huskyCI icon indicating copy to clipboard operation
huskyCI copied to clipboard
verified publisher icon globocom

Add Infer as a new securityTest

Open rafaveira3 opened this issue 5 years ago • 2 comments

Motivation

Facebook has developed this cool Open Source tool to detect bugs in Java and C/C++/Objective-C code and it will be a great addition to huskyCI analysis.

It would be great if

We have all the necessary code to scan these new languages!

What we expect

  • A working container of Infer that outputs a JSON after running the analysis in a particular folder. Similar to this to be uploaded to Docker Hub as huskyci/infer:latest.
  • Add into config.yaml commands needed to run inside the securityTest container.
  • Adjust context.go to have the new Infer securityTest configs.
  • Add new error messages related to Infer in messagecodes.go.
  • Add a new file into securitytest package and adjust its logic to now handle Infer output.
  • Add new code into client analysis package to print to STDOUT Infer results.

Tips

  • Search how a particular securityTest work and apply the same logic (Ctrl + F + "bandit" will do 🙃).

rafaveira3 avatar Sep 30 '20 21:09 rafaveira3

Hey, @thepabloaguilar do you will keep working on this issue?

fguisso avatar Oct 05 '22 19:10 fguisso

Yeah @fguisso, I'll get it done by this week

thepabloaguilar avatar Oct 05 '22 19:10 thepabloaguilar