Handle flawfinder severity level (#1400)
* Handle flawfinder severity level * Reverted code allowing Flawfinder to piggyback off of gcc's format handler * Gave Flawfinder its own format handler and made requested changes.
This commit is contained in:
		
							parent
							
								
									0a0535546f
								
							
						
					
					
						commit
						b586eba4a4
					
				| @ -4,6 +4,7 @@ | ||||
| call ale#Set('c_flawfinder_executable', 'flawfinder') | ||||
| call ale#Set('c_flawfinder_options', '') | ||||
| call ale#Set('c_flawfinder_minlevel', 1) | ||||
| call ale#Set('c_flawfinder_error_severity', 6) | ||||
| 
 | ||||
| function! ale_linters#c#flawfinder#GetExecutable(buffer) abort | ||||
|    return ale#Var(a:buffer, 'c_flawfinder_executable') | ||||
| @ -26,5 +27,5 @@ call ale#linter#Define('c', { | ||||
| \  'output_stream': 'stdout', | ||||
| \  'executable_callback': 'ale_linters#c#flawfinder#GetExecutable', | ||||
| \  'command_callback': 'ale_linters#c#flawfinder#GetCommand', | ||||
| \  'callback': 'ale#handlers#gcc#HandleGCCFormat', | ||||
| \  'callback': 'ale#handlers#flawfinder#HandleFlawfinderFormat', | ||||
| \}) | ||||
|  | ||||
| @ -26,5 +26,5 @@ call ale#linter#Define('cpp', { | ||||
| \  'output_stream': 'stdout', | ||||
| \  'executable_callback': 'ale_linters#cpp#flawfinder#GetExecutable', | ||||
| \  'command_callback': 'ale_linters#cpp#flawfinder#GetCommand', | ||||
| \  'callback': 'ale#handlers#gcc#HandleGCCFormat', | ||||
| \  'callback': 'ale#handlers#flawfinder#HandleFlawfinderFormat', | ||||
| \}) | ||||
|  | ||||
							
								
								
									
										47
									
								
								autoload/ale/handlers/flawfinder.vim
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								autoload/ale/handlers/flawfinder.vim
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,47 @@ | ||||
| " Author: Christian Gibbons <cgibbons@gmu.edu> | ||||
| " Description: This file defines a handler function that should work for the | ||||
| " flawfinder format with the -CDQS flags. | ||||
| 
 | ||||
| " Swiped this function from the GCC handler. Not sure if needed, but doesn't | ||||
| " hurt to have it. | ||||
| function! s:RemoveUnicodeQuotes(text) abort | ||||
|     let l:text = a:text | ||||
|     let l:text = substitute(l:text, '[`´‘’]', '''', 'g') | ||||
|     let l:text = substitute(l:text, '\v\\u2018([^\\]+)\\u2019', '''\1''', 'g') | ||||
|     let l:text = substitute(l:text, '[“”]', '"', 'g') | ||||
| 
 | ||||
|     return l:text | ||||
| endfunction | ||||
| 
 | ||||
| function! ale#handlers#flawfinder#HandleFlawfinderFormat(buffer, lines) abort | ||||
|     " Look for lines like the following. | ||||
|     " | ||||
|     " <stdin>:12:4:  [2] (buffer) char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120).  Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | ||||
|     " <stdin>:31:4:  [1] (buffer) strncpy:Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). | ||||
|     let l:pattern = '\v^([a-zA-Z]?:?[^:]+):(\d+):(\d+)?:? ( \[[0-5]\] [^:]+):(.+)$' | ||||
|     let l:output = [] | ||||
| 
 | ||||
|     for l:match in ale#util#GetMatches(a:lines, l:pattern) | ||||
|         " Use severity level to determine if it should be considered a warning | ||||
|         " or error. | ||||
|         let l:severity = str2nr(matchstr(split(l:match[4])[0], '[0-5]')) | ||||
| 
 | ||||
|         let l:item = { | ||||
|         \   'lnum': str2nr(l:match[2]), | ||||
|         \   'col': str2nr(l:match[3]), | ||||
|         \   'type': (l:severity < ale#Var(a:buffer, 'c_flawfinder_error_severity')) | ||||
|             \   ? 'W' : 'E', | ||||
|         \   'text': s:RemoveUnicodeQuotes(join(split(l:match[4])[1:]) . ': ' . l:match[5]), | ||||
|         \} | ||||
| 
 | ||||
|         " If the filename is something like <stdin>, <nofile> or -, then | ||||
|         " this is an error for the file we checked. | ||||
|         if l:match[1] isnot# '-' && l:match[1][0] isnot# '<' | ||||
|             let l:item['filename'] = l:match[1] | ||||
|         endif | ||||
| 
 | ||||
|         call add(l:output, l:item) | ||||
|     endfor | ||||
| 
 | ||||
|     return l:output | ||||
| endfunction | ||||
| @ -24,7 +24,7 @@ function! ale#handlers#gcc#HandleGCCFormat(buffer, lines) abort | ||||
|     " <stdin>:8:5: warning: conversion lacks type at end of format [-Wformat=] | ||||
|     " <stdin>:10:27: error: invalid operands to binary - (have ‘int’ and ‘char *’) | ||||
|     " -:189:7: note: $/${} is unnecessary on arithmetic variables. [SC2004] | ||||
|     let l:pattern = '\v^([a-zA-Z]?:?[^:]+):(\d+):(\d+)?:? ([^:]+): ?(.+)$' | ||||
|     let l:pattern = '\v^([a-zA-Z]?:?[^:]+):(\d+):(\d+)?:? ([^:]+): (.+)$' | ||||
|     let l:output = [] | ||||
| 
 | ||||
|     for l:match in ale#util#GetMatches(a:lines, l:pattern) | ||||
|  | ||||
| @ -169,6 +169,14 @@ g:ale_c_flawfinder_options                                 *g:ale-c-flawfinder* | ||||
| 
 | ||||
|   This variable can be used to pass extra options into the flawfinder command. | ||||
| 
 | ||||
| g:ale_c_flawfinder_error_severity           *g:ale_c_flawfinder_error_severity* | ||||
|                                             *b:ale_c_flawfinder_error_severity* | ||||
|   Type: |Number| | ||||
|   Default: `6` | ||||
| 
 | ||||
|   This variable can be changed to set the minimum severity to be treated as an | ||||
|   error.  This setting also applies to flawfinder for c++. | ||||
| 
 | ||||
| 
 | ||||
| =============================================================================== | ||||
| gcc                                                                 *ale-c-gcc* | ||||
|  | ||||
							
								
								
									
										57
									
								
								test/handler/test_flawfinder_handler.vader
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								test/handler/test_flawfinder_handler.vader
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,57 @@ | ||||
| Before: | ||||
|   Save g:ale_c_flawfinder_error_severity | ||||
| 
 | ||||
|   unlet! g:ale_c_flawfinder_error_severity | ||||
|   unlet! b:ale_c_flawfinder_error_severity | ||||
| 
 | ||||
|   runtime ale_linters/c/flawfinder.vim | ||||
| 
 | ||||
| After: | ||||
|   unlet! g:ale_c_flawfinder_error_severity | ||||
|   Restore | ||||
| 
 | ||||
| Execute(The Flawfinder handler should ignore other lines of output): | ||||
|   AssertEqual | ||||
|   \ [], | ||||
|   \ ale#handlers#flawfinder#HandleFlawfinderFormat(347, [ | ||||
|   \   'foo', | ||||
|   \   'bar', | ||||
|   \   'baz', | ||||
|   \ ]) | ||||
| 
 | ||||
| Execute(The Flawfinder handler should work): | ||||
|   AssertEqual | ||||
|   \ [ | ||||
|     \   { | ||||
|   \     'lnum': 31, | ||||
|   \     'col': 4, | ||||
|   \     'type': 'W', | ||||
|   \     'text': "(buffer) strncpy: Easily used incorrectly", | ||||
|   \   }, | ||||
|   \ ], | ||||
|   \ ale#handlers#flawfinder#HandleFlawfinderFormat(347, [ | ||||
|   \ "<stdin>:31:4:  [1] (buffer) strncpy:Easily used incorrectly", | ||||
|   \ ]) | ||||
| 
 | ||||
| Execute(The Flawfinder error severity level should be configurable): | ||||
|   let b:ale_c_flawfinder_error_severity = 2 | ||||
| 
 | ||||
|   AssertEqual | ||||
|   \ [ | ||||
|   \   { | ||||
|   \     'lnum': 12, | ||||
|   \     'col': 4, | ||||
|   \     'type': 'E', | ||||
|   \     'text': "(buffer) char: Statically-sized arrays can be bad", | ||||
|   \   }, | ||||
|   \   { | ||||
|   \     'lnum': 31, | ||||
|   \     'col': 4, | ||||
|   \     'type': 'W', | ||||
|   \     'text': "(buffer) strncpy: Easily used incorrectly", | ||||
|   \   }, | ||||
|   \ ], | ||||
|   \ ale#handlers#flawfinder#HandleFlawfinderFormat(bufnr(''), [ | ||||
|   \ "<stdin>:12:4:  [2] (buffer) char:Statically-sized arrays can be bad", | ||||
|   \ "<stdin>:31:4:  [1] (buffer) strncpy:Easily used incorrectly", | ||||
|   \ ]) | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Christian-Gibbons
						Christian-Gibbons