search

microsoft / infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.
MIT License
727 stars 29 forks source link

if there is a memory leak or null pointer found by infer#, a meaningful return type is expected. #141

Open arash-fasihi-snkeos opened 2 years ago

arash-fasihi-snkeos commented 2 years ago

The issue is, Git action for infer# succeeds even though there is a report of error(memory leak) .

xinshiMSFT commented 2 years ago

Thank you! You can now use microsoft/infersharpaction@v1.3.1 and pass in the optional --fail-on-issue flag, for example:

- name: Run Infer#      
  uses: microsoft/infersharpaction@v1.3.1
  id: runinfersharp
  with:
    binary-path: '<path to the binary directory containing .dlls and .pdbs>'
    optional-flags: '--fail-on-issue'

Please keep in mind that if you turn it on, GitHub action will stop running subsequent steps if Infer# reported issues - e.g., uploading the warnings to GitHub Code Scan to be managed, etc.

arash-fasihi-snkeos commented 2 years ago

Thank you very much. It works as I expected!