Uploaded image for project: 'SonarCFamily'
  1. SonarCFamily
  2. CPP-3476

S4423: FP for good code that checks the curl_easy_init return value for nullptr

    XMLWordPrintable

    Details

      Description

      If the code checks the curl_easy_init return value for nullptr it follows the good practice suggested by https://curl.se/libcurl/c/CURLOPT_SSLVERSION.html
      Yet, it is flagged by our analyzer as using an insecure TLS/SSL version.

      void communityCheckNullptr() {
        CURL* curl = curl_easy_init();
        if (curl) {
          curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
        }
      }
      
      void communityExceptionForNullptr() {
        CURL* curl = curl_easy_init();
        if (!curl) {
          throw 0;
        }
        curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
      }
      

      Should fix simultaneously with merging the RSPEC fix: https://github.com/SonarSource/rspec/pull/707

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              arseniy.zaostrovnykh Arseniy Zaostrovnykh
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: