SonarOpenCommunity · guwirth · Dec 20, 2022 · Dec 20, 2022
diff --git a/cxx-sensors/src/main/resources/cppcheck.xml b/cxx-sensors/src/main/resources/cppcheck.xml
@@ -2106,9 +2106,14 @@ Negative array index
     <name>Memory allocation size is negative</name>
     <description>
       <![CDATA[
-Memory allocation size is negative.Negative allocation size has no specified behaviour.
+      <p>
+Memory allocation size is negative.
+</p>
+<h2>References</h2>
+<p><a href="https://cwe.mitre.org/data/definitions/131.html" target="_blank">CWE-131: Incorrect Calculation of Buffer Size</a></p>
 ]]>
     </description>
+    <tag>cwe</tag>
     <type>BUG</type>
     <remediationFunction>LINEAR</remediationFunction>
     <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
@@ -8487,7 +8492,7 @@ Variable 'x' can be declared with const
   </rule>
   <rule>
     <key>constParameter</key>
-    <name>Variable 'x' can be declared with const</name>
+    <name>Parameter 'x' can be declared with const</name>
     <description>
       <![CDATA[
 <p>
@@ -8987,8 +8992,8 @@ missing return statement
     <name>Member variable 'classname::varnamepriv' is not assigned in the copy constructor</name>
     <description><![CDATA[
       <p>
-Member variable 'classname::varnamepriv' is not assigned in the copy
-constructor. Should it be copied?
+Member variable 'classname::varnamepriv' is not assigned in the move
+constructor. Should it be moved?
 </p>
 <h2>References</h2>
 <p><a href="https://cwe.mitre.org/data/definitions/398.html" target="_blank">CWE-398: 7PK - Code Quality</a></p>
@@ -8999,6 +9004,102 @@ constructor. Should it be copied?
     <remediationFunction>LINEAR</remediationFunction>
     <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
     </rule>
+  <!-- ########### New in Cppcheck 2.90 ########### -->
+  <rule>
+    <key>constParameterCallback</key>
+    <name>Parameter 'x' can be declared with const, however it seems that 'f' is a callback function</name>
+    <description><![CDATA[
+      Parameter 'x' can be declared with const, however it seems that 'f' is a callback function.
+      ]]></description>
+    <severity>MINOR</severity>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
+    </rule>
+  <!-- ########### Internal Cppcheck errors (not in errorlist) ########### -->
+  <rule>
+    <key>internalAstError</key>
+    <name>Internal Error: AST</name>
+    <description>
+      Syntax Error: AST broken or maximum AST depth exceeded.
+    </description>
+    <internalKey>internalAstError</internalKey>
+    <severity>INFO</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>    
+    </rule>  
+   <rule>
+    <key>syntaxError</key>
+    <name>Internal Error: Syntax error</name>
+    <description>
+      Cppcheck cannot tokenize the code correctly: unsupported syntax or invalid code.
+    </description>
+    <internalKey>syntaxError</internalKey>
+    <severity>INFO</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>     
+    </rule>
+   <rule>
+    <key>"unknownMacro</key>
+    <name>Internal Error: Unkown macro</name>
+    <description>
+      There is an unknown macro here somewhere. Configuration is required. If 'token' is a macro then please configure it.
+    </description>
+    <internalKey>"unknownMacro</internalKey>
+    <severity>INFO</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>     
+    </rule>
+  <rule>
+    <key>cppcheckError</key>
+    <name>Internal Error</name>
+    <description>
+      Analysis failed. If the code is valid then please report this failure.
+    </description>
+    <internalKey>cppcheckError</internalKey>
+    <severity>INFO</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>     
+    </rule>
+  <rule>
+    <key>cppcheckLimit</key>
+    <name>Internal Error: Internal limit</name>
+    <description>
+      Internal limit: CheckLeakAutoVar::checkScope() Maximum recursive count of 1000 reached.
+    </description>
+    <internalKey>cppcheckLimit</internalKey>
+    <severity>INFO</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>     
+    </rule>
+  <rule>
+    <key>instantiationError</key>
+    <name>Internal Error: Instantiation error</name>
+    <description>
+      Instantiation error: Divide by zero in template instantiation.
+    </description>
+    <internalKey>instantiationError</internalKey>
+    <severity>INFO</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>     
+    </rule>
+  <rule>
+    <key>unmatchedSuppression</key>
+    <name>Internal Error: Unmatched suppression</name>
+    <description>
+      Unmatched suppression: unusedFunction.
+    </description>
+    <internalKey>unmatchedSuppression</internalKey>
+    <severity>INFO</severity>
+    <type>BUG</type>
+    <remediationFunction>LINEAR</remediationFunction>
+    <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>     
+    </rule>    
   <!-- ########### Misra Rules ########### -->
   <rule>
     <key>misra-c2012-1.1</key>

diff --git a/cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java b/cxx-sensors/src/test/java/org/sonar/cxx/sensors/cppcheck/CxxCppCheckRuleRepositoryTest.java
@@ -37,7 +37,7 @@ void createRulesTest() {
     def.define(context);
 
