msg-filters: added filter for too-many event in csdiff

Resolves: issues.redhat.com/browse/OSH-496

Added filter and test for error[too-many] findings in csdiff in order to apply the filter deterministically even if the location and the number of occurrences vary

Author: jperezdealgaba

src/lib/msg-filter.cc

@@ -78,6 +78,8 @@ MsgFilter::MsgFilter():
     d(new Private)
 {
     d->addMsgFilter("", "[0-9][0-9]* out of [0-9][0-9]* times");
+    // abstract out the occurrences and rate limit in error[too-many] findings
+    d->addMsgFilter("", "[0-9]+ (occurrences of warning\\[.*\\] exceeded the specified limit) [0-9]+", "NNNN \\1 NNNN");
     d->addMsgFilter("UNUSED_VALUE",
             "\\(instance [0-9]+\\)");
     d->addMsgFilter("STRING_OVERFLOW",

tests/csdiff/CMakeLists.txt

@@ -90,5 +90,6 @@ test_csdiff(diff-misc 22-kernel-zstream-path)
 test_csdiff(diff-misc 23-cov-parser-key-event)
 test_csdiff(diff-misc 24-shellcheck-line-content)
 test_csdiff(diff-misc 25-llvm-17-path-filter)
+test_csdiff(diff-misc 26-too-many-events-filter)
 
 add_subdirectory(filter-file)

tests/csdiff/diff-misc/26-too-many-events-filter-add-z.err

@@ -0,0 +1,7 @@
+Error: SNYK_CODE_WARNING (CWE-89):
+sqlite-src-3260000/tool/speedtest8.c:219:11: error[cpp/Sqli]: Unsanitized input from a file flows into sqlite3_prepare_v2, where it is used in an SQL query. This may result in an SQL injection vulnerability.
+#  217|             nStmt++;
+#  218|             nByte += n;
+#  219|->           prepareAndRun(db, &zSql[i], bQuiet);
+#  220|           }
+#  221|           zSql[j] = ';';

tests/csdiff/diff-misc/26-too-many-events-filter-add.err

@@ -0,0 +1,7 @@
+Error: SNYK_CODE_WARNING (CWE-89):
+sqlite-src-3260000/tool/speedtest8.c:219:11: error[cpp/Sqli]: Unsanitized input from a file flows into sqlite3_prepare_v2, where it is used in an SQL query. This may result in an SQL injection vulnerability.
+#  217|             nStmt++;
+#  218|             nByte += n;
+#  219|->           prepareAndRun(db, &zSql[i], bQuiet);
+#  220|           }
+#  221|           zSql[j] = ';';

tests/csdiff/diff-misc/26-too-many-events-filter-fix-z.err

@@ -0,0 +1,11 @@
+Error: SNYK_CODE_WARNING (CWE-190):
+<unknown>: error[too-many]: 1573 occurrences of warning[cpp/IntegerOverflow] exceeded the specified limit 1024
+sqlite-src-3260000/tsrc/testfile3.c:1304:5: note: 573 occurrences of warning[cpp/IntegerOverflow] were discarded because of this
+
+Error: SNYK_CODE_WARNING (CWE-89):
+sqlite-src-3260000/tool/speedtest8.c:219:11: error[cpp/Sqli]: Unsanitized input from a file flows into sqlite3_prepare_v2, where it is used in an SQL query. This may result in an SQL injection vulnerability.
+#  217|             nStmt++;
+#  218|             nByte += n;
+#  219|->           prepareAndRun(db, &zSql[i], bQuiet);
+#  220|           }
+#  221|           zSql[j] = ';';

tests/csdiff/diff-misc/26-too-many-events-filter-fix.err

@@ -0,0 +1,3 @@
+Error: SNYK_CODE_WARNING (CWE-190):
+<unknown>: error[too-many]: 1573 occurrences of warning[cpp/IntegerOverflow] exceeded the specified limit 1024
+sqlite-src-3260000/tsrc/fts3.c:1304:5: note: 573 occurrences of warning[cpp/IntegerOverflow] were discarded because of this