Release 4.3.7 - Release Candidate 1 - Coverity scan

[vikman90]

Main RC issue	Version	RC	Tag	Previous issue
#14562	4.3.7	1	v4.3.7-rc1

This issue will show the results of the Coverity scan for the current RC.

• Coverity dashboard

Auditors' validation

• @vikman90

[vikman90]

Summary

Build ID	Coverity version	Platform	New defects found	Defects eliminated
473904	2022.6.0	Ubuntu 22.04	49	1

Results

New defects

Status	CID	Type	Impact	Date	Component
🔴	1519900	Use of 32-bit time_t	High	August 16, 2022	Fluent forwarder module
🔴	1519899	Use of 32-bit time_t	High	August 16, 2022	DBD
🔴	1519898	Use of 32-bit time_t	High	August 16, 2022	Task module
🟣	1519897	Logically dead code	Medium	August 16, 2022	Nlohmann library
🔴	1519896	Use of 32-bit time_t	High	August 16, 2022	Task module
🔴	1519895	Use of 32-bit time_t	High	August 16, 2022	Integrator
🔴	1519894	Use of 32-bit time_t	High	August 16, 2022	SCA
🔴	1519893	Use of 32-bit time_t	High	August 16, 2022	Vulnerability Detector
🔴	1519892	Use of 32-bit time_t	High	August 16, 2022	Wazuh DB
🔴	1519891	Use of 32-bit time_t	High	August 16, 2022	Wazuh DB
🔴	1519890	Out-of-bounds access	High	August 16, 2022	Regex library
🔴	1519889	Use of 32-bit time_t	High	August 16, 2022	Agentd
🔴	1519888	Use of 32-bit time_t	High	August 16, 2022	DBD
🔴	1519887	Use of 32-bit time_t	High	August 16, 2022	Task module
🔴	1519886	Use of 32-bit time_t	High	August 16, 2022	Authd
🔴	1519885	Use of 32-bit time_t	High	August 16, 2022	Rsync
🔴	1519884	Use of 32-bit time_t	High	August 16, 2022	Vulnerability Detector
🔵	1519883	Using a moved object	High	August 16, 2022	C++ Library
🔴	1519882	Use of 32-bit time_t	High	August 16, 2022	Remoted
🔵	1519881	AUTO_CAUSES_COPY	High	August 16, 2022	C++ Library
🔴	1519880	Use of 32-bit time_t	High	August 16, 2022	GitHub integration
🔴	1519879	Use of 32-bit time_t	High	August 16, 2022	Office365 integration
🔴	1519878	Use of 32-bit time_t	High	August 16, 2022	Google Cloud integration
🔴	1519877	Use of 32-bit time_t	High	August 16, 2022	Agentless
🔴	1519876	Use of 32-bit time_t	High	August 16, 2022	FIM
🔴	1519875	Use of 32-bit time_t	High	August 16, 2022	Agentd
🔴	1519874	Use of 32-bit time_t	High	August 16, 2022	CIS-CAT integration
🔴	1519873	Use of 32-bit time_t	High	August 16, 2022	SCA
🔴	1519872	Use of 32-bit time_t	High	August 16, 2022	Authd
🔴	1519871	Use of 32-bit time_t	High	August 16, 2022	manage_agents tool
🔴	1519870	Logically dead code	Medium	August 16, 2022	Analysisd
🔴	1519869	Use of 32-bit time_t	High	August 16, 2022	Commands module
🔴	1519868	Use of 32-bit time_t	High	August 16, 2022	Agentd
🔴	1519867	Use of 32-bit time_t	High	August 16, 2022	OpenSCAP integration
🔴	1519866	Use of 32-bit time_t	High	August 16, 2022	Wazuh DB
🔴	1519865	Use of 32-bit time_t	High	August 16, 2022	Wazuh DB
🔴	1519864	Use of 32-bit time_t	High	August 16, 2022	Docker integration
🔴	1519863	Use of 32-bit time_t	High	August 16, 2022	Agentless
🟡	1519862	AUTO_CAUSES_COPY	Low	August 16, 2022	Syscollector
🔴	1519861	Use of 32-bit time_t	High	August 16, 2022	Google Cloud integration
🔴	1519860	Use of 32-bit time_t	High	August 16, 2022	WPK upgrade
🔴	1519859	Use of 32-bit time_t	High	August 16, 2022	FIM
🔴	1519858	Use of 32-bit time_t	High	August 16, 2022	manage_agents tool
🔴	1519857	Use of 32-bit time_t	High	August 16, 2022	Azure integration
🔴	1519856	Use of 32-bit time_t	High	August 16, 2022	Task module
🟡	1519855	AUTO_CAUSES_COPY	Low	August 16, 2022	Data Provider
🔴	1519854	Use of 32-bit time_t	High	August 16, 2022	AWS integration
🔴	1519853	Use of 32-bit time_t	High	August 16, 2022	Vulnerability Detector
🟡	1519852	AUTO_CAUSES_COPY	Low	August 16, 2022	Syscollector

