@@ -103,10 +103,10 @@ namespace {
103103 picojson::object rule;
104104 rule[" id" picojson::value (finding.id );
105105 // rule.name
106- rule[" name" picojson::value (finding. shortMessage ( ));
106+ rule[" name" picojson::value (getRuleShortDescription (finding ));
107107 // rule.shortDescription.text
108108 picojson::object shortDescription;
109- shortDescription[" text" picojson::value (getRuleShortDescription ( finding));
109+ shortDescription[" text" picojson::value (finding. shortMessage ( ));
110110 rule[" shortDescription" picojson::value (shortDescription);
111111 // rule.fullDescription.text
112112 picojson::object fullDescription;
@@ -122,13 +122,22 @@ namespace {
122122 // Only set security-severity for findings that are actually security-related
123123 if (isSecurityRelatedFinding (finding.id )) {
124124 double securitySeverity = 0 ;
125- if (ErrorLogger::isCriticalErrorId (finding.id ))
126- securitySeverity = 9.9 ;
127- else if (finding.severity == Severity::error)
128- securitySeverity = 8.5 ;
129- else if (finding.severity == Severity::warning)
130- securitySeverity = 5.1 ;
131- if (securitySeverity > 0.5 ) {
125+ if (ErrorLogger::isCriticalErrorId (finding.id )) {
126+ securitySeverity = 9.9 ; // critical = 9.0+
127+ }
128+ else if (finding.severity == Severity::error) {
129+ securitySeverity = 8.5 ; // high = 7.0 to 8.9
130+ }
131+ else if (finding.severity == Severity::warning) {
132+ securitySeverity = 5.5 ; // medium = 4.0 to 6.9
133+ }
134+ else if (finding.severity == Severity::performance ||
135+ finding.severity == Severity::portability ||
136+ finding.severity == Severity::style) {
137+ securitySeverity = 2.0 ; // low = 0.1 to 3.9
138+ }
139+ if (securitySeverity > 0.0 )
140+ {
132141 properties[" security-severity" picojson::value (std::to_string (securitySeverity));
133142 const picojson::array tags{picojson::value (" security"
134143 properties[" tags" picojson::value (tags);
@@ -280,6 +289,140 @@ namespace {
280289 " Detects when function parameters should be passed by const reference instead of by value for better performance."
281290 {" derefInvalidIteratorRedundantCheck" " Redundant iterator check"
282291 " Detects redundant checks for invalid iterator dereferencing."
292+ {" stlFindInsert" " Inefficient STL usage"
293+ " Detects when searching before insertion is unnecessary and suggests using more efficient STL methods like try_emplace."
294+ {" uselessCallsSubstr" " Ineffective substr call"
295+ " Detects ineffective calls to substr() that can be replaced with more efficient methods like resize() or pop_back()."
296+ {" uninitMemberVar" " Uninitialized member variable"
297+ " Detects member variables that are not initialized in the constructor."
298+ {" stlIfStrFind" " Inefficient string find usage"
299+ " Detects inefficient usage of string::find() in conditions where string::starts_with() or other methods could be faster."
300+ {" invalidScanfArgType_int" " Invalid scanf argument type"
301+ " Detects when scanf format specifiers don't match the argument types provided."
302+ {" constStatement" " Const statement"
303+ " Detects statements that have no effect and could indicate a programming error."
304+ {" variableScope" " Variable scope"
305+ " Detects when variable scope can be reduced to improve code clarity and performance."
306+ {" postfixOperator" " Inefficient postfix operator"
307+ " Detects when prefix operators (++i) should be used instead of postfix (i++) for better performance."
308+ {" useStlAlgorithm" " Use STL algorithm"
309+ " Suggests using STL algorithms instead of raw loops for better readability and performance."
310+ {" redundantAssignment" " Redundant assignment"
311+ " Detects redundant assignments where a variable is assigned but the value is never used."
312+ {" duplicateExpression" " Duplicate expression"
313+ " Detects identical expressions on both sides of operators which may indicate copy-paste errors."
314+ {" oppositeInnerCondition" " Opposite inner condition"
315+ " Detects when an inner condition is always false due to an outer condition."
316+ {" knownConditionTrueFalse" " Known condition"
317+ " Detects conditions that are always true or false due to previous code."
318+ {" clarifyCondition" " Unclear condition"
319+ " Suggests adding parentheses to clarify operator precedence in conditions."
320+ {" redundantCondition" " Redundant condition"
321+ " Detects redundant conditions that don't affect the program flow."
322+ {" missingReturn" " Missing return statement"
323+ " Detects functions that should return a value but may not have a return statement."
324+ {" invalidContainer" " Invalid container usage"
325+ " Detects invalid usage of STL containers that could lead to undefined behavior."
326+ {" containerOutOfBounds" " Container out of bounds"
327+ " Detects when container access operations exceed the container size."
328+ {" danglingPointer" " Dangling pointer"
329+ " Detects pointers that reference memory that has been deallocated."
330+ {" memsetClass" " Memset on class"
331+ " Detects when memset is used on classes with constructors/destructors which is undefined behavior."
332+ {" noExplicitConstructor" " Missing explicit constructor"
333+ " Suggests adding 'explicit' keyword to single-argument constructors to prevent implicit conversions."
334+ {" noCopyConstructor" " Missing copy constructor"
335+ " Detects classes that should have a copy constructor but don't."
336+ {" noOperatorEq" " Missing assignment operator"
337+ " Detects classes that should have an assignment operator but don't."
338+ {" virtualDestructor" " Missing virtual destructor"
339+ " Detects base classes that should have virtual destructors."
