How to get rid of "tainted parameter" in static analysis report?

Question

I am using Parasoft to analyze my code. I go this violation:

Tainted parameter of entry point method ("inFileName") has been printed on the console

This is the code where the error is:

static void printUsage(char *inFileName)
{
    printf("Usage: %s %s\n", inFileName, "[-h|-help|-usage]\n");
}

int main(int argc, char **argv)
{
    printUsage(argv[0]);
    return 0;
}

where inFileNAme is actually argv[0].

How can I fix the violation or at least make Parasoft satisfied?

Answer 1

You're probably getting this warning because you don't sanitize your program parameter properly. For instance, if you would get a non-terminated string, the %s specifier in your printf would make your program keep reading (and printing) memory, causing undefined behavior and security concerns.

As to what a "Tainted parameter" is:

In software security analysis, a value is said to be tainted if it comes from an untrusted source (outside of the program’s control) and has not been sanitized to ensure that it conforms to any constraints on its value that consumers of the value require — for example, that all strings are null-terminated.

(source) (emphasis mine)

In order to ensure that your input value is proper, you can use a function like strdup.... :

static void printUsage(char *inFileName)
{
    char *inFile = strdup(inFileName);
    if (inFile == 0) {
    printf("Error with program Argument.");
    }else{
    printf("Usage: %s %s\n", inFile, "[-h|-help|-usage]\n");
    free(inFile);}
}

int main(int argc, char **argv)
{
    printUsage(argv[0]);
    return 0;
}

Answer 2

I am assuming that strdup knows what to do with a NULL pointer (since you didn't check)?

Also, looking at the man page strdup adds a '\0' so this satisfies correctly terminating the string. Is this enough though to stop Coverity from considering this string tainted?

A more general answer might include an additional check for inFileName != NULL before anything else is done.