     RulesDefinition.Repository repo = context.repository(CxxCppCheckRuleRepository.KEY);
-    assertThat(repo.rules()).hasSize(666);
+    assertThat(repo.rules()).hasSize(674);
   }
 
 }
diff --git a/cxx-sensors/src/tools/cwec_latest.xml.zip b/cxx-sensors/src/tools/cwec_latest.xml.zip
diff --git a/cxx-sensors/src/tools/generate_cppcheck_resources.cmd b/cxx-sensors/src/tools/generate_cppcheck_resources.cmd
@@ -5,7 +5,7 @@ SET SCRIPT_DIR=%~dp0
 SET CPPCHECK_DIR=C:\Program Files\Cppcheck\
 SET PYTHON_DIR=C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python37_64\
 
-SET CPPCHECK_LIBRARY_ARGS=--library=avr.cfg --library=bento4.cfg --library=boost.cfg --library=bsd.cfg --library=cairo.cfg --library=cppunit.cfg --library=dpdk.cfg --library=embedded_sql.cfg --library=gnu.cfg --library=googletest.cfg --library=gtk.cfg --library=kde.cfg --library=libcerror.cfg --library=libcurl.cfg --library=libsigc++.cfg --library=lua.cfg --library=mfc.cfg--library=microsoft_atl.cfg --library=microsoft_sal.cfg --library=microsoft_unittest.cfg --library=motif.cfg --library=nspr.cfg --library=opencv2.cfg --library=opengl.cfg --library=openmp.cfg --library=openssl.cfg --library=posix.cfg --library=python.cfg --library=qt.cfg --library=ruby.cfg --library=sdl.cfg --library=sfml.cfg --library=sqlite3.cfg --library=std.cfg --library=tinyxml2.cfg --library=vcl.cfg --library=windows.cfg --library=wxwidgets.cfg --library=zlib.cfg
+SET CPPCHECK_LIBRARY_ARGS=--library=avr.cfg --library=bento4.cfg --library=boost.cfg --library=bsd.cfg --library=cairo.cfg --library=cppunit.cfg --library=dpdk.cfg --library=embedded_sql.cfg --library=gnu.cfg --library=googletest.cfg --library=gtk.cfg --library=kde.cfg --library=libcerror.cfg --library=libcurl.cfg --library=libsigc++.cfg --library=lua.cfg --library=mfc.cfg --library=microsoft_atl.cfg --library=microsoft_sal.cfg --library=microsoft_unittest.cfg --library=motif.cfg --library=nspr.cfg --library=opencv2.cfg --library=opengl.cfg --library=openmp.cfg --library=openssl.cfg --library=posix.cfg --library=python.cfg --library=qt.cfg --library=ruby.cfg --library=sdl.cfg --library=sfml.cfg --library=sqlite3.cfg --library=std.cfg --library=tinyxml2.cfg --library=vcl.cfg --library=windows.cfg --library=wxwidgets.cfg --library=zlib.cfg
 
 rem download cwec_latest.xml.zip and extract it to unzip cwec_vx.y.xml
 rem wget https://cwe.mitre.org/data/xml/cwec_latest.xml.zip --output-document=cwec_latest.xml.zip && unzip -j -o cwec_latest.xml.zip
@@ -16,7 +16,7 @@ ECHO create Cppcheck errorlist cppcheck-errorlist.xml...
 "%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 > cppcheck-errorlist.xml
 
 ECHO create SonarQube rules file cppcheck.xml...
-"%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 | "%PYTHON_DIR%python.exe" cppcheck_createrules.py rules cwec_v4.6.xml > cppcheck.xml
+"%CPPCHECK_DIR%cppcheck.exe" %CPPCHECK_LIBRARY_ARGS% --errorlist --xml-version=2 | "%PYTHON_DIR%python.exe" cppcheck_createrules.py rules cwec_v4.9.xml > cppcheck.xml
 
 ECHO create cppcheck-comparison.md...
 "%PYTHON_DIR%python.exe" utils_createrules.py comparerules "%SCRIPT_DIR%\..\main\resources\cppcheck.xml" .\cppcheck.xml > cppcheck-comparison.md