From 2ad02654ec5a85b4afe2b27960e31e33878cca17 Mon Sep 17 00:00:00 2001 From: Joseph Hickey Date: Thu, 4 Mar 2021 16:17:19 -0500 Subject: [PATCH 1/3] Fix #126, simplify build to use wrappers and interface libs Use the wrapper functions now provided by CFE to simplify the build recipe and work with interface libraries --- CMakeLists.txt | 9 +++--- unit-test/CMakeLists.txt | 66 +++++++++++----------------------------- 2 files changed, 21 insertions(+), 54 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c37119c..bd1d332 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,16 +1,15 @@ -cmake_minimum_required(VERSION 2.6.4) project(CFE_SAMPLE_APP C) include_directories(fsw/mission_inc) include_directories(fsw/platform_inc) -# Include the public API from sample_lib to demonstrate how -# to call library-provided functions -include_directories(${sample_lib_MISSION_DIR}/fsw/public_inc) - # Create the app module add_cfe_app(sample_app fsw/src/sample_app.c) +# Include the public API from sample_lib to demonstrate how +# to call library-provided functions +add_cfe_app_dependency(sample_app sample_lib) + # Add table add_cfe_tables(sampleAppTable fsw/tables/sample_app_tbl.c) diff --git a/unit-test/CMakeLists.txt b/unit-test/CMakeLists.txt index 4890906..20f8f34 100644 --- a/unit-test/CMakeLists.txt +++ b/unit-test/CMakeLists.txt @@ -16,60 +16,28 @@ # - "coveragetest" contains source code for the actual unit test cases # The primary objective is to get line/path coverage on the FSW # code units. -# - "wrappers" contains wrappers for the FSW code. The wrapper adds -# any UT-specific scaffolding to facilitate the coverage test, and -# includes the unmodified FSW source file. # -set(UT_NAME sample_app) - # Use the UT assert public API, and allow direct # inclusion of source files that are normally private -include_directories(${osal_MISSION_DIR}/ut_assert/inc) include_directories(${PROJECT_SOURCE_DIR}/fsw/src) include_directories(${CMAKE_CURRENT_SOURCE_DIR}/inc) -# Generate a dedicated "testrunner" executable that executes the tests for each FSW code unit -# Although sample_app has only one source file, this is done in a loop such that -# the general pattern should work for several files as well. -foreach(SRCFILE sample_app.c) - get_filename_component(UNITNAME "${SRCFILE}" NAME_WE) - - set(TESTNAME "${UT_NAME}-${UNITNAME}") - set(UNIT_SOURCE_FILE "${CFE_SAMPLE_APP_SOURCE_DIR}/fsw/src/${UNITNAME}.c") - set(TESTCASE_SOURCE_FILE "coveragetest/coveragetest_${UNITNAME}.c") - - # Compile the source unit under test as a OBJECT - add_library(ut_${TESTNAME}_object OBJECT - ${UNIT_SOURCE_FILE} - ) - - # Apply the UT_COVERAGE_COMPILE_FLAGS to the units under test - # This should enable coverage analysis on platforms that support this - target_compile_options(ut_${TESTNAME}_object PRIVATE ${UT_COVERAGE_COMPILE_FLAGS}) - - # Compile a test runner application, which contains the - # actual coverage test code (test cases) and the unit under test - add_executable(${TESTNAME}-testrunner - ${TESTCASE_SOURCE_FILE} - $ - ) - - # This also needs to be linked with UT_COVERAGE_LINK_FLAGS (for coverage) - # This is also linked with any other stub libraries needed, - # as well as the UT assert framework - target_link_libraries(${TESTNAME}-testrunner - ${UT_COVERAGE_LINK_FLAGS} - ut_sample_lib_stubs - ut_cfe-core_stubs - ut_assert - ) - - # Add it to the set of tests to run as part of "make test" - add_test(${TESTNAME} ${TESTNAME}-testrunner) - foreach(TGT ${INSTALL_TARGET_LIST}) - install(TARGETS ${TESTNAME}-testrunner DESTINATION ${TGT}/${UT_INSTALL_SUBDIR}) - endforeach() - -endforeach() + +# Add a coverate test excutable called "sample_app-ALL" that +# covers all of the functions in sample_app. +# +# Also note in a more complex app/lib the coverage test can also +# be broken down into smaller units (in which case one should use +# a unique suffix other than "ALL" for each unit). For example, +# OSAL implements a separate coverage test per source unit. +add_cfe_coverage_test(sample_app ALL + "coveragetest/coveragetest_sample_app.c" + "${CFE_SAMPLE_APP_SOURCE_DIR}/fsw/src/sample_app.c" +) + +# The sample_app uses library functions provided by sample_lib so must be linked +# with the sample_lib stub library (this is mainly just an example