Add initial support for Rust static analysis via Clippy

[peterkmg]

This pull request adds support for Rust static analysis using Clippy. It introduces a new Clippy analyzer, integrates it into the analyzer selection and execution flow.

Integration surface

Existing implementation and integration points for analyzers highly favours C/C++ tools which have specific per-file invocation patterns. Clippy, and Rust tooling in general, is designed to run at the Cargo project level, consuming a Cargo manifest.

Least problematic approach to integration that I've found that preserves existing analyzer flow is to extend the analyze cli command, so it can also accept a direct Cargo.toml (Cargo manifest) input.

General usage example:

CodeChecker analyze /path/to/project/Cargo.toml \
  --analyzers clippy \
  -o /tmp/project-clippy

The input must be the manifest file itself, not the project directory. If analyze points to a Cargo manifest and no analyzer is specified, clippy is selected automatically, since it is currently the only analyzer supported for this input type. If another analyzer is explicitly requested with Cargo manifest input, analysis fails with an error.

Since most of analyze command parameters are flat and not dependant on the analyzer selected, some options are not meaningful for Cargo manifest input, but it is still possible to pass extra arguments to Cargo and Clippy through --analyzer-config parameter.

CodeChecker analyze /path/to/project/Cargo.toml \
  --analyzers clippy \
  --analyzer-config clippy:cargo-args-file=/path/to/cargo-args.txt \
  --analyzer-config clippy:cc-verbatim-args-file=/path/to/clippy-args.txt \
  -o /tmp/project-clippy

For example, if cargo-args.txt contains:

--workspace --all-targets

and clippy-args.txt contains:

-W clippy::pedantic -A clippy::too_many_arguments

CodeChecker runs the equivalent of:

cargo clippy \
  --message-format=json \
  --manifest-path /path/to/project/Cargo.toml \
  --workspace \
  --all-targets \
  -- \
  -W clippy::pedantic \
  -A clippy::too_many_arguments

Arguments from cargo-args-file are passed to cargo clippy before --. Arguments from cc-verbatim-args-file are passed after --, where clippy/rustc lint flags are expected.

After analysis, you can use parse or store commands as usual to process the results.

Diagnostic categories

Clippy run preserves rustc diagnostics as well. Even if project fails to compile due to code issues, output will contain rustc-E* diagnostics, which are emitted with CRITICAL severity. This allows the Clippy analyzer to provide compiler diagnostics and Clippy lints in one run.

Generally all diagnostics is split into three major categories:

• rustc-E* - emitted by rustc, with CRITICAL severity. It is emitted when compilation fails, and contains diagnostics related to compilation errors.
• rustc-* - emitted by rustc, with LOW severity and contains diagnostics related to warnings and other non-error messages.
• clippy-* - emitted by Clippy, with LOW severity and contains diagnostics related to Clippy lints.

Finer control

Currently, Clippy lint rule names are not exposed as first-class CodeChecker checkers. Clippy’s lint rule set depends on the installed Rust toolchain, target, project configuration, and enabled lint groups, so maintaining a static list of all supported checkers is not a trivial task.

Instead, this integration exposes stable checker groups:

• clippy
• rustc

These groups can be enabled or disabled through the existing checker configuration flow, while individual emitted diagnostics still preserve their concrete checker names, such as clippy-unnecessary-map-or or rustc-E0308.

This could be improved in the future by adding support for dynamic checkers emitted by analyzers at runtime.

Report conversion

Even though libraries such as sarif-rs exist, which can convert Clippy output (among other tools) to SARIF format which is already supported by CodeChecker, in reality for Clippy specifically it is a thin wrapper around the JSON output emitted by Cargo. Therefore instead of adding an extra dependency and conversion step, the Clippy analyzer directly parses Cargo JSON output, extracts relevant information, and emits CodeChecker plist format.

Testing

Changes are covered by analyzer and report-converter tests for the new Clippy flow, including command construction, configuration handling, diagnostic conversion, and edge cases around Cargo JSON output.

Manual end-to-end validation was also done using the built CodeChecker binary to analyze a real Rust project, parse the generated reports, and store them into a running CodeChecker server.

Documentation

Documentation changes are not included in this PR. If the implementation approach is accepted, I can attempt to prepare a follow-up PR with the necessary documentation updates.