cwe-mapper: do not assign CWE to unknown events of Cppcheck

kdudka · kdudka · commit 142ee3f8a5f3 · 2018-04-30T17:14:56.000+02:00
Reported-by: Steve Grubb
diff --git a/cwe-mapper.cc b/cwe-mapper.cc
@@ -128,18 +128,25 @@ bool CweMap::assignCwe(Defect &def) const {
     }
 
     // lookup by event
+    int &cweDst = def.cwe;
     const Private::TNumByEvent &row = rowIt->second;
     const DefEvent &evt = def.events[def.keyEventIdx];
     Private::TNumByEvent::const_iterator cweIt = row.find(evt.event);
     if (row.end() == cweIt) {
         if (!d->silent)
             std::cerr << "warning: CWE not found: checker = " << def.checker
                 << ", event = " << evt.event << "\n";
+
+        if (def.checker == "CPPCHECK_WARNING") {
+            // we cannot fallback to a random CWE that Cppcheck has mapping for
+            cweDst = 0;
+            return false;
+        }
+
         cweIt = row.begin();
     }
 
     const int cweSrc = cweIt->second;
-    int &cweDst = def.cwe;
     if (cweSrc == cweDst)
         // already assigned
         return true;
