Kei te haere tonu taatau ki te whakamahi i te PVS-Studio kia pai ake. Kei te waatea to maatau kaitirotiro i Chocolatey, he kaiwhakahaere kete mo Windows. E whakapono ana matou ma tenei ka ngawari te tukunga o te PVS-Studio, ina koa, ki nga ratonga kapua. Kia kore ai e haere tawhiti, me tirotirohia te waehere puna o taua Chocolatey ano. Ka mahi a Azure DevOps hei punaha CI.
Anei te rarangi o etahi atu tuhinga mo te kaupapa mo te whakauru ki nga punaha kapua:
Ka tohutohu ahau ki a koe kia whai whakaaro koe ki te tuhinga tuatahi mo te whakauru ki a Azure DevOps, na te mea i tenei keehi ka mahue etahi tohu kia kore ai e taarua.
Na, ko nga toa o tenei tuhinga:
he taputapu tātari waehere pateko i hangaia hei tautuhi i nga hapa me nga whakaraeraetanga pea i roto i nga papatono kua tuhia ki te C, C++, C# me Java. Ka rere i runga i nga punaha Matapihi 64-bit, Linux, me te macOS, ka taea te tātari i te waehere i hangaia mo te 32-bit, 64-bit, me nga papaaho ARM kua whakauruhia. Mena koinei to wa tuatahi ki te whakamatau i te tātari waehere pateko ki te tirotiro i o kaupapa, ka tūtohu kia waia koe ki a koe me pehea te tiro tere i nga whakatupato PVS-Studio tino pai me te arotake i nga kaha o tenei taputapu.
— he huinga ratonga kapua ka kapi tahi i te katoa o nga mahi whanaketanga. Kei roto i tenei turanga nga taputapu penei i te Azure Pipelines, Azure Boards, Azure Artifacts, Azure Repos, Azure Test Plans, e taea ai e koe te tere ake i te tukanga o te hanga rorohiko me te whakapai ake i tona kounga.
he kaiwhakahaere putea puna tuwhera mo Windows. Ko te whainga o te kaupapa ko te whakaaunoa i te huringa ora katoa o te rorohiko mai i te whakaurunga ki te whakahou me te tango i nga punaha whakahaere Windows.
Mo te whakamahi Chocolatey
Ka taea e koe te kite me pehea te whakauru i te kaiwhakahaere kete i tenei . Kei te waatea nga tuhinga katoa mo te whakauru i te kaitirotiro Tirohia te Tāutatanga mā te wāhanga kaiwhakahaere mōkihi Chocolatey. Ka korero poto ahau i etahi korero mai i reira.
Tonoa kia tāuta te putanga hōu o te kaitātari:
choco install pvs-studioTonoa kia whakauruhia he putanga motuhake o te kete PVS-Studio:
choco install pvs-studio --version=7.05.35617.2075Ma te taunoa, ko te uho anake o te kaitirotiro, te waahanga Core, ka whakauruhia. Ko etahi atu haki katoa (Standalone, JavaCore, IDEA, MSVS2010, MSVS2012, MSVS2013, MSVS2015, MSVS2017, MSVS2019) ka taea te tuku ma te whakamahi --package-parameters.
He tauira o te whakahau ka whakauruhia he kaitirotiro me te mono mo Visual Studio 2019:
choco install pvs-studio --package-parameters="'/MSVS2019'"Inaianei me titiro ki tetahi tauira mo te whakamahi pai o te kaitirotiro i raro i a Azure DevOps.
whakatikatikanga
Me whakamahara ahau ki a koe he waahanga motuhake mo nga take penei i te rehita i tetahi kaute, te hanga i te Build Pipeline me te tukutahi i to putea me tetahi kaupapa kei roto i te rehitatanga GitHub. . Ka timata tonu ta maatau tatūnga ki te tuhi i te konae whirihoranga.
Tuatahi, me whakarite he keu whakarewatanga, e tohu ana ka whakarewahia mo nga huringa anake ariki peka:
trigger:
- masterI muri mai me kowhiria he miihini mariko. Inaianei ka noho hei kaihoko manaaki a Microsoft me te Windows Server 2019 me Visual Studio 2019:
pool:
vmImage: 'windows-latest'Me neke atu ki te tinana o te konae whirihoranga (block kaupae). Ahakoa te meka kaore e taea e koe te whakauru i nga punaha whakahaere ki roto i te miihini mariko, kaore au i taapiri i tetahi ipu Docker. Ka taea e taatau te taapiri a Chocolatey hei taapiri mo Azure DevOps. Ki te mahi i tenei, me haere tatou ki . Pāwhiri Kia ora. I muri mai, mena kua whakamanahia koe, tohua noa to putea, ki te kore, ka pena ano i muri i te whakamanatanga.
