From 61f657d940670cd59311cf1506a5fa9e7b60f8d6 Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Wed, 6 Jan 2021 15:58:23 -0500 Subject: [PATCH 1/4] Fix #101, Correct CFE_TBL_GetAddress return code check --- fsw/src/sample_app.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fsw/src/sample_app.c b/fsw/src/sample_app.c index eda7784..9c47dbb 100644 --- a/fsw/src/sample_app.c +++ b/fsw/src/sample_app.c @@ -400,7 +400,7 @@ int32 SAMPLE_APP_Process(const SAMPLE_APP_ProcessCmd_t *Msg) status = CFE_TBL_GetAddress((void *)&TblPtr, SAMPLE_APP_Data.TblHandles[0]); - if (status != CFE_SUCCESS) + if (status < CFE_SUCCESS) { CFE_ES_WriteToSysLog("Sample App: Fail to get table address: 0x%08lx", (unsigned long)status); return status; From 38830527672fda45f0c7a944932b105342d1ba6f Mon Sep 17 00:00:00 2001 From: Alex Campbell Date: Mon, 4 Jan 2021 10:44:42 -0500 Subject: [PATCH 2/4] Fix #115, Refactor UT_ClearForceFail to UT_ClearDefaultReturnValue --- unit-test/coveragetest/coveragetest_sample_app.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unit-test/coveragetest/coveragetest_sample_app.c b/unit-test/coveragetest/coveragetest_sample_app.c index 3398a85..d367202 100644 --- a/unit-test/coveragetest/coveragetest_sample_app.c +++ b/unit-test/coveragetest/coveragetest_sample_app.c @@ -593,7 +593,7 @@ void Test_SAMPLE_APP_GetCrc(void) SAMPLE_APP_GetCrc("UT"); UtAssert_True(UT_GetStubCount(UT_KEY(CFE_ES_WriteToSysLog)) == 1, "CFE_ES_WriteToSysLog() called"); - UT_ClearForceFail(UT_KEY(CFE_TBL_GetInfo)); + UT_ClearDefaultReturnValue(UT_KEY(CFE_TBL_GetInfo)); SAMPLE_APP_GetCrc("UT"); UtAssert_True(UT_GetStubCount(UT_KEY(CFE_ES_WriteToSysLog)) == 2, "CFE_ES_WriteToSysLog() called"); } From c9b33b156bb79bfbbd46d0c15f7b18216f19b054 Mon Sep 17 00:00:00 2001 From: Ariel Adams Date: Thu, 7 Jan 2021 13:14:00 -0600 Subject: [PATCH 3/4] Fix #118, Create Security Policy --- SECURITY.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..a1772e3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Reporting a Vulnerability + +To report a vulnerability for the sample_app subsystem please [submit an issue](https://github.com/nasa/sample_app/issues/new/choose). + +For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose) and see our [top-level security policy](https://github.com/nasa/cFS/security/policy). + +In either case please use the "Bug Report" template and provide as much information as possible. Apply appropraite labels for each report. For security related reports, tag the issue with the "security" label. + +## Additional Support + +For additional support, email us at cfs-program@lists.nasa.gov. For help using OSAL and cFS, [subscribe to our mailing list](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc. + +If you wish to report a cybersecurity incident or concern please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov. From 9ff6b49e8356190f13b2eeec9727bb1436161fab Mon Sep 17 00:00:00 2001 From: "Gerardo E. Cruz-Ortiz" <59618057+astrogeco@users.noreply.github.com> Date: Tue, 26 Jan 2021 19:47:43 -0500 Subject: [PATCH 4/4] Bump to v1.2.0-rc1+dev37 Update Readme --- README.md | 6 ++++++ fsw/src/sample_app_version.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 14dedf4..d49a60b 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,12 @@ sample_app is an example for how to build and link an application in cFS. See al ## Version History +### Development Build: 1.2.0-rc1+dev37 + +- Documentation: Add `Security.md` with instructions on reporting vulnerabilities +- Resolves bug where success code was reported as an error for `CFE_TBL_GetAddress`. +- Rename `UT_ClearForceFail` as `UT_ClearDefaultValue` given change from +- See ### Development Build: 1.2.0-rc1+dev29 diff --git a/fsw/src/sample_app_version.h b/fsw/src/sample_app_version.h index 577ea62..e788960 100644 --- a/fsw/src/sample_app_version.h +++ b/fsw/src/sample_app_version.h @@ -32,7 +32,7 @@ /* Development Build Macro Definitions */ -#define SAMPLE_APP_BUILD_NUMBER 29 /*!< Development Build: Number of commits since baseline */ +#define SAMPLE_APP_BUILD_NUMBER 37 /*!< Development Build: Number of commits since baseline */ #define SAMPLE_APP_BUILD_BASELINE \ "v1.2.0-rc1" /*!< Development Build: git tag that is the base for the current development */