Stack Overflow
Stack Overflow

Questions tagged [static-code-analysis]

Static code analysis is the analysis of computer software that is performed without actually executing it.

According to Wikipedia, Static code analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as ). In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object (byte) code. The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension or .

510 questions
36
votes
2 answers

Automated docstring and comments spell check

Consider the following sample code: # -*- coding: utf-8 -*- """Test module.""" def test(): """Tets function""" return 10 pylint gives it 10 of 10, flake8 doesn't find any warnings: $ pylint test.py ... Global…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
35
votes
3 answers

Rulesets for cppcheck

Cppcheck allows you to create your own rules files, but I don't know how much of cppcheck's functionality is exposed. Is anyone working on a set that would enforce JSF or MISRA rules?
Martin Beckett
  • 94,801
  • 28
  • 188
  • 263
29
votes
5 answers

Descriptive flake8 errors in PyCharm

PyCharm does not have a built-in support for flake8 at the moment. But, flake8 can be configured to run as an external tool. Sometimes, especially for Python newcomers, not every flake8 warning is understandable and additional clarification is…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
26
votes
3 answers

Creating a visual call graph for java projects from command line

I'm looking to create a callgraph for java projects from the command line. I have explored several projects, each time falling short (either in my understanding, or the functionality) of what I am aiming for. Some simple guidelines on how to do this…
ThePerson
  • 3,048
  • 8
  • 43
  • 69
24
votes
4 answers

Lint-like program for Perl?

I'm looking for a lint for Perl, something that would catch dead code and other potential problems. Any suggestions? I have use strict; use warnings; already but I'd like to have more.
Charles
  • 11,269
  • 13
  • 67
  • 105
24
votes
1 answer

Extending multiple recommended configurations in ESLint

The Story: Currently, we are extending the recommended ESLint configuration: { "extends": "eslint:recommended", ... "plugins": [ "angular", "jasmine", "protractor" ], "rules": { "no-multiple-empty-lines": 2, …
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
23
votes
3 answers

Error in FxCop Phoenix analysis engine

So I'm trying to run a bunch of rules which are defined in a RuleSet. The RuleSet file is actually generated using Sonarqube - I've selected absolutely all rules in there, including the FxCop, ReSharper and StyleCop rules. I'm kicking off FxCop like…
Trayek
  • 4,410
  • 3
  • 24
  • 39
20
votes
2 answers

How do I download and install lint?

Does anyone know how to obtain lint for Mac, Windows, and Linux? sudo port install lint can't find it.
mcandre
  • 22,868
  • 20
  • 88
  • 147
16
votes
2 answers

How to sanitize and validate user input to pass a Checkmarx scan

I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx…
cahen
  • 15,807
  • 13
  • 47
  • 78
16
votes
1 answer

How do I specify a ruleset from MSBuild

After upgrading to VS 2010 MSBUILD /p:RunCodeAnalysis=true does not work as expected msbuild solution.sln /p:RunCodeAnalysis=true To get faster builds we removed the CODE_ANALYSIS constant for the DEBUG build. But that means thet when running the…
Thomas Jespersen
  • 11,493
  • 14
  • 47
  • 55
16
votes
1 answer

Pylint: Avoid checking INSIDE DOCSTRINGS (global directive / rcfile)

Consider this piece of code: def test(): """This line is longer than 80 chars, but, for me this is ok inside a DOCSTRING, this one is shorter. """ if 'This is toooooooooooooooooooooooooooooooooooo longggggggggggggggggggggggg': …
Juan Diego Godoy Robles
  • 14,447
  • 2
  • 38
  • 52
16
votes
1 answer

Auto-import doesn't follow PEP8

Consider the following code: from bs4 import BeautifulSoup data = "test text" soup = BeautifulSoup(data) print(soup.find(text=re.compile(r'test$'))) It is missing an import re line and would fail with a NameError without it. Now, I'm…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
15
votes
2 answers

How to find C++ spurious copy operations?

Recently, I had the following struct data { std::vector V; }; data get_vector(int n) { std::vector V(n,0); return {V}; } The problem with this code is that when the struct is created a copy occurs and the solution is instead to…
Mathieu Dutour Sikiric
  • 534
  • 4
  • 14
15
votes
4 answers

Writing a R lint program

When I program in python, I find using pylint very useful. However, when I program in R, there is nothing comparable. As a small side project, I thought it would be fun to try and write a small lint program. Nothing too fancy, something along the…
csgillespie
  • 59,189
  • 14
  • 150
  • 185
15
votes
4 answers

Detecting incorrect assertion methods

During one of the recent code reviews, I've stumbled upon the problem that was not immediately easy to spot - there was assertTrue() used instead of assertEqual() that basically resulted into a test that was testing nothing. Here is a simplified…
alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
1
2 3
33 34