Suspicious use of non-localized string in GUI function

Localized String checker is used to check for the use of non-localized strings in user facing functions. Generally, all strings that are shown to the user in one form or another have to be localized. These can be simple labels or button titles, or more complex strings that are constructed at run-time from format strings and data.
Important: This is an experimental checker.

Custom Knowledge Base (KB)

Klocwork uses Knowledge-Base to determine the functions used as sources for strings and the functions used to display information to the user. Therefore, there are two types of KB records:
  1. Source KB (LS.SRC): Functions that return strings

    sprintf - LS.SRC 1:$1:1

    The first argument of sprintf will be a string

  2. Sink KB (xLS): Functions that display information to the user.

    print_string - xLS 1:$1:1

    The function print_string is a function that prints strings to the user.

For more details about Knowledge Base, see C/C++ knowledge base reference

Code example

1    int main()
2    {
3        const char* nonLocalizedString = “Hello World”;
4        print_string(nonLocalizedString); // Line 4. LS.CALL
5        return 0;
6    }
Klocwork produces a Localized String report for line 4 indicating that there is a potential call to GUI functions using a non-localized string.
Note: In order for the tool to know that print_string is a GUI function, the above code should be run with a KB that has the following record: print_string - xLS 1:$1:1

Related checkers