Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove vulnerabilities #1600

Merged
merged 2 commits into from
Nov 26, 2018
Merged

remove vulnerabilities #1600

merged 2 commits into from
Nov 26, 2018

Conversation

guwirth
Copy link
Collaborator

@guwirth guwirth commented Nov 25, 2018
edited by SonarOpenCommunityAdmin
Loading

  • and some more issues

This change is Reviewable

@guwirth
remove vulnerabilities
4c29eae 
- and some more issues
@guwirth guwirth added this to the 1.2.1 milestone Nov 25, 2018
@guwirth guwirth self-assigned this Nov 25, 2018
@guwirth guwirth requested review from Bertk and ivangalkin November 25, 2018 14:13
ivangalkin
ivangalkin approved these changes Nov 25, 2018
View reviewed changes
Copy link
Contributor

@ivangalkin ivangalkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 66 of 66 files at r1.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @guwirth and @Bertk)

cxx-checks/src/main/java/org/sonar/cxx/checks/regex/FileHeaderCheck.java, line 114 at r1 (raw file):

Files.readLines

off-topic: this check could be improved. If we want to check the presence of N expected header lines (where N == expectedLines.length) , we don't have to read the whole file. It's enough to (try to) read N first lines only.

cxx-sensors/src/main/java/org/sonar/cxx/sensors/utils/CxxUtils.java, line 62 at r1 (raw file):

  public static void transformFile(Source stylesheetFile, File input, File output) throws TransformerException {
    TransformerFactory factory = TransformerFactory.newInstance();
    factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

I think this change is worth mentioning explicitly in the change log. It might introduce issues during migration from 1.2 to 1.2.1

cxx-sensors/src/main/java/org/sonar/cxx/sensors/visitors/CxxFileLinesVisitor.java, line 60 at r1 (raw file):

 private static final Set<Integer> LINES_OF_CODE = Sets.newHashSet();
  private static final Set<Integer> LINES_OF_COMMENTS = Sets.newHashSet();
  private static final Set<Integer> EXECUTABLE_LINES = Sets.newHashSet();

It's wrong to have this collections static. They have to be just normal member variables. Therefore the uppercase is not necessary here in the long term.

cxx-sensors/src/main/java/org/sonar/cxx/sensors/visitors/CxxFileLinesVisitor.java, line 187 at r1 (raw file):

  @Override
  public void visitFile(AstNode astNode) {

as you see, collections are resetted for each analyzed file. It would be wrong to aggregate any results in the visitors - calculation engine does it automatically by itself.

cxx-squid/src/main/java/org/sonar/cxx/CxxAstScanner.java, line 245 at r1 (raw file):

    int lenOfA = a.length();
    int lenOfB = b.length();
    int minIntersectionLen = min(lenOfB, lenOfA);

thx!

@guwirth
Copy link
Collaborator Author

guwirth commented Nov 26, 2018

@ivangalkin thx will add your review comments to another PR.

@guwirth guwirth merged commit 223acac into SonarOpenCommunity:master Nov 26, 2018
@guwirth guwirth mentioned this pull request Dec 21, 2018
Closed
@guwirth guwirth deleted the fix-121-vulnerabilities branch December 27, 2018 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivangalkin ivangalkin ivangalkin approved these changes

@Bertk Bertk Awaiting requested review from Bertk

Assignees

@guwirth guwirth

Labels
enhancement
Milestone
1.2.1
Development

Successfully merging this pull request may close these issues.
2 participants
@guwirth @ivangalkin