I konei me tohu koe ki hea ka taapirihia e matou te toronga ka paato i te paatene tāuta.
I muri i te tāutanga angitu, pāwhiritia Haere ki te whakahaere:
Ka taea e koe te kite i te tauira mo te mahi Chocolatey i te matapihi mahi i te wa e whakatika ana i te konae whirihoranga azure-pipelines.yml:
Paatohia te Chocolatey ka kite i te rarangi o nga mara:
I konei me whiriwhiri tatou tāuta i te mara me nga kapa. IN Ingoa Kōnae Nuspec tohuhia te ingoa o te kete e hiahiatia ana - pvs-studio. Ki te kore koe e tohu i te putanga, ka whakauruhia te mea hou, e pai ana ki a maatau. Kia pehi tatou i te paatene tāpiri a ka kite tatou i te mahi i hangaia i roto i te konae whirihoranga.
steps:
- task: ChocolateyCommand@0
inputs:
command: 'install'
installPackageId: 'pvs-studio'I muri mai, me haere ki te waahanga matua o ta maatau konae:
- task: CmdLine@2
inputs:
script: Inaianei me hanga he konae me te raihana kaitirotiro. I konei PVSNAME и PVSKEY - nga ingoa o nga taurangi ka tohua e matou nga uara ki nga tautuhinga. Ka penapenahia e ratou te takiuru PVS-Studio me te taviri raihana. Hei tautuhi i o raatau uara, whakatuwherahia te tahua Taurangi-> Taurangi Hou. Me hanga taurangi PVSNAME mo te takiuru me te PVSKEY mo te matua tātari. Kaua e wareware ki te taki i te pouaka Kia huna tenei uara ki PVSKEY. Waehere whakahau:
сall "C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe" credentials
–u $(PVSNAME) –n $(PVSKEY)Me hanga te kaupapa ma te whakamahi i te konae pekapeka kei roto i te putunga:
сall build.batMe hanga he kōpaki hei penapena i nga konae me nga hua o te kaitirotiro:
сall mkdir PVSTestResultsMe timata taatau ki te tātari i te kaupapa:
сall "C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
–t .srcchocolatey.sln –o .PVSTestResultsChoco.plog Ka hurihia ta maatau ripoata ki te whakatakotoranga html ma te whakamahi i te taputapu PlogConverter:
сall "C:Program Files (x86)PVS-StudioPlogConverter.exe"
–t html –o PVSTestResults .PVSTestResultsChoco.plogInaianei me hanga e koe he mahi kia taea ai e koe te tuku i te purongo.
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: PVSTestResults
artifactName: PVSTestResults
condition: always()He penei te ahua o te konae whirihoranga:
trigger:
- master
pool:
vmImage: 'windows-latest'
steps:
- task: ChocolateyCommand@0
inputs:
command: 'install'
installPackageId: 'pvs-studio'
- task: CmdLine@2
inputs:
script: |
call "C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
credentials –u $(PVSNAME) –n $(PVSKEY)
call build.bat
call mkdir PVSTestResults
call "C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
–t .srcchocolatey.sln –o .PVSTestResultsChoco.plog
call "C:Program Files (x86)PVS-StudioPlogConverter.exe"
–t html –o .PVSTestResults .PVSTestResultsChoco.plog
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: PVSTestResults
artifactName: PVSTestResults
condition: always()Kia paato tatou Tiaki-> Tiaki-> Rere ki te whakahaere i te mahi. Me tiki ake te purongo ma te haere ki te ripa mahi.
Ko te kaupapa Chocolatey e 37615 noa nga rarangi o te C# code. Kia titiro tatou ki etahi o nga hapa i kitea.
Nga hua whakamatautau
Whakatupato N1
Whakatupato Kaitātari: Ko te taurangi 'Kaiwhakarato' kua tautapa ki a ia ano. CrytpoHashProviderSpecs.cs 38
public abstract class CrytpoHashProviderSpecsBase : TinySpec
{
....
protected CryptoHashProvider Provider;
....
public override void Context()
{
Provider = Provider = new CryptoHashProvider(FileSystem.Object);
}
}I kitea e te kaitirotiro he taumahi o te taurangi ki a ia ano, kaore i te whai tikanga. Ko te mea pea, hei whakakapi i tetahi o enei taurangi me noho tetahi atu. Ana, he hapa ranei tenei, a ka taea noa te tango i nga mahi taapiri.
Whakatupato N2
Whakatupato Kaitātari: [CWE-480] Ka arotakehia e te kaiwhakahaere '&' nga mahi e rua. Tena pea me whakamahi he kaiwhakahaere ara-poto '&&'. Platform.cs 64
public static PlatformType get_platform()
{
switch (Environment.OSVersion.Platform)
{
case PlatformID.MacOSX:
{
....
