CWE mapping of signedCharArrayIndex, unknownSignCharArrayIndex, suspiciousCase, suspiciousEqualityComparison, duplicateBranch, duplicateExpressionTernary, suspiciousSemicolon, incompleteArrayFill, redundantPointerOp, unusedLabelSwitch, unusedLabel, unknownEvaluationOrder, stlIfFind, useAutoPointerCopy

boos · boos · commit 1db24ee070ca · 2016-08-25T15:40:23.000+01:00
diff --git a/lib/checkother.cpp b/lib/checkother.cpp
@@ -33,11 +33,14 @@ namespace {
     CheckOther instance;
 }
 
+static const struct CWE CWE128(128U);   // Wrap-around Error
+static const struct CWE CWE131(131U);   // Incorrect Calculation of Buffer Size
 static const struct CWE CWE197(197U);   // Numeric Truncation Error
 static const struct CWE CWE362(362U);	// Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
 static const struct CWE CWE369(369U);	// Divide By Zero
 static const struct CWE CWE398(398U);   // Indicator of Poor Code Quality
 static const struct CWE CWE475(475U);   // Undefined Behavior for Input to API
+static const struct CWE CWE482(482U);   // Comparing instead of Assigning
 static const struct CWE CWE561(561U);   // Dead Code
 static const struct CWE CWE563(563U);   // Assignment to Variable without Use ('Unused Variable')
 static const struct CWE CWE570(570U);   // Expression is Always False
@@ -47,6 +50,7 @@ static const struct CWE CWE687(687U);   // Function Call With Incorrectly Specif
 static const struct CWE CWE688(688U);   // Function Call With Incorrect Variable or Reference as Argument
 static const struct CWE CWE704(704U);   // Incorrect Type Conversion or Cast
 static const struct CWE CWE758(758U);   // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
+static const struct CWE CWE768(768U);	// Incorrect Short Circuit Evaluation
 static const struct CWE CWE783(783U);   // Operator Precedence Logic Error
 
 //----------------------------------------------------------------------------------
@@ -244,7 +248,7 @@ void CheckOther::checkSuspiciousSemicolon()
 void CheckOther::SuspiciousSemicolonError(const Token* tok)
 {
     reportError(tok, Severity::warning, "suspiciousSemicolon",
-                "Suspicious use of ; at the end of '" + (tok ? tok->str() : std::string()) + "' statement.", CWE(0U), true);
+                "Suspicious use of ; at the end of '" + (tok ? tok->str() : std::string()) + "' statement.", CWE398, true);
 }
 
 
@@ -893,7 +897,7 @@ void CheckOther::suspiciousCaseInSwitchError(const Token* tok, const std::string
 {
     reportError(tok, Severity::warning, "suspiciousCase",
                 "Found suspicious case label in switch(). Operator '" + operatorString + "' probably doesn't work as intended.\n"
-                "Using an operator like '" + operatorString + "' in a case label is suspicious. Did you intend to use a bitwise operator, multiple case labels or if/else instead?", CWE(0U), true);
+                "Using an operator like '" + operatorString + "' in a case label is suspicious. Did you intend to use a bitwise operator, multiple case labels or if/else instead?", CWE398, true);
 }
 
 //---------------------------------------------------------------------------
@@ -945,7 +949,7 @@ void CheckOther::checkSuspiciousEqualityComparison()
 void CheckOther::suspiciousEqualityComparisonError(const Token* tok)
 {
     reportError(tok, Severity::warning, "suspiciousEqualityComparison",
-                "Found suspicious equality comparison. Did you intend to assign a value instead?", CWE(0U), true);
+                "Found suspicious equality comparison. Did you intend to assign a value instead?", CWE482, true);
 }
 
 
@@ -1581,7 +1585,7 @@ void CheckOther::signedCharArrayIndexError(const Token *tok)
                 "Signed 'char' type used as array index.\n"
                 "Signed 'char' type used as array index. If the value "
                 "can be greater than 127 there will be a buffer underflow "
-                "because of sign extension.");
+                "because of sign extension.", CWE128, false);
 }
 
 void CheckOther::unknownSignCharArrayIndexError(const Token *tok)
@@ -1591,7 +1595,7 @@ void CheckOther::unknownSignCharArrayIndexError(const Token *tok)
                 "unknownSignCharArrayIndex",
                 "'char' type used as array index.\n"
                 "'char' type used as array index. Values greater that 127 will be "
-                "treated depending on whether 'char' is signed or unsigned on target platform.");
+                "treated depending on whether 'char' is signed or unsigned on target platform.", CWE758, false);
 }
 
 void CheckOther::charBitOpError(const Token *tok)
@@ -1856,7 +1860,7 @@ void CheckOther::duplicateBranchError(const Token *tok1, const Token *tok2)
     reportError(toks, Severity::style, "duplicateBranch", "Found duplicate branches for 'if' and 'else'.\n"
                 "Finding the same code in an 'if' and related 'else' branch is suspicious and "
                 "might indicate a cut and paste or logic error. Please examine this code "
-                "carefully to determine if it is correct.", CWE(0U), true);
+                "carefully to determine if it is correct.", CWE398, true);
 }
 
 
@@ -2057,7 +2061,7 @@ void CheckOther::duplicateExpressionTernaryError(const Token *tok)
 {
     reportError(tok, Severity::style, "duplicateExpressionTernary", "Same expression in both branches of ternary operator.\n"
                 "Finding the same expression in both branches of ternary operator is suspicious as "
-                "the same code is executed regardless of the condition.");
+                "the same code is executed regardless of the condition.", CWE398, false);
 }
 
 void CheckOther::selfAssignmentError(const Token *tok, const std::string &varname)
@@ -2381,11 +2385,11 @@ void CheckOther::incompleteArrayFillError(const Token* tok, const std::string& b
     if (boolean)
         reportError(tok, Severity::portability, "incompleteArrayFill",
                     "Array '" + buffer + "' might be filled incompletely. Did you forget to multiply the size given to '" + function + "()' with 'sizeof(*" + buffer + ")'?\n"
-                    "The array '" + buffer + "' is filled incompletely. The function '" + function + "()' needs the size given in bytes, but the type 'bool' is larger than 1 on some platforms. Did you forget to multiply the size with 'sizeof(*" + buffer + ")'?", CWE(0U), true);
+                    "The array '" + buffer + "' is filled incompletely. The function '" + function + "()' needs the size given in bytes, but the type 'bool' is larger than 1 on some platforms. Did you forget to multiply the size with 'sizeof(*" + buffer + ")'?", CWE131, true);
     else
         reportError(tok, Severity::warning, "incompleteArrayFill",
                     "Array '" + buffer + "' is filled incompletely. Did you forget to multiply the size given to '" + function + "()' with 'sizeof(*" + buffer + ")'?\n"
-                    "The array '" + buffer + "' is filled incompletely. The function '" + function + "()' needs the size given in bytes, but an element of the given array is larger than one byte. Did you forget to multiply the size with 'sizeof(*" + buffer + ")'?", CWE(0U), true);
+                    "The array '" + buffer + "' is filled incompletely. The function '" + function + "()' needs the size given in bytes, but an element of the given array is larger than one byte. Did you forget to multiply the size with 'sizeof(*" + buffer + ")'?", CWE131, true);
 }
 
 //---------------------------------------------------------------------------
@@ -2511,7 +2515,7 @@ void CheckOther::checkRedundantPointerOp()
 void CheckOther::redundantPointerOpError(const Token* tok, const std::string &varname, bool inconclusive)
 {
     reportError(tok, Severity::style, "redundantPointerOp",
-                "Redundant pointer operation on " + varname + " - it's already a pointer.", CWE(0U), inconclusive);
+                "Redundant pointer operation on " + varname + " - it's already a pointer.", CWE398, inconclusive);
 }
 
 void CheckOther::checkInterlockedDecrement()
@@ -2585,11 +2589,11 @@ void CheckOther::unusedLabelError(const Token* tok, bool inSwitch)
     if (inSwitch) {
         if (!tok || _settings->isEnabled("warning"))
             reportError(tok, Severity::warning, "unusedLabelSwitch",
-                        "Label '" + (tok ? tok->str() : emptyString) + "' is not used. Should this be a 'case' of the enclosing switch()?");
+                        "Label '" + (tok ? tok->str() : emptyString) + "' is not used. Should this be a 'case' of the enclosing switch()?", CWE398, false);
     } else {
         if (!tok || _settings->isEnabled("style"))
             reportError(tok, Severity::style, "unusedLabel",
-                        "Label '" + (tok ? tok->str() : emptyString) + "' is not used.");
+                        "Label '" + (tok ? tok->str() : emptyString) + "' is not used.", CWE398, false);
     }
 }
 
