Skip to content

Commit f1c39db

Browse files
boosPKEuS
authored andcommitted
CWE mapping of stlIfStrFind, stlcstrReturn, stlcstrParam, stlSize, (#801)
StlMissingComparison, redundantIfRemove.
1 parent e7f1318 commit f1c39db

2 files changed

Lines changed: 19 additions & 10 deletions

File tree

lib/checksizeof.cpp

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,13 +22,18 @@
2222
#include "symboldatabase.h"
2323
#include <algorithm>
2424
#include <cctype>
25+
26+
2527
//---------------------------------------------------------------------------
2628

2729
// Register this check class (by creating a static instance of it)
2830
namespace {
2931
CheckSizeof instance;
3032
}
3133

34+
// CWE IDs used:
35+
static const struct CWE CWE398(398U); // Indicator of Poor Code Quality
36+
3237
//---------------------------------------------------------------------------
3338
//---------------------------------------------------------------------------
3439
void CheckSizeof::checkSizeofForNumericParameter()
@@ -374,7 +379,7 @@ void CheckSizeof::sizeofVoidError(const Token *tok)
374379
{
375380
const std::string message = "Behaviour of 'sizeof(void)' is not covered by the ISO C standard.";
376381
const std::string verbose = message + " A value for 'sizeof(void)' is defined only as part of a GNU C extension, which defines 'sizeof(void)' to be 1.";
377-
reportError(tok, Severity::portability, "sizeofVoid", message + "\n" + verbose);
382+
reportError(tok, Severity::portability, "sizeofVoid", message + "\n" + verbose, CWE398, false);
378383
}
379384

380385
void CheckSizeof::sizeofDereferencedVoidPointerError(const Token *tok, const std::string &varname)

lib/checkstl.cpp

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,13 @@ namespace {
2727
CheckStl instance;
2828
}
2929

30-
// CWE ids used:
31-
static const struct CWE CWE664(664U);
32-
static const struct CWE CWE788(788U);
30+
// CWE IDs used:
31+
static const struct CWE CWE398(398U); // Indicator of Poor Code Quality
32+
static const struct CWE CWE597(597U); // Use of Wrong Operator in String Comparison
33+
static const struct CWE CWE664(664U); // Improper Control of a Resource Through its Lifetime
34+
static const struct CWE CWE704(704U); // Incorrect Type Conversion or Cast
35+
static const struct CWE CWE788(788U); // Access of Memory Location After End of Buffer
36+
static const struct CWE CWE834(834U); // Excessive Iteration
3337

3438
// Error message for bad iterator usage..
3539
void CheckStl::invalidIteratorError(const Token *tok, const std::string &iteratorName)
@@ -720,7 +724,7 @@ void CheckStl::if_findError(const Token *tok, bool str)
720724
"Either inefficient or wrong usage of string::find(). string::compare() will be faster if "
721725
"string::find's result is compared with 0, because it will not scan the whole "
722726
"string. If your intention is to check that there are no findings in the string, "
723-
"you should compare with std::string::npos.");
727+
"you should compare with std::string::npos.", CWE597, false);
724728
else
725729
reportError(tok, Severity::warning, "stlIfFind", "Suspicious condition. The result of find() is an iterator, but it is not properly checked.");
726730
}
@@ -794,7 +798,7 @@ void CheckStl::sizeError(const Token *tok)
794798
"Checking for '" + varname + "' emptiness might be inefficient. "
795799
"Using " + varname + ".empty() instead of " + varname + ".size() can be faster. " +
796800
varname + ".size() can take linear time but " + varname + ".empty() is "
797-
"guaranteed to take constant time.");
801+
"guaranteed to take constant time.", CWE398, false);
798802
}
799803

800804
void CheckStl::redundantCondition()
@@ -833,7 +837,7 @@ void CheckStl::redundantIfRemoveError(const Token *tok)
833837
reportError(tok, Severity::style, "redundantIfRemove",
834838
"Redundant checking of STL container element existence before removing it.\n"
835839
"Redundant checking of STL container element existence before removing it. "
836-
"It is safe to call the remove method on a non-existing element.");
840+
"It is safe to call the remove method on a non-existing element.", CWE398, false);
837841
}
838842

839843
void CheckStl::missingComparison()
@@ -913,7 +917,7 @@ void CheckStl::missingComparisonError(const Token *incrementToken1, const Token
913917
<< "There is no comparison between these increments to prevent that the iterator is "
914918
<< "incremented beyond the end.";
915919

916-
reportError(callstack, Severity::warning, "StlMissingComparison", errmsg.str());
920+
reportError(callstack, Severity::warning, "StlMissingComparison", errmsg.str(), CWE834, false);
917921
}
918922

919923

@@ -1105,15 +1109,15 @@ void CheckStl::string_c_strError(const Token* tok)
11051109
void CheckStl::string_c_strReturn(const Token* tok)
11061110
{
11071111
reportError(tok, Severity::performance, "stlcstrReturn", "Returning the result of c_str() in a function that returns std::string is slow and redundant.\n"
1108-
"The conversion from const char* as returned by c_str() to std::string creates an unnecessary string copy. Solve that by directly returning the string.");
1112+
"The conversion from const char* as returned by c_str() to std::string creates an unnecessary string copy. Solve that by directly returning the string.", CWE704, false);
11091113
}
11101114

11111115
void CheckStl::string_c_strParam(const Token* tok, unsigned int number)
11121116
{
11131117
std::ostringstream oss;
11141118
oss << "Passing the result of c_str() to a function that takes std::string as argument no. " << number << " is slow and redundant.\n"
11151119
"The conversion from const char* as returned by c_str() to std::string creates an unnecessary string copy. Solve that by directly passing the string.";
1116-
reportError(tok, Severity::performance, "stlcstrParam", oss.str());
1120+
reportError(tok, Severity::performance, "stlcstrParam", oss.str(), CWE704, false);
11171121
}
11181122

11191123
static bool hasArrayEnd(const Token *tok1)

0 commit comments

Comments
 (0)