walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

CWE mapping of incorrectStringCompare, literalWithCharPtrCompare, charLiteralWithCharPtrCompare, incorrectStringBooleanError, staticStringCompare, stringCompare, signConversion, unusedFunction, unusedVariable

This commit is contained in:
Roberto Martelloni 2016-07-15 14:49:21 +01:00
parent e495bfb960
commit 25525e38a7
4 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/checkstring.cpp
View File

@ -29,8 +29,11 @@ namespace {
} }
// CWE ids used: // CWE ids used:
static const struct CWE CWE628(628U); static const struct CWE CWE570(570U); // Expression is Always False
static const struct CWE CWE665(665U); static const struct CWE CWE571(571U); // Expression is Always True
static const struct CWE CWE595(595U); // Comparison of Object References Instead of Object Contents
static const struct CWE CWE628(628U); // Function Call with Incorrectly Specified Arguments
static const struct CWE CWE665(665U); // Improper Initialization
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
@ -130,7 +133,7 @@ void CheckString::alwaysTrueFalseStringCompareError(const Token *tok, const std:
reportError(tok, Severity::warning, "staticStringCompare", reportError(tok, Severity::warning, "staticStringCompare",
"Unnecessary comparison of static strings.\n" "Unnecessary comparison of static strings.\n"
"The compared strings, '" + string1 + "' and '" + string2 + "', are always " + (str1==str2?"identical":"unequal") + ". " "The compared strings, '" + string1 + "' and '" + string2 + "', are always " + (str1==str2?"identical":"unequal") + ". "
"Therefore the comparison is unnecessary and looks suspicious."); "Therefore the comparison is unnecessary and looks suspicious.", (str1==str2)?CWE571:CWE570, false);
} }
void CheckString::alwaysTrueStringVariableCompareError(const Token *tok, const std::string& str1, const std::string& str2) void CheckString::alwaysTrueStringVariableCompareError(const Token *tok, const std::string& str1, const std::string& str2)
@ -138,7 +141,7 @@ void CheckString::alwaysTrueStringVariableCompareError(const Token *tok, const s
reportError(tok, Severity::warning, "stringCompare", reportError(tok, Severity::warning, "stringCompare",
"Comparison of identical string variables.\n" "Comparison of identical string variables.\n"
"The compared strings, '" + str1 + "' and '" + str2 + "', are identical. " "The compared strings, '" + str1 + "' and '" + str2 + "', are identical. "
"This could be a logic bug."); "This could be a logic bug.", CWE571, false);
} }
@ -210,13 +213,13 @@ void CheckString::checkSuspiciousStringCompare()
void CheckString::suspiciousStringCompareError(const Token* tok, const std::string& var) void CheckString::suspiciousStringCompareError(const Token* tok, const std::string& var)
{ {
reportError(tok, Severity::warning, "literalWithCharPtrCompare", reportError(tok, Severity::warning, "literalWithCharPtrCompare",
"String literal compared with variable '" + var + "'. Did you intend to use strcmp() instead?"); "String literal compared with variable '" + var + "'. Did you intend to use strcmp() instead?", CWE595, false);
} }
void CheckString::suspiciousStringCompareError_char(const Token* tok, const std::string& var) void CheckString::suspiciousStringCompareError_char(const Token* tok, const std::string& var)
{ {
reportError(tok, Severity::warning, "charLiteralWithCharPtrCompare", reportError(tok, Severity::warning, "charLiteralWithCharPtrCompare",
"Char literal compared with pointer '" + var + "'. Did you intend to dereference it?"); "Char literal compared with pointer '" + var + "'. Did you intend to dereference it?", CWE595, false);
} }
@ -306,12 +309,12 @@ void CheckString::checkIncorrectStringCompare()
void CheckString::incorrectStringCompareError(const Token *tok, const std::string& func, const std::string &string) void CheckString::incorrectStringCompareError(const Token *tok, const std::string& func, const std::string &string)
{ {
reportError(tok, Severity::warning, "incorrectStringCompare", "String literal " + string + " doesn't match length argument for " + func + "()."); reportError(tok, Severity::warning, "incorrectStringCompare", "String literal " + string + " doesn't match length argument for " + func + "().", CWE570, false);
} }
void CheckString::incorrectStringBooleanError(const Token *tok, const std::string& string) void CheckString::incorrectStringBooleanError(const Token *tok, const std::string& string)
{ {
reportError(tok, Severity::warning, "incorrectStringBooleanError", "Conversion of string literal " + string + " to bool always evaluates to true."); reportError(tok, Severity::warning, "incorrectStringBooleanError", "Conversion of string literal " + string + " to bool always evaluates to true.", CWE571, false);
} }
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------

7
lib/checktype.cpp
View File

@ -36,8 +36,9 @@ namespace {
// //
// CWE ids used: // CWE ids used:
static const struct CWE CWE758(758U); static const struct CWE CWE195(195U); // Signed to Unsigned Conversion Error
static const struct CWE CWE190(190U); static const struct CWE CWE758(758U); // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
static const struct CWE CWE190(190U); // Integer Overflow or Wraparound
void CheckType::checkTooBigBitwiseShift() void CheckType::checkTooBigBitwiseShift()
@ -207,7 +208,7 @@ void CheckType::signConversionError(const Token *tok, const bool constvalue)
"signConversion", "signConversion",
(constvalue) ? (constvalue) ?
"Suspicious code: sign conversion of " + varname + " in calculation because '" + varname + "' has a negative value" : "Suspicious code: sign conversion of " + varname + " in calculation because '" + varname + "' has a negative value" :
"Suspicious code: sign conversion of " + varname + " in calculation, even though " + varname + " can have a negative value"); "Suspicious code: sign conversion of " + varname + " in calculation, even though " + varname + " can have a negative value", CWE195, false);
} }

4
lib/checkunusedfunctions.cpp
View File

@ -30,6 +30,8 @@
// Register this check class // Register this check class
CheckUnusedFunctions CheckUnusedFunctions::instance; CheckUnusedFunctions CheckUnusedFunctions::instance;
static const struct CWE CWE561(561U); // Dead Code
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// FUNCTION USAGE - Check for unused functions etc // FUNCTION USAGE - Check for unused functions etc
@ -250,7 +252,7 @@ void CheckUnusedFunctions::unusedFunctionError(ErrorLogger * const errorLogger,
locationList.push_back(fileLoc); locationList.push_back(fileLoc);
} }
const ErrorLogger::ErrorMessage errmsg(locationList, Severity::style, "The function '" + funcname + "' is never used.", "unusedFunction", false); const ErrorLogger::ErrorMessage errmsg(locationList, Severity::style, "The function '" + funcname + "' is never used.", "unusedFunction", CWE561, false);
if (errorLogger) if (errorLogger)
errorLogger->reportErr(errmsg); errorLogger->reportErr(errmsg);
else else

5
lib/checkunusedvar.cpp
View File

@ -29,6 +29,9 @@ namespace {
CheckUnusedVar instance; CheckUnusedVar instance;
} }
static const struct CWE CWE563(563U); // Assignment to Variable without Use ('Unused Variable')
/** /**
* @brief This class is used create a list of variables within a function. * @brief This class is used create a list of variables within a function.
*/ */
@ -1192,7 +1195,7 @@ void CheckUnusedVar::checkFunctionVariableUsage()
void CheckUnusedVar::unusedVariableError(const Token *tok, const std::string &varname) void CheckUnusedVar::unusedVariableError(const Token *tok, const std::string &varname)
{ {
reportError(tok, Severity::style, "unusedVariable", "Unused variable: " + varname); reportError(tok, Severity::style, "unusedVariable", "Unused variable: " + varname, CWE563, false);
} }
void CheckUnusedVar::allocatedButUnusedVariableError(const Token *tok, const std::string &varname) void CheckUnusedVar::allocatedButUnusedVariableError(const Token *tok, const std::string &varname)