Describe the bug
Segfault at:

Likely also an issue with TableName:

To Reproduce
Steps to reproduce the behavior:

1. Create a table input file with a 32 byte description (no null terminator)
2. Run elf2cfetbl

Expected behavior
Error or warn/truncate.

Code snips
See above

System observed on:

• Versions: Master bundle

Additional context
Identified by JSC

Reporter Info
Jacob Hageman - NASA/GSFC

Describe the bug

The format check and static analysis workflows only run on pushes to main or on pull requests so community users will not get the alerts on their forks.

The CodeQL workflow may run on pull requests to branches other than main

To Reproduce
Fork repo, commit new branch: format check and static analysis workflows aren't triggered.

Expected behavior
All workflows run on fork branches, even those without pull requests.

Code snips

System observed on:
GitHub

Additional context
Should also add check-for-duplicates job to workflows after relaing the branch requirement on the push trigger

Reporter Info
Full name and company/organization if applicable

Is your feature request related to a problem? Please describe.

line 934:
while ((i<ArgumentCount) && (Status == SUCCESS))
--
  | Comparison between i of type int16 and ArgumentCount of wider type int.

Describe the solution you'd like
i is an iterator, no need to be fixed size.

Describe alternatives you've considered
None

Additional context
None

Requester Info
Jacob Hageman - NASA/GSFC

Originated by abrown4 (68 on babelfish):

The internal filename/path length for the table files produced do NOT have to depend upon the OSAL. The OSAL OS_MAX_FILE_NAME limit is too restrictive. Need to use the PATH_MAX from linux/limits.h that is appropriate for the host.

JH - Suggest possibly checking size against OSAL and notify user when limit exceeded (but still allow to run as long as it meets PATH_MAX).

Is your feature request related to a problem? Please describe.
Inconstant style

Describe the solution you'd like
See nasa/ci_lab#30 and nasa/ci_lab#28

Describe alternatives you've considered
N/A

Additional context
N/A

Requester Info
Jacob Hageman - NASA/GSFC

Is your feature request related to a problem? Please describe.
Recommended issues from lgtm:

elf2cfetbl.c

line 2101:
sprintf(Result, Map->String, Key);
--
  | The format string argument to sprintf should be constant to prevent security issues and other potential errors.

Requester Info
Anh Van, NASA Goddard

Is your feature request related to a problem? Please describe.
Travis-CI not transitioned to github actions

Describe the solution you'd like
Transition CI

Describe alternatives you've considered
None

Additional context
None

Requester Info
Jacob Hageman - NASA/GSFC

Is your feature request related to a problem? Please describe.

line: 368, 380, 392, 404, 416, 428, 1907, 1922
uint8_t get_e_ident(const union Elf_Ehdr *ElfHeader, int index)
--
  | Parameter ElfHeader hides a global variable with the same name.

Describe the solution you'd like
Deconflict.

Describe alternatives you've considered
None

Additional context
#28

Requester Info
Jacob Hageman - NASA/GSFC

Describe the bug
Make with -std=c99 gives the following error

/home/jhageman/cFS/cFS-GitHub/tools/elf2cfetbl/elf2cfetbl.c:101:18: error: ‘PATH_MAX’ undeclared here (not in a function)
 char SrcFilename[PATH_MAX]={""};

To Reproduce
Steps to reproduce the behavior:

1. add_definitions(-Wall -Wstrict-prototypes -std=c99 -pedantic) to mission_build.cmake prepare function
2. make prep
3. make

Expected behavior
Clean build

Code snips
N/A

System observed on:

• Hardware: cFS Dev server
• OS: Ubuntu 16.04
• Versions: master bundle

Additional context
N/A

Reporter Info
Jacob Hageman - NASA/GSFC

Describe the bug
There are API usage errors with fgetc.

Expected behavior
Check EOF then cast value.

Code snips

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Additional context
Assigning the return value of fgetc to char AByte truncates its value.

