Resource Leaks Descriptive Message For Resource Fields

microsoft / infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.

MIT License

732 stars 29 forks source link

Resource Leaks Descriptive Message For Resource Fields #125

Open matjin opened 2 years ago

matjin commented 2 years ago

Rather than report n$X, we should report "resource created in method X at line Y" -- OCaml backend needs to be modified to use my changes here https://github.com/microsoft/infersharp/pull/110

matjin commented 2 years ago

*Validate that the description appears on inline-allocated resources and modify PR accordingly.

xi-liu-ds commented 2 years ago

Solution provided in this PR

matjin commented 2 years ago

For cases like:

return this.TestObject(X, new StreamReader())

where TestObject has a StreamReader field fieldName -- we end up reporting something like "leak on n$5.fieldName". Add description i.e. "leak on n$5.fieldName allocated at line Y by new StreamReader()"