Skip to content

Commit

Permalink
Updating clangsa sei cert mapping for clang 18
Browse files Browse the repository at this point in the history
The association of SEI CERT C and C++ Coding Standard Rules
are updated for the Clang Static Analyzer version 18.
  • Loading branch information
dkrupp committed May 7, 2024
1 parent 2afffe6 commit c43d348
Showing 1 changed file with 58 additions and 30 deletions.
88 changes: 58 additions & 30 deletions config/labels/analyzers/clangsa.json
Original file line number Diff line number Diff line change
Expand Up @@ -90,10 +90,8 @@
],
"alpha.cplusplus.ArrayDelete": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#alpha-cplusplus-arraydelete-c",
"guideline:sei-cert",
"profile:extreme",
"profile:sensitive",
"sei-cert:exp51-cpp",
"severity:HIGH"
],
"alpha.cplusplus.ContainerModeling": [
Expand Down Expand Up @@ -245,18 +243,15 @@
"profile:sensitive",
"profile:security",
"profile:extreme",
"severity:HIGH",
"sei-cert:pos34-c"
"severity:HIGH"
],
"alpha.security.cert.env.InvalidPtr": [
"doc_url:https://releases.llvm.org/17.0.1/tools/clang/docs/analyzer/checkers.html#alpha-security-cert-env-invalidptr",
"profile:default",
"profile:sensitive",
"profile:extreme",
"profile:security",
"severity:MEDIUM",
"sei-cert:env31-c",
"sei-cert:env34-c"
"severity:MEDIUM"
],
"alpha.security.taint.TaintPropagation": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#alpha-security-taint-taintpropagation-c-c",
Expand Down Expand Up @@ -342,6 +337,7 @@
"profile:extreme",
"profile:sensitive",
"sei-cert:int34-c",
"sei-cert:int32-c",
"severity:HIGH"
],
"core.CallAndMessage": [
Expand All @@ -358,7 +354,6 @@
"sei-cert:exp50-cpp",
"sei-cert:exp53-cpp",
"sei-cert:exp54-cpp",
"sei-cert:exp57-cpp",
"severity:HIGH"
],
"core.CallAndMessageModeling": [
Expand Down Expand Up @@ -388,7 +383,6 @@
"profile:extreme",
"profile:sensitive",
"sei-cert:exp34-c",
"sei-cert:mem34-c",
"severity:HIGH"
],
"core.NonnilStringConstants": [
Expand All @@ -402,12 +396,14 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"sei-cert:arr30-c",
"sei-cert:dcl38-c",
"sei-cert:exp34-c",
"severity:HIGH"
],
"core.StackAddrEscapeBase": [
"guideline:sei-cert",
"sei-cert:dcl30-c",
"sei-cert:exp54-cpp",
"sei-cert:exp61-cpp",
"profile:default",
"profile:extreme",
"profile:sensitive"
Expand All @@ -419,6 +415,7 @@
"profile:sensitive",
"sei-cert:dcl30-c",
"sei-cert:exp54-cpp",
"sei-cert:exp61-cpp",
"severity:HIGH"
],
"core.UndefinedBinaryOperatorResult": [
Expand All @@ -427,11 +424,8 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"sei-cert:exp50-cpp",
"sei-cert:exp33-c",
"sei-cert:exp36-c",
"sei-cert:exp53-cpp",
"sei-cert:int32-c",
"sei-cert:int34-c",
"severity:HIGH"
],
"core.VLASize": [
Expand Down Expand Up @@ -460,35 +454,45 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"guideline:sei-cert",
"sei-cert:exp33-c",
"severity:HIGH"
],
"core.uninitialized.Assign": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-assign-c",
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:HIGH"
"severity:HIGH",
"guideline:sei-cert",
"sei-cert:exp33-c"
],
"core.uninitialized.Branch": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-branch-c",
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:HIGH"
"severity:HIGH",
"guideline:sei-cert",
"sei-cert:exp33-c"
],
"core.uninitialized.CapturedBlockVariable": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-capturedblockvariable-c",
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:HIGH"
"severity:HIGH",
"guideline:sei-cert",
