static-code-analysis

The Story and Motivation: We have a rather huge end-to-end Protractor test codebase. Sometimes it happens that a test waits for a specific fix to be implemented - usually as a part of a TDD approach and to demonstrate how a problem is reproduced and what is the intended behavior. What we are currently doing is using Jasmine's pending() with a Jira issue number inside. Example: pending("Missing functionality (AP-1234)", function () { // some testing is done here }); Now, we'd like to know when we can rename the pending() back to it() and run the test. Or, in other words, when the issue AP-1234

How do I find all the unit tests that may directly or indirectly call a given method? When I change a method, I wish to know the best tests to run; there must be a tool for this! As we have lots of interfaces, I am interested in all unit tests that calls a method on an interface when there is at least one path var the implantation method on a class that implements the interface. Or in other words, I want a list of all unit tests when the tool cannot prove the result is not affected by the method I have changed. (We are using nUnit on .net and have lots of slow unit tests, it will be many year

So I'm trying to run a bunch of rules which are defined in a RuleSet. The RuleSet file is actually generated using Sonarqube - I've selected absolutely all rules in there, including the FxCop, ReSharper and StyleCop rules. I'm kicking off FxCop like this: C:/FxCop/FxCopCmd.exe /file:C:\TestProject\bin\TestProject.dll /ruleset:=C:\TestProject\testproject.ruleset /out:C:\TestProject\fxcop-report.xml /outxsl:none /forceoutput /searchgac /aspnet It starts correctly, but I get the following message: Initializing Introspection engine... Analyzing... Initializing Phoenix engine... Analyzing...

I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It doesnt give any more explanation than just pointing out the declaration of the password field. private char[] passwordLength; Could anyone help me out here, what more can I look for resolving this? Heap Inspection is about sensitive information stored in the machine memory unencrypted, so that if an attacker performs a memory dump (for example, the Heartbleed bug), that information is compromised. Thus,

In the Python world there are multiple static code analysis tools that can be easily extended with custom checks via writing plugins or extensions , for example: pylint flake8 In the JavaScript world, as far as I understand, jshint is the number one tool for static code analysis. I've been using it for a while and it definitely helps to find lots of code style violations, but, recently, I've encountered the need to extend jshint with a custom check. How can I do that? Is it extendable? I've looked through the documentation and the only thing I've found is how to write a custom reporter which

I'm working on some C++ code where I have several manager objects with private methods such as void NotifyFooUpdated(); which call the OnFooUpdated() method on the listeners of this object. Note that they don't modify the state of this object, so they could technically be made const methods, even though they typically modify the state of the system as a whole. In particular, the listener objects might call back into this object and modify it. Personally I'd like to leave them as they are and not declare them const . However, our static code checker QAC flags this as a deviation, so I either

I have a maven project generated by Spring Roo and use several tools (checkstyle, pmd etc.) to collect information about my project. (namely I am using codehaus' sonar for this) Roo makes heavy use of AspectJ Inter Type Declarations (ITD) to seperate concerns like persistence, javabeans-getter/setters etc. These ITDs are woven in at compile-time so tools like checkstyle and pmd (who work on source-level) have a lot of false positives. The only solution I currently see, is to deactivate checks for Classes that use ITDs. Any better ideas? This answer would not help you right now, but hopefully