Revamp README and workflows for my own fork, start adding fbinfer and… #1

eljonny · 2025-03-16T01:23:32Z

… flawfinder

github-actions · 2025-03-16T01:26:51Z

⚡ Static analysis result ⚡

🔴 PyLint found 60 issues! Click here to see details.

StaticAnalysis-MoreCPP/test/test_sa_utils.py

Lines 20 to 25 in 2a990e6

    
           def mock_env(self, mp: MonkeyPatch): 
        
               mp.setenv("GITHUB_WORKSPACE", f"{PROJECT_PATH}{os.sep}test{os.sep}utils{os.sep}dummy_project") 
        
               mp.setenv("INPUT_VERBOSE", "True") 
        
               mp.setenv("INPUT_REPORT_PR_CHANGES_ONLY", "False") 
        
               mp.setenv("INPUT_REPO", "RepoName") 
        
               mp.setenv("GITHUB_SHA", "1234")

!Line: 20 - C0202: Class method mock_env should have 'cls' as first argument (bad-classmethod-argument)

StaticAnalysis-MoreCPP/test/test_sa_utils.py

Lines 32 to 37 in 2a990e6

    
           from src import sa_utils 
        
           patch = "@@ -43,6 +48,8 @@\n@@ -0,0 +1 @@" 
        
           lines = sa_utils.get_lines_changed_from_patch(patch) 
        
           self.assertEqual(lines, [(48, 56), (1, 1)])

!Line: 32 - C0415: Import outside toplevel (src.sa_utils) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 21 to 26 in 2a990e6

    
           def mock_env(self, mp: MonkeyPatch): 
        
               mp.setenv("GITHUB_WORKSPACE", f"{PROJECT_PATH}{os.sep}test{os.sep}utils{os.sep}dummy_project") 
        
               mp.setenv("INPUT_VERBOSE", "True") 
        
               mp.setenv("INPUT_REPORT_PR_CHANGES_ONLY", "False") 
        
               mp.setenv("INPUT_REPO", "RepoName") 
        
               mp.setenv("GITHUB_SHA", "1234")

!Line: 21 - C0202: Class method mock_env should have 'cls' as first argument (bad-classmethod-argument)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 33 to 38 in 2a990e6

    
           from src import static_analysis_cpp 
        
           cppcheck_content = [ 
        
               f"{os.getenv("GITHUB_WORKSPACE")}{os.sep}DummyFile.cpp:8:23: style: Error message\n", 
        
               "    Part of code\n", 
        
               "               ^\n",

!Line: 33 - C0415: Import outside toplevel (src.static_analysis_cpp) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 77 to 82 in 2a990e6

    
           from src import static_analysis_cpp 
        
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           comment_body = static_analysis_cpp.prepare_comment_body("", "", "", "", 0, 0, 0, 0)

!Line: 77 - C0415: Import outside toplevel (src.static_analysis_cpp) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 78 to 83 in 2a990e6

    
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           comment_body = static_analysis_cpp.prepare_comment_body("", "", "", "", 0, 0, 0, 0) 
        
           # Empty results

!Line: 78 - C0415: Import outside toplevel (utils.helper_functions) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 92 to 97 in 2a990e6

    
           from src import static_analysis_cpp 
        
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           cppcheck_issues_found = 1

!Line: 92 - C0415: Import outside toplevel (src.static_analysis_cpp) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 93 to 98 in 2a990e6

    
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           cppcheck_issues_found = 1 
        
           cppcheck_comment = "dummy issue"

!Line: 93 - C0415: Import outside toplevel (utils.helper_functions) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 115 to 120 in 2a990e6

    
           from src import static_analysis_cpp 
        
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           cppcheck_issues_found = 4

!Line: 115 - C0415: Import outside toplevel (src.static_analysis_cpp) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 116 to 121 in 2a990e6

    
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           cppcheck_issues_found = 4 
        
           cppcheck_comment = "dummy issues"

!Line: 116 - C0415: Import outside toplevel (utils.helper_functions) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 138 to 143 in 2a990e6

    
           from src import static_analysis_cpp 
        
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           clang_tidy_issues_found = 1

!Line: 138 - C0415: Import outside toplevel (src.static_analysis_cpp) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 139 to 144 in 2a990e6

    
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           clang_tidy_issues_found = 1 
        
           clang_tidy_comment = "dummy issue"

