Merge pull request #792 from boos/cwe-mapping-3
CWE mapping of selfAssignment, wrongmathcall, unpreciseMathCall, memsetZeroBytes, memsetFloat, memsetValueOutOfRange, clarifyCalculation, clarifyStatement
This commit is contained in:
commit
60efae147f
|
@ -32,7 +32,9 @@ namespace {
|
||||||
CheckFunctions instance;
|
CheckFunctions instance;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const CWE CWE628(628U);
|
static const CWE CWE466(447U); // Use of Obsolete Functions
|
||||||
|
static const CWE CWE758(758U); // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
||||||
|
static const CWE CWE628(628U); // Function Call with Incorrectly Specified Arguments
|
||||||
|
|
||||||
void CheckFunctions::checkProhibitedFunctions()
|
void CheckFunctions::checkProhibitedFunctions()
|
||||||
{
|
{
|
||||||
|
@ -259,16 +261,16 @@ void CheckFunctions::mathfunctionCallWarning(const Token *tok, const unsigned in
|
||||||
{
|
{
|
||||||
if (tok) {
|
if (tok) {
|
||||||
if (numParam == 1)
|
if (numParam == 1)
|
||||||
reportError(tok, Severity::warning, "wrongmathcall", "Passing value " + tok->strAt(2) + " to " + tok->str() + "() leads to implementation-defined result.");
|
reportError(tok, Severity::warning, "wrongmathcall", "Passing value " + tok->strAt(2) + " to " + tok->str() + "() leads to implementation-defined result.", CWE758, false);
|
||||||
else if (numParam == 2)
|
else if (numParam == 2)
|
||||||
reportError(tok, Severity::warning, "wrongmathcall", "Passing values " + tok->strAt(2) + " and " + tok->strAt(4) + " to " + tok->str() + "() leads to implementation-defined result.");
|
reportError(tok, Severity::warning, "wrongmathcall", "Passing values " + tok->strAt(2) + " and " + tok->strAt(4) + " to " + tok->str() + "() leads to implementation-defined result.", CWE758, false);
|
||||||
} else
|
} else
|
||||||
reportError(tok, Severity::warning, "wrongmathcall", "Passing value '#' to #() leads to implementation-defined result.");
|
reportError(tok, Severity::warning, "wrongmathcall", "Passing value '#' to #() leads to implementation-defined result.", CWE758, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckFunctions::mathfunctionCallWarning(const Token *tok, const std::string& oldexp, const std::string& newexp)
|
void CheckFunctions::mathfunctionCallWarning(const Token *tok, const std::string& oldexp, const std::string& newexp)
|
||||||
{
|
{
|
||||||
reportError(tok, Severity::style, "unpreciseMathCall", "Expression '" + oldexp + "' can be replaced by '" + newexp + "' to avoid loss of precision.");
|
reportError(tok, Severity::style, "unpreciseMathCall", "Expression '" + oldexp + "' can be replaced by '" + newexp + "' to avoid loss of precision.", CWE758, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckFunctions::checkLibraryMatchFunctions()
|
void CheckFunctions::checkLibraryMatchFunctions()
|
||||||
|
|
|
@ -40,10 +40,12 @@ static const struct CWE CWE484(484U); // Omitted Break Statement in Switch
|
||||||
static const struct CWE CWE563(563U); // Assignment to Variable without Use ('Unused Variable')
|
static const struct CWE CWE563(563U); // Assignment to Variable without Use ('Unused Variable')
|
||||||
static const struct CWE CWE570(570U); // Expression is Always False
|
static const struct CWE CWE570(570U); // Expression is Always False
|
||||||
static const struct CWE CWE571(571U); // Expression is Always True
|
static const struct CWE CWE571(571U); // Expression is Always True
|
||||||
static const struct CWE CWE686(686U);
|
static const struct CWE CWE686(686U); // Function Call With Incorrect Argument Type
|
||||||
|
static const struct CWE CWE687(687U); // Function Call With Incorrectly Specified Argument Value
|
||||||
|
static const struct CWE CWE688(688U); // Function Call With Incorrect Variable or Reference as Argument
|
||||||
static const struct CWE CWE704(704U); // Incorrect Type Conversion or Cast
|
static const struct CWE CWE704(704U); // Incorrect Type Conversion or Cast
|
||||||
|
static const struct CWE CWE758(758U); // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
||||||
static const struct CWE CWE758(758U);
|
static const struct CWE CWE783(783U); // Operator Precedence Logic Error
|
||||||
|
|
||||||
//----------------------------------------------------------------------------------
|
//----------------------------------------------------------------------------------
|
||||||
// The return value of fgetc(), getc(), ungetc(), getchar() etc. is an integer value.
|
// The return value of fgetc(), getc(), ungetc(), getchar() etc. is an integer value.
