Skip to content

Coverity issue shows up after using pattern keyword for string data type #2941

New issue
New issue
Closed
Closed
Coverity issue shows up after using pattern keyword for string data type#2941
@alireza-mht

Description

@alireza-mht
alireza-mht
opened on May 10, 2023

Problem statement

After using the pattern keyword for string data type, we can see Coverity issue on the go swagger generated code. It shows Explicit null dereferenced error in the operation files.

Swagger specification

Using pattern for the model parameters:

xyz:
    user:
         title: Username
         description: Username
         type: string 
         pattern: '^[^<>]+$'
required:
      - user

Using the path below:

/update:
   post:
      consumes:
        - application/json
      parameters:
        - in: body
          name: xyz
          schema:
            type: object
            $ref: '#/definitions/xyz'
      responses:
        200: # OK
          schema:
            type: string
        400: # Bad Request
          description: The parameters are incorrect
        500: # Internal Error
          description: Internal error
        503: # Service Unavailable
          description: Database unavailable

Coverity scans return the Explicit null dereferenced error on the operation file "post_update_parameters.go" (coverity errors are shown with """ ):

func (o *PostUpdateParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
	var res []error

	o.HTTPRequest = r

	if runtime.HasBody(r) {
		defer r.Body.Close()
"""
assign_null Assigning: body.User = nil.
"""
		var body models.Xyz
		if err := route.Consumer.Consume(r.Body, &body); err != nil {
			res = append(res, errors.NewParseError("Xyz", "body", "", err))
		} else {
			// validate body object
"""		
CID 399294: (#2 of 2): Explicit null dereferenced (FORWARD_NULL)
var_deref_model Validate dereferences null body.User
"""
			if err := body.Validate(route.Formats); err != nil {
				res = append(res, err)
			}

			ctx := validate.WithOperationRequest(r.Context())
			if err := body.ContextValidate(ctx, route.Formats); err != nil {
				res = append(res, err)
			}

			if len(res) == 0 {
				o.Xyz = &body
			}
		}
	}
	if len(res) > 0 {
		return errors.CompositeValidationError(res...)
	}
	return nil
}

In the body.validate function we have the below error (coverity errors are shown with """ ):

// Validate validates this backup credential
func (m *Xyz) Validate(formats strfmt.Registry) error {
	var res []error
"""
cond_true Condition err != nil, taking true branch
"""
	if err := m.validateUser(formats); err != nil {
		res = append(res, err)
	}

	if len(res) > 0 {
		return errors.CompositeValidationError(res...)
	}
	return nil
}

Steps to reproduce

Running Coverity scans on the swagger API project

Environment

swagger version: v0.30.4
go version: 1.20
Coverity: 2022.12.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions