Stack Overflow
Stack Overflow

Questions tagged [static-code-analysis]

Static code analysis is the analysis of computer software that is performed without actually executing it.

According to Wikipedia, Static code analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as ). In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object (byte) code. The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension or .

510 questions
9
votes
2 answers

How to not forget to turn the Protractor to Angular sync on again?

We have a rather huge test codebase (about 10000 lines of javascript code) and in some situations, we need to turn Protractor-to-Angular synchronization off: browser.ignoreSynchronization = true; But, the problem is, from time to time we forget to…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
9
votes
2 answers

cppcheck How to suppress inline unmatched suppression?

I found that --suppress=unmatchedSuppression only suppresses unmatched suppression types in cppcheck options, but NOT unmatched inline suppressions. Is this the expected behavior? test.c Line 4 is wrong. It should be warned…
kgf3JfUtW
  • 13,702
  • 10
  • 57
  • 80
9
votes
1 answer

Writing Custom rules for cppcheck

I am using cppcheck for static analysis. To accelerate review process I want to set up cppcheck to look for some custom rules, for example to check if geter functions defined as a const. If anyone has experience in writing custom rules for cppcheck…
T M
  • 3,195
  • 2
  • 31
  • 52
9
votes
1 answer

Findbugs for Git Pull Request

Is there a way to setup Findbugs (or any other static code analysis tool) in Jenkins to analyse the incoming pull requests and compare the result with the main branch? My goal is to reject pull requests which increase the number of static code…
Malik Atalla
  • 193
  • 8
8
votes
1 answer

Integration of CMake with the Visual Studio 2017 C++ Core Guidelines Checker (CppCoreCheck)

I currently try to integrate the C++ Core Guidelines Checker (CppCoreCheck) of Visual Studio 2017 with the meta build system CMake using the Visual Studio 15 2017 Win64 generator. The following example illustrates my approach (I've tried to strip…
Florian Wolters
  • 3,820
  • 5
  • 35
  • 55
8
votes
0 answers

Any Static Application Security Testing (SAST) Tools for f#

Looking for open source tool for f# Have seen a few that support c#: https://pumascan.com/ https://security-code-scan.github.io/ But cant find any for f#. Just wonder do f# people do ci/cd and have a pipeline stage for static analysis and if so…
Noel
  • 5,037
  • 9
  • 46
  • 69
8
votes
2 answers

Static code analysis tool for .NET Core

I'm trying to find a static code analysis tool for the new .NET Core. There is ReSharper but I think .NET Core support is not really there yet. I'm not sure about other althernatives?
user1340582
  • 19,151
  • 35
  • 115
  • 171
8
votes
1 answer

Mixing datetime.strptime() arguments

It is quite a common mistake to mix up the datetime.strptime() format string and date string arguments using: datetime.strptime("%B %d, %Y", "January 8, 2014") instead of the other way around: datetime.strptime("January 8, 2014", "%B %d, %Y") Of…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
7
votes
5 answers

The Code Analysis-friendly way to dispose of objects

As part of our Visual Studio 2010 (primarly C# 4.0) development standards, we have Code Analysis turned on. As I am reviewing recently submitted code for a new project, I am seeing a ton of CA2000 : Microsoft.Reliability: In method 'XYZ', object…
SonOfPirate
  • 5,642
  • 3
  • 41
  • 97
7
votes
2 answers

Is there way to define required class members order in the .editorconfig file?

I use .editorconfig file to define code style rules in my .Net 5 solution. Is it possible to define required class members order in the .editorconfig? For example, public members should appear before private, non-static members should appear before…
Daniil Palii
  • 975
  • 9
  • 21
7
votes
2 answers

sonarLint complains "Null pointers should not be dereferenced (squid:S2259)" despite that possibility being handled

So I have an issue with SonarLint that I am not sure how to approach. let's say I have a class with a method public class Class(RemoteContext context) RemoteContext context = context; public void String method(String data) { …
user3219947
  • 85
  • 1
  • 1
  • 7
7
votes
4 answers

How to parse an C# assembly and extract every method

For my application I'd like to parse through an assembly and extract every method and store the name of the method and the source code in one of my objects (I defined in my code). where should I start to implement that? EDIT: From the answers &…
anon
7
votes
4 answers

Suppress warnings from CPD for C/C++ code

We are using PMD Copy Paste Detector (CPD) to analyze our C and C++ code. However, there are a few parts of the code that are very similar, but with a good reason and we would like to suppress the warnings for these parts. The documentation of PMD…
Arno Moonen
  • 1,134
  • 2
  • 10
  • 28
7
votes
5 answers

Extending homework testing platform to include code analysis (C/C++)

I'm maintaining/developing a platform for homework testing. It's mostly automatic. What I need to add now is code analysis. I need to check the code for specific constructs. For example: Does the file main.cpp contain a class named user with a…
Šimon Tóth
  • 35,456
  • 20
  • 106
  • 151
7
votes
3 answers

How to Suppress Gendarme Defects?

Is it possible to suppress a specific gendarme defect message? I would like to do this in the source code with a flag or something like it.
Juergen
  • 177
  • 10
1 2 3
33 34