Assigning the return value of fgetc to char VerboseStr[i] truncates its value.

Reporter Info
Ariel Adams, ASRC Federal

Describe the bug
Calling function chmod that uses DstFilename after a check function. This can cause a time-of-check, time-of-use race condition

Expected behavior
Use fchmod as seen in OS_FileChmod_Impl.

Code snips

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Reporter Info
Ariel Adams, ASRC Federal

Describe the bug
elf2cfetbl uses strncpy to load the SrcFilename and DstFilename strings, but does not ensure that the strings are null-terminated.

Additional context
This is related to nasa/cFE#730

Reporter Info
[email protected]

Describe the bug
In ELF files all strings are put into string table sections (SHT_STRTAB type).

Many tools dedicate a separate STRTAB section specifically for the section names, with the number of this section indicated in the main ELF header e_shstrndx field.

However there is no requirement to put these strings in a separate table section. Some compilers generate a single STRTAB section containing all strings, section names and symbol names. In this case the ELF header e_shstrndx field points to this unified section.

To Reproduce
Pass an ELF table object file generated from clang compiler to elf2cfetbl - it fails to identify the symbol names correctly, and it therefore fails to find the CFE_TBL_FileDef symbol.

Expected behavior
elf2cfetbl should work with these ELF files and produce an output.

System observed on:
Ubuntu 20.04 (build host)

Additional context
Note that ELF also doesn't say any maximum number of string table sections either. There could be just one (this bug) or there could be more than two.

As best I can tell, the string table used for the .symtab section should always be named .strtab - so this is probably a better way to identify the right section.

Reporter Info
Joseph Hickey, Vantage Systems, Inc.

Describe the bug
LGTM warning: A file may be created here with mode 0666, which would make it world-writable.

To Reproduce
Steps to reproduce the behavior:

1. Build against lgtm

Reporter Info
Anh Van, NASA Goddard

EDIT - removed warnings covered by other issues (split)
EDIT - updated per latest warning

Is your feature request related to a problem? Please describe.
Complex CMakeList.txt header logic shouldn't be needed any more

Describe the solution you'd like
Include the now "external" headers for tables

Describe alternatives you've considered
None

Additional context
Related to nasa/cFE#25

Requester Info
Jacob Hageman - NASA/GSFC

Is your feature request related to a problem? Please describe.
Updates for release:

• Updated README
• removed custom license document
• added standard Apache 2.0
• Updated copyright release version cFE 6.6 -> 6.7

Requester Info
Jacob Hageman - NASA/GSFC

Describe the bug
The return value of fseek is not checked which may cause an unexpected failure.

Expected behavior
Check the return value for fseek in elf2cfetbl.c.

Code snips

Additional context
Identified by Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Possible solution:

                Status = fseek(SrcFileDesc, SeekOffset, SEEK_SET);
                if (Status != 0)
                {
                    printf("Error locating Section Header #%d in file '%s'\n", SectionIndex, SrcFilename);
                    return FAILED;
                }
                else 
                {
                    fseek(SrcFileDesc, SeekOffset, SEEK_SET);
                }

Reporter Info
Ariel Adams, ASRC Federal

Originated by glimes (31 on babelfish):

cppcheck has a very useful warning about invalid pointer casts which is triggered by the a call to byteSwap. We could patch this with a double-cast ... or we could fix it, by having byteSwap take a (void*) pointer parameter. But fixing it is a good idea, so future cppcheck messages about this condition are more useful.

Is your feature request related to a problem? Please describe.
Add a contributing guide for the elf2cfetbl repo.

Describe the solution you'd like
Create a contributing guide markdown file. In the guide, add a link to the cFS contributing guide.

