csparser: parse CWE numbers out of annotations

kdudka · kdudka · commit d7e54a5462cc · 2020-08-18T15:26:31.000+02:00
diff --git a/csparser.cc b/csparser.cc
@@ -357,13 +357,35 @@ void KeyEventDigger::initVerbosity(Defect *def) {
     }
 }
 
+class AnnotHandler {
+    public:
+        AnnotHandler():
+            reCweAnnot_("^ *\\(CWE-([0-9]+)\\)$")
+        {
+        }
+
+        void handleDef(Defect *);
+
+    private:
+        boost::regex reCweAnnot_;
+};
+
+void AnnotHandler::handleDef(Defect *pDef) {
+    boost::smatch sm;
+    if (boost::regex_match(pDef->annotation, sm, reCweAnnot_)) {
+        pDef->cwe = parse_int(sm[/* cwe */ 1]);
+        pDef->annotation.clear();
+    }
+}
+
 struct CovParser::Private {
     ErrFileLexer            lexer;
     std::string             fileName;
     const bool              silent;
     bool                    hasError;
     EToken                  code;
     KeyEventDigger          keDigger;
+    AnnotHandler            annotHdl;
 
     Private(std::istream &input_, std::string fileName_, bool silent_):
         lexer(input_),
@@ -539,15 +561,16 @@ bool CovParser::Private::parseNext(Defect *def) {
     }
 
 done:
-    if (this->keDigger.guessKeyEvent(def)) {
-        this->keDigger.initVerbosity(def);
-
-        // all OK
-        return true;
+    if (!this->keDigger.guessKeyEvent(def)) {
+        this->parseError("failed to guess key event");
+        return false;
     }
 
-    this->parseError("failed to guess key event");
-    return false;
+    this->keDigger.initVerbosity(def);
+    this->annotHdl.handleDef(def);
+
+    // all OK
+    return true;
 }
 
 bool CovParser::getNext(Defect *def) {
diff --git a/tests/csgrep/10-err-file-comments-stdout.txt b/tests/csgrep/10-err-file-comments-stdout.txt
@@ -2,7 +2,7 @@
     "defects": [
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 4,
             "events": [
                 {
@@ -52,7 +52,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -80,7 +80,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -108,7 +108,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -144,7 +144,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -180,7 +180,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 6,
             "events": [
                 {
@@ -245,7 +245,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -273,7 +273,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -301,7 +301,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -329,7 +329,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -357,7 +357,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -385,7 +385,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 4,
             "events": [
                 {
@@ -436,7 +436,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -464,7 +464,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -492,7 +492,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -520,7 +520,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -548,7 +548,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -576,7 +576,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -604,7 +604,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -632,7 +632,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -660,7 +660,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -688,7 +688,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 4,
             "events": [
                 {
@@ -738,7 +738,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 3,
             "events": [
                 {
@@ -773,7 +773,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -809,7 +809,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 4,
             "events": [
                 {
@@ -851,7 +851,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 3,
             "events": [
                 {
@@ -886,7 +886,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -922,7 +922,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -958,7 +958,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -986,7 +986,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 3,
             "events": [
                 {
@@ -1029,7 +1029,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -1057,7 +1057,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 3,
             "events": [
                 {
@@ -1100,7 +1100,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
@@ -1136,7 +1136,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 4,
             "events": [
                 {
@@ -1186,7 +1186,7 @@
         },
         {
             "checker": "UNINIT",
-            "annotation": " (CWE-457)",
+            "cwe": 457,
             "key_event_idx": 2,
             "events": [
                 {
diff --git a/tests/csgrep/33-cov-format-errors-stdout.txt b/tests/csgrep/33-cov-format-errors-stdout.txt
@@ -2,7 +2,7 @@
     "defects": [
         {
             "checker": "CHECKED_RETURN",
-            "annotation": " (CWE-252)",
+            "cwe": 252,
             "key_event_idx": 0,
             "events": [
                 {
diff --git a/tests/csgrep/58-csparser-gcc-analyzer-curl-stdout.txt b/tests/csgrep/58-csparser-gcc-analyzer-curl-stdout.txt

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`"defects": [`
`3`	`3`	`{`
`4`	`4`	`"checker": "UNINIT",`
`5`		`- "annotation": " (CWE-457)",`
	`5`	`+ "cwe": 457,`
`6`	`6`	`"key_event_idx": 4,`
`7`	`7`	`"events": [`
`8`	`8`	`{`
`@@ -52,7 +52,7 @@`
`52`	`52`	`},`
`53`	`53`	`{`
`54`	`54`	`"checker": "UNINIT",`
`55`		`- "annotation": " (CWE-457)",`
	`55`	`+ "cwe": 457,`
`56`	`56`	`"key_event_idx": 2,`
`57`	`57`	`"events": [`
`58`	`58`	`{`
`@@ -80,7 +80,7 @@`
`80`	`80`	`},`
`81`	`81`	`{`
`82`	`82`	`"checker": "UNINIT",`
`83`		`- "annotation": " (CWE-457)",`
	`83`	`+ "cwe": 457,`
`84`	`84`	`"key_event_idx": 2,`
`85`	`85`	`"events": [`
`86`	`86`	`{`
`@@ -108,7 +108,7 @@`
`108`	`108`	`},`
`109`	`109`	`{`
`110`	`110`	`"checker": "UNINIT",`
`111`		`- "annotation": " (CWE-457)",`
	`111`	`+ "cwe": 457,`
`112`	`112`	`"key_event_idx": 2,`
`113`	`113`	`"events": [`
`114`	`114`	`{`
`@@ -144,7 +144,7 @@`
`144`	`144`	`},`
`145`	`145`	`{`
`146`	`146`	`"checker": "UNINIT",`
`147`		`- "annotation": " (CWE-457)",`
	`147`	`+ "cwe": 457,`
`148`	`148`	`"key_event_idx": 2,`
`149`	`149`	`"events": [`
`150`	`150`	`{`
`@@ -180,7 +180,7 @@`
`180`	`180`	`},`
`181`	`181`	`{`
`182`	`182`	`"checker": "UNINIT",`
`183`		`- "annotation": " (CWE-457)",`
	`183`	`+ "cwe": 457,`
`184`	`184`	`"key_event_idx": 6,`
`185`	`185`	`"events": [`
`186`	`186`	`{`
`@@ -245,7 +245,7 @@`
`245`	`245`	`},`
`246`	`246`	`{`
`247`	`247`	`"checker": "UNINIT",`
`248`		`- "annotation": " (CWE-457)",`
	`248`	`+ "cwe": 457,`
`249`	`249`	`"key_event_idx": 2,`
`250`	`250`	`"events": [`
`251`	`251`	`{`
`@@ -273,7 +273,7 @@`
`273`	`273`	`},`
`274`	`274`	`{`
`275`	`275`	`"checker": "UNINIT",`
`276`		`- "annotation": " (CWE-457)",`
	`276`	`+ "cwe": 457,`
`277`	`277`	`"key_event_idx": 2,`
`278`	`278`	`"events": [`
`279`	`279`	`{`
`@@ -301,7 +301,7 @@`
`301`	`301`	`},`
`302`	`302`	`{`
`303`	`303`	`"checker": "UNINIT",`
`304`		`- "annotation": " (CWE-457)",`
	`304`	`+ "cwe": 457,`
`305`	`305`	`"key_event_idx": 2,`
`306`	`306`	`"events": [`
`307`	`307`	`{`
`@@ -329,7 +329,7 @@`
`329`	`329`	`},`
`330`	`330`	`{`
`331`	`331`	`"checker": "UNINIT",`
`332`		`- "annotation": " (CWE-457)",`
	`332`	`+ "cwe": 457,`
`333`	`333`	`"key_event_idx": 2,`
`334`	`334`	`"events": [`
`335`	`335`	`{`
`@@ -357,7 +357,7 @@`
`357`	`357`	`},`
`358`	`358`	`{`
`359`	`359`	`"checker": "UNINIT",`
`360`		`- "annotation": " (CWE-457)",`
	`360`	`+ "cwe": 457,`
`361`	`361`	`"key_event_idx": 2,`
`362`	`362`	`"events": [`
`363`	`363`	`{`
`@@ -385,7 +385,7 @@`
`385`	`385`	`},`
`386`	`386`	`{`
`387`	`387`	`"checker": "UNINIT",`
`388`		`- "annotation": " (CWE-457)",`
	`388`	`+ "cwe": 457,`
`389`	`389`	`"key_event_idx": 4,`
`390`	`390`	`"events": [`
`391`	`391`	`{`
`@@ -436,7 +436,7 @@`
`436`	`436`	`},`
`437`	`437`	`{`
