Updating clangsa sei cert mapping for clang 18

dkrupp · dkrupp · commit c43d348788a5 · 2024-05-07T14:53:33.000+02:00
The association of SEI CERT C and C++ Coding Standard Rules
are updated for the Clang Static Analyzer version 18.
diff --git a/config/labels/analyzers/clangsa.json b/config/labels/analyzers/clangsa.json
@@ -90,10 +90,8 @@
     ],
     "alpha.cplusplus.ArrayDelete": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#alpha-cplusplus-arraydelete-c",
-      "guideline:sei-cert",
       "profile:extreme",
       "profile:sensitive",
-      "sei-cert:exp51-cpp",
       "severity:HIGH"
     ],
     "alpha.cplusplus.ContainerModeling": [
@@ -245,18 +243,15 @@
       "profile:sensitive",
       "profile:security",
       "profile:extreme",
-      "severity:HIGH",
-      "sei-cert:pos34-c"
+      "severity:HIGH"
     ],
     "alpha.security.cert.env.InvalidPtr": [
       "doc_url:https://releases.llvm.org/17.0.1/tools/clang/docs/analyzer/checkers.html#alpha-security-cert-env-invalidptr",
       "profile:default",
       "profile:sensitive",
       "profile:extreme",
       "profile:security",
-      "severity:MEDIUM",
-      "sei-cert:env31-c",
-      "sei-cert:env34-c"
+      "severity:MEDIUM"
     ],
     "alpha.security.taint.TaintPropagation": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#alpha-security-taint-taintpropagation-c-c",
@@ -342,6 +337,7 @@
       "profile:extreme",
       "profile:sensitive",
       "sei-cert:int34-c",
+      "sei-cert:int32-c",
       "severity:HIGH"
     ],
     "core.CallAndMessage": [
@@ -358,7 +354,6 @@
       "sei-cert:exp50-cpp",
       "sei-cert:exp53-cpp",
       "sei-cert:exp54-cpp",
-      "sei-cert:exp57-cpp",
       "severity:HIGH"
     ],
     "core.CallAndMessageModeling": [
@@ -388,7 +383,6 @@
       "profile:extreme",
       "profile:sensitive",
       "sei-cert:exp34-c",
-      "sei-cert:mem34-c",
       "severity:HIGH"
     ],
     "core.NonnilStringConstants": [
@@ -402,12 +396,14 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "sei-cert:arr30-c",
-      "sei-cert:dcl38-c",
+      "sei-cert:exp34-c",
       "severity:HIGH"
     ],
     "core.StackAddrEscapeBase": [
       "guideline:sei-cert",
+      "sei-cert:dcl30-c",
+      "sei-cert:exp54-cpp",
+      "sei-cert:exp61-cpp",
       "profile:default",
       "profile:extreme",
       "profile:sensitive"
@@ -419,6 +415,7 @@
       "profile:sensitive",
       "sei-cert:dcl30-c",
       "sei-cert:exp54-cpp",
+      "sei-cert:exp61-cpp",
       "severity:HIGH"
     ],
     "core.UndefinedBinaryOperatorResult": [
@@ -427,11 +424,8 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
+      "sei-cert:exp50-cpp",
       "sei-cert:exp33-c",
-      "sei-cert:exp36-c",
-      "sei-cert:exp53-cpp",
-      "sei-cert:int32-c",
-      "sei-cert:int34-c",
       "severity:HIGH"
     ],
     "core.VLASize": [
@@ -460,35 +454,45 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
+      "guideline:sei-cert",
+      "sei-cert:exp33-c",
       "severity:HIGH"
     ],
     "core.uninitialized.Assign": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-assign-c",
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:HIGH"
+      "severity:HIGH",
+      "guideline:sei-cert",
+      "sei-cert:exp33-c"
     ],
     "core.uninitialized.Branch": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-branch-c",
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:HIGH"
+      "severity:HIGH",
+      "guideline:sei-cert",
+      "sei-cert:exp33-c"
     ],
     "core.uninitialized.CapturedBlockVariable": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-capturedblockvariable-c",
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:HIGH"
+      "severity:HIGH",
+      "guideline:sei-cert",
+      "sei-cert:exp33-c"
     ],
