Siyaqhubeka nokwenza ukusebenzisa i-PVS-Studio kube lula kakhulu. I-analyzer yethu isiyatholakala ku-Chocolatey, umphathi wephakheji we-Windows. Sikholelwa ukuthi lokhu kuzokwenza lula ukuthunyelwa kwe-PVS-Studio, ikakhulukazi, ezinsizeni zamafu. Ukuze singahambi kude, ake sihlole ikhodi yomthombo ye-Chocolatey efanayo. I-Azure DevOps izosebenza njengohlelo lwe-CI.
Nalu uhlu lwezinye izindatshana zethu ngesihloko sokuhlanganiswa nezinhlelo zamafu:
I-PVS-Studio iya emafini: I-Azure DevOps I-PVS-Studio iya emafini: Travis CI I-PVS-Studio iya emafini: CircleCI I-PVS-Studio iya emafini: GitLab CI/CD
Ngikweluleka ukuthi unake i-athikili yokuqala mayelana nokuhlanganiswa ne-Azure DevOps, ngoba kulokhu amanye amaphuzu asusiwe ukuze angaphindwa.
Ngakho, amaqhawe alesi sihloko:
Mayelana nokusebenzisa i-Chocolatey
Ungabona ukuthi usifaka kanjani isiphathi sephakheji ngokwaso kulokhu
Yala ukufaka inguqulo yakamuva ye-analyzer:
choco install pvs-studio
Yala ukufaka inguqulo ethile yephakheji ye-PVS-Studio:
choco install pvs-studio --version=7.05.35617.2075
Ngokuzenzakalelayo, ingqikithi kuphela ye-analyzer, ingxenye ye-Core, efakiwe. Wonke amanye amafulegi (Standalone, JavaCore, IDEA, MSVS2010, MSVS2012, MSVS2013, MSVS2015, MSVS2017, MSVS2019) angadluliswa kusetshenziswa --package-parameters.
Isibonelo somyalo ozofaka i-analyzer ene-plugin ye-Visual Studio 2019:
choco install pvs-studio --package-parameters="'/MSVS2019'"
Manje ake sibheke isibonelo sokusetshenziswa okulula kwe-analyzer ngaphansi kwe-Azure DevOps.
Yenza ngokwezifiso
Ake ngikukhumbuze ukuthi kunesigaba esihlukile mayelana nezindaba ezinjengokubhalisa i-akhawunti, ukudala Ipayipi Lokwakha kanye nokuvumelanisa i-akhawunti yakho nephrojekthi etholakala endaweni yokugcina ye-GitHub.
Okokuqala, ake simise i-trigger yokuqalisa, ebonisa ukuthi siqalisa izinguquko kuphela master igatsha:
trigger:
- master
Okulandelayo sidinga ukukhetha umshini obonakalayo. Okwamanje kuzoba yi-ejenti ephethwe yi-Microsoft eneWindows Server 2019 kanye ne-Visual Studio 2019:
pool:
vmImage: 'windows-latest'
Asiqhubekele emzimbeni wefayela lokucushwa (block izinyathelo). Ngaphandle kweqiniso lokuthi awukwazi ukufaka isoftware engafanele emshinini obonakalayo, angizange ngingeze isitsha se-Docker. Singangeza i-Chocolatey njengesandiso se-Azure DevOps. Ukuze wenze lokhu, ake siye ku
Lapha udinga ukukhetha lapho sizokwengeza khona isandiso bese uchofoza inkinobho ukufaka.
Ngemva kokufaka ngempumelelo, chofoza Qhubekela enhlanganweni:
Manje ungabona isifanekiso somsebenzi we-Chocolatey efasiteleni imisebenzi lapho uhlela ifayela lokumisa i-azure-pipelines.yml:
Chofoza ku-Chocolatey futhi ubone uhlu lwezinkambu:
Lapha sidinga ukukhetha Faka enkundleni namaqembu. IN Igama lefayela le-Nuspec khombisa igama lephakheji elidingekayo - pvs-studio. Uma ungayicacisi inguqulo, kuzofakwa eyakamuva, evumelana nathi ngokuphelele. Asicindezele inkinobho engeza futhi sizobona umsebenzi owenziwe kufayela lokumisa.
steps:
- task: ChocolateyCommand@0
inputs:
command: 'install'
installPackageId: 'pvs-studio'
Okulandelayo, asiqhubekele engxenyeni eyinhloko yefayela lethu:
- task: CmdLine@2
inputs:
script:
Manje sidinga ukudala ifayela elinelayisensi yokuhlaziya. Lapha I-PVSNAME и I-PVSKEY - Amagama okuguquguqukayo esiwacacisayo amanani azo kuzilungiselelo. Bazogcina ukungena ngemvume kwe-PVS-Studio kanye nokhiye welayisense. Ukuze usethe amanani abo, vula imenyu Okuguquguqukayo->Okuhlukile okusha. Ake sakhe okuguquguqukayo I-PVSNAME ukuze ungene futhi I-PVSKEY ngokhiye we-analyzer. Ungakhohlwa ukumaka ibhokisi Gcina lokhu kubaluleka kuyimfihlo ngoba I-PVSKEY. Ikhodi yomyalo:
сall "C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe" credentials
–u $(PVSNAME) –n $(PVSKEY)
Ake sakhe iphrojekthi sisebenzisa ifayela le-bat elitholakala endaweni yokugcina:
сall build.bat
Masidale ifolda lapho amafayela anemiphumela yokuhlaziya ezogcinwa khona:
сall mkdir PVSTestResults
Ake siqale ukuhlaziya iphrojekthi:
сall "C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
–t .srcchocolatey.sln –o .PVSTestResultsChoco.plog
Siguqulela umbiko wethu kufomethi ye-html sisebenzisa insiza ye-PlogСonverter:
сall "C:Program Files (x86)PVS-StudioPlogConverter.exe"
–t html –o PVSTestResults .PVSTestResultsChoco.plog
Manje udinga ukudala umsebenzi ukuze ukwazi ukulayisha umbiko.
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: PVSTestResults
artifactName: PVSTestResults
condition: always()
Ifayela lokumisa eliphelele libukeka kanje:
trigger:
- master
pool:
vmImage: 'windows-latest'
steps:
- task: ChocolateyCommand@0
inputs:
command: 'install'
installPackageId: 'pvs-studio'
- task: CmdLine@2
inputs:
script: |
call "C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
credentials –u $(PVSNAME) –n $(PVSKEY)
call build.bat
call mkdir PVSTestResults
call "C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
–t .srcchocolatey.sln –o .PVSTestResultsChoco.plog
call "C:Program Files (x86)PVS-StudioPlogConverter.exe"
–t html –o .PVSTestResults .PVSTestResultsChoco.plog
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: PVSTestResults
artifactName: PVSTestResults
condition: always()
Masichofoze Londoloza->Londoloza->Qalisa ukuqhuba umsebenzi. Masilande umbiko ngokuya kuthebhu yemisebenzi.
Iphrojekthi ye-Chocolatey iqukethe kuphela imigqa engu-37615 yekhodi ye-C #. Ake sibheke amanye amaphutha atholakele.
Imiphumela yokuhlolwa
Isexwayiso N1
Isexwayiso sokuhlaziya:
public abstract class CrytpoHashProviderSpecsBase : TinySpec
{
....
protected CryptoHashProvider Provider;
....
public override void Context()
{
Provider = Provider = new CryptoHashProvider(FileSystem.Object);
}
}
I-analyzer ithole isabelo sokuguquguquka ngokwaso, esingenzi mqondo. Ngokunokwenzeka, esikhundleni sokunye kwalokhu okuguquguqukayo kufanele kube khona okunye. Hhayi-ke, noma lokhu kuyiphutha, futhi umsebenzi owengeziwe ungamane ususwe.
Isexwayiso N2
Isexwayiso sokuhlaziya:
public static PlatformType get_platform()
{
switch (Environment.OSVersion.Platform)
{
case PlatformID.MacOSX:
{
....
