bail out when -rule-file input has an invalid severity

danmar · Mar 30, 2024 · 5319f3a · 5319f3a
1 parent a8f1f9e
commit 5319f3a
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 1 deletion.
diff --git a/cli/cmdlineparser.cpp b/cli/cmdlineparser.cpp
@@ -1148,6 +1148,11 @@ CmdLineParser::Result CmdLineParser::parseFromArgs(int argc, const char* const a
                             return Result::Fail;
                         }
 
+                        if (rule.severity == Severity::none) {
+                            mLogger.printError("unable to load rule-file '" + ruleFile + "' - a rule has an invalid severity.");
+                            return Result::Fail;
+                        }
+
                         rule.regex = std::make_shared<Regex>(rule.pattern);
                         const std::string regex_err = rule.regex->compile();
                         if (!regex_err.empty()) {

diff --git a/lib/cppcheck.cpp b/lib/cppcheck.cpp
@@ -1169,7 +1169,7 @@ void CppCheck::executeRules(const std::string &tokenlist, const TokenList &list)
     }
 
     for (const Settings::Rule &rule : mSettings.rules) {
-        if (rule.severity == Severity::none || rule.tokenlist != tokenlist)
+        if (rule.tokenlist != tokenlist)
             continue;
 
         if (!mSettings.quiet) {

diff --git a/lib/errortypes.cpp b/lib/errortypes.cpp
@@ -72,6 +72,7 @@ std::string severityToString(Severity severity)
     throw InternalError(nullptr, "Unknown severity");
 }
 
+// TODO: bail out on invalid severity
 Severity severityFromString(const std::string& severity)
 {
     if (severity.empty())

diff --git a/test/testcmdlineparser.cpp b/test/testcmdlineparser.cpp
@@ -350,6 +350,8 @@ class TestCmdlineParser : public TestFixture {
         TEST_CASE(ruleFileUnknownTokenList);
         TEST_CASE(ruleFileInvalidPattern);
         TEST_CASE(ruleFileMissingId);
+        TEST_CASE(ruleFileInvalidSeverity1);
+        TEST_CASE(ruleFileInvalidSeverity2);
 #else
         TEST_CASE(ruleFileNotSupported);
 #endif
@@ -2369,6 +2371,34 @@ class TestCmdlineParser : public TestFixture {
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parser->parseFromArgs(3, argv));
         ASSERT_EQUALS("cppcheck: error: unable to load rule-file 'rule.xml' - a rule is lacking an id.\n", logger->str());
     }
+
+    void ruleFileInvalidSeverity1() {
+        REDIRECT;
+        ScopedFile file("rule.xml",
+                        "<rule>\n"
+                        "<pattern>.+</pattern>\n"
+                        "<message>\n"
+                        "<severity/>"
+                        "</message>\n"
+                        "</rule>\n");
+        const char * const argv[] = {"cppcheck", "--rule-file=rule.xml", "file.cpp"};
+        ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parser->parseFromArgs(3, argv));
+        ASSERT_EQUALS("cppcheck: error: unable to load rule-file 'rule.xml' - a rule has an invalid severity.\n", logger->str());
+    }
+
+    void ruleFileInvalidSeverity2() {
+        REDIRECT;
+        ScopedFile file("rule.xml",
+                        "<rule>\n"
+                        "<pattern>.+</pattern>\n"
+                        "<message>\n"
+                        "<severity>none</severity>"
+                        "</message>\n"
+                        "</rule>\n");
+        const char * const argv[] = {"cppcheck", "--rule-file=rule.xml", "file.cpp"};
+        ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parser->parseFromArgs(3, argv));
+        ASSERT_EQUALS("cppcheck: error: unable to load rule-file 'rule.xml' - a rule has an invalid severity.\n", logger->str());
+    }
 #else
     void ruleFileNotSupported() {
         REDIRECT;