Codechecker

CodeChecker failed to build on Ubuntu 22.04 in its previous release because of two issues: some of our dependencies broke with the release of python3.9, and we didn't support GNU Make-s new way of creating build jobs. These issues are all fixed now, so CodeChecker should work with the latest version of python and GNU Make!




:bug: Analyzer improvements
* Ignore some gcc flags (`-fno-lifetime-dse`3913, `-Wno-error`, `-fprofile` 3937, 3941)
* We do these kinds of patches reguarly when a gcc flag is not supported by our main analyzer, clang.
* Disable cppcheck-preprocessorErrorDirective explicitly 3902
* Cppcheck analyzer results compilation errors due to less granular configuration of the build environment. This results too many false-positive reports, so this checker is disabled by default.
* Fix exception in Spotbugs report-converter (`report-converter` crashed when `SourceLine` has no `source_path` attribute) 3917
* Fix crash when an assembler command is analyzed 3914
* Logger-related changes
* Recognize and capture `linux_spawn` alongside `exec*` calls in the logger 3930
* Use absolute path to `logger.so` in `LD_PRELOAD` 3919
* CodeChecker logger is using the `LD_PRELOAD` environment variable where `ldlogger.so` was set with a relative path. Due to the relative path `LD_LIBRARY_PATH` has to be set too. However, this latter environment variable is overridden by the build systems many times. So CodeChecker uses an absolute path in `LD_PRELOAD` and eliminates the usage of `LD_LIBRARY_PATH`.
* Adapt to new clang-tidy checker options format. 3934
* Enable multiple inputs for report-converter 3897
* Introduce sanitizer checker names 3904
* Exclude dynamic parts of checker message in hash generation 3927
* Analysis shouldn't fail on non-existing directory 3943
* report-converter: Parse all leaks reported by LeakSanitizer 3750

:computer: CLI/Server improvements
* [fix][server] Fix webapp crash when using component filter 3887
* [bugfix] Fix the zombie process issue 3895
* 6.22.1 highlights 3888
* [GUI] Add a tooltip about Diff 3890
* [cmd] Warning message on no run delete. 3915
* [GUI] Pop the call stack when the message starts with "Returning;" 3948
* Fix local local diff src code suppression 3944

:deciduous_tree: Environment
* [test] Get rid of mockldap 3894
* [req] Upgrade `lxml` to `4.9.2` 3896
* [fix] One more attempt to fix gui tests 3911
* Bump GitPython version 3841
* [ci] Remove pypi actions from pullrequest and push events. 3912
* Update Snapstore publish action 3891
* [fix] Fix newly surfaced gui test error during cleanup plan testing 3920
* [test][NFC] Change from nose to pytest (analyzer library) 3926
* [test][NFC] Change from nose to pytest (tools library) 3931
* [test][NFC] Change from nose to pytest (web library) 3932
* [test][NFC] Remove every remaining trace of nose in favor of pytest 3933
* [env] Upgrade PyYAML to version 6.0 3942
* [test] Allow additional pytest args to be given through make targets 3935

:book: Documentation updates
* [config] Additional clang-diagnostic documentations 3922

:hammer: Other
* [doc] Make every second release highlight green 3882
* [version] Bump up to version 6.23.0 3893
* Makefile: package_gerrit_skiplist should depend on package_dir_structure 3901
* [NFC] Factor args out of the diff logic for unit tests 3863
* [refactor] Reducing analyzer config handler 3824
* [test] Add missing tests for cmdline diffing, and display a bug for tag diffs 3868
* Error message: Add a missing space 3953
* Fix a Pylint false positive with python3.9 or later 3925

**Full Changelog**: https://github.com/Ericsson/codechecker/compare/v6.22.0...v6.22.2

This release fixes a bug about permission settings:
- [fix] Get product configuration with view permission 4375
Users with admin rights couldn't get product configuration page for changing product configuration or setting user permissions.

This release fixes an authentication issue:


* CodeChecker authentication fixed 4369
Version 6.24.2 introduced the `super_user` field in the `server_config.json`.
If this field was missing from the config file, the authentication did not work for any user.

This release contains security vulerability fixes.
**It is highly recommended to upgrade to this as soon as possible.**

1) [fix] Removing the root user creation 3bb2cbf61c868ef34a1cb180a56d0b83f54074d4
**Backward incompatible change**: The built-in root user generated at CodeChecker server start with
`CodeChecker --reset-root ... ` has been disabled.
Instead, the user can give `SUPER_USER` permission to an existing user in the `server_config.json`
For further details, see https://github.com/Ericsson/codechecker/blob/master/docs/web/user_guide.md#initial-super-user

2) Fix the endpoint parsing issue 8953b30f6d17597635ec59bb943683aacb216619
CodeChecker web server has accepted some invalid URLs. The URL parsing has been hardened.

