Merge pull request #819 from boos/cwe-mapping-9
CWE mapping of assignBoolToFloat, strncatUsage, sizeArgumentAsChar, terminateStrncpy, bufferNotZeroTerminated, negativeArraySize, noExplicitConstructor, virtualDestructor
This commit is contained in:
amai2012
GitHub
commit
453b5577cd
|
|
@ -32,6 +32,7 @@ namespace {
|
||||||
static const CWE CWE398(398U); // Indicator of Poor Code Quality
|
static const CWE CWE398(398U); // Indicator of Poor Code Quality
|
||||||
static const CWE CWE571(571U); // Expression is Always True
|
static const CWE CWE571(571U); // Expression is Always True
|
||||||
static const CWE CWE587(587U); // Assignment of a Fixed Address to a Pointer
|
static const CWE CWE587(587U); // Assignment of a Fixed Address to a Pointer
|
||||||
|
static const CWE CWE704(704U); // Incorrect Type Conversion or Cast
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
@ -461,5 +462,5 @@ void CheckBool::checkAssignBoolToFloat()
|
||||||
void CheckBool::assignBoolToFloatError(const Token *tok)
|
void CheckBool::assignBoolToFloatError(const Token *tok)
|
||||||
{
|
{
|
||||||
reportError(tok, Severity::style, "assignBoolToFloat",
|
reportError(tok, Severity::style, "assignBoolToFloat",
|
||||||
"Boolean value assigned to floating point variable.");
|
"Boolean value assigned to floating point variable.", CWE704, false);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -44,10 +44,13 @@ namespace {
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
// CWE ids used:
|
// CWE ids used:
|
||||||
static const CWE CWE131(131U);
|
static const CWE CWE131(131U); // Incorrect Calculation of Buffer Size
|
||||||
static const CWE CWE398(398U);
|
static const CWE CWE170(170U); // Improper Null Termination
|
||||||
static const CWE CWE786(786U);
|
static const CWE CWE398(398U); // Indicator of Poor Code Quality
|
||||||
static const CWE CWE788(788U);
|
static const CWE CWE682(682U); // Incorrect Calculation
|
||||||
|
static const CWE CWE758(758U); // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
||||||
|
static const CWE CWE786(786U); // Access of Memory Location Before Start of Buffer
|
||||||
|
static const CWE CWE788(788U); // Access of Memory Location After End of Buffer
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
@ -174,7 +177,7 @@ void CheckBufferOverrun::strncatUsageError(const Token *tok)
|
||||||
"At most, strncat appends the 3rd parameter's amount of characters and adds a terminating null byte.\n"
|
"At most, strncat appends the 3rd parameter's amount of characters and adds a terminating null byte.\n"
|
||||||
"The safe way to use strncat is to subtract one from the remaining space in the buffer and use it as 3rd parameter."
|
"The safe way to use strncat is to subtract one from the remaining space in the buffer and use it as 3rd parameter."
|
||||||
"Source: http://www.cplusplus.com/reference/cstring/strncat/\n"
|
"Source: http://www.cplusplus.com/reference/cstring/strncat/\n"
|
||||||
"Source: http://www.opensource.apple.com/source/Libc/Libc-167/gen.subproj/i386.subproj/strncat.c");
|
"Source: http://www.opensource.apple.com/source/Libc/Libc-167/gen.subproj/i386.subproj/strncat.c", CWE119, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckBufferOverrun::outOfBoundsError(const Token *tok, const std::string &what, const bool show_size_info, const MathLib::bigint &supplied_size, const MathLib::bigint &actual_size)
|
void CheckBufferOverrun::outOfBoundsError(const Token *tok, const std::string &what, const bool show_size_info, const MathLib::bigint &supplied_size, const MathLib::bigint &actual_size)
|
||||||
|
|
@ -219,7 +222,7 @@ void CheckBufferOverrun::sizeArgumentAsCharError(const Token *tok)
|
||||||
{
|
{
|
||||||
if (_settings && !_settings->isEnabled("warning"))
|
if (_settings && !_settings->isEnabled("warning"))
|
||||||
return;
|
return;
|
||||||
reportError(tok, Severity::warning, "sizeArgumentAsChar", "The size argument is given as a char constant.");
|
reportError(tok, Severity::warning, "sizeArgumentAsChar", "The size argument is given as a char constant.", CWE682, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -229,7 +232,7 @@ void CheckBufferOverrun::terminateStrncpyError(const Token *tok, const std::stri
|
||||||
"The buffer '" + varname + "' may not be null-terminated after the call to strncpy().\n"
|
"The buffer '" + varname + "' may not be null-terminated after the call to strncpy().\n"
|
||||||
"If the source string's size fits or exceeds the given size, strncpy() does not add a "
|
