Aurelie  Block

Aurelie Block

1597863420

Analysis of merge requests in GitLab using PVS-Studio for C#

Do you like GitLab and don’t like bugs? Do you want to improve the quality of your source code? Then you’ve come to the right place. Today we will tell you how to configure the PVS-Studio C## analyzer for checking merge requests. Enjoy the reading and have a nice unicorn mood.

PVS-Studio is a tool designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, C#, and Java. Works in 64-bit systems on Windows, Linux and macOS. Can analyze the code meant for 32-bit, 64-bit and embedded ARM platforms.

By the way, we’ve released PVS-Studio 7.08, which was full of new sapid features. For example:

  • C## analyzer under Linux and macOS;
  • plugin for Rider;
  • new mode for checking a list of files.

#csharp

What is GEEK

Buddha Community

Analysis of merge requests in GitLab using PVS-Studio for C#
Vern  Greenholt

Vern Greenholt

1596134640

Analysis of Merge Requests in GitLab Using PVS-Studio For

Do you like GitLab and don’t like bugs? Do you want to improve the quality of your source code? Then you’ve come to the right place. Today we will tell you how to configure the PVS-Studio C# analyzer for checking merge requests. Enjoy the reading and have a nice unicorn mood.

PVS-Studio is a tool designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, C#, and Java. Works in 64-bit systems on Windows, Linux, and macOS. Can analyze the code meant for 32-bit, 64-bit, and embedded ARM platforms.

By the way, we’ve released PVS-Studio 7.08, which was full of new sapid features. For example:

  • C# analyzer under Linux and macOS;
  • plugin for Rider;
  • new mode for checking a list of files.

Mode of Checking a List of Files

Previously, to check certain files, one had to pass .xml to the analyzer with a list of files. But since this is not very convenient, we have added the ability to pass .txt, which makes life much simpler.

To check certain files, specify the –sourceFiles (-f) flag and pass .txt with the list of files. It looks like this:

C#

1

pvs-studio-dotnet -t path/to/solution.sln -f fileList.txt -o project.json

If you are interested in configuring checks of commits or pull requests, you can also do this using this mode. The difference will be in getting a list of files for analysis and will depend on which systems you are using.

Principle of Checking Merge Requests

The main point of checking is to make sure that problems detected by the analyzer do not make it into the master branch when merging. We also don’t want to analyze the entire project every time. Moreover, when merging branches, we have a list of changed files. Therefore, I suggest adding a merge request check.

This is how a merge request looks like before introducing a static analyzer:

merge request
In other words, all errors in the changes branch will get to the master branch. Since we wouldn’t like this, we add the analysis, and now the scheme looks as follows:

errors in changes branch
We analyze changes2 and, if there are no errors, we accept the merge request, otherwise reject it.

By the way, if you are interested in analyzing commits and pull requests for C/C++, you are welcome to read about it here.

GitLab

GitLab is an open-source DevOps lifecycle web tool that provides a code repository management system for Git with its wiki, bug tracking system, CI/CD pipeline, and other features.

Before you start implementing the merge request analysis, you need to register and upload your project. If you do not know how to do this, then I suggest an article by my colleague.

Note. One of the possible ways to configure the environment is described below. The point is to show the steps for configuring the environment needed for analyzing and running the analyzer. In your case, it may be better to separate the stages of environment preparation (adding repositories, installing the analyzer), and analysis. For example, preparing Docker instances with the necessary environment and their usage, or some other method.

To get a better understanding of what is going to happen next, I suggest taking a look at the following scheme:

scheme example
The analyzer needs .NET Core SDK 3 for proper operation from which the necessary dependencies for the analyzer will be installed. Adding Microsoft repositories for various Linux distributions is described in the relevant document.

To install PVS-Studio via the package manager, you will also need to add PVS-Studio repositories. Adding repositories for various distributions is described in more detail in the relevant section of the documentation.

The analyzer needs a license key to operate. You can get a trial license on the analyzer download page.

Note. Please note that the described operating mode (merge requests analysis) requires an Enterprise license. Therefore, if you would like to try this mode of operation, don’t forget to specify that you need an Enterprise license in the “Message” field.

If a merge request occurs, we only need to analyze the list of changed files, otherwise, we analyze all files. After the analysis, we need to convert the logs to the format we need.

