MISRA Compliance Updates

MISRA.md

@@ -1,23 +1,23 @@
 # MISRA Compliance
 
-The AWS SigV4 Library files conform to the
-[MISRA C:2012](https://www.misra.org.uk)
+The AWS SigV4 Library files conform to the [MISRA C:2012](https://www.misra.org.uk)
 guidelines, with some noted exceptions. Compliance is checked with Coverity static analysis.
-Deviations from the MISRA standard are listed below:
+The specific deviations, suppressed inline, are listed below.
 
-### Ignored by [Coverity Configuration](tools/coverity/misra.config)
-| Deviation | Category | Justification |
-| :-: | :-: | :-: |
-| Directive 4.9 | Advisory | Allow inclusion of function like macros. Asserts and logging macros use function like macros. |
-| Rule 2.4 | Advisory | Allow unused tags. Some compilers warn if types are not tagged. |
-| Rule 2.5 | Advisory | Allow unused macros. |
-| Rule 3.1 | Required | Allow nested comments. C++ style `//` comments are used in example code within Doxygen documentation blocks. |
-| Rule 11.5 | Advisory | Allow casts from `void *`. Functions with `void *` parameters are used while sorting. |
-
-### Flagged by Coverity
-| Deviation | Category | Justification |
-| :-: | :-: | :-: |
-| Rule 8.7 | Advisory | API functions are not used by the library outside of the files they are defined; however, they must be externally visible in order to be used by an application. |
+Additionally, [MISRA configuration file](https://github.com/aws/SigV4-for-AWS-IoT-embedded-sdk/blob/main/tools/coverity/misra.config) contains the project wide deviations.
 
 ### Suppressed with Coverity Comments
-*None.*
+To find the deviation references in the source files run grep on the source code
+with ( Assuming rule 5.4 violation; with justification in point 1 ):
+```
+grep 'MISRA Ref 5.4.1' . -rI
+```
+
+#### Rule 5.4
+_Ref 5.4.1_
+
+- MISRA Rule 5.4 flags the following macro's name as ambiguous from the
+        one postfixed with _LENGTH. The macro highlighted by the deviation is already
+        in use and changing the name will break existing user projects. Thus, for
+        backwards compatibility, the macro is not modified and kept as is and the
+        deviation is suppressed.

lexicon.txt

@@ -29,6 +29,7 @@ const
 constness
 copydoc
 copyheaderstringtocanonicalbuffer
+coverity
 credentialscope
 crypto
 cryptointerface

source/include/sigv4.h

@@ -55,12 +55,15 @@
 /** @addtogroup sigv4_constants
  *  @{
  */
-#define SIGV4_AWS4_HMAC_SHA256                           "AWS4-HMAC-SHA256"                                         /**< AWS identifier for SHA256 signing algorithm. */
-#define SIGV4_AWS4_HMAC_SHA256_LENGTH                    ( sizeof( SIGV4_AWS4_HMAC_SHA256 ) - 1U )                  /**< Length of AWS identifier for SHA256 signing algorithm. */
-#define SIGV4_HTTP_X_AMZ_DATE_HEADER                     "x-amz-date"                                               /**< AWS identifier for HTTP date header. */
-#define SIGV4_HTTP_X_AMZ_SECURITY_TOKEN_HEADER           "x-amz-security-token"                                     /**< AWS identifier for security token. */
-
-#define SIGV4_STREAMING_AWS4_HMAC_SHA256_PAYLOAD         "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"                       /**< S3 identifier for chunked payloads. */
+#define SIGV4_AWS4_HMAC_SHA256                      "AWS4-HMAC-SHA256"                                              /**< AWS identifier for SHA256 signing algorithm. */
+#define SIGV4_AWS4_HMAC_SHA256_LENGTH               ( sizeof( SIGV4_AWS4_HMAC_SHA256 ) - 1U )                       /**< Length of AWS identifier for SHA256 signing algorithm. */
+#define SIGV4_HTTP_X_AMZ_DATE_HEADER                "x-amz-date"                                                    /**< AWS identifier for HTTP date header. */
+#define SIGV4_HTTP_X_AMZ_SECURITY_TOKEN_HEADER      "x-amz-security-token"                                          /**< AWS identifier for security token. */
+
+#define SIGV4_STREAMING_AWS4_HMAC_SHA256_PAYLOAD    "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"                            /**< S3 identifier for chunked payloads. */
+/* MISRA Ref 5.4.1 [Macro identifiers] */
+/* More details at: https://github.com/aws/SigV4-for-AWS-IoT-embedded-sdk/blob/main/MISRA.md#rule-54 */
+/* coverity[other_declaration] */
 #define SIGV4_HTTP_X_AMZ_CONTENT_SHA256_HEADER           "x-amz-content-sha256"                                     /**< S3 identifier for streaming requests. */
 #define SIGV4_HTTP_X_AMZ_CONTENT_SHA256_HEADER_LENGTH    ( sizeof( SIGV4_HTTP_X_AMZ_CONTENT_SHA256_HEADER ) - 1U )  /**< Length of S3 identifier for streaming requests. */
 #define SIGV4_HTTP_X_AMZ_STORAGE_CLASS_HEADER            "x-amz-storage-class"                                      /**< S3 identifier for reduced streaming redundancy. */

