Merge pull request #2220 from guwirth/cppcheck-2.5

Cppcheck 2.5 rule support

Author: guwirth

cxx-sensors/src/main/resources/cppcheck.xml

@@ -5125,7 +5125,7 @@ Dangerous usage of c_str(). The string is destroyed after the c_str() call so th
     <remediationFunction>LINEAR</remediationFunction>
     <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
   </rule>
-  <!-- ########### New in Cppcheck 1.69 Dev ########### -->
+  <!-- ########### New in Cppcheck 1.69 ########### -->
   <rule>
     <key>duplicateExpressionTernary</key>
     <name>Same expression in both branches of ternary operator</name>
@@ -5263,7 +5263,7 @@ appropriate C library function.
     <remediationFunction>LINEAR</remediationFunction>
     <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
   </rule>
-  <!-- ########### New in Cppcheck 1.70 release ########### -->
+  <!-- ########### New in Cppcheck 1.70 ########### -->
   <rule>
     <key>negativeArraySize</key>
     <name>Declaration of array with negative size is undefined behaviour</name>
@@ -8839,6 +8839,42 @@ be used in code that is removed by the preprocessor. Should this be a
     <type>BUG</type>
     <remediationFunction>LINEAR</remediationFunction>
     <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
+  </rule>
+  <!-- ########### New in Cppcheck 2.50 ########### -->
+  <rule>
+    <key>assignmentInCondition</key>
+    <name>Suspicious assignment in condition. Condition 'x=y' is always true</name>
+    <description><![CDATA[
+      <p>
+Suspicious assignment in condition. Condition 'x=y' is always true.
+</p>
+<h2>References</h2>
+<p><a href="https://cwe.mitre.org/data/definitions/571.html" target="_blank">CWE-571: Expression is Always True</a></p>
+      ]]></description>
+    <tag>cwe</tag>
+    <severity>MINOR</severity>
+    <type>CODE_SMELL</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
+  </rule>
+  <rule>
+    <key>rethrowNoCurrentException</key>
+    <name>Rethrowing current exception with 'throw;', it seems there is no current exception to rethrow</name>
+    <description><![CDATA[
+      <p>
+Rethrowing current exception with 'throw;', it seems there is no
+current exception to rethrow. If there is no current exception this
+calls std::terminate(). More:
+https://isocpp.org/wiki/faq/exceptions#throw-without-an-object
+</p>
+<h2>References</h2>
+<p><a href="https://cwe.mitre.org/data/definitions/480.html" target="_blank">CWE-480: Use of Incorrect Operator</a></p>
+      ]]></description>
+    <tag>cwe</tag>
+    <severity>MAJOR</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
   </rule>  
   <!-- ########### Misra Rules ########### -->
   <rule>

cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java

@@ -37,7 +37,7 @@ public void createRulesTest() {
     def.define(context);
 
     RulesDefinition.Repository repo = context.repository(CxxCppCheckRuleRepository.KEY);
-    assertEquals(657, repo.rules().size());
+    assertEquals(659, repo.rules().size());
   }
 
 }

cxx-sensors/src/tools/cwec_latest.xml.zip

@@ -5,9 +5,9 @@ SET SCRIPT_DIR=%~dp0
 SET CPPCHECK_DIR=C:\Program Files\Cppcheck\
 SET PYTHON_DIR=
 
-SET CPPCHECK_LIBRARY_ARGS=--library=avr.cfg --library=boost.cfg --library=bsd.cfg --library=cairo.cfg --library=cppunit.cfg --library=embedded_sql.cfg --library=gnu.cfg --library=googletest.cfg --library=gtk.cfg --library=kde.cfg --library=libcerror.cfg --library=libcurl.cfg --library=libsigc++.cfg --library=lua.cfg --library=mfc.cfg --library=microsoft_atl.cfg --library=microsoft_sal.cfg --library=microsoft_unittest.cfg --library=motif.cfg --library=nspr.cfg --library=opencv2.cfg --library=opengl.cfg --library=openmp.cfg --library=openssl.cfg --library=posix.cfg --library=python.cfg --library=qt.cfg --library=ruby.cfg --library=sdl.cfg --library=sfml.cfg --library=sqlite3.cfg --library=std.cfg --library=tinyxml2.cfg --library=windows.cfg --library=wxwidgets.cfg --library=zlib.cfg
+SET CPPCHECK_LIBRARY_ARGS=--library=avr.cfg --library=bento4.cfg --library=boost.cfg --library=bsd.cfg --library=cairo.cfg --library=cppunit.cfg --library=dpdk.cfg --library=embedded_sql.cfg --library=gnu.cfg --library=googletest.cfg --library=gtk.cfg --library=kde.cfg --library=libcerror.cfg --library=libcurl.cfg --library=libsigc++.cfg --library=lua.cfg --library=mfc.cfg--library=microsoft_atl.cfg --library=microsoft_sal.cfg --library=microsoft_unittest.cfg --library=motif.cfg --library=nspr.cfg --library=opencv2.cfg --library=opengl.cfg --library=openmp.cfg --library=openssl.cfg --library=posix.cfg --library=python.cfg --library=qt.cfg --library=ruby.cfg --library=sdl.cfg --library=sfml.cfg --library=sqlite3.cfg --library=std.cfg --library=tinyxml2.cfg --library=vcl.cfg --library=windows.cfg --library=wxwidgets.cfg --library=zlib.cfg
 
-rem download cwec_latest.xml.zip und unzip cwec_vx.y.xml
+rem download cwec_latest.xml.zip and extract it to unzip cwec_vx.y.xml
 rem wget https://cwe.mitre.org/data/xml/cwec_latest.xml.zip --output-document=cwec_latest.xml.zip && unzip -j -o cwec_latest.xml.zip
 
 "%PYTHON_DIR%python.exe" -V
@@ -16,7 +16,7 @@ ECHO create Cppcheck errorlist cppcheck-errorlist.xml...
 "%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 > cppcheck-errorlist.xml
 
 ECHO create SonarQube rules file cppcheck.xml...
-"%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 | "%PYTHON_DIR%python.exe" cppcheck_createrules.py rules cwec_v4.4.xml > cppcheck.xml
+"%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 | "%PYTHON_DIR%python.exe" cppcheck_createrules.py rules cwec_v4.5.xml > cppcheck.xml
 
 ECHO create cppcheck-comparison.md...
 "%PYTHON_DIR%python.exe" utils_createrules.py comparerules "%SCRIPT_DIR%\..\main\resources\cppcheck.xml" .\cppcheck.xml > cppcheck-comparison.md