CWE tag support for PCLint

[mohiadeenbatcha]

Is your feature request related to a problem? Please describe.
PCLint rule that we created on the CXX plugin is not linked the CWE standards, so the security report is showing null even if there are pclint related issues in the code.

This is needed to have the security report that is generated for all the software security validations like CWE , OWASP.

For now, CXX plugin is missing this mapping and the security reports which we get is empty with no findings even with failures on the code.

Describe the solution you'd like
Would like to map the PCLint failures with security tags like CWE, OWASP .. and get the report with proper ratings of the related failures

Additional context
This is the report if we use the in-built plugin that generates the ratings for the code failures we have

This is the report that is generated with CXX plugin

Please check and let me know whether we are missing some configuration to enable this.

Thanks in advance

[guwirth]

Hi @mohiadeenbatcha,

Thanks for your feedback!

The cxx plugin is a collaboration of different contributors. The rules are defined in this file https://github.com/SonarOpenCommunity/sonar-cxx/blob/master/cxx-sensors/src/main/resources/pclint.xml. Indeed the tags are missing. I’m not familiar wit pclint and can’t add it. Maybe you can provide the tags? Last changes on this file are all older https://github.com/search?q=repo%3ASonarOpenCommunity%2Fsonar-cxx+pclint&type=issues

A sample is https://github.com/SonarOpenCommunity/sonar-cxx/blob/master/cxx-sensors/src/main/resources/cppcheck.xml

https://github.com/SonarOpenCommunity/sonar-cxx/blob/master/cxx-sensors/src/main/resources/rules.xsd

Regards,

[guwirth]

For Cppcheck we have a Python script to generate the rules:
https://github.com/SonarOpenCommunity/sonar-cxx/blob/master/cxx-sensors/src/tools/cppcheck_createrules.py