Rules for CWE-134,135,190 in cppcheck tool

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

Rules for CWE-134,135,190 in cppcheck tool

Forum: General Discussion

Creator: Kothuru Avinash

Created: 2017-09-21

Updated: 2018-05-08

Kothuru Avinash - 2017-09-21

Hi,
I am new with security assessment. As part of performance testing, we want to analyze the security vulnerabilities in code. Hence we decided to validate with cppcheck tool and run through our code. Where the tool showed actual issues. But, mainly we are looking for CWE-134,135,190. Where I didn't find in the cppcheck release. Can anyone please provide the details to inlcude these id's/rules in the tool. Hence It may solve my problem

Thanks for the replies.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

versat - 2018-05-08

You can call Cppcheck with the parameter --errorlist and you will get a list of issues Cppcheck can detect and their CWE id if there is one.
I have not found 134 and 135 but 190:

<error id="integerOverflow" severity="error" msg="Signed integer overflow for expression ''." verbose="Signed integer overflow for expression ''." cwe="190"/>

Since it has the error severity you do not have to enable it explicitly. Just look for integerOverflow issues in the results.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.