340+ {" useInitializationList" " Use initialization list"
341+ " Suggests using constructor initialization lists instead of assignment in constructor body."
342+ {" cstyleCast" " C-style cast"
343+ " Suggests using C++ style casts instead of C-style casts for better type safety."
344+ {" redundantCopy" " Redundant copy"
345+ " Detects unnecessary copying of objects that could be avoided."
346+ {" returnTempReference" " Return temporary reference"
347+ " Detects when functions return references to temporary objects."
348+ {" nullPointerArithmetic" " Null pointer arithmetic"
349+ " Detects arithmetic operations performed on null pointers."
350+ {" nullPointerRedundantCheck" " Redundant null pointer check"
351+ " Detects redundant checks for null pointers that are already known to be null or non-null."
352+ {" nullPointerDefaultArg" " Null pointer default argument"
353+ " Detects when null pointers are used as default arguments which may cause dereferencing issues."
354+ {" nullPointerOutOfMemory" " Null pointer from memory allocation"
355+ " Detects when memory allocation functions return null due to out-of-memory conditions."
356+ {" nullPointerOutOfResources" " Null pointer from resource exhaustion"
357+ " Detects when resource allocation functions return null due to resource exhaustion."
358+ {" leakReturnValNotUsed" " Memory leak from unused return value"
359+ " Detects memory leaks when the return value of allocation functions is not used."
360+ {" leakUnsafeArgAlloc" " Unsafe argument allocation leak"
361+ " Detects memory leaks in unsafe argument allocation patterns."
362+ {" mismatchAllocDealloc" " Mismatched allocation/deallocation"
363+ " Detects when memory allocated with one function is freed with an incompatible function."
364+ {" autovarInvalidDeallocation" " Invalid automatic variable deallocation"
365+ " Detects attempts to deallocate automatic (stack) variables."
366+ {" arrayIndexOutOfBoundsCond" " Conditional array bounds violation"
367+ " Detects array index out of bounds conditions that may occur under certain circumstances."
368+ {" pointerOutOfBounds" " Pointer out of bounds"
369+ " Detects when pointer arithmetic results in pointers outside valid memory ranges."
370+ {" pointerOutOfBoundsCond" " Conditional pointer out of bounds"
371+ " Detects pointer out of bounds conditions that may occur under certain circumstances."
372+ {" negativeIndex" " Negative array index"
373+ " Detects when negative values are used as array indices."
374+ {" objectIndex" " Invalid object indexing"
375+ " Detects invalid indexing operations on objects."
376+ {" argumentSize" " Invalid argument size"
377+ " Detects when function arguments have invalid sizes that could cause buffer overflows."
378+ {" bufferOverflow" " Buffer overflow"
379+ " Detects potential buffer overflow conditions."
380+ {" pointerArithmetic" " Unsafe pointer arithmetic"
381+ " Detects potentially unsafe pointer arithmetic operations."
382+ {" uninitdata" " Uninitialized data"
383+ " Detects usage of uninitialized data structures."
384+ {" uninitStructMember" " Uninitialized struct member"
385+ " Detects uninitialized members in struct/class instances."
386+ {" danglingLifetime" " Dangling lifetime"
387+ " Detects when object lifetimes end before their usage is complete."
388+ {" returnDanglingLifetime" " Return dangling lifetime"
389+ " Detects when functions return references or pointers to objects with ended lifetimes."
390+ {" danglingReference" " Dangling reference"
391+ " Detects references that point to objects that no longer exist."
392+ {" danglingTempReference" " Dangling temporary reference"
393+ " Detects references to temporary objects that have been destroyed."
394+ {" danglingTemporaryLifetime" " Dangling temporary lifetime"
395+ " Detects when temporary object lifetimes end before their usage is complete."
396+ {" invalidLifetime" " Invalid object lifetime"
397+ " Detects invalid object lifetime usage patterns."
398+ {" useClosedFile" " Use of closed file"
399+ " Detects operations on file handles that have been closed."
400+ {" wrongPrintfScanfArgNum" " Wrong printf/scanf argument count"
401+ " Detects when the number of printf/scanf arguments doesn't match the format string."
402+ {" invalidScanfFormatWidth" " Invalid scanf format width"
403+ " Detects invalid width specifiers in scanf format strings."
404+ {" invalidscanf" " Invalid scanf usage"
405+ " Detects invalid usage patterns of scanf functions."
406+ {" integerOverflow" " Integer overflow"
407+ " Detects potential integer overflow conditions."
408+ {" floatConversionOverflow" " Float conversion overflow"
409+ " Detects when floating-point conversions may cause overflow."
410+ {" negativeMemoryAllocationSize" " Negative memory allocation size"
411+ " Detects when negative values are used for memory allocation sizes."
412+ {" IOWithoutPositioning" " I/O without positioning"
413+ " Detects file I/O operations that may have undefined behavior due to positioning issues."
414+ {" incompatibleFileOpen" " Incompatible file open"
415+ " Detects when files are opened with incompatible modes or flags."
416+ {" writeReadOnlyFile" " Write to read-only file"
417+ " Detects attempts to write to files opened in read-only mode."
418+ {" zerodiv" " Division by zero"
419+ " Detects potential division by zero operations."
420+ {" zerodivcond" " Conditional division by zero"
421+ " Detects division by zero conditions that may occur under certain circumstances."
422+ {" invalidLengthModifierError" " Invalid length modifier"
423+ " Detects invalid length modifiers in format strings."
424+ {" preprocessorErrorDirective" " Preprocessor error directive"
425+ " Detects preprocessor #error directives that indicate compilation issues."
283426 // Add more mappings as needed
284427 };
285428
0 commit comments