Requester Info
Ariel Adams, ASRC Federal

Is your feature request related to a problem? Please describe.

line: 1382
if (Verbose) printf("Original Source File Modification Time: %s\n", ctime(&SrcFileStats.st_mtime));
--
  | Call to ctime is potentially dangerous

Describe the solution you'd like
LGTM recommends replace with ctime_r

Describe alternatives you've considered
strftime

Additional context
Split from #28

Requester Info
Jacob Hageman - NASA/GSFC

Is your feature request related to a problem? Please describe.
No

Describe the solution you'd like
A guide on how to use elf2cfetbl to create an table file

Describe alternatives you've considered
none

Additional context
none

Requester Info
Anh Van, Nasa Goddard

Is your feature request related to a problem? Please describe.
Users are unaware of how cFS/elf2cfetbl is tested. By providing this information, transparency is provided to the community which promotes trust.

Describe the solution you'd like
The security policy should inform users what tools are being used to test cFS/elf2cfetbl while being cautious of liability issues. To do so, we can state explicitly that our software does not provide liability under the Apache license. The security policy should inform users that they may view the LGTM results. The policy would state that the alerts from LGTM may not be accurate, since they cannot be dismissed.

Add that security report should be emailed.

Additional context
References: https://github.com/thanos-io/thanos/security/policy

Requester Info
Ariel Adams, ASRC Federal

Describe the bug
Building elf2cfetbl under Raspbian (the Debian variant released for the popular Raspberry Pi SBC's by the Raspberry Pi organization) it fails with a long laundry list of printf type mismatch errors.

/home/pi/cFS/tools/elf2cfetbl/elf2cfetbl.c:2211:67: error: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘size_t’ {aka ‘unsigned int’} [-Werror=format=]
             printf("strstr[%d] = %s; strlenSN = %ld; strlenON = %ld\n",i,strstr(SymbolNames[i], TblFileDef.ObjectName),
                                                                 ~~^
                                                                 %d

To Reproduce
Build elf2cfetbl under Raspbian.

Expected behavior
Should be casting types to what printf expects.

Code snips
If applicable, add references to the software.

System observed on:
Raspberry Pi Zero W.

Additional context
Add any other context about the problem here.

Reporter Info
[email protected]

We have some lingering mismatches between printf format string conversions and the parameter data types; all but one of them are in elf2cfetbl so pinning this bug on elf2cfetbl (will fix cmdUtil in passing):

tools/cmdUtil/cmdUtil.c:229:9: warning: format '%d' expects argument of type 'int', but argument 2 has type 'long int' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:710:25: warning: format '%d' expects argument of type 'int', but argument 3 has type 'uint32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:798:25: warning: format '%d' expects argument of type 'int', but argument 3 has type 'uint32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1004:5: warning: format '%X' expects argument of type 'unsigned int', but argument 3 has type 'time_t' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1192:5: warning: format '%x' expects argument of type 'unsigned int', but argument 2 has type 'long unsigned int' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1227:9: warning: format '%d' expects argument of type 'int', but argument 2 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1235:9: warning: format '%d' expects argument of type 'int', but argument 2 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1243:9: warning: format '%d' expects argument of type 'int', but argument 2 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1273:17: warning: format '%d' expects argument of type 'int', but argument 3 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1361:9: warning: format '%x' expects argument of type 'unsigned int', but argument 2 has type 'long unsigned int' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1389:9: warning: format '%d' expects argument of type 'int', but argument 2 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1397:9: warning: format '%d' expects argument of type 'int', but argument 2 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1403:5: warning: format '%d' expects argument of type 'int', but argument 2 has type 'long int' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1430:5: warning: format '%x' expects argument of type 'unsigned int', but argument 2 has type 'long unsigned int' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1596:13: warning: format '%d' expects argument of type 'int', but argument 2 has type 'uint32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1596:13: warning: format '%x' expects argument of type 'unsigned int', but argument 3 has type 'uint32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1619:9: warning: format '%d' expects argument of type 'int', but argument 2 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1647:70: warning: format '%d' expects argument of type 'int', but argument 2 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1647:70: warning: format '%d' expects argument of type 'int', but argument 3 has type 'char *' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1655:9: warning: format '%d' expects argument of type 'int', but argument 2 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1655:9: warning: format '%d' expects argument of type 'int', but argument 3 has type 'int32' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1670:9: warning: format '%d' expects argument of type 'int', but argument 3 has type 'long int' [-Wformat=]
tools/elf2cfetbl/elf2cfetbl.c:1707:28: warning: format '%d' expects argument of type 'int', but argument 4 has type 'uint32' [-Wformat=]
Attachments (0)

