Merge pull request #820 from boos/cwe-mapping-10
CWE mapping of functionConst, functionStatic, initializerList, badBitmaskCheck, knownConditionTrueFalse, invalidTestForOverflow, unhandledExceptionSpecification, coutCerrMisusage, invalidPrintfArgType_int
This commit is contained in:
commit
c0401c2ef5
|
@ -35,11 +35,11 @@ namespace {
|
||||||
CheckClass instance;
|
CheckClass instance;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const CWE CWE398(398U);
|
static const CWE CWE398(398U); // Indicator of Poor Code Quality
|
||||||
static const CWE CWE404(404U);
|
static const CWE CWE404(404U); // Improper Resource Shutdown or Release
|
||||||
static const CWE CWE665(665U);
|
static const CWE CWE665(665U); // Improper Initialization
|
||||||
static const CWE CWE758(758U);
|
static const CWE CWE758(758U); // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
||||||
static const CWE CWE762(762U);
|
static const CWE CWE762(762U); // Mismatched Memory Management Routines
|
||||||
|
|
||||||
static const char * getFunctionTypeName(Function::Type type)
|
static const char * getFunctionTypeName(Function::Type type)
|
||||||
{
|
{
|
||||||
|
@ -2010,7 +2010,7 @@ void CheckClass::checkConstError2(const Token *tok1, const Token *tok2, const st
|
||||||
"function. Making this function 'const' should not cause compiler errors. "
|
"function. Making this function 'const' should not cause compiler errors. "
|
||||||
"Even though the function can be made const function technically it may not make "
|
"Even though the function can be made const function technically it may not make "
|
||||||
"sense conceptually. Think about your design and the task of the function first - is "
|
"sense conceptually. Think about your design and the task of the function first - is "
|
||||||
"it a function that must not change object internal state?", CWE(0U), true);
|
"it a function that must not change object internal state?", CWE398, true);
|
||||||
else
|
else
|
||||||
reportError(toks, Severity::performance, "functionStatic",
|
reportError(toks, Severity::performance, "functionStatic",
|
||||||
"Technically the member function '" + classname + "::" + funcname + "' can be static.\n"
|
"Technically the member function '" + classname + "::" + funcname + "' can be static.\n"
|
||||||
|
@ -2018,7 +2018,7 @@ void CheckClass::checkConstError2(const Token *tok1, const Token *tok2, const st
|
||||||
"function. Making a function static can bring a performance benefit since no 'this' instance is "
|
"function. Making a function static can bring a performance benefit since no 'this' instance is "
|
||||||
"passed to the function. This change should not cause compiler errors but it does not "
|
"passed to the function. This change should not cause compiler errors but it does not "
|
||||||
"necessarily make sense conceptually. Think about your design and the task of the function first - "
|
"necessarily make sense conceptually. Think about your design and the task of the function first - "
|
||||||
"is it a function that must not access members of class instances?", CWE(0U), true);
|
"is it a function that must not access members of class instances?", CWE398, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -2105,7 +2105,7 @@ void CheckClass::initializerListError(const Token *tok1, const Token *tok2, cons
|
||||||
"Members are initialized in the order they are declared, not in the "
|
"Members are initialized in the order they are declared, not in the "
|
||||||
"order they are in the initializer list. Keeping the initializer list "
|
"order they are in the initializer list. Keeping the initializer list "
|
||||||
"in the same order that the members were declared prevents order dependent "
|
"in the same order that the members were declared prevents order dependent "
|
||||||
"initialization errors.", CWE(0U), true);
|
"initialization errors.", CWE398, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -29,9 +29,9 @@
|
||||||
#include <stack>
|
#include <stack>
|
||||||
|
|
||||||
// CWE ids used
|
// CWE ids used
|
||||||
static const struct CWE CWE398(398U);
|
static const struct CWE CWE398(398U); // Indicator of Poor Code Quality
|
||||||
static const struct CWE CWE570(570U);
|
static const struct CWE CWE570(570U); // Expression is Always False
|
||||||
static const struct CWE CWE571(571U);
|
static const struct CWE CWE571(571U); // Expression is Always True
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
@ -272,7 +272,7 @@ void CheckCondition::checkBadBitmaskCheck()
|
||||||
|
|
||||||
