Cppcheck rules are using 'Discourged' as well as unexpected CWE mappings

[Dave Wichers]

I'd recommend going through all the rules and their CWE mappings and moving
any CWEs that are marked 'Discouraged' or 'Prohibited' (Don't know if there
are any prohibited mappings), so the ones being used are not marked
'Discouraged' or 'Prohibited'.

As examples, these rules use 'Discouraged' CWEs:

• arrayIndexOutofBounds is mapped to CWE 788 (CWE - CWE-788: Access of
  Memory Location After End of Buffer (4.18)
  https://cwe.mitre.org/data/definitions/788.html) - Maybe should be
  mapped to 125 or 787 if you can tell if its a read or a write.
• bufferAccessOutOfBounds also to 788
• And I suspect there are many more.

I also noticed a number of unexpected CWE mappings:

• nullPointerRedundantCheck mapped to 476 (seems string) Seems more like
  Poor Code Quality.
• pointerOutOfBounds mapped to 758 (Seems like a strange mapping) seems
  like it should be 788, 125, or 787.
• The noCopyConstructor and noExplicitConstructor rules are mapped to
  398 but seem like they should be mapped to CWE-1098: Data Element
  containing Pointer Item without Proper Copy Control Element
• resourceLeak is mapped to CWE-775 but seems like it should be mapped
  to CWE-772: Missing Release of Resource after Effective Lifetime
• uninitMemberVar is mapped to 398 but seems like it should be mapped to
  457 like uninitdata and uninitvar are.
• unsafeClassCanLeak is mapped to CWE 398 but seems like it should be
  mapped to CWE-401: Missing Release of Memory after Effective Lifetime, or
  something similar

Can you research to see if other mappings for these would be more accurate?

Thanks, Dave