Everyone who runs the static analyzer on a project for the first time is slightly shocked by hundreds, thousands or even tens of thousands of warnings. It may be frustrating. Is my code so terrible? Or is the analyzer lying? In any case, filtering by the severity changes the situation, not completely though. That's why we thought about how we could improve the first experience with the analyzer. Let me show you the new feature step by step...
On the stackoverflow.com website, we frequently see questions about how to look for bugs of a certain type. We know that PVS-Studio can solve the problem. Unfortunately, we have to keep silent. Otherwise, StackOverflow moderators may consider it as an obvious attempt to promote our product. This article describes a particular case of such a situation that makes us suffer deeply.
The OWASP Top Ten 2017 category A9 (which became A6 in OWASP Top Ten 2021) is dedicated to using components with known vulnerabilities. To cover this category in PVS-Studio, developers have to turn the analyzer into a full SCA solution. How will the analyzer look for vulnerabilities in the components used? What is SCA? Let's try to find the answers in this article!
This article covers the new version of the C# language - C# 10. Compared to C# 9, C# 10 includes a short list of enhancements. Below we described the enhancements and added explanatory code fragments. Let's look at them.
Modern applications have lots of code. And the C++ language doesn't get easier. Nowadays, code reviews are not enough to fully analyze program code. Here's where static code analysis comes in.
We are actively developing the PVS-Studio static analysis tool towards detecting Safety and Security-related errors. To be more precise, we've expanded the coverage of the MISRA C:2012 and OWASP ASVS standards. We have supported the MISRA Compliance 2020 standard. One of the more extraordinary innovations is the Best Warnings display mode. This mode displays the most significant (meaningful) warnings and can be useful when you are just starting out with the analyzer.
Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.
Nothing and nobody will escape oblivion. Whatever you may say, the history of mankind is a history of automation and the subsequent evolution of workers. This happened both during the first industrial revolution and during the second. The same thing happened with digital revolution. Now machine learning and artificial intelligence are being implemented everywhere. What is the future of software testing?
For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.
In May 2021, CppCast recorded a podcast called ABI stability (CppCast #300). In this podcast, Marshall Clow and the hosts discussed rather old news — Visual Studio compilers support the AddressSantitzer tool. We have already integrated ASan into our testing system a long time ago. Now we want to tell you about a couple of interesting errors it found.
After you read this article, you'll have the knowledge to create your own static analyzer for C#. With the help of the analyzer, you can find potential errors and vulnerabilities in the source code of your own and other projects. Are you intrigued? Well, let's get started.
A couple of years ago the PVS-Studio analyzer got its first diagnostic rules to check program code compliance with the MISRA C and MISRA C++ standards. We collected feedback and saw that our clients were interested in using the analyzer to check their projects for MISRA compliance. So, we decided to further develop the analyzer in this direction. The article covers the MISRA C/C++ standard and the MISRA Compliance report. It also shows what we already managed to do and what we plan to achieve by the end of the year.
In April 2021 Microsoft announced a new version of its IDE – Visual Studio 2022 – while also announcing that the IDE would be 64-bit. We've been waiting for this for so long – no more 4 GB memory limitations! However, as it turned out, it's not all that simple...
If you are strongly interested in MISRA and would like to understand whether your project meets one of the MISRA association's standards, there is a solution. It's name is MISRA Compliance. PVS-Studio has recently learned how to generate the MISRA Compliance report. This article describes how you can use this feature. This can make somebody's life better.
Not everyone enjoys working in support. Many people who work there experience burnout. So maybe companies shouldn't have any support at all? How do they benefit from it? Is there a way to prevent burnout while working in support? Let's try to find the answers.
On August 25th, 2021, the Linux kernel celebrated its 30th anniversary. Since then, it's changed a lot. We changed too. Nowadays, the Linux kernel is a huge project used by millions. We checked the kernel 5 years ago. So, we can't miss this event and want to look at the code of this epic project again.
XSS - or cross-site scripting - is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let's figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we're at it, we'll talk about ways you can protect yourself from XSS.
With the .NET5 release further development of some projects was questionable due to the complexity of porting. One can abandon small outdated libraries or find a replacement. But it's hard to throw away Microsoft.Office.Interop.Word.dll. Microsoft doesn't plan to add compatibility with .NET Core/5+, so in this article we focus on creating Word files with Open XML SDK.
PHP is widely known as an interpreted programming language used mainly for website development. However, few people know that PHP also has a compiler to .NET – PeachPie. But how well is it made? Will the static analyzer be able to find actual bugs in this compiler? Let's find out!
The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer's infrastructure. This time we added the plugin for JetBrains CLion. Moreover, we introduced intermodular analysis of C++ projects and speeded up the C# analyzer core.