gcc-parser: read CWE numbers from Cppcheck output if available

kdudka · kdudka · commit 758efde3d8cd · 2020-08-18T15:26:24.000+02:00
diff --git a/gcc-parser.cc b/gcc-parser.cc
@@ -368,7 +368,7 @@ class BasicGccParser {
             tokenizer_(&markerConverter_),
             fileName_(fileName),
             silent_(silent),
-            reCppcheck_("^([A-Za-z_]+): (.*)$"),
+            reCppcheck_("^([A-Za-z_]+)(?:\\(CWE-([0-9]+)\\))?: (.*)$"),
             reClang_("^clang.*$"),
             reProspector_(RE_EVENT_PROSPECTOR),
             reShellCheckMsg_("^.* \\[SC[0-9]+\\]$"),
@@ -432,7 +432,13 @@ bool BasicGccParser::digCppcheckEvt(Defect *pDef) {
     keyEvt.event += "[";
     keyEvt.event += sm[/* id  */ 1];
     keyEvt.event += "]";
-    keyEvt.msg = sm[/* msg */ 2];
+
+    // store CWE if available
+    pDef->cwe = parse_int(sm[/* cwe */ 2]);
+
+    // this assignment invalidates sm!
+    keyEvt.msg = sm[/* msg */ 3];
+
     return true;
 }
 
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -176,6 +176,7 @@ test_csgrep(csgrep      "56-gcc-sparser-clang-error"  )
 test_csgrep(csgrep      "57-gcc-parser-gcc-analyzer-curl")
 test_csgrep(csgrep      "58-csparser-gcc-analyzer-curl")
 test_csgrep(csgrep      "59-json-parser-cov-v7-cwe"   )
+test_csgrep(csgrep      "60-gcc-parser-cppcheck-cwe"  )
 test_csparser(csparser-5.8                          00)
 test_csparser(csparser-5.8                          01)
 test_csparser(csparser-5.8                          02)
diff --git a/tests/csgrep/60-gcc-parser-cppcheck-cwe-args.txt b/tests/csgrep/60-gcc-parser-cppcheck-cwe-args.txt
diff --git a/tests/csgrep/60-gcc-parser-cppcheck-cwe-stdin.txt b/tests/csgrep/60-gcc-parser-cppcheck-cwe-stdin.txt
@@ -0,0 +1,23 @@
+/builddir/build/BUILD/curl-7.66.0/lib/ftp.c:2416: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
+/builddir/build/BUILD/curl-7.66.0/lib/curl_ntlm_core.c:394: error: uninitvar(CWE-908): Uninitialized variable: ks <--[cppcheck]
+/builddir/build/BUILD/curl-7.66.0/lib/curl_ntlm_core.c:469: error: uninitvar(CWE-908): Uninitialized variable: ks <--[cppcheck]
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c: In function 'ossl_connect_step1': <--[gcc]
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c:2461:5: warning: 'SSLv3_client_method' is deprecated [-Wdeprecated-declarations] <--[gcc]
+ 2461 |     req_method = SSLv3_client_method();
+      |     ^~~~~~~~~~
+In file included from /usr/include/openssl/opensslconf.h:42, <--[gcc]
+                 from /usr/include/openssl/e_os2.h:13, <--[gcc]
+                 from /usr/include/openssl/ssl.h:15, <--[gcc]
+                 from /builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c:48: <--[gcc]
+/usr/include/openssl/ssl.h:1869:1: note: declared here <--[gcc]
+ 1869 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void))
+      | ^~~~~~~~~~~~~~~~~~
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c:2204:3: warning: Value stored to 'ossl_ssl_version_max' is never read <--[clang]
+  ossl_ssl_version_max = 0;
+  ^                      ~
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c:2204:3: note: Value stored to 'ossl_ssl_version_max' is never read <--[clang]
+  ossl_ssl_version_max = 0;
+  ^                      ~
+1 warning generated.
+gcc: warning: '-x c' after last input file has no effect
+g++: warning: '-x c' after last input file has no effect
diff --git a/tests/csgrep/60-gcc-parser-cppcheck-cwe-stdout.txt b/tests/csgrep/60-gcc-parser-cppcheck-cwe-stdout.txt
@@ -0,0 +1,35 @@
+Error: CPPCHECK_WARNING:
+/builddir/build/BUILD/curl-7.66.0/lib/ftp.c:2416: error[nullPointerArithmetic]: Pointer addition with NULL pointer.
+
+Error: CPPCHECK_WARNING (CWE-908):
+/builddir/build/BUILD/curl-7.66.0/lib/curl_ntlm_core.c:394: error[uninitvar]: Uninitialized variable: ks
+
+Error: CPPCHECK_WARNING (CWE-908):
+/builddir/build/BUILD/curl-7.66.0/lib/curl_ntlm_core.c:469: error[uninitvar]: Uninitialized variable: ks
+
+Error: COMPILER_WARNING:
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c: scope_hint: In function 'ossl_connect_step1'
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c:2461:5: warning: 'SSLv3_client_method' is deprecated [-Wdeprecated-declarations]
+# 2461 |     req_method = SSLv3_client_method();
+#      |     ^~~~~~~~~~
+/usr/include/openssl/opensslconf.h:42: included_from: Included from here.
+/usr/include/openssl/e_os2.h:13: included_from: Included from here.
+/usr/include/openssl/ssl.h:15: included_from: Included from here.
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c:48: included_from: Included from here.
+/usr/include/openssl/ssl.h:1869:1: note: declared here
+# 1869 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void))
+#      | ^~~~~~~~~~~~~~~~~~
+
+Error: CLANG_WARNING:
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c:2204:3: warning: Value stored to 'ossl_ssl_version_max' is never read
+#  ossl_ssl_version_max = 0;
+#  ^                      ~
+/builddir/build/BUILD/curl-7.66.0/lib/vtls/openssl.c:2204:3: note: Value stored to 'ossl_ssl_version_max' is never read
+#  ossl_ssl_version_max = 0;
+#  ^                      ~
+
+Error: COMPILER_WARNING:
+gcc: warning: '-x c' after last input file has no effect
+
+Error: COMPILER_WARNING:
+g++: warning: '-x c' after last input file has no effect
