search

microsoft / infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.
MIT License
727 stars 29 forks source link

Update resource leak message line and column number #142

Closed xi-liu-ds closed 1 year ago

xi-liu-ds commented 2 years ago

As described in the title.

xi-liu-ds commented 2 years ago

Why is this correct? What exactly is the pattern you're targeting here? If anything, couldn't this cause issues if the SequencePoints array was empty?

Because Xin found that Guardian bug deduplication feature requires the location of the bug. So the original line/column of resource leaks will give the location of the bug as "{". So instead we can define the line/column of resource leaks as the starting point of the very first line of the method body. This will help bug dedup functionality to work as expected.

xi-liu-ds commented 2 years ago

I have added --guardian flag to trigger this feature. All you need to do is add --guardian flag to your run_infersharp command.