CWE mapping fixes

[gtoison]

Updated some incorrect CWE mappings reported in #3123

[davewichers]

@gtoison - Thanks for this! Looks good. However, there must be a mapping of the rule FI_NULLIFY_SUPER to CWE-586. Can we find that and either remove it or change it to match this change? I'm guessing it's in the definition/implementation of the rule?

[gtoison]

FI_NULLIFY_SUPER was CWE-586 because the FI bugs were all CWE-586 by default:

spotbugs/spotbugs/etc/findbugs.xml

Line 704 in c4b3fa4

<BugCode abbrev="FI" cweid="586"/>

[davewichers]

OK. Makes sense. It might make sense to review every FI rule and make sure that rule belongs in either 568, or 586, or maybe neither?? Not sure how many FI rules there are or what they each do.

UPDATE: @gtoison - I just updated the original issue to also state: "UPDATE: The rule: FI_MISSING_SUPER_CALL, which says: "Finalizer does not call superclass finalizer" should be mapped to 568 as well." Can you fix the CWE ID for that rule too?

[gtoison]

Thanks, I have mapped FI_MISSING_SUPER_CALL to CWE 568.
Let me know if you find others!

[davewichers]

I have reviewed the other FI_ rules and they look fine to me. So I think you can submit this PR for merging by the spotbugs team. If I find other rules that are missing CWEid, or have them wrong, I'll create a separate issue for those, but I think this PR is good to go.