Skip to content

CPP-6157 Fix discrepancies between MQR and severity for CFamily rules #4669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Feb 20, 2025
Merged

CPP-6157 Fix discrepancies between MQR and severity for CFamily rules #4669

merged 6 commits into from
Feb 20, 2025

Conversation

frederic-tingaud-sonarsource
Copy link
Contributor

We noticed multiple discrepancies between MQR and defaultSeverity. This PR fixes those on CFamily-specific rules

@frederic-tingaud-sonarsource frederic-tingaud-sonarsource added the cfamily C / C++ / Objective-C label Feb 18, 2025
@frederic-tingaud-sonarsource frederic-tingaud-sonarsource changed the title Fix discrepencies between MQR and severity for CFamily rules CPP-6157 Fix discrepencies between MQR and severity for CFamily rules Feb 18, 2025
@loic-joly-sonarsource loic-joly-sonarsource changed the title CPP-6157 Fix discrepencies between MQR and severity for CFamily rules CPP-6157 Fix discrepancies between MQR and severity for CFamily rules Feb 19, 2025
loic-joly-sonarsource
loic-joly-sonarsource requested changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@loic-joly-sonarsource loic-joly-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very unpleasant PR to review. Those levels are quite difficult to determine, and it's hard to reach any level of confidence in the estimation process...

rules/S7032/cfamily/metadata.json
@@ -17,7 +17,7 @@
"quickfix": "infeasible",
"code": {
"impacts": {
"MAINTAINABILITY": "HIGH"
"MAINTAINABILITY": "MEDIUM"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH seems ok for me here. I really don't understand the fact that HIGH and CRITICAL are related. Or to say in another way, in non-MQR mode, the names cover a 2 dimension design space, while in MQR mode, they convey a single dimension scale...

Anyways, I think there is a high impact / low likelihood risk there, in the case where the mutex is not locked.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I put it as MEDIUM because I disagree with the mutex not locked case: creating an unnamed lock would be exactly the same bug outside an if and we already catch it with S5184

loic-joly-sonarsource
loic-joly-sonarsource approved these changes Feb 19, 2025
View reviewed changes
@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed for 'rspec-frontend'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed for 'rspec-tools'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@frederic-tingaud-sonarsource frederic-tingaud-sonarsource merged commit fdf295d into master Feb 20, 2025
8 of 9 checks passed
@frederic-tingaud-sonarsource frederic-tingaud-sonarsource deleted the ft/mqr-cfamily branch February 20, 2025 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@loic-joly-sonarsource loic-joly-sonarsource loic-joly-sonarsource approved these changes

Assignees
No one assigned
Labels
cfamily C / C++ / Objective-C
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@frederic-tingaud-sonarsource @loic-joly-sonarsource