coverity

问题 We use Coverity's Scan Build service for free and open source projects. I am working through two Coverity findings on tainted parameters ( TAINTED_SCALAR ). The taint is a false positive, so I am trying to instrument the code with Coverity's __coverity_tainted_data_sanitize__ to clear the issue. I want to guard the code that needs to use __coverity_tainted_data_sanitize__ because the function is only used with analysis builds using Coverity's cov-build tool. That is, I want to do something

问题 I've registered a project with coverity-scan in the past. I would now like to remove that project from coverity-scan (or at least from my dashboard; but preferrably i'd like to remove the project entirely). I'm stuck as there seems to be no such option in the web-interface. am i missing something? 回答1: You can't. I've just asked Coverity's support to delete one and got the reply: We generally do not delete projects from SCAN as we keep aggregate metrics on the projects. 回答2: There's a "Delete

问题 Neither g++ (4.4 and 4.6) nor clang++ (3.2) nor coverity, with -Wall and -Wextra (+ some others) or -Weverything respectively gives me a warning for the following code snippet: class B { char *t2; char *t; public: B() : t2(t), t(new char[100]) {} }; I would at least expect a small warning about the usage of uninitialized (member-) variables. Is there something I'm missing? Is this a wanted "no-warning"-scenario. I have (now had) at least one bug in my software which was hard to find. EDIT :

问题 I'm looking for a std travis coverity setup for a rails application. My current .travis.yml file looks like this: # environment settings env: - DB=sqlite - DB=mysql - DB=postgresql env: global: # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created # via the "travis encrypt" command using the project repo's public key - secure: "<SECURE>" # project language language: ruby rvm: - 2.3.1 # branches to build (whitelist) branches: only: - master - coverity_scan - testing # command to

问题 I'm using coverity (5.5.1) (among others) to harden my code. I stumbled over a problem and now I have doubts that my setup of coverity is not complete. Have a look at this example: class A { int _a,_b; public: A(int b) : _a(_b), _b(b) { } }; int main(void) { A *a1 = new A(5); delete a1; A a2(5); return 0; } As can be seen I'm using _b to initialize _a before it is initialized with b . In this question I learned that it would be "nice to have" such a warning issued by the compiler or any other

问题 UPDATE: See the solution in Caleb's answer I am trying really hard to make Coverity work for my build, but so far with little success. First the details: My project is run of the mill java library (no web or fancy containers), very few compile-only dependencies, built using Gradle The production code is written in Java and Kotlin The complete project is available on github: https://github.com/ddimtirov/nuggets And on Coverity Scan: https://scan.coverity.com/projects/ddimtirov-nuggets?tab

问题 The defects discovered by coverity SA including errors of STLPort, Boost, Qt libs as well, Is there any way to exclude these errors while running cov-build or cov-analyze? 回答1: There are several ways to exclude these libraries. At the highest level, you can choose to exclude them during build or analysis and then there won't be any results for them in the UI, unfortunately that also means that you will not get as complete of a view of your own errors in your own code, since analysis does

问题 I maintain coverity for nanodbc project at https://scan.coverity.com/projects/lexicalunit-nanodbc I also registered new project for nanodbc at https://scan.coverity.com/projects/nanodbc-nanodbc that points to new location of git repository at GitHub. I realised I can rename the old existing project pointing to that new location. I went to Coverity Scan > nanodbc/nanodbc > Project Settings and deleted the project. Yes, there was Delete button - apparently, it is available for projects which

问题 We are catching a Coverity finding CID 156014: Not restoring ostream format (STREAM_FORMAT_STATE) (text below and image at the end). 938 const std::streamsize oldp = cout.precision(6); 5. format_changed: setf changes the format state of std::cout for category floatfield. 939 const std::ios::fmtflags oldf = cout.setf(std::ios::fixed, std::ios::floatfield); 940 cout << " Maurer Randomness Test returned value " << mv << endl; 6. format_changed: precision changes the format state of std::cout for

问题 We use Coverity's free scanning service for free and open source projects. We have not been able to utilize the service for the last two months or so. Prior to the service failures, we had half-a-dozen or so good analysis. Submitting a scan results in: Last Build Status: Failed. Your build has failed due to the following reason. Please fix the error and upload the build again. Error details: :Failed to retrieve tar file Coverity is very good about providing copy/paste directions, and we have