6.25.0
π Highlights
Guideline Statistics page under the statistics tab to generate SEI Cert and CWE Top 25 Compliance reports
A new Guideline Statistics page is added under the statistics tab to generate SEI Cert Compliance reports.
This page shows the compliance of an analyzed program to a coding guideline (such as SEI Cert C/C++) . It shows all checkers corresponding to a guideline rule, their configuration status (on/off) and all outstanding and closed reports per guideline rule.
It is possible to generate the table into HTML and CSV format.
The first supported guidelines are SEI Cert C and C++ and CWE Top 25
Facebook Infer as a new C/C++ analyzer plugin
Besides clang-tidy, clang static analyzer, cppcheck and gcc, Facebook Infer is a well known open-source static code analyzer tool https://github.com/facebook/infer
CodeChecker will support executing this analyzer. It will not be enabled by default, but is available for testing.
PVS Studio report conversion
From now on, it will be possible to convert the reports of the https://pvs-studio.com/en/pvs-studio/ analyzer and handle them with CodeChecker.
PVS-Studio Static Code Analyzer support by @feeelin in #4356
β Backward incompatible changes
- Resolve checker enable/disable ambiguity by @noraz31 in #4377 and by @cservakt in #4392
CodeChecker analyze emits an error (instead of a warning) when the enabled checkers/profiles/checker prefix groups are given ambiguously. In these cases the ambiguity must be resolved. For exampleCodeChecker analyze -e securitycommand is ambiguous assecurityis a checker group (all checkers starting withsecurity.and a profile at the same time. Please define explicitlyCodeChecker -e prefix:securityif you mean the prefix group, orprofile:securityif you mean the security profile.
CodeChecker -e clang-diagnostic-format will give an error, because it is ambiguous if the user means the clang-diagnostic-format single checker, or all checkers starting with clang-diagnostic-format. To refer the former, the user must user checker:clang-diagnostic-format or to the latter prefix:clang-diagnostic-format.
If you have such clashing cases, you must resolve them. The following namespaces can be used
prefix: - to mach checkers starting with a prefix
profile: - to match a checker profile
checker: - to match a single checker
guideline: - to match checkers belonging to a guideline
severity: - to match checkers belonging to a given severity.
-
The skip file handling changed! Adding a --drop-reports-from-skipped-files parameter to analyze by @dkrupp in #4332
After this patch, the skip files will only skip the analysis of the listed files, but will not filter out any reports. This may result in more reports than before.
By default CodeChecker used to filter out all reports from files which were on the skip list. This can hide true positive reports starting from unskipped code and ending in skipped files (typical with CTU and header related findings).
This patch removes the default report filtering post processing step from CodeChecker analyze --skip SKIPFILE operation.
The legacy functionality is still available with the --drop-reports-from-skipped-files parameter. -
guideline:sei-certcannot be used anymore. The sei-cert guideline profile was split toguideline:sei-cert-cfor the C guideline andguideline:sei-cert-cppfor the C++ guideline. #4400 -
CodeChecker -e W*syntax is not supported anymore. Clang warnings only appear asclang-diagnostic-*checkers and they can be enabled using the standard checker checker on/off mechanism e.g.CodeChecker analyze -e clang-diagnostic-unused-function -
The
--saargs,--tidyargsand--cppcheckargsflags are now deprecated. The corresponding analyzer configuration option should be used instead, e.g.--analyzer-config clangsa:cc-verbatim-args-file=<filename>. The old flags are still working, but will be converted to the new form under the hood.
π Analyzer improvements
- [fix] Resolve checker enable/disable ambiguity #4392
- [fix] Don't capture cc1 by the logger. by @bruntib in #4300
- Add -mmitigate-rop to ignored options by @noraz31 in #4295
- Removing alpha checkers from the security profile so it can be used in production by @dkrupp in #4284
- [analyzer] Adds -fno-freestanding to ignored GCC compiler flags by @ArchieAtkinson in #4281
- [analyzer] Disable clang-diagnostic-error checker by @cservakt in #4325
- [analyzer] Ignore
-fno-printf-return-valueby @pdgendt in #4329 - [anayzer] Fb infer by @stt08 in #4257
- [feat] Introduce cc-verbatim-args-file @bruntib #4456
π» CLI/Server improvements
- Fix trim-path-prefix functionality in HTML export by @dkrupp #4387
- Automatic addition of database before connecting to it by @feyruzb #4316
- Resolve paths when blaming files by @tomhughes #4357
- Fix the endpoint parsing issue by @dkrupp in 8953b30
- Removing the root user creation by @dkrupp in 3bb2cbf
- [feat] Adding report annotation for json export by @cservakt in #4380
- [fix] Get product configuration with view permission by @bruntib in #4375
- CodeChecker authentication fixed by @dkrupp in #4369
- [fix] Forwarding --ctu-ast-mode to analyze command by @bruntib in #4341
- [fix] Better SQL SELECT instead of a timeout query by @bruntib in #4363
- Speeding up store by removing nested query by @dkrupp in #4358
- Environment initialization for binaries by @dkrupp in #4337
- [fix] Missing analyzer error by @cservakt in #4330
- [fix] Don't reset PATH in Cppcheck plugin by @bruntib in #4320
