Commit Graph

186 Commits

Author SHA1 Message Date
amai2012 ece478979b Merge pull request #821 from boos/cwe-mapping-11
CWE mapping of invalidLengthModifierError, leakUnsafeArgAlloc, nullPointerDefaultArg, nullPointerRedundantCheck, raceAfterInterlockedDecrement.
2016-08-24 20:44:06 +02:00
Roberto Martelloni 01ee9ee5e6 CWE mapping of invalidLengthModifierError, leakUnsafeArgAlloc, nullPointerDefaultArg, nullPointerRedundantCheck, raceAfterInterlockedDecrement. 2016-08-24 15:37:14 +01:00
Robert Reif 6043a27065 Fixed #7710 (%h and %hh printf type size specifiers not supported) 2016-08-24 12:47:11 +02:00
Roberto Martelloni 4c6f4f6708 CWE mapping of functionConst, functionStatic, initializerList, badBitmaskCheck, knownConditionTrueFalse, invalidTestForOverflow, unhandledExceptionSpecification, coutCerrMisusage,
invalidPrintfArgType_int
2016-08-23 16:48:36 +01:00
Daniel Marjamäki 789aef7fde Fixed #4920 (Microsoft ATL/MFC CString::Format argument checking) 2016-08-19 17:36:27 +02:00
Daniel Marjamäki f2e49b4db4 Fixed #7178 (Defect: False positive due to mistake in return type of function pointer.) 2016-08-14 17:19:14 +02:00
PKEuS da34883770 Improved message invalidscanf: Removed misleading example from verbose message 2016-08-01 18:42:27 +02:00
Daniel Marjamäki 1c51fbce7a astyle formatting
[ci skip]
2016-08-01 13:01:01 +02:00
Daniel Marjamäki 8d89eefff9 Merge pull request #815 from boos/cwe-mapping-8
CWE mapping of invalidscanf, invalidScanfArgType_s, invalidScanfArgType_int, invalidScanfArgType_float, invalidPrintfArgType_s, invalidPrintfArgType_n, invalidPrintfArgType_p, invalidPrintfArgType_int, invalidPrintfArgType_uint, invalidPrintfArgType_sint, invalidPrintfArgType_float, wrongPrintfScanfParameterPositionError
2016-07-31 14:14:48 +02:00
Roberto Martelloni 9ab4057ddc CWE mapping of invalidscanf, invalidScanfArgType_s, invalidScanfArgType_int, invalidScanfArgType_float, invalidPrintfArgType_s, invalidPrintfArgType_n, invalidPrintfArgType_p, invalidPrintfArgType_int, invalidPrintfArgType_uint, invalidPrintfArgType_sint, invalidPrintfArgType_float, wrongPrintfScanfParameterPositionError 2016-07-31 10:49:36 +01:00
Robert Reif 768c26805c Fixed false positive: %Ld in format string (no. 1) requires 'long long' but the argument type is 'long long' (#7601). 2016-07-16 10:33:46 +02:00
Simon Martin 12a298b9cd Ticket #7445: Properly represent integer types smaller than int in CheckIO::ArgumentInfo. 2016-05-28 15:36:13 +02:00
PKEuS 373ac52480 Mention exact function name in invalidscanf message (#5649) 2016-05-26 21:11:33 +02:00
PKEuS 851c6e0ed5 Improved buffer overflow checking for scanf: %c with a width (#3494) 2016-05-22 14:00:26 +02:00
Daniel Marjamäki dc2a92263a Fixed #7426 (RFC: time to replace simplifyEnum?) 2016-04-22 06:02:54 +02:00
Daniel Marjamäki 00a584d8d1 astyle formatting 2016-04-22 06:01:34 +02:00
Roberto Martelloni e89cd1b8a4 CWE mapping of unsafeClassCanLeak, zerodivcond, invalidPointerCast, redundantCopy, redundantAssignment, comparisonFunctionIsAlwaysTrueOrFalse, checkCastIntToCharAndBack, cstyleCast, passedByValue, clarifyCondition, exceptThrowInDestructor, exceptDeallocThrow, exceptRethrowCopy, catchExceptionByValue, fflushOnInputStream, seekOnAppendedFile, publicAllocationError
CWE mapping of unsafeClassCanLeak, zerodivcond, invalidPointerCast, redundantCopy, redundantAssignment, comparisonFunctionIsAlwaysTrueOrFalse, checkCastIntToCharAndBack, cstyleCast, passedByValue, clarifyCondition, exceptThrowInDestructor, exceptDeallocThrow, exceptRethrowCopy, catchExceptionByValue, fflushOnInputStream, seekOnAppendedFile, publicAllocationError
2016-04-12 19:29:40 +02:00
PKEuS 6d0c2f7253 Fixed false positive useClosedFile when noreturn function is called (#7359) 2016-01-31 10:39:35 +01:00
Daniel Marjamäki 5e10e680da CWE: refactoring. use constants instead of magic numbers. 2016-01-25 20:01:48 +01:00
Roberto Martelloni 5ce69da02d Mapped 26 errors to their CWEs ID. 2016-01-24 20:53:05 +00:00
Robert Reif 966d078dcc CheckIO: Fix FN when using '%x' as format specifier for a 'signed int' variable 2016-01-15 09:29:29 +01:00
Lauri Nurmi 996c9244d8 Update copyright year to 2007-2016. 2016-01-01 15:34:45 +02:00
PKEuS 940d569980 Refactorization: Removed redundant %any% patterns. 2015-12-24 14:40:48 +01:00
PKEuS 8f22e4924c Updated AStyle to version 2.05.1
Tweaked runastyle.bat a little bit.