void CheckCondition::badBitmaskCheckError(const Token *tok)
|
void CheckCondition::badBitmaskCheckError(const Token *tok)
|
||||||
{
|
{
|
||||||
reportError(tok, Severity::warning, "badBitmaskCheck", "Result of operator '|' is always true if one operand is non-zero. Did you intend to use '&'?");
|
reportError(tok, Severity::warning, "badBitmaskCheck", "Result of operator '|' is always true if one operand is non-zero. Did you intend to use '&'?", CWE571, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckCondition::comparison()
|
void CheckCondition::comparison()
|
||||||
|
@ -1023,7 +1023,8 @@ void CheckCondition::alwaysTrueFalseError(const Token *tok, bool knownResult)
|
||||||
reportError(tok,
|
reportError(tok,
|
||||||
Severity::style,
|
Severity::style,
|
||||||
"knownConditionTrueFalse",
|
"knownConditionTrueFalse",
|
||||||
"Condition '" + expr + "' is always " + (knownResult ? "true" : "false"));
|
"Condition '" + expr + "' is always " + (knownResult ? "true" : "false"),
|
||||||
|
(knownResult ? CWE571 : CWE570), false);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckCondition::checkInvalidTestForOverflow()
|
void CheckCondition::checkInvalidTestForOverflow()
|
||||||
|
@ -1087,5 +1088,5 @@ void CheckCondition::invalidTestForOverflow(const Token* tok, bool result)
|
||||||
"'. Condition is always " +
|
"'. Condition is always " +
|
||||||
std::string(result ? "true" : "false") +
|
std::string(result ? "true" : "false") +
|
||||||
" unless there is overflow, and overflow is UB.";
|
" unless there is overflow, and overflow is UB.";
|
||||||
reportError(tok, Severity::warning, "invalidTestForOverflow", errmsg);
|
reportError(tok, Severity::warning, "invalidTestForOverflow", errmsg, (result ? CWE571 : CWE570), false);
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,7 @@
|
||||||
|
|
||||||
// CWE ID used:
|
// CWE ID used:
|
||||||
static const struct CWE CWE398(398U); // Indicator of Poor Code Quality
|
static const struct CWE CWE398(398U); // Indicator of Poor Code Quality
|
||||||
|
static const struct CWE CWE703(703U); // Improper Check or Handling of Exceptional Conditions
|
||||||
|
|
||||||
|
|
||||||
/// @addtogroup Checks
|
/// @addtogroup Checks
|
||||||
|
@ -124,7 +125,7 @@ private:
|
||||||
reportError(locationList, Severity::style, "unhandledExceptionSpecification",
|
reportError(locationList, Severity::style, "unhandledExceptionSpecification",
|
||||||
"Unhandled exception specification when calling function " + str1 + "().\n"
|
"Unhandled exception specification when calling function " + str1 + "().\n"
|
||||||
"Unhandled exception specification when calling function " + str1 + "(). "
|
"Unhandled exception specification when calling function " + str1 + "(). "
|
||||||
"Either use a try/catch around the function call, or add a exception specification for " + funcname + "() also.", CWE(0U), true);
|
"Either use a try/catch around the function call, or add a exception specification for " + funcname + "() also.", CWE703, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Generate all possible errors (for --errorlist) */
|
/** Generate all possible errors (for --errorlist) */
|
||||||
|
|
|
@ -69,7 +69,7 @@ void CheckIO::checkCoutCerrMisusage()
|
||||||
|
|
||||||
void CheckIO::coutCerrMisusageError(const Token* tok, const std::string& streamName)
|
void CheckIO::coutCerrMisusageError(const Token* tok, const std::string& streamName)
|
||||||
{
|
{
|
||||||
reportError(tok, Severity::error, "coutCerrMisusage", "Invalid usage of output stream: '<< std::" + streamName + "'.");
|
reportError(tok, Severity::error, "coutCerrMisusage", "Invalid usage of output stream: '<< std::" + streamName + "'.", CWE398, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -1923,7 +1923,7 @@ void CheckIO::invalidPrintfArgTypeError_int(const Token* tok, unsigned int numFo
|
||||||
errmsg << " but the argument type is ";
|
errmsg << " but the argument type is ";
|
||||||
argumentType(errmsg, argInfo);
|
argumentType(errmsg, argInfo);
|
||||||
errmsg << ".";
|
errmsg << ".";
|
||||||
reportError(tok, Severity::warning, "invalidPrintfArgType_int", errmsg.str());
|
reportError(tok, Severity::warning, "invalidPrintfArgType_int", errmsg.str(), CWE686, false);
|
||||||
}
|
}
|
||||||
void CheckIO::invalidPrintfArgTypeError_uint(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
void CheckIO::invalidPrintfArgTypeError_uint(const Token* tok, unsigned int numFormat, const std::string& specifier, const ArgumentInfo* argInfo)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue