I'm running PHPStan on a Symfony project where I have the following relation in a Doctrine entity: /** * @ORM\OneToMany(targetEntity="App\Entity\Course\Slide", mappedBy="chapter", cascade={"persi...

I'm getting the following golintci message: testdrive/utils.go:92:16: G110: Potential DoS vulnerability via decompression bomb (gosec) if _, err := io.Copy(targetFile, fileReader); err != nil { ^...

Is there some way to detect the bad usage of bool values in code like #include <stdbool.h> void *foo(void) { return false; } int bar(void) { return true; } Both functions are accepted ...

My pom.xml is messy, having collected cruft over time. Is there any automated way to "clean up" a pom? Like a linter but for maven. In IntelliJ I can run Analyze > Inspect Code and get...

Is there any way to disable certain metrics from selected packages in Sonar? I use Sonar to analyze my project and in Entity and DTO packages I have some code that is equal - the same field ID with...

I have placed all python project sources in a single folder. Running the following pylint only seems to be looking and analyzing for duplicates within each source file and not across all which is w...

Can impact analysis be done in Eclipse? If there are a few classes and methods that need to be changed, finding the impact of that change on rest of the application code (other classes and methods)...

I have several sections with the same name but inside different parent sections: # Page title ## Section A ### Examples ## Section B ### Examples markdownlint linter gives me this warning: MD...

When formatting and auto fixing "linting" errors in C# files in VSCode it seems to discard my unused variables. Basically it puts _ = in front of everything. It does this because csharp_s...

I want to share configuration of linter (flake8, pylint, whatever) between multiple python projects. I researched this topic a bit and didn't find any suitable solution except for https://pypi.org...

I want to use dart format to format dart code, but my team uses custom format rules – such as line length of 120 characters and a few other things. Currently, code is formatted using settings in th...

I'm working on an embedded system and while analyzing the binary with nm I find a lot of symbols from standard library functions such as: 00001524 std::time_get<char, std::istreambuf_iterator&lt...

I've created a pair of functions: void destroy_foo(void *ptr); void *create_foo(void); As the names suggest, these function akin to malloc and free. I'd like to use the malloc gcc function attribu...

I was reading the lifetimes chapter of the Rust book, and I came across this example for a named/explicit lifetime: struct Foo<'a> { x: &'a i32, } fn main() { let x; // -+ x goes into...

I am new to Pylint, and when I run it against my script, I get this output: C: 50, 0: Trailing newlines (trailing-newlines) Here, Pylint is saying that it is bad to have a final newline. I like t...

I am using Visual Studio 2012, with a SQL database project and running database analysis against this database and it is raising the following warning: WITH CHECK | NOCHECK OPTION FOR EXISTING DATA...

I'm trying to generate a calling graph with which to find out all the possible execution paths that are hitting a particular function (so that I don't have to figure out all the paths manually, as ...

I'm trying to integrate clang-tidy with cmake, but there are some files that belong to a particular target which I would like to ignore. Is there any way to make clang-tidy to ignore files under c...

I'm working on a project in Intellij Ultimate 14. I'm not looking to do a live debugging of the application to trace calls. The time it would take to follow all code paths would be insane. I'm hopi...

I'm looking for a Static Application Security Testing (SAST) tool and I can't afford the commercial products (eg. Checkmarx). SonarQube is a great static code analysis tool but I notice that ther...

In Visual studio 2022, can you setup a solution wide .editorconfig file and and then project specific .editorconfig files that override or add to the solution wide one? In my case, I am looking to ...

After some effort, I convinced both the clang compiler and clang-tidy (static analyzer) to warn of a use-after-move situation. (see https://stackoverflow.com/a/74250567/225186) int main(int, char**...

Since employing ccache on our CI server, we find that the bottleneck in terms of build time is now our static analysis pass, that uses clang-tidy, among other tools. Does anyone know of a way to ac...

The clang-tidy static analyzer detects uses of variables after being moved. class a_class { std::unique_ptr<int> p_; public: auto p() -> auto& {return p_;} void f() const {} }; in...

I've been working on a large C++ program and I forgot to add my usual list of compiler flags/warnings when working on a C project. After enabling the -fanalyzer flag, I began to get a lot of "...