Codechecker

Latest version: v6.23.1

Safety actively analyzes 638346 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 6 of 13

6.10.0

Backward incompatible CLI change

* CLI run name filter delimiter was changed from ":" to " ".
With this change run names containing ":" can be filtered.
The previous solution prevented to filter run names containing ":". 2113

Analyzer

New Features

* Add support to enable [Z3 refutation](https://docs.google.com/document/d/1-HEblH92VxdxDp04vDKjFa4_ZL9l2oPVLFtQUfLKSOo/).
Use the Z3 theorem prover if Clang is built with it, to cross check the results by Clang Static Analyzer.
The usage of this solver can reduce the false positives produced by the ranged-based solver,
and using refutation should not increase the analysis time a lot. 2091
This feature is enabled by default if available.

* Add support to enable [Z3](https://github.com/Z3Prover/z3) Theorem Prover #2087
Use the Z3 theorem prover if Clang is built with it. In this case the built in range-based constraints
solver will be replaced by Z3 in Clang Static Analyzer.
The performance is worse than the default range-based constraint solver right now.
It can be enabled by the `--z3` flag.

* Give warning if an enabled or disabled checker is missing or there was a typo in the checker name 2215
* Clang warnings can be listed with the `CodeChecker checkers --warnings` 1693
* Add `--trim_path_prefix` option for parser command 2076

Improvements

* Multiple improvements and bug fixes for build environments with ccache 2202, 2126
* Collect compiler information for multiple languages (C/C++) 2193
* If available use lxml library to parse plist files to improve performance 2170
* Skip sources argument when parsing the precompilation options 2072
* Define severity for new checkers 2128, 2132, 2141
* Adding clang8 checker naming related changes 2216
* Try to autodetect mapping tool based on clang version, required for CTU analysis with clang8 and newer 2030
* Improvements to log compilation commands during the build process 2131, 2160, 2139

Web

New Features

* Filtering can be done based on the bug path length on the web UI 2197
* CLI is now able to return the detailed bug path if required 2068
* The diff command prints the summary of the results now 2165
* New documentation and configuration files to create [docker images](https://github.com/Ericsson/codechecker/blob/master/docs/web/docker.md) for easier setup and installation #2038
* New docker image is available on [dockerhub](https://hub.docker.com/r/codechecker/codechecker-web)


Improvements

* Multiple performance improvements to speed up the storage and query of the results 2177, 2175, 2172, 2188, 2169, 2178, 2163, 2135
* Case insensitive LDAP group search and comparison 2073
* Don't allow users to see the results of a product where no permissions were set 2158
* Send back a valid Thrift error response instead of HTTP error codes 2149
* Implicit initial wildcard in search fields for easier search 2134
* Multiple third party dependencies were updated (SQLAlchemy, psycopg2) 2079, 2181

Web API changes

* Create separate API function to get analysis statistics 2182
* Run history limitation was introduced 2177
* getRunData limitation was introduced 2175
* New API function is available to get check command 2172


Other bug fixes and improvements

You can find a more detailed list of changes here: [milestone 6.10](https://github.com/Ericsson/codechecker/milestone/59?closed=1)

6.9.1

New

* Enabling expand-macros feature of clang 1994
- Since clang v8 macros can be expanded in the reports. This feature is enabled by default in CodeChecker
so the reports will always contain macro expansions for better report understanding.
* Specify only a sub string of the checker name for suppression 2019
- Source code review status comments will work with checker name sub strings (useful if a checker is moved between packages)
* New `security` checkers profile 1054
- New `security` profile with multiple security related checkers is available.
Run `CodeChecker checkers --profile security` for the full list of checkers.

Changes
* Added severity levels of yet uncategorized checkers and checker profiles were updated 2034
Default profile:
Added
- alpha.cplusplus.UninitializedObject
- bugprone-copy-constructor-init
- bugprone-terminating-continue
- bugprone-throw-keyword-missing
- bugprone-unused-return-value
- bugprone-virtual-near-miss
- cert-fio38-c
- cplusplus.InnerPointer
- optin.cplusplus.VirtualCall

Sensitive profile:
Added
- alpha.cplusplus.UninitializedObject
- alpha.security.MmapWriteExec
- bugprone-copy-constructor-init
- bugprone-exception-escape
- bugprone-macro-parentheses
- bugprone-terminating-continue
- bugprone-throw-keyword-missing
- bugprone-unused-return-value
- bugprone-virtual-near-miss
- cert-dcl54-cpp
- cert-err09-cpp
- cert-fio38-c
- cert-msc51-cpp
- cplusplus.InnerPointer
- optin.cplusplus.VirtualCall

