static-code-analysis

问题 Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file? 回答1: You can enable the rule IDE0005 C# Using directive is unnecessary. in the category Style . 回答2: In addition to Udo's answer and this answer, I also needed to uncheck Suppress results from generated code (managed only) which can be found under Properties > Code Analyses . So all in all: Set the Warning Level to 4 for code analyzers to fire. Set rules CS8019

问题 Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file? 回答1: You can enable the rule IDE0005 C# Using directive is unnecessary. in the category Style . 回答2: In addition to Udo's answer and this answer, I also needed to uncheck Suppress results from generated code (managed only) which can be found under Properties > Code Analyses . So all in all: Set the Warning Level to 4 for code analyzers to fire. Set rules CS8019

问题 Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file? 回答1: You can enable the rule IDE0005 C# Using directive is unnecessary. in the category Style . 回答2: In addition to Udo's answer and this answer, I also needed to uncheck Suppress results from generated code (managed only) which can be found under Properties > Code Analyses . So all in all: Set the Warning Level to 4 for code analyzers to fire. Set rules CS8019

问题 Is there any FxCop or StyleCop that warns when there is an using statement that is no longer referenced by any object in the file? 回答1: You can enable the rule IDE0005 C# Using directive is unnecessary. in the category Style . 回答2: In addition to Udo's answer and this answer, I also needed to uncheck Suppress results from generated code (managed only) which can be found under Properties > Code Analyses . So all in all: Set the Warning Level to 4 for code analyzers to fire. Set rules CS8019

问题 We are trying to have our own custom ruleset which we can apply during build process. For this I've created custom rule and custom ruleset but analysis doesn't work however I've tested the rule using Debug--> Start External program and it produced correct xml Already placed rule dll and ruleset inside fxcop rule and ruleset folder Rule XML <?xml version="1.0" encoding="utf-8" ?> <Rules> <Rule TypeName="CustomRule" Category="Performance" CheckId="R001" > <Name>AvoidUsingVirtualMethods</Name>

问题 We are trying to have our own custom ruleset which we can apply during build process. For this I've created custom rule and custom ruleset but analysis doesn't work however I've tested the rule using Debug--> Start External program and it produced correct xml Already placed rule dll and ruleset inside fxcop rule and ruleset folder Rule XML <?xml version="1.0" encoding="utf-8" ?> <Rules> <Rule TypeName="CustomRule" Category="Performance" CheckId="R001" > <Name>AvoidUsingVirtualMethods</Name>

问题 I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething" Then I tried this: @GET @Path("/{x}") public Response doSomething(@PathParam("x")

问题 I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething" Then I tried this: @GET @Path("/{x}") public Response doSomething(@PathParam("x")

问题 PyCharm does not have a built-in support for flake8 at the moment. But, flake8 can be configured to run as an external tool. Sometimes, especially for Python newcomers, not every flake8 warning is understandable and additional clarification is required. We've recently stumbled upon the Flake8Rules project which attempts to describe every single warning in a detailed way with supportive examples. Is there a way to combine PyCharm, flake8 and Flake8Rules altogether to have static code analysis

问题 I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It doesnt give any more explanation than just pointing out the declaration of the password field. private char[] passwordLength; Could anyone help me out here, what more can I look for resolving this? 回答1: Heap Inspection is about sensitive information stored in the machine memory unencrypted, so that if