I reviewed net-cpp 0.0.1+14.10.20140611-0ubuntu1 as checked into utopic.
net-cpp is a library interface to provide a REST-ful wrapper around
libcurl for C++ progams.
Compiling net-cpp required libjsoncpp-dev from universe.
- Build deps: cmake, debhelper (>= 9), doxygen, google-mock, graphviz,
libboost-dev, libboost-serialization-dev, libboost-system-dev, libcurl3,
libcurl4-openssl-dev, libjsoncpp-dev, libprocess-cpp-dev, pkg-config,
python-decorator, python-flask, python-flask-script, python-simplejson,
- Embedded httpbin tarball
- Provides a library interface to curl
- No daemons
- No listening sockets
- Does not itself run as a system user
- No post,pre inst,rm
- No initscripts
- No dbus services
- No setuid
- No binaries
- No sudo fragments
- No udev rules
- Some tests are included and run during the build
- No cron jobs
- Fairly noisy logs mostly due to documentation generation
- No subprocesses spawned
- Memory manage looked sane
- Doesn't itself do file operations
- Logging functions looked sane
- No environment variables used
- No privileged functions used
- Does not itself use cryptography
- Properly requests curl hostname and certificate validation
- Does not itself do networking operations
- No portions of code are privileged
- No temporary files
- No webkit
- No javascript
- Clean cppcheck
- No polkit
Net-cpp is high-quality professional code. I only spotted one potential
problem, the occasional multiplication of size and nmemb variables, that
might lead to integer overflow issues. This feels unlikely to be a real
security threat but it would be nice to use an API that doesn't rely upon
the unchecked multiplication of these variables:
context.body.write(data, size * nmemb);
const char* end = begin + size*nmemb;
Security team ACK for promotion to main.
Thanks
** Changed in: net-cpp (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1340399
Title:
[MIR] net-cpp
To manage notifications about this bug go to:
https://bugs.launchpad.net/net-cpp/+bug/1340399/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