:star2: Highlights

Standard library handling change
GCC has implicit include paths that are forwarded to Clang. Until now these paths were added with `-isystem` flag, but sometimes the priority of this is too high: https://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html The implicit include paths should be searched the last, so `-isystem` has been changed to `-idirafter`.
In case of potential backward compatibility break `--add-gcc-include-dirs-with-isystem` has been introduced for "CodeChecker analyze" command which reverts this change.

`ld_logger` environment change
`CodeChecker log` command uses the `LD_PRELOAD` environment variable for collecting the build commands. This environment variable relies on `LD_LIBRARY_PATH` which tells where to find the `.so` file set in `LD_PRELOAD`. Some build systems overwrite the value of `LD_LIBRARY_PATH` and for this reason CodeChecker fails to collect build commands. A solution to this problem was to fill `LD_PRELOAD` with an absolute path. However, this solution doesn't work when the analyzed project is built for multiple target architectures (e.g 32 and 64 bits), since CodeChecker sets a single absolute path based on the host architecture.
If the project's build system is resetting `LD_LIBRARY_PATH`, then the workaround solution is to extend `LD_LIBRARY_PATH` with the proper `ldlogger.so` file: For further details consult [this](https://github.com/Ericsson/codechecker/blob/master/docs/analyzer/user_guide.md#log) documentation.

Enable checkers by group prefix
Checkers can be enabled by providing a group prefix. For example, `cplusplus.NewDeleteLeaks` can be enabled by `--enable cplusplus`. The problem was that checkers are enabled by any name prefix, so this former checker is also enabled by `cplusplus.NewDelete` which is not an intended behavior. This release fixes this issue.
Also, it was possible to enable checkers by suffix (e.g. `--enable NewDeleteLeaks`). As of this release, the suffix matching is not checked either.

:computer: CLI/Server improvements
* [fix] Don't reset PATH in Cppcheck plugin 4320
* [feat] Implicit include paths added with -idirafter 4315
* Revert "[analyzer] Use absolute path to logger.so in LD_PRELOAD" 4314
* [cmd] Checker name prefixes are meant along separator characters 4311
* Analyzer binary dependent environment 4305
* [fix] Support joker characters at annotation filter 4306
* [Fix] Report sorting in unique mode 4294
* [fix] Don't enable checkers by suffix 4307
* [fix] Minor fixing for statistics tabs 4304
* [fix] Error when debug logging skipped actions 4301
* [fix] Don't capture cc1 by the logger. 4300
* Add -mmitigate-rop to ignored options 4295
* [analyzer] Ignore -fno-printf-return-value 4329
* [fix] Disable clang-diagnostic-error checker 4325
* [fix] Missing analyzer error 4330
* [fix] Forwarding --ctu-ast-mode to analyze command 4341
* Environment initialization for binaries 4337

:deciduous_tree: Environment
* [cfg] Add setuptools as a dependency 4285
* Deprecate distutils 4286
* Bump urllib3 from 2.2.1 to 2.2.2 in /scripts/labels/label_tool 4290
* [cfg] Upgrade to pylint 3.2.4 4279
* [analyzer] Adds -fno-freestanding to ignored GCC compiler flags 4281
* [cfg] Upgrade pycodestyle to 2.12.0 4264
* [cfg] Upgrade lxml version 4262

:hammer: Other
* [test] The assertDictContainsSubset() is depreceted and removed 4322
* [fix] fix compare_results.py sciprt 4319
* [script] Script for querying all reports 4245
* [cmd] Display warning instead of debug log for missing diagtool 4342

:star2: Highlights
Listing of Enabled/Disabled Checkers in the WEB UI per run
CodeChecker provides a new view in the "Analysis information tab" which lists all checkers that were enabled during analysis.


* feat(server): Store information about available checkers to the database by whisperity in https://github.com/Ericsson/codechecker/pull/4089

New Checker Coverage Statistics view with coding guideline references

CodeChecker provides a new view to display all enabled checkers for a set of selected runs. Additionally, it also lists all guideline rules related to the given checker. For example, you can verify whether your code has any SEI Cert coding guideline violation.

The new table lists all checkers that were enabled in a set of selected analysis runs, shows the number of outstanding reports and the number of closed reports per enabled checker and the related coding guideline rules.

**How is this new view different compared to the existing "Checker Statistics View"?**
The Checker Statistics View only displays checkers that produced reports for the selected runs.
This new view additionally lists all checkers that were **enabled** in the last analysis for the selected runs.


