Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix static analysis warnings by LGTM #4180

Closed
monperrus opened this issue Sep 23, 2021 · 8 comments
Closed

fix static analysis warnings by LGTM #4180

monperrus opened this issue Sep 23, 2021 · 8 comments
Labels
good first issue

Comments

@monperrus
Copy link
Collaborator

FYI, activated static analysis by LGTM, out of curiosity

https://github.com/marketplace/lgtm

Will deactivate if annoying
@monperrus
Copy link
Collaborator Author

monperrus commented Sep 27, 2021
edited
Loading

FYI, the current LGTM report: https://lgtm.com/projects/g/INRIA/spoon?mode=tree&id=java%2Fcontradictory-type-checks%2Cjava%2Fdereferenced-value-may-be-null%2Cjava%2Finconsistent-equals-and-hashcode%2Cjava%2Findex-out-of-bounds%2Cjava%2Foutput-resource-leak%2Cjava%2Funchecked-cast-in-equals%2Cjava%2Funknown-javadoc-parameter%2Cjava%2Funused-container%2Cjava%2Fuseless-type-test%2Cjava%2Fzipslip&tag=external%2Fcwe%2Fcwe-022%2Cexternal%2Fcwe%2Fcwe-193%2Cexternal%2Fcwe%2Fcwe-404%2Cexternal%2Fcwe%2Fcwe-476%2Cexternal%2Fcwe%2Fcwe-561%2Cexternal%2Fcwe%2Fcwe-581%2Cexternal%2Fcwe%2Fcwe-772

1 alert of Arbitrary file write during archive extraction ("Zip Slip")
1 alert of Array index out of bounds in SnippetCompilationHelper.java
2 alerts of Container contents are never accessed across 2 files
2 alerts of Inconsistent equals and hashCode across 2 files
17 alerts of Dereferenced variable may be null across 4 files
2 alerts of Potential output resource leak across 2 files
1 alert of Useless type test i nClassTypingContext.java

@MartinWitt
Copy link
Collaborator

MartinWitt commented Oct 3, 2021
edited
Loading

I created PRs for the following problems:
1 alert of Arbitrary file write during archive extraction ("Zip Slip") #4199
1 alert of Useless type test i nClassTypingContext.java #4196
2 alerts of Potential output resource leak across 2 files #4197
2 alerts of Container contents are never accessed across2 files #4198

PS: Could we add either add hacktoberfest to the topic or create a label hacktoberfest-accepted. Either will let my PRs count for the project.

A repository/project is considered to be participating in Hacktoberfest if the 'hacktoberfest' topic is present and is accepting public contributions via pull requests. An individual pull request can also be opted-in directly by adding the 'hacktoberfest-accepted' label.

@MartinWitt
Copy link
Collaborator

I could fix the rest, but I would leave them as a free Hacktoberfest opportunity for some java starters. If no one fixes them I go back to them in November.

@MartinWitt MartinWitt mentioned this issue Oct 8, 2021
Open
@monperrus
Copy link
Collaborator Author

Nice! Your work is much appreciated.

FYI, it is planned to add support for automatically repairing LGTM warnings in Sorald, see ASSERT-KTH/sorald#607 (maybe a master's thesis topic?)

@monperrus monperrus mentioned this issue Oct 8, 2021
Open
@monperrus monperrus changed the title Static analysis by LGTM fix static analysis warnings by LGTM Oct 28, 2021
@MackieRitz
Copy link

Can i try this one?

@MartinWitt
Copy link
Collaborator

Sure, go ahead.

@monperrus
Copy link
Collaborator Author

Per #4275 (comment) and #4275 (comment) we are now deactivating lgtm.

@slarse
Copy link
Collaborator

slarse commented Nov 24, 2021

So, feels like we should close this as we don't use LGTM anymore.

@slarse slarse closed this as completed Nov 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@monperrus @slarse @MartinWitt @MackieRitz