msg-filter: abstract out numbers from error[too-many] findings

jperezdealgaba · kdudka · commit 3c764eb4bd0f · 2024-06-14T16:02:09.000+02:00
Abstract out the number of occurrences and configured rate limit in `error[too-many]` findings. Resolves: https://issues.redhat.com/browse/OSH-496 Closes: #188
diff --git a/src/lib/msg-filter.cc b/src/lib/msg-filter.cc
@@ -78,6 +78,11 @@ MsgFilter::MsgFilter():
     d(new Private)
 {
     d->addMsgFilter("", "[0-9][0-9]* out of [0-9][0-9]* times");
+
+    // abstract out the number of occurrences and rate limit in error[too-many] findings
+    d->addMsgFilter("", "^[0-9]+ (occurrences of warning\\[.*\\] exceeded the specified limit) [0-9]+$",
+            "NNNN \\1 NNNN");
+
     d->addMsgFilter("UNUSED_VALUE",
             "\\(instance [0-9]+\\)");
     d->addMsgFilter("STRING_OVERFLOW",
diff --git a/tests/csdiff/CMakeLists.txt b/tests/csdiff/CMakeLists.txt
@@ -90,5 +90,6 @@ test_csdiff(diff-misc 22-kernel-zstream-path)
 test_csdiff(diff-misc 23-cov-parser-key-event)
 test_csdiff(diff-misc 24-shellcheck-line-content)
 test_csdiff(diff-misc 25-llvm-17-path-filter)
+test_csdiff(diff-misc 26-too-many-events-filter)
 
 add_subdirectory(filter-file)
diff --git a/tests/csdiff/diff-misc/26-too-many-events-filter-add-z.err b/tests/csdiff/diff-misc/26-too-many-events-filter-add-z.err
@@ -0,0 +1,7 @@
+Error: SNYK_CODE_WARNING (CWE-89):
+sqlite-src-3260000/tool/speedtest8.c:219:11: error[cpp/Sqli]: Unsanitized input from a file flows into sqlite3_prepare_v2, where it is used in an SQL query. This may result in an SQL injection vulnerability.
+#  217|             nStmt++;
+#  218|             nByte += n;
+#  219|->           prepareAndRun(db, &zSql[i], bQuiet);
+#  220|           }
+#  221|           zSql[j] = ';';
diff --git a/tests/csdiff/diff-misc/26-too-many-events-filter-add.err b/tests/csdiff/diff-misc/26-too-many-events-filter-add.err
@@ -0,0 +1,7 @@
+Error: SNYK_CODE_WARNING (CWE-89):
+sqlite-src-3260000/tool/speedtest8.c:219:11: error[cpp/Sqli]: Unsanitized input from a file flows into sqlite3_prepare_v2, where it is used in an SQL query. This may result in an SQL injection vulnerability.
+#  217|             nStmt++;
+#  218|             nByte += n;
+#  219|->           prepareAndRun(db, &zSql[i], bQuiet);
+#  220|           }
+#  221|           zSql[j] = ';';
diff --git a/tests/csdiff/diff-misc/26-too-many-events-filter-fix-z.err b/tests/csdiff/diff-misc/26-too-many-events-filter-fix-z.err
diff --git a/tests/csdiff/diff-misc/26-too-many-events-filter-fix.err b/tests/csdiff/diff-misc/26-too-many-events-filter-fix.err
diff --git a/tests/csdiff/diff-misc/26-too-many-events-filter-new.err b/tests/csdiff/diff-misc/26-too-many-events-filter-new.err
@@ -0,0 +1,15 @@
+Error: SNYK_CODE_WARNING (CWE-190):
+<unknown>: error[too-many]: 1573 occurrences of warning[cpp/IntegerOverflow] exceeded the specified limit 1024
+sqlite-src-3260000/tsrc/testfile3.c:1304:5: note: 573 occurrences of warning[cpp/IntegerOverflow] were discarded because of this
+
+Error: SNYK_CODE_WARNING (CWE-190):
+<unknown>: error[memleak]: 1573 occurrences of warning[cpp/memleak] exceeded the specified limit 1024
+sqlite-src-3260000/tsrc/testfile3.c:1304:5: note: 573 occurrences of warning[cpp/IntegerOverflow] were discarded because of this
+
+Error: SNYK_CODE_WARNING (CWE-89):
+sqlite-src-3260000/tool/speedtest8.c:219:11: error[cpp/Sqli]: Unsanitized input from a file flows into sqlite3_prepare_v2, where it is used in an SQL query. This may result in an SQL injection vulnerability.
+#  217|             nStmt++;
+#  218|             nByte += n;
+#  219|->           prepareAndRun(db, &zSql[i], bQuiet);
+#  220|           }
+#  221|           zSql[j] = ';';
diff --git a/tests/csdiff/diff-misc/26-too-many-events-filter-old.err b/tests/csdiff/diff-misc/26-too-many-events-filter-old.err
@@ -0,0 +1,7 @@
+Error: SNYK_CODE_WARNING (CWE-190):
+<unknown>: error[too-many]: 1573 occurrences of warning[cpp/IntegerOverflow] exceeded the specified limit 1024
+sqlite-src-3260000/tsrc/fts3.c:1304:5: note: 573 occurrences of warning[cpp/IntegerOverflow] were discarded because of this
+
+Error: SNYK_CODE_WARNING (CWE-190):
+<unknown>: error[memleak]: 15173 occurrences of warning[cpp/memleak] exceeded the specified limit 102123
+sqlite-src-3260000/tsrc/testfile3.c:1304:5: note: 573 occurrences of warning[cpp/IntegerOverflow] were discarded because of this
