if (!strncasecmp(arg, "file://", strlen("file://"))) throws an issue #21

[vtorri]

https://app.codacy.com/gh/vtorri/entice/issues?categoryType=Security

FCodacy findd potential security problems in strlen calls :

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126)

code :

if (!strncasecmp(arg, "file://", strlen("file://")))

but strlen("file://") is always 7 as we pass a static string which is always correctly 0-terminated

[dwvisser]

I could probably work up a pull request, at least for the simplest case of a single double-quoted string argument. I will need to understand the unit tests, so I can add a proper unit test for the exception as well.

[david-a-wheeler]

@dwvisser - that would be awesome!