Closed langweg closed 6 years ago
We're going to have a meeting with Felix on Tuesday, July 24th to perform the analyses. The results will be uploaded here.
The first static analysis is finished 🎉 :
We will now go through all the problems, categorize them accordingly and fix the ones considered as errors.
There is now a PR which addresses issues found by both tools here. And a point-by-point analysis of the issues:
sorted by file on result website:
CageChooserForm.cs:
CageConfiguratorForm.cs:
CageDesktop.cpp:
operator<<
throws I'm willing to accept an application termination (throw lists are deprecated, alternative(?): surround all std::cout calls with try-catch). Addition: This will be removed as soon as we have an logging framework.CageLabeler.cpp:
CageManager.cpp:
FullWorkArea.cpp:
SecuritySetup.cpp:
CageService.cpp:
CageServiceMain.cpp:
tokenLib.cpp:
CloseHandle
does not even accept HMODULE
)Microsoft (VC++), asio and json.hpp stuff: ignore for now, library code
Have you considered adding Coverity/Fortify to our CI system? (Not sure about appveyor, but some CI systems support running static analysis automatically with each build)
I don't think we would be able to use Coverty / Fortify for this (they are not free and we don't have a personal / student license, we were just able to run them on a specific computer at the HTWG). We can think about some other tool, though. :+1:
Actually, Coverity is free for open source projects... If the comply to the list of this requirenments:
https://scan.coverity.com/faq#how-get-project-included-in-scan
Nice 👍 created an issue #98 I had some bad info then. It was probably a misunderstanding and only Fortify needs a paid-for license
The code should be checked for typical programming errors and omissions. To this end, static analysis tools could be used. Get in touch with Felix Schuckert (F-001) to discuss under what conditions the use of industry-grade tools is possible that we have at hand for teaching purposes.