* [GUI] New "Checker Coverage" statistics tab to show all enabled checkers and … by cservakt in https://github.com/Ericsson/codechecker/pull/4210

Faster run storage

Thanks to a new optimization, the run storage duration can be up to 50% faster.

* [store] Unique reports _before_ storing by Szelethus in https://github.com/Ericsson/codechecker/pull/4152

New Static HTML Report Pages
* [cmd] Restructure static HTML generation so it can handle much larger result set. 4168
* [feat] Display dynamic analysis generated testcase and timestamp columns in static HTML 4172

New report filter to list closed and outstanding reports
A new filter has been added to list **outstanding** and **closed** reports. An **outstanding** report is a report with detection status **new**, **reopened**, **unresolved** with review status **unreviewed** or **confirmed**.
* Showing closed reports by cservakt in https://github.com/Ericsson/codechecker/pull/4244


Web GUI improvements

* [fix] Fixing OFF and UNAVAILABLE detectionStatus in the report sidebar by cservakt in https://github.com/Ericsson/codechecker/pull/4127
* feat(gui): Checker status auditing by whisperity in https://github.com/Ericsson/codechecker/pull/4156
* test(gui): Add front-end test for checked status in AnalysisInfo dialog by whisperity in https://github.com/Ericsson/codechecker/pull/4202
* Showing closed reports by cservakt in https://github.com/Ericsson/codechecker/pull/4244

:exclamation: Backward incompatible changes

None

:bug: Analyzer improvements

* [analyzer] Ignore `-fno-tree-dominator-opts` by bo-dani in https://github.com/Ericsson/codechecker/pull/4141
* [fix] Cppcheck premium version check by bruntib in https://github.com/Ericsson/codechecker/pull/4155
* [gcc] Don't emit a missing gcc warning if no checkers are enabled by Szelethus in https://github.com/Ericsson/codechecker/pull/4179
* [fix] --cppcheckargs should be present in "CodeChecker check" by bruntib in https://github.com/Ericsson/codechecker/pull/4178
* [gcc][GUI] Fix indentations for gcc fn calls bug reports by Szelethus in https://github.com/Ericsson/codechecker/pull/4182
* Add functionality to validate analyzer and checker options by noraz31 in https://github.com/Ericsson/codechecker/pull/4204
* Fix a bug in 3866 where check didn't respect --no-missing-checker-error by Szelethus in https://github.com/Ericsson/codechecker/pull/4217
* Display warning if the compilation database is empty by noraz31 in https://github.com/Ericsson/codechecker/pull/4226
* Do not allow parse if the <report dir> does not exist by noraz31 in https://github.com/Ericsson/codechecker/pull/4212
* [fix] Pass `envp` to `posix_spawn` in `ld_logger` by bruntib in https://github.com/Ericsson/codechecker/pull/4146
* [analyze] Removing long enabled checker list at info log level by dkrupp in https://github.com/Ericsson/codechecker/pull/4103

:computer: CLI/Server improvements
* Fix debug logging in store by vodorok in https://github.com/Ericsson/codechecker/pull/4134
* Fix remote server path resolution by vodorok in https://github.com/Ericsson/codechecker/pull/4131
* [report-converter][fix] Don't crash when we can't find the checker name for ubsan by Szelethus in https://github.com/Ericsson/codechecker/pull/4143
* Fix typo 'vesion' in sarif conversion template by SirMutantRat in https://github.com/Ericsson/codechecker/pull/4140
* [report-converter] Allow for empty strings in sanitizer error msgs by Szelethus in https://github.com/Ericsson/codechecker/pull/4147
* [fix] Eliminate unnecessary error logging by bruntib in https://github.com/Ericsson/codechecker/pull/4162
* Fix impossible blame info collection by vodorok in https://github.com/Ericsson/codechecker/pull/4190
* fix(migration): Migrate reports with appropriate default checker ID by whisperity in https://github.com/Ericsson/codechecker/pull/4191
* fix(migration): Do not emit log output for `checker_id` normalisation by whisperity in https://github.com/Ericsson/codechecker/pull/4198
* feat(server): Multiprocess migration and db_cleanup 4175
* [fix] Prevent overlapping report groups 4215
* [fix] Replace UTF-8 dash characters 4216
* [cmd] Check for non-existing source components by bruntib in https://github.com/Ericsson/codechecker/pull/4203
* Fix a crash where config handlers were built with missing binaries by Szelethus in https://github.com/Ericsson/codechecker/pull/4241
* [fix] Creating new temporary directory for zip files by cservakt in https://github.com/Ericsson/codechecker/pull/4237
* [db] Faster query for comment garbage collection by bruntib in https://github.com/Ericsson/codechecker/pull/4254
* [fix] Use module uuid instead of tempfile by bruntib in https://github.com/Ericsson/codechecker/pull/4253
* [cmd] Add --anywhere-on-report-path flag to CLI by bruntib in https://github.com/Ericsson/codechecker/pull/4255
* Support relative paths in the --file option by noraz31 in https://github.com/Ericsson/codechecker/pull/4250
* [Fix] Drop foreign key constraints for faster analysis info deleting by cservakt in https://github.com/Ericsson/codechecker/pull/4259


