diff mbox series

[committed] analyzer: add CWE identifier URLs to docs

Message ID	20220728213211.2267537-1-dmalcolm@redhat.com
State	Committed
Commit	9c60338061bf3679f925be12273dc723b3913b75
Headers	DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 531CC3858D33 To: gcc-patches@gcc.gnu.org Subject: [committed] analyzer: add CWE identifier URLs to docs Date: Thu, 28 Jul 2022 17:32:11 -0400 Message-Id: <20220728213211.2267537-1-dmalcolm@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true Precedence: list From: David Malcolm via Gcc-patches <gcc-patches@gcc.gnu.org> Reply-To: David Malcolm <dmalcolm@redhat.com> Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
Series	[committed] analyzer: add CWE identifier URLs to docs \| [committed] analyzer: add CWE identifier URLs to docs

Commit Message

David Malcolm July 28, 2022, 9:32 p.m. UTC

  Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r13-1880-g9c60338061bf36.

gcc/analyzer/ChangeLog:
	* sm-malloc.cc (free_of_non_heap::emit): Add comment about CWE.
	* sm-taint.cc (tainted_size::emit): Likewise.

gcc/ChangeLog:
	* doc/invoke.texi (-fdiagnostics-show-cwe): Use uref rather than
	url.
	(Static Analyzer Options): Likewise.  Add urefs for all of the
	warnings that have associated CWE identifiers.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/sm-malloc.cc |  1 +
 gcc/analyzer/sm-taint.cc  |  1 +
 gcc/doc/invoke.texi       | 50 +++++++++++++++++++++++++++++++++++----
 3 files changed, 47 insertions(+), 5 deletions(-)

diff mbox series

Patch

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index 608aceb1abe..73c549fa081 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -1300,6 +1300,7 @@  public:
 
   bool emit (rich_location *rich_loc) final override
   {
+    /* "CWE-401: Missing Release of Memory after Effective Lifetime".  */
     diagnostic_metadata m;
     m.add_cwe (401);
     if (m_arg)
diff --git a/gcc/analyzer/sm-taint.cc b/gcc/analyzer/sm-taint.cc
index 51bfe06835d..549373b322d 100644
--- a/gcc/analyzer/sm-taint.cc
+++ b/gcc/analyzer/sm-taint.cc
@@ -435,6 +435,7 @@  public:
 
   bool emit (rich_location *rich_loc) override
   {
+    /* "CWE-129: Improper Validation of Array Index".  */
     diagnostic_metadata m;
     m.add_cwe (129);
     if (m_arg)
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 9a3f2d14c5a..5c6fdef16e3 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -5045,7 +5045,7 @@  the vertical bars and the ``char *'' and ``long int'' text).
 @opindex fno-diagnostics-show-cwe
 @opindex fdiagnostics-show-cwe
 Diagnostic messages can optionally have an associated
-@url{https://cwe.mitre.org/index.html, CWE} identifier.
+@uref{https://cwe.mitre.org/index.html, CWE} identifier.
 GCC itself only provides such metadata for some of the @option{-fanalyzer}
 diagnostics.  GCC plugins may also provide diagnostics with such metadata.
 By default, if this information is present, it will be printed with
@@ -9808,7 +9808,7 @@  This diagnostic warns for paths through the code in which a pointer to
 a buffer is assigned to point at a buffer with a size that is not a
 multiple of @code{sizeof (*pointer)}.
 
-See @url{https://cwe.mitre.org/data/definitions/131.html, CWE-131: Incorrect Calculation of Buffer Size}.
+See @uref{https://cwe.mitre.org/data/definitions/131.html, CWE-131: Incorrect Calculation of Buffer Size}.
 
 @item -Wno-analyzer-double-fclose
 @opindex Wanalyzer-double-fclose
@@ -9819,6 +9819,8 @@  This warning requires @option{-fanalyzer}, which enables it; use
 This diagnostic warns for paths through the code in which a @code{FILE *}
 can have @code{fclose} called on it more than once.
 
+See @uref{https://cwe.mitre.org/data/definitions/1341.html, CWE-1341: Multiple Releases of Same Resource or Handle}.
+
 @item -Wno-analyzer-double-free
 @opindex Wanalyzer-double-free
 @opindex Wno-analyzer-double-free
@@ -9829,6 +9831,8 @@  This diagnostic warns for paths through the code in which a pointer
 can have a deallocator called on it more than once, either @code{free},
 or a deallocator referenced by attribute @code{malloc}.
 
+See @uref{https://cwe.mitre.org/data/definitions/415.html, CWE-415: Double Free}.
+
 @item -Wno-analyzer-exposure-through-output-file
 @opindex Wanalyzer-exposure-through-output-file
 @opindex Wno-analyzer-exposure-through-output-file
@@ -9840,6 +9844,8 @@  This diagnostic warns for paths through the code in which a
 security-sensitive value is written to an output file
 (such as writing a password to a log file).
 
+See @uref{https://cwe.mitre.org/data/definitions/532.html, CWE-532: Information Exposure Through Log Files}.
+
 @item -Wno-analyzer-fd-access-mode-mismatch
 @opindex Wanalyzer-fd-access-mode-mismatch
 @opindex Wno-analyzer-fd-access-mode-mismatch
@@ -9866,6 +9872,8 @@  to disable it.
 This diagnostic warns for paths through code in which a
 file descriptor can be closed more than once.
 
+See @uref{https://cwe.mitre.org/data/definitions/1341.html, CWE-1341: Multiple Releases of Same Resource or Handle}.
+
 @item -Wno-analyzer-fd-leak
 @opindex Wanalyzer-fd-leak
 @opindex Wno-analyzer-fd-leak
@@ -9876,6 +9884,8 @@  to disable it.
 This diagnostic warns for paths through code in which an
 open file descriptor is leaked.
 
+See @uref{https://cwe.mitre.org/data/definitions/775.html, CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime}.
+
 @item -Wno-analyzer-fd-use-after-close
 @opindex Wanalyzer-fd-use-after-close
 @opindex Wno-analyzer-fd-use-after-close
@@ -9916,6 +9926,8 @@  to disable it.
 This diagnostic warns for paths through the code in which a
 @code{<stdio.h>} @code{FILE *} stream object is leaked.
 
+See @uref{https://cwe.mitre.org/data/definitions/775.html, CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime}.
+
 @item -Wno-analyzer-free-of-non-heap
 @opindex Wanalyzer-free-of-non-heap
 @opindex Wno-analyzer-free-of-non-heap
@@ -9926,6 +9938,8 @@  to disable it.
 This diagnostic warns for paths through the code in which @code{free}
 is called on a non-heap pointer (e.g. an on-stack buffer, or a global).
 
+See @uref{https://cwe.mitre.org/data/definitions/590.html, CWE-590: Free of Memory not on the Heap}.
+
 @item -Wno-analyzer-malloc-leak
 @opindex Wanalyzer-malloc-leak
 @opindex Wno-analyzer-malloc-leak
@@ -9937,6 +9951,8 @@  This diagnostic warns for paths through the code in which a
 pointer allocated via an allocator is leaked: either @code{malloc},
 or a function marked with attribute @code{malloc}.
 
+See @uref{https://cwe.mitre.org/data/definitions/401.html, CWE-401: Missing Release of Memory after Effective Lifetime}.
+
 @item -Wno-analyzer-mismatching-deallocation
 @opindex Wanalyzer-mismatching-deallocation
 @opindex Wno-analyzer-mismatching-deallocation
@@ -9951,6 +9967,8 @@  will warn about mismatches between @code{free}, scalar @code{delete}
 and vector @code{delete[]}, and those marked as allocator/deallocator
 pairs using attribute @code{malloc}.
 
+See @uref{https://cwe.mitre.org/data/definitions/762.html, CWE-762: Mismatched Memory Management Routines}.
+
 @item -Wno-analyzer-possible-null-argument
 @opindex Wanalyzer-possible-null-argument
 @opindex Wno-analyzer-possible-null-argument
@@ -9962,6 +9980,8 @@  possibly-NULL value is passed to a function argument marked
 with @code{__attribute__((nonnull))} as requiring a non-NULL
 value.
 
+See @uref{https://cwe.mitre.org/data/definitions/690.html, CWE-690: Unchecked Return Value to NULL Pointer Dereference}.
+
 @item -Wno-analyzer-possible-null-dereference
 @opindex Wanalyzer-possible-null-dereference
 @opindex Wno-analyzer-possible-null-dereference
@@ -9971,6 +9991,8 @@  This warning requires @option{-fanalyzer}, which enables it; use
 This diagnostic warns for paths through the code in which a
 possibly-NULL value is dereferenced.
 
+See @uref{https://cwe.mitre.org/data/definitions/690.html, CWE-690: Unchecked Return Value to NULL Pointer Dereference}.
+
 @item -Wno-analyzer-null-argument
 @opindex Wanalyzer-null-argument
 @opindex Wno-analyzer-null-argument
@@ -9982,6 +10004,8 @@  value known to be NULL is passed to a function argument marked
 with @code{__attribute__((nonnull))} as requiring a non-NULL
 value.
 
+See @uref{https://cwe.mitre.org/data/definitions/476.html, CWE-476: NULL Pointer Dereference}.
+
 @item -Wno-analyzer-null-dereference
 @opindex Wanalyzer-null-dereference
 @opindex Wno-analyzer-null-dereference
@@ -9991,6 +10015,8 @@  This warning requires @option{-fanalyzer}, which enables it; use
 This diagnostic warns for paths through the code in which a
 value known to be NULL is dereferenced.
 
+See @uref{https://cwe.mitre.org/data/definitions/476.html, CWE-476: NULL Pointer Dereference}.
+
 @item -Wno-analyzer-shift-count-negative
 @opindex Wanalyzer-shift-count-negative
 @opindex Wno-analyzer-shift-count-negative
@@ -10049,7 +10075,7 @@  of an allocation without being sanitized, so that an attacker could
 inject an excessively large allocation and potentially cause a denial
 of service attack.
 
-See @url{https://cwe.mitre.org/data/definitions/789.html, CWE-789: Memory Allocation with Excessive Size Value}.
+See @uref{https://cwe.mitre.org/data/definitions/789.html, CWE-789: Memory Allocation with Excessive Size Value}.
 
 @item -Wno-analyzer-tainted-array-index
 @opindex Wanalyzer-tainted-array-index
@@ -10063,7 +10089,7 @@  that could be under an attacker's control is used as the index
 of an array access without being sanitized, so that an attacker
 could inject an out-of-bounds access.
 
-See @url{https://cwe.mitre.org/data/definitions/129.html, CWE-129: Improper Validation of Array Index}.
+See @uref{https://cwe.mitre.org/data/definitions/129.html, CWE-129: Improper Validation of Array Index}.
 
 @item -Wno-analyzer-tainted-divisor
 @opindex Wanalyzer-tainted-divisor
@@ -10077,6 +10103,8 @@  that could be under an attacker's control is used as the divisor
 in a division or modulus operation without being sanitized, so that
 an attacker could inject a division-by-zero.
 
+See @uref{https://cwe.mitre.org/data/definitions/369.html, CWE-369: Divide By Zero}.
+
 @item -Wno-analyzer-tainted-offset
 @opindex Wanalyzer-tainted-offset
 @opindex Wno-analyzer-tainted-offset
@@ -10089,7 +10117,7 @@  that could be under an attacker's control is used as a pointer offset
 without being sanitized, so that an attacker could inject an out-of-bounds
 access.
 
-See @url{https://cwe.mitre.org/data/definitions/823.html, CWE-823: Use of Out-of-range Pointer Offset}.
+See @uref{https://cwe.mitre.org/data/definitions/823.html, CWE-823: Use of Out-of-range Pointer Offset}.
 
 @item -Wno-analyzer-tainted-size
 @opindex Wanalyzer-tainted-size
@@ -10103,6 +10131,8 @@  that could be under an attacker's control is used as the size of
 an operation such as @code{memset} without being sanitized, so that an
 attacker could inject an out-of-bounds access.
 
+See @uref{https://cwe.mitre.org/data/definitions/129.html, CWE-129: Improper Validation of Array Index}.
+
 @item -Wno-analyzer-unsafe-call-within-signal-handler
 @opindex Wanalyzer-unsafe-call-within-signal-handler
 @opindex Wno-analyzer-unsafe-call-within-signal-handler
@@ -10113,6 +10143,8 @@  This diagnostic warns for paths through the code in which a
 function known to be async-signal-unsafe (such as @code{fprintf}) is
 called from a signal handler.
 
+See @uref{https://cwe.mitre.org/data/definitions/479.html, CWE-479: Signal Handler Use of a Non-reentrant Function}.
+
 @item -Wno-analyzer-use-after-free
 @opindex Wanalyzer-use-after-free
 @opindex Wno-analyzer-use-after-free
@@ -10123,6 +10155,8 @@  This diagnostic warns for paths through the code in which a
 pointer is used after a deallocator is called on it: either @code{free},
 or a deallocator referenced by attribute @code{malloc}.
 
+See @uref{https://cwe.mitre.org/data/definitions/416.html, CWE-416: Use After Free}.
+
 @item -Wno-analyzer-use-of-pointer-in-stale-stack-frame
 @opindex Wanalyzer-use-of-pointer-in-stale-stack-frame
 @opindex Wno-analyzer-use-of-pointer-in-stale-stack-frame
@@ -10145,6 +10179,8 @@  the analyzer detects an attempt to use @code{va_arg} to extract a value
 passed to a variadic call, but uses a type that does not match that of
 the expression passed to the call.
 
+See @uref{https://cwe.mitre.org/data/definitions/686.html, CWE-686: Function Call With Incorrect Argument Type}.
+
 @item -Wno-analyzer-va-list-exhausted
 @opindex Wanalyzer-va-list-exhausted
 @opindex Wno-analyzer-va-list-exhausted
@@ -10157,6 +10193,8 @@  the analyzer detects an attempt to use @code{va_arg} to access the next
 value passed to a variadic call, but all of the values in the
 @code{va_list} have already been consumed.
 
+See @uref{https://cwe.mitre.org/data/definitions/685.html, CWE-685: Function Call With Incorrect Number of Arguments}.
+
 @item -Wno-analyzer-va-list-leak
 @opindex Wanalyzer-va-list-leak
 @opindex Wno-analyzer-va-list-leak
@@ -10213,6 +10251,8 @@  This warning requires @option{-fanalyzer}, which enables it; use
 This diagnostic warns for paths through the code in which an uninitialized
 value is used.
 
+See @uref{https://cwe.mitre.org/data/definitions/457.html, CWE-457: Use of Uninitialized Variable}.
+
 @end table
 
 Pertinent parameters for controlling the exploration are: