From 1db24ee070ca7f5e2253d9faf60e37a43f7133fd Mon Sep 17 00:00:00 2001 From: Roberto Martelloni Date: Thu, 25 Aug 2016 15:40:23 +0100 Subject: [PATCH] CWE mapping of signedCharArrayIndex, unknownSignCharArrayIndex, suspiciousCase, suspiciousEqualityComparison, duplicateBranch, duplicateExpressionTernary, suspiciousSemicolon, incompleteArrayFill, redundantPointerOp, unusedLabelSwitch, unusedLabel, unknownEvaluationOrder, stlIfFind, useAutoPointerCopy --- lib/checkother.cpp | 30 +++++++++++++++++------------- lib/checkstl.cpp | 6 +++--- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/lib/checkother.cpp b/lib/checkother.cpp index 4930fec6f..edf366299 100644 --- a/lib/checkother.cpp +++ b/lib/checkother.cpp @@ -33,11 +33,14 @@ namespace { CheckOther instance; } +static const struct CWE CWE128(128U); // Wrap-around Error +static const struct CWE CWE131(131U); // Incorrect Calculation of Buffer Size static const struct CWE CWE197(197U); // Numeric Truncation Error static const struct CWE CWE362(362U); // Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') static const struct CWE CWE369(369U); // Divide By Zero static const struct CWE CWE398(398U); // Indicator of Poor Code Quality static const struct CWE CWE475(475U); // Undefined Behavior for Input to API +static const struct CWE CWE482(482U); // Comparing instead of Assigning static const struct CWE CWE561(561U); // Dead Code static const struct CWE CWE563(563U); // Assignment to Variable without Use ('Unused Variable') static const struct CWE CWE570(570U); // Expression is Always False @@ -47,6 +50,7 @@ static const struct CWE CWE687(687U); // Function Call With Incorrectly Specif static const struct CWE CWE688(688U); // Function Call With Incorrect Variable or Reference as Argument static const struct CWE CWE704(704U); // Incorrect Type Conversion or Cast static const struct CWE CWE758(758U); // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior +static const struct CWE CWE768(768U); // Incorrect Short Circuit Evaluation static const struct CWE CWE783(783U); // Operator Precedence Logic Error //---------------------------------------------------------------------------------- @@ -244,7 +248,7 @@ void CheckOther::checkSuspiciousSemicolon() void CheckOther::SuspiciousSemicolonError(const Token* tok) { reportError(tok, Severity::warning, "suspiciousSemicolon", - "Suspicious use of ; at the end of '" + (tok ? tok->str() : std::string()) + "' statement.", CWE(0U), true); + "Suspicious use of ; at the end of '" + (tok ? tok->str() : std::string()) + "' statement.", CWE398, true); } @@ -893,7 +897,7 @@ void CheckOther::suspiciousCaseInSwitchError(const Token* tok, const std::string { reportError(tok, Severity::warning, "suspiciousCase", "Found suspicious case label in switch(). Operator '" + operatorString + "' probably doesn't work as intended.\n" - "Using an operator like '" + operatorString + "' in a case label is suspicious. Did you intend to use a bitwise operator, multiple case labels or if/else instead?", CWE(0U), true); + "Using an operator like '" + operatorString + "' in a case label is suspicious. Did you intend to use a bitwise operator, multiple case labels or if/else instead?", CWE398, true); } //--------------------------------------------------------------------------- @@ -945,7 +949,7 @@ void CheckOther::checkSuspiciousEqualityComparison() void CheckOther::suspiciousEqualityComparisonError(const Token* tok) { reportError(tok, Severity::warning, "suspiciousEqualityComparison", - "Found suspicious equality comparison. Did you intend to assign a value instead?", CWE(0U), true); + "Found suspicious equality comparison. Did you intend to assign a value instead?", CWE482, true); } @@ -1581,7 +1585,7 @@ void CheckOther::signedCharArrayIndexError(const Token *tok) "Signed 'char' type used as array index.\n" "Signed 'char' type used as array index. If the value " "can be greater than 127 there will be a buffer underflow " - "because of sign extension."); + "because of sign extension.", CWE128, false); } void CheckOther::unknownSignCharArrayIndexError(const Token *tok) @@ -1591,7 +1595,7 @@ void CheckOther::unknownSignCharArrayIndexError(const Token *tok) "unknownSignCharArrayIndex", "'char' type used as array index.\n" "'char' type used as array index. Values greater that 127 will be " - "treated depending on whether 'char' is signed or unsigned on target platform."); + "treated depending on whether 'char' is signed or unsigned on target platform.", CWE758, false); } void CheckOther::charBitOpError(const Token *tok) @@ -1856,7 +1860,7 @@ void CheckOther::duplicateBranchError(const Token *tok1, const Token *tok2) reportError(toks, Severity::style, "duplicateBranch", "Found duplicate branches for 'if' and 'else'.\n" "Finding the same code in an 'if' and related 'else' branch is suspicious and " "might indicate a cut and paste or logic error. Please examine this code " - "carefully to determine if it is correct.", CWE(0U), true); + "carefully to determine if it is correct.", CWE398, true); } @@ -2057,7 +2061,7 @@ void CheckOther::duplicateExpressionTernaryError(const Token *tok) { reportError(tok, Severity::style, "duplicateExpressionTernary", "Same expression in both branches of ternary operator.