Extreme profile:
Added
- alpha.cplusplus.UninitializedObject
- alpha.security.MmapWriteExec
- bugprone-copy-constructor-init
- bugprone-exception-escape
- bugprone-macro-parentheses
- bugprone-terminating-continue
- bugprone-throw-keyword-missing
- bugprone-unused-return-value
- bugprone-virtual-near-miss
- cert-dcl54-cpp
- cert-err09-cpp
- cert-fio38-c
- cert-msc51-cpp
- cplusplus.InnerPointer
- cppcoreguidelines-narrowing-conversions
- misc-unused-parameters
- optin.cplusplus.VirtualCall
- optin.performance.Padding
- security.insecureAPI.bcmp
- security.insecureAPI.bcopy
- security.insecureAPI.bzero
- security.insecureAPI.strcpy

You can get more information about the checkers [here](https://clang.llvm.org/docs/analyzer/checkers.html) and [here](https://clang.llvm.org/extra/clang-tidy/checks/list.html).

Improvements

* Show supported analyzers at cmd checkers 2055
* add readthedocs link 2041
* introduce readthedocs 1935
* add docs as a special route 2052
* Gerrit-Jenkins integration is extended 2061
* rename passwords json file in the doc 2035
* add new mkdocs target to build the documentation 2026
* update test documentation 1985
* Resurrect --compiler-info-file analyze flag. 2039
* [userguide] Disable review status change feature 2002
* Travis clang back to 7 2022
* run brew cleanup only in osx in travis 2016
* load only files with ".so" extension as a plugin 2014
* Run python style tests before test target 2010
* Improve web test performance 2004
* Keep clang flags 2003
* Update travis llvm version 1998
* Create pip package from tu-collector 1995
* Pip package from plist-to-html 1993
* Increase performance of the travis jobs 1991
* Add pylint and pycodestyle targets 1952
* Add more test targets to the main Makefile 1951
* Handle cases when plugin directory does not exist 1946
* Use compiler_info.json file in debug scripts 1941
* Give better error message on keyerror at package context 1933
* Extend version file with git information 1931
* Download external dependencies with Makefile 1929
* Add example for CodeChecker cmd diff 1927
* Tool to create new compiler info files from old ones. 1909
* return error in case of wrong checker profile name 2059
* create test case for mixed compilation x dependency file case 2050

plist to html tool improvements

* Improve plist-to-html sort performance 2037
* [plist-to-html] Ordering of reports 1973
* [plist-to-html] Link to index.html 1972
* [plist-to-html] Sort the reports in ascending order by file path 2054
* [plist-to-html] Ordering reports 2028
* collect statistics for plist to html parser 1035

Bug Fixes

* The skipped flags are skipped in case of Clang too 2062
* A compiler doesn't provide an architecture target 2067
* fix missing sys import 2064
* isystem path was set wrong 2060
* fix profile listing on name conflict 2058
* handle character decoding problems (locale mismatch) 1770
* review status is not set 1647
* filter based on detection date without setting the hour value 2048
* detection date filter not set from url 2047
* plist to html index.html sorting problem 2046
* Fix package build 2029
* Yet another logger fix 2027
* Logging does not preserve escaped quotes 2025
* Cleanup database on run remove 2018
* Fix travis missing "then" keyword 2017
* Refactoring docs 2013
* Processing target architecture first in log parser 2008
* Fix run_test target 2006
* Fix default target call 2000
* return an empty string at getting compiler includes 1997
* Fix cleaning venv_dev 1996
* Compile action contains bot compiler and preprocessor flags 1989
* Fix authentication 1988
* fix analyzer_statistics module import 1982
* Introducing --compile-uniqueing parameter 1965
* Fix run_test target 1958
* Fix cleanup target 1950
* Do not store failed files when using 6.9.0 version 1943
* Fix failed source list of analysis statistics 1942
* There is no way to jump to a note, like you can to events 1940
* fix action list length check 1938
* Fix verbosity in build scripts 1936
* CodeChecker log generated json can't handle filenames with spaces 1366
* Incorrection documentation about "cmd login" 1133

Source repository changes

This release contains many bug fixes and a large amount of source code refactoring.
We started the refactoring to split up the source tree to easier manageable pieces.
The work is not fully finished but we are close.
Separating the main parts will allow us to release and develop them independently in the future.

The main new parts of the restructured repository are:

- analyzer (run and configure the supported static analyzers)
- tools/build-logger/ (log compiler invocations during build)
- web (web server and client to store/query and manage the reports)
- tools (independent tools which are used by the analyzer or web)
- plist_to_html
- tu_collector

You can find more details about the new layout here 1830

Refactoring

* Move webserver unit tests under server 1955
* allow to set the base wp dir from env variable for tests 1983
* Allow to set workspace for web tests 1980
* Reduce the number of travis matrices 1975
* Cache downloaded binary osx packages on travis 1966
* Skip generated files from tests projects in gitignore 1959
* use templates to generate html files 2040
* Create commands.json for sub-commands 1932
* Create package directory 1977
* Separate directory for analyzers 1976
* call setup.py only in the target 2015
* Refactoring web docs 2024
* Revert back package build scripts to py2 1945
* remove py3 incompatible uppercase conversion 1923
* python3 compatible exception cleanup 1922
* Build the package before running functional tests 1954
* cleanup make targets with/without virtualenv 2007
* merge dev and test virtual environments 2005
* Refactoring CONTRIBUTING.md file after split up 2011
* Use Makefile to build CodeChecker package 1937
* Refactoring generated CodeChecker dependency 1990
* Refactoring plist to html 1986
* Refactoring config files 1979
* Add targets to build analyzer and web separately 1974
* Rename libcodechecker to codechecker_common 1968
* Remove .noserc from root 1967
* Split up source repository 1964
* Split up refactoring 1963
* Fix CodeChecker version after split up 1962
* Get analyzer_statistics module from analyzer 1961
* Move some files to webserver common 1960
* Split up docs 1956
* Create separate contexts for analyzer and server 1953
* Split up server/client handling parts 1944
* Split up analyzer handling part 1939
* Remove psycopg2 from analyzer requirements 1999
* Prepare split up 1921
* finish logging cleanup 1911
* fix pylint old-style class warnings 1917
* py3 fix iterator protocol (next method change) 1926
* fix dict.items referenced when not iterating py3 1925
* fix dict item was referenced when not iterating py3 1928
* Move analyzer specific test projects under analyzer 1947
* Move server related test projects under server 1948

6.9.0

New Features

* New "OFF" and "UNAVAILABLE" detection statuses were introduced 1850
Mark a report "OFF" in case the checker is available but it was turned off in a later analysis.
Mark a report "UNAVAILABLE" in case the checker was removed or renamed between different analyzer releases.
They influence the analysis statistics numbers, see the documentation for further details
([diff calculation](https://github.com/Ericsson/codechecker/blob/6d8cfe211d84a70ad2a0bd48205684d23cfad3fb/docs/usage.md#how-diffs-between-runs-are-calculated-))
* Disable review status change on the WEB UI 1825
Review status changed for a product can be disabled by a product admin.
* Improved logging for build systems using ccache 1864
* Filter by detection date in command line 1899
* CallAndMessageUnInitRefArg was removed from extreme profile 1897
* Add run name filter to Codechecker cmd runs command 1849
* Report uniqueing arguments in command line 1877
* Handle compile errors and analyzer crash separately 1829
* New documentation about report identification 1831
* Add left/right arrow to the bug steps in the webui 1813
* Add extra analyzer flag if the iterator checkers are enabled 1833
* Highlight selected event in the generated html report 1893
* Announcement banner. 1861

Improvements

* Log optimization 1886
* Do not convert notes to events 1882
* Edit doxygen main page and add images 1884
* Ignore encoding errors 1852
* Warning when upgrading SQLite database 1858
* Update architecture overview 1880
* Correct way to convert clang-tidy .rst to .md correctly rendered by CodeChecker 1857
* Show link to the ClangTidy site for ClangTidy checks in "Show Docs" 1848
* Remove unused analyze arguments from User Guide. 1891
* NFC: just sort checker names 1847
* Add bugprone-parent-virtual-call check for clang-tidy v7+ 1843
* Set user name in the HTTP response header 1828
* Unnecessary signal handling in performance test. 1826
* Write more info logs at the server 1824
* Print statistics on signal 1823
* ugrade boost before thrift install 1821
* Freeze test requirements and move requirements.txt 1820
* New dockerfiles for test environments 1819
* Source venv before pycodestyle 1817
* Upgrade test environment for clang7 1816
* Initial mkdocs support 1812
* Documentation cleanup 1811
* Bump up version to 6.9.0 1809
* Constructing config handler is the analyzer classes' responsibility 1788
* Modify curl arguments for 3pp downloads 1718
* Review sql queries 1700
* Contradiction expensive to evaluate 864
* Refactoring fail zip 1772
* Add stats collector hook 1872
* Option parser refactoring 1814
* Make ImplicitCompilerInfo's methods static. 1892
* Reformat usage guide for mkdocs 1832
* Add tooltips to detection status filter items 1907

Bug Fixes

* Add __clang_analayzer__ macro to CTU pre analysis 1865
* Fix --timeout as clang-sa spawned child processes are not killed now 1844
* Tash files are created in cwd by --stats-collect 1881
* Whitespace escaping in source path 1871
* Fix HTML converter layout file default path 1894
* Fix PlistToHTML bug path arrows 1889
* Fix escaping in command line arguments 1888
* Fix: macros are under diagnosics instead of path 1887
* Test OSX Travis 1873
* Fix default value of Boolean column at migration 1869
* Option parser refactoring broke osx tests 1868
* Combobox with False-positive/Intended/... is not shown on last revision 1863
* Update postgresql in osx travis ci 1856
* Fix running psql test cases 1846
* Fix source code comment unicode error 1845
* [CTU] Compiler default C++ dialect is not added when generating the PCH files 1838
* Fix documentation (markdown syntax and typo) 1810
* When many products are added (>30) the product list page takes ~6s to load 1730
* If the json file is incorrect formatted, show the impacted file 1665
* Fix typo 1896
* Fix slow boost build in travis 1822
* Fix command line help message 1854
* Small fixes found by PyCharm's static analysis 1837
* Upload compiler_info.json 1900
* Fix storage of analysis statistics test 1901
* Store statistics if it contains failed zips 1902
* Small log parser fixes. 1903
* Enable statistics checkers before workers 1905
* Fix password request for cmd 1910
* Fix missing space in warning message 1912
* Add missing future imports 1913

6.8.1

Improvements

* Select hash generation method 1801
Analyzer report hash generation algorithm can be selected in the command line
* Add dates to the run tag list at report filter 1781
* New documentation for Gerrit-Jenkins integration 1746
* Don't parse command line options for skipped files. 1790
* Improve option_parser.py::arg_check to reduce number of regexps compiled 1789
* Log invalid LDAP credentials as warnings 1787
* Preserve -nostdinc++ in command line, the same as for -nostdinc 1779
* Slightly cleaner handling of constructing analyzers 1774
* Option to do database migration without user interaction 1769
* Print out which product is garbage collected 1767
* Online server configuration file reload 1766
* Handle SIGTERM to stop the server running. 1762
* Remove trivial properties. Rename some files. 1759
* Add missing python requirement. 1756
* Add logo files 1750
* Skip '-Xclang <opt>' at argument parsing 1744
* Add .editorconfig file 1697

Bug Fixes

* GUI Bug bug path numbering 1806
* `--force` argument for store does not work 1802
* Hash generation failed because of decoding error 1800
* Bug fix: if there is an issue present, parse_output_parser.py 1799
* Multiple configuration option for the same checker 1791
* Check that the given product exist at server 1786
* Fix long line 1785
* Fix exception message printing at server 1784
* Break long lines at cmd analyze and check commands 1783
* Convert relative include paths to absolute 1782
* Fix scrolling at Bug List data grid 1780
* Add missing images to user guide 1776
* Remove lock file at the end of logging 1773
* Fix profileit function 1768
* Fix storing check command 1764
* Fix instance manager file lock 1763
* Fix plist to html parser 1758
* Fix non breakable space character 1754
* Slugify run name when storing analysis statistics 1753
* Fix plist to html converter missing severity 1751
* Fix run tab change 1748
* Increase performance of loading products 1740
* `check` command's -c flag should remove the report directory 1646
* Fix SQL query 1808