"sei-cert:exp33-c"
],
"core.uninitialized.NewArraySize": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-newarraysize-c",
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:HIGH"
"severity:HIGH",
"guideline:sei-cert",
"sei-cert:exp33-c"
],
"core.uninitialized.UndefReturn": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-undefreturn-c",
Expand Down Expand Up @@ -549,7 +553,6 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"sei-cert:exp62-cpp",
"sei-cert:mem51-cpp",
"severity:HIGH"
],
Expand All @@ -574,7 +577,9 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:MEDIUM"
"severity:MEDIUM",
"guideline:sei-cert",
"sei-cert:oop54-cpp"
],
"cplusplus.SmartPtrModeling": [
"profile:default",
Expand All @@ -586,7 +591,9 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:HIGH"
"severity:HIGH",
"guideline:sei-cert",
"sei-cert:str51-cpp"
],
"cplusplus.VirtualCallModeling": [
"profile:default",
Expand All @@ -598,7 +605,9 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:LOW"
"guideline:sei-cert",
"severity:LOW",
"sei-cert:msc12-c"
],
"debug.AnalysisOrder": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#debug-analysisorder"
Expand Down Expand Up @@ -693,7 +702,9 @@
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-core-enumcastoutofrange-c-c",
"profile:extreme",
"profile:sensitive",
"severity:MEDIUM"
"severity:MEDIUM",
"sei-cert:mem54-cpp",
"guideline:sei-cert"
],
"optin.cplusplus.UninitializedObject": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-cplusplus-uninitializedobject-c",
Expand Down Expand Up @@ -840,7 +851,8 @@
"profile:security",
"severity:MEDIUM",
"sei-cert:env31-c",
"sei-cert:env34-c"
"sei-cert:env34-c",
"guideline:sei-cert"
],
"security.FloatLoopCounter": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-floatloopcounter-c",
Expand Down Expand Up @@ -924,6 +936,8 @@
"security.insecureAPI.strcpy": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-strcpy-c",
"profile:extreme",
"sei-cert:str31-c",
"guideline:sei-cert",
"severity:MEDIUM"
],
"security.insecureAPI.vfork": [
Expand All @@ -940,7 +954,9 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:MEDIUM"
"severity:MEDIUM",
"sei-cert:exp37-c",
"guideline:sei-cert"
],
"unix.DynamicMemoryModeling": [
"profile:default",
Expand All @@ -951,7 +967,9 @@
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-errno-c",
"profile:sensitive",
"profile:extreme",
"severity:HIGH"
"severity:HIGH",
"guideline:sei-cert",
"sei-cert:err30-c"
],
"unix.Malloc": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-malloc-c",
Expand All @@ -962,6 +980,8 @@
"sei-cert:mem30-c",
"sei-cert:mem31-c",
"sei-cert:mem34-c",
"sei-cert:mem35-c",
"sei-cert:mem36-c",
"severity:MEDIUM"
],
"unix.MallocSizeof": [
Expand All @@ -988,7 +1008,11 @@
"profile:extreme",
"profile:sensitive",
"profile:security",
"severity:HIGH"
"severity:HIGH",
"guideline:sei-cert",
"sei-cert:err33-c",
"sei-cert:pos52-c",
"sei-cert:arr38-c"
],
"unix.Vfork": [
"doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-vfork-c",
Expand All @@ -1004,7 +1028,9 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:MEDIUM"
"severity:MEDIUM",
"sei-cert:str31-c",
"guideline:sei-cert"
],
"unix.cstring.CStringModeling": [
"profile:default",
Expand All @@ -1016,7 +1042,9 @@
"profile:default",
"profile:extreme",
"profile:sensitive",
"severity:MEDIUM"
"severity:HIGH",
"guideline:sei-cert",
"sei-cert:exp34-c"
],
"valist.CopyToSelf": [
"profile:default",
Expand Down

0 comments on commit c43d348

Please sign in to comment.