of how this +# can be done). +add_cfe_coverage_dependency(sample_app ALL sample_lib) From c224b436a9cb5837df3e2001478d975ea9af05dc Mon Sep 17 00:00:00 2001 From: Ariel Adams Date: Fri, 5 Mar 2021 09:19:30 -0600 Subject: [PATCH 2/3] Fix #128, Add Testing Tools to the Security Policy --- SECURITY.md | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index a1772e3..63018da 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,12 +4,38 @@ To report a vulnerability for the sample_app subsystem please [submit an issue](https://github.com/nasa/sample_app/issues/new/choose). -For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose) and see our [top-level security policy](https://github.com/nasa/cFS/security/policy). +For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose) and see our [top-level security policy](https://github.com/nasa/cFS/security/policy) for additional information. In either case please use the "Bug Report" template and provide as much information as possible. Apply appropraite labels for each report. For security related reports, tag the issue with the "security" label. +## Testing + +**Disclaimer: nasa/sample_app is not responsible for any liability incurred under the [Apache License 2.0](https://github.com/nasa/sample_app/blob/main/LICENSE).** + +Testing is an important aspect our team values to improve sample_app. + +To view tools used for the cFS bundle, see our [top-level security policy](https://github.com/nasa/cFS/security/policy). + +### CodeQL + +The [sample_app CodeQL GitHub Actions workflow](https://github.com/nasa/sample_app/actions/workflows/codeql-build.yml) is available to the public. To review the results, fork the sample_app repository and run the CodeQL workflow. + +CodeQL is ran for every push and pull-request on all branches of sample_app in GitHub Actions. + +For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-action. + +### Cppcheck + +The [sample_app Cppcheck GitHub Actions workflow and results](https://github.com/nasa/sample_app/actions/workflows/static-analysis.yml) are available to the public. To view the results, select a workflow and download the artifacts. + +Cppcheck is ran for every push on the main branch and every pull request on all branches of sample_app in Github Actions. + +For more information about Cppcheck, visit http://cppcheck.sourceforge.net/. + ## Additional Support -For additional support, email us at cfs-program@lists.nasa.gov. For help using OSAL and cFS, [subscribe to our mailing list](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc. +For additional support, submit a GitHub issue. You can also email the cfs community at cfs-community@lists.nasa.gov. + +You can subscribe to the mailing list [here](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc. -If you wish to report a cybersecurity incident or concern please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov. +If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov. From 0faa72a9b4eff8167865e8bde1f5b5a817b7c4ee Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Fri, 5 Mar 2021 16:46:45 -0500 Subject: [PATCH 3/3] IC-20210305a, Update readme and version --- README.md | 6 ++++++ fsw/src/sample_app_version.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bd13c14..a0b1855 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,12 @@ sample_app is an example for how to build and link an application in cFS. See al ## Version History +### Development Build: 1.2.0-rc1+dev48 + +- Fix #126, simplify build to use wrappers and interface libs +- Fix #128, Add Testing Tools to the Security Policy +- See + ### Development Build: 1.2.0-rc1+dev37 - Documentation: Add `Security.md` with instructions on reporting vulnerabilities diff --git a/fsw/src/sample_app_version.h b/fsw/src/sample_app_version.h index e788960..6643d33 100644 --- a/fsw/src/sample_app_version.h +++ b/fsw/src/sample_app_version.h @@ -32,7 +32,7 @@ /* Development Build Macro Definitions */ -#define SAMPLE_APP_BUILD_NUMBER 37 /*!< Development Build: Number of commits since baseline */ +#define SAMPLE_APP_BUILD_NUMBER 48 /*!< Development Build: Number of commits since baseline */ #define SAMPLE_APP_BUILD_BASELINE \ "v1.2.0-rc1" /*!< Development Build: git tag that is the base for the current development */