}
case PlatformID.Unix:
if(file_system.directory_exists("/Applications")
& file_system.directory_exists("/System")
& file_system.directory_exists("/Users")
& file_system.directory_exists("/Volumes"))
{
return PlatformType.Mac;
}
else
return PlatformType.Linux;
default:
return PlatformType.Windows;
}
}Te rereketanga o te kaiwhakahaere & mai i te kaiwhakahaere && ko te mea ko te taha maui o te korero ko teka, ka tatau tonu te taha matau, i roto i tenei keehi ko nga waea tikanga kore e tika system.directory_exists.
I roto i te wahanga i whakaarohia, he hapa iti tenei. Ae, ka taea te whakapai ake i tenei ahuatanga ma te whakakapi i te & operator ki te && kaiwhakahaere, engari mai i te tirohanga whaitake, kaore tenei e pa ki tetahi mea. Engari, i etahi atu take, ka raru pea te rangirua i waenga i te & me te && ina ka tukuna te taha matau o te korero ki nga uara hē/muhu. Hei tauira, i roto i ta maatau kohinga hapa, , kei tenei keehi:
if ((k < nct) & (s[k] != 0.0))Ahakoa te taupū k kei te hē, ka whakamahia hei uru ki tetahi huānga huānga. Ko te mutunga mai, ka makahia he tuunga IndexOutOfRangeException.
Whakatupato N3, N4
Whakatupato Kaitātari: [CWE-571] He pono tonu te whakahua 'ShortPrompt'. InteractivePrompt.cs 101
Whakatupato Kaitātari: [CWE-571] He pono tonu te whakahua 'ShortPrompt'. InteractivePrompt.cs 105
public static string
prompt_for_confirmation(.... bool shortPrompt = false, ....)
{
....
if (shortPrompt)
{
var choicePrompt = choice.is_equal_to(defaultChoice) //1
?
shortPrompt //2
?
"[[{0}]{1}]".format_with(choice.Substring(0, 1).ToUpperInvariant(), //3
choice.Substring(1,choice.Length - 1))
:
"[{0}]".format_with(choice.ToUpperInvariant()) //0
:
shortPrompt //4
?
"[{0}]{1}".format_with(choice.Substring(0,1).ToUpperInvariant(), //5
choice.Substring(1,choice.Length - 1))
:
choice; //0
....
}
....
}I tenei keehi, he whakaaro ke kei muri i te mahi a te kaiwhakahaere ternary. Kia ata titiro tatou: ki te tutuki te ahuatanga i tohuhia e ahau ki te nama 1, katahi ka neke atu ki te tikanga 2, he rite tonu. pono, ko te tikanga ka mahia te rarangi 3. Mena ka puta te ahua 1 he teka, katahi ka haere ki te rarangi kua tohua ki te nama 4, ko te ahuatanga kei roto ano hoki i nga wa katoa pono, ko te tikanga ka mahia te rarangi 5. No reira, ko nga tikanga kua tohua ki te korero 0 e kore rawa e tutuki, kaore pea i te tino arorau o te mahi i tumanakohia e te kaiwhakaputa.
Whakatupato N5
Whakatupato Kaitātari: [CWE-783] He rereke pea te mahi a te kaiwhakahaere '?:' i te mea i whakaarohia. He iti ake tana kaupapa matua i te kaupapa matua o etahi atu kaiwhakahaere i roto i tona ahuatanga. Kōwhiringa.cs 1019
private static string GetArgumentName (...., string description)
{
string[] nameStart;
if (maxIndex == 1)
{
nameStart = new string[]{"{0:", "{"};
}
else
{
nameStart = new string[]{"{" + index + ":"};
}
for (int i = 0; i < nameStart.Length; ++i)
{
int start, j = 0;
do
{
start = description.IndexOf (nameStart [i], j);
}
while (start >= 0 && j != 0 ? description [j++ - 1] == '{' : false);
....
return maxIndex == 1 ? "VALUE" : "VALUE" + (index + 1);
}
}I mahi te tātaritanga mo te raina:
while (start >= 0 && j != 0 ? description [j++ - 1] == '{' : false)Mai i te taurangi j he torutoru nga rarangi i runga ake nei ka arawhiti ki te kore, ka whakahokia e te kaiwhakahaere ternary te uara teka. Na tenei ahuatanga, ka mahia te tinana o te kapiti kotahi anake. Ki ahau nei karekau tenei waahanga waehere i te mahi pera i ta te kaiwhakaputa.
Whakatupato N6
Whakatupato Kaitātari: [CWE-571] He pono tonu te korero 'installedPackageVersions.Count != 1'. NugetService.cs 1405
private void remove_nuget_cache_for_package(....)
{
if (!config.AllVersions && installedPackageVersions.Count > 1)
{
const string allVersionsChoice = "All versions";
if (installedPackageVersions.Count != 1)
{
choices.Add(allVersionsChoice);
}
....
