run Coverity weekly

Signed-off-by: Hans Zandbelt <[email protected]>

.github/workflows/coverity.yml

@@ -0,0 +1,65 @@
+name: Coverity
+
+on:
+  schedule:
+    - cron: '0 18 * * SUN'
+  workflow_dispatch:
+
+#on:
+#  push:
+#    branches: [ master, coverity ]
+#  pull_request:
+#    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: ubuntu-latest
+    if: github.repository == 'OpenIDC/mod_auth_openidc'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Dependencies
+        run: |
+          sudo apt-get update -y
+          sudo apt-get install -y apache2-dev libcjose-dev libssl-dev check pkg-config
+          sudo apt-get install -y libjansson-dev libcurl4-openssl-dev libhiredis-dev libpcre2-dev
+      - name: Download Coverity Build Tool
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        run: |
+          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=OpenIDC%2Fmod_auth_openidc" -O cov-analysis-linux64.tar.gz
+          mkdir cov-analysis-linux64
+          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
+      - name: Configure
+        run: |
+          ./autogen.sh
+          ./configure
+      - name: Make with cov-build
+        run: |
+          pwd
+          export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
+          cov-build --dir cov-int make check
+      - name: Submit to Coverity Scan
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        run: |
+          tar czvf mod_auth_openidc.tgz cov-int
+          curl \
+            --form project=OpenIDC%2Fmod_auth_openidc \
+            --form token=$TOKEN \
+            --form [email protected] \
+            --form file=@mod_auth_openidc.tgz \
+            --form version=master \
+            --form description="`git rev-parse --abbrev-ref HEAD` `git rev-parse --short HEAD`" \
+            https://scan.coverity.com/builds?project=OpenIDC%2Fmod_auth_openidc
+#      - name: Coverity Scan
+#        uses: blackduck-inc/[email protected]
+#        with:
+#          coverity_url: ${{ vars.COVERITY_URL }}
+#          coverity_project_name: ${{ vars.COVERITY_PROJECT_NAME }}
+#          coverity_user: ${{ vars.COVERITY_USER }}
+#          coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }}
+#          coverity_build_command: make all
+#          coverity_clean_command: make clean

ChangeLog

@@ -1,3 +1,6 @@
+12/15/2024
+- add Coverity Github action
+
 12/13/2024
 - address warnings from static code analysis tool Coverity
   - code: avoid potentional memory leak on cURL handle if curl_easy_escape/curl_easy_unescape fails

src/util.c

@@ -678,18 +678,18 @@ static const char *oidc_util_current_url_scheme(const request_rec *r, oidc_hdr_x
 static const char *oidc_util_port_from_host_hdr(const char *host_hdr) {
 	const char *p = NULL;
 
-	if (host_hdr == NULL)
-		return NULL;
-
 	// check for an IPv6 literal addresses
-	if (host_hdr[0] == '[')
+	if (host_hdr && host_hdr[0] == '[')
 		p = strchr(host_hdr, ']');
 	else
 		p = host_hdr;
 
-	if ((p = strchr(p, OIDC_CHAR_COLON)))
+	if (p) {
+		p = strchr(p, OIDC_CHAR_COLON);
 		// skip over the ":" to point to the actual port number
-		p++;
+		if (p)
+			p++;
+	}
 
 	return p;
 }