See https://babelfish.arc.nasa.gov/trac/cfs_tools/ticket/57

Originated by Thadeus (65 on babelfish):

When the destination filename cannot be found in the table object file, the destination object file is not opened. However, the FreeMemoryAllocations function unconditionally calls fclose on its pointer, which segfaults when it is NULL. Initializing both file pointers to NULL and checking them before calling fclose prevents the segfault.

0001-Prevent-a-segfault-in-elf2cfetbl.txt

Is your feature request related to a problem? Please describe.
CodeQL analysis not implemented in submodules

Describe the solution you'd like
Add so alerts are generated on pull requests to submodules

Describe alternatives you've considered
None

Additional context
CodeQL is run at the bundle (nasa/cFS) level, but link to code in submodules doesn't work.

Requester Info
Jacob Hageman - NASA/GSFC

Describe the bug
Ubuntu has released 20.04 LTS which includes GCC 9.3.0. When using this compiler it implements a much stricter (and often over-zealous) checking of string ops.

For instance:

In file included from /usr/include/string.h:495,
                 from /home/joe/code/cfecfs/github/tools/elf2cfetbl/elf2cfetbl.c:34:
In function ‘strncpy’,
    inlined from ‘ProcessCmdLineOptions’ at /home/joe/code/cfecfs/github/tools/elf2cfetbl/elf2cfetbl.c:945:13:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 32 equals destination size [-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
    inlined from ‘ProcessCmdLineOptions’ at /home/joe/code/cfecfs/github/tools/elf2cfetbl/elf2cfetbl.c:939:13:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 38 equals destination size [-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

To Reproduce
Build code with default config using GCC 9.3.0, with optimization enabled and full warnings.

Expected behavior
Code should build cleanly.

System observed on:
Ubuntu 20.04 LTS 64 bit.

Reporter Info
Joseph Hickey, Vantage Systems, Inc.

Describe the bug
Allows anyone to open and write the file, DstFileDesc.

Expected behavior
Must set user permissions to file.

Code snips

System observed on:
https://lgtm.com/projects/g/nasa/cFS/snapshot/20ff9b0c5aa6653815b9cd2feb4a02180b239737/files/tools/elf2cfetbl/elf2cfetbl.c?sort=name&dir=ASC&mode=heatmap

Additional context
Previously mentioned in ticket #28
References:

• https://lgtm.com/rules/1505913006104/
• https://cwe.mitre.org/data/definitions/732.html
• https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions

Reporter Info
Ariel Adams, ASRC Federal

Is your feature request related to a problem? Please describe.
When needing to change workflows, one must create an issue and PR for each submodule. This feature would reduce duplication.

Describe the solution you'd like
To reuse workflows, the targeted workflow must include workflow_call and inputs as seen below.

on:
  push:
  pull_request:
  workflow_call:
    inputs:
      runs-on: 
        description: Platform to execute on
        type: string
        default: ubuntu-latest

Describe alternatives you've considered
Keep it as is.