\n" "Finding the same expression in both branches of ternary operator is suspicious as " - "the same code is executed regardless of the condition."); + "the same code is executed regardless of the condition.", CWE398, false); } void CheckOther::selfAssignmentError(const Token *tok, const std::string &varname) @@ -2381,11 +2385,11 @@ void CheckOther::incompleteArrayFillError(const Token* tok, const std::string& b if (boolean) reportError(tok, Severity::portability, "incompleteArrayFill", "Array '" + buffer + "' might be filled incompletely. Did you forget to multiply the size given to '" + function + "()' with 'sizeof(*" + buffer + ")'?\n" - "The array '" + buffer + "' is filled incompletely. The function '" + function + "()' needs the size given in bytes, but the type 'bool' is larger than 1 on some platforms. Did you forget to multiply the size with 'sizeof(*" + buffer + ")'?", CWE(0U), true); + "The array '" + buffer + "' is filled incompletely. The function '" + function + "()' needs the size given in bytes, but the type 'bool' is larger than 1 on some platforms. Did you forget to multiply the size with 'sizeof(*" + buffer + ")'?", CWE131, true); else reportError(tok, Severity::warning, "incompleteArrayFill", "Array '" + buffer + "' is filled incompletely. Did you forget to multiply the size given to '" + function + "()' with 'sizeof(*" + buffer + ")'?\n" - "The array '" + buffer + "' is filled incompletely. The function '" + function + "()' needs the size given in bytes, but an element of the given array is larger than one byte. Did you forget to multiply the size with 'sizeof(*" + buffer + ")'?", CWE(0U), true); + "The array '" + buffer + "' is filled incompletely. The function '" + function + "()' needs the size given in bytes, but an element of the given array is larger than one byte. Did you forget to multiply the size with 'sizeof(*" + buffer + ")'?", CWE131, true); } //--------------------------------------------------------------------------- @@ -2511,7 +2515,7 @@ void CheckOther::checkRedundantPointerOp() void CheckOther::redundantPointerOpError(const Token* tok, const std::string &varname, bool inconclusive) { reportError(tok, Severity::style, "redundantPointerOp", - "Redundant pointer operation on " + varname + " - it's already a pointer.", CWE(0U), inconclusive); + "Redundant pointer operation on " + varname + " - it's already a pointer.", CWE398, inconclusive); } void CheckOther::checkInterlockedDecrement() @@ -2585,11 +2589,11 @@ void CheckOther::unusedLabelError(const Token* tok, bool inSwitch) if (inSwitch) { if (!tok || _settings->isEnabled("warning")) reportError(tok, Severity::warning, "unusedLabelSwitch", - "Label '" + (tok ? tok->str() : emptyString) + "' is not used. Should this be a 'case' of the enclosing switch()?"); + "Label '" + (tok ? tok->str() : emptyString) + "' is not used. Should this be a 'case' of the enclosing switch()?", CWE398, false); } else { if (!tok || _settings->isEnabled("style")) reportError(tok, Severity::style, "unusedLabel", - "Label '" + (tok ? tok->str() : emptyString) + "' is not used."); + "Label '" + (tok ? tok->str() : emptyString) + "' is not used.", CWE398, false); } } @@ -2679,6 +2683,6 @@ void CheckOther::checkEvaluationOrder() void CheckOther::unknownEvaluationOrder(const Token* tok) { reportError(tok, Severity::error, "unknownEvaluationOrder", - "Expression '" + (tok ? tok->expressionString() : std::string("x = x++;")) + "' depends on order of evaluation of side effects"); + "Expression '" + (tok ? tok->expressionString() : std::string("x = x++;")) + "' depends on order of evaluation of side effects", CWE768, false); } diff --git a/lib/checkstl.cpp b/lib/checkstl.cpp index db813a659..8b2f7f69d 100644 --- a/lib/checkstl.cpp +++ b/lib/checkstl.cpp @@ -753,7 +753,7 @@ void CheckStl::if_findError(const Token *tok, bool str) "string. If your intention is to check that there are no findings in the string, " "you should compare with std::string::npos.", CWE597, false); else - reportError(tok, Severity::warning, "stlIfFind", "Suspicious condition. The result of find() is an iterator, but it is not properly checked."); + reportError(tok, Severity::warning, "stlIfFind", "Suspicious condition. The result of find() is an iterator, but it is not properly checked.", CWE398, false); } @@ -1253,8 +1253,8 @@ void CheckStl::autoPointerError(const Token *tok) { reportError(tok, Severity::style, "useAutoPointerCopy", "Copying 'auto_ptr' pointer to another does not create two equal objects since one has lost its ownership of the pointer.\n" - "'std::auto_ptr' has semantics of strict ownership, meaning that the 'auto_ptr' instance is the sole entity responsible for the object's lifetime. If an 'auto_ptr' is copied, the source looses the reference." - ); + "'std::auto_ptr' has semantics of strict ownership, meaning that the 'auto_ptr' instance is the sole entity responsible for the object's lifetime. If an 'auto_ptr' is copied, the source looses the reference.", + CWE398, false); } void CheckStl::autoPointerContainerError(const Token *tok)