Skip to content

v6.18.2
Compare
Choose a tag to compare
@csordasmarton csordasmarton released this 14 Jan 14:31
v6.18.2
992d274

馃悰 Analyze fixes

  • Fix skipping reports (#3559).
    When a skip list was set, not only those reports were skipped that were included in the skipped files, but also those that had a bug path traversing a skipped file. This resulted in disappeared findings.
  • Fix static HTML report files (#3570).
    It was not always possible to navigate in the static HTML files, when the bug path traversed multiple files.
  • Remove bugprone-easily-swappable-parameters from sensitive profile (#3579).
    The checker warns for a bugprone coding style at function definitions. It is mostly useful for new code, where new functions are being defined. On the other hand, the checker required too many changes in legacy projects with non-matching coding style.

馃捇 CLI / Server fixes

  • Fix suppressing bug on the server (#3563).
    When the report was in multiple lines, the source code comments in the code were not taken into consideration.
  • Fix source line / file for remote reports (#3568).
    An exception was thrown at CodeChecker cmd diff when path trimming was used in the stored results.
  • Fix storage of control points (#3576).
    Not all of the control points were stored to the server, because the plist format what the report converter produced and the plist parser expected was invalid. This way when an analyzer result file was stored to the server, bug path arrows were missing from the GUI.
  • Escape values for v-html attributes (#3549).
    We are using v-html attribute on the UI side to dinamically rendering comments and analyzer commands. This can be very dangerous because it can easily lead to XSS vulnerabilities. To solve this problem the server will always return the escaped version of these values which can be safely rendered on the UI.
  • Fix link in gerrit output (#3572).
    If CC_REPORT_URL is defined and gerrit format is used at CodeChecker parse or CodeChecker cmd diff commands, the output will contain the value of this environment variable wrapped inside quotes. When this output is sent to gerrit, it will convert URL links to HTML a tags. Unfortunately gerrit will think that the ending quote is part of the URL, so it will not remove it. This way the URL will be invalid.
  • Change permission of stored analysis failure files (#3574).
    Change permission of the stored analysis failure zip files so only the current user/group will have access to this file.

For more information check the milestone.

Assets 2
Loading