Skip to content

Instantly share code, notes, and snippets.

@TimRots

TimRots/scan-build_exim4922_centos7.sh

Last active February 16, 2020 17:49
Show Gist options
  • Save TimRots/faae999d7c9f7a6abde0c1b628693dd0 to your computer and use it in GitHub Desktop.
Save TimRots/faae999d7c9f7a6abde0c1b628693dd0 to your computer and use it in GitHub Desktop.
Download ZIP
Bash script to generate Clang scan-build report for exim-4.92.2 on CentOS 7
Raw
scan-build_exim4922_centos7.sh
#!/usr/bin/env bash
# bash script to generate Clang scan-build report for exim-4.92.2 on CentOS Linux release 7.6.1810 (Core)
# dependencies
sudo yum install libdb-devel.x86_64 pcre2.x86_64 libXt-devel.x86_64 libXaw-devel.x86_64 -y
wget https://ftp.exim.org/pub/exim/exim4/exim-4.92.2.tar.gz
tar xzvf exim-4.92.2.tar.gz && cd exim-4.92.2
sed -e "s,^EXIM_USER.*$,EXIM_USER=exim," Local/Makefile src/EDITME > Local/Makefile && cp exim_monitor/EDITME Local/eximon.conf
sudo groupadd -g 31 exim
sudo useradd -d /dev/null -c "Exim Daemon" -g exim -s /bin/false -u 31 exim
# if a newer clang version is present, CHECKERS can lazily be rebuild using a for loop like:
# $ for i in $(man scan-build|grep -E 'unix|security|core'|grep -v osx|sort);do echo -enable-checker ${i} \\;done
CHECKERS="\
-enable-checker core.builtin.BuiltinFunctions \
-enable-checker core.builtin.NoReturnFunctions \
-enable-checker core.CallAndMessage \
-enable-checker core.DivideZero \
-enable-checker core.NullDereference \
-enable-checker core.NonNullParamChecker \
-enable-checker core.StackAddressEscape \
-enable-checker core.UndefinedBinaryOperatorResult \
-enable-checker core.uninitialized.ArraySubscript \
-enable-checker core.uninitialized.Assign \
-enable-checker core.uninitialized.Branch \
-enable-checker core.uninitialized.CapturedBlockVariable \
-enable-checker core.uninitialized.UndefReturn \
-enable-checker core.VLASize \
-enable-checker security.FloatLoopCounter \
-enable-checker security.insecureAPI.getpw \
-enable-checker security.insecureAPI.gets \
-enable-checker security.insecureAPI.mkstemp \
-enable-checker security.insecureAPI.mktemp \
-enable-checker security.insecureAPI.rand \
-enable-checker security.insecureAPI.strcpy \
-enable-checker security.insecureAPI.UncheckedReturn \
-enable-checker security.insecureAPI.vfork \
-enable-checker unix.API \
-enable-checker unix.MismatchedDeallocator \
-enable-checker unix.MallocSizeof \
-enable-checker unix.MismatchedDeallocator \
-enable-checker unix.cstring.BadSizeArg \
-enable-checker unix.cstring.NullArg \
-enable-checker unix.Malloc \
"
scan-build -o $(pwd)-report \
$CHECKERS \
make -j2
unset CHECKERS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment