--- proj8.1p0.conf 2024-08-12 15:04:32.733672200 +1200 +++ proj8.2p0.conf 2024-08-12 15:05:18.078910800 +1200 @@ -1,7 +1,7 @@ # For emacs: -*- Shell-script -*- # ###################################################################### -# CodeSonar 8.1p0 Configuration File +# CodeSonar 8.2p0 Configuration File ###################################################################### # # CodeSonar will use preferences defined in this file when running @@ -227,6 +227,7 @@ # COMPILER_MODELS += armcpp.exe -> armcc # COMPILER_MODELS += bcc32.exe -> borland # COMPILER_MODELS += c166.exe -> tasking +# COMPILER_MODELS += c251.exe -> c251 # COMPILER_MODELS += c51.exe -> c51 # COMPILER_MODELS += cc21k.exe -> visualdsp # COMPILER_MODELS += ccblkfn.exe -> visualdsp @@ -285,6 +286,7 @@ # COMPILER_MODELS += mwccmcf.exe -> mwccmcf # COMPILER_MODELS += null-cc.exe -> xcc # COMPILER_MODELS += picc.exe -> picc +# COMPILER_MODELS += q++.exe -> qpp # COMPILER_MODELS += qcc.exe -> qcc # COMPILER_MODELS += shc.exe -> shc # COMPILER_MODELS += shcpp.exe -> shcpp @@ -294,7 +296,7 @@ # COMPILER_MODELS += x86_64-pc-mingw32-gcc.exe -> gcc # # POSIX default models: -# COMPILER_MODELS += QCC -> qcc +# COMPILER_MODELS += QCC -> qpp # COMPILER_MODELS += arm-none-eabi-g++ -> gpp # COMPILER_MODELS += arm-none-eabi-gcc -> gcc # COMPILER_MODELS += armcc -> armcc @@ -325,6 +327,7 @@ # COMPILER_MODELS += gxx -> gpp # COMPILER_MODELS += mcpcom -> mcpcom # COMPILER_MODELS += null-cc -> xcc +# COMPILER_MODELS += q++ -> qpp # COMPILER_MODELS += qcc -> qcc # COMPILER_MODELS += shc -> shc # COMPILER_MODELS += shcpp -> shcpp @@ -338,14 +341,20 @@ # COMPILER_MODELS += picc -> picc # # To activate the IAR compiler models for Linux: -# COMPILER_MODELS += iccarm -> iar -# COMPILER_MODELS += iccm32c -> iar -# COMPILER_MODELS += icc430 -> iar +# COMPILER_MODELS += iccarm -> iccarm +# COMPILER_MODELS += iccavr -> iccavr +# COMPILER_MODELS += iccm32c -> iccm32c +# COMPILER_MODELS += icc430 -> icc430 +# COMPILER_MODELS += icc78k -> icc78k +# COMPILER_MODELS += iccrx -> iccrx +# COMPILER_MODELS += iccstm8 -> iccstm8 +# COMPILER_MODELS += iccv850 -> iccv850 +# COMPILER_MODELS += iccm16c -> iccm16c # # To use the IAR compiler model for other IAR compilers, specify a # similar COMPILER_MODELS rule for your compiler executable name. # For example, if you are using icc8051 on Linux: -# COMPILER_MODELS += icc8051 -> iar +# COMPILER_MODELS += icc8051 -> iccgeneric # # To activate the TI CodeComposer compiler models for non-Windows # systems: @@ -357,8 +366,13 @@ # COMPILER_MODELS += cl55 -> cl6x # COMPILER_MODELS += cl2000 -> cl6x # -# To activate the MPLab C18 C Compiler model (mcc18): +# To activate the MPLAB compiler models for Linux: +# COMPILER_MODELS += mcc18 -> mcc18 +# COMPILER_MODELS += mcc30 -> mcc30 +# +# To activate the MPLAB compiler models for Windows: # COMPILER_MODELS += mcc18.exe -> mcc18 +# COMPILER_MODELS += mcc30.exe -> mcc30 # # To activate the Freescale CodeWarrior for HC12 compiler model for # Linux: @@ -521,6 +535,7 @@ # DISABLED_COMPILERS += armcpp.exe # DISABLED_COMPILERS += bcc32.exe # DISABLED_COMPILERS += c166.exe +# DISABLED_COMPILERS += c251.exe # DISABLED_COMPILERS += c51.exe # DISABLED_COMPILERS += cc21k.exe # DISABLED_COMPILERS += ccblkfn.exe @@ -579,6 +594,7 @@ # DISABLED_COMPILERS += mwccmcf.exe # DISABLED_COMPILERS += null-cc.exe # DISABLED_COMPILERS += picc.exe +# DISABLED_COMPILERS += q++.exe # DISABLED_COMPILERS += qcc.exe # DISABLED_COMPILERS += shc.exe # DISABLED_COMPILERS += shcpp.exe @@ -621,6 +637,7 @@ # DISABLED_COMPILERS += gxx # DISABLED_COMPILERS += mcpcom # DISABLED_COMPILERS += null-cc +# DISABLED_COMPILERS += q++ # DISABLED_COMPILERS += qcc # DISABLED_COMPILERS += shc # DISABLED_COMPILERS += shcpp @@ -3962,6 +3979,7 @@ # WARNING_FILTER += discard class="Command Injection (Java)" # WARNING_FILTER += discard class="Comparison to Class Names (Java)" # WARNING_FILTER += discard class="Comparison to Empty String (Java)" +# WARNING_FILTER += discard class="Copy-Paste Error" # WARNING_FILTER += discard class="Cross Site Scripting (Java)" # WARNING_FILTER += discard class="Cross Site Scripting In Error Message Web Page (Java)" # WARNING_FILTER += discard class="Cryptographic Algorithm with Risky Default Cipher (Java)" @@ -4136,6 +4154,7 @@ # WARNING_FILTER += discard class="'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument (C#)" # WARNING_FILTER += discard class="'ThreadStatic' only affects static fields (C#)" # WARNING_FILTER += discard class="== Always Fails Because Types Always Different (C#)" +# WARNING_FILTER += discard class="A constant is expected for the parameter (C#)" # WARNING_FILTER += discard class="Abs on random (C#)" # WARNING_FILTER += discard class="All members declared in parent interfaces must have an implementation in a DynamicInterfaceCastableImplementation-attributed interface (C#)" # WARNING_FILTER += discard class="Ambiguous Call from Inner Class (C#)" @@ -4147,7 +4166,9 @@ # WARNING_FILTER += discard class="Assignment in Conditional (C#)" # WARNING_FILTER += discard class="Asymmetric compareTo (C#)" # WARNING_FILTER += discard class="Avoid 'StringBuilder' parameters for P/Invokes (C#)" +# WARNING_FILTER += discard class="Avoid constant arrays as arguments (C#)" # WARNING_FILTER += discard class="Avoid infinite recursion (C#)" +# WARNING_FILTER += discard class="Avoid using 'Enumerable.Any()' extension method (C#)" # WARNING_FILTER += discard class="Avoid using cref tags with a prefix (C#)" # WARNING_FILTER += discard class="Avoid zero-length array allocations (C#)" # WARNING_FILTER += discard class="Bitwise AND on Boolean (C#)" @@ -4156,6 +4177,7 @@ # WARNING_FILTER += discard class="Bitwise OR on Boolean Constant (C#)" # WARNING_FILTER += discard class="Blocking in Critical Section (C#)" # WARNING_FILTER += discard class="Broad Throws Clause (C#)" +# WARNING_FILTER += discard class="Cache and reuse 'JsonSerializerOptions' instances (C#)" # WARNING_FILTER += discard class="Call Might Return Null (C#)" # WARNING_FILTER += discard class="CancellationToken parameters must come last (C#)" # WARNING_FILTER += discard class="Cast: Integer to Floating Point (C#)" @@ -4169,6 +4191,7 @@ # WARNING_FILTER += discard class="Comparison to Empty String (C#)" # WARNING_FILTER += discard class="Consider using 'StringBuilder.Append(char)' when applicable (C#)" # WARNING_FILTER += discard class="Consider using 'string.Contains' instead of 'string.IndexOf' (C#)" +# WARNING_FILTER += discard class="Copy-Paste Error" # WARNING_FILTER += discard class="Cross Site Scripting (C#)" # WARNING_FILTER += discard class="Cross Site Scripting In Error Message Web Page (C#)" # WARNING_FILTER += discard class="Cryptographic Algorithm with Risky Default Cipher (C#)" @@ -4195,6 +4218,7 @@ # WARNING_FILTER += discard class="Do Not Use Weak Cryptographic Algorithms (C#)" # WARNING_FILTER += discard class="Do Not Use XslTransform (C#)" # WARNING_FILTER += discard class="Do not assign a property to itself (C#)" +# WARNING_FILTER += discard class="Do not call Enumerable.Cast or Enumerable.OfType with incompatible types (C#)" # WARNING_FILTER += discard class="Do not call ToImmutableCollection on an ImmutableCollection value (C#)" # WARNING_FILTER += discard class="Do not declare event fields as virtual (C#)" # WARNING_FILTER += discard class="Do not declare protected member in sealed type (C#)" @@ -4211,6 +4235,7 @@ # WARNING_FILTER += discard class="Do not use 'OutAttribute' on string parameters for P/Invokes (C#)" # WARNING_FILTER += discard class="Do not use 'WaitAll' with a single task (C#)" # WARNING_FILTER += discard class="Do not use 'WhenAll' with a single task (C#)" +# WARNING_FILTER += discard class="Do not use ConfigureAwaitOptions.SuppressThrowing with Task (C#)" # WARNING_FILTER += discard class="Do not use Count() or LongCount() when Any() can be used (C#)" # WARNING_FILTER += discard class="Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used (C#)" # WARNING_FILTER += discard class="Do not use Enumerable methods on indexable collections (C#)" @@ -4247,12 +4272,12 @@ # WARNING_FILTER += discard class="Identifiers should not match keywords (C#)" # WARNING_FILTER += discard class="Ignored Return Value (C#)" # WARNING_FILTER += discard class="Ignored Return Value for Pure Function (C#)" -# WARNING_FILTER += discard class="Implement serialization constructors (C#)" # WARNING_FILTER += discard class="Impossible Client Side Locking (C#)" # WARNING_FILTER += discard class="Impossible reference comparison (C#)" # WARNING_FILTER += discard class="Improper 'ThreadStatic' field initialization (C#)" # WARNING_FILTER += discard class="Inappropriate Exception Handler (C#)" # WARNING_FILTER += discard class="Inappropriate Instanceof (C#)" +# WARNING_FILTER += discard class="Incorrect usage of ConstantExpected attribute (C#)" # WARNING_FILTER += discard class="Inefficient Bitwise AND (C#)" # WARNING_FILTER += discard class="Inefficient Bitwise OR (C#)" # WARNING_FILTER += discard class="Insecure Cookie (C#)" @@ -4306,9 +4331,10 @@ # WARNING_FILTER += discard class="Prefer IsEmpty over Count (C#)" # WARNING_FILTER += discard class="Prefer static 'HashData' method over 'ComputeHash' (C#)" # WARNING_FILTER += discard class="Prefer strongly-typed Append and Insert method overloads on StringBuilder (C#)" +# WARNING_FILTER += discard class="Prefer the 'IDictionary.TryAdd(TKey, TValue)' method (C#)" # WARNING_FILTER += discard class="Prefer the 'IDictionary.TryGetValue(TKey, out TValue)' method (C#)" # WARNING_FILTER += discard class="Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' (C#)" -# WARNING_FILTER += discard class="Prevent from behavioral change (C#)" +# WARNING_FILTER += discard class="Prevent behavioral change (C#)" # WARNING_FILTER += discard class="Property, type, or attribute requires runtime marshalling (C#)" # WARNING_FILTER += discard class="Provide ObsoleteAttribute message (C#)" # WARNING_FILTER += discard class="Provide a parameterless constructor that is as visible as the containing type for concrete types derived from 'System.Runtime.InteropServices.SafeHandle' (C#)" @@ -4375,6 +4401,7 @@ # WARNING_FILTER += discard class="Types that own disposable fields should be disposable (C#)" # WARNING_FILTER += discard class="Unchecked Parameter Dereference (C#)" # WARNING_FILTER += discard class="Unnecessary Field (C#)" +# WARNING_FILTER += discard class="Unnecessary call to 'Contains(item)' (C#)" # WARNING_FILTER += discard class="Unnecessary call to 'Dictionary.ContainsKey(key)' (C#)" # WARNING_FILTER += discard class="Unreachable Instruction (C#)" # WARNING_FILTER += discard class="Unsafe Session Expiration Time (C#)" @@ -4385,15 +4412,21 @@ # WARNING_FILTER += discard class="Unused Value: Actual Parameter (C#)" # WARNING_FILTER += discard class="Unused Value: Variable (C#)" # WARNING_FILTER += discard class="Unused Value: Write to Parameter (C#)" +# WARNING_FILTER += discard class="Use 'CompositeFormat' (C#)" # WARNING_FILTER += discard class="Use 'Environment.CurrentManagedThreadId' (C#)" # WARNING_FILTER += discard class="Use 'Environment.ProcessId' (C#)" # WARNING_FILTER += discard class="Use 'Environment.ProcessPath' (C#)" +# WARNING_FILTER += discard class="Use 'StartsWith' instead of 'IndexOf' (C#)" # WARNING_FILTER += discard class="Use 'ThrowIfCancellationRequested' (C#)" # WARNING_FILTER += discard class="Use 'string.Equals' (C#)" +# WARNING_FILTER += discard class="Use ArgumentException throw helper (C#)" +# WARNING_FILTER += discard class="Use ArgumentNullException throw helper (C#)" +# WARNING_FILTER += discard class="Use ArgumentOutOfRangeException throw helper (C#)" # WARNING_FILTER += discard class="Use AsSpan or AsMemory instead of Range-based indexers (C#)" # WARNING_FILTER += discard class="Use AsSpan or AsMemory instead of Range-based indexers for getting Span of an array (C#)" # WARNING_FILTER += discard class="Use AsSpan or AsMemory instead of Range-based indexers when appropriate (C#)" # WARNING_FILTER += discard class="Use Length/Count property instead of Count() when available (C#)" +# WARNING_FILTER += discard class="Use ObjectDisposedException throw helper (C#)" # WARNING_FILTER += discard class="Use PascalCase for named placeholders (C#)" # WARNING_FILTER += discard class="Use Rivest-Shamir-Adleman (RSA) Algorithm With Sufficient Key Size (C#)" # WARNING_FILTER += discard class="Use ValueTasks correctly (C#)" @@ -4402,12 +4435,17 @@ # WARNING_FILTER += discard class="Use XmlReader for 'XmlSerializer.Deserialize()' (C#)" # WARNING_FILTER += discard class="Use XmlReader for XPathDocument constructor (C#)" # WARNING_FILTER += discard class="Use XmlReader for XmlValidatingReader constructor (C#)" +# WARNING_FILTER += discard class="Use a cached 'SearchValues' instance (C#)" # WARNING_FILTER += discard class="Use char literal for a single character lookup (C#)" +# WARNING_FILTER += discard class="Use char overload, CA1865 (C#)" +# WARNING_FILTER += discard class="Use char overload, CA1866 (C#)" +# WARNING_FILTER += discard class="Use concrete types when possible for improved performance (C#)" # WARNING_FILTER += discard class="Use correct type parameter (C#)" # WARNING_FILTER += discard class="Use nameof to express symbol names (C#)" # WARNING_FILTER += discard class="Use of Same Seed (C#)" # WARNING_FILTER += discard class="Use ordinal string comparison (C#)" # WARNING_FILTER += discard class="Use span-based 'string.Concat' (C#)" +# WARNING_FILTER += discard class="Use the 'StringComparison' method overloads to perform case-insensitive string comparisons (C#)" # WARNING_FILTER += discard class="Use the LoggerMessage delegates (C#)" # WARNING_FILTER += discard class="Use valid platform string (C#)" # WARNING_FILTER += discard class="Useless Assignment (C#)" @@ -4469,6 +4507,7 @@ # WARNING_FILTER += discard class="Comparing a Value Against NaN Even Though No Value Is Equal to NaN (Staticcheck)" # WARNING_FILTER += discard class="Comparing the Address of a Variable Against Nil (Staticcheck)" # WARNING_FILTER += discard class="Converting a String to a Slice of Runes Before Ranging Over It (Staticcheck)" +# WARNING_FILTER += discard class="Copy-Paste Error" # WARNING_FILTER += discard class="Deferred 'Lock' Right After Locking, Likely Meant to Defer 'Unlock' Instead (Staticcheck)" # WARNING_FILTER += discard class="Deferring 'Close' Before Checking for a Possible Error (Staticcheck)" # WARNING_FILTER += discard class="Defers in Infinite Loops Will Never Execute (Staticcheck)" @@ -4602,6 +4641,7 @@ # WARNING_FILTER += discard class="Complex Condition (detekt)" # WARNING_FILTER += discard class="Complex Interface (detekt)" # WARNING_FILTER += discard class="Constructor Parameter Naming (detekt)" +# WARNING_FILTER += discard class="Copy-Paste Error" # WARNING_FILTER += discard class="Could Be Sequence (detekt)" # WARNING_FILTER += discard class="Cyclomatic Complex Method (detekt)" # WARNING_FILTER += discard class="Data Class Contains Functions (detekt)" @@ -4867,6 +4907,7 @@ # WARNING_FILTER += discard class="Consider Using With (Pylint)" # WARNING_FILTER += discard class="Consider Using in (Pylint)" # WARNING_FILTER += discard class="Continue in Finally (Pylint)" +# WARNING_FILTER += discard class="Copy-Paste Error" # WARNING_FILTER += discard class="Cyclic Import (Pylint)" # WARNING_FILTER += discard class="Dangerous Default Value (Pylint)" # WARNING_FILTER += discard class="Deprecated Argument (Pylint)" @@ -5240,6 +5281,7 @@ # WARNING_FILTER += discard class="Comparison Chain (Rust Clippy)" # WARNING_FILTER += discard class="Comparison to Empty (Rust Clippy)" # WARNING_FILTER += discard class="Copy Iterator (Rust Clippy)" +# WARNING_FILTER += discard class="Copy-Paste Error" # WARNING_FILTER += discard class="Crate in Macro Def (Rust Clippy)" # WARNING_FILTER += discard class="Create Dir (Rust Clippy)" # WARNING_FILTER += discard class="Crosspointer Transmute (Rust Clippy)" @@ -5889,6 +5931,7 @@ # WARNING_FILTER += discard class="Consistent Return (ESLint)" # WARNING_FILTER += discard class="Consistent This (ESLint)" # WARNING_FILTER += discard class="Constructor Super (ESLint)" +# WARNING_FILTER += discard class="Copy-Paste Error" # WARNING_FILTER += discard class="Curly (ESLint)" # WARNING_FILTER += discard class="Default Case (ESLint)" # WARNING_FILTER += discard class="Default Case Last (ESLint)" @@ -6177,6 +6220,7 @@ # WARNING_FILTER += discard class="Consistent Type Definitions (TS-ESLint)" # WARNING_FILTER += discard class="Consistent Type Exports (TS-ESLint)" # WARNING_FILTER += discard class="Consistent Type Imports (TS-ESLint)" +# WARNING_FILTER += discard class="Copy-Paste Error" # WARNING_FILTER += discard class="Default Param Last (TS-ESLint)" # WARNING_FILTER += discard class="Dot Notation (TS-ESLint)" # WARNING_FILTER += discard class="Explicit Function Return Type (TS-ESLint)" @@ -6333,6 +6377,7 @@ # WARNING_FILTER += allow class="Cast: Arithmetic Type/Void Pointer" # WARNING_FILTER += allow class="Cast: Non-integer Arithmetic Type/Object Pointer" # WARNING_FILTER += allow class="Cast: Object Pointers" +# WARNING_FILTER += allow class="Cast: Virtual Base to Derived" # WARNING_FILTER += allow class="Code Before #include" # WARNING_FILTER += allow class="Coercion: Integer Constant to Pointer" # WARNING_FILTER += allow class="Comment Suggests Code Unfinished" @@ -6366,6 +6411,7 @@ # WARNING_FILTER += allow class="Expression Value Widened by Other Operand" # WARNING_FILTER += allow class="Extern Array Without Size" # WARNING_FILTER += allow class="FILE* Dereference" +# WARNING_FILTER += allow class="Float Multiplication Overflow" # WARNING_FILTER += allow class="Float Pointer Conversion" # WARNING_FILTER += allow class="Float-typed Loop Counter" # WARNING_FILTER += allow class="Floating Point Equality" @@ -6382,6 +6428,7 @@ # WARNING_FILTER += allow class="High Cyclomatic Complexity (Procedure)" # WARNING_FILTER += allow class="High Risk Loop" # WARNING_FILTER += allow class="Implicit Address of Function" +# WARNING_FILTER += allow class="Implicit Constructor Shadowing" # WARNING_FILTER += allow class="Implicit Function Declaration" # WARNING_FILTER += allow class="Implicit Lambda Capture" # WARNING_FILTER += allow class="Implicit Pointer Type Conversion in Selection of C Generic" @@ -6395,11 +6442,13 @@ # WARNING_FILTER += allow class="Inappropriate Cast Type" # WARNING_FILTER += allow class="Inappropriate Cast Type: Expression" # WARNING_FILTER += allow class="Inappropriate Character Arithmetic" +# WARNING_FILTER += allow class="Inappropriate Comparison of Virtual Member Function" # WARNING_FILTER += allow class="Inappropriate Declaration in Global Namespace" # WARNING_FILTER += allow class="Inappropriate Operand Type" # WARNING_FILTER += allow class="Inappropriate Selection Type in C Generic" # WARNING_FILTER += allow class="Inappropriate Storage Duration" # WARNING_FILTER += allow class="Inappropriate Test of Error Code" +# WARNING_FILTER += allow class="Inappropriate Volatile Declaration" # WARNING_FILTER += allow class="Incomplete Function Prototype" # WARNING_FILTER += allow class="Inconsistent Alignment Specifications" # WARNING_FILTER += allow class="Inconsistent Chained Designator Initialization" @@ -6422,6 +6471,7 @@ # WARNING_FILTER += allow class="Lock/Unlock Mismatch" # WARNING_FILTER += allow class="Locked Twice" # WARNING_FILTER += allow class="Macro Defined in Function Body" +# WARNING_FILTER += allow class="Macro Defines Constant" # WARNING_FILTER += allow class="Macro Definition of Reserved Name" # WARNING_FILTER += allow class="Macro Does Not End With } or )" # WARNING_FILTER += allow class="Macro Does Not Start With { or (" @@ -6505,6 +6555,7 @@ # WARNING_FILTER += allow class="Octal Constant" # WARNING_FILTER += allow class="Out of Order Member Initializers" # WARNING_FILTER += allow class="Over-initialized Element" +# WARNING_FILTER += allow class="Override of Non-Virtual Method" # WARNING_FILTER += allow class="Partially Uninitialized Aggregate" # WARNING_FILTER += allow class="Partially Uninitialized Array" # WARNING_FILTER += allow class="Pointed-to Type Could Be const" @@ -6519,9 +6570,11 @@ # WARNING_FILTER += allow class="Preprocessing Directives in Macro Argument" # WARNING_FILTER += allow class="Recursion" # WARNING_FILTER += allow class="Recursive Macro" +# WARNING_FILTER += allow class="Register Keyword" # WARNING_FILTER += allow class="Restrict Qualifier Used" # WARNING_FILTER += allow class="Return from Computational Exception Signal Handler" # WARNING_FILTER += allow class="Returned Pointer Not Treated as const" +# WARNING_FILTER += allow class="Risky Atomic Memory Order" # WARNING_FILTER += allow class="Risky Integer Promotion" # WARNING_FILTER += allow class="Scope Could Be File Static" # WARNING_FILTER += allow class="Scope Could Be Local Static" @@ -6534,6 +6587,7 @@ # WARNING_FILTER += allow class="Side Effects in sizeof" # WARNING_FILTER += allow class="Signal Handler Entry Point" # WARNING_FILTER += allow class="Socket In Wrong State" +# WARNING_FILTER += allow class="Specialization after Use" # WARNING_FILTER += allow class="Static Array Parameter" # WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" # WARNING_FILTER += allow class="Subtraction Underflow of Size" @@ -6578,7 +6632,24 @@ # WARNING_FILTER += allow class="Unused Tag" # WARNING_FILTER += allow class="Unused Type" # WARNING_FILTER += allow class="Unused Variable" +# WARNING_FILTER += allow class="Use of #define" +# WARNING_FILTER += allow class="Use of #elif" +# WARNING_FILTER += allow class="Use of #elifdef" +# WARNING_FILTER += allow class="Use of #elifndef" +# WARNING_FILTER += allow class="Use of #else" +# WARNING_FILTER += allow class="Use of #endif" +# WARNING_FILTER += allow class="Use of #error" +# WARNING_FILTER += allow class="Use of #if" +# WARNING_FILTER += allow class="Use of #ifdef" +# WARNING_FILTER += allow class="Use of #ifndef" +# WARNING_FILTER += allow class="Use of #import" +# WARNING_FILTER += allow class="Use of #include" +# WARNING_FILTER += allow class="Use of #include_next" +# WARNING_FILTER += allow class="Use of #line" +# WARNING_FILTER += allow class="Use of #pragma" # WARNING_FILTER += allow class="Use of #undef" +# WARNING_FILTER += allow class="Use of #using" +# WARNING_FILTER += allow class="Use of #warning" # WARNING_FILTER += allow class="Use of Exception Handling Function" # WARNING_FILTER += allow class="Use of " # WARNING_FILTER += allow class="Use of " @@ -6612,6 +6683,7 @@ # WARNING_FILTER += allow class="Use of LoadLibrary" # WARNING_FILTER += allow class="Use of LoadModule" # WARNING_FILTER += allow class="Use of MoveFile" +# WARNING_FILTER += allow class="Use of NULL" # WARNING_FILTER += allow class="Use of Noreturn" # WARNING_FILTER += allow class="Use of OemToAnsi" # WARNING_FILTER += allow class="Use of OemToChar" @@ -6684,12 +6756,14 @@ # WARNING_FILTER += allow class="Use of scanf_s" # WARNING_FILTER += allow class="Use of set_constraint_handler_s" # WARNING_FILTER += allow class="Use of setjmp" +# WARNING_FILTER += allow class="Use of setlocale" # WARNING_FILTER += allow class="Use of setuid" # WARNING_FILTER += allow class="Use of signal" # WARNING_FILTER += allow class="Use of snprintf_s" # WARNING_FILTER += allow class="Use of snwprintf_s" # WARNING_FILTER += allow class="Use of sprintf_s" # WARNING_FILTER += allow class="Use of sscanf_s" +# WARNING_FILTER += allow class="Use of std::locale::global" # WARNING_FILTER += allow class="Use of strcat" # WARNING_FILTER += allow class="Use of strcat_s" # WARNING_FILTER += allow class="Use of strchr" @@ -6943,7 +7017,6 @@ # WARNING_FILTER += allow class="Review code for open redirect vulnerabilities (C#)" # WARNING_FILTER += allow class="Review code for process command injection vulnerabilities (C#)" # WARNING_FILTER += allow class="Review code for regex injection vulnerabilities (C#)" -# WARNING_FILTER += allow class="Review visible event handlers (C#)" # WARNING_FILTER += allow class="Seal methods that satisfy private interfaces (C#)" # WARNING_FILTER += allow class="Security Annotation Conflict (C#)" # WARNING_FILTER += allow class="Set HttpOnly to true for HttpCookie (C#)" @@ -6975,6 +7048,7 @@ # WARNING_FILTER += allow class="Use Secure Cookies In ASP.NET Core (C#)" # WARNING_FILTER += allow class="Use SharedAccessProtocol HttpsOnly (C#)" # WARNING_FILTER += allow class="Use antiforgery tokens in ASP.NET Core MVC controllers (C#)" +# WARNING_FILTER += allow class="Use char overload, CA1867 (C#)" # WARNING_FILTER += allow class="Use events where appropriate (C#)" # WARNING_FILTER += allow class="Use generic event handler instances (C#)" # WARNING_FILTER += allow class="Use literals where appropriate (C#)" @@ -8040,6 +8114,22 @@ #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY +## This odd-looking regex matches both the C library setlocale and the +## C++ library std::setlocale. It turns out that a call to the C++ +## library function may get inlined to a call to the C one. It is +## not known if we can always rely on that inlining. +#BAD_FUNCTION_REGEX = ^(std::)?setlocale(\(.*)?$ +#BAD_FUNCTION_MESSAGE = Use of setlocale + +## Note that when C++ names are matched, the string to be matched +## contains the parameter specifications too, so the full name will be +## something like "std::locale::global(const std::locale&)". +## Consequently we only anchor the beginning of the string so that if +## for some unlikely reason there are other overloads of the function +## we get warnings for those too. +#BAD_FUNCTION_REGEX = ^std::locale::global\( +#BAD_FUNCTION_MESSAGE = Use of std::locale::global + ## #### The following functions are forbidden by Misra C 2012 1.4. ## The Misra specification refers to Annex K. I gleaned the list of functions, ## types and macros from https://open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf. @@ -11627,14 +11717,14 @@ #RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^ImpersonateNamedPipeClient$ #RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^ImpersonateSecurityContext$ #RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^ImpersonateSelf$ -#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc99_)?