     "core.uninitialized.NewArraySize": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-newarraysize-c",
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:HIGH"
+      "severity:HIGH",
+      "guideline:sei-cert",
+      "sei-cert:exp33-c"
     ],
     "core.uninitialized.UndefReturn": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#core-uninitialized-undefreturn-c",
@@ -549,7 +553,6 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "sei-cert:exp62-cpp",
       "sei-cert:mem51-cpp",
       "severity:HIGH"
     ],
@@ -574,7 +577,9 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:MEDIUM"
+      "severity:MEDIUM",
+      "guideline:sei-cert",
+      "sei-cert:oop54-cpp"
     ],
     "cplusplus.SmartPtrModeling": [
       "profile:default",
@@ -586,7 +591,9 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:HIGH"
+      "severity:HIGH",
+      "guideline:sei-cert",
+      "sei-cert:str51-cpp"
     ],
     "cplusplus.VirtualCallModeling": [
       "profile:default",
@@ -598,7 +605,9 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:LOW"
+      "guideline:sei-cert",
+      "severity:LOW",
+      "sei-cert:msc12-c"
     ],
     "debug.AnalysisOrder": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#debug-analysisorder"
@@ -693,7 +702,9 @@
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-core-enumcastoutofrange-c-c",
       "profile:extreme",
       "profile:sensitive",
-      "severity:MEDIUM"
+      "severity:MEDIUM",
+      "sei-cert:mem54-cpp",
+      "guideline:sei-cert"     
     ],
     "optin.cplusplus.UninitializedObject": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#optin-cplusplus-uninitializedobject-c",
@@ -840,7 +851,8 @@
       "profile:security",
       "severity:MEDIUM",
       "sei-cert:env31-c",
-      "sei-cert:env34-c"
+      "sei-cert:env34-c",
+      "guideline:sei-cert"
     ],
     "security.FloatLoopCounter": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-floatloopcounter-c",
@@ -924,6 +936,8 @@
     "security.insecureAPI.strcpy": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-strcpy-c",
       "profile:extreme",
+      "sei-cert:str31-c",
+      "guideline:sei-cert",
       "severity:MEDIUM"
     ],
     "security.insecureAPI.vfork": [
@@ -940,7 +954,9 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:MEDIUM"
+      "severity:MEDIUM",
+      "sei-cert:exp37-c",
+      "guideline:sei-cert"
     ],
     "unix.DynamicMemoryModeling": [
       "profile:default",
@@ -951,7 +967,9 @@
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-errno-c",
       "profile:sensitive",
       "profile:extreme",
-      "severity:HIGH"
+      "severity:HIGH",
+      "guideline:sei-cert",
+      "sei-cert:err30-c"
     ],
     "unix.Malloc": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-malloc-c",
@@ -962,6 +980,8 @@
       "sei-cert:mem30-c",
       "sei-cert:mem31-c",
       "sei-cert:mem34-c",
+      "sei-cert:mem35-c",
+      "sei-cert:mem36-c",
       "severity:MEDIUM"
     ],
     "unix.MallocSizeof": [
@@ -988,7 +1008,11 @@
       "profile:extreme",
       "profile:sensitive",
       "profile:security",
-      "severity:HIGH"
+      "severity:HIGH",
+      "guideline:sei-cert",
+      "sei-cert:err33-c",
+      "sei-cert:pos52-c",
+      "sei-cert:arr38-c"
     ],
     "unix.Vfork": [
       "doc_url:https://clang.llvm.org/docs/analyzer/checkers.html#unix-vfork-c",
@@ -1004,7 +1028,9 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:MEDIUM"
+      "severity:MEDIUM",
+      "sei-cert:str31-c",
+      "guideline:sei-cert"
     ],
     "unix.cstring.CStringModeling": [
       "profile:default",
@@ -1016,7 +1042,9 @@
       "profile:default",
       "profile:extreme",
       "profile:sensitive",
-      "severity:MEDIUM"
+      "severity:HIGH",
+      "guideline:sei-cert",
+      "sei-cert:exp34-c"
     ],
     "valist.CopyToSelf": [
       "profile:default",
