cwe-mapper: do not assign CWE to unknown events of Cppcheck

Reported-by: Steve Grubb
csutils · Apr 30, 2018 · 142ee3f · 142ee3f
1 parent 9ef50a2
commit 142ee3f
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/cwe-mapper.cc b/cwe-mapper.cc
@@ -128,18 +128,25 @@ bool CweMap::assignCwe(Defect &def) const {
     }
 
     // lookup by event
+    int &cweDst = def.cwe;
     const Private::TNumByEvent &row = rowIt->second;
     const DefEvent &evt = def.events[def.keyEventIdx];
     Private::TNumByEvent::const_iterator cweIt = row.find(evt.event);
     if (row.end() == cweIt) {
         if (!d->silent)
             std::cerr << "warning: CWE not found: checker = " << def.checker
                 << ", event = " << evt.event << "\n";
+
+        if (def.checker == "CPPCHECK_WARNING") {
+            // we cannot fallback to a random CWE that Cppcheck has mapping for
+            cweDst = 0;
+            return false;
+        }
+
         cweIt = row.begin();
     }
 
     const int cweSrc = cweIt->second;
-    int &cweDst = def.cwe;
     if (cweSrc == cweDst)
         // already assigned
         return true;