From ae4e0414584827b6d111324c7ba826b2e4ad20c3 Mon Sep 17 00:00:00 2001 From: guwirth Date: Tue, 19 Oct 2021 15:24:06 +0200 Subject: [PATCH] cppcheck 2.60 support add new rules: * compareValueOutOfTypeRangeError * incompatibleFileOpen * missingReturn * overlappingWriteFunction * overlappingWriteUnion * returnStdMoveLocal --- cxx-sensors/src/main/resources/cppcheck.xml | 111 +++++++++++++++++- .../CxxCppCheckRuleRepositoryTest.java | 2 +- cxx-sensors/src/tools/cppcheck_createrules.py | 8 +- .../src/tools/generate_cppcheck_resources.cmd | 2 +- 4 files changed, 115 insertions(+), 8 deletions(-) diff --git a/cxx-sensors/src/main/resources/cppcheck.xml b/cxx-sensors/src/main/resources/cppcheck.xml index d71e0a3867..95d76b628f 100644 --- a/cxx-sensors/src/main/resources/cppcheck.xml +++ b/cxx-sensors/src/main/resources/cppcheck.xml @@ -165,12 +165,18 @@ prevent that the iterator is incremented beyond the end. argumentSize - The array 'array' is too small, the function 'function' expects a bigger one + Buffer 'buffer' is too small, the function 'function' expects a bigger buffer in 2nd argument +Buffer 'buffer' is too small, the function 'function' expects a bigger +buffer in 2nd argument +

+

References

+

CWE-398: 7PK - Code Quality

]]> + cwe MINOR BUG LINEAR @@ -8875,7 +8881,106 @@ https://isocpp.org/wiki/faq/exceptions#throw-without-an-object BUG LINEAR 5min - + + + + compareValueOutOfTypeRangeError + Comparing expression of type 'unsigned char' against value 256 + + +Comparing expression of type 'unsigned char' against value 256. +Condition is always true. +

+

References

+

CWE-398: 7PK - Code Quality

+ ]]> + + + cwe + MINOR + LINEAR + 5min + + + incompatibleFileOpen + The file 'tmp' is opened for read and write access at the same time on different streams + + +The file 'tmp' is opened for read and write access at the same time on +different streams +

+

References

+

CWE-664: Improper Control of a Resource Through its Lifetime

+ ]]> + + + cwe + MINOR + BUG + LINEAR + 5min + + + missingReturn + Found a exit path from function with non-void return type that has missing return statement + + +Found a exit path from function with non-void return type that has +missing return statement +

+

References

+

CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

+ ]]> + + + cwe + BUG + LINEAR + 5min + + + overlappingWriteFunction + Overlapping read/write in () is undefined behavior + + + + + BUG + LINEAR + 5min + + + overlappingWriteUnion + Overlapping read/write of union is undefined behavior + + + + + BUG + LINEAR + 5min + + + returnStdMoveLocal + Using std::move for returning object by-value from function will affect copy elision optimization + + + + + MINOR + BUG + LINEAR + 5min + misra-c2012-1.1 diff --git a/cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java b/cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java index 37cb14811d..06faa131df 100644 --- a/cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java +++ b/cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java @@ -37,7 +37,7 @@ public void createRulesTest() { def.define(context); RulesDefinition.Repository repo = context.repository(CxxCppCheckRuleRepository.KEY); - assertEquals(659, repo.rules().size()); + assertEquals(665, repo.rules().size()); } } diff --git a/cxx-sensors/src/tools/cppcheck_createrules.py b/cxx-sensors/src/tools/cppcheck_createrules.py index 9d31898943..0468981969 100644 --- a/cxx-sensors/src/tools/cppcheck_createrules.py +++ b/cxx-sensors/src/tools/cppcheck_createrules.py @@ -85,9 +85,11 @@ def error_to_rule(error): if cweNr is not None: et.SubElement(rule, 'tag').text = "cwe" - et.SubElement(rule, 'severity').text = sonarQubeIssueSeverity - et.SubElement(rule, 'type').text = sonarQubeIssueType - if sonarQubeIssueSeverity != 'INFO': + if sonarQubeIssueSeverity != 'MAJOR': # MAJOR is the default + et.SubElement(rule, 'severity').text = sonarQubeIssueSeverity + if sonarQubeIssueType != 'CODE_SMELL': # CODE_SMELL is the default + et.SubElement(rule, 'type').text = sonarQubeIssueType + if sonarQubeIssueSeverity != 'INFO': # INFO has no effort et.SubElement(rule, 'remediationFunction').text = "LINEAR" et.SubElement(rule, 'remediationFunctionGapMultiplier').text = "5min" diff --git a/cxx-sensors/src/tools/generate_cppcheck_resources.cmd b/cxx-sensors/src/tools/generate_cppcheck_resources.cmd index d7134c5896..c77733fbb1 100644 --- a/cxx-sensors/src/tools/generate_cppcheck_resources.cmd +++ b/cxx-sensors/src/tools/generate_cppcheck_resources.cmd @@ -3,7 +3,7 @@ cls SET SCRIPT_DIR=%~dp0 SET CPPCHECK_DIR=C:\Program Files\Cppcheck\ -SET PYTHON_DIR= +SET PYTHON_DIR=C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python37_64\ SET CPPCHECK_LIBRARY_ARGS=--library=avr.cfg --library=bento4.cfg --library=boost.cfg --library=bsd.cfg --library=cairo.cfg --library=cppunit.cfg --library=dpdk.cfg --library=embedded_sql.cfg --library=gnu.cfg --library=googletest.cfg --library=gtk.cfg --library=kde.cfg --library=libcerror.cfg --library=libcurl.cfg --library=libsigc++.cfg --library=lua.cfg --library=mfc.cfg--library=microsoft_atl.cfg --library=microsoft_sal.cfg --library=microsoft_unittest.cfg --library=motif.cfg --library=nspr.cfg --library=opencv2.cfg --library=opengl.cfg --library=openmp.cfg --library=openssl.cfg --library=posix.cfg --library=python.cfg --library=qt.cfg --library=ruby.cfg --library=sdl.cfg --library=sfml.cfg --library=sqlite3.cfg --library=std.cfg --library=tinyxml2.cfg --library=vcl.cfg --library=windows.cfg --library=wxwidgets.cfg --library=zlib.cfg