CWE mapping of assignBoolToFloat, strncatUsage, sizeArgumentAsChar, terminateStrncpy, bufferNotZeroTerminated, negativeArraySize, noExplicitConstructor, virtualDestructor

boos · boos · commit 41dee04e906b · 2016-08-14T18:23:41.000+01:00
diff --git a/lib/checkbool.cpp b/lib/checkbool.cpp
@@ -32,6 +32,7 @@ namespace {
 static const CWE CWE398(398U);  // Indicator of Poor Code Quality
 static const CWE CWE571(571U);  // Expression is Always True
 static const CWE CWE587(587U);  // Assignment of a Fixed Address to a Pointer
+static const CWE CWE704(704U);	// Incorrect Type Conversion or Cast
 
 //---------------------------------------------------------------------------
 //---------------------------------------------------------------------------
@@ -461,5 +462,5 @@ void CheckBool::checkAssignBoolToFloat()
 void CheckBool::assignBoolToFloatError(const Token *tok)
 {
     reportError(tok, Severity::style, "assignBoolToFloat",
-                "Boolean value assigned to floating point variable.");
+                "Boolean value assigned to floating point variable.", CWE704, false);
 }
diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
@@ -44,10 +44,13 @@ namespace {
 //---------------------------------------------------------------------------
 
 // CWE ids used:
-static const CWE CWE131(131U);
-static const CWE CWE398(398U);
-static const CWE CWE786(786U);
-static const CWE CWE788(788U);
+static const CWE CWE131(131U);	// Incorrect Calculation of Buffer Size
+static const CWE CWE170(170U);	// Improper Null Termination
+static const CWE CWE398(398U);	// Indicator of Poor Code Quality
+static const CWE CWE682(682U);	// Incorrect Calculation
+static const CWE CWE758(758U);	// Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
+static const CWE CWE786(786U);	// Access of Memory Location Before Start of Buffer
+static const CWE CWE788(788U);	// Access of Memory Location After End of Buffer
 
 //---------------------------------------------------------------------------
 
@@ -174,7 +177,7 @@ void CheckBufferOverrun::strncatUsageError(const Token *tok)
                 "At most, strncat appends the 3rd parameter's amount of characters and adds a terminating null byte.\n"
                 "The safe way to use strncat is to subtract one from the remaining space in the buffer and use it as 3rd parameter."
                 "Source: http://www.cplusplus.com/reference/cstring/strncat/\n"
-                "Source: http://www.opensource.apple.com/source/Libc/Libc-167/gen.subproj/i386.subproj/strncat.c");
+                "Source: http://www.opensource.apple.com/source/Libc/Libc-167/gen.subproj/i386.subproj/strncat.c", CWE119, false);
 }
 
 void CheckBufferOverrun::outOfBoundsError(const Token *tok, const std::string &what, const bool show_size_info, const MathLib::bigint &supplied_size, const MathLib::bigint &actual_size)
@@ -219,7 +222,7 @@ void CheckBufferOverrun::sizeArgumentAsCharError(const Token *tok)
 {
     if (_settings && !_settings->isEnabled("warning"))
         return;
-    reportError(tok, Severity::warning, "sizeArgumentAsChar", "The size argument is given as a char constant.");
+    reportError(tok, Severity::warning, "sizeArgumentAsChar", "The size argument is given as a char constant.", CWE682, false);
 }
 
 
@@ -229,7 +232,7 @@ void CheckBufferOverrun::terminateStrncpyError(const Token *tok, const std::stri
                 "The buffer '" + varname + "' may not be null-terminated after the call to strncpy().\n"
                 "If the source string's size fits or exceeds the given size, strncpy() does not add a "
                 "zero at the end of the buffer. This causes bugs later in the code if the code "
-                "assumes buffer is null-terminated.", CWE(0U), true);
+                "assumes buffer is null-terminated.", CWE170, true);
 }
 
 void CheckBufferOverrun::cmdLineArgsError(const Token *tok)
@@ -243,7 +246,7 @@ void CheckBufferOverrun::bufferNotZeroTerminatedError(const Token *tok, const st
                                "The buffer '" + varname + "' is not null-terminated after the call to " + function + "(). "
                                "This will cause bugs later in the code if the code assumes the buffer is null-terminated.";
 
-    reportError(tok, Severity::warning, "bufferNotZeroTerminated", errmsg, CWE(0U), true);
+    reportError(tok, Severity::warning, "bufferNotZeroTerminated", errmsg, CWE170, true);
 }
 
 void CheckBufferOverrun::argumentSizeError(const Token *tok, const std::string &functionName, const std::string &varname)
@@ -1084,7 +1087,7 @@ void CheckBufferOverrun::negativeArraySize()
 void CheckBufferOverrun::negativeArraySizeError(const Token *tok)
 {
     reportError(tok, Severity::error, "negativeArraySize",
-                "Declaration of array '" + (tok ? tok->str() : std::string()) + "' with negative size is undefined behaviour");
+                "Declaration of array '" + (tok ? tok->str() : std::string()) + "' with negative size is undefined behaviour", CWE758, false);
 }
 