Previously detected defects

Status	CID	Type	Impact	Date	Component
🟣	1518942	Dereference after null check	Medium	Jul 15, 2022	Vulnerability Detector
🔴	1518063	Untrusted loop bound	Medium	Jun 3, 2022	Shared
⚪	1515495	String not null terminated	High	Mar 24, 2022	Analysisd
⚪	1515494	String not null terminated	High	Mar 24, 2022	Key request module
⚪	1515493	String not null terminated	High	Mar 24, 2022	Logcollector
🔴	1515492	Out-of-bounds access	High	Mar 24, 2022	Regex tool
⚪	1515491	String not null terminated	High	Mar 24, 2022	Remoted
⚪	1515490	Untrusted loop bound	Medium	Mar 24, 2022	Data Provider
⚪	1515489	String not null terminated	High	Mar 24, 2022	Shared
⚪	1510192	Incorrect sizeof expression	Medium	Nov 25, 2021	Shared
⚪	1510191	Incorrect sizeof expression	Medium	Nov 25, 2021	Shared
🟢	1510190	Waiting while holding a lock	Medium	Nov 25, 2021	Syscollector
🟢	1503041	Waiting while holding a lock	Medium	Mar 29, 2021	Authd
🟡	1503040	Untrusted value as argument	Medium	Mar 29, 2021	FIM
🟡	1503039	Filesystem path, filename, or URI manipulation	High	Mar 29, 2021	Modulesd
⚪	1503036	Illegal address computation	High	Mar 29, 2021	FIM
⚪	1503034	Cleartext sensitive data in a file	Low	Mar 29, 2021	Agentd
⚪	1503032	Cleartext transmission of sensitive data	High	Mar 29, 2021	Remoted
🟢	1503031	Cleartext sensitive data in a file	Low	Mar 29, 2021	Shared
🟡	1503028	Filesystem path, filename, or URI manipulation	High	Mar 29, 2021	Agentd
🟡	1503027	Filesystem path, filename, or URI manipulation	High	Mar 29, 2021	Wazuh DB
🟡	1500006	Waiting while holding a lock	Medium	Dec 5, 2020	Analysisd
🟡	1500005	Waiting while holding a lock	Medium	Dec 5, 2020	Modulesd
⚪	1500000	Data race condition	Medium	Dec 5, 2020	Wazuh DB
⚪	1493723	SQL injection	High	Dec 5, 2020	Wazuh DB
🟢	1479723	Waiting while holding a lock	Medium	May 15, 2020	Modulesd
🟢	1479722	Waiting while holding a lock	Medium	May 1, 2019	Shared
⚪	1476147	Incorrect sizeof expression	Medium	Dec 31, 2018	Shared
🟢	1474569	Data race condition	Medium	Oct 22, 2018	Analysisd
🟢	1473737	Waiting while holding a lock	Medium	Oct 1, 2018	Authd
⚪	1469286	Time of check time of use	Low	May 23, 2018	Shared
🟡	1378747	Untrusted allocation size	Medium	Nov 18, 2016	Analysisd
🟡	1378744	Untrusted loop bound	Medium	Nov 18, 2016	Analysisd
🟡	1378579	Time of check time of use	Low	Nov 16, 2016	Rootcheck
🟡	1378578	Time of check time of use	Low	Nov 16, 2016	Rootcheck
🟢	1378577	Time of check time of use	Low	Nov 16, 2016	Rootcheck
⚪	1378569	String not null terminated	High	Nov 16, 2016	FIM
⚪	1378547	Out-of-bounds access	High	Nov 16, 2016	Logcollector
⚪	1378529	Constant expression result	Medium	Nov 16, 2016	Shared
🟢	1358913	Uninitialized scalar field	Medium	Sep 16, 2016	C++ Library
⚪	1350415	Data race condition	Medium	Aug 4, 2016	C++ Library
🟢	1296302	Uninitialized scalar field	Medium	May 1, 2015	C++ Library
🟡	1035344	Untrusted loop bound	Medium	Jun 19, 2013	C++ Library

Status legend

🔴 Fix pending
🟡 Untriaged
🟢 Intentional
🔵 Ignore
🟣 Fixed
⚪ False positive

[vikman90]

None of the issues reported is caused in 4.3.7. Therefore, I close this issue.