@@ -2679,6 +2683,6 @@ void CheckOther::checkEvaluationOrder()
 void CheckOther::unknownEvaluationOrder(const Token* tok)
 {
     reportError(tok, Severity::error, "unknownEvaluationOrder",
-                "Expression '" + (tok ? tok->expressionString() : std::string("x = x++;")) + "' depends on order of evaluation of side effects");
+                "Expression '" + (tok ? tok->expressionString() : std::string("x = x++;")) + "' depends on order of evaluation of side effects", CWE768, false);
 }
 
diff --git a/lib/checkstl.cpp b/lib/checkstl.cpp
@@ -753,7 +753,7 @@ void CheckStl::if_findError(const Token *tok, bool str)
                     "string. If your intention is to check that there are no findings in the string, "
                     "you should compare with std::string::npos.", CWE597, false);
     else
-        reportError(tok, Severity::warning, "stlIfFind", "Suspicious condition. The result of find() is an iterator, but it is not properly checked.");
+        reportError(tok, Severity::warning, "stlIfFind", "Suspicious condition. The result of find() is an iterator, but it is not properly checked.", CWE398, false);
 }
 
 
@@ -1253,8 +1253,8 @@ void CheckStl::autoPointerError(const Token *tok)
 {
     reportError(tok, Severity::style, "useAutoPointerCopy",
                 "Copying 'auto_ptr' pointer to another does not create two equal objects since one has lost its ownership of the pointer.\n"
-                "'std::auto_ptr' has semantics of strict ownership, meaning that the 'auto_ptr' instance is the sole entity responsible for the object's lifetime. If an 'auto_ptr' is copied, the source looses the reference."
-               );
+                "'std::auto_ptr' has semantics of strict ownership, meaning that the 'auto_ptr' instance is the sole entity responsible for the object's lifetime. If an 'auto_ptr' is copied, the source looses the reference.",
+               CWE398, false);
 }
 
 void CheckStl::autoPointerContainerError(const Token *tok)

Original file line number	Diff line number	Diff line change
`@@ -753,7 +753,7 @@ void CheckStl::if_findError(const Token *tok, bool str)`
`753`	`753`	`"string. If your intention is to check that there are no findings in the string, "`
`754`	`754`	`"you should compare with std::string::npos.", CWE597, false);`
`755`	`755`	`else`
`756`		`- reportError(tok, Severity::warning, "stlIfFind", "Suspicious condition. The result of find() is an iterator, but it is not properly checked.");`
	`756`	`+ reportError(tok, Severity::warning, "stlIfFind", "Suspicious condition. The result of find() is an iterator, but it is not properly checked.", CWE398, false);`
`757`	`757`	`}`
`758`	`758`
`759`	`759`
`@@ -1253,8 +1253,8 @@ void CheckStl::autoPointerError(const Token *tok)`
`1253`	`1253`	`{`
`1254`	`1254`	`reportError(tok, Severity::style, "useAutoPointerCopy",`
`1255`	`1255`	`"Copying 'auto_ptr' pointer to another does not create two equal objects since one has lost its ownership of the pointer.\n"`
`1256`		`- "'std::auto_ptr' has semantics of strict ownership, meaning that the 'auto_ptr' instance is the sole entity responsible for the object's lifetime. If an 'auto_ptr' is copied, the source looses the reference."`
`1257`		`- );`
	`1256`	`+ "'std::auto_ptr' has semantics of strict ownership, meaning that the 'auto_ptr' instance is the sole entity responsible for the object's lifetime. If an 'auto_ptr' is copied, the source looses the reference.",`
	`1257`	`+ CWE398, false);`
`1258`	`1258`	`}`
`1259`	`1259`
`1260`	`1260`	`void CheckStl::autoPointerContainerError(const Token *tok)`