"If the source string's size fits or exceeds the given size, strncpy() does not add a "
|
||||||
"zero at the end of the buffer. This causes bugs later in the code if the code "
|
"zero at the end of the buffer. This causes bugs later in the code if the code "
|
||||||
"assumes buffer is null-terminated.", CWE(0U), true);
|
"assumes buffer is null-terminated.", CWE170, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckBufferOverrun::cmdLineArgsError(const Token *tok)
|
void CheckBufferOverrun::cmdLineArgsError(const Token *tok)
|
||||||
|
|
@ -243,7 +246,7 @@ void CheckBufferOverrun::bufferNotZeroTerminatedError(const Token *tok, const st
|
||||||
"The buffer '" + varname + "' is not null-terminated after the call to " + function + "(). "
|
"The buffer '" + varname + "' is not null-terminated after the call to " + function + "(). "
|
||||||
"This will cause bugs later in the code if the code assumes the buffer is null-terminated.";
|
"This will cause bugs later in the code if the code assumes the buffer is null-terminated.";
|
||||||
|
|
||||||
reportError(tok, Severity::warning, "bufferNotZeroTerminated", errmsg, CWE(0U), true);
|
reportError(tok, Severity::warning, "bufferNotZeroTerminated", errmsg, CWE170, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckBufferOverrun::argumentSizeError(const Token *tok, const std::string &functionName, const std::string &varname)
|
void CheckBufferOverrun::argumentSizeError(const Token *tok, const std::string &functionName, const std::string &varname)
|
||||||
|
|
@ -1084,7 +1087,7 @@ void CheckBufferOverrun::negativeArraySize()
|
||||||
void CheckBufferOverrun::negativeArraySizeError(const Token *tok)
|
void CheckBufferOverrun::negativeArraySizeError(const Token *tok)
|
||||||
{
|
{
|
||||||
reportError(tok, Severity::error, "negativeArraySize",
|
reportError(tok, Severity::error, "negativeArraySize",
|
||||||
"Declaration of array '" + (tok ? tok->str() : std::string()) + "' with negative size is undefined behaviour");
|
"Declaration of array '" + (tok ? tok->str() : std::string()) + "' with negative size is undefined behaviour", CWE758, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
|
@ -802,7 +802,7 @@ void CheckClass::noExplicitConstructorError(const Token *tok, const std::string
|
||||||
{
|
{
|
||||||
const std::string message(std::string(isStruct ? "Struct" : "Class") + " '" + classname + "' has a constructor with 1 argument that is not explicit.");
|
const std::string message(std::string(isStruct ? "Struct" : "Class") + " '" + classname + "' has a constructor with 1 argument that is not explicit.");
|
||||||
const std::string verbose(message + " Such constructors should in general be explicit for type safety reasons. Using the explicit keyword in the constructor means some mistakes when using the class can be avoided.");
|
const std::string verbose(message + " Such constructors should in general be explicit for type safety reasons. Using the explicit keyword in the constructor means some mistakes when using the class can be avoided.");
|
||||||
reportError(tok, Severity::style, "noExplicitConstructor", message + "\n" + verbose);
|
reportError(tok, Severity::style, "noExplicitConstructor", message + "\n" + verbose, CWE398, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckClass::uninitVarError(const Token *tok, const std::string &classname, const std::string &varname, bool inconclusive)
|
void CheckClass::uninitVarError(const Token *tok, const std::string &classname, const std::string &varname, bool inconclusive)
|
||||||
|
|
@ -1642,7 +1642,7 @@ void CheckClass::virtualDestructorError(const Token *tok, const std::string &Bas
|
||||||
"Class '" + Base + "' which is inherited by class '" + Derived + "' does not have a virtual destructor. "
|
"Class '" + Base + "' which is inherited by class '" + Derived + "' does not have a virtual destructor. "
|
||||||
"If you destroy instances of the derived class by deleting a pointer that points to the base class, only "
|
"If you destroy instances of the derived class by deleting a pointer that points to the base class, only "
|
||||||
"the destructor of the base class is executed. Thus, dynamic memory that is managed by the derived class "
|
"the destructor of the base class is executed. Thus, dynamic memory that is managed by the derived class "
|
||||||
"could leak. This can be avoided by adding a virtual destructor to the base class.");
|
"could leak. This can be avoided by adding a virtual destructor to the base class.", CWE404, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue