CWE mapping of invalidscanf, invalidScanfArgType_s, invalidScanfArgType_int, invalidScanfArgType_float, invalidPrintfArgType_s, invalidPrintfArgType_n, invalidPrintfArgType_p, invalidPrintfArgType_int, invalidPrintfArgType_uint, invalidPrintfArgType_sint, invalidPrintfArgType_float, wrongPrintfScanfParameterPositionError
This commit is contained in:
parent
e495bfb960
commit
9ab4057ddc
|
@ -34,11 +34,13 @@ namespace {
|
||||||
}
|
}
|
||||||
|
|
||||||
// CVE ID used:
|
// CVE ID used:
|
||||||
|
static const CWE CWE119(119U); // Improper Restriction of Operations within the Bounds of a Memory Buffer
|
||||||
static const CWE CWE398(398U); // Indicator of Poor Code Quality
|
static const CWE CWE398(398U); // Indicator of Poor Code Quality
|
||||||
static const CWE CWE664(664U);
|
static const CWE CWE664(664U); // Improper Control of a Resource Through its Lifetime
|
||||||
static const CWE CWE685(685U);
|
static const CWE CWE685(685U); // Function Call With Incorrect Number of Arguments
|
||||||
static const CWE CWE687(687U);
|
static const CWE CWE686(686U); // Function Call With Incorrect Argument Type
|
||||||
static const CWE CWE910(910U);
|
static const CWE CWE687(687U); // Function Call With Incorrectly Specified Argument Value
|
||||||
|
static const CWE CWE910(910U); // Use of Expired File Descriptor
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
// std::cout << std::cout;
|
// std::cout << std::cout;
|
||||||
|
@ -443,8 +445,8 @@ void CheckIO::invalidScanfError(const Token *tok)
|
||||||
"here is 'scanf(\"%4s\", c);', as the maximum field width does not include the "
|
"here is 'scanf(\"%4s\", c);', as the maximum field width does not include the "
|
||||||
"terminating null byte.\n"
|
"terminating null byte.\n"
|
||||||
"Source: http://linux.die.net/man/3/scanf\n"
|
"Source: http://linux.die.net/man/3/scanf\n"
|
||||||
"Source: http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/libkern/stdio/scanf.c"
|
"Source: http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/libkern/stdio/scanf.c",
|
||||||
);
|
CWE119, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -1771,7 +1773,7 @@ void CheckIO::wrongPrintfScanfPosixParameterPositionError(const Token* tok, cons
|
||||||
} else {
|
} else {
|
||||||
errmsg << "referencing parameter " << index << " while " << numFunction << " arguments given";
|
errmsg << "referencing parameter " << index << " while " << numFunction << " arguments given";
|
||||||
}
|
}
|
||||||
reportError(tok, Severity::warning, "wrongPrintfScanfParameterPositionError", errmsg.str());
|
reportError(tok, Severity::warning, "wrongPrintfScanfParameterPositionError", errmsg.str(), CWE685, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckIO::invalidScanfArgTypeError_s(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
void CheckIO::invalidScanfArgTypeError_s(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
||||||
|
@ -1787,7 +1789,7 @@ void CheckIO::invalidScanfArgTypeError_s(const Token* tok, unsigned int numForma
|
||||||
errmsg << " *\' but the argument type is ";
|
errmsg << " *\' but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidScanfArgType_s", errmsg.str());
|
reportError(tok, Severity::warning, "invalidScanfArgType_s", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
void CheckIO::invalidScanfArgTypeError_int(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo, bool isUnsigned)
|
void CheckIO::invalidScanfArgTypeError_int(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo, bool isUnsigned)
|
||||||
{
|
{
|
||||||
|
@ -1831,7 +1833,7 @@ void CheckIO::invalidScanfArgTypeError_int(const Token* tok, unsigned int numFor
|
||||||
errmsg << " *\' but the argument type is ";
|
errmsg << " *\' but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidScanfArgType_int", errmsg.str());
|
reportError(tok, Severity::warning, "invalidScanfArgType_int", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
void CheckIO::invalidScanfArgTypeError_float(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
void CheckIO::invalidScanfArgTypeError_float(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
||||||
{
|
{
|
||||||
|
@ -1848,7 +1850,7 @@ void CheckIO::invalidScanfArgTypeError_float(const Token* tok, unsigned int numF
|
||||||
errmsg << " *\' but the argument type is ";
|
errmsg << " *\' but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidScanfArgType_float", errmsg.str());
