Add path/flow support for Clang Static Analyzer *.plist reports #1710
Conversation
|
Unfortunately my change "conflicts" with maven-license-plugin plugin. I need the copyright notice preserved as I've submitted this change on behalf of the company that I work for. @guwirth do you know a way to handle this? |
|
Hello @romanek-adam, thanks for providing this PR. This plugin is using the LGPL license which is copyleft. If you are modifying an already existing file you can’t get the copyright. The right way would be to add you (or your company) to the contributor list in the POM file. The resulting work is again under LGPL. Regards, |
romanek-adam
force-pushed
the
clang-static-analyzer-path-support
branch
from
21792fe to
de3449a
Compare
|
@guwirth I wasn't aware of all this, thanks for explaining it. I edited this change and adjusted to your suggestions. |
|
@romanek-adam maybe you can provide some sentences what your PR is doing / is intended to do. |
|
@guwirth, I updated the description of this PR. Regarding the section in pom.xml - I'd rather leave it as is. According to Maven's POM Reference
IMO this is a one-time contribution so I should be considered a contributor rather than a regular developer. |
There was a problem hiding this comment.
@romanek-adam thanks for providing this. Only minor comments. Rest looks good.
cxx-sensors/src/main/java/org/sonar/cxx/sensors/utils/CxxIssuesReportSensor.java
Show resolved
Hide resolved
cxx-sensors/src/main/java/org/sonar/cxx/sensors/utils/CxxIssuesReportSensor.java
Outdated
Show resolved
Hide resolved
|
@romanek-adam please also rebase it. |
romanek-adam
force-pushed
the
clang-static-analyzer-path-support
branch
from
de3449a to
b7e16aa
Compare
Done. |
romanek-adam
force-pushed
the
clang-static-analyzer-path-support
branch
from
b7e16aa to
148b45b
Compare
cxx-sensors/src/main/java/org/sonar/cxx/sensors/utils/CxxIssuesReportSensor.java
Outdated
Show resolved
Hide resolved
|
@romanek-adam please rebase to head you can see it here https://github.com/SonarOpenCommunity/sonar-cxx/network that you were rebasing to an older PR. |
My bad. I'll do that as soon as we agree on the final look of the flow handling code. |
ClangStaticAnalyzer is good at finding issues which involve a certain path in code, with given constraints and values of particular variables. Its HTML reports visualize the full path from the start to the final location, showing all the intermediate steps and the assumptions taken. The path and conditions are very often critical to understand why CSA reports a given issue. Without them one can easily judge CSA for reporting a false positive, while in fact the issue is there, but the conditions are non-obvious. Currently sonar-cxx only reports the final location of a given issue. This PR addresses this shortcoming and closes the gap to CSA's HTML reports. With this PR SonarQube is now able to present the full path to a given issue, which provides similar UX to CSA's HTML reports. Closes SonarOpenCommunity#1707.
romanek-adam
force-pushed
the
clang-static-analyzer-path-support
branch
from
148b45b to
ba4aa66
Compare
|
I'm glad I could contribute. Thanks for merging it. When do you expect v1.3.0 to be released? |
You can download always latest snapshot from here: https://ci.appveyor.com/project/SonarOpenCommunity/sonar-cxx/branch/master/artifacts Final release depends a little bit when other parts are done and how many API changes are in next SQ versions. SQ 7.8 is planned for 29th April, SQ 7.9 for 27th May. So latest end of May... |
ClangStaticAnalyzer is good at finding issues which involve a certain path in code, with given constraints and values of particular variables. Its HTML reports visualize the full path from the start to the final location, showing all the intermediate steps and the assumptions taken. The path and conditions are very often critical to understand why CSA reports a given issue. Without them one can easily judge CSA for reporting a false positive, while in fact the issue is there, but the conditions are non-obvious.
Currently sonar-cxx only reports the final location of a given issue. This PR addresses this shortcoming and closes the gap to CSA's HTML reports. With this PR SonarQube is now able to present the full path to a given issue, which provides similar UX to CSA's HTML reports.
Closes #1707.
This change is