!Line: 139 - C0415: Import outside toplevel (utils.helper_functions) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 160 to 165 in 2a990e6

    
           from src import static_analysis_cpp 
        
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           clang_tidy_issues_found = 4

!Line: 160 - C0415: Import outside toplevel (src.static_analysis_cpp) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_static_analysis_cpp.py

Lines 161 to 166 in 2a990e6

    
           from utils import helper_functions as utils 
        
           comment_title = os.getenv("INPUT_COMMENT_TITLE") 
        
           clang_tidy_issues_found = 4 
        
           clang_tidy_comment = "dummy issues"

!Line: 161 - C0415: Import outside toplevel (utils.helper_functions) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_get_files_to_check.py

Lines 69 to 74 in 2a990e6

    
               f"{pwd}{os.sep}utils{os.sep}dummy_project{os.sep}exclude_dir_1 {pwd}{os.sep}utils{os.sep}dummy_project{os.sep}exclude_dir_2", 
        
               "", 
        
               "c++", 
        
           ) 
        
           # Preselected files present

!Line: 69 - C0301: Line too long (137/120) (line-too-long)

StaticAnalysis-MoreCPP/test/test_get_files_to_check.py

Lines 78 to 83 in 2a990e6

    
                       f"{pwd}{os.sep}utils{os.sep}dummy_project{os.sep}exclude_dir_1 {pwd}{os.sep}utils{os.sep}dummy_project{os.sep}exclude_dir_2", 
        
                       f"{pwd}{os.sep}utils{os.sep}dummy_project{os.sep}DummyFile.cpp {pwd}{os.sep}utils{os.sep}dummy_project{os.sep}exclude_dir_1{os.sep}ExcludedFile1.hpp", 
        
                       "c++", 
        
                   ) 
        
           if __name__ == "__main__":

!Line: 78 - C0301: Line too long (137/120) (line-too-long)

StaticAnalysis-MoreCPP/test/test_get_files_to_check.py

Lines 79 to 84 in 2a990e6

    
                       f"{pwd}{os.sep}utils{os.sep}dummy_project{os.sep}DummyFile.cpp {pwd}{os.sep}utils{os.sep}dummy_project{os.sep}exclude_dir_1{os.sep}ExcludedFile1.hpp", 
        
                       "c++", 
        
                   ) 
        
           if __name__ == "__main__": 
        
               unittest.main()

!Line: 79 - C0301: Line too long (162/120) (line-too-long)

StaticAnalysis-MoreCPP/test/test_get_files_to_check.py

Lines 14 to 19 in 2a990e6

    
           from utils import helper_functions as util 
        
           class TestGetFilesToCheck(unittest.TestCase): 
        
               """Unit tests for get_files_to_check module""" 
        
               def test_get_files_to_check(self):

!Line: 14 - C0411: third party import "utils.helper_functions" should be placed before first party import "src.get_files_to_check"  (wrong-import-order)

StaticAnalysis-MoreCPP/test/test_static_analysis_python.py

Lines 181 to 186 in 2a990e6

    
           '!Line: 13 - C0103: Constant name "encoded" doesn\'t conform to UPPER_CASE naming style (invalid-name)\n' 
        
           "``` \n <br>" 
        
           f"\n\n\n\nhttps://github.com/{repo_name}/blob/{sha}/dummy.py#L15-L20 \n" 
        
           "```diff\n" 
        
           '!Line: 15 - C0103: Constant name "x" doesn\'t conform to UPPER_CASE naming style (invalid-name)\n' 
        
           "``` \n <br>"

!Line: 181 - C0301: Line too long (121/120) (line-too-long)

StaticAnalysis-MoreCPP/test/test_static_analysis_python.py

Lines 189 to 194 in 2a990e6

    
           '!Line: 16 - C0103: Constant name "encoded" doesn\'t conform to UPPER_CASE naming style (invalid-name)\n' 
        
           "``` \n <br>" 
        
           f"\n\n\n\nhttps://github.com/{repo_name}/blob/{sha}/dummy.py#L20-L25 \n" 
        
           "```diff\n" 
        
           '!Line: 20 - C0103: Constant name "encoded" doesn\'t conform to UPPER_CASE naming style (invalid-name)\n' 
        
           "``` \n <br>"

!Line: 189 - C0301: Line too long (121/120) (line-too-long)

StaticAnalysis-MoreCPP/test/test_static_analysis_python.py

Lines 193 to 198 in 2a990e6

    
           '!Line: 20 - C0103: Constant name "encoded" doesn\'t conform to UPPER_CASE naming style (invalid-name)\n' 
        
           "``` \n <br>" 
        
           f"\n\n\n\nhttps://github.com/{repo_name}/blob/{sha}/dummy.py#L22-L25 \n" 
        
           "```diff\n" 
        
           '!Line: 22 - C0103: Constant name "x" doesn\'t conform to UPPER_CASE naming style (invalid-name)\n' 
        
           "``` \n <br>"

!Line: 193 - C0301: Line too long (121/120) (line-too-long)

StaticAnalysis-MoreCPP/test/test_static_analysis_python.py

Lines 201 to 206 in 2a990e6

    
               '!Line: 23 - C0103: Constant name "encoded" doesn\'t conform to UPPER_CASE naming style (invalid-name)\n' 
        
               "``` \n <br>\n" 
        
           ) 
        
           print(result)

!Line: 201 - C0301: Line too long (121/120) (line-too-long)

StaticAnalysis-MoreCPP/test/test_static_analysis_python.py

Lines 22 to 27 in 2a990e6

    
           def mock_env(self, mp: MonkeyPatch): 
        
               mp.setenv("GITHUB_WORKSPACE", f"{PROJECT_PATH}{os.sep}test{os.sep}utils{os.sep}dummy_project") 
        
               mp.setenv("INPUT_VERBOSE", "True") 
        
               mp.setenv("INPUT_REPORT_PR_CHANGES_ONLY", "False") 
        
               mp.setenv("INPUT_REPO", "RepoName") 
        
               mp.setenv("GITHUB_SHA", "1234")

!Line: 22 - C0202: Class method mock_env should have 'cls' as first argument (bad-classmethod-argument)

StaticAnalysis-MoreCPP/test/test_static_analysis_python.py

Lines 34 to 39 in 2a990e6

    
                       from src import static_analysis_python 
        
                       pylint_content = r""" [ 
        
                       { 
        
                           "type": "convention", 
        
                           "module": "dummy",

!Line: 34 - C0415: Import outside toplevel (src.static_analysis_python) (import-outside-toplevel)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 38 to 43 in 2a990e6

    
                   run_hash = hash(json.dumps(run, sort_keys=True, ensure_ascii=True, default=lambda v: repr(v) + str(hash(v)))) 
        
                   self.assertIn(run_hash, hashes) 
        
           def test_write_joined_sarif(self): 
        
               with tempfile.NamedTemporaryFile("w", delete_on_close=False) as written_file: 
        
                   written_file.close()

!Line: 38 - C0301: Line too long (121/120) (line-too-long)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 27 to 32 in 2a990e6

    
           dir = f"{f"{os.sep}".join(os.path.abspath(__file__).split(os.sep)[:-1])}{os.sep}data{os.sep}sarif{os.sep}join" 
        
           cls.to_join_tjs_js, cls.to_join_tjs_gh, cls.to_join_twjs_jsw, cls.to_join_twjs_jsjd = itertools.tee( 
        
               Path(dir).rglob("cppcheck__mnt_c_code_project_src_Type*.cpp.sarif"), 
        
               4 
        
           )

!Line: 27 - W0622: Redefining built-in 'dir' (redefined-builtin)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 49 to 53 in 2a990e6

    
                           open(joined_file.name, "w").write(json_sarif) 
        
                           self.assertTrue(filecmp.cmp(written_file.name, joined_file.name, False)) 
        
           if __name__ == "__main__": 
        
               unittest.main()

!Line: 49 - R1732: Consider using 'with' for resource-allocating operations (consider-using-with)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 49 to 53 in 2a990e6

    
                           open(joined_file.name, "w").write(json_sarif) 
        
                           self.assertTrue(filecmp.cmp(written_file.name, joined_file.name, False)) 
        
           if __name__ == "__main__": 
        
               unittest.main()

!Line: 49 - W1514: Using open without explicitly specifying an encoding (unspecified-encoding)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 5 to 10 in 2a990e6

    
           import os 
        
           import sys 
        
           import tempfile 
        
           import unittest 
        
           try:

!Line: 5 - C0411: standard import "os" should be placed before third party import "jsonpickle" (wrong-import-order)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 6 to 11 in 2a990e6

    
           import sys 
        
           import tempfile 
        
           import unittest 
        
           try: 
        
               PROJECT_PATH = f"{os.sep}".join(os.path.abspath(__file__).split(os.sep)[:-2])

!Line: 6 - C0411: standard import "sys" should be placed before third party import "jsonpickle" (wrong-import-order)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 7 to 12 in 2a990e6

    
           import tempfile 
        
           import unittest 
        
           try: 
        
               PROJECT_PATH = f"{os.sep}".join(os.path.abspath(__file__).split(os.sep)[:-2]) 
        
               sys.path.append(PROJECT_PATH)

!Line: 7 - C0411: standard import "tempfile" should be placed before third party import "jsonpickle" (wrong-import-order)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 8 to 13 in 2a990e6

    
           import unittest 
        
           try: 
        
               PROJECT_PATH = f"{os.sep}".join(os.path.abspath(__file__).split(os.sep)[:-2]) 
        
               sys.path.append(PROJECT_PATH)

!Line: 8 - C0411: standard import "unittest" should be placed before third party import "jsonpickle" (wrong-import-order)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 18 to 23 in 2a990e6

    
           from pathlib import Path 
        
           from src import join_sarif as sarops 
        
           from utils import helper_functions as utils 
        
           class TestJoinSarif(unittest.TestCase): 
        
               """Unit tests for join_sarif module"""

!Line: 18 - C0411: standard import "pathlib.Path" should be placed before third party import "jsonpickle" (wrong-import-order)

StaticAnalysis-MoreCPP/test/test_join_sarif.py

Lines 20 to 25 in 2a990e6

    
           from utils import helper_functions as utils 
        
           class TestJoinSarif(unittest.TestCase): 
        
               """Unit tests for join_sarif module""" 
        
               @classmethod

!Line: 20 - C0411: third party import "utils.helper_functions" should be placed before first party import "src.join_sarif"  (wrong-import-order)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 279 to 284 in 2a990e6

    
           if output_to_console and (flawfinder_issues_found or cppcheck_issues_found or fbinfer_issues_found or clang_tidy_issues_found): 
        
               print("##[error] Issues found!\n") 
        
               error_color = "\u001b[31m" 
        
               if flawfinder_issues_found: 
        
                   print(f"{error_color}flawfinder results: {flawfinder_comment}")

!Line: 279 - C0301: Line too long (131/120) (line-too-long)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Line 412 in 2a990e6

    
           sys.exit(flawfinder_issues_found_in + cppcheck_issues_found_in + fbinfer_issues_found_in + clang_tidy_issues_found_in)

!Line: 412 - C0301: Line too long (122/120) (line-too-long)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 128 to 133 in 2a990e6

    
                   """ 
        
                   These go into the new functions probably 
        
                   rule_id = result.ruleId 
        
                   file_path = result.locations[0].physicalLocation.artifactLocation.uri.split(":")[1] 
        
                   level = result.level

!Line: 128 - W0105: String statement has no effect (pointless-string-statement)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 142 to 147 in 2a990e6

    
               per_issue_string = append_sarif_issue(result) 
        
               continue 
        
           if utils.is_part_of_pr_changes(file_path, result, files_changed_in_pr): 
        
               per_issue_string, description = utils.generate_desc_from_sarif( 
        
                   was_note,

!Line: 142 - E1120: No value for argument 'per_issue_string' in function call (no-value-for-parameter)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 142 to 147 in 2a990e6

    
               per_issue_string = append_sarif_issue(result) 
        
               continue 
        
           if utils.is_part_of_pr_changes(file_path, result, files_changed_in_pr): 
        
               per_issue_string, description = utils.generate_desc_from_sarif( 
        
                   was_note,

!Line: 142 - E1120: No value for argument 'new_line' in function call (no-value-for-parameter)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 142 to 147 in 2a990e6

    
               per_issue_string = append_sarif_issue(result) 
        
               continue 
        
           if utils.is_part_of_pr_changes(file_path, result, files_changed_in_pr): 
        
               per_issue_string, description = utils.generate_desc_from_sarif( 
        
                   was_note,

!Line: 142 - E1120: No value for argument 'list_of_issues' in function call (no-value-for-parameter)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 175 to 180 in 2a990e6

    
           def read_files_and_parse_results(): 
        
               """Reads the output files generated by cppcheck and clang-tidy and creates comments 
        
               for the pull request, based on the issues found. The comments can be output to console 
        
               and/or added to the pull request. Returns a tuple with the comments generated for 
        
               cppcheck and clang-tidy, and boolean values indicating whether issues were found by 
        
               each tool, whether output was generated to the console, and whether the actual code

!Line: 175 - R0914: Too many local variables (27/25) (too-many-locals)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 175 to 180 in 2a990e6

    
           def read_files_and_parse_results(): 
        
               """Reads the output files generated by cppcheck and clang-tidy and creates comments 
        
               for the pull request, based on the issues found. The comments can be output to console 
        
               and/or added to the pull request. Returns a tuple with the comments generated for 
        
               cppcheck and clang-tidy, and boolean values indicating whether issues were found by 
        
               each tool, whether output was generated to the console, and whether the actual code

!Line: 175 - R0915: Too many statements (57/50) (too-many-statements)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 252 to 257 in 2a990e6

    
           issue_key = f"{utils.JSON_ISSUE_KEY}" 
        
           utils.debug_print( 
        
               f"flawfinder result: \n {flawfinder_content} \n" 
        
               f"cppcheck result: \n {cppcheck_content} \n" 
        
               f"fbinfer result: \n {fbinfer_content} \n"

!Line: 252 - W0612: Unused variable 'issue_key' (unused-variable)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 308 to 313 in 2a990e6

    
           def prepare_comment_body( 
        
               flawfinder_comment, cppcheck_comment, fbinfer_comment, clang_tidy_comment, 
        
               flawfinder_issues_found, cppcheck_issues_found, fbinfer_issues_found, clang_tidy_issues_found 
        
           ): 
        
               """ 
        
               Generates a comment body based on the results of the cppcheck and clang-tidy analysis.

!Line: 308 - R0913: Too many arguments (8/5) (too-many-arguments)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 308 to 313 in 2a990e6

    
           def prepare_comment_body( 
        
               flawfinder_comment, cppcheck_comment, fbinfer_comment, clang_tidy_comment, 
        
               flawfinder_issues_found, cppcheck_issues_found, fbinfer_issues_found, clang_tidy_issues_found 
        
           ): 
        
               """ 
        
               Generates a comment body based on the results of the cppcheck and clang-tidy analysis.

!Line: 308 - R0917: Too many positional arguments (8/5) (too-many-positional-arguments)

StaticAnalysis-MoreCPP/src/static_analysis_cpp.py

Lines 325 to 330 in 2a990e6

    
           SEPARATOR = "\n\n\n *** \n" 
        
           if flawfinder_issues_found == 0 and cppcheck_issues_found == 0 and \ 
        
               fbinfer_issues_found == 0 and clang_tidy_issues_found == 0: 
        
               full_comment_body = ( 
        
                   '## <p align="center"><b> :white_check_mark:'

!Line: 325 - C0103: Variable name "SEPARATOR" doesn't conform to snake_case naming style (invalid-name)

StaticAnalysis-MoreCPP/src/get_files_to_check.py

Lines 24 to 29 in 2a990e6

    
           if os.sep.__eq__("\\"): 
        
               directory_in = str(directory_in).replace("/", os.sep) 
        
           else: 
        
               directory_in = str(directory_in).replace("\\", os.sep) 
        
           dirin = f"{directory_in}{os.sep}build"

!Line: 24 - C2801: Unnecessarily calls dunder method __eq__. Use == operator. (unnecessary-dunder-call)

StaticAnalysis-MoreCPP/src/get_files_to_check.py

Lines 30 to 35 in 2a990e6

    
           while not dirin.find(f"{os.sep}{os.sep}") == -1: 
        
               dirin = dirin.replace(f"{os.sep}{os.sep}", f"{os.sep}") 
        
           exclude_prefixes = [re.escape(str(dirin))] 
        
           if excludes_in is not None: 
        
               excludes_list = excludes_in.split(" ")

!Line: 30 - C0117: Consider changing "not dirin.find(f'{os.sep}{os.sep}') == -1" to "dirin.find(f'{os.sep}{os.sep}') != -1" (unnecessary-negation)

StaticAnalysis-MoreCPP/src/get_files_to_check.py

Lines 8 to 13 in 2a990e6

    
           def get_files_to_check(directory_in, excludes_in, preselected_files, lang): 
        
               """ 
        
               Given a directory path and a string of prefixes to exclude, 
        
               return a space-separated string of all files in the directory (and its subdirectories) 
        
               that have a supported extension and do not start with any of the excluded prefixes.

!Line: 8 - R0912: Too many branches (16/12) (too-many-branches)

StaticAnalysis-MoreCPP/src/get_files_to_check.py

Lines 77 to 82 in 2a990e6

    
           directory = str(parser.parse_args().dir).replace("//", "/") 
        
           while not directory.find("//") == -1: 
        
               directory = str(parser.parse_args().dir).replace("//", "/") 
        
           preselected = parser.parse_args().preselected 
        
           excludes = parser.parse_args().exclude 
        
           language = parser.parse_args().lang

!Line: 77 - C0103: Constant name "directory" doesn't conform to UPPER_CASE naming style (invalid-name)

StaticAnalysis-MoreCPP/src/get_files_to_check.py

Lines 78 to 83 in 2a990e6

    
           while not directory.find("//") == -1: 
        
               directory = str(parser.parse_args().dir).replace("//", "/") 
        
           preselected = parser.parse_args().preselected 
        
           excludes = parser.parse_args().exclude 
        
           language = parser.parse_args().lang

!Line: 78 - C0117: Consider changing "not directory.find('//') == -1" to "directory.find('//') != -1" (unnecessary-negation)

StaticAnalysis-MoreCPP/src/get_files_to_check.py

Lines 79 to 84 in 2a990e6

    
               directory = str(parser.parse_args().dir).replace("//", "/") 
        
           preselected = parser.parse_args().preselected 
        
           excludes = parser.parse_args().exclude 
        
           language = parser.parse_args().lang 
        
           print(get_files_to_check(directory, excludes, preselected.split(), language))

!Line: 79 - C0103: Constant name "directory" doesn't conform to UPPER_CASE naming style (invalid-name)

StaticAnalysis-MoreCPP/src/join_sarif.py

Lines 10 to 15 in 2a990e6

    
           with open(file) as sarif_file: 
        
               sarif_json = json.load(sarif_file) 
        
               schema_key = "$schema" 
        
               del sarif_json[schema_key]

!Line: 10 - W1514: Using open without explicitly specifying an encoding (unspecified-encoding)

StaticAnalysis-MoreCPP/src/join_sarif.py

Lines 16 to 21 in 2a990e6

    
           if joined == None: 
        
               joined = SarifLog(**sarif_json) 
        
               continue 
        
           to_join = SarifLog(**sarif_json) 
        
           for run in to_join.runs:

!Line: 16 - C0121: Comparison 'joined == None' should be 'joined is None' (singleton-comparison)

StaticAnalysis-MoreCPP/src/join_sarif.py

Lines 26 to 31 in 2a990e6

    
           def write_joined_sarif(joined_sarif, output_file): 
        
               with open(output_file, "w") as out: 
        
                   out.write(jsonpickle.encode(joined_sarif)) 
        
           if __name__ == "__main__": 
        
               parser = argparse.ArgumentParser()

!Line: 26 - W0621: Redefining name 'joined_sarif' from outer scope (line 46) (redefined-outer-name)

StaticAnalysis-MoreCPP/src/join_sarif.py

Lines 26 to 31 in 2a990e6

    
           def write_joined_sarif(joined_sarif, output_file): 
        
               with open(output_file, "w") as out: 
        
                   out.write(jsonpickle.encode(joined_sarif)) 
        
           if __name__ == "__main__": 
        
               parser = argparse.ArgumentParser()

!Line: 26 - W0621: Redefining name 'output_file' from outer scope (line 48) (redefined-outer-name)

StaticAnalysis-MoreCPP/src/join_sarif.py

Lines 27 to 32 in 2a990e6

    
               with open(output_file, "w") as out: 
        
                   out.write(jsonpickle.encode(joined_sarif)) 
        
           if __name__ == "__main__": 
        
               parser = argparse.ArgumentParser() 
        
               parser.add_argument(

!Line: 27 - W1514: Using open without explicitly specifying an encoding (unspecified-encoding)

StaticAnalysis-MoreCPP/test/utils/helper_functions.py

Lines 63 to 65 in 2a990e6

    
                       hashes.append(hash(json.dumps(run, sort_keys=True, ensure_ascii=True, default=lambda v: repr(v) + str(hash(v))))) 
        
           return hashes

!Line: 63 - C0301: Line too long (129/120) (line-too-long)

StaticAnalysis-MoreCPP/test/utils/helper_functions.py

Lines 14 to 19 in 2a990e6

    
           SEPARATOR = "\n\n\n *** \n" 
        
           if issues_found == 0: 
        
               return ( 
        
                   '## <p align="center"><b> :white_check_mark:' 
        
                   f"{comment_title} - no issues found! :white_check_mark: </b></p>"

!Line: 14 - C0103: Variable name "SEPARATOR" doesn't conform to snake_case naming style (invalid-name)

StaticAnalysis-MoreCPP/test/utils/helper_functions.py

Lines 55 to 60 in 2a990e6

    
           with open(sarif_run) as file: 
        
               sarif_json = json.load(file) 
        
               schema_key = "$schema" 
        
               del sarif_json[schema_key]

!Line: 55 - W1514: Using open without explicitly specifying an encoding (unspecified-encoding)

eljonny · 2025-03-16T01:28:30Z

This is to fulfill TestCPP#85 and TestCPP#86.

In the C++ workflow eg in the README.md, examples for fbinfer_args, flawfinder_args, and flawfinder_targets are now present that I added. Fixed defaults for cmake_args, flawfinder_targets, and fbinfer_args in the action.yml and README. Preprocess fbinfer_args, flawfinder_args, and flawfinder_targets in line with the way cppcheck and clang_tidy arg preprocessing is handled. Add -fi and -ff options to python3 -m src.static_analysis_cpp commands, note that I have not yet added these to the python code yet. -fi receives the file name for the infer report, and -ff receives the file name for the flawfinder report. Output the values of INFER_ARGS, FLAWFINDER_ARGS, and FLAWFINDER_TGTS for debugging where necessary. Added calls to infer for CMake and non-CMake sections. Add call to flawfinder, that does not depend at all on whether CMake is being used. Ordered the variables and operations so everything is consistent.

Also remove associated variable since it's no longer used to fix SC2034 Double quote arguments to prevent unwanted globbing/splitting to fix SC2086.

Start to move away from line output parsing so there's a common format being used as much as possible for gathering static analysis issues data/results. I chose SARIF since CPPCheck, FlawFinder, and Infer all support this format, and it is a format supported by a number of other static analysis tools that could then be integrated without consideration of any particular custom stdout format. This opens up the possibility for other languages and tools that also support this format to be easily integrated into this Action. The first step was ensuring all tools that can support it are using versions with SARIF support; this is complete, only cppcheck needed to be upgraded in the docker image that supports the runner, and is now set to version 2.17.1. The second step in this was to install the Python 3 SARIF Object Model library into the docker image that supports the runner; this is complete. The third step was to add the proper command line arguments to the tools that get called in the entrypoint_cpp.sh; this is also complete. The fourth step was to add execution of a new python script that joins multiple SARIF files (one for each source file analyzed with cppcheck and one for each target directory analyzed with flawfinder) to entrypoint_cpp.sh; this is now complete also. The fifth step is to actually write the new join_sarif Python 3 module, which is almost complete but not yet ready. The final step is to integrate SARIF into the Action code and tests; this is not yet complete, but I am working on it and have already made significant progress, and should be something I can finish in the next 2-3 weeks, time permitting. Fixed spelling in the Action definition. I finished integrating FlawFinder and Infer into entrypoint_cpp.sh script, which included adding -ff and -fi arguments to the call to the static_analysis_cpp Python 3 module. Fixed/improved aspects of entrypoint_cpp.sh. - debug_print for get_files_to_check.py that says it is going to run the script now prints prior to it running so what is being printed aligns with what is actually happening during the script run. - Fixed an issue where all the header files in the project being analyzed were getting passed to cppcheck, which does not support direct analysis of header files. - Fix exclude_arg not working with cppcheck by removing it; it is unnecessary based on how I want cppcheck to be run. Removed excess whitespace in test/test_utils.py. Added trailing newline to test/utils/dummy_project/DummyFile.hpp.

I have updated the workflows and added the necessary repository secrets to hopefully allow them to work, and updated the names to be unique to the project. Added a new workflow for code coverage and test results upload to CodeCov for visualization and analysis. Fixed the TestRepo clone URL. Added a new file for running cppcheck locally. Fix a number of cross-platform issues with directory separators, so it is consistent across all of the codebase. Ensure proper regular expression escaping in paths. get_files_to_check now uses a regular-expression-based method for excluding files that is more consistent and works in more cross- platform situations than previous. Fix double-path-separators often showing up in selected paths. Fix line endings (all are now LF-only) Reduced the number of characters in a comment to account for the additional SA tools Use the GITHUB_WORKSPACE env in more places to fix a large number of pathing issues Begin adding SARIF integration; this is a WIP. Formatting, remove excess whitespace Add SARIF test data Add more tests for existing code, add tests for join_sarif Use monkeypatch to ensure the environment is correct for each test Add genhashes to test helper functions

codecov · 2025-06-04T06:21:38Z

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

… function as expected.

github-actions · 2025-06-04T06:57:52Z

Test Action results

Result for push

Result for pull_request (CMake)

Result for pull_request (non CMake)

Result for pull_request_target (CMake)

Result for pull_request_target (non CMake)

…ect, scan the test/utils/ dir otherwise.

…supported.

Fixed all links. Added badges for shellcheck, Code Coverage, and CodeCov.

Revamp README and workflows for my own fork, start adding fbinfer and…

2b9f3ca

… flawfinder

eljonny added the enhancement New feature or request label Mar 16, 2025

eljonny self-assigned this Mar 16, 2025

eljonny marked this pull request as draft March 16, 2025 01:23

Not an issue to use the upstream for python linting

18bb221

This was referenced Mar 16, 2025

Integrate infer into CI static analysis eljonny/TestCPP#86

Open

Integrate flawfinder into CI static analysis eljonny/TestCPP#85

Open

eljonny added 7 commits March 15, 2025 19:53

Stop using -j for cppcheck because it hinders certain checks

62df528

Also remove associated variable since it's no longer used to fix SC2034 Double quote arguments to prevent unwanted globbing/splitting to fix SC2086.

Fix whitespace

83e20ec

Missing pytest-cov dependency

f92d130

Missing sarif-om and jsonpickle dependencies

e62ec09

I understand better what's going on with this workflow, it should now…

1d91c1a

… function as expected.

eljonny added 6 commits June 4, 2025 00:02

Use a known working version of StaticAnalysis. Exclude the dummy_proj…

5406cf3

…ect, scan the test/utils/ dir otherwise.

Fix SC2148

3dbd326

Fix SC2086

705aec4

Add codecov.yml for ignores; use ubuntu-latest, the other may not be …

5c86150

…supported.

README work

c8882a5

Fixed all links. Added badges for shellcheck, Code Coverage, and CodeCov.

Just use the default links. No branch specifier required.

28bbb3a

This was linked to issues Jun 5, 2025

Work through pylint issues #2

Open

Add flawfinder and infer #3

Open

Add SARIF support #4

Open

This was unlinked from issues Jun 5, 2025

Work through pylint issues #2

Open

Add flawfinder and infer #3

Open

eljonny removed a link to an issue Jun 5, 2025

Add SARIF support #4

Open

This was linked to issues Jun 5, 2025

Fix pylint E* issues #8

Open

Fix pylint W* issues #7

Open

This was unlinked from issues Jun 5, 2025

Fix pylint W* issues #7

Open

Fix pylint E* issues #8

Open

eljonny linked an issue Jun 5, 2025 that may be closed by this pull request

Fix pylint E* issues #8

Open

eljonny added this to the 1.0 Release milestone Jun 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Revamp README and workflows for my own fork, start adding fbinfer and… #1

Revamp README and workflows for my own fork, start adding fbinfer and… #1

Uh oh!

eljonny commented Mar 16, 2025

Uh oh!

github-actions bot commented Mar 16, 2025 •

edited

Loading

Uh oh!

eljonny commented Mar 16, 2025

Uh oh!

codecov bot commented Jun 4, 2025

Uh oh!

github-actions bot commented Jun 4, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Revamp README and workflows for my own fork, start adding fbinfer and… #1

Are you sure you want to change the base?

Revamp README and workflows for my own fork, start adding fbinfer and… #1

Uh oh!

Conversation

eljonny commented Mar 16, 2025

Uh oh!

github-actions bot commented Mar 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚡ Static analysis result ⚡

Uh oh!

eljonny commented Mar 16, 2025

Uh oh!

codecov bot commented Jun 4, 2025

Welcome to Codecov 🎉

Uh oh!

github-actions bot commented Jun 4, 2025

Test Action results

Result for push

Result for pull_request (CMake)

Result for pull_request (non CMake)

Result for pull_request_target (CMake)

Result for pull_request_target (non CMake)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

github-actions bot commented Mar 16, 2025 •

edited

Loading