static-analysis
Here are 844 public repositories matching this topic...
<?php\n
\n
/**\n
* @file\n
* TODO: Enter file description here.\n
*/\n
\n
/**\n
* Implements hook_hook_info().\n
*/\n
function testmodule8b_hook_info() {\n
Gets me this:
array:1 [
0 => PhpParser\Node\Stmt\Function_ {#219
// SNIP
#attributes: array:3 [
"startLine" => 11
"comments" => array:2 [
0 => PhpParser\Comment\Doc {#212
When using mvn clean compile, everything goes well.
But when using infer -- mvn clean compile, report error:
Error loading property file '****/${env}.properties
Target Project URL: https://github.com/shuzheng/zheng
Feature request
Hello,
I known we must go one level per level on existing project, but for new project there is the question "Which level I want to enforce without being too hard and assuring minimum clean code".
I think level 2 is great for minmum clean code, level 5 is more great and > 5 needs typehint, from what i gather on searching on internet.
It would be nice that in the docum
One thing that's super useful for new users is code examples. Right now, the biggest problem for someone to start using PHP_CodeSniffer is lack of a list of available Sniffers with their options and examples. From what I know to get a list of all sniffs right now, you have to go through source code in src/Standards, and it's exhausting. Something like [mlocati/phpPHP-cs-fixer-configurator](htt
-
Updated
Mar 9, 2020 - Rust
-
Updated
Mar 9, 2020
Is your feature request related to a problem? Please describe.
The sanitize_sql method signature is designed to receive an array with ["sql template", *values] that it uses for quoting and replacing placeholders.
When a string is passed instead of an array, sanitize_sql is a no-op, and the original string is returned unchanged.
Describe the solution you'd like
Queries lik
As you may have read in this blog post, we plan to deprecate TSLint in 2019 and support the migration to ESLint as the standard linter for both TypeScript & JavaScript. This will not be an immediate deprecation; on the contrary, there is a lot of work to do to ensure a smooth transition to the new tooling without any regressions. There are
If you're requesting a new feature/enhancement, explain why you'd like it to be added and it's importance.
Is your feature request related to a problem? Please describe.
isCleartextTrafficPermitted returns whether cleartext network traffic (e.g. HTTP, FTP, XMPP, IMAP, SMTP -- without TLS or STARTTLS) is permitted for communicating with a specific hostname for this process.
**Describe th
[iOS Tool] Needle
Describe the issue
Needle doesn't seem to be maintained anymore. The last update was > 1 year and no issues have been answered this year. It also doesnt' seem to work on iOS JB devices with Chimera. FSecureLABS/needle#273
We should review where we use Needle and if other tools are a better alternative (e.g. objection, passionfruit).
Split from checkstyle/checkstyle#3773 and identified at checkstyle/checkstyle#7114 (comment) ,
maven-checkstyle-plugin uses Checkers and TreeWalkers setClassLoader method and can't be completely removed until the plugin stops using it. See https://github.com/apache/maven-checkstyle-plugin/blob/57cf9696cfd1fb0d4de5842bea050b9aa4026
Not sure how javadoc is managed currently. But I hope this could save some effort on every release.
Basically https://javadoc.io/doc/com.google.errorprone/error_prone_annotation will always point to the latest version published to JCenter / Central Maven.
Or you can add a badge with versions always up to date:
`[. It was also removed in uopz 5.0
internal/reflection_completeness_check.php will help if uopz is installed.
-
Updated
Mar 9, 2020 - Python
-
Updated
Mar 9, 2020 - C#
As an experiment, I implemented part of NilCheck using the RuboCop system. I found the node patterns and matcher macros very nice and useful.
More information here: https://github.com/bbatsov/rubocop/blob/f5fed30d4106c8aff7dd27ffef947def530deae1/manual/node_pattern.md
The documentation equates two kinds of attribute declarations:
explicit:
class Derp:
attribute: int = 1
@property
def property(self) -> int: ...and implicit:
class Derp:
def __init__(self):
self.attribute: int = 1Those two things are not about explicit v
All the other categories have one-line descriptions on https://staticcheck.io/docs/checks, ST does not.
Summary
For more readability it will be great to add more lines in the rule code section (like in Bandit)
Steps to reproduce the behavior
- Scan some code and get report
Expected behavior
{
"severity": "HIGH",
"confidence": "HIGH",
"rule_id": "G402",
"details": "TLS InsecureSkipVerify set true.",
"file": "request.go"Tell us about your environment
- ESLint version: 5.16.0
- eslint-plugin-vue version: 5.2.2
- Node version: 10.16.0
Please show your full configuration:
These three should not have any errors:
/**
* @template T
* @template U
* @param callable(T): U $predicate
* @return Closure(iterable<T>): iterable<U>
*/
function map(callable $predicate): callable {
return function($iter) use ($predicate): iterable {
foreach ($iter as $key => $value) {
yield $key => $predicate($value);
}
};
}-
Updated
Mar 9, 2020 - C++
Rule:
DoNotUseThreads
Description:
The documentation in here still shows Runnable as a problematic pattern. However, according to this issue this is no longer the case. Running the t
Reactor support?
Reactor is starting to gain some traction so would it be possible to get something like RxNullabilityPropagator to support it?
The pylint docs are currently hosted at pylint.pycqa.org. This doesn't support HTTPS as the certificate used is for *.readthedocs.io:
➜ curl -LIsv https://pylint.pycqa.org/
* Trying 104.208.221.96:443...
* TCP_NODELAY set
* Connected to pylint.pycqa.org (104.208.221.96) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certif
-
Updated
Mar 6, 2020 - Go
Improve this page
Add a description, image, and links to the static-analysis topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the static-analysis topic, visit your repo's landing page and select "manage topics."
For bugs
SC2012
shellcheck --versionor "online"):Any
Specifically, SC2012 wiki should cover the case where ls is being used just to get the number of files matching a certain literal or glob pattern, rather than propagating th