}
....
}He ahua kee kei konei: installationPackageVersions.Count != 1ka noho tonu pono. I te nuinga o nga wa ka tohuhia e taua whakatupato he hapa arorau i roto i te waehere, a, i etahi atu keehi ka tohu noa i te arowhai.
Whakatupato N7
Whakatupato Kaitātari: He rite tonu nga kupu-iti 'commandArguments.contains("-apikey")' ki te taha maui me te taha matau o te '||' kaiwhakahaere. ArgumentsUtility.cs 42
public static bool arguments_contain_sensitive_information(string
commandArguments)
{
return commandArguments.contains("-install-arguments-sensitive")
|| commandArguments.contains("-package-parameters-sensitive")
|| commandArguments.contains("apikey ")
|| commandArguments.contains("config ")
|| commandArguments.contains("push ")
|| commandArguments.contains("-p ")
|| commandArguments.contains("-p=")
|| commandArguments.contains("-password")
|| commandArguments.contains("-cp ")
|| commandArguments.contains("-cp=")
|| commandArguments.contains("-certpassword")
|| commandArguments.contains("-k ")
|| commandArguments.contains("-k=")
|| commandArguments.contains("-key ")
|| commandArguments.contains("-key=")
|| commandArguments.contains("-apikey")
|| commandArguments.contains("-api-key")
|| commandArguments.contains("-apikey")
|| commandArguments.contains("-api-key");
}Ko te kaihōtaka i tuhi i tenei wahanga o te waehere i kape me te whakapiri i nga rarangi whakamutunga e rua ka wareware ki te whakatika. Na tenei, kaore i taea e nga kaiwhakamahi Chocolatey te whakamahi i te tawhā apikey e rua nga huarahi. He rite ki nga tawhā i runga ake nei, ka taea e au te tuku i nga whiringa e whai ake nei:
commandArguments.contains("-apikey=");
commandArguments.contains("-api-key=");Ko nga hapa kape-whakapiri he nui te tupono ka puta wawe i muri mai ranei i roto i tetahi kaupapa me te nui o te waehere puna, a ko tetahi o nga taputapu pai ki te whawhai i a raatau ko te tātaritanga pateko.
PS A ka rite ki nga wa katoa, ka puta mai tenei hapa i te mutunga o te ahua maha-raina :). Tirohia te whakaputanga "".
Whakatupato N8
Whakatupato Kaitātari: [CWE-476] I whakamahia te mea 'installedPackage' i mua i te manatoko ki te kore. Tirohia nga rarangi: 910, 917. NugetService.cs 910
public virtual ConcurrentDictionary<string, PackageResult> get_outdated(....)
{
....
var pinnedPackageResult = outdatedPackages.GetOrAdd(
packageName,
new PackageResult(installedPackage,
_fileSystem.combine_paths(
ApplicationParameters.PackagesLocation,
installedPackage.Id)));
....
if ( installedPackage != null
&& !string.IsNullOrWhiteSpace(installedPackage.Version.SpecialVersion)
&& !config.UpgradeCommand.ExcludePrerelease)
{
....
}
....
}Hapa matarohia: mea tuatahi tāutaPackage ka whakamahia ka tirohia mo korenga. Ko tenei tātaritanga e korero ana mo tetahi o nga raru e rua i roto i te kaupapa: ahakoa tāutaPackage e kore e rite korenga, he pohehe, katahi ka nui te haki, ka tupono pea he hapa nui i roto i te waehere - he ngana ki te uru atu ki tetahi tohutoro kore.
mutunga
Na kua mahi matou i tetahi atu taahiraa iti - inaianei ko te whakamahi i te PVS-Studio kua ngawari ake, kua pai ake. E hiahia ana hoki ahau ki te kii ko Chocolatey he kaiwhakahaere putea pai me te iti o nga hapa i roto i te waehere, ka iti ake pea i te wa e whakamahi ana i te PVS-Studio.
Ka tono matou ki a koe ka whakamatau i te PVS-Studio. Ko te whakamahi i nga wa katoa o te kaitirotiro pateko ka whakapai ake i te kounga me te pono o te waehere ka whakawhanakehia e to roopu me te aukati i te tini. .
PS
I mua i te whakaputanga, i tukuna atu e matou te tuhinga ki nga kaiwhakawhanake Chocolatey, a ka pai te whiwhi. Karekau i kitea he mea whakahirahira, engari, hei tauira, i pai ki a ratou te pepeha i kitea e matou e pa ana ki te matua "api-key".
Mena kei te pirangi koe ki te tiri i tenei tuhinga ki te hunga whakarongo ki te reo Ingarihi, whakamahia te hononga whakamaori: Vladislav Stolyarov. .
Source: will.com