|
reportError(tok, Severity::warning, "invalidScanfArgType_float", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckIO::invalidPrintfArgTypeError_s(const Token* tok, unsigned int numFormat, const ArgumentInfo* argInfo)
|
void CheckIO::invalidPrintfArgTypeError_s(const Token* tok, unsigned int numFormat, const ArgumentInfo* argInfo)
|
||||||
|
@ -1859,7 +1861,7 @@ void CheckIO::invalidPrintfArgTypeError_s(const Token* tok, unsigned int numForm
|
||||||
errmsg << "%s in format string (no. " << numFormat << ") requires \'char *\' but the argument type is ";
|
errmsg << "%s in format string (no. " << numFormat << ") requires \'char *\' but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidPrintfArgType_s", errmsg.str());
|
reportError(tok, Severity::warning, "invalidPrintfArgType_s", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
void CheckIO::invalidPrintfArgTypeError_n(const Token* tok, unsigned int numFormat, const ArgumentInfo* argInfo)
|
void CheckIO::invalidPrintfArgTypeError_n(const Token* tok, unsigned int numFormat, const ArgumentInfo* argInfo)
|
||||||
{
|
{
|
||||||
|
@ -1869,7 +1871,7 @@ void CheckIO::invalidPrintfArgTypeError_n(const Token* tok, unsigned int numForm
|
||||||
errmsg << "%n in format string (no. " << numFormat << ") requires \'int *\' but the argument type is ";
|
errmsg << "%n in format string (no. " << numFormat << ") requires \'int *\' but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidPrintfArgType_n", errmsg.str());
|
reportError(tok, Severity::warning, "invalidPrintfArgType_n", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
void CheckIO::invalidPrintfArgTypeError_p(const Token* tok, unsigned int numFormat, const ArgumentInfo* argInfo)
|
void CheckIO::invalidPrintfArgTypeError_p(const Token* tok, unsigned int numFormat, const ArgumentInfo* argInfo)
|
||||||
{
|
{
|
||||||
|
@ -1879,7 +1881,7 @@ void CheckIO::invalidPrintfArgTypeError_p(const Token* tok, unsigned int numForm
|
||||||
errmsg << "%p in format string (no. " << numFormat << ") requires an address but the argument type is ";
|
errmsg << "%p in format string (no. " << numFormat << ") requires an address but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidPrintfArgType_p", errmsg.str());
|
reportError(tok, Severity::warning, "invalidPrintfArgType_p", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
static void printfFormatType(std::ostream& os, const std::string& specifier, bool isUnsigned)
|
static void printfFormatType(std::ostream& os, const std::string& specifier, bool isUnsigned)
|
||||||
{
|
{
|
||||||
|
@ -1936,7 +1938,7 @@ void CheckIO::invalidPrintfArgTypeError_uint(const Token* tok, unsigned int numF
|
||||||
errmsg << " but the argument type is ";
|
errmsg << " but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidPrintfArgType_uint", errmsg.str());
|
reportError(tok, Severity::warning, "invalidPrintfArgType_uint", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckIO::invalidPrintfArgTypeError_sint(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
void CheckIO::invalidPrintfArgTypeError_sint(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
||||||
|
@ -1949,7 +1951,7 @@ void CheckIO::invalidPrintfArgTypeError_sint(const Token* tok, unsigned int numF
|
||||||
errmsg << " but the argument type is ";
|
errmsg << " but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidPrintfArgType_sint", errmsg.str());
|
reportError(tok, Severity::warning, "invalidPrintfArgType_sint", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
void CheckIO::invalidPrintfArgTypeError_float(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
void CheckIO::invalidPrintfArgTypeError_float(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
||||||
{
|
{
|
||||||
|
@ -1962,7 +1964,7 @@ void CheckIO::invalidPrintfArgTypeError_float(const Token* tok, unsigned int num
|
||||||
errmsg << "double\' but the argument type is ";
|
errmsg << "double\' but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidPrintfArgType_float", errmsg.str());
|
reportError(tok, Severity::warning, "invalidPrintfArgType_float", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckIO::argumentType(std::ostream& os, const ArgumentInfo * argInfo)
|
void CheckIO::argumentType(std::ostream& os, const ArgumentInfo * argInfo)
|
||||||
|
|
Loading…
Reference in New Issue