CWE mapping of useAutoPointerMalloc, uselessCallsCompare, uselessCallsSwap, uselessCallsSubstr, uselessCallsEmpty, uselessCallsRemove, derefInvalidIterator, reademptycontainer, multiplySizeof, divideSizeof, stringLiteralWrite, incorrectStringCompare, literalWithCharPtrCompare, charLiteralWithCharPtrCompare, incorrectStringBooleanError, staticStringCompare, stringCompare, signConversion, truncLongCastAssignment, truncLongCastReturn, unusedFunction, unusedVariable, unusedAllocatedMemory, unreadVariable, unassignedVariable, unusedStructMember, postfixOperator, va_start_wrongParameter#824
Conversation
|
I think the additions to travis should be within https://github.com/danmar/cppcheck/blob/master/.travis.yml |
|
I'm not very familiar with Travis, I need some guidance about it. I think it is too strong, a lot of people does not even know what CWE is and as a consequence that will increase the necessary effort to contribute to the development of the toll. Now that the full mapping is complete it is not going to be a big effort for me to keep it updated. When new errors are going to be detected I should be able to do promptly map all new errors within three days maximum a week. |
| // CWE IDs used: | ||
| static const struct CWE CWE398(398U); // Indicator of Poor Code Quality | ||
| static const struct CWE CWE597(597U); // Use of Wrong Operator in String Comparison | ||
| static const struct CWE CWE628(628U); // Function Call with Incorrectly Specified Arguments |
There was a problem hiding this comment.
could you try to use same formatting as surrounding code? look at the comments.
|
It would be nice if you start running astyle on every pull request.. Version 2.05.1. use the "runastyle" scripts in the cppcheck repo. |
Thanks that is highly appreciated. |
|
In regards to CWE mapping, you are welcome. I'm happy to help. It's my first contribution in FOSS space indeed bear with me in advance if I do something wrong. |
yes please it's possible somehow to update this pull request. |
If that is causing too much inconvenience maybe we should accept the PR and run astyle later on. It's the last one to finish CWE mapping, would be nice to get it done soon. |
It is easy to update a pull request. Commit the changes (amend to previous commit) and force-push to the branch. |
|
I may be able to do it tomorrow. On a side note I already received the On 31 August 2016 at 13:30, PKEuS notifications@github.com wrote:
Roberto Martelloni |
…sSwap, uselessCallsSubstr, uselessCallsEmpty, uselessCallsRemove, derefInvalidIterator, reademptycontainer, multiplySizeof, divideSizeof, stringLiteralWrite, incorrectStringCompare, literalWithCharPtrCompare, charLiteralWithCharPtrCompare, incorrectStringBooleanError, staticStringCompare, stringCompare, signConversion, truncLongCastAssignment, truncLongCastReturn, unusedFunction, unusedVariable, unusedAllocatedMemory, unreadVariable, unassignedVariable, unusedStructMember, postfixOperator, va_start_wrongParameter
|
I've ran runastyle; commit; git rebase -i HEAD~2 and squashed the commit and then git push --force. |
4 participants
CWE mapping of useAutoPointerMalloc, uselessCallsCompare, uselessCallsSwap, uselessCallsSubstr, uselessCallsEmpty, uselessCallsRemove, derefInvalidIterator, reademptycontainer, multiplySizeof, divideSizeof, stringLiteralWrite, incorrectStringCompare, literalWithCharPtrCompare, charLiteralWithCharPtrCompare, incorrectStringBooleanError, staticStringCompare, stringCompare, signConversion, truncLongCastAssignment, truncLongCastReturn, unusedFunction, unusedVariable, unusedAllocatedMemory, unreadVariable, unassignedVariable, unusedStructMember, postfixOperator, va_start_wrongParameter
This is the last commit to finishing the mapping. I'll go ahead and claim CWE compatibility with the MITRE. Please confirm I can. Please also give me the lead developer email so I can CC him while asking for the compatibility claim.
Someone with access to the continuous integration system can modify the task and automate the following task:
That will help me maintain updated the CWE mapping for new errors without have to waint for a new release each time.