_cscanf$ -#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc99_)?_[fs]tscanf$ -#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc99_)?f[tw]?scanf$ -#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc99_)?sw?scanf$ -#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc99_)?_tscanf$ -#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc99_)?v?[fs]scanf$ -#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc99_)?vftscanf$ -#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc99_)?[vw]?scanf$ +#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc.._)?_cscanf$ +#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc.._)?_[fs]tscanf$ +#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc.._)?f[tw]?scanf$ +#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc.._)?sw?scanf$ +#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc.._)?_tscanf$ +#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc.._)?v?[fs]scanf$ +#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc.._)?vftscanf$ +#RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^(__isoc.._)?[vw]?scanf$ #RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^jack_client_open$ #RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^jack_get_ports$ #RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^jack_port_register$ @@ -13517,34 +13607,45 @@ #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, printf, obstack_printf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, scanf, __isoc99__cscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, scanf, __isoc23__cscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, scanf, _cscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, wscanf, __isoc99_fwscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, wscanf, __isoc23_fwscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, wscanf, fwscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, __isoc99_fscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, __isoc23_fscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, fscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, wscanf, __isoc99_swscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, wscanf, __isoc23_swscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, wscanf, swscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, __isoc99_sscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, __isoc23_sscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, sscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, __isoc99_fscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, __isoc23_fscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, scanf, fscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, vscanf, __isoc99_vsscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, vscanf, __isoc23_vsscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, vscanf, vsscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, vscanf, __isoc99_vfscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, vscanf, __isoc23_vfscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, 3, vscanf, vfscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, scanf, __isoc99_scanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, scanf, __isoc23_scanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, scanf, scanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, vscanf, __isoc99_vscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, vscanf, __isoc23_vscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, vscanf, vscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, wscanf, __isoc99_wscanf +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, wscanf, __isoc23_wscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, 2, wscanf, wscanf #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, 4, printf, StringCchPrintfA @@ -13947,12 +14048,19 @@ # } # # If we set LOCK_FUNCTIONS += ^mylock$, the analysis will issue a -# "Missing Lock Release" in the body of function nounlock(). +# Missing Lock Release in the body of function nounlock(). # # If we do not specify that mylock is a lock function with -# LOCK_FUNCTIONS, the analysis will not issue a "Missing Lock -# Release" warning in the body of function nounlock(), but WILL -# issue a "Missing Lock Release" warning in the body of mylock(). +# LOCK_FUNCTIONS, the analysis will not issue a Missing Lock +# Release warning in the body of function nounlock(), but WILL +# issue a Missing Lock Release warning in the body of mylock(). +# +# Condition-wait functions should be identified with both +# LOCK_FUNCTIONS and UNLOCK_FUNCTIONS, because these functions +# release and subsequently reacquire the specified lock. For +# example: +# LOCK_FUNCTIONS += ^my_cond_wait$ +# UNLOCK_FUNCTIONS += ^my_cond_wait$ # # Functions that have library models identifying them as lock # acquirers do not need to be specified with LOCK_FUNCTIONS: they @@ -14007,15 +14115,22 @@ # } # # If we set UNLOCK_FUNCTIONS += ^myunlock$, the analysis will issue -# a "Missing Lock Acquisition" warning in the body of function +# a Missing Lock Acquisition warning in the body of function # nolock(). # -# If we do not use LOCK_FUNCTIONS specify that myunlock is a unlock -# function, the analysis will not issue a "Missing Lock -# Acquisition" warning in the body of function nounlock(), but WILL -# issue a "Missing Lock Acquisition" warning in the body of +# If we do not use LOCK_FUNCTIONS to specify that myunlock is a +# unlock function, the analysis will not issue a Missing Lock +# Acquisition warning in the body of function nolock(), but WILL +# issue a Missing Lock Acquisition warning in the body of # myunlock(). # +# Condition-wait functions should be identified with both +# LOCK_FUNCTIONS and UNLOCK_FUNCTIONS, because these functions +# release and subsequently reacquire the specified lock. For +# example: +# LOCK_FUNCTIONS += ^my_cond_wait$ +# UNLOCK_FUNCTIONS += ^my_cond_wait$ +# # Functions that have library models identifying them as lock # releasers do not need to be specified with UNLOCK_FUNCTIONS: they # will automatically be treated correctly. @@ -15986,6 +16101,7 @@ # - WC_IO.BRAW: Used by File Open for Both Read and Write # - WC_IO.RACE: Used by File System Race Condition # - WC_LANG.ARITH.FDIVZERO: Used by Float Division By Zero +# - WC_LANG.ARITH.FMULOFLOW: Used by Float Multiplication Overflow # - WC_MISC.FMT: Used by Format String # - WC_IO.INJ.FMT: Used by Format String Injection # - WC_MISC.FMTTYPE: Used by Format String Type Error @@ -16141,6 +16257,7 @@ # - File Open for Both Read and Write # - File System Race Condition # - Float Division By Zero +# - Float Multiplication Overflow # - Format String # - Format String Injection # - Format String Type Error @@ -18383,8 +18500,8 @@ # # Behavior # - Yes : CodeSonar will determine the essential type -# [doc/html/WarningClasses/MISRA.html#essential_type_category] of -# the actual parameters to the comparison and only issue Read +# [doc/html/WarningClasses/MISRA_C.html#essential_type_category] +# of the actual parameters to the comparison and only issue Read # Past Null Terminator warnings if both parameters are arrays # having essentially char type. # - No : CodeSonar will issue Read Past Null Terminator warnings @@ -18393,7 +18510,7 @@ # # Notes # Misra 2012 Rule 21.14 -# [doc/html/WarningClasses/MISRA.html#misra_2012__21.14] applies +# [doc/html/WarningClasses/MISRA_C.html#misra_2012__21.14] applies # only when the actual parameters to memcmp() are arrays having # essentially char type. Thus, the following code is technically # compliant (but violates other rules). @@ -18617,6 +18734,13 @@ ###### End of bad macros forbidden by Misra C 2012 1.4 +## NULL in C++ is forbidden by JSF++/AV 175 + +# The manifest entry will prevent this from triggering on C +# programs, only C++ +#BAD_MACRO_CLASS=Use of NULL +#BAD_MACRO_NAME=^NULL$ + # Parameter SIDE_EFFECT_FREE_FUNCTIONS # # Purpose @@ -21056,7 +21180,7 @@ # net452, net46, net461, net462, net47, net471, net472, net48, # netcoreapp1.0, netcoreapp1.1, netcoreapp2.0, netcoreapp2.1, # netcoreapp2.2, netcoreapp3.0, netcoreapp3.1, net5.0, net6.0, -# net7.0 } +# net7.0, net8.0 } # # Languages # C#