diff --git a/analyzer/codechecker_analyzer/analyzer_context.py b/analyzer/codechecker_analyzer/analyzer_context.py index 16babf7b89..4b618ba6ca 100644 --- a/analyzer/codechecker_analyzer/analyzer_context.py +++ b/analyzer/codechecker_analyzer/analyzer_context.py @@ -19,6 +19,7 @@ from codechecker_analyzer.arg import analyzer_binary from codechecker_common import logger from codechecker_common.checker_labels import CheckerLabels +from codechecker_common.guidelines import Guidelines from codechecker_common.singleton import Singleton from codechecker_common.util import load_json from pathlib import Path @@ -52,6 +53,9 @@ def __init__(self): if 'CC_TEST_LABELS_DIR' in os.environ: labels_dir = os.environ['CC_TEST_LABELS_DIR'] + guidelines_dir = os.path.join(self._data_files_dir_path, + 'config', 'guidelines') + cfg_dict = self.__get_package_config() self.env_vars = cfg_dict['environment_variables'] @@ -59,6 +63,7 @@ def __init__(self): self.pckg_layout = lcfg_dict['runtime'] self._checker_labels = CheckerLabels(labels_dir) + self._guidelines = Guidelines(guidelines_dir) self.__package_version = None self.__package_build_date = None self.__package_git_hash = None @@ -71,12 +76,20 @@ def __init__(self): # Original caller environment of CodeChecker for external binaries self.__original_env = None - self.logger_lib_dir_path = os.path.join( - self._data_files_dir_path, 'ld_logger', 'lib') - - if not os.path.exists(self.logger_lib_dir_path): - self.logger_lib_dir_path = os.path.join( - self._lib_dir_path, 'codechecker_analyzer', 'ld_logger', 'lib') + # Find the path which has the architectures for the built ld_logger + # shared objects. + ld_logger_path = Path(self._data_files_dir_path, "ld_logger", "lib") + if not ld_logger_path.is_dir(): + ld_logger_path = Path( + self._lib_dir_path, "codechecker_analyzer", "ld_logger", "lib" + ) + + # Add all children (architecture) paths to be later used in the + # LD_LIBRARY_PATH environment variable during logging of compiler + # invocations. + self.logger_lib_dir_path = ":".join( + [str(arch) for arch in ld_logger_path.iterdir() if arch.is_dir()] + ) self.logger_bin = None self.logger_file = None @@ -370,6 +383,10 @@ def checker_plugin(self): def checker_labels(self): return self._checker_labels + @property + def guideline(self): + return self._guidelines + def get_context(): try: diff --git a/analyzer/codechecker_analyzer/analyzers/analyzer_types.py b/analyzer/codechecker_analyzer/analyzers/analyzer_types.py index 5ea6ee1404..7a9d2febdb 100644 --- a/analyzer/codechecker_analyzer/analyzers/analyzer_types.py +++ b/analyzer/codechecker_analyzer/analyzers/analyzer_types.py @@ -125,7 +125,7 @@ def print_unsupported_analyzers(errored): analyzer_binary, reason) -def check_available_analyzers(args_analyzers=None): +def check_available_analyzers(args_analyzers=None, exit_on_error=True): """ Handle use case when no analyzer can be found or a supported, explicitly given analyzer cannot be found on the user machine. @@ -135,17 +135,19 @@ def check_available_analyzers(args_analyzers=None): analyzers, errored = check_supported_analyzers(args_analyzers) if errored: print_unsupported_analyzers(errored) - LOG.error("Failed to run command because the given analyzer(s) " - "cannot be found on your machine!") - sys.exit(1) + if exit_on_error: + LOG.error("Failed to run command because the given analyzer(s)" + " cannot be found on your machine!") + sys.exit(1) else: analyzers, errored = check_supported_analyzers(supported_analyzers) if not analyzers: print_unsupported_analyzers(errored) - LOG.error("Failed to run command because no analyzers can be " - "found on your machine!") - sys.exit(1) + if exit_on_error: + LOG.error("Failed to run command because no analyzers can be " + "found on your machine!") + sys.exit(1) return analyzers, errored diff --git a/analyzer/codechecker_analyzer/analyzers/clangtidy/analyzer.py b/analyzer/codechecker_analyzer/analyzers/clangtidy/analyzer.py index cbc803edfc..7f9a8b53df 100644 --- a/analyzer/codechecker_analyzer/analyzers/clangtidy/analyzer.py +++ b/analyzer/codechecker_analyzer/analyzers/clangtidy/analyzer.py @@ -288,6 +288,9 @@ def get_analyzer_checkers(cls): ("clang-diagnostic-" + warning, "") for warning in get_warnings()) + checker_description.append(("clang-diagnostic-error", + "Indicates compiler errors.")) + cls.__analyzer_checkers = checker_description return checker_description diff --git a/analyzer/codechecker_analyzer/analyzers/clangtidy/config_handler.py b/analyzer/codechecker_analyzer/analyzers/clangtidy/config_handler.py index 68625e126a..31a2a8ca0f 100644 --- a/analyzer/codechecker_analyzer/analyzers/clangtidy/config_handler.py +++ b/analyzer/codechecker_analyzer/analyzers/clangtidy/config_handler.py @@ -41,13 +41,3 @@ def add_checker(self, checker_name, description='', return super().add_checker(checker_name, description, state) - - def set_checker_enabled(self, checker_name, enabled=True): - """ - Enable checker, keep description if already set. - """ - if checker_name.startswith('W') or \ - checker_name.startswith('clang-diagnostic'): - self.add_checker(checker_name) - - super().set_checker_enabled(checker_name, enabled) diff --git a/analyzer/codechecker_analyzer/analyzers/config_handler.py b/analyzer/codechecker_analyzer/analyzers/config_handler.py index e701bd96af..8c602f863e 100644 --- a/analyzer/codechecker_analyzer/analyzers/config_handler.py +++ b/analyzer/codechecker_analyzer/analyzers/config_handler.py @@ -12,7 +12,6 @@ from abc import ABCMeta from enum import Enum -from string import Template import collections import platform import sys @@ -86,7 +85,7 @@ def add_checker(self, checker_name, description='', """ self.__available_checkers[checker_name] = (state, description) - def set_checker_enabled(self, checker_name, enabled=True): + def set_checker_enabled(self, checker_name, enabled=True, is_strict=False): """ Explicitly handle checker state, keep description if already set. """ @@ -94,7 +93,8 @@ def set_checker_enabled(self, checker_name, enabled=True): regex = "^" + re.escape(str(checker_name)) + "\\b.*$" for ch_name, values in self.__available_checkers.items(): - if re.match(regex, ch_name): + if (is_strict and ch_name == checker_name) \ + or (not is_strict and re.match(regex, ch_name)): _, description = values state = CheckerState.ENABLED if enabled \ else CheckerState.DISABLED @@ -118,7 +118,7 @@ def checks(self): """ return self.__available_checkers - def __gen_name_variations(self): + def __gen_name_variations(self, only_prefix=False): """ Generate all applicable name variations from the given checker list. """ @@ -134,9 +134,9 @@ def __gen_name_variations(self): # ['misc', 'misc-dangling', 'misc-dangling-handle'] # from 'misc-dangling-handle'. v = [delim.join(parts[:(i + 1)]) for i in range(len(parts))] - reserved_names += v + reserved_names += v[:-1] if only_prefix else v - return reserved_names + return list(set(reserved_names)) def initialize_checkers(self, checkers, @@ -184,7 +184,7 @@ def initialize_checkers(self, else: # Turn default checkers on. for checker in default_profile_checkers: - self.set_checker_enabled(checker) + self.set_checker_enabled(checker, is_strict=True) self.enable_all = enable_all # If enable_all is given, almost all checkers should be enabled. @@ -207,48 +207,82 @@ def initialize_checkers(self, self.set_checker_enabled(checker_name) # Set user defined enabled or disabled checkers from the command line. + for identifier, enabled in cmdline_enable: + labels = checker_labels.labels() \ + if callable(getattr(checker_labels, 'labels', None)) \ + else ["guideline", "profile", "severity", "sei-cert"] - # Construct a list of reserved checker names. - # (It is used to check if a profile name is valid.) - reserved_names = self.__gen_name_variations() - profiles = checker_labels.get_description('profile') - guidelines = checker_labels.occurring_values('guideline') + all_namespaces = ["checker", "prefix"] + labels - templ = Template("The ${entity} name '${identifier}' conflicts with a " - "checker name prefix '${identifier}'. Please use -e " - "${entity}:${identifier} to enable checkers of the " - "${identifier} ${entity} or use -e " - "prefix:${identifier} to select checkers which have " - "a name starting with '${identifier}'.") + all_options = dict(zip(labels, map( + checker_labels.occurring_values, labels))) - for identifier, enabled in cmdline_enable: - if "prefix:" in identifier: - identifier = identifier.replace("prefix:", "") - self.set_checker_enabled(identifier, enabled) - - elif ':' in identifier: - for checker in checker_labels.checkers_by_labels([identifier]): - self.set_checker_enabled(checker, enabled) - - elif identifier in profiles: - if identifier in reserved_names: - LOG.error(templ.substitute(entity="profile", - identifier=identifier)) + all_options["prefix"] = list(set(self.__gen_name_variations( + only_prefix=True))) + + all_options["checker"] = self.__available_checkers + + if ":" in identifier: + identifier_namespace = identifier.split(":")[0] + identifier = identifier.split(":", 1)[1] + + if identifier_namespace not in all_namespaces: + LOG.error("The %s namespace is not known. Please select" + "one of these existing namespace options: %s.", + identifier_namespace, ", ".join(all_namespaces)) sys.exit(1) - else: - for checker in checker_labels.checkers_by_labels( - [f'profile:{identifier}']): - self.set_checker_enabled(checker, enabled) - - elif identifier in guidelines: - if identifier in reserved_names: - LOG.error(templ.substitute(entity="guideline", - identifier=identifier)) + + # TODO: Each analyzer has its own config handler and is unaware + # of other checkers. To avoid not reliable error, we pass + # checker:'any_options' and prefix:'any_options'. This ensures + # enabling a checker doesn't inadvertently cause an error in a + # different analyzer. Ideally, there should be a centralized + # main configuration accessible to all analyzers. + if identifier not in all_options[identifier_namespace] \ + and identifier_namespace not in ("checker", "prefix"): + LOG.error("The %s identifier does not exist in the %s " + "namespace. Please select one of these " + "existing options: %s.", identifier, + identifier_namespace, ", ".join( + all_options[identifier_namespace])) sys.exit(1) - else: - for checker in checker_labels.checkers_by_labels( - [f'guideline:{identifier}']): - self.set_checker_enabled(checker, enabled) + + self.initialize_checkers_by_namespace( + identifier_namespace, identifier, enabled) else: - self.set_checker_enabled(identifier, enabled) + possible_options = {} + for label, options in all_options.items(): + if identifier in options: + possible_options[label] = identifier + + if len(possible_options) == 1: + self.initialize_checkers_by_namespace( + *list(possible_options.items())[0], enabled) + elif len(possible_options) > 1: + error_options = ", ".join(f"{label}:{option}" + for label, option + in possible_options.items()) + + LOG.error("The %s is ambigous. Please select one of these" + " options to clarify the checker list: %s.", + identifier, error_options) + sys.exit(1) + else: + # The identifier is not known but we just pass it + # and handle it in a different section. + continue + + def initialize_checkers_by_namespace(self, + identifier_namespace, + identifier, + enabled): + if identifier_namespace == "checker": + self.set_checker_enabled(identifier, enabled, is_strict=True) + elif identifier_namespace == "prefix": + self.set_checker_enabled(identifier, enabled) + else: + checker_labels = analyzer_context.get_context().checker_labels + for checker in checker_labels.checkers_by_labels( + [f"{identifier_namespace}:{identifier}"]): + self.set_checker_enabled(checker, enabled, is_strict=True) diff --git a/analyzer/codechecker_analyzer/checkers.py b/analyzer/codechecker_analyzer/checkers.py index 23f0c401c3..8e150f05d3 100644 --- a/analyzer/codechecker_analyzer/checkers.py +++ b/analyzer/codechecker_analyzer/checkers.py @@ -19,12 +19,7 @@ def available(ordered_checkers, available_checkers): """ missing_checkers = set() for checker_name, _ in ordered_checkers: - # TODO: This label list shouldn't be hard-coded here. - if checker_name.startswith('profile:') or \ - checker_name.startswith('guideline:') or \ - checker_name.startswith('severity:') or \ - checker_name.startswith('sei-cert:') or \ - checker_name.startswith('prefix:'): + if ":" in checker_name: continue name_match = False diff --git a/analyzer/codechecker_analyzer/cmd/analyze.py b/analyzer/codechecker_analyzer/cmd/analyze.py index 440018e243..a2d78c9a01 100644 --- a/analyzer/codechecker_analyzer/cmd/analyze.py +++ b/analyzer/codechecker_analyzer/cmd/analyze.py @@ -773,8 +773,11 @@ def add_arguments_to_parser(parser): "between the checker prefix " "group/profile/guideline name, the use of " "one of the following labels is " - "mandatory: 'prefix:', 'profile:', " - "'guideline:'.") + "mandatory: 'checker:', 'prefix:', " + "'profile:', 'guideline:'. If a checker " + "name matches multiple checkers as a " + "prefix, 'checker:' or 'prefix:' " + "namespace is required") checkers_opts.add_argument('-d', '--disable', dest="disable", @@ -792,8 +795,11 @@ def add_arguments_to_parser(parser): "between the checker prefix " "group/profile/guideline name, the use of " "one of the following labels is " - "mandatory: 'prefix:', 'profile:', " - "'guideline:'.") + "mandatory: 'checker:', 'prefix:', " + "'profile:', 'guideline:'. If a checker " + "name matches multiple checkers as a " + "prefix, 'checker:' or 'prefix:' " + "namespace is required") checkers_opts.add_argument('--enable-all', dest="enable_all", diff --git a/analyzer/codechecker_analyzer/cmd/check.py b/analyzer/codechecker_analyzer/cmd/check.py index fa2ef4e505..b6812beab3 100644 --- a/analyzer/codechecker_analyzer/cmd/check.py +++ b/analyzer/codechecker_analyzer/cmd/check.py @@ -707,35 +707,43 @@ def add_arguments_to_parser(parser): metavar='checker/group/profile', default=argparse.SUPPRESS, action=OrderedCheckersAction, - help="Set a checker (or checker group), " - "profile or guideline " - "to BE USED in the analysis. In case of " - "ambiguity the priority order is profile, " - "guideline, checker name (e.g. security " - "means the profile, not the checker " - "group). Moreover, labels can also be " + help="Set a checker (or checker prefix group), " + "profile or guideline to BE USED in the " + "analysis. Labels can also be " "used for selecting checkers, for example " "profile:extreme or severity:STYLE. See " "'CodeChecker checkers --label' for " - "further details.") + "further details. In case of a name clash " + "between the checker prefix " + "group/profile/guideline name, the use of " + "one of the following labels is " + "mandatory: 'checker:', 'prefix:', " + "'profile:', 'guideline:'. If a checker " + "name matches multiple checkers as a " + "prefix, 'checker:' or 'prefix:' " + "namespace is required") checkers_opts.add_argument('-d', '--disable', dest="disable", metavar='checker/group/profile', default=argparse.SUPPRESS, action=OrderedCheckersAction, - help="Set a checker (or checker group), " + help="Set a checker (or checker prefix group), " "profile or guideline " "to BE PROHIBITED from use in the " - "analysis. In case of " - "ambiguity the priority order is profile, " - "guideline, checker name (e.g. security " - "means the profile, not the checker " - "group). Moreover, labels can also be " + "analysis. Labels can also be " "used for selecting checkers, for example " "profile:extreme or severity:STYLE. See " "'CodeChecker checkers --label' for " - "further details.") + "further details. In case of a name clash " + "between the checker prefix " + "group/profile/guideline name, the use of " + "one of the following labels is " + "mandatory: 'checker:', 'prefix:', " + "'profile:', 'guideline:'. If a checker " + "name matches multiple checkers as a " + "prefix, 'checker:' or 'prefix:' " + "namespace is required") checkers_opts.add_argument('--enable-all', dest="enable_all", diff --git a/analyzer/codechecker_analyzer/cmd/checkers.py b/analyzer/codechecker_analyzer/cmd/checkers.py index c567870497..b27a290c2d 100644 --- a/analyzer/codechecker_analyzer/cmd/checkers.py +++ b/analyzer/codechecker_analyzer/cmd/checkers.py @@ -523,7 +523,8 @@ def __print_checker_config(args: argparse.Namespace): args.output_format = 'rows' working_analyzers, errored = \ - analyzer_types.check_available_analyzers(args.analyzers) + analyzer_types.check_available_analyzers(args_analyzers=args.analyzers, + exit_on_error=False) if 'details' in args: header = ['Option', 'Description'] diff --git a/analyzer/requirements.txt b/analyzer/requirements.txt index b32e65ea8a..0c84624699 100644 --- a/analyzer/requirements.txt +++ b/analyzer/requirements.txt @@ -1,8 +1,8 @@ -lxml==5.2.2 +lxml==5.3.0 portalocker==2.2.1 psutil==5.8.0 PyYAML==6.0.1 types-PyYAML==6.0.12.12 sarif-tools==1.0.0 multiprocess==0.70.15 -setuptools==70.2.0 \ No newline at end of file +setuptools==70.2.0 diff --git a/analyzer/tests/functional/analyze/test_analyze.py b/analyzer/tests/functional/analyze/test_analyze.py index be90f4cbd2..8e21b7d5c5 100644 --- a/analyzer/tests/functional/analyze/test_analyze.py +++ b/analyzer/tests/functional/analyze/test_analyze.py @@ -886,7 +886,7 @@ def test_disable_all_warnings(self): analyze_cmd = [self._codechecker_cmd, "check", "-l", build_json, "--analyzers", "clang-tidy", "-d", "clang-diagnostic", - "-e", "clang-diagnostic-unused"] + "-e", "prefix:clang-diagnostic-unused"] source_file = os.path.join(self.test_dir, "compiler_warning.c") build_log = [{"directory": self.test_workspace, diff --git a/analyzer/tests/functional/analyze_and_parse/test_analyze_and_parse.py b/analyzer/tests/functional/analyze_and_parse/test_analyze_and_parse.py index 97a202eef7..6d24e4586e 100644 --- a/analyzer/tests/functional/analyze_and_parse/test_analyze_and_parse.py +++ b/analyzer/tests/functional/analyze_and_parse/test_analyze_and_parse.py @@ -39,6 +39,7 @@ def gen_test(path, mode): which compare the output of the command with the stored expected output. """ + def test(self): self.check_one_file(path, mode) return test @@ -787,3 +788,100 @@ def test_html_checker_url(self): encoding="utf-8", errors="ignore") as f: content = f.read() self.assertTrue(re.search('"url": ""', content)) + + def test_mixed_architecture_logging(self): + """ + Test if CodeChecker can properly log compilation commands when the + build process involves both 32-bit and 64-bit binaries acting as + build drivers. + + This verifies that the LD_LIBRARY_PATH setup in analyzer_context.py + correctly includes all architecture versions of the ld_logger.so + library, and that logging works with this setup. + """ + with tempfile.TemporaryDirectory() as tmp_dir: + # We use a temporary directory, because we produce multiple files + # during this test, and it is easier to clean up. + mixed_arch_driver = os.path.join( + self.test_dir, + "mixed_arch_driver.c" + ) + simple_c = os.path.join( + self.test_dir, + "simple.c" + ) + + shutil.copy(mixed_arch_driver, tmp_dir) + shutil.copy(simple_c, tmp_dir) + + best_gcc_candidate_in_path = [ + path + for path in os.environ["PATH"].split(":") + if os.path.exists(os.path.join(path, "gcc")) + ] + if not best_gcc_candidate_in_path: + self.skipTest(f"No gcc candidate found in PATH:\ + {os.environ['PATH']}") + + try: + subprocess.check_call( + ["gcc", "-m32", "-c", "simple.c"], + cwd=tmp_dir, + stderr=subprocess.PIPE, + ) + except subprocess.CalledProcessError as err: + self.skipTest(f"No 32-bit compilation support available:\ + {err.stderr}") + try: + subprocess.check_call( + ["gcc", "-m64", "-c", "simple.c"], + cwd=tmp_dir, + stderr=subprocess.PIPE, + ) + except subprocess.CalledProcessError as err: + self.skipTest(f"No 64-bit compilation support available:\ + {err.stderr}") + + subprocess.check_call( + ["gcc", "-m32", "mixed_arch_driver.c", "-o", "driver32"], + cwd=tmp_dir + ) + subprocess.check_call( + ["gcc", "-m64", "mixed_arch_driver.c", "-o", "driver64"], + cwd=tmp_dir + ) + + log_file = os.path.join(tmp_dir, "compile_commands.json") + cmd = [ + "CodeChecker", "log", "-b", "./driver32;./driver64", + "-o", log_file, + ] + + _, err, returncode = call_command(cmd, cwd=tmp_dir, + env=self.env) + + self.assertEqual(returncode, 0, f"CodeChecker log failed:\ + {err}") + + # Verify the logged commands + with open(log_file, "r", encoding="utf-8") as f: + logged_commands = json.load(f) + + # The buildlog should have 4 commands - 2 from each driver + # (and for each driver there is one with a '-m32' and one with a + # '-m64' flag) + self.assertEqual( + len(logged_commands), 4, f"Logged commands: {logged_commands}" + ) + + commands = [entry["command"] for entry in logged_commands] + self.assertTrue( + 2 == len([cmd for cmd in commands if "-m32" in cmd]), + f"Expected 2 32-bit compilations. Logged commands:\ + {logged_commands}" + ) + self.assertTrue( + 2 == len([cmd for cmd in commands if "-m64" in cmd]), + f"Expected 2 64-bit compilations. Logged commands:\ + {logged_commands}" + ) diff --git a/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wno_group.output b/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wno_group.output index a559c8c8da..f08ce4d96e 100644 --- a/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wno_group.output +++ b/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wno_group.output @@ -1,7 +1,7 @@ NORMAL#CodeChecker log --output $LOGFILE$ --build "make compiler_warning_wno_group" --quiet -NORMAL#CodeChecker analyze $LOGFILE$ --output $OUTPUT$ --analyzers clang-tidy -e clang-diagnostic-unused +NORMAL#CodeChecker analyze $LOGFILE$ --output $OUTPUT$ --analyzers clang-tidy -e prefix:clang-diagnostic-unused NORMAL#CodeChecker parse $OUTPUT$ -CHECK#CodeChecker check --build "make compiler_warning_wno_group" --output $OUTPUT$ --quiet --analyzers clang-tidy -e clang-diagnostic-unused +CHECK#CodeChecker check --build "make compiler_warning_wno_group" --output $OUTPUT$ --quiet --analyzers clang-tidy -e prefix:clang-diagnostic-unused -------------------------------------------------------------------------------- [] - Starting build... [] - Using CodeChecker ld-logger. diff --git a/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wno_simple2.output b/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wno_simple2.output index 1704a5155a..d659feafbe 100644 --- a/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wno_simple2.output +++ b/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wno_simple2.output @@ -1,7 +1,7 @@ NORMAL#CodeChecker log --output $LOGFILE$ --build "make compiler_warning_unused" --quiet -NORMAL#CodeChecker analyze $LOGFILE$ --output $OUTPUT$ --analyzers clang-tidy -d clang-diagnostic-unused +NORMAL#CodeChecker analyze $LOGFILE$ --output $OUTPUT$ --analyzers clang-tidy -d prefix:clang-diagnostic-unused NORMAL#CodeChecker parse $OUTPUT$ -CHECK#CodeChecker check --build "make compiler_warning_unused" --output $OUTPUT$ --quiet --analyzers clang-tidy -d clang-diagnostic-unused +CHECK#CodeChecker check --build "make compiler_warning_unused" --output $OUTPUT$ --quiet --analyzers clang-tidy -d prefix:clang-diagnostic-unused -------------------------------------------------------------------------------- [] - Starting build... [] - Using CodeChecker ld-logger. diff --git a/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wunused.output b/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wunused.output index 1704a5155a..d659feafbe 100644 --- a/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wunused.output +++ b/analyzer/tests/functional/analyze_and_parse/test_files/compiler_warning_wunused.output @@ -1,7 +1,7 @@ NORMAL#CodeChecker log --output $LOGFILE$ --build "make compiler_warning_unused" --quiet -NORMAL#CodeChecker analyze $LOGFILE$ --output $OUTPUT$ --analyzers clang-tidy -d clang-diagnostic-unused +NORMAL#CodeChecker analyze $LOGFILE$ --output $OUTPUT$ --analyzers clang-tidy -d prefix:clang-diagnostic-unused NORMAL#CodeChecker parse $OUTPUT$ -CHECK#CodeChecker check --build "make compiler_warning_unused" --output $OUTPUT$ --quiet --analyzers clang-tidy -d clang-diagnostic-unused +CHECK#CodeChecker check --build "make compiler_warning_unused" --output $OUTPUT$ --quiet --analyzers clang-tidy -d prefix:clang-diagnostic-unused -------------------------------------------------------------------------------- [] - Starting build... [] - Using CodeChecker ld-logger. diff --git a/analyzer/tests/functional/analyze_and_parse/test_files/mixed_arch_driver.c b/analyzer/tests/functional/analyze_and_parse/test_files/mixed_arch_driver.c new file mode 100644 index 0000000000..090291cb6b --- /dev/null +++ b/analyzer/tests/functional/analyze_and_parse/test_files/mixed_arch_driver.c @@ -0,0 +1,9 @@ +#include + +int main(void) { + // These commands are intended to test CodeChecker's ability to build-log + // cross compilations. + system("gcc -m32 simple.c -o simple32"); + system("gcc -m64 simple.c -o simple64"); + return 0; +} \ No newline at end of file diff --git a/analyzer/tests/functional/analyze_and_parse/test_files/simple.c b/analyzer/tests/functional/analyze_and_parse/test_files/simple.c new file mode 100644 index 0000000000..f02338e75f --- /dev/null +++ b/analyzer/tests/functional/analyze_and_parse/test_files/simple.c @@ -0,0 +1,3 @@ +int main(void) { + return 0; +} \ No newline at end of file diff --git a/analyzer/tests/functional/cmdline/test_cmdline.py b/analyzer/tests/functional/cmdline/test_cmdline.py index 5c52f1108a..4225f4d5d3 100644 --- a/analyzer/tests/functional/cmdline/test_cmdline.py +++ b/analyzer/tests/functional/cmdline/test_cmdline.py @@ -154,21 +154,21 @@ def test_checkers_guideline(self): """ Listing checkers by guideline. """ checkers_cmd = [env.codechecker_cmd(), 'checkers', - '--guideline', 'sei-cert'] + '--guideline', 'sei-cert-cpp'] _, out, _ = run_cmd(checkers_cmd) self.assertIn('cert-dcl58-cpp', out) self.assertNotIn('android', out) checkers_cmd = [env.codechecker_cmd(), 'checkers', - '--guideline', 'sei-cert:mem35-c'] + '--guideline', 'sei-cert-c:mem35-c'] _, out, _ = run_cmd(checkers_cmd) self.assertIn('MallocSizeof', out) self.assertNotIn('CastToStruct', out) checkers_cmd = [env.codechecker_cmd(), 'checkers', - '--guideline', 'sei-cert:mem35-c', '-o', 'json', + '--guideline', 'sei-cert-c:mem35-c', '-o', 'json', '--details'] _, out, _ = run_cmd(checkers_cmd) out = json.loads(out) diff --git a/analyzer/tests/unit/test_checker_handling.py b/analyzer/tests/unit/test_checker_handling.py index 81e36f09ef..7746b4916d 100644 --- a/analyzer/tests/unit/test_checker_handling.py +++ b/analyzer/tests/unit/test_checker_handling.py @@ -23,7 +23,7 @@ from codechecker_analyzer.analyzers.cppcheck.analyzer import Cppcheck from codechecker_analyzer.analyzers.config_handler import CheckerState from codechecker_analyzer.analyzers.clangtidy.config_handler \ - import is_compiler_warning + import is_compiler_warning, ClangTidyConfigHandler from codechecker_analyzer.arg import AnalyzerConfig, CheckerConfig from codechecker_analyzer.cmd.analyze import \ is_analyzer_config_valid, is_checker_config_valid @@ -37,14 +37,15 @@ class MockClangsaCheckerLabels: def checkers_by_labels(self, labels): if labels[0] == 'profile:default': - return ['core', 'deadcode', 'security.FloatLoopCounter'] + return ['deadcode.DeadStores', 'security.FloatLoopCounter'] if labels[0] == 'prefix:security': return ['security.insecureAPI.bzero', 'security.insecureAPI.getpw'] if labels[0] == 'profile:security': - return ['alpha.security'] + return ['alpha.security.ArrayBound', + 'alpha.security.MallocOverflow'] if labels[0] == 'profile:sensitive': return ['alpha.core.BoolAssignment', @@ -60,16 +61,33 @@ def checkers_by_labels(self, labels): def get_description(self, label): if label == 'profile': - return ['default', 'sensitive', 'security', 'portability', - 'extreme'] - return [] + return { + "default": "", + "sensitive": "", + "security": "", + "portability": "", + "extreme": "" + } + return {} def occurring_values(self, label): if label == 'guideline': return ['sei-cert'] - - if label == 'sei-cert': + elif label == 'sei-cert': return ['rule1', 'rule2'] + elif label == 'profile': + return ['default', + 'sensitive', + 'security', + 'portability', + 'extreme'] + elif label == 'severity': + return ['CRITICAL', + 'HIGH', + 'MEDIUM', + 'LOW', + 'STYLE', + 'UNSPECIFIED'] return [] @@ -141,7 +159,7 @@ def test_no_disabled_checks(self): any(arg.startswith('-analyzer-disable-checker') for arg in self.__class__.cmd)) - def test_checker_initializer(self): + def test_clangsa_checker_initializer(self): """ Test initialize_checkers() function. """ @@ -384,22 +402,35 @@ def checkers_by_labels(self, labels): return [ 'bugprone-assert-side-effect', 'bugprone-dangling-handle', - 'bugprone-inaccurate-erase'] + 'bugprone-inaccurate-erase', + 'clang-diagnostic-format', + 'clang-diagnostic-format-nonliteral', + 'clang-diagnostic-format-security'] return [] def get_description(self, label): if label == 'profile': - return ['default', 'sensitive', 'security', 'portability', - 'extreme'] - - return [] + return { + "default": "", + "sensitive": "", + "security": "", + "portability": "", + "extreme": "" + } + return {} def occurring_values(self, label): if label == 'guideline': return ['sei-cert'] elif label == 'sei-cert': return ['rule1', 'rule2'] + elif label == 'profile': + return ['default', + 'sensitive', + 'security', + 'portability', + 'extreme'] return [] @@ -479,6 +510,121 @@ def _is_disabled(self, checker, analyzer_cmd): return enable < disable + def test_clangtidy_checker_initializer(self): + """ + Test initialize_checkers() function. + """ + def all_with_status(status): + def f(checks, checkers): + result = set(check for check, data in checks.items() + if data[0] == status) + return set(checkers) <= result + return f + + checkers = ClangTidy.get_analyzer_checkers() + + format_prefix = "clang-diagnostic-format" + + format_matched_default_checkers = [ + "clang-diagnostic-format-nonliteral", + "clang-diagnostic-format-security" + ] + + format_matched_not_default_checkers = [ + "clang-diagnostic-format-non-iso", + "clang-diagnostic-format-pedantic", + ] + + cfg_handler = ClangTidyConfigHandler() + + # Check the ambigous option handling. + with self.assertLogs(level='ERROR') as log: + with self.assertRaises(SystemExit) as e: + cfg_handler.initialize_checkers(checkers, + [("clang-diagnostic-format", + True)]) + + err_ambigous_checker = re.compile(r"ERROR:.*?is ambigous\. Please " + r"select one of these options to " + r"clarify the checker list:.*$") + + match = err_ambigous_checker.search(log.output[0]) + + self.assertIsNotNone(match) + self.assertEqual(e.exception.code, 1) + + # Check if the specified checker and the default checkers are enabled + # when the clang-diagnostic-format is enabled by 'checker:' namespace. + cfg_handler.initialize_checkers(checkers, + [(f"checker:{format_prefix}", True)]) + self.assertIn(format_prefix, cfg_handler.checks()) + self.assertTrue(all_with_status(CheckerState.ENABLED) + (cfg_handler.checks(), [format_prefix])) + self.assertTrue(all_with_status(CheckerState.ENABLED) + (cfg_handler.checks(), + format_matched_default_checkers)) + self.assertTrue(all_with_status(CheckerState.DISABLED) + (cfg_handler.checks(), + format_matched_not_default_checkers)) + + # Check if the specified checker is the only one that enabled when the + # clang-diagnostic-format is enabled by 'checker:' namespace and the + # default profile is disabled. + cfg_handler.initialize_checkers(checkers, + [("default", False), + (f"checker:{format_prefix}", True)]) + self.assertIn(format_prefix, cfg_handler.checks()) + self.assertTrue(all_with_status(CheckerState.ENABLED) + (cfg_handler.checks(), [format_prefix])) + self.assertTrue(all_with_status(CheckerState.DISABLED) + (cfg_handler.checks(), + format_matched_default_checkers)) + self.assertTrue(all_with_status(CheckerState.DISABLED) + (cfg_handler.checks(), + format_matched_not_default_checkers)) + + # Check if the specified checker is disabled by 'checker:' namespace + # but the default profile is enabled. + cfg_handler.initialize_checkers(checkers, + [(f"checker:{format_prefix}", False)]) + self.assertIn(format_prefix, cfg_handler.checks()) + self.assertTrue(all_with_status(CheckerState.DISABLED) + (cfg_handler.checks(), [format_prefix])) + self.assertTrue(all_with_status(CheckerState.ENABLED) + (cfg_handler.checks(), + format_matched_default_checkers)) + self.assertTrue(all_with_status(CheckerState.DISABLED) + (cfg_handler.checks(), + format_matched_not_default_checkers)) + + # Check the prefix matched chackers when the 'prefix:' namespace + # enables them. + cfg_handler.initialize_checkers(checkers, + [(f"prefix:{format_prefix}", True)]) + self.assertIn(format_prefix, cfg_handler.checks()) + self.assertTrue(all_with_status(CheckerState.ENABLED) + (cfg_handler.checks(), [format_prefix])) + self.assertTrue(all_with_status(CheckerState.ENABLED) + (cfg_handler.checks(), + format_matched_default_checkers)) + self.assertTrue(all_with_status(CheckerState.ENABLED) + (cfg_handler.checks(), + format_matched_not_default_checkers)) + + # Check the prefix matched chackers when the 'prefix:' namespace + # disables them. + cfg_handler.initialize_checkers(checkers, + [(f"prefix:{format_prefix}", False)]) + self.assertIn(format_prefix, cfg_handler.checks()) + self.assertTrue(all_with_status(CheckerState.DISABLED) + (cfg_handler.checks(), [format_prefix])) + self.assertTrue(all_with_status(CheckerState.DISABLED) + (cfg_handler.checks(), + format_matched_default_checkers)) + self.assertTrue(all_with_status(CheckerState.DISABLED) + (cfg_handler.checks(), + format_matched_not_default_checkers)) + def test_disable_clangsa_checkers(self): """ Test that checker config still disables clang-analyzer-*. @@ -510,9 +656,8 @@ def test_disable_clangsa_checkers(self): for arg in analyzer.construct_analyzer_cmd(result_handler): self.assertFalse(arg.startswith('-checks')) - self.assertEqual( - analyzer.config_handler.checks()['Wreserved-id-macro'][0], - CheckerState.ENABLED) + self.assertNotIn("Wreserved-id-macro", + analyzer.config_handler.checks().keys()) def test_analyze_wrong_parameters(self): """ @@ -603,7 +748,7 @@ def test_clang_diags_as_compiler_warnings(self): analyzer = create_analyzer_tidy([ # This should enable -Wvla and -Wvla-extension. - '--enable', 'clang-diagnostic-vla', + '--enable', 'prefix:clang-diagnostic-vla', '--disable', 'clang-diagnostic-unused-value']) result_handler = create_result_handler(analyzer) @@ -645,16 +790,26 @@ def checkers_by_labels(self, labels): def get_description(self, label): if label == 'profile': - return ['default', 'sensitive', 'security', 'portability', - 'extreme'] - - return [] + return { + "default": "", + "sensitive": "", + "security": "", + "portability": "", + "extreme": "" + } + return {} def occurring_values(self, label): if label == 'guideline': return ['sei-cert'] elif label == 'sei-cert': return ['rule1', 'rule2'] + elif label == 'profile': + return ['default', + 'sensitive', + 'security', + 'portability', + 'extreme'] return [] diff --git a/analyzer/tests/unit/test_guidelines.py b/analyzer/tests/unit/test_guidelines.py new file mode 100644 index 0000000000..41a0e0767e --- /dev/null +++ b/analyzer/tests/unit/test_guidelines.py @@ -0,0 +1,104 @@ +# ------------------------------------------------------------------------- +# +# Part of the CodeChecker project, under the Apache License v2.0 with +# LLVM Exceptions. See LICENSE for license information. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +# ------------------------------------------------------------------------- + +"""Tests for Guidelines class.""" + + +import yaml +import os +import tempfile +import unittest + +from codechecker_common.guidelines import Guidelines + + +class TestGuidelines(unittest.TestCase): + def setUp(self) -> None: + self.guidelines_dir = tempfile.TemporaryDirectory() + self.initialize_guidelines_dir() + + def tearDown(self) -> None: + self.guidelines_dir.cleanup() + + def initialize_guidelines_dir(self): + guidelines = { + "guideline": "sei-cert", + "guideline_title": "SEI CERT Coding Standard", + "rules": [ + { + "rule_id": "con50-cpp", + "rule_url": "https://wiki.sei.cmu.edu/confluence/display" + "/cplusplus/CON50-CPP.+Do+not+destroy+a+mutex" + "+while+it+is+locked", + "rule_title": "" + }, + { + "rule_id": "con51-cpp", + "rule_url": "https://wiki.sei.cmu.edu/confluence/display" + "/cplusplus/CON51-CPP.+Ensure+actively+held+" + "locks+are+released+on+exceptional+conditions", + "rule_title": "" + }, + { + "rule_id": "con52-cpp", + "rule_url": "https://wiki.sei.cmu.edu/confluence/display" + "/cplusplus/CON52-CPP.+Prevent+data+races+when" + "+accessing+bit-fields+from+multiple+threads", + "rule_title": "" + }, + { + "rule_id": "con53-cpp", + "rule_url": "https://wiki.sei.cmu.edu/confluence/display" + "/cplusplus/CON53-CPP.+Avoid+deadlock+by+" + "locking+in+a+predefined+order", + "rule_title": "" + }, + ] + } + + with open(os.path.join(self.guidelines_dir.name, 'sei-cert.yaml'), + 'w', encoding='utf-8') as fp: + yaml.safe_dump(guidelines, fp, default_flow_style=False) + + def test_guidelines(self): + g = Guidelines(self.guidelines_dir.name) + + self.assertNotEqual(len(g.rules_of_guideline("sei-cert")), 0) + + self.assertEqual( + sorted(g.rules_of_guideline("sei-cert").keys()), + ["con50-cpp", "con51-cpp", "con52-cpp", "con53-cpp"]) + + self.assertEqual( + g.rules_of_guideline("sei-cert"), + { + "con50-cpp": { + "rule_url": "https://wiki.sei.cmu.edu/confluence/display" + "/cplusplus/CON50-CPP.+Do+not+destroy+a+mutex" + "+while+it+is+locked", + "rule_title": "" + }, + "con51-cpp": { + "rule_url": "https://wiki.sei.cmu.edu/confluence/display" + "/cplusplus/CON51-CPP.+Ensure+actively+held+" + "locks+are+released+on+exceptional+conditions", + "rule_title": "" + }, + "con52-cpp": { + "rule_url": "https://wiki.sei.cmu.edu/confluence/display" + "/cplusplus/CON52-CPP.+Prevent+data+races+when" + "+accessing+bit-fields+from+multiple+threads", + "rule_title": "" + }, + "con53-cpp": { + "rule_url": "https://wiki.sei.cmu.edu/confluence/display" + "/cplusplus/CON53-CPP.+Avoid+deadlock+by+" + "locking+in+a+predefined+order", + "rule_title": "" + }, + }) diff --git a/analyzer/tools/build-logger/Makefile b/analyzer/tools/build-logger/Makefile index 2174201837..e9ed753148 100644 --- a/analyzer/tools/build-logger/Makefile +++ b/analyzer/tools/build-logger/Makefile @@ -76,24 +76,18 @@ LIB_DIR = $(BUILD_DIR)/lib all: ldlogger ldlogger_32.so ldlogger_64.so pack32bit pack64bit pack32bit: 32bit packbin - for x86dir in 'i386' 'i486' 'i586' 'i686'; do \ - mkdir -p $(LIB_DIR)/$$x86dir ; \ - cp ldlogger_32.so $(LIB_DIR)/$$x86dir/ldlogger.so ; \ - done + mkdir -p $(LIB_DIR)/32bit ; \ + cp ldlogger_32.so $(LIB_DIR)/32bit/ldlogger.so ; \ rm -f ldlogger_32.so pack64bit: 64bit packbin - for x8664dir in 'x86_64'; do \ - mkdir -p $(LIB_DIR)/$$x8664dir ; \ - cp ldlogger_64.so $(LIB_DIR)/$$x8664dir/ldlogger.so ; \ - done + mkdir -p $(LIB_DIR)/64bit ; \ + cp ldlogger_64.so $(LIB_DIR)/64bit/ldlogger.so ; \ rm -f ldlogger_64.so pack64bit_only: 64bit_only packbin64 - for x8664dir in 'x86_64'; do \ - mkdir -p $(LIB_DIR)/$$x8664dir ; \ - cp ldlogger_64.so $(LIB_DIR)/$$x8664dir/ldlogger.so ; \ - done + mkdir -p $(LIB_DIR)/64bit ; \ + cp ldlogger_64.so $(LIB_DIR)/64bit/ldlogger.so ; \ rm -f ldlogger_64.so # pack binary diff --git a/analyzer/tools/build-logger/tests/unit/__init__.py b/analyzer/tools/build-logger/tests/unit/__init__.py index e87a409252..73432fa04e 100644 --- a/analyzer/tools/build-logger/tests/unit/__init__.py +++ b/analyzer/tools/build-logger/tests/unit/__init__.py @@ -10,11 +10,11 @@ import json import os -import platform import shlex import subprocess import tempfile import unittest +from pathlib import Path from typing import Mapping, Optional, Tuple, Sequence REPO_ROOT = os.path.abspath(os.getenv("REPO_ROOT")) @@ -106,10 +106,13 @@ def read_actual_json(self) -> str: return fd.read() def get_envvars(self) -> Mapping[str, str]: + libdir = Path(LOGGER_DIR, "lib") return { "PATH": os.getenv("PATH"), "LD_PRELOAD": "ldlogger.so", - "LD_LIBRARY_PATH": os.path.join(LOGGER_DIR, "lib"), + "LD_LIBRARY_PATH": ':'.join([str(arch) for arch in + libdir.iterdir() + if arch.is_dir()]), "CC_LOGGER_GCC_LIKE": "gcc:g++:clang:clang++:/cc:c++", "CC_LOGGER_FILE": self.logger_file, "CC_LOGGER_DEBUG_FILE": self.logger_debug_file, diff --git a/codechecker_common/guidelines.py b/codechecker_common/guidelines.py new file mode 100644 index 0000000000..119bdcf176 --- /dev/null +++ b/codechecker_common/guidelines.py @@ -0,0 +1,116 @@ +# ------------------------------------------------------------------------- +# +# Part of the CodeChecker project, under the Apache License v2.0 with +# LLVM Exceptions. See LICENSE for license information. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +# ------------------------------------------------------------------------- +import os +from typing import DefaultDict, Dict, Iterable +from collections import defaultdict + +from codechecker_common.util import load_yaml +from codechecker_common.logger import get_logger + +LOG = get_logger('system') + + +class Guidelines: + def __init__(self, guidelines_dir: str): + if not os.path.isdir(guidelines_dir): + raise NotADirectoryError( + f'{guidelines_dir} is not a directory.') + + guideline_yaml_files = map( + lambda f: os.path.join(guidelines_dir, f), + os.listdir(guidelines_dir)) + + self.__all_rules = self.__union_guideline_files(guideline_yaml_files) + + def __check_guideline_format(self, guideline_data: dict): + """ + Check the format of a guideline, It must contain specific values with + specific types. In case of any format error a ValueError exception is + thrown with the description of the wrong format. + """ + + if "guideline" not in guideline_data \ + or not isinstance(guideline_data["guideline"], str): + raise ValueError( + "The 'guideline' field must exist and be a string.") + + if "guideline_title" not in guideline_data \ + or not isinstance(guideline_data["guideline_title"], str): + raise ValueError( + "The 'guideline_title' field must exist and be a string.") + + rules = guideline_data.get("rules") + if not isinstance(rules, list) \ + or not all(map(lambda r: isinstance(r, dict), rules)): + raise ValueError( + "The 'rules' field must exist and be a list of dictionaris.") + + if any(map(lambda rule: "rule_id" not in rule + or not isinstance(rule["rule_id"], str), rules)): + raise ValueError( + "All rules must have 'rule_id' that is a string.") + + def __union_guideline_files( + self, + guideline_files: Iterable[str] + ) -> DefaultDict[str, Dict[str, Dict[str, str]]]: + """ + This function creates a union object of the given guideline files. The + resulting object maps guidelines to the collection of their rules. + E.g.: + { + "guideline1": { + "rule_id1": { + "rule_url": ... + "title": ... + }, + "rule_id2": { + ... + } + ], + "guideline2": { + ... + }, + } + """ + all_rules: DefaultDict[ + str, Dict[str, Dict[str, str]]] = defaultdict(dict) + + for guideline_file in guideline_files: + guideline_data = load_yaml(guideline_file) + + try: + self.__check_guideline_format(guideline_data) + + guideline_name = guideline_data["guideline"] + rules = guideline_data["rules"] + all_rules[guideline_name] = {rule.pop("rule_id"): rule + for rule in rules} + except ValueError as ex: + LOG.warning("%s does not have a correct guideline format.", + guideline_file) + LOG.warning(ex) + + return all_rules + + def rules_of_guideline( + self, + guideline_name: str, + ) -> Dict[str, Dict[str, str]]: + """ + Return the list of rules of a guideline. + """ + + guideline_rules = self.__all_rules[guideline_name] + + return guideline_rules + + def all_guideline_rules( + self + ) -> DefaultDict[str, Dict[str, Dict[str, str]]]: + return self.__all_rules diff --git a/codechecker_common/util.py b/codechecker_common/util.py index b71953c753..62a2c30c9b 100644 --- a/codechecker_common/util.py +++ b/codechecker_common/util.py @@ -10,6 +10,7 @@ """ import itertools import json +import yaml import os from typing import TextIO @@ -89,6 +90,32 @@ def load_json(path: str, default=None, lock=False, display_warning=True): return ret +def load_yaml(path: str): + """ + Load the contents of the given file as a YAML and return it's value. + """ + + try: + with open(path, "r", encoding="utf-8") as f: + return yaml.safe_load(f) + except OSError as ex: + LOG.warning("Failed to open YAML file: %s", path) + LOG.warning(ex) + return None + except yaml.YAMLError as ex: + LOG.warning("Failed to parse YAML file: %s", path) + LOG.warning(ex) + return None + except ValueError as ex: + LOG.warning("%s is not a valid YAML file.", path) + LOG.warning(ex) + return None + except TypeError as ex: + LOG.warning("Failed to process YAML file: %s", path) + LOG.warning(ex) + return None + + def get_linef(fp: TextIO, line_no: int) -> str: """'fp' should be (readable) file object. Return the line content at line_no or an empty line diff --git a/config/guidelines/sei-cert-c.yaml b/config/guidelines/sei-cert-c.yaml new file mode 100644 index 0000000000..fe1c6c3399 --- /dev/null +++ b/config/guidelines/sei-cert-c.yaml @@ -0,0 +1,243 @@ +guideline: sei-cert-c +guideline_title: SEI CERT Coding Standard (C) +rules: +- rule_id: arr30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts +- rule_id: arr32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ARR32-C.+Ensure+size+arguments+for+variable+length+arrays+are+in+a+valid+range +- rule_id: arr36-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ARR36-C.+Do+not+subtract+or+compare+two+pointers+that+do+not+refer+to+the+same+array +- rule_id: arr37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ARR37-C.+Do+not+add+or+subtract+an+integer+to+a+pointer+to+a+non-array+object +- rule_id: arr38-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ARR38-C.+Guarantee+that+library+functions+do+not+form+invalid+pointers +- rule_id: arr39-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ARR39-C.+Do+not+add+or+subtract+a+scaled+integer+to+a+pointer +- rule_id: con30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON30-C.+Clean+up+thread-specific+storage +- rule_id: con31-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON31-C.+Do+not+destroy+a+mutex+while+it+is+locked +- rule_id: con32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON32-C.+Prevent+data+races+when+accessing+bit-fields+from+multiple+threads +- rule_id: con33-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON33-C.+Avoid+race+conditions+when+using+library+functions +- rule_id: con34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON34-C.+Declare+objects+shared+between+threads+with+appropriate+storage+durations +- rule_id: con35-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON35-C.+Avoid+deadlock+by+locking+in+a+predefined+order +- rule_id: con36-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON36-C.+Wrap+functions+that+can+spuriously+wake+up+in+a+loop +- rule_id: con37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON37-C.+Do+not+call+signal%28%29+in+a+multithreaded+program +- rule_id: con38-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON38-C.+Preserve+thread+safety+and+liveness+when+using+condition+variables +- rule_id: con39-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON39-C.+Do+not+join+or+detach+a+thread+that+was+previously+joined+or+detached +- rule_id: con40-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON40-C.+Do+not+refer+to+an+atomic+variable+twice+in+an+expression +- rule_id: con41-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON41-C.+Wrap+functions+that+can+fail+spuriously+in+a+loop +- rule_id: con43-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code +- rule_id: dcl30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/DCL30-C.+Declare+objects+with+appropriate+storage+durations +- rule_id: dcl31-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/DCL31-C.+Declare+identifiers+before+using+them +- rule_id: dcl36-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/DCL36-C.+Do+not+declare+an+identifier+with+conflicting+linkage+classifications +- rule_id: dcl37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/DCL37-C.+Do+not+declare+or+define+a+reserved+identifier +- rule_id: dcl38-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/DCL38-C.+Use+the+correct+syntax+when+declaring+a+flexible+array+member +- rule_id: dcl39-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/DCL39-C.+Avoid+information+leakage+when+passing+a+structure+across+a+trust+boundary +- rule_id: dcl40-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/DCL40-C.+Do+not+create+incompatible+declarations+of+the+same+function+or+object +- rule_id: dcl41-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/DCL41-C.+Do+not+declare+variables+inside+a+switch+statement+before+the+first+case+label +- rule_id: env30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ENV30-C.+Do+not+modify+the+object+referenced+by+the+return+value+of+certain+functions +- rule_id: env31-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ENV31-C.+Do+not+rely+on+an+environment+pointer+following+an+operation+that+may+invalidate+it +- rule_id: env32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ENV32-C.+All+exit+handlers+must+return+normally +- rule_id: env33-c + rule_url: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177 +- rule_id: env34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ENV34-C.+Do+not+store+pointers+returned+by+certain+functions +- rule_id: err30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ERR30-C.+Take+care+when+reading+errno +- rule_id: err32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ERR32-C.+Do+not+rely+on+indeterminate+values+of+errno +- rule_id: err33-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ERR33-C.+Detect+and+handle+standard+library+errors +- rule_id: err34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ERR34-C.+Detect+errors+when+converting+a+string+to+a+number +- rule_id: exp30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP30-C.+Do+not+depend+on+the+order+of+evaluation+for+side+effects +- rule_id: exp32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP32-C.+Do+not+access+a+volatile+object+through+a+nonvolatile+reference +- rule_id: exp33-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory +- rule_id: exp34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP34-C.+Do+not+dereference+null+pointers +- rule_id: exp35-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP35-C.+Do+not+modify+objects+with+temporary+lifetime +- rule_id: exp36-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP36-C.+Do+not+cast+pointers+into+more+strictly+aligned+pointer+types +- rule_id: exp37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP37-C.+Call+functions+with+the+correct+number+and+type+of+arguments +- rule_id: exp39-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP39-C.+Do+not+access+a+variable+through+a+pointer+of+an+incompatible+type +- rule_id: exp40-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP40-C.+Do+not+modify+constant+objects +- rule_id: exp42-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP42-C.+Do+not+compare+padding+data +- rule_id: exp43-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP43-C.+Avoid+undefined+behavior+when+using+restrict-qualified+pointers +- rule_id: exp44-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP44-C.+Do+not+rely+on+side+effects+in+operands+to+sizeof%2C+_Alignof%2C+or+_Generic +- rule_id: exp45-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP45-C.+Do+not+perform+assignments+in+selection+statements +- rule_id: exp46-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP46-C.+Do+not+use+a+bitwise+operator+with+a+Boolean-like+operand +- rule_id: exp47-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/EXP47-C.+Do+not+call+va_arg+with+an+argument+of+the+incorrect+type +- rule_id: fio30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO30-C.+Exclude+user+input+from+format+strings +- rule_id: fio32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO32-C.+Do+not+perform+operations+on+devices+that+are+only+appropriate+for+files +- rule_id: fio34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO34-C.+Distinguish+between+characters+read+from+a+file+and+EOF+or+WEOF +- rule_id: fio37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO37-C.+Do+not+assume+that+fgets%28%29+or+fgetws%28%29+returns+a+nonempty+string+when+successful +- rule_id: fio38-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO38-C.+Do+not+copy+a+FILE+object +- rule_id: fio39-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO39-C.+Do+not+alternately+input+and+output+from+a+stream+without+an+intervening+flush+or+positioning+call +- rule_id: fio40-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO40-C.+Reset+strings+on+fgets%28%29++or+fgetws%28%29+failure +- rule_id: fio41-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO41-C.+Do+not+call+getc%28%29%2C+putc%28%29%2C+getwc%28%29%2C+or+putwc%28%29+with+a+stream+argument+that+has+side+effects +- rule_id: fio42-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO42-C.+Close+files+when+they+are+no+longer+needed +- rule_id: fio44-c + rule_url: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152071 +- rule_id: fio45-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO45-C.+Avoid+TOCTOU+race+conditions+while+accessing+files +- rule_id: fio46-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO46-C.+Do+not+access+a+closed+file +- rule_id: fio47-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FIO47-C.+Use+valid+format+strings +- rule_id: flp30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FLP30-C.+Do+not+use+floating-point+variables+as+loop+counters +- rule_id: flp32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FLP32-C.+Prevent+or+detect+domain+and+range+errors+in+math+functions +- rule_id: flp34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FLP34-C.+Ensure+that+floating-point+conversions+are+within+range+of+the+new+type +- rule_id: flp36-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FLP36-C.+Preserve+precision+when+converting+integral+values+to+floating-point+type +- rule_id: flp37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/FLP37-C.+Do+not+use+object+representations+to+compare+floating-point+values +- rule_id: int30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/INT30-C.+Ensure+that+unsigned+integer+operations+do+not+wrap +- rule_id: int31-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/INT31-C.+Ensure+that+integer+conversions+do+not+result+in+lost+or+misinterpreted+data +- rule_id: int32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow +- rule_id: int33-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/INT33-C.+Ensure+that+division+and+remainder+operations+do+not+result+in+divide-by-zero+errors +- rule_id: int34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/INT34-C.+Do+not+shift+an+expression+by+a+negative+number+of+bits+or+by+greater+than+or+equal+to+the+number+of+bits+that+exist+in+the+operand +- rule_id: int35-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/INT35-C.+Use+correct+integer+precisions +- rule_id: int36-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/INT36-C.+Converting+a+pointer+to+integer+or+integer+to+pointer +- rule_id: mem30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MEM30-C.+Do+not+access+freed+memory +- rule_id: mem31-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MEM31-C.+Free+dynamically+allocated+memory+when+no+longer+needed +- rule_id: mem33-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MEM33-C.++Allocate+and+copy+structures+containing+a+flexible+array+member+dynamically +- rule_id: mem34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MEM34-C.+Only+free+memory+allocated+dynamically +- rule_id: mem35-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MEM35-C.+Allocate+sufficient+memory+for+an+object +- rule_id: mem36-c + rule_url: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152255 +- rule_id: msc30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MSC30-C.+Do+not+use+the+rand%28%29+function+for+generating+pseudorandom+numbers +- rule_id: msc32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MSC32-C.+Properly+seed+pseudorandom+number+generators +- rule_id: msc33-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MSC33-C.+Do+not+pass+invalid+data+to+the+asctime%28%29+function +- rule_id: msc37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MSC37-C.+Ensure+that+control+never+reaches+the+end+of+a+non-void+function +- rule_id: msc38-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MSC38-C.+Do+not+treat+a+predefined+identifier+as+an+object+if+it+might+only+be+implemented+as+a+macro +- rule_id: msc39-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MSC39-C.+Do+not+call+va_arg%28%29+on+a+va_list+that+has+an+indeterminate+value +- rule_id: msc40-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MSC40-C.+Do+not+violate+constraints +- rule_id: msc41-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/MSC41-C.+Never+hard+code+sensitive+information +- rule_id: pos30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS30-C.+Use+the+readlink%28%29+function+properly +- rule_id: pos34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS34-C.+Do+not+call+putenv%28%29+with+a+pointer+to+an+automatic+variable+as+the+argument +- rule_id: pos35-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS35-C.+Avoid+race+conditions+while+checking+for+the+existence+of+a+symbolic+link +- rule_id: pos36-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges +- rule_id: pos37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful +- rule_id: pos38-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS38-C.+Beware+of+race+conditions+when+using+fork+and+file+descriptors +- rule_id: pos39-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS39-C.+Use+the+correct+byte+ordering+when+transferring+data+between+systems +- rule_id: pos44-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS44-C.+Do+not+use+signals+to+terminate+threads +- rule_id: pos47-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS47-C.+Do+not+use+threads+that+can+be+canceled+asynchronously +- rule_id: pos48-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS48-C.+Do+not+unlock+or+destroy+another+POSIX+thread%27s+mutex +- rule_id: pos49-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS49-C.+When+data+must+be+accessed+by+multiple+threads%2C+provide+a+mutex+and+guarantee+no+adjacent+data+is+also+accessed +- rule_id: pos50-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS50-C.+Declare+objects+shared+between+POSIX+threads+with+appropriate+storage+durations +- rule_id: pos51-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS51-C.+Avoid+deadlock+with+POSIX+threads+by+locking+in+predefined+order +- rule_id: pos52-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS52-C.+Do+not+perform+operations+that+can+block+while+holding+a+POSIX+lock +- rule_id: pos53-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS53-C.+Do+not+use+more+than+one+mutex+for+concurrent+waiting+operations+on+a+condition+variable +- rule_id: pos54-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/POS54-C.+Detect+and+handle+POSIX+library+errors +- rule_id: pre30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/PRE30-C.+Do+not+create+a+universal+character+name+through+concatenation +- rule_id: pre31-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/PRE31-C.+Avoid+side+effects+in+arguments+to+unsafe+macros +- rule_id: pre32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/PRE32-C.+Do+not+use+preprocessor+directives+in+invocations+of+function-like+macros +- rule_id: sig30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers +- rule_id: sig31-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/SIG31-C.+Do+not+access+shared+objects+in+signal+handlers +- rule_id: sig34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/SIG34-C.+Do+not+call+signal%28%29+from+within+interruptible+signal+handlers +- rule_id: sig35-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/SIG35-C.+Do+not+return+from+a+computational+exception+signal+handler +- rule_id: str30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/STR30-C.+Do+not+attempt+to+modify+string+literals +- rule_id: str31-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/STR31-C.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator +- rule_id: str32-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/STR32-C.+Do+not+pass+a+non-null-terminated+character+sequence+to+a+library+function+that+expects+a+string +- rule_id: str34-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/STR34-C.+Cast+characters+to+unsigned+char+before+converting+to+larger+integer+sizes +- rule_id: str37-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/STR37-C.+Arguments+to+character-handling+functions+must+be+representable+as+an+unsigned+char +- rule_id: str38-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/STR38-C.+Do+not+confuse+narrow+and+wide+character+strings+and+functions +- rule_id: win30-c + rule_url: https://wiki.sei.cmu.edu/confluence/display/c/WIN30-C.+Properly+pair+allocation+and+deallocation+functions \ No newline at end of file diff --git a/config/guidelines/sei-cert-cpp.yaml b/config/guidelines/sei-cert-cpp.yaml new file mode 100644 index 0000000000..cd5b6cd7ef --- /dev/null +++ b/config/guidelines/sei-cert-cpp.yaml @@ -0,0 +1,169 @@ +guideline: sei-cert-cpp +guideline_title: SEI CERT Coding Standard (C++) +rules: +- rule_id: con50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON50-CPP.+Do+not+destroy+a+mutex+while+it+is+locked +- rule_id: con51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON51-CPP.+Ensure+actively+held+locks+are+released+on+exceptional+conditions +- rule_id: con52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON52-CPP.+Prevent+data+races+when+accessing+bit-fields+from+multiple+threads +- rule_id: con53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON53-CPP.+Avoid+deadlock+by+locking+in+a+predefined+order +- rule_id: con54-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON54-CPP.+Wrap+functions+that+can+spuriously+wake+up+in+a+loop +- rule_id: con55-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON55-CPP.+Preserve+thread+safety+and+liveness+when+using+condition+variables +- rule_id: con56-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON56-CPP.+Do+not+speculatively+lock+a+non-recursive+mutex+that+is+already+owned+by+the+calling+thread +- rule_id: ctr50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR50-CPP.+Guarantee+that+container+indices+and+iterators+are+within+the+valid+range +- rule_id: ctr51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR51-CPP.+Use+valid+references%2C+pointers%2C+and+iterators+to+reference+elements+of+a+container +- rule_id: ctr52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR52-CPP.+Guarantee+that+library+functions+do+not+overflow +- rule_id: ctr53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR53-CPP.+Use+valid+iterator+ranges +- rule_id: ctr54-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR54-CPP.+Do+not+subtract+iterators+that+do+not+refer+to+the+same+container +- rule_id: ctr55-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR55-CPP.+Do+not+use+an+additive+operator+on+an+iterator+if+the+result+would+overflow +- rule_id: ctr56-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR56-CPP.+Do+not+use+pointer+arithmetic+on+polymorphic+objects +- rule_id: ctr57-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR57-CPP.+Provide+a+valid+ordering+predicate +- rule_id: ctr58-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR58-CPP.+Predicate+function+objects+should+not+be+mutable +- rule_id: dcl50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL50-CPP.+Do+not+define+a+C-style+variadic+function +- rule_id: dcl51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL51-CPP.+Do+not+declare+or+define+a+reserved+identifier +- rule_id: dcl52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL52-CPP.+Never+qualify+a+reference+type+with+const+or+volatile +- rule_id: dcl53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL53-CPP.+Do+not+write+syntactically+ambiguous+declarations +- rule_id: dcl54-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL54-CPP.+Overload+allocation+and+deallocation+functions+as+a+pair+in+the+same+scope +- rule_id: dcl55-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL55-CPP.+Avoid+information+leakage+when+passing+a+class+object+across+a+trust+boundary +- rule_id: dcl56-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL56-CPP.+Avoid+cycles+during+initialization+of+static+objects +- rule_id: dcl57-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL57-CPP.+Do+not+let+exceptions+escape+from+destructors+or+deallocation+functions +- rule_id: dcl58-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL58-CPP.+Do+not+modify+the+standard+namespaces +- rule_id: dcl59-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL59-CPP.+Do+not+define+an+unnamed+namespace+in+a+header+file +- rule_id: dcl60-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL60-CPP.+Obey+the+one-definition+rule +- rule_id: err50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR50-CPP.+Do+not+abruptly+terminate+the+program +- rule_id: err51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR51-CPP.+Handle+all+exceptions +- rule_id: err52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046492 +- rule_id: err53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR53-CPP.+Do+not+reference+base+classes+or+class+data+members+in+a+constructor+or+destructor+function-try-block+handler +- rule_id: err54-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR54-CPP.+Catch+handlers+should+order+their+parameter+types+from+most+derived+to+least+derived +- rule_id: err55-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR55-CPP.+Honor+exception+specifications +- rule_id: err56-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR56-CPP.+Guarantee+exception+safety +- rule_id: err57-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR57-CPP.+Do+not+leak+resources+when+handling+exceptions +- rule_id: err58-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR58-CPP.+Handle+all+exceptions+thrown+before+main%28%29+begins+executing +- rule_id: err59-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR59-CPP.+Do+not+throw+an+exception+across+execution+boundaries +- rule_id: err60-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR60-CPP.+Exception+objects+must+be+nothrow+copy+constructible +- rule_id: err61-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR61-CPP.+Catch+exceptions+by+lvalue+reference +- rule_id: err62-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR62-CPP.+Detect+errors+when+converting+a+string+to+a+number +- rule_id: exp50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP50-CPP.+Do+not+depend+on+the+order+of+evaluation+for+side+effects +- rule_id: exp51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP51-CPP.+Do+not+delete+an+array+through+a+pointer+of+the+incorrect+type +- rule_id: exp52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP52-CPP.+Do+not+rely+on+side+effects+in+unevaluated+operands +- rule_id: exp53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP53-CPP.+Do+not+read+uninitialized+memory +- rule_id: exp54-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP54-CPP.+Do+not+access+an+object+outside+of+its+lifetime +- rule_id: exp55-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP55-CPP.+Do+not+access+a+cv-qualified+object+through+a+cv-unqualified+type +- rule_id: exp56-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP56-CPP.+Do+not+call+a+function+with+a+mismatched+language+linkage +- rule_id: exp57-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP57-CPP.+Do+not+cast+or+delete+pointers+to+incomplete+classes +- rule_id: exp58-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP58-CPP.+Pass+an+object+of+the+correct+type+to+va_start +- rule_id: exp59-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP59-CPP.+Use+offsetof%28%29+on+valid+types+and+members +- rule_id: exp60-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP60-CPP.+Do+not+pass+a+nonstandard-layout+type+object+across+execution+boundaries +- rule_id: exp61-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP61-CPP.+A+lambda+object+must+not+outlive+any+of+its+reference+captured+objects +- rule_id: exp62-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP62-CPP.+Do+not+access+the+bits+of+an+object+representation+that+are+not+part+of+the+object%27s+value+representation +- rule_id: exp63-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP63-CPP.+Do+not+rely+on+the+value+of+a+moved-from+object +- rule_id: fio50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/FIO50-CPP.+Do+not+alternately+input+and+output+from+a+file+stream+without+an+intervening+positioning+call +- rule_id: fio51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/FIO51-CPP.+Close+files+when+they+are+no+longer+needed +- rule_id: int50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/INT50-CPP.+Do+not+cast+to+an+out-of-range+enumeration+value +- rule_id: mem50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM50-CPP.+Do+not+access+freed+memory +- rule_id: mem51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM51-CPP.+Properly+deallocate+dynamically+allocated+resources +- rule_id: mem52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM52-CPP.+Detect+and+handle+memory+allocation+errors +- rule_id: mem53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM53-CPP.+Explicitly+construct+and+destruct+objects+when+manually+managing+object+lifetime +- rule_id: mem54-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM54-CPP.+Provide+placement+new+with+properly+aligned+pointers+to+sufficient+storage+capacity +- rule_id: mem55-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM55-CPP.+Honor+replacement+dynamic+storage+management+requirements +- rule_id: mem56-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM56-CPP.+Do+not+store+an+already-owned+pointer+value+in+an+unrelated+smart+pointer +- rule_id: mem57-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM57-CPP.