Additional context
Tested in OSAL, OSAL cFE CodeQL Reuse Build: https://github.com/ArielSAdamsNASA/osal/runs/4023159610?check_suite_focus=true
Tested in OSAL, OSAL CodeQL Reuse Build: https://github.com/ArielSAdamsNASA/osal/actions/runs/1390702434
cFS CodeQL Reuse: https://github.com/ArielSAdamsNASA/cFS-JSF-Rules/actions/runs/1390561827

Requester Info
Ariel Adams, ASRC Federal

Is your feature request related to a problem? Please describe.
C++ comment style and commented out code violates style guidelines

Describe the solution you'd like
Clean up

Describe alternatives you've considered
None

Requester Info
Alex Campbell GSFC

Is your feature request related to a problem? Please describe.
The cFE build scripts assume that the file name of the output of elf2cfetbl matches the input basename but with a .tbl extension added.

In reality, this tool uses the output name specified in the source file. If this doesn't match, an obscure installation error occurs because the "expected" binary file will be missing.

Describe the solution you'd like
elf2cfetbl should error out if the input name does not match the output name.

Describe alternatives you've considered
Alternatively, the tool could have a new command line option added to directly control the output name and override whatever was in the source file. This would be a more substantial change, however.

Additional context
This can create confusion when the multiple table feature in nasa/cFE#1538 is used. If the source file internal definition doesn't match the expected name the error occurs later at install time, not when elf2cfetbl runs, so it can be confusing.

Requester Info
Joseph Hickey, Vantage Systems, Inc.

Is your feature request related to a problem? Please describe.
Analyzed files not reported:

Describe the solution you'd like
Remove flag

Describe alternatives you've considered
None

Additional context
None

Requester Info
Jacob Hageman - NASA/GSFC

Is your feature request related to a problem? Please describe.
The version history in the Readme file clutters useful information

Describe the solution you'd like
Move the "version history" from Readme.md to CHANGELOG.md and start following this spec: https://keepachangelog.com/en/1.0.0/

Describe alternatives you've considered
Move changelog section in the readme to a section at the very bottom of the file

Additional context
None

Requester Info
Gerardo E. Cruz-Ortiz, NASA-GSFC

Is your feature request related to a problem? Please describe.
Nonstandard guard used

Describe the solution you'd like
Apply standard

Describe alternatives you've considered
None

Additional context
None

Requester Info
Jacob Hageman - NASA/GSFC

Building with CFE_OMIT_DEPRECATED_6_6 fails, needs to be fixed.

Originated by abrown (67 on babelfish):

elf2cfetbl Makefile doesn't include paths in the correct order (classic build)

Using cFE 6.5.0a with the "classic" makefile system: the tools/elf2cfetbl/for_build/Makefile has include paths in the wrong order such that it always picks up config files from the defined source first, rather than what is in your actual mission or local build directory. Ex: you change OS_MAX_FILE_NAME in your flight build and there is a table header mismatch with elf2cfetbl.

Migrate away from using the OSAL boolean typedef, prefer to use the C99 bool type going forward.
Existing refs to this typedef should be fixed.

Is your feature request related to a problem? Please describe.
Need a better way to describe versions during development

Describe the solution you'd like
Add Build name and Build number to version.h
As discussed, we will add a a build name string and a continuously incrementing build number to version.h

Additional context
See notes from CCB: https://github.com/nasa/cFS/wiki/Community-CCB-Agenda:-July-01-2020

Requester Info
Gerardo E. Cruz-Ortiz, NASA-GSFC

The inclusion of the PATH_MAX has introduced a compilation error when compiling on linux systems. While this is a little confusing, the PATH_MAX definition is located in <linux/limits.h> not <limits.h> which is currently included here.

Steps to reproduce the behavior:

1. Pull the latest build of the CFS that uses this tool (as of commit b7dcc71)
2. Attempt to build using the sample cmake

Expected behavior
No compilation errors.

System observed on:

• OS: Ubuntu 18.04.4 LTS
• Versions: cFE 6.7.11, OSAL 5.0.10, PSP 1.4.7 for linux

Describe the bug
Calling stat(DstFilename, &dststat) without checking return value. This library function may fail and return an error code.

