Julia Khushnamova

Greenhorn
+ Follow
since Jan 18, 2019
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Julia Khushnamova

CUBA Platform developers have recently published the article on the PVS-Studio project check on their blog.

If you haven't read it yet then visit the link below to learn how the project can benefit from the use of the PVS-Studio static code analyzer 🙂 - https://www.cuba-platform.com/blog/analyzing-cuba-platform-with-pvs-studio/
1 week ago
PVS-Studio is a tool for detecting bugs and security weaknesses in the source code of programs, written in Java, C++ and C#. It is now available from the official JetBrains plugins repository - https://plugins.jetbrains.com/plugin/12263-pvs-studio
1 month ago
The PVS-Studio team has been keeping the blog about the checks of open-source projects by the same-name static code analyzer for many years. To date, more than 300 projects have been checked, the base of errors contains more than 12000 cases. Initially the analyzer was implemented for checking C and C++ code, support of C# was added later. Therefore, from all checked projects the majority (> 80%) accounts for C and C++. Quite recently Java was added to the list of supported languages, which means that there is now a whole new open world for PVS-Studio, so it's time to complement the base with errors from Java projects.

Visit the link to read the article https://www.viva64.com/en/b/0621/
1 month ago
Developers of the PVS-Studio static code analyzer, which until recently had been searching for errors and potential vulnerabilities in C, C++ and C# code, have released a new version of the product that is capable of detecting bugs in Java projects.
As usual, the author of the article gives some examples of bugs detected by PVS-Studio. Anticipating possible questions over whether the analyzer is able to find something in such projects as IntelliJ IDEA, SpotBugs and many other bug search tools for Java, the author proposes considering the examples of various errors found in these projects.

For example, here is an interesting typo found in IntelliJ IDEA:

public synchronized boolean isIdentifier(@NotNull String name,
                                        final Project project) {
 if (!StringUtil.startsWithChar(name,'\'') &&
     !StringUtil.startsWithChar(name,'\"')) {
   name = "\"" + name;
 }
 if (!StringUtil.endsWithChar(name,'"') &&
     !StringUtil.endsWithChar(name,'\"')) {
   name += "\"";
 }
....
}

This code fragment checks that the name is enclosed in either single or double quotation marks. If it's not so, double quotation marks are added automatically.

Due to a typo, the end of the name is checked only for the presence of double quotation marks. As a result, the name in single quotation marks will be processed incorrectly.

The name

'Abcd'

due to adding extra double quotes will turn into:

'Abcd'"

The analyzer can be integrated as a plugin in several build systems such as Maven, Gradle, IntelliJ IDEA. Neither could the developers ignore SonarQube, a platform for code quality control: they added support for Java to existing plugin from PVS-Studio. The analyzer warnings are classified not only according to the CWE, CERT but also MISRA. Support for these standards makes it more effective to use the analyzer for security improvement, program portability and reliability for build systems.

Another good news was that all the open source contributors hosting on GitHub or Bitbucket could use PVS-Studio for free.

Read more about the new version of PVS-Studio here - https://www.viva64.com/en/b/0602/

Read more about other errors in Java code here - https://www.viva64.com/en/b/0603/
3 months ago