diff --git a/.github/workflows/cmake-linux.yml b/.github/workflows/cmake-linux.yml index e88fa5684..471bfa6bf 100644 --- a/.github/workflows/cmake-linux.yml +++ b/.github/workflows/cmake-linux.yml @@ -7,11 +7,11 @@ concurrency: cancel-in-progress: ${{ github.ref_name != 'master' }} on: - # push: - # branches: - # - master - # pull_request: - # types: [opened, synchronize, reopened] + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] # Allows you to run this workflow manually from the Actions tab workflow_dispatch: diff --git a/.github/workflows/plgd-device-test-with-cfg.yml b/.github/workflows/plgd-device-test-with-cfg.yml index e433c812b..48f7605f4 100644 --- a/.github/workflows/plgd-device-test-with-cfg.yml +++ b/.github/workflows/plgd-device-test-with-cfg.yml @@ -113,7 +113,7 @@ jobs: if: ${{ inputs.coverage }} id: coverage run: | - SUFFIX=`echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} ${{ inputs.name }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' '` + SUFFIX=$(echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} ${{ inputs.name }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' ') echo "filename=coverage-plgd-device-${SUFFIX}.json" >> $GITHUB_OUTPUT echo "artifact=plgd-device-${SUFFIX}-coverage" >> $GITHUB_OUTPUT diff --git a/.github/workflows/plgd-dps-test-with-cfg.yml b/.github/workflows/plgd-dps-test-with-cfg.yml index 693478a60..633abc85d 100644 --- a/.github/workflows/plgd-dps-test-with-cfg.yml +++ b/.github/workflows/plgd-dps-test-with-cfg.yml @@ -38,7 +38,9 @@ on: required: false default: false env: - TEST_DPS_IMAGE: ghcr.io/plgd-dev/hub/test-device-provisioning-service:latest + # TODO + # TEST_DPS_IMAGE: ghcr.io/plgd-dev/hub/test-device-provisioning-service:latest + TEST_DPS_IMAGE: ghcr.io/plgd-dev/hub/test-device-provisioning-service:vnext jobs: plgd-hub-test-with-cfg: @@ -132,7 +134,7 @@ jobs: if: ${{ inputs.coverage }} id: coverage run: | - SUFFIX=`echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} -DBUILD_TESTING=ON ${{ inputs.args }}" | sha1sum | cut -f 1 -d ' '` + SUFFIX=$(echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} -DBUILD_TESTING=ON ${{ inputs.args }}" | sha1sum | cut -f 1 -d ' ') echo "filename=coverage-plgd-dps-${SUFFIX}.json" >> $GITHUB_OUTPUT echo "filename_obt=coverage-plgd-dps-obt-${SUFFIX}.json" >> $GITHUB_OUTPUT echo "artifact=plgd-dps-${SUFFIX}-coverage" >> $GITHUB_OUTPUT diff --git a/.github/workflows/plgd-dps-tests.yml b/.github/workflows/plgd-dps-tests.yml index 4cb30e343..ef568b0eb 100644 --- a/.github/workflows/plgd-dps-tests.yml +++ b/.github/workflows/plgd-dps-tests.yml @@ -8,9 +8,9 @@ name: Run plgd/hub/dps tests with dps_cloud_server on: # Triggers the workflow on push or pull request events but only for the master branch push: -# branches: [master] -# pull_request: -# branches: [master] + branches: [master] + pull_request: + branches: [master] # Allows you to run this workflow manually from the Actions tab workflow_dispatch: diff --git a/.github/workflows/plgd-hub-test-with-cfg.yml b/.github/workflows/plgd-hub-test-with-cfg.yml index e33881d81..327b7a3a8 100644 --- a/.github/workflows/plgd-hub-test-with-cfg.yml +++ b/.github/workflows/plgd-hub-test-with-cfg.yml @@ -107,7 +107,7 @@ jobs: if: ${{ inputs.coverage }} id: coverage run: | - SUFFIX=`echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} ${{ inputs.args }} ${{ inputs.docker_args }} ${{ inputs.hub_args }} ${{ inputs.name }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' '` + SUFFIX=$(echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ inputs.build_args }} ${{ inputs.args }} ${{ inputs.docker_args }} ${{ inputs.hub_args }} ${{ inputs.name }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' ') echo "filename=coverage-plgd-hub-${SUFFIX}.json" >> $GITHUB_OUTPUT echo "artifact=plgd-hub-${SUFFIX}-coverage" >> $GITHUB_OUTPUT diff --git a/.github/workflows/sonar-cloud-analysis.yml b/.github/workflows/sonar-cloud-analysis.yml index e71bcc2a4..d0607d783 100644 --- a/.github/workflows/sonar-cloud-analysis.yml +++ b/.github/workflows/sonar-cloud-analysis.yml @@ -44,48 +44,48 @@ jobs: build_type: Debug coverage: true - # plgd-device-tests: - # strategy: - # fail-fast: false - # matrix: - # include: - # - name: cloud-server - # build_args: "" - # - name: cloud-server-access-in-RFOTM-concurrent-requests-1 - # build_args: "-DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1" - # - name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc - # build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON" - # # try with SHA384 - # cert_signature_algorithm: ECDSA-SHA384 - # cert_elliptic_curve: P384 - # uses: ./.github/workflows/plgd-device-test-with-cfg.yml - # with: - # name: ${{ matrix.name }} - # build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}" - # build_type: Debug - # cert_signature_algorithm: ${{ matrix.cert_signature_algorithm }} - # cert_elliptic_curve: ${{ matrix.cert_elliptic_curve }} - # coverage: true - - # plgd-hub-tests: - # strategy: - # fail-fast: false - # matrix: - # include: - # - name: cloud-server-discovery-resource-observable-access-in-RFOTM - # build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON" - # - name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc-concurrent-requests-1 - # build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1" - # - name: dtls-cloud-server-rep-realloc - # build_args: "-DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON" - # hub_args: "-e COAP_GATEWAY_UDP_ENABLED=true" - # uses: ./.github/workflows/plgd-hub-test-with-cfg.yml - # with: - # name: ${{ matrix.name }} - # build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}" - # build_type: Debug - # coverage: true - # hub_args: ${{ matrix.hub_args }} + plgd-device-tests: + strategy: + fail-fast: false + matrix: + include: + - name: cloud-server + build_args: "" + - name: cloud-server-access-in-RFOTM-concurrent-requests-1 + build_args: "-DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1" + - name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc + build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON" + # try with SHA384 + cert_signature_algorithm: ECDSA-SHA384 + cert_elliptic_curve: P384 + uses: ./.github/workflows/plgd-device-test-with-cfg.yml + with: + name: ${{ matrix.name }} + build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}" + build_type: Debug + cert_signature_algorithm: ${{ matrix.cert_signature_algorithm }} + cert_elliptic_curve: ${{ matrix.cert_elliptic_curve }} + coverage: true + + plgd-hub-tests: + strategy: + fail-fast: false + matrix: + include: + - name: cloud-server-discovery-resource-observable-access-in-RFOTM + build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON" + - name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc-concurrent-requests-1 + build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1" + - name: dtls-cloud-server-rep-realloc + build_args: "-DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON" + hub_args: "-e COAP_GATEWAY_UDP_ENABLED=true" + uses: ./.github/workflows/plgd-hub-test-with-cfg.yml + with: + name: ${{ matrix.name }} + build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}" + build_type: Debug + coverage: true + hub_args: ${{ matrix.hub_args }} plgd-dps-tests: uses: ./.github/workflows/plgd-dps-test-with-cfg.yml @@ -99,8 +99,7 @@ jobs: runs-on: ubuntu-22.04 env: BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed - needs: [unit-tests, plgd-dps-tests] - # needs: [unit-tests, plgd-device-tests, plgd-hub-tests, plgd-dps-tests] + needs: [unit-tests, plgd-device-tests, plgd-hub-tests, plgd-dps-tests] steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/unit-test-with-cfg.yml b/.github/workflows/unit-test-with-cfg.yml index 0f2abbc42..886d82a88 100644 --- a/.github/workflows/unit-test-with-cfg.yml +++ b/.github/workflows/unit-test-with-cfg.yml @@ -123,7 +123,7 @@ jobs: if: ${{ inputs.coverage }} id: coverage run: | - SUFFIX=`echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ steps.cmake_flags.outputs.compiler }} ${{ inputs.build_args }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' '` + SUFFIX=$(echo "-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} ${{ steps.cmake_flags.outputs.compiler }} ${{ inputs.build_args }} -DBUILD_TESTING=ON" | sha1sum | cut -f 1 -d ' ') echo "filename=coverage-unix-${SUFFIX}.json" >> $GITHUB_OUTPUT echo "artifact=unit-test-${SUFFIX}-coverage" >> $GITHUB_OUTPUT diff --git a/CMakeLists.txt b/CMakeLists.txt index daea566da..cc74744d8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -682,7 +682,9 @@ if(OC_SECURITY_ENABLED) endif() if(PLGD_DEV_DEVICE_PROVISIONING_ENABLED) -include(api/plgd/plgd.cmake) + file(GLOB PLGD_DPS_SRC + ${PROJECT_SOURCE_DIR}/api/plgd/device-provisioning-client/*.c + ) endif() add_library(client-server-obj OBJECT ${COMMON_SRC} ${CLIENT_SRC} ${PLGD_DPS_SRC}) diff --git a/api/plgd/plgd.cmake b/api/plgd/plgd.cmake deleted file mode 100644 index 58576f900..000000000 --- a/api/plgd/plgd.cmake +++ /dev/null @@ -1,5 +0,0 @@ -include_guard(GLOBAL) - -file(GLOB PLGD_DPS_SRC - ${PROJECT_SOURCE_DIR}/api/plgd/device-provisioning-client/*.c -) diff --git a/api/plgd/unittest/plgd_dps_endpoints.cpp b/api/plgd/unittest/plgd_dps_endpoints.cpp index b1d02d3bc..eb99ddad5 100644 --- a/api/plgd/unittest/plgd_dps_endpoints.cpp +++ b/api/plgd/unittest/plgd_dps_endpoints.cpp @@ -165,7 +165,7 @@ TEST_F(DPSEndpointsTest, EndpointsAPI) ep3_newname.length()); verify_selected_endpoint(ep3, ep3_uri, ep3_newname); - EXPECT_TRUE(plgd_dps_remove_endpoint_address(ctx.get(), toSelect)); + ASSERT_TRUE(plgd_dps_remove_endpoint_address(ctx.get(), toSelect)); } #endif /* OC_HAS_FEATURE_PLGD_DEVICE_PROVISIONING */ diff --git a/api/plgd/unittest/plgd_dps_log.cpp b/api/plgd/unittest/plgd_dps_log.cpp index da812e596..ec1e8dd8b 100644 --- a/api/plgd/unittest/plgd_dps_log.cpp +++ b/api/plgd/unittest/plgd_dps_log.cpp @@ -59,7 +59,7 @@ static void printLog(oc_log_level_t log_level, const char *file, int line, const char *func_name, const char *format, va_list args) { - printf("[%s:%d %s]<%s:%s>: ", file, line, func_name, + printf("[%s:%d %s]<%s>: ", file, line, func_name, oc_log_level_to_label(log_level)); vprintf(format, args); printf("\n"); diff --git a/api/plgd/unittest/plgd_dps_manager.cpp b/api/plgd/unittest/plgd_dps_manager.cpp index 117c9fab2..b6ec7fbbf 100644 --- a/api/plgd/unittest/plgd_dps_manager.cpp +++ b/api/plgd/unittest/plgd_dps_manager.cpp @@ -106,6 +106,7 @@ TEST_F(TestDPSManager, StartAlreadyStarted) plgd_dps_manager_stop(&ctx); dps_context_list_remove(&ctx); + dps_context_deinit(&ctx); ASSERT_TRUE(oc_sec_remove_cred_by_credid(mfg_credid, kDeviceID)); } @@ -114,6 +115,7 @@ TEST_F(TestDPSManager, GetProvisionAndCloudObserverFlags) plgd_time_set_time(oc_clock_time()); plgd_dps_context_t ctx{}; + dps_context_init(&ctx, kDeviceID); auto pof = dps_get_provision_and_cloud_observer_flags(&ctx); uint32_t provision_flags = PLGD_DPS_HAS_TIME; uint8_t cloud_observer_status = 0; @@ -181,6 +183,7 @@ TEST_F(TestDPSManager, GetProvisionAndCloudObserverFlags) ASSERT_TRUE(oc_sec_remove_cred_by_credid(root_credid, kDeviceID)); #endif /* OC_DYNAMIC_ALLOCATION */ + dps_context_deinit(&ctx); plgd_time_set_time(0); plgd_time_set_status(PLGD_TIME_STATUS_IN_SYNC); } diff --git a/api/plgd/unittest/plgd_dps_provision_owner.cpp b/api/plgd/unittest/plgd_dps_provision_owner.cpp index 6a5ca7ad0..b872b3f05 100644 --- a/api/plgd/unittest/plgd_dps_provision_owner.cpp +++ b/api/plgd/unittest/plgd_dps_provision_owner.cpp @@ -65,7 +65,7 @@ TEST_F(TestProvisionOwnerWithDevice, GetOwner_FailInvalidDOSState) pstat->s = OC_DOS_RFOTM; plgd_dps_context_t ctx{}; - ctx.device = 42; + ctx.device = kDeviceID; EXPECT_FALSE(dps_get_owner(&ctx)); pstat->s = OC_DOS_RFNOP; diff --git a/api/plgd/unittest/plgd_dps_time.cpp b/api/plgd/unittest/plgd_dps_time.cpp index 2113b6fd1..a738954e9 100644 --- a/api/plgd/unittest/plgd_dps_time.cpp +++ b/api/plgd/unittest/plgd_dps_time.cpp @@ -62,7 +62,7 @@ TEST_F(TestDPSTimeWithDevice, GetTime_FailInvalidDOSState) pstat->s = OC_DOS_RFOTM; plgd_dps_context_t ctx{}; - ctx.device = 42; + ctx.device = kDeviceID; EXPECT_FALSE(dps_get_plgd_time(&ctx)); pstat->s = OC_DOS_RFNOP; diff --git a/apps/dps_cloud_server.c b/apps/dps_cloud_server.c index 7f131b3ba..23fd04de6 100644 --- a/apps/dps_cloud_server.c +++ b/apps/dps_cloud_server.c @@ -957,6 +957,16 @@ dps_read_pem(const char *file_path, char *buffer, size_t *buffer_size) return -1; } +static void +dps_concat_paths(char *buffer, size_t buffer_size, const char *cert_dir, + const char *file) +{ + memset(buffer, 0, buffer_size); + strncpy(buffer, cert_dir, buffer_size); + // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.strcpy) + strcat(buffer, file); +} + /** * @brief Add manufacturer's trusted root certificate authority and * manufacturer's certificate to the device. @@ -981,10 +991,7 @@ dps_add_certificates(const plgd_dps_context_t *dps_ctx, const char *cert_dir) } else { unsigned char dps_ca[CERT_BUFFER_SIZE]; size_t dps_ca_size = sizeof(dps_ca) / sizeof(unsigned char); - memset(path, 0, sizeof(path)); - strncpy(path, cert_dir, sizeof(path)); - strcat(path, - "/dpsca.pem"); // NOLINT(clang-analyzer-security.insecureAPI.strcpy) + dps_concat_paths(path, sizeof(path), cert_dir, "/dpsca.pem"); if (dps_read_pem(path, (char *)dps_ca, &dps_ca_size) < 0) { printf("ERROR: unable to read %s\n", path); goto error; @@ -1000,20 +1007,14 @@ dps_add_certificates(const plgd_dps_context_t *dps_ctx, const char *cert_dir) unsigned char mfg_crt[CERT_BUFFER_SIZE]; size_t mfg_crt_size = sizeof(mfg_crt) / sizeof(unsigned char); - memset(path, 0, sizeof(path)); - strncpy(path, cert_dir, sizeof(path)); - strcat(path, - "/mfgcrt.pem"); // NOLINT(clang-analyzer-security.insecureAPI.strcpy) + dps_concat_paths(path, sizeof(path), cert_dir, "/mfgcrt.pem"); if (dps_read_pem(path, (char *)mfg_crt, &mfg_crt_size) < 0) { printf("ERROR: unable to read %s\n", path); goto error; } unsigned char mfg_key[CERT_BUFFER_SIZE]; size_t mfg_key_size = sizeof(mfg_key) / sizeof(unsigned char); - memset(path, 0, sizeof(path)); - strncpy(path, cert_dir, sizeof(path)); - strcat(path, - "/mfgkey.pem"); // NOLINT(clang-analyzer-security.insecureAPI.strcpy) + dps_concat_paths(path, sizeof(path), cert_dir, "/mfgkey.pem"); if (dps_read_pem(path, (char *)mfg_key, &mfg_key_size) < 0) { printf("ERROR: unable to read %s\n", path); goto error; @@ -1617,12 +1618,13 @@ static bool add_endpoint(const char *endpoint) { #if OC_DYNAMIC_ALLOCATION - g_dps_endpoint = (char **)realloc(g_dps_endpoint, (g_dps_endpoint_count + 1) * - sizeof(char *)); - if (g_dps_endpoint == NULL) { + char **new_dps_endpoint_buffer = (char **)realloc( + g_dps_endpoint, (g_dps_endpoint_count + 1) * sizeof(char *)); + if (new_dps_endpoint_buffer == NULL) { printf("ERROR: failed to allocate memory for list of endpoints\n"); return false; } + g_dps_endpoint = new_dps_endpoint_buffer; g_dps_endpoint[g_dps_endpoint_count] = strdup(endpoint); if (g_dps_endpoint[g_dps_endpoint_count] == NULL) { printf("ERROR: failed to allocate memory for endpoint\n"); @@ -1813,9 +1815,7 @@ parse_options(int argc, char *argv[], parse_options_result_t *parsed_options) printf("ERROR: failed to resolve parent directory\n"); return false; } - strncpy(g_dps_cert_dir, dir, sizeof(g_dps_cert_dir) - 1); - strcat(g_dps_cert_dir, - "/pki_certs"); // NOLINT(clang-analyzer-security.insecureAPI.strcpy) + dps_concat_paths(g_dps_cert_dir, sizeof(g_dps_cert_dir), dir, "/pki_certs"); free(dir); #ifdef PLGD_DPS_FAKETIME diff --git a/security/oc_pstat.c b/security/oc_pstat.c index 988345c46..7403d902e 100644 --- a/security/oc_pstat.c +++ b/security/oc_pstat.c @@ -444,7 +444,7 @@ oc_sec_get_pstat(size_t device) bool oc_sec_is_operational(size_t device) { - return g_pstat[device].isop; + return oc_sec_get_pstat(device)->isop; } bool @@ -456,7 +456,7 @@ oc_sec_pstat_is_in_dos_state(const oc_sec_pstat_t *ps, unsigned dos_mask) bool oc_device_is_in_dos_state(size_t device, unsigned dos_mask) { - return oc_sec_pstat_is_in_dos_state(&g_pstat[device], dos_mask); + return oc_sec_pstat_is_in_dos_state(oc_sec_get_pstat(device), dos_mask); } void