kitodo
Investigate and fix issues reported by Coverity Scan
The static code analyzer Coverity Scan reports 330 open issues (after #5995 is applied) for the current git master branch. A quick review of those issues shows that at least some of them are real bugs which must be fixed.
Therefore all issues should be reviewed and classified (Coverity Scan has classifications for bug, false positive, intentional and pending). Ideally bugs should also be fixed.
The estimated costs for the classification of all reported issues are a few days (low).
Fixing bugs ranges from low costs for trivial fixes, but can also require medium or even high costs for more complex bugs. Therefore I'd restrict this task to fixing trivial bugs and reporting all other bugs as issues on GitHub.
Ideally all remaining issues in Coverity Scan which were classified as bugs should contain references to GitHub issues.
Coverity Scan status update for Git master branch: 2024-08-05: 393 outstanding issues 2024-08-22: 354 outstanding issues
About 40 issues are potential resource leaks or null pointer dereferences. About 30 issues are known security issues. The rest are mainly low priority issues.
@solth, among the low priority issues are more than 30 of this kind:
PI: Do not reuse public identifiers from Java Standard Library. It's essential to avoid reusing public identifiers from the Java Standard Library as class names. It is a good practice to avoid reusing public identifiers from the Java Standard Library as field names in your code. [...]
Examples of such identifiers are FileFormat, Option, Namespace, all very generic names, so the conflicts are not surprising.
Do we want to ignore such issues, or should we try to use more specific names, perhaps by prepending "Kitodo" to the name?