static-code-analysis

What is the static analysis rule to warn about unused using statements?

落花浮王杯 提交于 2021-02-09 07:16:21
问题 Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file? 回答1: You can enable the rule IDE0005 C# Using directive is unnecessary. in the category Style . 回答2: In addition to Udo's answer and this answer, I also needed to uncheck Suppress results from generated code (managed only) which can be found under Properties > Code Analyses . So all in all: Set the Warning Level to 4 for code analyzers to fire. Set rules CS8019

What is the static analysis rule to warn about unused using statements?

强颜欢笑 提交于 2021-02-09 07:13:24
问题 Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file? 回答1: You can enable the rule IDE0005 C# Using directive is unnecessary. in the category Style . 回答2: In addition to Udo's answer and this answer, I also needed to uncheck Suppress results from generated code (managed only) which can be found under Properties > Code Analyses . So all in all: Set the Warning Level to 4 for code analyzers to fire. Set rules CS8019

What is the static analysis rule to warn about unused using statements?

时光毁灭记忆、已成空白 提交于 2021-02-09 07:13:22
问题 Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file? 回答1: You can enable the rule IDE0005 C# Using directive is unnecessary. in the category Style . 回答2: In addition to Udo's answer and this answer, I also needed to uncheck Suppress results from generated code (managed only) which can be found under Properties > Code Analyses . So all in all: Set the Warning Level to 4 for code analyzers to fire. Set rules CS8019

What is the static analysis rule to warn about unused using statements?

北城余情 提交于 2021-02-09 07:10:59
问题 Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file? 回答1: You can enable the rule IDE0005 C# Using directive is unnecessary. in the category Style . 回答2: In addition to Udo's answer and this answer, I also needed to uncheck Suppress results from generated code (managed only) which can be found under Properties > Code Analyses . So all in all: Set the Warning Level to 4 for code analyzers to fire. Set rules CS8019

Static code analysis not working for custom ruleset

本小妞迷上赌 提交于 2021-01-07 06:37:44
问题 We are trying to have our own custom ruleset which we can apply during build process. For this I've created custom rule and custom ruleset but analysis doesn't work however I've tested the rule using Debug--> Start External program and it produced correct xml Already placed rule dll and ruleset inside fxcop rule and ruleset folder Rule XML <?xml version="1.0" encoding="utf-8" ?> <Rules> <Rule TypeName="CustomRule" Category="Performance" CheckId="R001" > <Name>AvoidUsingVirtualMethods</Name>

Static code analysis not working for custom ruleset

痞子三分冷 提交于 2021-01-07 06:33:22
问题 We are trying to have our own custom ruleset which we can apply during build process. For this I've created custom rule and custom ruleset but analysis doesn't work however I've tested the rule using Debug--> Start External program and it produced correct xml Already placed rule dll and ruleset inside fxcop rule and ruleset folder Rule XML <?xml version="1.0" encoding="utf-8" ?> <Rules> <Rule TypeName="CustomRule" Category="Performance" CheckId="R001" > <Name>AvoidUsingVirtualMethods</Name>

How to sanitize and validate user input to pass a Checkmarx scan

自古美人都是妖i 提交于 2020-06-11 20:12:12
问题 I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething" Then I tried this: @GET @Path("/{x}") public Response doSomething(@PathParam("x")

How to sanitize and validate user input to pass a Checkmarx scan

与世无争的帅哥 提交于 2020-06-11 20:12:08
问题 I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething" Then I tried this: @GET @Path("/{x}") public Response doSomething(@PathParam("x")

Descriptive flake8 errors in PyCharm

我是研究僧i 提交于 2020-06-09 17:06:30
问题 PyCharm does not have a built-in support for flake8 at the moment. But, flake8 can be configured to run as an external tool. Sometimes, especially for Python newcomers, not every flake8 warning is understandable and additional clarification is required. We've recently stumbled upon the Flake8Rules project which attempts to describe every single warning in a detailed way with supportive examples. Is there a way to combine PyCharm, flake8 and Flake8Rules altogether to have static code analysis

Heap Inspection Security Vulnerability

拟墨画扇 提交于 2020-01-12 14:37:18
问题 I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It doesnt give any more explanation than just pointing out the declaration of the password field. private char[] passwordLength; Could anyone help me out here, what more can I look for resolving this? 回答1: Heap Inspection is about sensitive information stored in the machine memory unencrypted, so that if