View Source

This checks free statement for a parameter object from using a Tizen API such as "system_info_get_value_string" and "system_settings_get_value_string".

but, function list can be modified. (we will add more and more) => this checker should be a general purpose.

thus, checker config can be like below:

{
  "code": "CHECK_FREE_STMT_PARAM",
  "name": "Checking Free Statement for a parameter object",
  "type": "BOTH",
  "categoryName": "Tizen",
  "severityCode": "CRI",
  "version": "2.5.32",
  "description": "You should have free statement for a parameter by calling ${methodName}",
  "isActive": true,
  "properties": {
    "method-list": "system_info_get_value_string, system_settings_get_value_string"
  },
  "cwe": 0
}

${methodName} : it should be replaced by a real method name that you found in a source file.
"method-list" : it should have value that divided by ','(comma). for example, "methodName1,methodName2,methodName3"
you have to check method name that divided by comma.
- so far, we have two method name : system_info_get_value_string, system_settings_get_value_string
- for now, we need to check just for second parameter of method :
- you can get this value by calling : String value = Your_Checker.getProperty("method-list");

refer to below example:

Field

Contents

Category Tizen API (Memory Management)

Severity Critical

Title

The list of interfaces user needs to release the memory allocated by "System Settings API"

Description int system_settings_get_value_string(system_settings_key_e key, char ** value)

Bad Code

1

2

3

4

5

6

7

char *settingValue = NULL;
result = system_settings_get_value_string(systemkey, &settingValue);
...
if(settingValue)
{
         settingValue=NULL;
}

Clean Code

1

2

3

4

5

6

7

8

char *settingValue = NULL;
result = system_settings_get_value_string(systemkey, &settingValue);
...
if(settingValue)
{
         free(settingValue);
         settingValue=NULL;
}