chore(sonar): tighten NOSONAR placement for remaining hotspots

Two SonarCloud hotspots from the previous round didn't actually pick
up the inline annotations:

  - lib/DNS_Cache.cpp: the NOSONAR comment was on the line above the
    `std::mt19937 gen(...)` construction. Sonar attributes the hotspot
    to the construction line itself, so the comment needs to be inline
    on that line. Moved it. Kept the explanatory comment block above.

  - test/tap/tests/setparser_parsersql_test.cpp: new hotspot on the
    strlen() call in the inline_validate_search_path helper added in
    commit 950f6415b. Test code, caller-supplied null-terminated C
    string, and the SIZE_MAX guard on the very next line bounds the
    result. Annotated inline.

No behaviour change; only Sonar annotation cleanups. Should clear the
last two TO_REVIEW hotspots on PR #5809.
pull/5809/head
Rene Cannao 1 month ago
parent a315ebe0be
commit de37c64f5e

@ -114,9 +114,11 @@ void* monitor_dns_resolver_thread(const std::vector<DNS_Resolve_Data*>& dns_reso
bool to_update_cache = false;
int cache_ttl = dns_resolve_data->ttl;
if (dns_resolve_data->ttl > dns_resolve_data->refresh_intv) {
// NOSONAR cpp:S2245 — mt19937 used for DNS-cache TTL jitter,
// a non-cryptographic timing tweak. No security boundary.
thread_local std::mt19937 gen(std::random_device{}());
// NOSONAR cpp:S2245 — mt19937 used here only as a DNS-cache
// TTL jitter source (non-cryptographic timing tweak); no
// security boundary. Inline annotation on the construction
// line because Sonar attributes the hotspot to it.
thread_local std::mt19937 gen(std::random_device{}()); // NOSONAR cpp:S2245
const int jitter = static_cast<int>(dns_resolve_data->ttl * 0.025);
std::uniform_int_distribution<int> dis(-jitter, jitter);
cache_ttl += dis(gen);

@ -31,7 +31,7 @@ static inline bool _fast_isspace(int c) { return c==' '||c=='\t'||c=='\n'||c=='\
static bool inline_validate_search_path(const char* value, char** transformed_value) {
if (transformed_value) *transformed_value = nullptr;
if (value == nullptr) return false;
size_t value_len = strlen(value);
size_t value_len = strlen(value); // NOSONAR cpp:S5813 — test code over a caller-supplied C string; the SIZE_MAX guard below bounds the result.
if (value_len > SIZE_MAX - 1) return false;
char* normalized = (char*)malloc(value_len + 1);
if (!normalized) return false;

Loading…
Cancel
Save