search

pumasecurity / puma-scan

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
https://www.pumascan.com
Mozilla Public License 2.0
446 stars 80 forks source link

VS2017: Hanging analysis on simple project #39

Closed AndreyAspose closed 6 years ago

AndreyAspose commented 6 years ago

I have VS 2017 Community. I installed Puma Scan as extension and also performed NuGet command specified here (without this command analysis failed with CA0064: No analysis was performed because the specified rule set could not be loaded or did not contain any managed code analysis rules): PM > Get-Project -All | Install-Package Puma.Security.Rules

Now the analysis is hanging (that is, not returning for 3+ hours) on very simple project WebGoat. Looking at task manager, I see csc.exe and devenv.exe taking ~25% each all the time. I run analysis via Analyze -> Run Code ANalysis on Solution. WIthout Puma (default rules only) this works fine.

Please let me know what other info I need to provide if any to troubleshoot this.

AndreyAspose commented 6 years ago

I've run from command line and it is also hanging:

"E:\DevTools\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\MSBuild.exe" WebGoat.NET.sln /t:Clean,Build /p:RunCodeAnalysis=true

hang.log

ejohn20 commented 6 years ago

Thanks for reporting this, I wasn't aware WebGoat.NET was even in the mix anymore. Thought that project died years ago. I suspect this is related to #38 as the code in that project looks very similar.

ejohn20 commented 6 years ago

Fixed in 1.0.7