CSV output does not escape quotes

[davidmalcolm]

I attempted to parse the -csv output from splint, but ran into issues with quote characters in the text.

Example:

$ cat unconditional-file-leak.csv
Warning, Flag Code, Flag Name, Priority, File, Line, Column, Warning Text, Additional Text
1,136,internalglobs,1,examples/unconditional-file-leak.c,7,7,"Called procedure fopen may access file system state, but globals list does not include globals fileSystem","A called function uses internal state, but the globals list for the function being checked does not include internalState"
2,126,modfilesys,1,examples/unconditional-file-leak.c,7,7,"Undocumented modification of file system state possible from call to fopen: fopen(filename, "w")","report undocumented file system modifications (applies to unspecified functions if modnomods is set)"
3,136,internalglobs,1,examples/unconditional-file-leak.c,9,5,"Called procedure fprintf may access file system state, but globals list does not include globals fileSystem","A called function uses internal state, but the globals list for the function being checked does not include internalState"
4,126,modfilesys,1,examples/unconditional-file-leak.c,9,5,"Undocumented modification of file system state possible from call to fprintf: fprintf(f, "%i: %i", i, i * i)","report undocumented file system modifications (applies to unspecified functions if modnomods is set)"
5,2,nullpass,1,examples/unconditional-file-leak.c,9,14,"Possibly null storage f passed as non-null param: fprintf (f, ...)","A possibly null pointer is passed as a parameter corresponding to a formal parameter with no /*@null@*/ annotation.  If NULL may be used for this parameter, add a /*@null@*/ annotation to the function parameter declaration."
6,182,forblock,1,examples/unconditional-file-leak.c,9,5,"Body of for statement is not a block: fprintf(f, "%i: %i", i, i * i);","Loop body is a single statement, not a compound block."
7,300,fcnuse,1,examples/unconditional-file-leak.c,3,6,"Function test declared but not used","A function is declared but not used. Use /*@unused@*/ in front of function header to suppress message."
8,295,exportheader,1,examples/unconditional-file-leak.c,3,6,"Function test exported but not declared in header file","A declaration is exported, but does not appear in a header file."

Note how warning 4:

4,126,modfilesys,1,examples/unconditional-file-leak.c,9,5,"Undocumented modification of file system state possible from call to fprintf: fprintf(f, "%i: %i", i, i * i)","report undocumented file system modifications (applies to unspecified functions if modnomods is set)"

has " characters embedded within the "Warning Text" field (where the source-under-test is quoted), making it difficult to parse.

Presumably the string fields should have quote characters escaped somehow on printing (though how is open to debate; see e.g. https://www.python.org/dev/peps/pep-0305/#managing-different-dialects )

[davidmalcolm]

FWIW I was able to implement a partial workaround in my parser; see
fedora-static-analysis/firehose@fd0e0a8

[tuppi-ovh]

I will try to take in account this issue. I propose to manage it at the same maner as it is done in Libre Office:

4,126,modfilesys,1,examples/unconditional-file-leak.c,9,5,"Undocumented modification of file system state possible from call to fprintf: fprintf(f, ""%i: %i"", i, i * i)","report undocumented file system modifications (applies to unspecified functions if modnomods is set)"

So, a quote " in the body is replaced by a double-qoute "".