Skip to content

Commit 5461bf1

Browse files
NettozxNettozx
committed
add more pattern recognition for generification output. update message reporting for sarif
1 parent 692c237 commit 5461bf1

1 file changed

Lines changed: 37 additions & 12 deletions

File tree

cli/cppcheckexecutor.cpp

Lines changed: 37 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -119,10 +119,32 @@ namespace {
119119
result = std::regex_replace(result, arrayPattern, "Array accessed at index that is out of bounds.");
120120
}
121121

122+
// Memory leak patterns
123+
if (ruleId == "memleak") {
124+
// Replace "Memory leak: varname" with "Memory leak"
125+
std::regex memleakPattern(R"(Memory leak:.*$)");
126+
result = std::regex_replace(result, memleakPattern, "Memory leak");
127+
}
128+
129+
// Null pointer patterns
130+
if (ruleId == "nullPointer") {
131+
// Replace "Null pointer dereference: varname" with "Null pointer dereference"
132+
std::regex nullPtrPattern(R"(Null pointer dereference:.*$)");
133+
result = std::regex_replace(result, nullPtrPattern, "Null pointer dereference");
134+
}
135+
122136
// Variable name patterns - replace specific variable names with generic terms
137+
// But be careful not to replace legitimate words like "pointer" in "C-style pointer casting"
123138
result = std::regex_replace(result, std::regex(R"('arr\[\d+\]')"), "'array'");
124139
result = std::regex_replace(result, std::regex(R"('varname')"), "'variable'");
125-
result = std::regex_replace(result, std::regex(R"('[a-zA-Z_][a-zA-Z0-9_]*')"), "'variable'");
140+
141+
// Replace quoted variable names but preserve legitimate words
142+
// Only replace single-quoted variable names that are clearly identifiers
143+
result = std::regex_replace(result, std::regex(R"('\b[a-zA-Z_][a-zA-Z0-9_]*\b')"), "'variable'");
144+
145+
// Replace specific patterns like "Variable 'varname' is..."
146+
result = std::regex_replace(result, std::regex(R"(Variable '[^']*')"), "Variable 'variable'");
147+
result = std::regex_replace(result, std::regex(R"(variable '[^']*')"), "variable 'variable'");
126148

127149
// Number patterns - replace specific numbers with generic terms
128150
result = std::regex_replace(result, std::regex(R"( \d+ )"), " N ");
@@ -271,6 +293,7 @@ namespace {
271293
{
272294
properties["security-severity"] = picojson::value(std::to_string(securitySeverity));
273295
const picojson::array tags{picojson::value("security")};
296+
// TODO: add cwe tag
274297
properties["tags"] = picojson::value(tags);
275298
}
276299
}
@@ -867,19 +890,21 @@ void StdLogger::reportErr(const ErrorMessage &msg)
867890
mGuidelineMapping, msgCopy.severity);
868891
msgCopy.classification = getClassification(msgCopy.guideline, mSettings.reportType);
869892

870-
// TODO: there should be no need for verbose and default messages here
871-
const std::string msgStr = msgCopy.toString(mSettings.verbose, mSettings.templateFormat, mSettings.templateLocation);
893+
if (mSettings.outputFormat == Settings::OutputFormat::sarif) {
894+
mSarifReport.addFinding(std::move(msgCopy));
895+
} else {
896+
// TODO: there should be no need for verbose and default messages here
897+
const std::string msgStr = msgCopy.toString(mSettings.verbose, mSettings.templateFormat, mSettings.templateLocation);
872898

873-
// Alert only about unique errors
874-
if (!mSettings.emitDuplicates && !mShownErrors.insert(msgStr).second)
875-
return;
899+
// Alert only about unique errors
900+
if (!mSettings.emitDuplicates && !mShownErrors.insert(msgStr).second)
901+
return;
876902

877-
if (mSettings.outputFormat == Settings::OutputFormat::sarif)
878-
mSarifReport.addFinding(std::move(msgCopy));
879-
else if (mSettings.outputFormat == Settings::OutputFormat::xml)
880-
reportErr(msgCopy.toXML());
881-
else
882-
reportErr(msgStr);
903+
if (mSettings.outputFormat == Settings::OutputFormat::xml)
904+
reportErr(msgCopy.toXML());
905+
else
906+
reportErr(msgStr);
907+
}
883908
}
884909

885910
/**

0 commit comments

Comments
 (0)