codechecker icon indicating copy to clipboard operation
codechecker copied to clipboard

Published 20 hours ago verified publisher icon Ericsson

[config] Add severity mappings for Cppcheck

Open coolhill opened this issue 3 years ago • 4 comments

This is needed in order to sort and visualize Cppcheck results by severity when converted(report-converter) and stored into a codechecker database.

coolhill avatar Jul 15 '21 09:07 coolhill

Any duplicates is there bc somewhat different checker naming conventions between the tools (capitalization). Severities levels collected from official SEI cert page. L1, L2, L3 = HIGH, MEDIUM, LOW

coolhill avatar Jul 15 '21 09:07 coolhill

Hm. If we are to support severities for external analysers, then this flat structure of the severity map file will bite us in the backside. It should be changed to have a two-level structure, i.e. first grouped by analyser identifier, and then by checker name.

In addition, these changes as of now conflict with #3367, because these new records are not part of the ClangSA/Tidy suite, and as such, aren't reported by CodeChecker checkers, which will make the job report them as "obsolete but existing records".

whisperity avatar Jul 15 '21 10:07 whisperity

@whisperity @bruntib already working on it to restructure these configuration files. The patch #3233 is still under discussion but I hope that until the next release it will be merged.

csordasmarton avatar Jul 15 '21 12:07 csordasmarton

it makes sense to map severities from the actual severity column and not the level. although I did read something different internally on applying sei cert. anyways it is a simple fix so now HIGH, MEDIUM, LOW = HIGH, MEDIUM, LOW

on a side-note it might be worth noticing that env33-c/ENV33-C and msc30-c/MSC30-C still differ between the tools

coolhill avatar Jul 28 '21 11:07 coolhill