6.8

1711 Removing run reports in chunks Kind: Bugfix Target: Server
1710 Add new checker profile: portability
1708 Fix JavaScript old browser compatibility
1707 Fix long line in failure_lib.py
1706 Update web userguide
1705 Fixed Spelling.
1703 add checker and analyzer configuration documentation
1702 Fix checker name filter Kind: Bugfix Target: WebGUI
1701 Pass severity map dictionary instead of the file
1699 Encode html entities in PlistToHtml parser
1695 Handle invalid json files Kind: Bugfix
1694 increase scan-build version for osx install
1690 Fix confirmed bug icon at Checker statistics page
1689 restructure python requirements files
1685 Fasten tests Kind: Bugfix
1682 Extend filter text input field hint with example
1681 Set default severity level for compiler warnings
1680 Enable -Wall and -Wextra warnings by default
1679 Multiline messages are displayed properly
1678 Set default filter values at Checker statistics
1677 Fix CTU test
1676 Fix utf8 error at diff when generating html output
1675 Filter reports by report hash at the command line
1672 Ignore target dependent -mabi compiler option.
1670 Call getSeverityCounts correctly
1669 Fix compiler warning test cases
1668 sysroot parameter can be given multiple ways
1667 Update group field of the users tokens on login
1664 Filter results by report hash on the GUI Kind: Enhancement Target: WebGUI
1663 Plist to html browser support
add .envrc to gitignore Kind: Usability
1662 add .envrc to gitignore Kind: Usability
1660 Allow more product endpoint names to be valid Kind: Enhancement Target: Server
1658 Fix tidy output converter
1657 rename compile log file name in the bitbake example
1655 Set file path after items are added to bug tree
1650 Use valid license name
1648 Summarize results for source files at parse cmd
1645 Add statistics checkers' flags to CodeChecker check sub-command
1644 Minor fix in documentation
1641 Fix non existing report in the GUI
1640 Distinguish BuildAction objects on original build command

6.8.0

New features


Command line features

* 1635 **Comparison of report directories from the command line (without database)**
Example: ``CodeChecker cmd diff -b /path/to/report_dir_base -n /path/to/report_dir_new --new``

Analysis Related features

* 1654 **Fine grain control of warnings**
It will be possible to enable/disable clang warnings one-by-one. Example: CodeChecker analyze
/path/to/build.log -o /path/to/output/dir --enable Wunused --disable Wno-unused-parameter
Allow to set Clang Static Analyzer and Tidy checker options from CodeChecker command line See ticket (2018-Q3)

* 1703 **Analyzer Configuration** It is supported to set all clang-tidy and clang static analyzer parameters such as -analyzer-inline-max-stack-depth, - analyzer-max-loop through configuration files. For details see pull request.

* 1728 **Configuration of Statistical Checkers**
It will be possible to configure the significanceRatio and the minimumSampleCount for the statistical checkers:
alpha.ericsson.statisticsbased.SpecialReturnValue, alpha.ericsson.statisticsbased.UncheckedReturnValue. See issue.

* 1720 **Default C/C++ standard auto-detection**
Detect automatically which C/C++ standard was used for compilation by gcc and pass the relevant option to Clang (e.g. -std=c++11) . See issue.

Web UI features

* 1675 **Filter reports by report hash**
It will be possible to filter findings on the WEB GUI and command line based on bug hash. For details see pull request.

* 1686 **Filters for the checker statics page in WEB UI**
Extended filters will be added to the statistics page. For details see pull request.
Possibility to delete reports based on filters in the WEB UI

* 1624 **Management (edit/add/delete) source code component definitions in the WEB UI**

* 1721 **Upload Analyzer Statistics to the central server**
For each analysis run, the following statistics is collected and uploaded to the central server and shown for all runs (and also in the run history): files that were successfully analyzed or analyze with failiure, CodeChecker version used for analysis, clang version used for analysis.

Bug Fixes

1737 handle missing documentation file
1736 Increase API version
1735 fine tune error logs
1734 Renaming statistical test file to cpp
1733 Fixing exception when shutting down server process
1732 Making the test server start synchronous
1731 Fixing the make file
1728 New configuration options for statistical counting
1727 Hide Remove filtered reports button
1726 Fix some JS and python alerts
1723 calculate bug path length at store (schema change)
1722 Zombie processes remain on analysis interruption
1719 Query reports only when shown.
1717 improve error handling for packaging
1716 update dojotoolkit link for download
1715 change component filtering behavior
1714 Introducing clang-tidy config options file on the command line interface.
1713 Print statistics at the end of parse command

Page 6 of 13

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.