From b586eba4a498af3ab156f59376344958d8d20db1 Mon Sep 17 00:00:00 2001 From: Christian-Gibbons Date: Sat, 10 Mar 2018 05:44:55 -0500 Subject: Handle flawfinder severity level (#1400) * Handle flawfinder severity level * Reverted code allowing Flawfinder to piggyback off of gcc's format handler * Gave Flawfinder its own format handler and made requested changes. --- autoload/ale/handlers/flawfinder.vim | 47 ++++++++++++++++++++++++++++++++++++ autoload/ale/handlers/gcc.vim | 2 +- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 autoload/ale/handlers/flawfinder.vim (limited to 'autoload') diff --git a/autoload/ale/handlers/flawfinder.vim b/autoload/ale/handlers/flawfinder.vim new file mode 100644 index 00000000..a650d6dd --- /dev/null +++ b/autoload/ale/handlers/flawfinder.vim @@ -0,0 +1,47 @@ +" Author: Christian Gibbons +" Description: This file defines a handler function that should work for the +" flawfinder format with the -CDQS flags. + +" Swiped this function from the GCC handler. Not sure if needed, but doesn't +" hurt to have it. +function! s:RemoveUnicodeQuotes(text) abort + let l:text = a:text + let l:text = substitute(l:text, '[`´‘’]', '''', 'g') + let l:text = substitute(l:text, '\v\\u2018([^\\]+)\\u2019', '''\1''', 'g') + let l:text = substitute(l:text, '[“”]', '"', 'g') + + return l:text +endfunction + +function! ale#handlers#flawfinder#HandleFlawfinderFormat(buffer, lines) abort + " Look for lines like the following. + " + " :12:4: [2] (buffer) char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + " :31:4: [1] (buffer) strncpy:Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). + let l:pattern = '\v^([a-zA-Z]?:?[^:]+):(\d+):(\d+)?:? ( \[[0-5]\] [^:]+):(.+)$' + let l:output = [] + + for l:match in ale#util#GetMatches(a:lines, l:pattern) + " Use severity level to determine if it should be considered a warning + " or error. + let l:severity = str2nr(matchstr(split(l:match[4])[0], '[0-5]')) + + let l:item = { + \ 'lnum': str2nr(l:match[2]), + \ 'col': str2nr(l:match[3]), + \ 'type': (l:severity < ale#Var(a:buffer, 'c_flawfinder_error_severity')) + \ ? 'W' : 'E', + \ 'text': s:RemoveUnicodeQuotes(join(split(l:match[4])[1:]) . ': ' . l:match[5]), + \} + + " If the filename is something like , or -, then + " this is an error for the file we checked. + if l:match[1] isnot# '-' && l:match[1][0] isnot# '<' + let l:item['filename'] = l:match[1] + endif + + call add(l:output, l:item) + endfor + + return l:output +endfunction diff --git a/autoload/ale/handlers/gcc.vim b/autoload/ale/handlers/gcc.vim index 7f2078a4..9ec7b110 100644 --- a/autoload/ale/handlers/gcc.vim +++ b/autoload/ale/handlers/gcc.vim @@ -24,7 +24,7 @@ function! ale#handlers#gcc#HandleGCCFormat(buffer, lines) abort " :8:5: warning: conversion lacks type at end of format [-Wformat=] " :10:27: error: invalid operands to binary - (have ‘int’ and ‘char *’) " -:189:7: note: $/${} is unnecessary on arithmetic variables. [SC2004] - let l:pattern = '\v^([a-zA-Z]?:?[^:]+):(\d+):(\d+)?:? ([^:]+): ?(.+)$' + let l:pattern = '\v^([a-zA-Z]?:?[^:]+):(\d+):(\d+)?:? ([^:]+): (.+)$' let l:output = [] for l:match in ale#util#GetMatches(a:lines, l:pattern) -- cgit v1.2.3