google / simplecfg Goto Github PK
View Code? Open in Web Editor NEWSimple CFG module for ExtendJ
License: Apache License 2.0
Simple CFG module for ExtendJ
License: Apache License 2.0
The ExtendJ analyzer image for Shipshape integration should be published, for example on DockerHub.
This case produces a false positive:
if (x == null && y == null) {
return null;
}
// If x is null then y is not null
z = (x != null) ? x.m() : y.m(); // false positive for y.m()
The latest release is 8.0.1 at commit 18624dc from 2015-10-20.
The current version is 7.1.1 at 1853c30 from 2015-07-31.
The Nullable Dereference analyzer currently does not handle the case when a null check is performed by passing the result of the null check to a function that aborts execution if the checked parameter was null, for example:
void m(@Nullable String argument) {
ensureTrue(argument != null); // Throws exception if argument == null.
argument.hashCode(); // False positive generated here.
}
To be able to exactly analyze the above an intraprocedural analysis would be required, so to avoid this false positive the analyzer could just stop analyzing the rest of the control flow after it sees the parameter inside an expression that is passed ot a method.
This test case fails:
int f(@nullable String p) {
if (false == (p != null)) {
return 0;
}
return p.size();
}
Example:
void m(@nullable String p, boolean b) {
if (p != null & b) p.size();
}
See comments in #2
ExtendJ has been refactored and many many bugfixes were added since the version currently used by SimpleCFG. It would be good to update to the latest version of ExtendJ, since it is now more stable and less buggy.
This issue was automatically created by Allstar.
Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code
Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.
Remediation Steps
To remediate, remove the generated executable artifacts from the repository.
Artifacts Found
Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.
Allstar has been installed on all Google managed GitHub orgs. Policies are gradually being rolled out and enforced by the GOSST and OSPO teams. Learn more at http://go/allstar
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
The analyzer can't handle the case where there is an indirect null check of a field and then a dereferencing of that field.
For instance:
protected Object obj;
void m() {
...
if (test()) {
obj.m();
}
...
}
boolean test() {
return obj != null;
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.