code-analysis

问题 I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething" Then I tried this: @GET @Path("/{x}") public Response doSomething(@PathParam("x")

问题 I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething" Then I tried this: @GET @Path("/{x}") public Response doSomething(@PathParam("x")

问题 I have the following warning when running a code analysis on my project (which is a Windows Phone 8.1 app): CA1303 Do not pass literals as localized parameters Method 'Common.TranslateError(String)' passes a literal string as parameter 'text' of a call to 'XDocument.Parse(String)'. Retrieve the following string(s) from a resource table instead. This is my method: Public Function TranslateError(ByVal exMessage As String) As XDocument Return XDocument.Parse("<Response><Exception><Message><" &

问题 I'm writing a Roslyn Code Analyzer that I want to identify if an async method does not take a CancellationToken and then suggest a code fix that adds it: //Before Code Fix: public async Task Example(){} //After Code Fix public async Task Example(CancellationToken token){} I've wired up the DiagnosticAnalyzer to correctly report a Diagnostic by inspecting the methodDeclaration.ParameterList.Parameters , but I can't find the Roslyn API for adding a Paramater to the ParameterList inside a

问题 If I run phploc against one of my PHP project (open source) I see this output. phploc 1.6.4 by Sebastian Bergmann. Directories: 3 Files: 33 Lines of Code (LOC): 2358 Cyclomatic Complexity / Lines of Code: 0.08 Comment Lines of Code (CLOC): 903 Non-Comment Lines of Code (NCLOC): 1455 Namespaces: 0 Interfaces: 3 Classes: 28 Abstract: 1 (3.57%) Concrete: 27 (96.43%) Average Class Length (NCLOC): 49 Methods: 149 Scope: Non-Static: 128 (85.91%) Static: 21 (14.09%) Visibility: Public: 103 (69.13%)

问题 If I run phploc against one of my PHP project (open source) I see this output. phploc 1.6.4 by Sebastian Bergmann. Directories: 3 Files: 33 Lines of Code (LOC): 2358 Cyclomatic Complexity / Lines of Code: 0.08 Comment Lines of Code (CLOC): 903 Non-Comment Lines of Code (NCLOC): 1455 Namespaces: 0 Interfaces: 3 Classes: 28 Abstract: 1 (3.57%) Concrete: 27 (96.43%) Average Class Length (NCLOC): 49 Methods: 149 Scope: Non-Static: 128 (85.91%) Static: 21 (14.09%) Visibility: Public: 103 (69.13%)

问题 Partial duplicate of this Notes: I already use JSLint extensively via a tool I wrote that scans in intervals my current project directory for recently updated/created .js files. It's drastically improved productivity for me and I doubt there is anything as good as JSLint for the price (it's free). That said, is there any analysis tool out there that can find repetitive or near-duplicate code blocks, the goal being to make it easier to find opportunities to consolidate large files or small

问题 ...any change? The scenario is this: For our company we develop a standard how code should look. This will be the MS full rule set as it looks now. For some specific projects we may want to turn off specific rules. Simply because for a specific project this is a "known exception". Example? CA1026 - while perfectly ok in most cases, there are 1-2 specific libraries we dont want to change those. We also want to avoid having a custom rule set. OTOH putting in a suppress attribute on every

问题 I have a class property that looks as follows: public List<Recipe> RecipeList { get { return this._recipeList; } set { this._recipeList = value; OnPropertyChanged("RecipeList"); } } In another method I have the following which references the property above. private void RecipeSearch() { this.RecipeList = RecipeManagerService.SearchByUnit(SearchCriteria) .Where(recipe => recipe.IsApproved == true && !recipe.IsHidden).ToList(); } Code Analysis is issuing a CA 2227 warning: Change RecipeList to

问题 I have a class property that looks as follows: public List<Recipe> RecipeList { get { return this._recipeList; } set { this._recipeList = value; OnPropertyChanged("RecipeList"); } } In another method I have the following which references the property above. private void RecipeSearch() { this.RecipeList = RecipeManagerService.SearchByUnit(SearchCriteria) .Where(recipe => recipe.IsApproved == true && !recipe.IsHidden).ToList(); } Code Analysis is issuing a CA 2227 warning: Change RecipeList to