diff options
author | Allen Winter <allen.winter@kdab.com> | 2022-06-02 08:25:28 -0400 |
---|---|---|
committer | Allen Winter <allen.winter@kdab.com> | 2022-06-02 08:25:28 -0400 |
commit | c30a603deafadad23ba84ba07f134c2a56fe5e16 (patch) | |
tree | 9ed04ba3aaad06ed1879eb6b83ad8c2fa7e0518a | |
parent | 03b1648a3babe2a7cb51bb5cb18c9edc825f7f5a (diff) | |
parent | b7bbcbb9b43e7c3dcc5057cbd0f79ab8d525ab0e (diff) | |
download | libical-git-c30a603deafadad23ba84ba07f134c2a56fe5e16.tar.gz |
Merge branch '3.0'
-rw-r--r-- | .github/workflows/codacy.yml | 60 | ||||
-rw-r--r-- | .github/workflows/codeql.yml | 72 | ||||
-rw-r--r-- | .pre-commit-config.yaml | 8 | ||||
-rwxr-xr-x | scripts/buildtests.sh | 1 | ||||
-rw-r--r-- | src/libical/icaltime.c | 4 | ||||
-rw-r--r-- | src/libical/icalvalue.c | 7 |
6 files changed, 145 insertions, 7 deletions
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml new file mode 100644 index 00000000..d2000770 --- /dev/null +++ b/.github/workflows/codacy.yml @@ -0,0 +1,60 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ 3.0 ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ 3.0 ] + schedule: + - cron: '18 8 * * 4' + +permissions: + contents: read + +jobs: + codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v3 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..67130d3b --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,72 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ 3.0 ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ 3.0 ] + schedule: + - cron: '32 22 * * 5' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'cpp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # âšī¸ Command-line programs to run using the OS shell. + # đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e41c34c1..afb1a3a8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,10 +10,10 @@ repos: - id: check-case-conflict - id: check-yaml - id: check-json -- repo: https://github.com/pre-commit/mirrors-clang-format - rev: v13.0.0 - hooks: - - id: clang-format +#- repo: https://github.com/pre-commit/mirrors-clang-format +# rev: v13.0.0 +# hooks: +# - id: clang-format - repo: https://github.com/PyCQA/pylint rev: v2.12.2 hooks: diff --git a/scripts/buildtests.sh b/scripts/buildtests.sh index fd0504f0..6dc085f2 100755 --- a/scripts/buildtests.sh +++ b/scripts/buildtests.sh @@ -328,6 +328,7 @@ CPPCHECK() { -D size_t="unsigned long" \ -D bswap32="" \ -D PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP=0 \ + -D MIN="" \ -D _unused="(void)" \ -D _deprecated="(void)" \ -D ICALMEMORY_DEFAULT_FREE="free" \ diff --git a/src/libical/icaltime.c b/src/libical/icaltime.c index fd1bf3d8..33209508 100644 --- a/src/libical/icaltime.c +++ b/src/libical/icaltime.c @@ -434,7 +434,7 @@ static const int _days_in_month[] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, int icaltime_days_in_month(const int month, const int year) { - int days = _days_in_month[month]; + int days; /* The old code aborting if it was passed a parameter like BYMONTH=0 * Unfortunately it's not practical right now to pass an error all @@ -448,6 +448,8 @@ int icaltime_days_in_month(const int month, const int year) return 30; } + days = _days_in_month[month]; + if (month == 2) { days += icaltime_is_leap_year(year); } diff --git a/src/libical/icalvalue.c b/src/libical/icalvalue.c index 1becb059..e3053177 100644 --- a/src/libical/icalvalue.c +++ b/src/libical/icalvalue.c @@ -905,10 +905,13 @@ static char *icalvalue_utcoffset_as_ical_string_r(const icalvalue *value) m = (data - (h * 3600)) / 60; s = (data - (h * 3600) - (m * 60)); + h = MIN(abs(h), 23); + m = MIN(abs(m), 59); + s = MIN(abs(s), 59); if (s != 0) { - snprintf(str, 9, "%c%02d%02d%02d", sign, abs(h), abs(m), abs(s)); + snprintf(str, 9, "%c%02d%02d%02d", sign, h, m, s); } else { - snprintf(str, 9, "%c%02d%02d", sign, abs(h), abs(m)); + snprintf(str, 9, "%c%02d%02d", sign, h, m); } return str; |