2015-12-17 15:53:13 +01:00
Alexander Mai f762affea0 Small refactoring: replace NULL by nullptr, remove redundant static keyword, Tokenizer::setVarId() uses const variable 'notstart' 2015-11-30 22:13:49 +01:00
PKEuS e8522c7883 Small refactorizations:
- #include cleanup
- Use std::array instead of std::vector
- Do not create a stringstream to concatenate 4 strings
- Use std::cout instead of printf
2015-11-29 10:56:44 +01:00
Daniel Marjamäki 0f9d90d2be Changed Copyrights. Removed my name. 2015-11-18 20:04:50 +01:00
PKEuS eefea507b9 Use ValueFlow in CheckIO::checkWrongPrintfScanfArguments() (#6563) 2015-11-06 09:52:22 +01:00
PKEuS 3971f8625f Fixed false positive seekOnAppendedFile if FILE* is reused (#6566) 2015-10-13 15:32:13 +02:00
Daniel Marjamäki 2c7c6b3e38 CheckIO: Try to use ValueType more 2015-10-11 17:35:54 +02:00
Daniel Marjamäki 37d9a95ef1 CheckIO: Refactoring. Split out CheckIO::checkFormatString() from CheckIO::checkWrongPrintfScanfArguments(). 2015-10-10 20:08:15 +02:00
Daniel Marjamäki 6d256b01b6 CheckIO: Use ValueType::Type::LONGDOUBLE type also 2015-10-08 19:52:24 +02:00
Daniel Marjamäki a500f6f703 Improved handling of 'long double' and address-of in ValueType. Removed Tokenizer::simplifyFloatCasts() to handle float casts better. 2015-10-08 19:50:10 +02:00
Daniel Marjamäki be72b7413a ValueType: Handling of originalTypeName 2015-10-07 20:24:17 +02:00
Daniel Marjamäki 604a9acb48 ValueType: Handling constness 2015-10-07 19:08:26 +02:00
Daniel Marjamäki b77203a277 CheckIO: Handle AST pointer type better 2015-10-05 19:59:15 +02:00
Daniel Marjamäki b9036c2ca8 AST types: Fix for 'long long' handling 2015-10-05 19:20:42 +02:00
Daniel Marjamäki bc8f1b972e CheckIO: Early return 2015-10-05 19:04:29 +02:00
Daniel Marjamäki 8f6bd7fd0d Fixed #7014 (False positive for printf("%c", "hello"[0])) 2015-10-05 10:12:30 +02:00
Dmitry-Me aa60358458 Temp variables, better names 2015-09-15 15:34:12 +03:00
PKEuS ee4a5843bb Some small refactorizations 2015-08-15 19:46:31 +02:00
PKEuS 4d80df2f4a Added pointer to Type to Token (similar to Token::Variable() and Token::function()):
- Accessible via Token::type()
- Renamed former Token::type() to Token::tokType()
- Removed SymbolDatabase::isClassOrStruct()
2015-08-15 11:19:21 +02:00
PKEuS b0bf69bae7 Fixed false positive #6763 and reordered conditions
Ran AStyle
2015-08-14 12:50:45 +02:00
Daniel Marjamäki e578988832 invalidScanf: removed the checking for 'scanf crash with huge input data for old glibc'. new systems are not vulnerable to this bug anymore. 2015-08-14 08:03:46 +02:00
Dmitry-Me d81776b8c8 Avoid deep copying std::string 2015-08-07 17:16:41 +03:00
PKEuS a0890ecd2c Fixed false positive: Do not print useClosedFile on arrays (#6823) 2015-07-20 22:40:19 +02:00
Alexander Mai b3c7a3f798 Fix more (potential) multi-threading issues 2015-06-20 22:26:51 +02:00
Alexander Mai eebb5b8c77 Fix some compiler warnings in checkio.cpp. Fix some (potential) multi-threading issues in checkinternal.cpp 2015-06-17 21:25:15 +02:00
orbitcowboy 06e818f89d Running astyle, no functional change. 2015-06-17 09:09:23 +02:00
amai2012 33d7631ee3 Fix another Borlad-specific test by setting Windows platform type
Refactoring: make CheckIO::ArgumentInfo aware of language (C vs. C++) to perform some optimizations
2015-06-16 23:11:34 +02:00