OWASP, vulnerabilities, and taint analysis in PVS-Studio for C#. Stir, but don’t shake

We continue to develop PVS-Studio as a SAST solution. Thus, one of our major goals is expanding OWASP coverage. You might ask, what’s the use when there’s no taint analysis? That’s exactly what we thought – and decided to implement taint analysis in the C# analyzer. Curious about what we accomplished? Read on!

Note. This article briefly touches upon the topics of SQL injections and working with SQL in C#. This theory serves as context. For in-depth information on these topics, do additional research.

Continue reading

How to choose a static analysis tool

Tools to improve and control code quality can be a keyΒ success factor in a complex software project implementation. Static analyzers belong to such tools. Nowadays, you can find various static analyzers: from free open-source to cross-functional commercial solutions. On the one hand, it’s great – you can choose from many options. On the other hand – you have to perform advanced research to find the right tool for your team.

Continue reading

Protocol Buffers, a brutal protocol from Google, vs. PVS-Studio, a static code analyzer

Protocol Buffers is a very popular, cool, and high-quality product that is mostly developed by Google. This is a good challenge for the PVS-Studio static code analyzer. Finding at least something is already an achievement. Let’s give it a shot.

Continue reading

Using Static Analysis Online [Compiler Explorer]

Do you want to try a static analyzer but you don’t feel like installing it and figuring the things out? That’s OK 😊

This video will tell you how to do it online and most importantly for free. By the way, this website allows you to check if your code compiles πŸ˜‰

Code from video.

Have fun watching this video and coding πŸ™‚

Optimization of .NET applications: a big result of small edits

Today we’re going to discuss how small optimizations in the right places of the application can improve its performance. Imagine: we remove the creation of an extra iterator in one place, get rid of boxing in the other. As a result, we get drastic improvements because of such small edits.

Continue reading

VSCode: how to view reports of static analyzers that support SARIF

People increasingly start optimizing the process of finding code errors using static analyzers. Nowadays, we can choose from a variety of products to view analysis results. This post covers the ways how to view an analyzer report in the most stylish and feature-rich IDE among multifunctional ones – VSCode. The SARIF format and a special plugin for it allow us to perform our task. Keep reading to find out about this. Let’s get going!

Continue reading

How to Use Mass Suppression in PVS-Studio for C#?

Have you just run the analyzer and now you have no idea what to do with all this abundance of warnings? πŸ“œ Nothing to worry about – we made a special mechanism that can help you deal with them πŸ’ͺ🏻

In this video, you’ll learn about the inner workings of mass warnings suppression mechanism in PVS-Studio for Π‘#. If you’re interested in other programming language, follow the links bellow πŸ™‚

Mass Suppression in PVS-Studio for C++

Mass Suppression in PVS-Studio for Java

Conclusion Have fun watching this video and coding πŸ™‚

A beautiful error in the implementation of the string concatenation function

We, the PVS-Studio static code analyzer developers, have a peculiar view on beauty. On the beauty of bugs. We like to find grace in errors, examine them, try to guess how they appeared. Today we have an interesting case when the concepts of length and size got mixed up in the code.

Continue reading