Merge pull request #2307 from guwirth/cppcheck-2.70

guwirth · web-flow · commit acb419badedd · 2022-02-11T20:15:17.000+01:00
Cppcheck 2.70 support
diff --git a/cxx-sensors/src/main/resources/cppcheck.xml b/cxx-sensors/src/main/resources/cppcheck.xml
@@ -2115,11 +2115,11 @@ Memory allocation size is negative.Negative allocation size has no specified beh
   </rule>
   <rule>
     <key>noConstructor</key>
-    <name>The class 'classname' does not have a constructor although it has private member variables</name>
+    <name>The class 'classname' does not declare a constructor although it has private member variables which likely require initialization</name>
     <description>
       <![CDATA[
       <p>
-The class 'classname' does not have a constructor although it has
+The class 'classname' does not declare a constructor although it has
 private member variables. Member variables of builtin types are left
 uninitialized when the class is instantiated. That may cause bugs or
 undefined behavior.
@@ -8129,12 +8129,12 @@ Same iterator is used with different containers 'container1' and
   </rule>
   <rule>
     <key>iterators3</key>
-    <name>Same iterator is used with containers 'container' that are defined in different scopes</name>
+    <name>Same iterator is used with containers 'container' that are temporaries or defined in different scopes</name>
     <description>
       <![CDATA[
 <p>
-Same iterator is used with containers 'container' that are defined in
-different scopes.
+Same iterator is used with containers 'container' that are temporaries
+or defined in different scopes.
 </p>
 <h2>References</h2>
 <p><a href="https://cwe.mitre.org/data/definitions/664.html" target="_blank">CWE-664: Improper Control of a Resource Through its Lifetime</a></p>
@@ -8504,11 +8504,11 @@ Parameter 'x' can be declared with const
   </rule>
   <rule>
     <key>danglingTemporaryLifetime</key>
-    <name>Using object to temporary</name>
+    <name>Using object that is a temporary</name>
     <description>
       <![CDATA[
 <p>
-Using object to temporary.
+Using object that is a temporary.
 </p>
 <h2>References</h2>
 <p><a href="https://cwe.mitre.org/data/definitions/562.html" target="_blank">CWE-562: Return of Stack Variable Address</a></p>
@@ -8981,6 +8981,24 @@ missing return statement
     <remediationFunction>LINEAR</remediationFunction>
     <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
     </rule>
+  <!-- ########### New in Cppcheck 2.70 ########### -->
+  <rule>
+    <key>missingMemberCopy</key>
+    <name>Member variable 'classname::varnamepriv' is not assigned in the copy constructor</name>
+    <description><![CDATA[
+      <p>
+Member variable 'classname::varnamepriv' is not assigned in the copy
+constructor. Should it be copied?
+</p>
+<h2>References</h2>
+<p><a href="https://cwe.mitre.org/data/definitions/398.html" target="_blank">CWE-398: 7PK - Code Quality</a></p>
+      ]]></description>
+    <tag>cwe</tag>
+    <severity>MINOR</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
+    </rule>
   <!-- ########### Misra Rules ########### -->
   <rule>
     <key>misra-c2012-1.1</key>
diff --git a/cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java b/cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java
@@ -37,7 +37,7 @@ public void createRulesTest() {
     def.define(context);
 
     RulesDefinition.Repository repo = context.repository(CxxCppCheckRuleRepository.KEY);
-    assertEquals(665, repo.rules().size());
+    assertEquals(666, repo.rules().size());
   }
 
 }
diff --git a/cxx-sensors/src/tools/cwec_latest.xml.zip b/cxx-sensors/src/tools/cwec_latest.xml.zip
diff --git a/cxx-sensors/src/tools/generate_cppcheck_resources.cmd b/cxx-sensors/src/tools/generate_cppcheck_resources.cmd
@@ -16,7 +16,7 @@ ECHO create Cppcheck errorlist cppcheck-errorlist.xml...
 "%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 > cppcheck-errorlist.xml
 
 ECHO create SonarQube rules file cppcheck.xml...
-"%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 | "%PYTHON_DIR%python.exe" cppcheck_createrules.py rules cwec_v4.5.xml > cppcheck.xml
+"%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 | "%PYTHON_DIR%python.exe" cppcheck_createrules.py rules cwec_v4.6.xml > cppcheck.xml
 
 ECHO create cppcheck-comparison.md...
 "%PYTHON_DIR%python.exe" utils_createrules.py comparerules "%SCRIPT_DIR%\..\main\resources\cppcheck.xml" .\cppcheck.xml > cppcheck-comparison.md
diff --git a/cxx-sensors/src/tools/generate_cppcheck_resources.sh b/cxx-sensors/src/tools/generate_cppcheck_resources.sh
@@ -18,5 +18,5 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 wget https://cwe.mitre.org/data/xml/cwec_latest.xml.zip --output-document=cwec_latest.xml.zip && unzip -j -o cwec_latest.xml.zip
 
 cppcheck ${CPPCHECK_LIBRARY_ARGS} --errorlist --xml-version=2 > cppcheck-errorlist.xml
-cppcheck ${CPPCHECK_LIBRARY_ARGS} --errorlist --xml-version=2 | python cppcheck_createrules.py rules cwec_v4.2.xml > cppcheck.xml
+cppcheck ${CPPCHECK_LIBRARY_ARGS} --errorlist --xml-version=2 | python cppcheck_createrules.py rules cwec_v4.6.xml > cppcheck.xml
 python utils_createrules.py comparerules $SCRIPT_DIR/../main/resources/cppcheck.xml cppcheck.xml > cppcheck-comparison.md

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public void createRulesTest() {`
`37`	`37`	`def.define(context);`
`38`	`38`
`39`	`39`	`RulesDefinition.Repository repo = context.repository(CxxCppCheckRuleRepository.KEY);`
`40`		`- assertEquals(665, repo.rules().size());`
	`40`	`+ assertEquals(666, repo.rules().size());`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`}`