{{ message }}
A static analyzer for Java, C, C++, and Objective-C
There are some annoying warnings when building the documentation site:
$ antora --pull antora-playbook.yml
asciidoctor: WARNING: skipping reference to missing attribute: 1
asciidoctor: WARNING: skipping reference to missing attribute: 3
asciidoctor: WARNING: skipping reference to missing attribute: word
asciidoctor: WARNING: skipping reference to missing attribute: word
asciidoctor: W
PHP Static Analysis Tool - discover bugs in your code without running it!
A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Golang security checker
Describe the bug
I expect metavariables between backticks to work in JavaScript:
$ semgrep --lang js -e '`$A`'
ran 1 rules on 1 files: 0 findings
I expect this to match the following:
`test`;
Priority
How important is this to you?
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Many repositories need to fix, so please help if you like.
If you could help, it would be helpful if you could comment before starting the work not to overlapping.
Run exit command after lint.
echo '::group:: Running golangci-lint with reviewdog 🐶 ...'
goIt's not just a linter that annoys you!
Affects PMD Version: 6.30.0-SNAPSHOT
Rule: UselessOverridingMethod
Description:
Note: There seems to be a difference when having the class in the auxclasspath or not (typeresolution).
Code Sample demonstrating the issue:
Describe the bug
In the docs found here:
https://bandit.readthedocs.io/en/latest/plugins/index.html#complete-test-plugin-listing
B109 and B111 show a description instead of a plugin name. This looks inconsistent since all the other plugin names are listed. I believe this is a result of a recent change to remove these deprecated plugins.
To Reproduce
e.g.
# map.py
def func(a: int) -> float:
return float(a)
map(func, ['str'])$ pytype map.py
Computing dependencies
Analyzing 1 sources with 0 local dependencies
ninja: Entering directory `/[redacted]/.pytype'
ninja: no work to do.
Success: no errors foundwhile
$ mypy map.py
map.py:5: error: Argument 1 to "map" has incompatible type "Ca
This file is enormous. Also, breaking it up will make running tests faster since Gradle can run separate test classes in parallel.
With the new model-property type and ModelPropertyRule Larastan now has the ability to check the existence of model columns that are given to a method.
Adding the model-property type to the Laravel's core methods are done with the help of PHPstan stubs. Some [examples](https://github.com/nunomaduro/larastan/blob/master/stubs/Elo
This pollutes build logs with a message that users won't care about. Please lower this to debug level.
Workaround: Add -Dorg.slf4j.simpleLogger.log.edu.umd.cs.findbugs.ExitCodes=error to the JVM running Spotbugs.
Static analysis for Angular projects.
Code Climate CLI
ESLint Config for JavaScript Standard Style
I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue
Let me know if you would like any help in implementing.
Manage translation and localization with static analysis, for Ruby i18n
A static analysis tool for securing Go code
flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
Justification
It's much more common to see the code below:
Public Sub Foo()
Dim i, j, k As Long
'code
End Subthan it is to see:
Public Sub Foo()
Dim i As Long, j As Long, k As Long
'code
End SubThis is a very common pitfall. Example code in a MultipleDeclarations inspect
Kubernetes object analysis with recommendations for improved reliability and security
A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)
A static code analyzer for C++, C#, Lua
Add a description, image, and links to the static-code-analysis topic page so that developers can more easily learn about it.
To associate your repository with the static-code-analysis topic, visit your repo's landing page and select "manage topics."
Please describe what the rule should do:
Starting V8 v.9.3,
Object.prototype.hasOwnProperty.callcan be replaced with an alias/syntax sugarObject.hasOwn, which is much more read-friendly. Further information: https://v8.dev/features/object-has-ownWhat new ECMAScript feature does this rule relate to?
Promoting using of an alias/syntax sugar
Object.hasOwninstead of `Object.prot