`438`	`438`	`"checker": "UNINIT",`
`439`		`- "annotation": " (CWE-457)",`
	`439`	`+ "cwe": 457,`
`440`	`440`	`"key_event_idx": 2,`
`441`	`441`	`"events": [`
`442`	`442`	`{`
`@@ -464,7 +464,7 @@`
`464`	`464`	`},`
`465`	`465`	`{`
`466`	`466`	`"checker": "UNINIT",`
`467`		`- "annotation": " (CWE-457)",`
	`467`	`+ "cwe": 457,`
`468`	`468`	`"key_event_idx": 2,`
`469`	`469`	`"events": [`
`470`	`470`	`{`
`@@ -492,7 +492,7 @@`
`492`	`492`	`},`
`493`	`493`	`{`
`494`	`494`	`"checker": "UNINIT",`
`495`		`- "annotation": " (CWE-457)",`
	`495`	`+ "cwe": 457,`
`496`	`496`	`"key_event_idx": 2,`
`497`	`497`	`"events": [`
`498`	`498`	`{`
`@@ -520,7 +520,7 @@`
`520`	`520`	`},`
`521`	`521`	`{`
`522`	`522`	`"checker": "UNINIT",`
`523`		`- "annotation": " (CWE-457)",`
	`523`	`+ "cwe": 457,`
`524`	`524`	`"key_event_idx": 2,`
`525`	`525`	`"events": [`
`526`	`526`	`{`
`@@ -548,7 +548,7 @@`
`548`	`548`	`},`
`549`	`549`	`{`
`550`	`550`	`"checker": "UNINIT",`
`551`		`- "annotation": " (CWE-457)",`
	`551`	`+ "cwe": 457,`
`552`	`552`	`"key_event_idx": 2,`
`553`	`553`	`"events": [`
`554`	`554`	`{`
`@@ -576,7 +576,7 @@`
`576`	`576`	`},`
`577`	`577`	`{`
`578`	`578`	`"checker": "UNINIT",`
`579`		`- "annotation": " (CWE-457)",`
	`579`	`+ "cwe": 457,`
`580`	`580`	`"key_event_idx": 2,`
`581`	`581`	`"events": [`
`582`	`582`	`{`
`@@ -604,7 +604,7 @@`
`604`	`604`	`},`
`605`	`605`	`{`
`606`	`606`	`"checker": "UNINIT",`
`607`		`- "annotation": " (CWE-457)",`
	`607`	`+ "cwe": 457,`
`608`	`608`	`"key_event_idx": 2,`
`609`	`609`	`"events": [`
`610`	`610`	`{`
`@@ -632,7 +632,7 @@`
`632`	`632`	`},`
`633`	`633`	`{`
`634`	`634`	`"checker": "UNINIT",`
`635`		`- "annotation": " (CWE-457)",`
	`635`	`+ "cwe": 457,`
`636`	`636`	`"key_event_idx": 2,`
`637`	`637`	`"events": [`
`638`	`638`	`{`
`@@ -660,7 +660,7 @@`
`660`	`660`	`},`
`661`	`661`	`{`
`662`	`662`	`"checker": "UNINIT",`
`663`		`- "annotation": " (CWE-457)",`
	`663`	`+ "cwe": 457,`
`664`	`664`	`"key_event_idx": 2,`
`665`	`665`	`"events": [`
`666`	`666`	`{`
`@@ -688,7 +688,7 @@`
`688`	`688`	`},`
`689`	`689`	`{`
`690`	`690`	`"checker": "UNINIT",`
`691`		`- "annotation": " (CWE-457)",`
	`691`	`+ "cwe": 457,`
`692`	`692`	`"key_event_idx": 4,`
`693`	`693`	`"events": [`
`694`	`694`	`{`
`@@ -738,7 +738,7 @@`
`738`	`738`	`},`
`739`	`739`	`{`
`740`	`740`	`"checker": "UNINIT",`
`741`		`- "annotation": " (CWE-457)",`
	`741`	`+ "cwe": 457,`
`742`	`742`	`"key_event_idx": 3,`
`743`	`743`	`"events": [`
`744`	`744`	`{`
`@@ -773,7 +773,7 @@`
`773`	`773`	`},`
`774`	`774`	`{`
`775`	`775`	`"checker": "UNINIT",`
`776`		`- "annotation": " (CWE-457)",`
	`776`	`+ "cwe": 457,`
`777`	`777`	`"key_event_idx": 2,`
`778`	`778`	`"events": [`
`779`	`779`	`{`
`@@ -809,7 +809,7 @@`
`809`	`809`	`},`
`810`	`810`	`{`
