Minor static analysis fixes. (#3529)

include/osquery/system.h

@@ -255,7 +255,7 @@ class DropPrivileges : private boost::noncopyable {
   gid_t* original_groups_{nullptr};
 
   /// The size of the original groups to backup when restoring privileges.
-  size_t group_size_{0};
+  int group_size_{0};
 
  private:
   FRIEND_TEST(PermissionsTests, test_explicit_drop);

osquery/carver/carver.cpp

@@ -225,9 +225,11 @@ Status Carver::carve(const boost::filesystem::path& path) {
   for (size_t i = 0; i < blkCount; i++) {
     inBuff.clear();
     auto bytesRead = src.read(inBuff.data(), FLAGS_carver_block_size);
-    auto bytesWritten = dst.write(inBuff.data(), bytesRead);
-    if (bytesWritten < 0) {
-      return Status(1, "Error writing bytes to tmp fs");
+    if (bytesRead > 0) {
+      auto bytesWritten = dst.write(inBuff.data(), bytesRead);
+      if (bytesWritten < 0) {
+        return Status(1, "Error writing bytes to tmp fs");
+      }
     }
   }
 

osquery/core/system.cpp

@@ -280,7 +280,8 @@ size_t toUnixTime(const struct tm* tm_time) {
 }
 
 size_t getUnixTime() {
-  return std::time(nullptr);
+  std::time_t ut = std::time(nullptr);
+  return ut < 0 ? 0 : ut;
 }
 
 Status checkStalePid(const std::string& content) {
@@ -443,8 +444,10 @@ bool DropPrivileges::dropTo(uid_t uid, gid_t gid) {
   }
 
   group_size_ = getgroups(0, nullptr);
-  original_groups_ = (gid_t*)malloc(group_size_ * sizeof(gid_t));
-  group_size_ = getgroups(group_size_, original_groups_);
+  if (group_size_ > 0) {
+    original_groups_ = (gid_t*)malloc(group_size_ * sizeof(gid_t));
+    group_size_ = getgroups(group_size_, original_groups_);
+  }
   setgroups(1, &gid);
 
   if (!setThreadEffective(uid, gid)) {
@@ -460,9 +463,11 @@ bool DropPrivileges::dropTo(uid_t uid, gid_t gid) {
 }
 
 void DropPrivileges::restoreGroups() {
-  setgroups(group_size_, original_groups_);
-  group_size_ = 0;
-  free(original_groups_);
+  if (group_size_ > 0) {
+    setgroups(group_size_, original_groups_);
+    group_size_ = 0;
+    free(original_groups_);
+  }
   original_groups_ = nullptr;
 }
 

osquery/events/linux/audit.h

@@ -276,7 +276,7 @@ class AuditEventPublisher
    * This contains the: pid, enabled, rate_limit, backlog_limit, lost, and
    * failure booleans and counts.
    */
-  struct audit_status status_;
+  struct audit_status status_ {};
 
   /**
    * @brief A counter of non-blocking netlink reads that contained no data.
@@ -291,7 +291,7 @@ class AuditEventPublisher
   bool control_{false};
 
   /// The last (most recent) audit reply.
-  struct audit_reply reply_;
+  struct audit_reply reply_ {};
 
   /// Track all rule data added by the publisher.
   std::vector<struct AuditRuleInternal> transient_rules_;

osquery/logger/logger.cpp

@@ -258,23 +258,27 @@ class LoggerDisabler : private boost::noncopyable {
 
 static void serializeIntermediateLog(const std::vector<StatusLogLine>& log,
                                      PluginRequest& request) {
-  pt::ptree tree;
-  for (const auto& log_item : log) {
-    pt::ptree child;
-    child.put("s", log_item.severity);
-    child.put("f", log_item.filename);
-    child.put("i", log_item.line);
-    child.put("m", log_item.message);
-    child.put("h", log_item.identifier);
-    child.put("c", log_item.calendar_time);
-    child.put("u", log_item.time);
-    tree.push_back(std::make_pair("", std::move(child)));
-  }
+  try {
+    pt::ptree tree;
+    for (const auto& log_item : log) {
+      pt::ptree child;
+      child.put("s", log_item.severity);
+      child.put("f", log_item.filename);
+      child.put("i", log_item.line);
+      child.put("m", log_item.message);
+      child.put("h", log_item.identifier);
+      child.put("c", log_item.calendar_time);
+      child.put("u", log_item.time);
+      tree.push_back(std::make_pair("", std::move(child)));
+    }
 
-  // Save the log as a request JSON string.
-  std::ostringstream output;
-  pt::write_json(output, tree, false);
-  request["log"] = output.str();
+    // Save the log as a request JSON string.
+    std::ostringstream output;
+    pt::write_json(output, tree, false);
+    request["log"] = output.str();
+  } catch (const pt::ptree_error& e) {
+    VLOG(1) << "Error serializing log entries: " << e.what();
+  }
 }
 
 static void deserializeIntermediateLog(const PluginRequest& request,

osquery/tables/applications/posix/prometheus_metrics.cpp

@@ -105,12 +105,11 @@ QueryData genPrometheusMetrics(QueryContext& context) {
   /* Below should be unreachable if there were no urls child node, but we set
    * handle with default value for consistency's sake and for added robustness.
    */
-  auto urls = config.get_child("urls", boost::property_tree::ptree());
+  auto urls = config.get_child("urls");
   if (urls.empty()) {
     return result;
   }
-  for (const auto& url :
-       config.get_child("urls", boost::property_tree::ptree())) {
+  for (const auto& url : config.get_child("urls")) {
     if (!url.first.empty()) {
       return result;
     }

osquery/tables/networking/posix/utils.cpp

@@ -112,6 +112,10 @@ std::string macAsString(const struct ifaddrs* addr) {
   }
 
 #if defined(__linux__)
+  if (addr->ifa_name == nullptr) {
+    return blank_mac;
+  }
+
   struct ifreq ifr;
   ifr.ifr_addr.sa_family = AF_INET;
   memcpy(ifr.ifr_name, addr->ifa_name, IFNAMSIZ);