|
||||||
|
@ -174,7 +176,7 @@ void CheckOther::clarifyCalculationError(const Token *tok, const std::string &op
|
||||||
"clarifyCalculation",
|
"clarifyCalculation",
|
||||||
"Clarify calculation precedence for '" + op + "' and '?'.\n"
|
"Clarify calculation precedence for '" + op + "' and '?'.\n"
|
||||||
"Suspicious calculation. Please use parentheses to clarify the code. "
|
"Suspicious calculation. Please use parentheses to clarify the code. "
|
||||||
"The code '" + calc + "' should be written as either '" + s1 + "' or '" + s2 + "'.");
|
"The code '" + calc + "' should be written as either '" + s1 + "' or '" + s2 + "'.", CWE783, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -210,7 +212,7 @@ void CheckOther::clarifyStatementError(const Token *tok)
|
||||||
{
|
{
|
||||||
reportError(tok, Severity::warning, "clarifyStatement", "Ineffective statement similar to '*A++;'. Did you intend to write '(*A)++;'?\n"
|
reportError(tok, Severity::warning, "clarifyStatement", "Ineffective statement similar to '*A++;'. Did you intend to write '(*A)++;'?\n"
|
||||||
"A statement like '*A++;' might not do what you intended. Postfix 'operator++' is executed before 'operator*'. "
|
"A statement like '*A++;' might not do what you intended. Postfix 'operator++' is executed before 'operator*'. "
|
||||||
"Thus, the dereference is meaningless. Did you intend to write '(*A)++;'?");
|
"Thus, the dereference is meaningless. Did you intend to write '(*A)++;'?", CWE783, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -1087,7 +1089,7 @@ void CheckOther::memsetZeroBytesError(const Token *tok)
|
||||||
const std::string verbose(summary + " The second and third arguments might be inverted."
|
const std::string verbose(summary + " The second and third arguments might be inverted."
|
||||||
" The function memset ( void * ptr, int value, size_t num ) sets the"
|
" The function memset ( void * ptr, int value, size_t num ) sets the"
|
||||||
" first num bytes of the block of memory pointed by ptr to the specified value.");
|
" first num bytes of the block of memory pointed by ptr to the specified value.");
|
||||||
reportError(tok, Severity::warning, "memsetZeroBytes", summary + "\n" + verbose);
|
reportError(tok, Severity::warning, "memsetZeroBytes", summary + "\n" + verbose, CWE687, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckOther::checkMemsetInvalid2ndParam()
|
void CheckOther::checkMemsetInvalid2ndParam()
|
||||||
|
@ -1137,14 +1139,14 @@ void CheckOther::memsetFloatError(const Token *tok, const std::string &var_value
|
||||||
"' is a float, its representation is implementation defined.");
|
"' is a float, its representation is implementation defined.");
|
||||||
const std::string verbose(message + " memset() is used to set each byte of a block of memory to a specific value and"
|
const std::string verbose(message + " memset() is used to set each byte of a block of memory to a specific value and"
|
||||||
" the actual representation of a floating-point value is implementation defined.");
|
" the actual representation of a floating-point value is implementation defined.");
|
||||||
reportError(tok, Severity::portability, "memsetFloat", message + "\n" + verbose);
|
reportError(tok, Severity::portability, "memsetFloat", message + "\n" + verbose, CWE688, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckOther::memsetValueOutOfRangeError(const Token *tok, const std::string &value)
|
void CheckOther::memsetValueOutOfRangeError(const Token *tok, const std::string &value)
|
||||||
{
|
{
|
||||||
const std::string message("The 2nd memset() argument '" + value + "' doesn't fit into an 'unsigned char'.");
|
const std::string message("The 2nd memset() argument '" + value + "' doesn't fit into an 'unsigned char'.");
|
||||||
const std::string verbose(message + " The 2nd parameter is passed as an 'int', but the function fills the block of memory using the 'unsigned char' conversion of this value.");
|
const std::string verbose(message + " The 2nd parameter is passed as an 'int', but the function fills the block of memory using the 'unsigned char' conversion of this value.");
|
||||||
reportError(tok, Severity::warning, "memsetValueOutOfRange", message + "\n" + verbose);
|
reportError(tok, Severity::warning, "memsetValueOutOfRange", message + "\n" + verbose, CWE686, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -1963,7 +1965,7 @@ void CheckOther::duplicateExpressionTernaryError(const Token *tok)
|
||||||
void CheckOther::selfAssignmentError(const Token *tok, const std::string &varname)
|
void CheckOther::selfAssignmentError(const Token *tok, const std::string &varname)
|
||||||
{
|
{
|
||||||
reportError(tok, Severity::warning,
|
reportError(tok, Severity::warning,
|
||||||
"selfAssignment", "Redundant assignment of '" + varname + "' to itself.");
|
"selfAssignment", "Redundant assignment of '" + varname + "' to itself.", CWE398, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//-----------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue