Perl Code Security Scanner Other than RATS? (MUST BE _STATIC_)
Other than RATS, are there any other Perl security scanners? Possibly also any STATIC only perl code graph engine which has an ability to follow data-flow or otherwise tainted input? ...
code-analysis
Custom Code Analysis TFS Check-In Policy
Is there any way to create a custom TFS check-in policy that can jump through each node within the code being checked in for code standards we have defined? ...
Viewing Code Coverage Results outside of Visual studio
I've got some unit tests, and got some code coverage data. Now, I'd like to be able to view that code coverage data outside of visual studio, say in a web browser. But, when I export the code coverage to an xml file, I can't do anything with it. Are there readers out there for this? Do I have to write an xml parser and then display it ho...
Code quality and analysis tools for C#? How do you analyze your code?
I am a big NDepend fan and so I read quite a bit from Patrick Smacchia. I was reading a post of his this morning regarding "Where do developers care for Software Quality" in which he looks at the NDepends site log files in Google Analytics to see where people come from to have a look at NDepend. The results are semi-interesting. Howev...
Tool for analyzing VB6 source code (like Understand from SciTools)
Does anyone know of a tool to analyze/navigate VB6 source code like the tool from scitools? http://www.scitools.com/products/understand/ ...
Extracting the Java method text
Hello, I made a tool that measure some cohesion metrics on the Java source files, but these metrics depends that you can determine the list of attributes that are accessed by the method, to do this I made a parser that extract the method code, but I got some problems, so I ask if there any tool to parse the Java file and extract the meth...
How to find a mentor/code reviewer for freelancer?
About 6 moths ago I switched to fulltime freelance job. Before that I worked in enterprise environment with highly professional craftsmen :) I'm striving in improving my skills in Object Oriented Design and software architecture. I read lots of books about OOD, T.D.D., patterns(implementation, design, architectural). I like to research...
Validation that Custom Attibute is assigned to non static class member
I need to create a custom attribute that is applicable only for non static class member. How can I validate this constraint on project compilation or using code analysis tools? ...
How can I supress static code analysis during build?
We have a solution with 15 projects, which all has code analysis enabled. The solution easily takes 60+ seconds to build, which is a very long time when sitting waiting. If I disable code analysis it builds in 10 sesonds. I would love to be able to disable code analysis on an ad-hoc basis. But still I want code analysis when building ...
Why won't the GC automatically dispose my class's members?
When I build the following C++/CLI code in VS2008, a code analysis warning CA1001 is displayed. ref class A { public: A() { m_hwnd = new HWND; } ~A() { this->!A(); } protected: !A() { delete m_hwnd; } HWND* m_hwnd; }; ref class B { public: B() { m_a = gcnew A(); } protected: A^ m_a; }; warning: CA1...
Team Foundation Server 2008 Build Server Code Analysis
I'm having trouble getting Code Analysis to run on the build server. My goal is that on checkin the build server will build and run code analysis automatically. For some rules I would like the build to fail. I know how to use the team explorer to set which rules cause a fail. I don't want the developer to have to run code analysis to...
Tool for analysing and stepping through code?
Recently I came across a tool which could analyse running python code and produced a visual representation similar to a code editor to allow one to step through the different parts of the code, seeing how many times each part was called, execution time, etc. I can't find the reference to it again. Would anyone know what it might be? ...
Static code analysis: integrate into debug and release builds, or just one or the other?
As a best practice, do you run code analysis on both debug and release builds, or just one or the other? ...
Tools and best practices to understand somebody else's code
Hello everyone. Sometimes one needs to dig into someone else's code, understand it and maybe refactor/fix it. So I'm wondering what tools/practices do you use to do that? It's not about any specific language or platform, rather some advises in general. I myself find it very useful to run the code in question under debugger (if it is pos...
How to generate function call graphs for JavaScript?
Are there softwares that can generate graphs that show which functions call which functions? I need to analyze JavaScript source code, a language which Doxygen/Graphviz does not support, though it does support C++ and others. If there are no tools that support JavaScript out-of-the-box, is there a way to convert JS to C++ so I can use ...
Alternatives to CAT.NET for website security analysis
I'm looking for an alternative tool to CAT.NET for performing static security scans on .NET code. Currently the CAT.NET tooling/development is at a somewhat fragile stage and doesn't offer the reliability that I'm looking for. Are there any alternative static code analyzers that you use for detecting security issues? ...
Code analysis comes back with suggestion about not using "out" parameters
I ran the VS 2008 code analysis tool against an object I created and received the following suggestion ... Warning 147 CA1021 : Microsoft.Design : Consider a design that does not require that 'returnValue' be an out parameter. I find "out" parameters rather useful and didn't realize that they were considered as a frowned upon...
Looking for a free source code analyzer (Function depedency tree)
Does anybody know where I can find a utility/application running on Windows that analyses C source and outputs a functional dependency tree? What I'm looking for is something along these lines: PrintString->PrintCharacter->PrintByte->Printf ...
Ignore code analysis rules in Visual Studio
How do I ignore a specific VS code analysis rule (say CA1305 : Microsoft.Globalization) within a: Method? Class? Namespace? (Assuming these options are all possible.) ...
Does anyone use the clang static analyzer for C/objective-C? Is it good or not?
I am aware of a related question where someone mentioned the clang static analyzer but gave no further comments. Most of answers pointed to the lint family which disappointed me from time to time due to the bulk of false positives. I noticed the clang static analyzer when I read XCode release notes. I have tried it and it only produced ...