+Avoid+using+default+operator+new+for+over-aligned+types +- rule_id: msc50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC50-CPP.+Do+not+use+std%3A%3Arand%28%29+for+generating+pseudorandom+numbers +- rule_id: msc51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC51-CPP.+Ensure+your+random+number+generator+is+properly+seeded +- rule_id: msc52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC52-CPP.+Value-returning+functions+must+return+a+value+from+all+exit+paths +- rule_id: msc53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046346 +- rule_id: msc54-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC54-CPP.+A+signal+handler+must+be+a+plain+old+function +- rule_id: oop50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP50-CPP.+Do+not+invoke+virtual+functions+from+constructors+or+destructors +- rule_id: oop51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP51-CPP.+Do+not+slice+derived+objects +- rule_id: oop52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP52-CPP.+Do+not+delete+a+polymorphic+object+without+a+virtual+destructor +- rule_id: oop53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP53-CPP.+Write+constructor+member+initializers+in+the+canonical+order +- rule_id: oop54-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP54-CPP.+Gracefully+handle+self-copy+assignment +- rule_id: oop55-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP55-CPP.+Do+not+use+pointer-to-member+operators+to+access+nonexistent+members +- rule_id: oop56-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP56-CPP.+Honor+replacement+handler+requirements +- rule_id: oop57-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP57-CPP.+Prefer+special+member+functions+and+overloaded+operators+to+C+Standard+Library+functions +- rule_id: oop58-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP58-CPP.+Copy+operations+must+not+mutate+the+source+object +- rule_id: str50-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/STR50-CPP.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator +- rule_id: str51-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/STR51-CPP.+Do+not+attempt+to+create+a+std%3A%3Astring+from+a+null+pointer +- rule_id: str52-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/STR52-CPP.+Use+valid+references%2C+pointers%2C+and+iterators+to+reference+elements+of+a+basic_string +- rule_id: str53-cpp + rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/STR53-CPP.+Range+check+element+access \ No newline at end of file diff --git a/config/labels/analyzers/clang-tidy.json b/config/labels/analyzers/clang-tidy.json index 52d32f04e0..ee1a6dacec 100644 --- a/config/labels/analyzers/clang-tidy.json +++ b/config/labels/analyzers/clang-tidy.json @@ -176,12 +176,12 @@ ], "bugprone-assert-side-effect": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/assert-side-effect.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pre31-c", + "sei-cert-c:pre31-c", "severity:MEDIUM" ], "bugprone-assignment-in-if-condition": [ @@ -191,12 +191,12 @@ ], "bugprone-bad-signal-to-kill-thread": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/bad-signal-to-kill-thread.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pos44-c", + "sei-cert-c:pos44-c", "severity:MEDIUM" ], "bugprone-bitwise-pointer-cast": [ @@ -278,13 +278,13 @@ ], "bugprone-exception-escape": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/exception-escape.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl57-cpp", - "sei-cert:err55-cpp", - "sei-cert:msc53-cpp", + "sei-cert-cpp:dcl57-cpp", + "sei-cert-cpp:err55-cpp", + "sei-cert-cpp:msc53-cpp", "severity:MEDIUM" ], "bugprone-fold-init-type": [ @@ -365,20 +365,20 @@ ], "bugprone-macro-parentheses": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/macro-parentheses.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", - "sei-cert:pre02-c", + "sei-cert-c:pre02-c", "severity:MEDIUM" ], "bugprone-macro-repeated-side-effects": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/macro-repeated-side-effects.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pre31-c", + "sei-cert-c:pre31-c", "severity:MEDIUM" ], "bugprone-misplaced-operator-in-strlen-in-alloc": [ @@ -418,16 +418,16 @@ ], "bugprone-multiple-new-in-one-expression": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/multiple-new-in-one-expression.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err51-cpp", - "sei-cert:exp50-cpp", - "sei-cert:mem31-cpp", - "sei-cert:mem51-cpp", - "sei-cert:mem52-cpp", + "sei-cert-cpp:err51-cpp", + "sei-cert-cpp:exp50-cpp", + "sei-cert-cpp:mem31-cpp", + "sei-cert-cpp:mem51-cpp", + "sei-cert-cpp:mem52-cpp", "severity:HIGH" ], "bugprone-multiple-statement-macro": [ @@ -438,14 +438,14 @@ ], "bugprone-narrowing-conversions": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/narrowing-conversions.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp45-c", - "sei-cert:fio34-c", - "sei-cert:flp34-c", - "sei-cert:flp36-c", + "sei-cert-c:exp45-c", + "sei-cert-c:fio34-c", + "sei-cert-c:flp34-c", + "sei-cert-c:flp36-c", "severity:MEDIUM" ], "bugprone-no-escape": [ @@ -488,10 +488,10 @@ ], "bugprone-pointer-arithmetic-on-polymorphic-object": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/pointer-arithmetic-on-polymorphic-object.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", - "sei-cert:ctr56-cpp", + "sei-cert-cpp:ctr56-cpp", "severity:HIGH" ], "bugprone-posix-return": [ @@ -508,11 +508,12 @@ ], "bugprone-reserved-identifier": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/reserved-identifier.html", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", - "sei-cert:dcl37-c", - "sei-cert:dcl51-cpp", + "sei-cert-c:dcl37-c", + "sei-cert-cpp:dcl51-cpp", "severity:LOW" ], "bugprone-return-const-ref-from-parameter": [ @@ -523,33 +524,34 @@ ], "bugprone-shared-ptr-array-mismatch": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/shared-ptr-array-mismatch.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem51-cpp", + "sei-cert-cpp:mem51-cpp", "severity:HIGH" ], "bugprone-signal-handler": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/signal-handler.html", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:msc54-cpp", - "sei-cert:sig30-c", + "sei-cert-cpp:msc54-cpp", + "sei-cert-c:sig30-c", "severity:MEDIUM" ], "bugprone-signed-char-misuse": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/signed-char-misuse.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:str34-c", + "sei-cert-c:str34-c", "severity:MEDIUM" ], "bugprone-sizeof-container": [ @@ -561,22 +563,23 @@ ], "bugprone-sizeof-expression": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/sizeof-expression.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem35-c", + "sei-cert-c:mem35-c", "severity:HIGH" ], "bugprone-spuriously-wake-up-functions": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/spuriously-wake-up-functions.html", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:con36-c", - "sei-cert:con54-cpp", + "sei-cert-c:con36-c", + "sei-cert-cpp:con54-cpp", "severity:MEDIUM" ], "bugprone-standalone-empty": [ @@ -628,23 +631,23 @@ ], "bugprone-suspicious-memory-comparison": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/suspicious-memory-comparison.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp42-c", - "sei-cert:flp37-c", + "sei-cert-c:exp42-c", + "sei-cert-c:flp37-c", "severity:MEDIUM" ], "bugprone-suspicious-memset-usage": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/suspicious-memset-usage.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:int31-c", + "sei-cert-c:int31-c", "severity:HIGH" ], "bugprone-suspicious-missing-comma": [ @@ -656,12 +659,12 @@ ], "bugprone-suspicious-realloc-usage": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/suspicious-realloc-usage.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err33-c", + "sei-cert-c:err33-c", "severity:HIGH" ], "bugprone-suspicious-semicolon": [ @@ -733,13 +736,13 @@ ], "bugprone-undefined-memory-manipulation": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/undefined-memory-manipulation.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp62-cpp", - "sei-cert:oop57-cpp", + "sei-cert-cpp:exp62-cpp", + "sei-cert-cpp:oop57-cpp", "severity:MEDIUM" ], "bugprone-undelegated-constructor": [ @@ -751,42 +754,42 @@ ], "bugprone-unhandled-exception-at-new": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/unhandled-exception-at-new.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err51-cpp", - "sei-cert:mem52-cpp", + "sei-cert-cpp:err51-cpp", + "sei-cert-cpp:mem52-cpp", "severity:MEDIUM" ], "bugprone-unhandled-self-assignment": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/unhandled-self-assignment.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop54-cpp", + "sei-cert-cpp:oop54-cpp", "severity:MEDIUM" ], "bugprone-unique-ptr-array-mismatch": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/unique-ptr-array-mismatch.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem51-cpp", + "sei-cert-cpp:mem51-cpp", "severity:MEDIUM" ], "bugprone-unsafe-functions": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/unsafe-functions.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:msc24-c", - "sei-cert:msc33-c", + "sei-cert-c:msc24-c", + "sei-cert-c:msc33-c", "severity:LOW" ], "bugprone-unused-local-non-trivial-variable": [ @@ -804,22 +807,22 @@ ], "bugprone-unused-return-value": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/unused-return-value.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err33-c", + "sei-cert-c:err33-c", "severity:MEDIUM" ], "bugprone-use-after-move": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/use-after-move.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp63-cpp", + "sei-cert-cpp:exp63-cpp", "severity:HIGH" ], "bugprone-virtual-near-miss": [ @@ -847,29 +850,29 @@ ], "cert-dcl03-c": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/dcl03-c.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl03-c", + "sei-cert-c:dcl03-c", "severity:MEDIUM" ], "cert-dcl16-c": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/dcl16-c.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl16-c", + "sei-cert-c:dcl16-c", "severity:STYLE" ], "cert-dcl21-cpp": [ "doc_url:https://releases.llvm.org/18.1.1/tools/clang/tools/extra/docs/clang-tidy/checks/cert/dcl21-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl21-cpp", + "sei-cert-cpp:dcl21-cpp", "severity:LOW" ], "cert-dcl37-c": [ @@ -878,11 +881,11 @@ ], "cert-dcl50-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/dcl50-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl50-cpp", + "sei-cert-cpp:dcl50-cpp", "severity:LOW" ], "cert-dcl51-cpp": [ @@ -895,12 +898,12 @@ ], "cert-dcl58-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/dcl58-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl58-cpp", + "sei-cert-cpp:dcl58-cpp", "severity:HIGH" ], "cert-dcl59-cpp": [ @@ -909,11 +912,11 @@ ], "cert-env33-c": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/env33-c.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:env33-c", + "sei-cert-c:env33-c", "severity:MEDIUM" ], "cert-err09-cpp": [ @@ -922,48 +925,48 @@ ], "cert-err33-c": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/err33-c.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err33-c", + "sei-cert-c:err33-c", "severity:MEDIUM" ], "cert-err34-c": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/err34-c.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err34-c", + "sei-cert-c:err34-c", "severity:LOW" ], "cert-err52-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/err52-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err52-cpp", + "sei-cert-cpp:err52-cpp", "severity:LOW" ], "cert-err58-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/err58-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err58-cpp", + "sei-cert-cpp:err58-cpp", "severity:LOW" ], "cert-err60-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/err60-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err60-cpp", + "sei-cert-cpp:err60-cpp", "severity:MEDIUM" ], "cert-err61-cpp": [ @@ -980,12 +983,12 @@ ], "cert-flp30-c": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/flp30-c.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:flp30-c", + "sei-cert-c:flp30-c", "severity:HIGH" ], "cert-flp37-c": [ @@ -998,12 +1001,12 @@ ], "cert-mem57-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/mem57-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem57-cpp", + "sei-cert-cpp:mem57-cpp", "severity:MEDIUM" ], "cert-msc24-c": [ @@ -1024,22 +1027,24 @@ ], "cert-msc50-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/msc50-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:msc30-c", - "sei-cert:msc50-cpp", + "sei-cert-c:msc30-c", + "sei-cert-cpp:msc50-cpp", "severity:LOW" ], "cert-msc51-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/msc51-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:msc32-c", - "sei-cert:msc51-cpp", + "sei-cert-c:msc32-c", + "sei-cert-cpp:msc51-cpp", "severity:MEDIUM" ], "cert-msc54-cpp": [ @@ -1048,12 +1053,12 @@ ], "cert-oop11-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/oop11-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop11-cpp", + "sei-cert-cpp:oop11-cpp", "severity:MEDIUM" ], "cert-oop54-cpp": [ @@ -1062,21 +1067,21 @@ ], "cert-oop57-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/oop57-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop57-cpp", + "sei-cert-cpp:oop57-cpp", "severity:HIGH" ], "cert-oop58-cpp": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/oop58-cpp.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop58-cpp", + "sei-cert-cpp:oop58-cpp", "severity:MEDIUM" ], "cert-pos44-c": [ @@ -1257,12 +1262,12 @@ ], "clang-diagnostic-array-bounds-pointer-arithmetic": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#warray-bounds-pointer-arithmetic", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:arr39-c", + "sei-cert-c:arr39-c", "severity:MEDIUM" ], "clang-diagnostic-array-parameter": [ @@ -1844,13 +1849,13 @@ ], "clang-diagnostic-conditional-uninitialized": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wconditional-uninitialized", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", + "sei-cert-c:exp33-c", "severity:HIGH" ], "clang-diagnostic-config-macros": [ @@ -1935,10 +1940,10 @@ ], "clang-diagnostic-dangling": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wdangling", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "label-tool-skip:severity", "profile:security", - "sei-cert:mem50-cpp", + "sei-cert-cpp:mem50-cpp", "severity:HIGH" ], "clang-diagnostic-dangling-else": [ @@ -1994,43 +1999,43 @@ ], "clang-diagnostic-delete-abstract-non-virtual-dtor": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wdelete-abstract-non-virtual-dtor", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop52-cpp", + "sei-cert-cpp:oop52-cpp", "severity:MEDIUM" ], "clang-diagnostic-delete-incomplete": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wdelete-incomplete", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp57-cpp", + "sei-cert-cpp:exp57-cpp", "severity:MEDIUM" ], "clang-diagnostic-delete-non-abstract-non-virtual-dtor": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wdelete-non-abstract-non-virtual-dtor", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop52-cpp", + "sei-cert-cpp:oop52-cpp", "severity:MEDIUM" ], "clang-diagnostic-delete-non-virtual-dtor": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wdelete-non-virtual-dtor", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop52-cpp", + "sei-cert-cpp:oop52-cpp", "severity:MEDIUM" ], "clang-diagnostic-delimited-escape-sequence-extension": [ @@ -2256,12 +2261,12 @@ ], "clang-diagnostic-double-promotion": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wdouble-promotion", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:flp34-c", + "sei-cert-c:flp34-c", "severity:MEDIUM" ], "clang-diagnostic-dtor-name": [ @@ -2298,10 +2303,10 @@ ], "clang-diagnostic-dynamic-class-memaccess": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wdynamic-class-memaccess", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:security", - "sei-cert:exp62-cpp", - "sei-cert:oop57-cpp", + "sei-cert-cpp:exp62-cpp", + "sei-cert-cpp:oop57-cpp", "severity:MEDIUM" ], "clang-diagnostic-dynamic-exception-spec": [ @@ -2326,12 +2331,12 @@ ], "clang-diagnostic-embedded-directive": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wembedded-directive", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pre32-c", + "sei-cert-c:pre32-c", "severity:MEDIUM" ], "clang-diagnostic-empty-body": [ @@ -2394,17 +2399,20 @@ "severity:MEDIUM" ], "clang-diagnostic-error": [ - "severity:CRITICAL" + "severity:CRITICAL", + "profile:default", + "profile:extreme", + "profile:sensitive" ], "clang-diagnostic-exceptions": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wexceptions", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err53-cpp", - "sei-cert:err54-cpp", + "sei-cert-cpp:err53-cpp", + "sei-cert-cpp:err54-cpp", "severity:MEDIUM" ], "clang-diagnostic-excess-initializers": [ @@ -2504,13 +2512,13 @@ ], "clang-diagnostic-float-conversion": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wfloat-conversion", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:flp32-c", - "sei-cert:flp34-c", + "sei-cert-c:flp32-c", + "sei-cert-c:flp34-c", "severity:MEDIUM" ], "clang-diagnostic-float-equal": [ @@ -2534,13 +2542,13 @@ ], "clang-diagnostic-format": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wformat", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:fio47-c", + "sei-cert-c:fio47-c", "severity:MEDIUM" ], "clang-diagnostic-format-extra-args": [ @@ -2570,29 +2578,29 @@ ], "clang-diagnostic-format-nonliteral": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wformat-nonliteral", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:fio30-c", + "sei-cert-c:fio30-c", "severity:MEDIUM" ], "clang-diagnostic-format-overflow": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wformat-overflow", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:security", - "sei-cert:mem35-c", + "sei-cert-c:mem35-c", "severity:HIGH" ], "clang-diagnostic-format-overflow-non-kprintf": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wformat-overflow-non-kprintf", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:security", - "sei-cert:mem35-c", + "sei-cert-c:mem35-c", "severity:HIGH" ], "clang-diagnostic-format-pedantic": [ @@ -2601,12 +2609,12 @@ ], "clang-diagnostic-format-security": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wformat-security", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:fio30-c", + "sei-cert-c:fio30-c", "severity:MEDIUM" ], "clang-diagnostic-format-signedness": [ @@ -2925,12 +2933,12 @@ ], "clang-diagnostic-implicit": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wimplicit", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl31-c", + "sei-cert-c:dcl31-c", "severity:MEDIUM" ], "clang-diagnostic-implicit-atomic-properties": [ @@ -2967,30 +2975,30 @@ ], "clang-diagnostic-implicit-function-declaration": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wimplicit-function-declaration", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl31-c", + "sei-cert-c:dcl31-c", "severity:HIGH" ], "clang-diagnostic-implicit-int": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wimplicit-int", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl31-c", + "sei-cert-c:dcl31-c", "severity:HIGH" ], "clang-diagnostic-implicit-int-conversion": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wimplicit-int-conversion", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:security", - "sei-cert:int36-c", + "sei-cert-c:int36-c", "severity:MEDIUM" ], "clang-diagnostic-implicit-int-float-conversion": [ @@ -3039,10 +3047,10 @@ ], "clang-diagnostic-incompatible-function-pointer-types-strict": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wincompatible-function-pointer-types-strict", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:security", - "sei-cert:exp37-c", + "sei-cert-c:exp37-c", "severity:MEDIUM" ], "clang-diagnostic-incompatible-library-redeclaration": [ @@ -3059,22 +3067,22 @@ ], "clang-diagnostic-incompatible-pointer-types": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wincompatible-pointer-types", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp32-c", + "sei-cert-c:exp32-c", "severity:MEDIUM" ], "clang-diagnostic-incompatible-pointer-types-discards-qualifiers": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wincompatible-pointer-types-discards-qualifiers", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp32-c", + "sei-cert-c:exp32-c", "severity:MEDIUM" ], "clang-diagnostic-incompatible-property-type": [ @@ -3127,12 +3135,12 @@ ], "clang-diagnostic-infinite-recursion": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#winfinite-recursion", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl56-cpp", + "sei-cert-cpp:dcl56-cpp", "severity:MEDIUM" ], "clang-diagnostic-init-self": [ @@ -3176,10 +3184,10 @@ ], "clang-diagnostic-int-conversion": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wint-conversion", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:security", - "sei-cert:int36-c", + "sei-cert-c:int36-c", "severity:HIGH" ], "clang-diagnostic-int-conversions": [ @@ -3239,9 +3247,9 @@ ], "clang-diagnostic-invalid-noreturn": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#winvalid-noreturn", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:security", - "sei-cert:msc53-cpp", + "sei-cert-cpp:msc53-cpp", "severity:MEDIUM" ], "clang-diagnostic-invalid-offsetof": [ @@ -3551,10 +3559,10 @@ ], "clang-diagnostic-mismatched-new-delete": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wmismatched-new-delete", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "label-tool-skip:severity", "profile:security", - "sei-cert:mem51-cpp", + "sei-cert-cpp:mem51-cpp", "severity:HIGH" ], "clang-diagnostic-mismatched-parameter-types": [ @@ -3792,12 +3800,12 @@ ], "clang-diagnostic-non-virtual-dtor": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wnon-virtual-dtor", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop52-cpp", + "sei-cert-cpp:oop52-cpp", "severity:MEDIUM" ], "clang-diagnostic-nonnull": [ @@ -4148,10 +4156,10 @@ ], "clang-diagnostic-over-aligned": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wover-aligned", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "label-tool-skip:severity", "profile:security", - "sei-cert:mem57-cpp", + "sei-cert-cpp:mem57-cpp", "severity:MEDIUM" ], "clang-diagnostic-overflow": [ @@ -4214,13 +4222,13 @@ ], "clang-diagnostic-parentheses": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wparentheses", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp45-c", + "sei-cert-c:exp45-c", "severity:MEDIUM" ], "clang-diagnostic-parentheses-equality": [ @@ -4303,10 +4311,10 @@ ], "clang-diagnostic-pointer-to-int-cast": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wpointer-to-int-cast", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:security", - "sei-cert:int36-c", + "sei-cert-c:int36-c", "severity:MEDIUM" ], "clang-diagnostic-pointer-type-mismatch": [ @@ -4578,12 +4586,12 @@ ], "clang-diagnostic-reorder-ctor": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wreorder-ctor", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop53-cpp", + "sei-cert-cpp:oop53-cpp", "severity:MEDIUM" ], "clang-diagnostic-reorder-init-list": [ @@ -4603,33 +4611,35 @@ ], "clang-diagnostic-reserved-identifier": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wreserved-identifier", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl37-c", - "sei-cert:dcl51-cpp", + "sei-cert-c:dcl37-c", + "sei-cert-cpp:dcl51-cpp", "severity:MEDIUM" ], "clang-diagnostic-reserved-macro-identifier": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wreserved-macro-identifier", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl37-c", - "sei-cert:dcl51-cpp", + "sei-cert-c:dcl37-c", + "sei-cert-cpp:dcl51-cpp", "severity:MEDIUM" ], "clang-diagnostic-reserved-module-identifier": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wreserved-module-identifier", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl51-cpp", + "sei-cert-cpp:dcl51-cpp", "severity:MEDIUM" ], "clang-diagnostic-reserved-user-defined-literal": [ @@ -4654,14 +4664,15 @@ ], "clang-diagnostic-return-stack-address": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wreturn-stack-address", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl30-c", - "sei-cert:exp54-cpp", - "sei-cert:exp61-cpp", + "sei-cert-c:dcl30-c", + "sei-cert-cpp:exp54-cpp", + "sei-cert-cpp:exp61-cpp", "severity:MEDIUM" ], "clang-diagnostic-return-std-move": [ @@ -4673,14 +4684,15 @@ ], "clang-diagnostic-return-type": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wreturn-type", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:msc37-c", - "sei-cert:msc52-cpp", + "sei-cert-c:msc37-c", + "sei-cert-cpp:msc52-cpp", "severity:MEDIUM" ], "clang-diagnostic-return-type-c-linkage": [ @@ -4742,13 +4754,13 @@ ], "clang-diagnostic-self-assign-overloaded": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wself-assign-overloaded", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop54-cpp", + "sei-cert-cpp:oop54-cpp", "severity:MEDIUM" ], "clang-diagnostic-self-move": [ @@ -4903,14 +4915,14 @@ ], "clang-diagnostic-sometimes-uninitialized": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wsometimes-uninitialized", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl41-c", - "sei-cert:exp33-c", + "sei-cert-c:dcl41-c", + "sei-cert-c:exp33-c", "severity:MEDIUM" ], "clang-diagnostic-source-mgr": [ @@ -4947,12 +4959,12 @@ ], "clang-diagnostic-static-in-inline": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wstatic-in-inline", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:msc40-c", + "sei-cert-c:msc40-c", "severity:MEDIUM" ], "clang-diagnostic-static-inline-explicit-instantiation": [ @@ -5363,12 +5375,12 @@ ], "clang-diagnostic-unevaluated-expression": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wunevaluated-expression", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp44-cpp", + "sei-cert-cpp:exp44-cpp", "severity:MEDIUM" ], "clang-diagnostic-unguarded-availability": [ @@ -5397,24 +5409,24 @@ ], "clang-diagnostic-uninitialized": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wuninitialized", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", + "sei-cert-c:exp33-c", "severity:HIGH" ], "clang-diagnostic-uninitialized-const-reference": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wuninitialized-const-reference", - "guideline:sei-cert", + "guideline:sei-cert-c", "label-tool-skip:severity", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", + "sei-cert-c:exp33-c", "severity:MEDIUM" ], "clang-diagnostic-unknown-argument": [ @@ -5513,12 +5525,12 @@ ], "clang-diagnostic-unsequenced": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wunsequenced", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp30-cpp", + "sei-cert-cpp:exp30-cpp", "severity:MEDIUM" ], "clang-diagnostic-unsupported-abi": [ @@ -5716,12 +5728,12 @@ ], "clang-diagnostic-user-defined-literals": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wuser-defined-literals", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl51-cpp", + "sei-cert-cpp:dcl51-cpp", "severity:MEDIUM" ], "clang-diagnostic-user-defined-warnings": [ @@ -5733,11 +5745,12 @@ ], "clang-diagnostic-varargs": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wvarargs", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "label-tool-skip:severity", "profile:security", - "sei-cert:exp47-c", - "sei-cert:exp58-cpp", + "sei-cert-c:exp47-c", + "sei-cert-cpp:exp58-cpp", "severity:MEDIUM" ], "clang-diagnostic-variadic-macros": [ @@ -5758,12 +5771,12 @@ ], "clang-diagnostic-vexing-parse": [ "doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wvexing-parse", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl53-cpp", + "sei-cert-cpp:dcl53-cpp", "severity:MEDIUM" ], "clang-diagnostic-visibility": [ @@ -5839,19 +5852,19 @@ ], "concurrency-mt-unsafe": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/concurrency/mt-unsafe.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:security", - "sei-cert:con33-c", + "sei-cert-c:con33-c", "severity:MEDIUM" ], "concurrency-thread-canceltype-asynchronous": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/concurrency/thread-canceltype-asynchronous.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pos47-c", + "sei-cert-c:pos47-c", "severity:MEDIUM" ], "cppcoreguidelines-avoid-c-arrays": [ @@ -5997,11 +6010,11 @@ ], "cppcoreguidelines-pro-type-const-cast": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cppcoreguidelines/pro-type-const-cast.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp55-cpp", + "sei-cert-cpp:exp55-cpp", "severity:LOW" ], "cppcoreguidelines-pro-type-cstyle-cast": [ @@ -6043,11 +6056,11 @@ ], "cppcoreguidelines-slicing": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cppcoreguidelines/slicing.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop51-cpp", + "sei-cert-cpp:oop51-cpp", "severity:LOW" ], "cppcoreguidelines-special-member-functions": [ @@ -6106,12 +6119,12 @@ ], "google-build-namespaces": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/google/build-namespaces.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl59-cpp", + "sei-cert-cpp:dcl59-cpp", "severity:MEDIUM" ], "google-build-using-namespace": [ @@ -6409,12 +6422,12 @@ ], "misc-assert-side-effect": [ "doc_url:https://releases.llvm.org/6.0.1/tools/clang/tools/extra/docs/clang-tidy/checks/misc-assert-side-effect.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pre31-c", + "sei-cert-c:pre31-c", "severity:MEDIUM" ], "misc-bool-pointer-implicit-conversion": [ @@ -6588,20 +6601,20 @@ ], "misc-new-delete-overloads": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/misc/new-delete-overloads.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl54-cpp", + "sei-cert-cpp:dcl54-cpp", "severity:MEDIUM" ], "misc-no-recursion": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/misc/no-recursion.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", - "sei-cert:dcl56-cpp", + "sei-cert-cpp:dcl56-cpp", "severity:LOW" ], "misc-noexcept-move-constructor": [ @@ -6611,12 +6624,12 @@ ], "misc-non-copyable-objects": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/misc/non-copyable-objects.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:fio38-c", + "sei-cert-c:fio38-c", "severity:HIGH" ], "misc-non-private-member-variables-in-classes": [ @@ -6640,12 +6653,12 @@ ], "misc-sizeof-expression": [ "doc_url:https://releases.llvm.org/6.0.1/tools/clang/tools/extra/docs/clang-tidy/checks/misc-sizeof-expression.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:arr39-c", + "sei-cert-c:arr39-c", "severity:HIGH" ], "misc-static-assert": [ @@ -6716,13 +6729,13 @@ ], "misc-throw-by-value-catch-by-reference": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/misc/throw-by-value-catch-by-reference.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err09-cpp", - "sei-cert:err61-cpp", + "sei-cert-cpp:err09-cpp", + "sei-cert-cpp:err61-cpp", "severity:HIGH" ], "misc-unconventional-assign-operator": [ @@ -6770,12 +6783,12 @@ ], "misc-use-after-move": [ "doc_url:https://releases.llvm.org/6.0.1/tools/clang/tools/extra/docs/clang-tidy/checks/misc-use-after-move.html", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp63-cpp", + "sei-cert-cpp:exp63-cpp", "severity:HIGH" ], "misc-use-anonymous-namespace": [ @@ -7266,11 +7279,11 @@ ], "readability-enum-initial-value": [ "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/readability/enum-initial-value.html", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:int09-c", + "sei-cert-c:int09-c", "severity:LOW" ], "readability-function-cognitive-complexity": [ diff --git a/config/labels/analyzers/clangsa.json b/config/labels/analyzers/clangsa.json index 3e4178f705..99a7d67bc3 100644 --- a/config/labels/analyzers/clangsa.json +++ b/config/labels/analyzers/clangsa.json @@ -322,30 +322,31 @@ ], "core.BitwiseShift": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-bitwiseshift-c-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:int32-c", - "sei-cert:int34-c", + "sei-cert-c:int32-c", + "sei-cert-c:int34-c", "severity:HIGH" ], "core.CallAndMessage": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-callandmessage-c-c-objc", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl41-c", - "sei-cert:exp30-c", - "sei-cert:exp33-c", - "sei-cert:exp34-c", - "sei-cert:exp39-c", - "sei-cert:exp50-cpp", - "sei-cert:exp53-cpp", - "sei-cert:exp54-cpp", + "sei-cert-c:dcl41-c", + "sei-cert-c:exp30-c", + "sei-cert-c:exp33-c", + "sei-cert-c:exp34-c", + "sei-cert-c:exp39-c", + "sei-cert-cpp:exp50-cpp", + "sei-cert-cpp:exp53-cpp", + "sei-cert-cpp:exp54-cpp", "severity:HIGH" ], "core.CallAndMessageModeling": [ @@ -355,12 +356,12 @@ ], "core.DivideZero": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-dividezero-c-c-objc", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:int33-c", + "sei-cert-c:int33-c", "severity:HIGH" ], "core.DynamicTypePropagation": [ @@ -371,12 +372,12 @@ ], "core.NonNullParamChecker": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-nonnullparamchecker-c-c-objc", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp34-c", + "sei-cert-c:exp34-c", "severity:HIGH" ], "core.NonnilStringConstants": [ @@ -386,55 +387,58 @@ ], "core.NullDereference": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-nulldereference-c-c-objc", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp34-c", + "sei-cert-c:exp34-c", "severity:HIGH" ], "core.StackAddrEscapeBase": [ - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl30-c", - "sei-cert:exp54-cpp", - "sei-cert:exp61-cpp" + "sei-cert-c:dcl30-c", + "sei-cert-cpp:exp54-cpp", + "sei-cert-cpp:exp61-cpp" ], "core.StackAddressEscape": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-stackaddressescape-c", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:dcl30-c", - "sei-cert:exp54-cpp", - "sei-cert:exp61-cpp", + "sei-cert-c:dcl30-c", + "sei-cert-cpp:exp54-cpp", + "sei-cert-cpp:exp61-cpp", "severity:HIGH" ], "core.UndefinedBinaryOperatorResult": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-undefinedbinaryoperatorresult-c", - "guideline:sei-cert", + "guideline:sei-cert-c", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", - "sei-cert:exp50-cpp", + "sei-cert-c:exp33-c", + "sei-cert-cpp:exp50-cpp", "severity:HIGH" ], "core.VLASize": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-vlasize-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:arr32-c", + "sei-cert-c:arr32-c", "severity:HIGH" ], "core.builtin.BuiltinFunctions": [ @@ -451,125 +455,125 @@ ], "core.uninitialized.ArraySubscript": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-arraysubscript-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", + "sei-cert-c:exp33-c", "severity:HIGH" ], "core.uninitialized.Assign": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-assign-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", + "sei-cert-c:exp33-c", "severity:HIGH" ], "core.uninitialized.Branch": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-branch-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", + "sei-cert-c:exp33-c", "severity:HIGH" ], "core.uninitialized.CapturedBlockVariable": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-capturedblockvariable-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", + "sei-cert-c:exp33-c", "severity:HIGH" ], "core.uninitialized.NewArraySize": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-newarraysize-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp33-c", + "sei-cert-c:exp33-c", "severity:HIGH" ], "core.uninitialized.UndefReturn": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-undefreturn-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop53-cpp", + "sei-cert-cpp:oop53-cpp", "severity:HIGH" ], "cplusplus.ArrayDelete": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#cplusplus-arraydelete-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp51-cpp", + "sei-cert-cpp:exp51-cpp", "severity:HIGH" ], "cplusplus.InnerPointer": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#cplusplus-innerpointer-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem50-cpp", - "sei-cert:str52-cpp", + "sei-cert-cpp:mem50-cpp", + "sei-cert-cpp:str52-cpp", "severity:HIGH" ], "cplusplus.Move": [ - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp63-cpp", + "sei-cert-cpp:exp63-cpp", "severity:HIGH" ], "cplusplus.NewDelete": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#cplusplus-newdelete-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp54-cpp", - "sei-cert:mem50-cpp", - "sei-cert:mem51-cpp", - "sei-cert:oop54-cpp", + "sei-cert-cpp:exp54-cpp", + "sei-cert-cpp:mem50-cpp", + "sei-cert-cpp:mem51-cpp", + "sei-cert-cpp:oop54-cpp", "severity:HIGH" ], "cplusplus.NewDeleteLeaks": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#cplusplus-newdeleteleaks-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem51-cpp", + "sei-cert-cpp:mem51-cpp", "severity:HIGH" ], "cplusplus.PlacementNew": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#cplusplus-placementnew-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem54-cpp", + "sei-cert-cpp:mem54-cpp", "severity:HIGH" ], "cplusplus.PureVirtualCall": [ @@ -580,12 +584,12 @@ ], "cplusplus.SelfAssignment": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#cplusplus-selfassignment-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop54-cpp", + "sei-cert-cpp:oop54-cpp", "severity:MEDIUM" ], "cplusplus.SmartPtrModeling": [ @@ -595,12 +599,12 @@ ], "cplusplus.StringChecker": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#cplusplus-stringchecker-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:str51-cpp", + "sei-cert-cpp:str51-cpp", "severity:HIGH" ], "cplusplus.VirtualCallModeling": [ @@ -610,12 +614,12 @@ ], "deadcode.DeadStores": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#deadcode-deadstores-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:msc12-c", + "sei-cert-c:msc12-c", "severity:LOW" ], "debug.AnalysisOrder": [ @@ -709,11 +713,11 @@ ], "optin.core.EnumCastOutOfRange": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-core-enumcastoutofrange-c-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem54-cpp", + "sei-cert-cpp:mem54-cpp", "severity:MEDIUM" ], "optin.cplusplus.UninitializedObject": [ @@ -725,12 +729,12 @@ ], "optin.cplusplus.VirtualCall": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-cplusplus-virtualcall-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:oop50-cpp", + "sei-cert-cpp:oop50-cpp", "severity:MEDIUM" ], "optin.mpi.MPI-Checker": [ @@ -761,13 +765,13 @@ ], "optin.portability.UnixAPI": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-portability-unixapi", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:portability", "profile:security", "profile:sensitive", - "sei-cert:mem30-c", + "sei-cert-c:mem30-c", "severity:MEDIUM" ], "optin.taint.GenericTaint": [ @@ -881,12 +885,12 @@ ], "security.FloatLoopCounter": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-floatloopcounter-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:flp30-c", + "sei-cert-c:flp30-c", "severity:MEDIUM" ], "security.MmapWriteExec": [ @@ -899,43 +903,43 @@ ], "security.PointerSub": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-pointersub-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:arr36-c", + "sei-cert-c:arr36-c", "severity:HIGH" ], "security.PutenvStackArray": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-putenvstackarray-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pos34-c", + "sei-cert-c:pos34-c", "severity:HIGH" ], "security.SetgidSetuidOrder": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-setgidsetuidorder-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pos36-c", + "sei-cert-c:pos36-c", "severity:MEDIUM" ], "security.cert.env.InvalidPtr": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-cert-env-invalidptr", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:env31-c", - "sei-cert:env34-c", + "sei-cert-c:env31-c", + "sei-cert-c:env34-c", "severity:MEDIUM" ], "security.insecureAPI.DeprecatedOrUnsafeBufferHandling": [ @@ -980,12 +984,12 @@ ], "security.insecureAPI.gets": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-gets-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:str31-c", + "sei-cert-c:str31-c", "severity:MEDIUM" ], "security.insecureAPI.mkstemp": [ @@ -1011,30 +1015,36 @@ ], "security.insecureAPI.strcpy": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-strcpy-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", - "sei-cert:str31-c", + "sei-cert-c:str31-c", "severity:MEDIUM" ], "security.insecureAPI.vfork": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-vfork-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pos33-c", + "sei-cert-c:pos33-c", "severity:MEDIUM" ], "unix.API": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-api-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp37-c", + "sei-cert-c:exp37-c", + "severity:MEDIUM" + ], + "unix.Chroot": [ + "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-chroot-c", + "profile:extreme", + "profile:sensitive", "severity:MEDIUM" ], "unix.DynamicMemoryModeling": [ @@ -1044,87 +1054,87 @@ ], "unix.Errno": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-errno-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:err30-c", + "sei-cert-c:err30-c", "severity:HIGH" ], "unix.Malloc": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-malloc-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem30-c", - "sei-cert:mem31-c", - "sei-cert:mem34-c", - "sei-cert:mem35-c", - "sei-cert:mem36-c", + "sei-cert-c:mem30-c", + "sei-cert-c:mem31-c", + "sei-cert-c:mem34-c", + "sei-cert-c:mem35-c", + "sei-cert-c:mem36-c", "severity:MEDIUM" ], "unix.MallocSizeof": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-mallocsizeof-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem35-c", + "sei-cert-c:mem35-c", "severity:MEDIUM" ], "unix.MismatchedDeallocator": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-mismatcheddeallocator-c-c", - "guideline:sei-cert", + "guideline:sei-cert-cpp", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:mem51-cpp", + "sei-cert-cpp:mem51-cpp", "severity:MEDIUM" ], "unix.StdCLibraryFunctions": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-stdclibraryfunctions-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:arr38-c", - "sei-cert:err33-c", - "sei-cert:pos52-c", + "sei-cert-c:arr38-c", + "sei-cert-c:err33-c", + "sei-cert-c:pos52-c", "severity:HIGH" ], "unix.Stream": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-stream-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:fio42-c", + "sei-cert-c:fio42-c", "severity:MEDIUM" ], "unix.Vfork": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-vfork-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:pos33-c", + "sei-cert-c:pos33-c", "severity:MEDIUM" ], "unix.cstring.BadSizeArg": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-cstring-badsizearg-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:str31-c", + "sei-cert-c:str31-c", "severity:MEDIUM" ], "unix.cstring.CStringModeling": [ @@ -1134,12 +1144,12 @@ ], "unix.cstring.NullArg": [ "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-cstring-nullarg-c", - "guideline:sei-cert", + "guideline:sei-cert-c", "profile:default", "profile:extreme", "profile:security", "profile:sensitive", - "sei-cert:exp34-c", + "sei-cert-c:exp34-c", "severity:HIGH" ], "valist.CopyToSelf": [ diff --git a/config/labels/descriptions.json b/config/labels/descriptions.json index 5b62fbf509..b3f6b3a471 100644 --- a/config/labels/descriptions.json +++ b/config/labels/descriptions.json @@ -15,7 +15,8 @@ "UNSPECIFIED": "Checker severity is not specified for a checker." }, "guideline": { - "sei-cert": "https://wiki.sei.cmu.edu/confluence/display/seccode", + "sei-cert-c": "https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard", + "sei-cert-cpp": "https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682", "misra-c": "https://www.misra.org.uk/" } } \ No newline at end of file diff --git a/docs/analyzer/user_guide.md b/docs/analyzer/user_guide.md index 55b07a4ed7..d9684c8840 100644 --- a/docs/analyzer/user_guide.md +++ b/docs/analyzer/user_guide.md @@ -449,22 +449,40 @@ checker configuration: -e checker/group/profile, --enable checker/group/profile - Set a checker (or checker group), profile or guideline - to BE USED in the analysis. In case of ambiguity the - priority order is profile, guideline, checker name - (e.g. security means the profile, not the checker - group). Moreover, labels can also be used for - selecting checkers, for example profile:extreme or - severity:STYLE. See 'CodeChecker checkers --label' for + Enable a checker or checker group to BE USED in the + analysis. Exact checker name, prefix, profile, + guideline or any label can be used for selecting + checkers. These namespace can be specified by + 'checker:' 'prefix:', 'profile:', 'guideline:', + 'severity:', etc. Normally, It is not necessary to + give a namespace but in case of ambiguity, the + CodeChecker returns with an error and suggests options + for clarification. For example the extreme profile can + be set by 'profile:extreme' or 'extreme' but security + can be also a prefix and in this case the namespace + must be given like 'profile:security' to set security + profile. If an exact checker name matches multiple + checkers as a prefix, 'checker:' or 'prefix:' + namespace is required. Any labels can be used for set + checker group. See 'CodeChecker checkers --label' for further details. -d checker/group/profile, --disable checker/group/profile - Set a checker (or checker group), profile or guideline - to BE PROHIBITED from use in the analysis. In case of - ambiguity the priority order is profile, guideline, - checker name (e.g. security means the profile, not the - checker group). Moreover, labels can also be used for - selecting checkers, for example profile:extreme or - severity:STYLE. See 'CodeChecker checkers --label' for + Disable a checker or checker group to BE PROHIBITED in + the analysis. Exact checker name, prefix, profile, + guideline or any label can be used for selecting + checkers. These namespace can be specified by + 'checker:' 'prefix:', 'profile:', 'guideline:', + 'severity:', etc. Normally, It is not necessary to + give a namespace but in case of ambiguity, the + CodeChecker returns with an error and suggests options + for clarification. For example the extreme profile can + be set by 'profile:extreme' or 'extreme' but security + can be also a prefix and in this case the namespace + must be given like 'profile:security' to set security + profile. If an exact checker name matches multiple + checkers as a prefix, 'checker:' or 'prefix:' + namespace is required. Any labels can be used for set + checker group. See 'CodeChecker checkers --label' for further details. --enable-all Force the running analyzers to use almost every checker available. The checker groups 'alpha.', @@ -793,7 +811,10 @@ If this is not possible, you can work around the situation by specifying the absolute path of the `ldlogger.so` in the `LD_PRELOAD`: ```sh -LD_PRELOAD=/ld_logger/lib/x86_64/ldlogger.so CodeChecker log -o compile_commands.json -b "make -j2" +# For 64-bit compilers +LD_PRELOAD=/ld_logger/lib/64bit/ldlogger.so CodeChecker log -o compile_commands.json -b "make -j2" +# For 32-bit compilers +LD_PRELOAD=/ld_logger/lib/32bit/ldlogger.so CodeChecker log -o compile_commands.json -b "make -j2" ``` #### Change user inside the build command @@ -1438,23 +1459,41 @@ available checkers in the binaries installed on your system. ``` checker configuration: - -e checker/group/profile, --enable checker/group/profile - Set a checker (or checker group or checker profile) - to BE USED in the analysis. In case of ambiguity the - priority order is profile, guideline, checker name - (e.g. security means the profile, not the checker - group). Moreover, labels can also be used for - selecting checkers, for example profile:extreme or - severity:STYLE. See 'CodeChecker checkers --label' for + -e checker/group/profile, --enable checker/group/profile + Enable a checker or checker group to BE USED in the + analysis. Exact checker name, prefix, profile, + guideline or any label can be used for selecting + checkers. These namespace can be specified by + 'checker:' 'prefix:', 'profile:', 'guideline:', + 'severity:', etc. Normally, It is not necessary to + give a namespace but in case of ambiguity, the + CodeChecker returns with an error and suggests options + for clarification. For example the extreme profile can + be set by 'profile:extreme' or 'extreme' but security + can be also a prefix and in this case the namespace + must be given like 'profile:security' to set security + profile. If an exact checker name matches multiple + checkers as a prefix, 'checker:' or 'prefix:' + namespace is required. Any labels can be used for set + checker group. See 'CodeChecker checkers --label' for further details. -d checker/group/profile, --disable checker/group/profile - Set a checker (or checker group or checker profile) - to BE PROHIBITED from use in the analysis. In case of - ambiguity the priority order is profile, guideline, - checker name (e.g. security means the profile, not the - checker group). Moreover, labels can also be used for - selecting checkers, for example profile:extreme or - severity:STYLE. See 'CodeChecker checkers --label' for + Disable a checker or checker group to BE PROHIBITED in + the analysis. Exact checker name, prefix, profile, + guideline or any label can be used for selecting + checkers. These namespace can be specified by + 'checker:' 'prefix:', 'profile:', 'guideline:', + 'severity:', etc. Normally, It is not necessary to + give a namespace but in case of ambiguity, the + CodeChecker returns with an error and suggests options + for clarification. For example the extreme profile can + be set by 'profile:extreme' or 'extreme' but security + can be also a prefix and in this case the namespace + must be given like 'profile:security' to set security + profile. If an exact checker name matches multiple + checkers as a prefix, 'checker:' or 'prefix:' + namespace is required. Any labels can be used for set + checker group. See 'CodeChecker checkers --label' for further details. --enable-all Force the running analyzers to use almost every checker available. The checker groups 'alpha.', @@ -1492,10 +1531,11 @@ Checkers are taken into account based on the following order: "debug" checker groups. `osx` checker group is also not included unless the target platform is Darwin. - Command line `--enable/--disable` flags. - - Their arguments may start with `profile:` of `guideline:` prefix which - makes the choice explicit. - - Without prefix it means a profile name, a guideline name or a checker - group/name in this priority order. + - Their arguments may start with `checker:`, `prefix:`, `profile:`, + `guideline:` or any existing label type as a namespace which makes the + choice explicit. + - Without namespace it can be a checker name, a checker prefix, a profile + name or a guideline name. in case of ambiguity, namespace is expected. Disabling certain checkers - such as the `core` group - is unsupported by the LLVM/Clang community, and thus discouraged. @@ -1511,24 +1551,24 @@ and disabled flags starting from the bigger groups and going inwards. For example ```sh ---enable Wunused --disable Wno-unused-parameter +--enable prefix:clang-diagnostic-unused +--disable checker:clang-diagnostic-unused-parameter ``` or ```sh ---enable Wunused --disable Wunused-parameter -``` -will enable every `unused` warnings except `unused-parameter`. These flags -should start with a capital `W` or `Wno-` prefix followed by the warning name -(E.g.: `-e Wliteral-conversion`, `-d Wno-literal-conversion` or -`-d Wliteral-conversion`). To turn off a compiler warning you can use the -negative form beginning with `Wno-` (e.g.: `--disable Wno-literal-conversion`) -or you can use the positive form beginning with `W` (e.g.: -`--enable Wliteral-conversion`). For more information see: +--enable prefix:clang-diagnostic-unused +--disable clang-diagnostic-unused-parameter +``` +will enable every `unused` warnings except `unused-parameter`. To turn off a +compiler warning you should use `clang-diagnostic-` instead of `W` or `Wno` +followed by the warning name. These flags may start with `checker:`, +`prefix:`, `profile:`, `guideline:` or any existing label type as a namespace +which makes the choice explicit. Namespace is only required when the given +flag is ambiguity. (E.g.: `clang-diagnostic-unused` is both a checker name +that represents unused warning and a prefix that is the group of the unused +warrnings). For more information see: https://clang.llvm.org/docs/DiagnosticsReference.html. -A warning can be referred in both formats: `-d Wunused-parameter` and -`-d clang-diagnostic-unused-parameter` are the same. - `clang-diagnostic-error` is a special one, since it doesn't refer a warning but a compilation error. This is enabled by default and will be stored as a critical severity bug. @@ -2718,4 +2758,4 @@ The following actions are available: setting. If none of the filter options is provided, then that setting is not applied on -any report. +any report. \ No newline at end of file diff --git a/scripts/labels/label_tool/requirements.txt b/scripts/labels/label_tool/requirements.txt index dddf46e335..ab17cdcf0f 100644 --- a/scripts/labels/label_tool/requirements.txt +++ b/scripts/labels/label_tool/requirements.txt @@ -1,6 +1,6 @@ # codechecker==local emoji==2.11.0 -lxml==5.2.2 +lxml==5.3.0 packaging==24.0 selenium==4.19.0 tabulate==0.9.0 diff --git a/tools/report-converter/codechecker_report_converter/report/output/html/html.py b/tools/report-converter/codechecker_report_converter/report/output/html/html.py index c102199cfd..b2a80f691a 100644 --- a/tools/report-converter/codechecker_report_converter/report/output/html/html.py +++ b/tools/report-converter/codechecker_report_converter/report/output/html/html.py @@ -63,6 +63,7 @@ class Checker(TypedDict): class HTMLReport(TypedDict): fileId: str + path: str reportHash: Optional[str] checker: Checker analyzerName: Optional[str] @@ -239,6 +240,7 @@ def to_macro_expansions( html_reports.append({ 'fileId': report.file.id, 'reportHash': report.report_hash, + 'path': report.file.path, 'checker': { 'name': report.checker_name, 'url': self._get_doc_url(report) or '' @@ -309,7 +311,7 @@ def create_index_html(self, output_dir: str): table_reports = map(lambda data: { 'link': os.path.basename(data['link']), - 'file-path': data['report']['fileId'], + 'file-path': data['report']['path'], 'report-hash': data['report']['reportHash'], 'checker-name': data['report']['checker']['name'], 'checker-url': data['report']['checker']['url'], @@ -436,7 +438,6 @@ def convert( if not reports: LOG.info('No report data in %s file.', file_path) return set() - html_filename = f"{os.path.basename(file_path)}.html" html_output_path = os.path.join(output_dir_path, html_filename) _, changed_files = html_builder.create( diff --git a/web/api/js/codechecker-api-node/dist/codechecker-api-6.59.0.tgz b/web/api/js/codechecker-api-node/dist/codechecker-api-6.59.0.tgz index ba7a89c4d6..25aac2dbb6 100644 Binary files a/web/api/js/codechecker-api-node/dist/codechecker-api-6.59.0.tgz and b/web/api/js/codechecker-api-node/dist/codechecker-api-6.59.0.tgz differ diff --git a/web/api/py/codechecker_api/dist/codechecker_api.tar.gz b/web/api/py/codechecker_api/dist/codechecker_api.tar.gz index b8663d44ae..9c36f1aedd 100644 Binary files a/web/api/py/codechecker_api/dist/codechecker_api.tar.gz and b/web/api/py/codechecker_api/dist/codechecker_api.tar.gz differ diff --git a/web/api/py/codechecker_api_shared/dist/codechecker_api_shared.tar.gz b/web/api/py/codechecker_api_shared/dist/codechecker_api_shared.tar.gz index d84898edb4..f3f2c9d45e 100644 Binary files a/web/api/py/codechecker_api_shared/dist/codechecker_api_shared.tar.gz and b/web/api/py/codechecker_api_shared/dist/codechecker_api_shared.tar.gz differ diff --git a/web/api/report_server.thrift b/web/api/report_server.thrift index 7c34652a31..2db06a6326 100644 --- a/web/api/report_server.thrift +++ b/web/api/report_server.thrift @@ -548,6 +548,18 @@ struct Checker { 2: string checkerId, } +struct Guideline { + 1: string guidelineName +} + +struct Rule { + 1: string ruleId, // The identifier of the rule. + 2: string title, // The rule summary. + 3: string url, // The link of the rule page. + 4: list> checkers // List of checker names +} +typedef map> GuidelineRules + service codeCheckerDBAccess { // Gives back all analyzed runs. @@ -780,6 +792,10 @@ service codeCheckerDBAccess { // 'label1:value2', 'label2:value3']. list> getCheckerLabels(1: list checkers) + // Return the list of rules to each guideline that given. + // If the guidelines param is empty, returning with all guideline rules. + GuidelineRules getGuidelineRules(1: list guidelines) + // returns the CodeChecker version that is running on the server // !DEPRECATED Use ServerInfo API to get the package version. string getPackageVersion(); diff --git a/web/client/codechecker_client/blame_info.py b/web/client/codechecker_client/blame_info.py index ed52db27f9..32d46731f4 100644 --- a/web/client/codechecker_client/blame_info.py +++ b/web/client/codechecker_client/blame_info.py @@ -39,8 +39,9 @@ def __get_tracking_branch(repo: Repo) -> Optional[str]: def __get_blame_info(file_path: str): """ Get blame info for the given file. """ try: - repo = Repo(file_path, search_parent_directories=True) - if repo.ignored(file_path): + real_path = os.path.realpath(file_path) + repo = Repo(real_path, search_parent_directories=True) + if repo.ignored(real_path): LOG.debug("File %s is an ignored file", file_path) return None except InvalidGitRepositoryError: @@ -59,7 +60,7 @@ def __get_blame_info(file_path: str): pass try: - blame = repo.blame_incremental(repo.head.commit.hexsha, file_path) + blame = repo.blame_incremental(repo.head.commit.hexsha, real_path) res = { 'version': 'v1', diff --git a/web/codechecker_web/shared/webserver_context.py b/web/codechecker_web/shared/webserver_context.py index 0945443366..992ddb6c59 100644 --- a/web/codechecker_web/shared/webserver_context.py +++ b/web/codechecker_web/shared/webserver_context.py @@ -17,6 +17,7 @@ from codechecker_common import logger from codechecker_common.checker_labels import CheckerLabels +from codechecker_common.guidelines import Guidelines from codechecker_common.singleton import Singleton from codechecker_common.util import load_json @@ -70,7 +71,11 @@ def __init__(self): if 'CC_TEST_LABELS_DIR' in os.environ: labels_dir = os.environ['CC_TEST_LABELS_DIR'] + guidelines_dir = os.path.join(self._data_files_dir_path, + 'config', 'guidelines') + self._checker_labels = CheckerLabels(labels_dir) + self._guidelines = Guidelines(guidelines_dir) self.__system_comment_map = load_json(self.system_comment_map_file, {}) self.__git_commit_urls = self.__get_git_commit_urls() self.__package_version = None @@ -222,6 +227,10 @@ def config_migration_root(self): def checker_labels(self): return self._checker_labels + @property + def guideline(self): + return self._guidelines + def get_context(): try: diff --git a/web/requirements.txt b/web/requirements.txt index 07ec40a8e7..163fa82081 100644 --- a/web/requirements.txt +++ b/web/requirements.txt @@ -1,4 +1,4 @@ -lxml==5.2.2 +lxml==5.3.0 sqlalchemy==1.3.23 alembic==1.5.5 portalocker==2.2.1 diff --git a/web/requirements_py/db_pg8000/requirements.txt b/web/requirements_py/db_pg8000/requirements.txt index 1e1ab10084..c63e4bcb00 100644 --- a/web/requirements_py/db_pg8000/requirements.txt +++ b/web/requirements_py/db_pg8000/requirements.txt @@ -1,4 +1,4 @@ -lxml==5.2.2 +lxml==5.3.0 sqlalchemy==1.3.23 alembic==1.5.5 pg8000==1.15.2 diff --git a/web/requirements_py/db_psycopg2/requirements.txt b/web/requirements_py/db_psycopg2/requirements.txt index 92a328e8fd..7ce529d7b0 100644 --- a/web/requirements_py/db_psycopg2/requirements.txt +++ b/web/requirements_py/db_psycopg2/requirements.txt @@ -1,4 +1,4 @@ -lxml==5.2.2 +lxml==5.3.0 sqlalchemy==1.3.23 alembic==1.5.5 psycopg2-binary==2.8.6 diff --git a/web/server/codechecker_server/api/product_server.py b/web/server/codechecker_server/api/product_server.py index f7cbaeadb6..62e13fd63d 100644 --- a/web/server/codechecker_server/api/product_server.py +++ b/web/server/codechecker_server/api/product_server.py @@ -15,6 +15,9 @@ from sqlalchemy.sql.expression import and_ +from sqlalchemy import create_engine, exc +from sqlalchemy.engine.url import URL + import codechecker_api_shared from codechecker_api.ProductManagement_v6 import ttypes @@ -318,6 +321,57 @@ def getProductConfiguration(self, product_id): return prod + @timeit + def __create_product_database(self, product): + """ + Creates a database for the given product, + to assist addProduct() function that connects to + an already existing database. + """ + + product_info = product.connection + if product_info.engine == 'sqlite': + LOG.info("Using SQLite engine, skipping database creation") + return True + + db_host = product_info.host + db_engine = product_info.engine + db_port = int(product_info.port) + db_user = convert.from_b64(product_info.username_b64) + db_pass = convert.from_b64(product_info.password_b64) + db_name = product_info.database + + engine_url = URL( + drivername=db_engine, + username=db_user, + password=db_pass, + host=db_host, + port=db_port, + database='postgres' + ) + engine = create_engine(engine_url) + try: + with engine.connect() as conn: + conn.execute("commit") + LOG.info("Creating database '%s'", db_name) + conn.execute(f"CREATE DATABASE {db_name}") + conn.close() + except exc.ProgrammingError as e: + LOG.error("ProgrammingError occurred: %s", str(e)) + if "already exists" in str(e): + LOG.error("Database '%s' already exists", db_name) + return False + else: + LOG.error("Error occurred while creating database: %s", str(e)) + return False + except exc.SQLAlchemyError as e: + LOG.error("SQLAlchemyError occurred: %s", str(e)) + return False + finally: + engine.dispose() + + return True + @timeit def addProduct(self, product): """ @@ -352,6 +406,20 @@ def addProduct(self, product): codechecker_api_shared.ttypes.ErrorCode.GENERAL, msg) + # Check if the database is already in use by another product. + db_in_use = self.__server.is_database_used(product) + if db_in_use: + LOG.error("Database '%s' is already in use by another product!", + product.connection.database) + raise codechecker_api_shared.ttypes.RequestFailed( + codechecker_api_shared.ttypes.ErrorCode.DATABASE, + "Database is already in use by another product!") + + # Add database before letting product connect to it + if self.__create_product_database(product): + LOG.info("Database '%s' created successfully.", + product.connection.database) + # Some values come encoded as Base64, decode these. displayed_name = convert.from_b64(product.displayedName_b64) \ if product.displayedName_b64 else product.endpoint diff --git a/web/server/codechecker_server/api/report_server.py b/web/server/codechecker_server/api/report_server.py index bb58998283..8dc184cebe 100644 --- a/web/server/codechecker_server/api/report_server.py +++ b/web/server/codechecker_server/api/report_server.py @@ -41,7 +41,7 @@ Order, \ ReportData, ReportDetails, ReportStatus, ReviewData, ReviewStatusRule, \ ReviewStatusRuleFilter, ReviewStatusRuleSortMode, \ - ReviewStatusRuleSortType, RunData, RunFilter, RunHistoryData, \ + ReviewStatusRuleSortType, Rule, RunData, RunFilter, RunHistoryData, \ RunReportCount, RunSortType, RunTagCount, \ ReviewStatus as API_ReviewStatus, \ SourceComponentData, SourceFileData, SortMode, SortType @@ -2775,6 +2775,40 @@ def getCheckerLabels( return labels + @exc_to_thrift_reqfail + @timeit + def getGuidelineRules( + self, + guidelines: List[ttypes.Guideline] + ): + """ Return the list of rules to each guideline that given. """ + guideline_rules = defaultdict(list) + for guideline in guidelines: + rules = self._context.guideline.rules_of_guideline( + guideline.guidelineName) + if not rules: + guideline_rules[guideline.guidelineName] = [] + continue + for rule in rules: + checkers = [{ + "checkerName": checker_name, + "severity": self._context.checker_labels.severity( + checker_name).lower() + } for checker_name in + self._context.checker_labels.checkers_by_labels( + [f"{guideline.guidelineName}:{rule}"])] + + guideline_rules[guideline.guidelineName].append( + Rule( + ruleId=rule.lower(), + title=rules[rule].get("title", ""), + url=rules[rule].get("rule_url", ""), + checkers=checkers + ) + ) + + return guideline_rules + @exc_to_thrift_reqfail @timeit def getSourceFileData(self, fileId, fileContent, encoding): diff --git a/web/server/codechecker_server/server.py b/web/server/codechecker_server/server.py index 83d38ed85e..0476d07258 100644 --- a/web/server/codechecker_server/server.py +++ b/web/server/codechecker_server/server.py @@ -27,6 +27,7 @@ import multiprocess from sqlalchemy.orm import sessionmaker +from sqlalchemy.engine.url import make_url from sqlalchemy.sql.expression import func from thrift.protocol import TJSONProtocol from thrift.transport import TTransport @@ -755,6 +756,9 @@ def __init__(self, permissions.initialise_defaults('SYSTEM', { 'config_db_session': cfg_sess }) + + self.cfg_sess_private = cfg_sess + products = cfg_sess.query(ORMProduct).all() for product in products: self.add_product(product) @@ -898,6 +902,36 @@ def add_product(self, orm_product, init_db=False): self.__products[prod.endpoint] = prod + def is_database_used(self, conn): + """ + Returns bool whether the given database is already connected to by + the server. + """ + + # get the database name from the database connection args + conn = make_url(conn.connection) + is_sqlite = conn.engine == 'sqlite' + + # create a tuple of database that is going to be added for comparison + to_add = (f"{conn.engine}+pysqlite" if is_sqlite + else f"{conn.engine}+psycopg2", + conn.database, conn.host, conn.port) + + # create a tuple of database that is already connected for comparison + def to_tuple(product): + url = make_url(product.connection) + return url.drivername, url.database, url.host, url.port + # creates a list of currently connected databases + current_connected_databases = list(map( + to_tuple, + self.cfg_sess_private.query(ORMProduct).all())) + + self.cfg_sess_private.commit() + self.cfg_sess_private.close() + + # True if found, False otherwise + return to_add in current_connected_databases + @property def num_products(self): """ @@ -1026,7 +1060,8 @@ def __check_callback_url_format(provider_name, callback_url): website = "[a-zA-Z0-9.-]+([:][0-9]{2,5}|)" paths = "login[/]OAuthLogin" - pattern_str = "^%s[:][/]{2}%s[/]%s[/]%s$" % (protocol, website, paths, provider_name) + pattern_str = f"^{protocol}://{website}/{paths}/{provider_name}$" + # pattern_str = "^%s[:][/]{2}%s[/]%s[/]%s$" % (protocol, website, paths, provider_name) pattern = re.compile(pattern_str) match = pattern.match(callback_url) diff --git a/web/server/vue-cli/package-lock.json b/web/server/vue-cli/package-lock.json index 3a4aacb0d5..e9120cf833 100644 --- a/web/server/vue-cli/package-lock.json +++ b/web/server/vue-cli/package-lock.json @@ -5105,7 +5105,7 @@ "node_modules/codechecker-api": { "version": "6.59.0", "resolved": "file:../../api/js/codechecker-api-node/dist/codechecker-api-6.59.0.tgz", - "integrity": "sha512-auSNXwtKvZ9M5nQ+z9Z9eR6/B1sojNWfWLZLglGZkrPmBkoChHEK4gMzkeQdjfj1KDd4G4yUj2WN0mnN9rD16Q==", + "integrity": "sha512-uLd4IqBeA+5iKVLVGkgJ8qSb+qB9OZxbTn8UawLv/MrGSj4O4FWDXEdjrxzofi8KMjXTd8IWhkAUVTDaHdOu7g==", "license": "SEE LICENSE IN LICENSE", "dependencies": { "thrift": "0.13.0-hotfix.1" @@ -21125,7 +21125,7 @@ }, "codechecker-api": { "version": "file:../../api/js/codechecker-api-node/dist/codechecker-api-6.59.0.tgz", - "integrity": "sha512-auSNXwtKvZ9M5nQ+z9Z9eR6/B1sojNWfWLZLglGZkrPmBkoChHEK4gMzkeQdjfj1KDd4G4yUj2WN0mnN9rD16Q==", + "integrity": "sha512-uLd4IqBeA+5iKVLVGkgJ8qSb+qB9OZxbTn8UawLv/MrGSj4O4FWDXEdjrxzofi8KMjXTd8IWhkAUVTDaHdOu7g==", "requires": { "thrift": "0.13.0-hotfix.1" } diff --git a/web/server/vue-cli/src/components/CountChips.vue b/web/server/vue-cli/src/components/CountChips.vue index 4f976f613c..3fade6ebfe 100644 --- a/web/server/vue-cli/src/components/CountChips.vue +++ b/web/server/vue-cli/src/components/CountChips.vue @@ -89,7 +89,7 @@ export default { }, props: { tag: { type: String, default: "span" }, - numGood: { type: Number, required: true }, + numGood: { type: Number, default: 0 }, numBad: { type: Number, default: 0 }, numTotal: { type: Number, default: 0 }, goodText: { type: String, default: "" }, diff --git a/web/server/vue-cli/src/components/Report/ReportFilter/ReportFilter.vue b/web/server/vue-cli/src/components/Report/ReportFilter/ReportFilter.vue index 1a6abbde29..2490d3cb49 100644 --- a/web/server/vue-cli/src/components/Report/ReportFilter/ReportFilter.vue +++ b/web/server/vue-cli/src/components/Report/ReportFilter/ReportFilter.vue @@ -390,7 +390,8 @@ export default { showReviewStatus: { type: Boolean, default: true }, showRemoveFilteredReports: { type: Boolean, default: true }, showDiffType: { type: Boolean, default: true }, - reportCount: { type: Number, required: true } + reportCount: { type: Number, required: true }, + refreshFilter: { type: Boolean, default: false } }, data() { @@ -412,6 +413,15 @@ export default { }), }, + watch: { + refreshFilter(state) { + if (!state) return; + + this.initByUrl(); + this.$emit("set-refresh-filter-state", false); + } + }, + mounted() { this.initByUrl(); }, diff --git a/web/server/vue-cli/src/components/Statistics/BaseStatisticsTable.vue b/web/server/vue-cli/src/components/Statistics/BaseStatisticsTable.vue index 30c0870797..820ed46dd4 100644 --- a/web/server/vue-cli/src/components/Statistics/BaseStatisticsTable.vue +++ b/web/server/vue-cli/src/components/Statistics/BaseStatisticsTable.vue @@ -2,6 +2,7 @@ + + + + + + + + + + + +