header_msg_len) {
|
|
strcat(module_name_all, get_module_name->module_name);
|
|
strcat(module_name_all, strtmp);
|
|
}
|
|
diff --git a/kerneldriver/cases/task_block/secDetector_task_block.c b/kerneldriver/cases/task_block/secDetector_task_block.c
|
|
index 94859e4..a46c5f5 100644
|
|
--- a/kerneldriver/cases/task_block/secDetector_task_block.c
|
|
+++ b/kerneldriver/cases/task_block/secDetector_task_block.c
|
|
@@ -37,7 +37,7 @@ static int task_bprm_check(struct secDetector_workflow *wf,
|
|
char *pathname = NULL;
|
|
response_data_t log;
|
|
bool matched = false;
|
|
- struct task_block_rules_item *item;
|
|
+ struct task_block_rules_item *item = NULL;
|
|
int ret = 0;
|
|
|
|
buf = kzalloc(BUF_SIZE, GFP_ATOMIC);
|
|
@@ -88,7 +88,7 @@ static struct secDetector_workflow workflow_array[] = {
|
|
|
|
static int proc_show(struct seq_file *m, void *v)
|
|
{
|
|
- struct task_block_rules_item *item;
|
|
+ struct task_block_rules_item *item = NULL;
|
|
|
|
mutex_lock(&rules_mutex);
|
|
list_for_each_entry (item, &task_block_rule_list, list) {
|
|
@@ -105,8 +105,8 @@ static int proc_open(struct inode *inode, struct file *file)
|
|
|
|
static void clear_task_rule_list(void)
|
|
{
|
|
- struct task_block_rules_item *item;
|
|
- struct task_block_rules_item *tmp;
|
|
+ struct task_block_rules_item *item = NULL;
|
|
+ struct task_block_rules_item *tmp = NULL;
|
|
|
|
mutex_lock(&rules_mutex);
|
|
list_for_each_entry_safe (item, tmp, &task_block_rule_list, list) {
|
|
@@ -122,10 +122,10 @@ static void clear_task_rule_list(void)
|
|
static ssize_t proc_write(struct file *file, const char __user *buffer,
|
|
size_t len, loff_t *offset)
|
|
{
|
|
- char *data;
|
|
- char *str;
|
|
- char *rule;
|
|
- struct task_block_rules_item *item;
|
|
+ char *data = NULL;
|
|
+ char *str = NULL;
|
|
+ char *rule = NULL;
|
|
+ struct task_block_rules_item *item = NULL;
|
|
ssize_t r = -EINVAL;
|
|
|
|
data = memdup_user_nul(buffer, len);
|
|
diff --git a/kerneldriver/core/analyze_unit/secDetector_analyze.c b/kerneldriver/core/analyze_unit/secDetector_analyze.c
|
|
index 226e245..f345412 100644
|
|
--- a/kerneldriver/core/analyze_unit/secDetector_analyze.c
|
|
+++ b/kerneldriver/core/analyze_unit/secDetector_analyze.c
|
|
@@ -33,7 +33,7 @@ int get_timestamp_str(char **ret_str)
|
|
{
|
|
struct timespec64 ts;
|
|
struct tm stm;
|
|
- char *stm_str;
|
|
+ char *stm_str = NULL;
|
|
int stm_str_len = 0;
|
|
|
|
ktime_get_real_ts64(&ts);
|
|
@@ -65,4 +65,4 @@ int get_timestamp_str(char **ret_str)
|
|
kfree(stm_str);
|
|
return stm_str_len;
|
|
}
|
|
-EXPORT_SYMBOL_GPL(get_timestamp_str);
|
|
\ No newline at end of file
|
|
+EXPORT_SYMBOL_GPL(get_timestamp_str);
|
|
diff --git a/kerneldriver/core/secDetector_manager.c b/kerneldriver/core/secDetector_manager.c
|
|
index 4c88386..07b45d8 100644
|
|
--- a/kerneldriver/core/secDetector_manager.c
|
|
+++ b/kerneldriver/core/secDetector_manager.c
|
|
@@ -115,13 +115,15 @@ int secDetector_module_register(struct secDetector_module *module)
|
|
int i;
|
|
int module_id;
|
|
unsigned int callback_id = 0;
|
|
- struct secDetector_parameter *param = module->parameter;
|
|
+ struct secDetector_parameter *param = NULL;
|
|
|
|
if (module == NULL) {
|
|
pr_err("[secDetector] register module is null\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
+ param = module->parameter;
|
|
+
|
|
module_id = idr_alloc(&g_module_idr, module, 0, INT_MAX, GFP_KERNEL);
|
|
if (module_id < 0) {
|
|
pr_err("[secDetector] alloc module id failed\n");
|
|
diff --git a/lib/secDetector_sdk.cpp b/lib/secDetector_sdk.cpp
|
|
index 6b00953..a431377 100644
|
|
--- a/lib/secDetector_sdk.cpp
|
|
+++ b/lib/secDetector_sdk.cpp
|
|
@@ -34,7 +34,7 @@ extern "C" {
|
|
|
|
void *secSub(const int topic)
|
|
{
|
|
- PubSubClient *cur_client;
|
|
+ PubSubClient *cur_client = nullptr;
|
|
if (topic <= 0 || topic > ALLTOPIC) {
|
|
printf("lib secSub failed, topic:%d is error\n", topic);
|
|
return NULL;
|
|
@@ -64,7 +64,7 @@ void *secSub(const int topic)
|
|
|
|
void secUnsub(void *reader)
|
|
{
|
|
- PubSubClient *cur_client;
|
|
+ PubSubClient *cur_client = nullptr;
|
|
|
|
if (!reader)
|
|
return;
|
|
@@ -84,7 +84,7 @@ void secUnsub(void *reader)
|
|
void secReadFrom(void *reader, char *data, int data_len)
|
|
{
|
|
string msg("");
|
|
- PubSubClient *cur_client;
|
|
+ PubSubClient *cur_client = nullptr;
|
|
|
|
if (!data || data_len <= 1)
|
|
return
|
|
--
|
|
2.33.0
|
|
|