:deciduous_tree: Environment
* Adding OpenSSF Scorecard badge to README by gkunz in https://github.com/Ericsson/codechecker/pull/4164

:book: Documentation updates
* [doc] Fix documentation URL in highlights page by bruntib in https://github.com/Ericsson/codechecker/pull/4136
* [docs] Rewrite the docs for diff by Szelethus in https://github.com/Ericsson/codechecker/pull/4006
* chore(docs): Remove mentions of Python 2 and ancient Clang limitations from the README by whisperity in https://github.com/Ericsson/codechecker/pull/4174
* Update usage.md: fix typo by ArnaudBienner in https://github.com/Ericsson/codechecker/pull/4153
* Fix Broken Links In Documentation by justindhillon in https://github.com/Ericsson/codechecker/pull/4159
* Fix typos by omahs in https://github.com/Ericsson/codechecker/pull/4173
* additional guidance for silicon mac users by feyruzb in https://github.com/Ericsson/codechecker/pull/4188
* chore(config): [clangsa][clang-tidy] Fix dead `doc_url`s in checker labels by whisperity in https://github.com/Ericsson/codechecker/pull/4214
* [config] Label Clang 18.0-19.trunk SA & Tidy checkers by sylvestre in https://github.com/Ericsson/codechecker/pull/4193
* [fix] Links in static HTML files should be relative by bruntib in https://github.com/Ericsson/codechecker/pull/4236
* feat(script): Verify the existence of checker config `doc_url` pages and find appropriate older releases for gone (removed, dealpha, etc.) checkers by whisperity in https://github.com/Ericsson/codechecker/pull/4207


:hammer: Other
* Bump version to 6.24.0 by vodorok in https://github.com/Ericsson/codechecker/pull/4126
* Bump follow-redirects from 1.15.3 to 1.15.4 in /web/server/vue-cli by dependabot in https://github.com/Ericsson/codechecker/pull/4151
* Bump gitpython from 3.1.37 to 3.1.41 in /web by dependabot in https://github.com/Ericsson/codechecker/pull/4150
* [fix] Fixing getReportAnnotations subquery by cservakt in https://github.com/Ericsson/codechecker/pull/4229
* chore(ci): Disable failing and dangerous PyPI publishing job by whisperity in https://github.com/Ericsson/codechecker/pull/4231
* Updating clangsa sei cert mapping for clang 18 by dkrupp in https://github.com/Ericsson/codechecker/pull/4239
* chore(config): Add automatically generated `doc_url`s and `severity`s by whisperity in https://github.com/Ericsson/codechecker/pull/4224
* chore(config): [clang-tidy] Update SEI-CERT Guideline mappings by whisperity in https://github.com/Ericsson/codechecker/pull/4235
* [config] Adding sei-cert rule mappings for clang diagnostics by dkrupp in https://github.com/Ericsson/codechecker/pull/4243
* Always pass absolute paths to skip handler by vodorok in https://github.com/Ericsson/codechecker/pull/4227
* [config] Minor updates of the clangsa, clang-tidy profiles by dkrupp in https://github.com/Ericsson/codechecker/pull/4246
* Make sure that the Number of runs is displayed correctly by noraz31 in https://github.com/Ericsson/codechecker/pull/4242
* [fix] Store temp .plist files in report dir during store by bruntib in https://github.com/Ericsson/codechecker/pull/4248
* [feature] Adding guideline label to Checker Coverage tab by cservakt in https://github.com/Ericsson/codechecker/pull/4247


-------------------------------------------

New Contributors
* SirMutantRat made their first contribution in https://github.com/Ericsson/codechecker/pull/4140
* bo-dani made their first contribution in https://github.com/Ericsson/codechecker/pull/4141
* justindhillon made their first contribution in https://github.com/Ericsson/codechecker/pull/4159
* omahs made their first contribution in https://github.com/Ericsson/codechecker/pull/4173
* feyruzb made their first contribution in https://github.com/Ericsson/codechecker/pull/4188
* noraz31 made their first contribution in https://github.com/Ericsson/codechecker/pull/4204

**Full Changelog**: https://github.com/Ericsson/codechecker/compare/v6.23.1...6.24.0