Expected behavior
Check the return value of stat

Code snips

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Reporter Info
Ariel Adams, ASRC Federal

Describe the bug
Bad while loop causing out-of-bounds write

Expected behavior
Fix while loop

Code snips

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Additional context
Checking i < 60UL implies that i is 60 on the false branch.

Overrunning array VerboseStr of 60 bytes at byte offset 60 using index i (which evaluates to 60).

Reporter Info
Ariel Adams, ASRC Federal

Is your feature request related to a problem? Please describe.
CodeQL does not use JPL rules, which is used in the upcoming coding standard.

Describe the solution you'd like
Implement JPL rules for CodeQL. Continue using the security queries, but keep them separate from the JPL results. Can use two different workflows, one for the coding standard and one for the security queries.

Describe alternatives you've considered
Might be able to use one workflow, as long as the results can be easily identified as a coding standard issue or security issue.

Additional context
JPL queries are found here: https://github.com/github/codeql/tree/main/cpp/ql/src/JPL_C

Requester Info
Ariel Adams, ASRC Federal

Is your feature request related to a problem? Please describe.
Build with options : -Wall -std=c99 -pedantic -Wstrict-prototypes -Wwrite-strings
two warning appear:

/media/sf_share/cFS/tools/elf2cfetbl/elf2cfetbl.c:134:43: warning: missing braces around initializer [-Wmissing-braces]
union Elf_Shdr SectionHeaderStringTable = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
^
{ }
/media/sf_share/cFS/tools/elf2cfetbl/elf2cfetbl.c: In function ‘OpenSrcFile’:
/media/sf_share/cFS/tools/elf2cfetbl/elf2cfetbl.c:1357:9: warning: variable ‘RtnCode’ set but not used [-Wunused-but-set-variable]
int RtnCode;
^~~~~~~

Describe the solution you'd like
First issues, add second bracket:
union Elf_Shdr SectionHeaderStringTable = {{0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }};

second issue:
Add validation for return code.

Requester Info
Anh Van, NASA Goddard

Describe the bug
Calling chmod(DstFilename, dststat.st_mode & 0xffffffc0U) without checking return value. This library function may fail and return an error code.

Expected behavior
Check the return value of chmod.

Code snips

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Reporter Info
Ariel Adams, ASRC Federal

Is your feature request related to a problem? Please describe.
Found multiple typos throughout the codebase

Describe the solution you'd like
Correct grammar and spelling errors

Describe alternatives you've considered
None

Additional context
Retroactive Issue for #82

Describe the bug
Using tainted expression get_sh_entsize(SectionHeader) as the divisor in get_sh_size(SectionHeader) / get_sh_entsize(SectionHeader).

Expected behavior
Check that get_sh_entsize(SectionHeader) does not equal to 1 so get_sh_entsize(SectionHeader) is not divided by 0.

Code snips

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Additional context
Untrusted divisor (TAINTED_SCALAR)

Reporter Info
Ariel Adams, ASRC Federal

Is your feature request related to a problem? Please describe.
Having two files named Readme is confusing. Making users click over to a second file when they might expect Readme.md to have a thorough description of the tool is inefficient.

Describe the solution you'd like
Absorb Readme.txt into Readme.md

Describe alternatives you've considered
Have full blown documentation folder using doxygen or similar

Additional context
None

Requester Info
Gerardo E. Cruz-Ortiz

Describe the bug
Create a security policy for users on how to report security vulnerabilities.

Expected behavior
The security policy should instruct users on how to report security vulnerabilities and provide them additional contact information for questions and concerns.

Additional context
Additional sections that may be included:

• What to expect security-wise such as what type of testing is done
• Address privacy concerns
• Supported versions
• License
• Known vulnerabilities

References to Public Security Policies:
https://github.com/thanos-io/thanos/security/policy
https://github.com/minhealthnz/nzcovidtracer-app/security/policy
https://github.com/odoo/odoo/security/policy

Reporter Info
Ariel Adams, ASRC Federal