[MIR] net-cpp
Bug #1340399 reported by
Thomas Voß
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
net-cpp |
Fix Released
|
Undecided
|
Unassigned | ||
net-cpp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
net-cpp is a very convenient and easy to use wrapper around curl, that allows C++11 libraries and programs to use RESTful APIs easily. In addition it is agnostic of any sort of object framework and only relies on the stl.
I carefully checked the MIR requirements in preparation for filing this bug.
Changed in net-cpp (Ubuntu): | |
assignee: | nobody → Seth Arnold (seth-arnold) |
To post a comment you must log in.
I reviewed net-cpp 0.0.1+14. 10.20140611- 0ubuntu1 as checked into utopic.
net-cpp is a library interface to provide a REST-ful wrapper around
libcurl for C++ progams.
Compiling net-cpp required libjsoncpp-dev from universe.
- Build deps: cmake, debhelper (>= 9), doxygen, google-mock, graphviz, serialization- dev, libboost- system- dev, libcurl3, openssl- dev, libjsoncpp-dev, libprocess-cpp-dev, pkg-config, flask-script, python-simplejson,
libboost-dev, libboost-
libcurl4-
python-decorator, python-flask, python-
- Embedded httpbin tarball
- Provides a library interface to curl
- No daemons
- No listening sockets
- Does not itself run as a system user
- No post,pre inst,rm
- No initscripts
- No dbus services
- No setuid
- No binaries
- No sudo fragments
- No udev rules
- Some tests are included and run during the build
- No cron jobs
- Fairly noisy logs mostly due to documentation generation
- No subprocesses spawned
- Memory manage looked sane
- Doesn't itself do file operations
- Logging functions looked sane
- No environment variables used
- No privileged functions used
- Does not itself use cryptography
- Properly requests curl hostname and certificate validation
- Does not itself do networking operations
- No portions of code are privileged
- No temporary files
- No webkit
- No javascript
- Clean cppcheck
- No polkit
Net-cpp is high-quality professional code. I only spotted one potential
problem, the occasional multiplication of size and nmemb variables, that
might lead to integer overflow issues. This feels unlikely to be a real
security threat but it would be nice to use an API that doesn't rely upon
the unchecked multiplication of these variables:
context. body.write( data, size * nmemb);
const char* end = begin + size*nmemb;
Security team ACK for promotion to main.
Thanks