v6.18.2
🐛 Analyze fixes
- Fix skipping reports (#3559).
When a skip list was set, not only those reports were skipped that were included in the skipped files, but also those that had a bug path traversing a skipped file. This resulted in disappeared findings. - Fix static HTML report files (#3570).
It was not always possible to navigate in the static HTML files, when the bug path traversed multiple files. - Remove
bugprone-easily-swappable-parameters
fromsensitive
profile (#3579).
The checker warns for a bugprone coding style at function definitions. It is mostly useful for new code, where new functions are being defined. On the other hand, the checker required too many changes in legacy projects with non-matching coding style.
💻 CLI / Server fixes
- Fix suppressing bug on the server (#3563).
When the report was in multiple lines, the source code comments in the code were not taken into consideration. - Fix source line / file for remote reports (#3568).
An exception was thrown atCodeChecker cmd diff
when path trimming was used in the stored results. - Fix storage of control points (#3576).
Not all of the control points were stored to the server, because the plist format what the report converter produced and the plist parser expected was invalid. This way when an analyzer result file was stored to the server, bug path arrows were missing from the GUI. - Escape values for v-html attributes (#3549).
We are usingv-html
attribute on the UI side to dinamically rendering comments and analyzer commands. This can be very dangerous because it can easily lead to XSS vulnerabilities. To solve this problem the server will always return the escaped version of these values which can be safely rendered on the UI. - Fix link in gerrit output (#3572).
IfCC_REPORT_URL
is defined andgerrit
format is used atCodeChecker parse
orCodeChecker cmd diff
commands, the output will contain the value of this environment variable wrapped inside quotes. When this output is sent to gerrit, it will convert URL links to HTMLa
tags. Unfortunately gerrit will think that the ending quote is part of the URL, so it will not remove it. This way the URL will be invalid. - Change permission of stored analysis failure files (#3574).
Change permission of the stored analysis failure zip files so only the current user/group will have access to this file.
For more information check the milestone.