source/sigv4.c

@@ -196,13 +196,13 @@ static SigV4Status_t appendCanonicalizedHeaders( size_t headerCount,
  *
  * @param[in] headerIndex Index of request Header in the list of parsed headers.
  * @param[in] pAmzSHA256Header Literal for x-amz-content-sha256 header in HTTP request.
- * @param[in] amzSHA256Header Length of @p pAmzSHA256Header.
+ * @param[in] amzSHA256HeaderLen Length of @p pAmzSHA256Header.
  * @param[in,out] pCanonicalRequest Struct to maintain intermediary buffer
  * and state of canonicalization.
  */
 static void storeHashedPayloadLocation( size_t headerIndex,
                                         const char * pAmzSHA256Header,
-                                        size_t amzSHA256Header,
+                                        size_t amzSHA256HeaderLen,
                                         CanonicalContext_t * pCanonicalRequest );
 
 /**
@@ -1508,9 +1508,12 @@ static void generateCredentialScope( const SigV4Parameters_t * pSigV4Params,
     {
         char outputChar;
 
+        /* Get the offset from a capital to lowercase character */
+        int8_t offset = 'a' - 'A';
+
         if( ( inputChar >= 'A' ) && ( inputChar <= 'Z' ) )
         {
-            outputChar = 'a' + inputChar - 'A';
+            outputChar = inputChar + offset;
         }
         else
         {
@@ -1574,7 +1577,7 @@ static void generateCredentialScope( const SigV4Parameters_t * pSigV4Params,
         }
 
         /* Check that data to be copied does not contain all spaces only. */
-        if( ( status == SigV4Success ) && ( numOfBytesCopied == 0 ) )
+        if( ( status == SigV4Success ) && ( numOfBytesCopied == 0U ) )
         {
             status = SigV4InvalidParameter;
         }

test/CMakeLists.txt

@@ -44,6 +44,9 @@ target_include_directories( coverity_analysis
                             ${SIGV4_INCLUDE_PUBLIC_DIRS}
                             "${CMAKE_CURRENT_LIST_DIR}/include" )
 
+# Build without debug enabled when performing static analysis
+target_compile_options(coverity_analysis PUBLIC -DNDEBUG -DDISABLE_LOGGING)
+
 #  ============================  Test Configuration ============================
 if(${BUILD_UNIT_TESTS})
     # Define a CMock resource path.

test/include/sigv4_config.h

@@ -30,12 +30,30 @@
 
 #include <stdio.h>
 
-#define LogError( message )    printf( "Error: " ); printf message; printf( "\n" )
+#ifdef DISABLE_LOGGING
+    #ifndef LogError
+        #define LogError( message )
+    #endif
+    #ifndef LogWarn
+        #define LogWarn( message )
+    #endif
 
-#define LogWarn( message )     printf( "Warn: " ); printf message; printf( "\n" )
+    #ifndef LogInfo
+        #define LogInfo( message )
+    #endif
 
-#define LogInfo( message )     printf( "Info: " ); printf message; printf( "\n" )
+    #ifndef LogDebug
+        #define LogDebug( message )
+    #endif
 
-#define LogDebug( message )    printf( "Debug: " ); printf message; printf( "\n" )
+#else /* ! DISABLE_LOGGING */
+    #define LogError( message )    printf( "Error: " ); printf message; printf( "\n" )
+
+    #define LogWarn( message )     printf( "Warn: " ); printf message; printf( "\n" )
+
+    #define LogInfo( message )     printf( "Info: " ); printf message; printf( "\n" )
+
+    #define LogDebug( message )    printf( "Debug: " ); printf message; printf( "\n" )
+#endif /* DISABLE_LOGGING */
 
 #endif /* SIGV4_CONFIG_H_ */

tools/coverity/misra.config

@@ -21,9 +21,13 @@
             deviation: "Rule 3.1",
             reason: "Allow nested comments. C++ style `//` comments are used in example code within Doxygen documentation blocks."
         },
+        {
+            deviation: "Rule 8.7",
+            reason: "API functions are not used by the library outside of the files they are defined in; however, they must be externally visible in order to be used by an application."
+        },
         {
             deviation: "Rule 11.5",
             reason: "Allow casts from void *. Functions with void * parameters are used while sorting."
-        }
+        },
     ]
 }