}
case PlatformID.Unix:
if(file_system.directory_exists("/Applications")
& file_system.directory_exists("/System")
& file_system.directory_exists("/Users")
& file_system.directory_exists("/Volumes"))
{
return PlatformType.Mac;
}
else
return PlatformType.Linux;
default:
return PlatformType.Windows;
}
}
Umehluko we-opharetha & kusuka ku-opharetha && ukuthi uma uhlangothi lwesobunxele lwenkulumo luyi bamanga, khona-ke uhlangothi lwesokudla lusazobalwa, okusho ukuthi kulokhu kusho izingcingo zendlela ezingadingekile uhlelo.inkomba_lukhona.
Esiqeshini esicatshangelwayo, lokhu kuyiphutha elincane. Yebo, lesi simo singathuthukiswa ngokufaka i-&& opharetha esikhundleni, kodwa ngokombono ongokoqobo, lokhu akuthinti lutho. Nokho, kwezinye izimo, ukudideka phakathi & kanye && kungabangela izinkinga ezinkulu lapho uhlangothi lwesokudla lwenkulumo luphathwa ngamavelu angalungile/angalungile. Isibonelo, eqoqweni lethu lamaphutha,
if ((k < nct) & (s[k] != 0.0))
Noma inkomba k ayilungile, izosetshenziselwa ukufinyelela i-elementi yamalungu afanayo. Ngenxa yalokho, okuhlukile kuzokwenziwa I-IndexOutOfRangeException.
Izexwayiso N3, N4
Isexwayiso sokuhlaziya:
Isexwayiso sokuhlaziya:
public static string
prompt_for_confirmation(.... bool shortPrompt = false, ....)
{
....
if (shortPrompt)
{
var choicePrompt = choice.is_equal_to(defaultChoice) //1
?
shortPrompt //2
?
"[[{0}]{1}]".format_with(choice.Substring(0, 1).ToUpperInvariant(), //3
choice.Substring(1,choice.Length - 1))
:
"[{0}]".format_with(choice.ToUpperInvariant()) //0
:
shortPrompt //4
?
"[{0}]{1}".format_with(choice.Substring(0,1).ToUpperInvariant(), //5
choice.Substring(1,choice.Length - 1))
:
choice; //0
....
}
....
}
Kulokhu, kukhona i-logic engavamile ngemuva kokusebenza komsebenzisi we-ternary. Ake sibhekisise: uma isimo engisimake ngenombolo 1 sifeziwe, sizodlulela ku- condition 2, ohlale njalo. weqiniso, okusho ukuthi kuzokwenziwa umugqa wesi-3. Uma umbandela 1 kuvela ukuthi ungamanga, sizobe sesiya kulayini omakwe inombolo 4, isimo esihlala sikuso. weqiniso, okusho ukuthi kuzosetshenziswa umugqa wesi-5. Ngakho-ke, imibandela ephawulwe ngokuthi 0 ayisoze yagcwaliseka, okungenzeka kungabi yikho kanye ukucabangela kokusebenza obekulindelekile umhleli.
Isexwayiso N5
Isexwayiso sokuhlaziya:
private static string GetArgumentName (...., string description)
{
string[] nameStart;
if (maxIndex == 1)
{
nameStart = new string[]{"{0:", "{"};
}
else
{
nameStart = new string[]{"{" + index + ":"};
}
for (int i = 0; i < nameStart.Length; ++i)
{
int start, j = 0;
do
{
start = description.IndexOf (nameStart [i], j);
}
while (start >= 0 && j != 0 ? description [j++ - 1] == '{' : false);
....
return maxIndex == 1 ? "VALUE" : "VALUE" + (index + 1);
}
}
Ukuxilonga kusebenze kulayini:
while (start >= 0 && j != 0 ? description [j++ - 1] == '{' : false)
Kusukela variable j imigqa embalwa ngenhla iqaliswa ibe yiziro, u-opharetha we-ternary uzobuyisela inani bamanga. Ngenxa yalesi simo, umzimba we-loop uzokwenziwa kanye kuphela. Kimina kubonakala sengathi lolu cezu lwekhodi alusebenzi nhlobo njengoba umhleli wayehlosile.
Isexwayiso N6
Isexwayiso sokuhlaziya:
private void remove_nuget_cache_for_package(....)
{
if (!config.AllVersions && installedPackageVersions.Count > 1)
{
const string allVersionsChoice = "All versions";
if (installedPackageVersions.Count != 1)
{
choices.Add(allVersionsChoice);
}
....
}
....
}
Kukhona isidleke esingavamile lapha: installPackageVersions.Count != 1eyohlala ikhona weqiniso. Ngokuvamile isixwayiso esinjalo sibonisa iphutha elinengqondo kukhodi, futhi kwezinye izimo sibonisa ukuhlola okungafuneki.
Isexwayiso N7
Isexwayiso sokuhlaziya:
public static bool arguments_contain_sensitive_information(string
commandArguments)
{
return commandArguments.contains("-install-arguments-sensitive")
|| commandArguments.contains("-package-parameters-sensitive")
|| commandArguments.contains("apikey ")
|| commandArguments.contains("config ")
|| commandArguments.contains("push ")
|| commandArguments.contains("-p ")
|| commandArguments.contains("-p=")
|| commandArguments.contains("-password")
|| commandArguments.contains("-cp ")
|| commandArguments.contains("-cp=")
|| commandArguments.contains("-certpassword")
|| commandArguments.contains("-k ")
|| commandArguments.contains("-k=")
|| commandArguments.contains("-key ")
|| commandArguments.contains("-key=")
|| commandArguments.contains("-apikey")
|| commandArguments.contains("-api-key")
|| commandArguments.contains("-apikey")
|| commandArguments.contains("-api-key");
}
Umhleli obhale lesi sigaba sekhodi ukopishe futhi wanamathisela imigqa emibili yokugcina wakhohlwa ukuyihlela. Ngenxa yalokhu, abasebenzisi bakaChocolatey abakwazanga ukusebenzisa ipharamitha apikey ezinye izindlela ezimbalwa. Ngokufana namapharamitha angenhla, nginganikeza izinketho ezilandelayo:
commandArguments.contains("-apikey=");
commandArguments.contains("-api-key=");
Amaphutha wokukopisha unamathisele anethuba eliphezulu lokuvela maduze noma kamuva kunoma iyiphi iphrojekthi enenani elikhulu lekhodi yomthombo, futhi elinye lamathuluzi angcono kakhulu okulwa nawo ukuhlaziya okumile.
PS Futhi njengenjwayelo, leli phutha livame ukuvela ekugcineni kwesimo semigqa eminingi :). Bona okushicilelwe "
Isexwayiso N8
Isexwayiso sokuhlaziya:
public virtual ConcurrentDictionary<string, PackageResult> get_outdated(....)
{
....
var pinnedPackageResult = outdatedPackages.GetOrAdd(
packageName,
new PackageResult(installedPackage,
_fileSystem.combine_paths(
ApplicationParameters.PackagesLocation,
installedPackage.Id)));
....
if ( installedPackage != null
&& !string.IsNullOrWhiteSpace(installedPackage.Version.SpecialVersion)
&& !config.UpgradeCommand.ExcludePrerelease)
{
....
}
....
}
Iphutha lakudala: into kuqala ifakiweIphakheji iyasetshenziswa bese iyahlolwa null. Lokhu kuxilongwa kusitshela ngenkinga eyodwa kwezimbili ohlelweni: noma ifakiweIphakheji neze alingane null, okungabazekayo, bese kuthi isheke lingasasebenzi, noma singathola iphutha elibi kakhulu kukhodi - umzamo wokufinyelela ireferensi eyize.
isiphetho
Ngakho-ke sithathe esinye isinyathelo esincane - manje ukusebenzisa i-PVS-Studio sekulula kakhulu futhi kulula kakhulu. Ngingathanda futhi ukusho ukuthi u-Chocolatey ungumphathi wephakheji omuhle onenani elincane lamaphutha kukhodi, okungenzeka kube mbalwa nakakhulu uma usebenzisa i-PVS-Studio.
Siyakumema
PS
Ngaphambi kokushicilelwa, sithumele indatshana kubathuthukisi beChocolatey, futhi bayithola kahle. Asitholanga lutho olubucayi, kodwa bona, ngokwesibonelo, bathande iphutha esilitholile elihlobene nokhiye othi “api-key”.
Uma ufuna ukwabelana ngalesi sihloko nezithameli ezikhuluma isiNgisi, sicela usebenzise isixhumanisi sokuhumusha: Vladislav Stolyarov.
Source: www.habr.com