 //---------------------------------------------------------------------------
diff --git a/lib/checkclass.cpp b/lib/checkclass.cpp
@@ -802,7 +802,7 @@ void CheckClass::noExplicitConstructorError(const Token *tok, const std::string
 {
     const std::string message(std::string(isStruct ? "Struct" : "Class") + " '" + classname + "' has a constructor with 1 argument that is not explicit.");
     const std::string verbose(message + " Such constructors should in general be explicit for type safety reasons. Using the explicit keyword in the constructor means some mistakes when using the class can be avoided.");
-    reportError(tok, Severity::style, "noExplicitConstructor", message + "\n" + verbose);
+    reportError(tok, Severity::style, "noExplicitConstructor", message + "\n" + verbose, CWE398, false);
 }
 
 void CheckClass::uninitVarError(const Token *tok, const std::string &classname, const std::string &varname, bool inconclusive)
@@ -1642,7 +1642,7 @@ void CheckClass::virtualDestructorError(const Token *tok, const std::string &Bas
                     "Class '" + Base + "' which is inherited by class '" + Derived + "' does not have a virtual destructor. "
                     "If you destroy instances of the derived class by deleting a pointer that points to the base class, only "
                     "the destructor of the base class is executed. Thus, dynamic memory that is managed by the derived class "
-                    "could leak. This can be avoided by adding a virtual destructor to the base class.");
+                    "could leak. This can be avoided by adding a virtual destructor to the base class.", CWE404, false);
 }
 
 //---------------------------------------------------------------------------

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ namespace {`
`32`	`32`	`static const CWE CWE398(398U); // Indicator of Poor Code Quality`
`33`	`33`	`static const CWE CWE571(571U); // Expression is Always True`
`34`	`34`	`static const CWE CWE587(587U); // Assignment of a Fixed Address to a Pointer`
	`35`	`+static const CWE CWE704(704U); // Incorrect Type Conversion or Cast`
`35`	`36`
`36`	`37`	`//---------------------------------------------------------------------------`
`37`	`38`	`//---------------------------------------------------------------------------`
`@@ -461,5 +462,5 @@ void CheckBool::checkAssignBoolToFloat()`
`461`	`462`	`void CheckBool::assignBoolToFloatError(const Token *tok)`
`462`	`463`	`{`
`463`	`464`	`reportError(tok, Severity::style, "assignBoolToFloat",`
`464`		`- "Boolean value assigned to floating point variable.");`
	`465`	`+ "Boolean value assigned to floating point variable.", CWE704, false);`
`465`	`466`	`}`
Original file line number	Diff line number	Diff line change
`@@ -802,7 +802,7 @@ void CheckClass::noExplicitConstructorError(const Token *tok, const std::string`
`802`	`802`	`{`
`803`	`803`	`const std::string message(std::string(isStruct ? "Struct" : "Class") + " '" + classname + "' has a constructor with 1 argument that is not explicit.");`
`804`	`804`	`const std::string verbose(message + " Such constructors should in general be explicit for type safety reasons. Using the explicit keyword in the constructor means some mistakes when using the class can be avoided.");`
`805`		`- reportError(tok, Severity::style, "noExplicitConstructor", message + "\n" + verbose);`
	`805`	`+ reportError(tok, Severity::style, "noExplicitConstructor", message + "\n" + verbose, CWE398, false);`
`806`	`806`	`}`
`807`	`807`
`808`	`808`	`void CheckClass::uninitVarError(const Token *tok, const std::string &classname, const std::string &varname, bool inconclusive)`
`@@ -1642,7 +1642,7 @@ void CheckClass::virtualDestructorError(const Token *tok, const std::string &Bas`
`1642`	`1642`	`"Class '" + Base + "' which is inherited by class '" + Derived + "' does not have a virtual destructor. "`
`1643`	`1643`	`"If you destroy instances of the derived class by deleting a pointer that points to the base class, only "`
`1644`	`1644`	`"the destructor of the base class is executed. Thus, dynamic memory that is managed by the derived class "`
`1645`		`- "could leak. This can be avoided by adding a virtual destructor to the base class.");`
	`1645`	`+ "could leak. This can be avoided by adding a virtual destructor to the base class.", CWE404, false);`
`1646`	`1646`	`}`
`1647`	`1647`
`1648`	`1648`	`//---------------------------------------------------------------------------`