Feature Request: MITRE's CWE classification

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

Feature Request: MITRE's CWE classification

Forum: Development

Creator: Roberto Martelloni

Created: 2015-04-17

Updated: 2025-01-14

Roberto Martelloni - 2015-04-17

Hi,

I think it will be beneficial to have as attribute (in the XML reports) or wherever for each weakness reported by the tool the relevant CWE ID.

Developers, using cppcheck will have so the chance to refer to external documentation to better understand the weakness type.

Are there any change to have that feature implement in the next release ?

Many Thanks,
R.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Marjamäki - 2021-01-05

We have it.. example error:

<error id="zerodiv" severity="error" msg="Division by zero." verbose="Division by zero." cwe="369" hash="11467244067432474819"> <location file="1.c" line="1" column="13" info="Division by zero"/> </error>

Don't you get the cwe attribute in your output?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Jiyoun - 2025-01-14
  
  Do I need a separate option when running in cmd line to see the results like the example you gave?
  
  I'd really appreciate it if you could give me an answer.
  
  Last edit: Jiyoun 2025-01-14
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CHR - 2025-01-14

--xml gives the XML output.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.