- [feat] Implicit include paths added with -idirafter by @bruntib in #4315
- Revert "[analyzer] Use absolute path to logger.so in LD_PRELOAD" by @dkrupp in #4314
- [cmd] Checker name prefixes are meant along separator characters by @bruntib in #4311
- [fix] Support joker characters at annotation filter by @bruntib in #4306
- Analyzer binary dependent environment by @dkrupp in #4305
- [fix] Minor fixing for statistics tabs by @cservakt in #4304
- [fix] Don't enable checkers by suffix by @bruntib in #4307
- [Fix] Report sorting in unique mode by @cservakt in #4294
- [fix] Error when debug logging skipped actions by @bruntib in #4301
π³ Environment
- PVS-Studio Static Code Analyzer support by @feeelin in #4356
- Bump webpack from 5.91.0 to 5.94.0 in /web/server/vue-cli by @dependabot in #4334
- [cfg] Add setuptools as a dependency by @bruntib in #4285
- Deprecate distutils by @EinarArnason in #4286
- Bump urllib3 from 2.2.1 to 2.2.2 in /scripts/labels/label_tool by @dependabot in #4290
- [cfg] Upgrade to pylint 3.2.4 by @bruntib in #4279
- [cfg] Upgrade lxml version by @bruntib in #4262
- Bump follow-redirects from 1.15.4 to 1.15.6 in /web/server/vue-cli by @dependabot in #4192
π Documentation updates
- Modified documentation to match current procedures for changing schema by @feyruzb in #4366
- chore: Remove ancient, unused
docs/checker_docs.mdby @whisperity in #4283 - additional library was required for venv_dev by @stt08 in #4273
π¨ Other
- [cfg] Add info for new unix.Chroot Checker by @vabridgers #4391
- Add test for Disable clang-diagnostic-error checker #4325 by @noraz31 in #4339
- Github Actions: stop previous jobs when a new one was pushed by @stt08 in #4351
- Bring code borrowed from
http.serverin sync with upstream by @Discookie in #4379 - [test] Fix test with new clang version by @bruntib in #4382
- [cmd] Display warning instead of debug log for missing diagtool by @bruntib in #4342
- [test] The assertDictContainsSubset() is depreceted and removed by @bruntib in #4322
- [fix] fix compare_results.py sciprt by @bruntib in #4319
- [script] Script for querying all reports by @bruntib in #4245
- chore(config): Apply invariant fixes from
label-toolby @whisperity in #4291 - [cfg] Upgrade pycodestyle to 2.12.0 by @bruntib in #4264
- [version] Bump up version 6.25.0 by @bruntib in #4263
- Highlight page added for CodeChecker 6.24.0 by @dkrupp in #4260
- [feat] Adding rule title column for Guideline stat @cservakt #4475
- [fix] CodeChecker checkers --label option:value doesn't list checkers @bruntib #4471
- Add CWE Top 25 guideline @noraz31 #4467
New Contributors
- @ArchieAtkinson made their first contribution in #4281
- @EinarArnason made their first contribution in #4286
- @pdgendt made their first contribution in #4329
- @stt08 made their first contribution in #4351
- @feeelin made their first contribution in #4356
- @Discookie made their first contribution in #4379
Full Changelog: v6.24.4...v6.25.0
What's Changed
- Update lxml to 5.3.0 by @totocaca123 in #4410
- [fix] Show available checker configs in all cases by @noraz31 in #4407
- [test] Add tests for different report hashes by @bruntib in #4412
- Bump express from 4.19.2 to 4.21.2 in /web/server/vue-cli by @dependabot in #4418
- [doc] Add sarif to setup.py by @jstevens176 in #4396
- [feat][server] Logging: show package schema revision on startup by @jstevens176 in #4398
- Bump axios from 1.6.8 to 1.7.9 in /web/server/vue-cli by @dependabot in #4420
- [fix] Validate checkers ordered with "checker" prefix by @noraz31 in #4409
- Bump braces from 3.0.2 to 3.0.3 in /web/server/vue-cli by @dependabot in #4289
- [tools] Simplify static file handling in report-converter by @gamesh411 in #4423
- [test] Modernize Pylint config by @gamesh411 in #4397
- [Fix] Getting file counts query by @cservakt in #4421
- Bump nanoid from 3.3.7 to 3.3.8 in /web/server/vue-cli by @dependabot in #4404
- Increase thrift api version to prepare for an upcoping api change by @dkrupp in #4428
- [fix] Proper encoding of standard output by @bruntib in #4415
- fix the execution environment for binaries by @dkrupp in #4431
- [gui] Display full filename by @bruntib in #4416
- [fix] Don't crash when diagtool is missing by @bruntib in #4399
- [debug][scripts] Add experimental script for clustering similar crashes by @gamesh411 in #4161
- [fix] Pylint fails on cluster_crashes by @cservakt in #4436
- Whisperity refactor/script/label generator tooling by @dkrupp in #4439
- feat(script): Automatically generate
doc_urlandseverityfrom ToCs, documentations, and analyser outputs by @whisperity in #4225 - [fix] Guideline stat API refactoring by @cservakt in #4433
- Bump scikit-learn from 1.3.0 to 1.5.0 in /scripts/debug_tools/crash_clustering by @dependabot in #4435
- Bump tqdm from 4.66.1 to 4.66.3 in /scripts/debug_tools/crash_clustering by @dependabot in #4434
- Add clang-tidy yaml report converter by @noraz31 in #4335
- [Fix] Sorting of the statistics by @cservakt in #4445
- [analyzer] Add --inferargs flag by @bruntib in #4447
- [cmd] Add support for sarif export in parser cmd by @tgagneret-embedded in #4327
- Add 6.25.0 release notes to the New Features menu by @noraz31 in #4454
- [feat] Introduce chronological order for dynamic reports by @bruntib in #4450
New Contributors
- @totocaca123 made their first contribution in #4410
- @jstevens176 made their first contribution in #4396
- @tgagneret-embedded made their first contribution in #4327
Full Changelog: v6.25.0-rc1...v6.25.0