Now, with the algorithm in front of your eyes, you can proceed to writing the script. To do this, we need to change the .gitlab-ci.yml file or, if there is no such file, create one. To create it, click on the name of your project -> Set up CI/CD.

changing the .gitlab-ci.yml file
Now we are ready to write the script. Let’s first write the code that will install the analyzer and enter the license:

C#

1

before_script:

2

  - apt-get update && apt-get -y install wget gnupg 

3

4

  - apt-get -y install git

5

  - wget https://packages.microsoft.com/config/debian/10/

6

packages-microsoft-prod.deb -O packages-microsoft-prod.deb

7

  - dpkg -i packages-microsoft-prod.deb

8

  - apt-get update

9

  - apt-get install apt-transport-https

10

  - apt-get update

11

12

  - wget -q -O - https://files.viva64.com/etc/pubkey.txt | apt-key add -

13

  - wget -O /etc/apt/sources.list.d/viva64.list

14

https://files.viva64.com/etc/viva64.list

15

  - apt-get update

16

  - apt-get -y install pvs-studio-dotnet

17

18

  - pvs-studio-analyzer credentials $PVS_NAME $PVS_KEY

19

  - dotnet restore "$CI_PROJECT_DIR"/Test/Test.sln

Since installation and activation must occur before all other scripts, we use a special before_script label. Let me be clear on this fragment.

Preparation for the analyzer installation:

C#

1

  - wget https://packages.microsoft.com/config/debian/10/

2

packages-microsoft-prod.deb -O packages-microsoft-prod.deb

3

  - dpkg -i packages-microsoft-prod.deb

4

  - apt-get update

5

  - apt-get install apt-transport-https

6

  - apt-get update

Adding PVS-Studio repositories and the analyzer:

C#

1

  - wget -q -O - https://files.viva64.com/etc/pubkey.txt | apt-key add -

2

  - wget -O /etc/apt/sources.list.d/viva64.list

3

https://files.viva64.com/etc/viva64.list

4

  - apt-get update

5

  - apt-get -y install pvs-studio-dotnet

#devops #devsecops #csharp #static analysis #gitlab #static analysis tools #static analyzer

Sadie  Ratke

Sadie Ratke

1590597060

Level-up your C++ productivity using Visual Studio

Come learn how you can improve your efficiency even while working from home. We’ll take a look at online development environments, Live Share, and a host of other new productivity features and tips.

#c #c# #c++ #programming-c #visual studio

Pass method as parameter using C# | Delegates in C# | C# Bangla Tutorial | Advanced C#

https://youtu.be/GfcTSJf5Rc8

#oop in c# #object oriented programming in c# #object oriented concept in c# #learn oop concept #advance c# #pass method as parameter using c#

How I Improved My Legacy C++ Project With PVS-Studio

Since a few months, I’ve been refactoring my old C++/OpenGL project. Thus far, I used compilers (MSVC and Clang), my knowledge or free tools. At some point, I also got a chance to leverage a solid static analysis tool - PVS-Studio. The tool helped me with identifying 8 critical issues not to mention good code style and performance enhancements (in total 137 warnings)

Read on to see my report.

Starting With PVS-Studio

This post is sponsored by PVS-Studio but all opinions, code and the article idea come from me.

I’m working on a project which is a visualisation of various sorting algorithms, written in Win32Api, C++, OpenGL. I always put a nice GIF that presents how it works:

You can read my previous articles that describe the project in detail:

After doing some basic refactoring, using some modern features and even checking code with C++ Core Guideline Checkers (available in Visual Studio) I also run a professional static analysis tool: PVS Studio - I used the latest version: PVS-Studio 7.09 (August 27, 2020)

Running the analyser is very simple. Inside Visual Studio 2019 you have to select:

Extensions->PVS-Studio->Check->SolutionThis action starts the PVS process which can last a dozen of seconds (for small projects) or a couple of minutes… or longer - depending on your project size.

After the check completes, you can see the following window with all of the messages:

This shows all issues that the tool has found for the solution (You can also check a single project or a single compilation unit).

As you can see, the numbers are not large, because my project is relatively small (5kloc), yet it helped me with improving the code in several places.

What I like about PVS-Studio is its super handy UI: it’s just a single window with lots of easy to use shortcuts (for example filtering between severity level). It’s easy to filter through files or even skip some errors entirely.

For example, here’s a screenshot where I could easily disable warnings found inside gtest.h which is a part of Google testing framework:

I won’t be able to fix those issues (as it’s third party code), so it’s best to make them silent.

Depending on your project size, you’ll probably need some time to adjust the output to your needs. After those adjustments, you’ll be able to focus on the major problems and limit the number of false positives or non-essential issues.

Here’s some more documentation if you want to start with your project.

What’s more, you can also try PVS-Studio for free through Compiler Explorer! Have a look at this website how to start: Online Examples (C, C++).

Ok, but let’s see what the tool reported for my project.

#windows #iot #c++ #tutorials #pvs-studio #graphics #visual c++ #opengl #vc++ #legacy c++ project

Ari  Bogisich

Ari Bogisich

1589816580

Using isdigit() in C/C++

In this article, we’ll take a look at using the isdigit() function in C/C++. This is a very simple way to check if any value is a digit or not. Let’s look at how to use this function, using some simple examples.

#c programming #c++ #c #c#