`811`	`811`	`"checker": "UNINIT",`
`812`		`- "annotation": " (CWE-457)",`
	`812`	`+ "cwe": 457,`
`813`	`813`	`"key_event_idx": 4,`
`814`	`814`	`"events": [`
`815`	`815`	`{`
`@@ -851,7 +851,7 @@`
`851`	`851`	`},`
`852`	`852`	`{`
`853`	`853`	`"checker": "UNINIT",`
`854`		`- "annotation": " (CWE-457)",`
	`854`	`+ "cwe": 457,`
`855`	`855`	`"key_event_idx": 3,`
`856`	`856`	`"events": [`
`857`	`857`	`{`
`@@ -886,7 +886,7 @@`
`886`	`886`	`},`
`887`	`887`	`{`
`888`	`888`	`"checker": "UNINIT",`
`889`		`- "annotation": " (CWE-457)",`
	`889`	`+ "cwe": 457,`
`890`	`890`	`"key_event_idx": 2,`
`891`	`891`	`"events": [`
`892`	`892`	`{`
`@@ -922,7 +922,7 @@`
`922`	`922`	`},`
`923`	`923`	`{`
`924`	`924`	`"checker": "UNINIT",`
`925`		`- "annotation": " (CWE-457)",`
	`925`	`+ "cwe": 457,`
`926`	`926`	`"key_event_idx": 2,`
`927`	`927`	`"events": [`
`928`	`928`	`{`
`@@ -958,7 +958,7 @@`
`958`	`958`	`},`
`959`	`959`	`{`
`960`	`960`	`"checker": "UNINIT",`
`961`		`- "annotation": " (CWE-457)",`
	`961`	`+ "cwe": 457,`
`962`	`962`	`"key_event_idx": 2,`
`963`	`963`	`"events": [`
`964`	`964`	`{`
`@@ -986,7 +986,7 @@`
`986`	`986`	`},`
`987`	`987`	`{`
`988`	`988`	`"checker": "UNINIT",`
`989`		`- "annotation": " (CWE-457)",`
	`989`	`+ "cwe": 457,`
`990`	`990`	`"key_event_idx": 3,`
`991`	`991`	`"events": [`
`992`	`992`	`{`
`@@ -1029,7 +1029,7 @@`
`1029`	`1029`	`},`
`1030`	`1030`	`{`
`1031`	`1031`	`"checker": "UNINIT",`
`1032`		`- "annotation": " (CWE-457)",`
	`1032`	`+ "cwe": 457,`
`1033`	`1033`	`"key_event_idx": 2,`
`1034`	`1034`	`"events": [`
`1035`	`1035`	`{`
`@@ -1057,7 +1057,7 @@`
`1057`	`1057`	`},`
`1058`	`1058`	`{`
`1059`	`1059`	`"checker": "UNINIT",`
`1060`		`- "annotation": " (CWE-457)",`
	`1060`	`+ "cwe": 457,`
`1061`	`1061`	`"key_event_idx": 3,`
`1062`	`1062`	`"events": [`
`1063`	`1063`	`{`
`@@ -1100,7 +1100,7 @@`
`1100`	`1100`	`},`
`1101`	`1101`	`{`
`1102`	`1102`	`"checker": "UNINIT",`
`1103`		`- "annotation": " (CWE-457)",`
	`1103`	`+ "cwe": 457,`
`1104`	`1104`	`"key_event_idx": 2,`
`1105`	`1105`	`"events": [`
`1106`	`1106`	`{`
`@@ -1136,7 +1136,7 @@`
`1136`	`1136`	`},`
`1137`	`1137`	`{`
`1138`	`1138`	`"checker": "UNINIT",`
`1139`		`- "annotation": " (CWE-457)",`
	`1139`	`+ "cwe": 457,`
`1140`	`1140`	`"key_event_idx": 4,`
`1141`	`1141`	`"events": [`
`1142`	`1142`	`{`
`@@ -1186,7 +1186,7 @@`
`1186`	`1186`	`},`
`1187`	`1187`	`{`
`1188`	`1188`	`"checker": "UNINIT",`
`1189`		`- "annotation": " (CWE-457)",`
	`1189`	`+ "cwe": 457,`
`1190`	`1190`	`"key_event_idx": 2,`
`1191`	`1191`	`"events": [`
`1192`	`1192`	`{`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`"defects": [`
`3`	`3`	`{`
`4`	`4`	`"checker": "CHECKED_RETURN",`
`5`		`- "annotation": " (CWE-252)",`
	`5`	`+ "cwe": 252,`
`6`	`6`	`"key_event_idx": 0,`
`7`	`7`	`"events": [`
`8`	`8`	`{`