[cfe-dev] Map of bug types to CWE categories
George Karpenkov via cfe-dev
cfe-dev at lists.llvm.org
Thu May 10 16:25:01 PDT 2018
Hi Zubin,
To the best of my knowledge such mapping does not exist.
Moreover, we do not even provide unique error codes for the analyzer warnings,
making the problem even more complicated — but that is something that we would
potentially address soon.
George
> On May 9, 2018, at 7:59 AM, Zubin Mevawalla via cfe-dev <cfe-dev at lists.llvm.org> wrote:
>
> Has anyone created a mapping of the clang static analyzer's bug types
> to CWE categories?
>
> For example the bug type, "Undefined allocation of 0 bytes (CERT
> MEM04-C; CWE-131)", contains the CWE category in the label. Just
> wondering if this info was already compiled anywhere for the other bug
> types.
>
> Thanks.
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list