Tibor Blenessy
Tibor Blenessy
We don't detect the issue for S2259 (null-dereference) when property is called `length` ``` var x; if (x === undefined) { console.log(x.length); // FN } ```
It seems we could enable S4328 also for JavaScript projects, there is nothing TypeScript specific for this rule. We should also make sure that rule works when `package.json` is missing....
We should also support `jsconfig.json` which contains the configuration for JS project, same way as `tsconfig.json` https://www.typescriptlang.org/docs/handbook/tsconfig-json.html
We use ESLint's `no-unmodified-loop-condition` for this rule. It seems to be a bit noisy, because we are not able to detect cross-procedural modifications of the loop variables. We could significantly...
Rule [S2068](https://rules.sonarsource.com/go/RSPEC-2068) should detect when credentials are hardcoded in the db connection string ```go package main import ( "database/sql" ) // connect Database with hardcoded values func connectDatabase() (*sql.DB, error)...
`go test` will use module as package name in the json report. We should read content of the `go.mod` file. See https://github.com/golang/go/wiki/Modules Sample `go.mod` ``` module github.com/getyoti/yoti-go-sdk/v2 require ( github.com/golang/protobuf...
https://community.sonarsource.com/t/sonarlint-for-visual-studio-code-support-for-go-timeline/2939/6
We should augment the logs with information about memory usage during the analysis. We need to investigate available APIs - https://nodejs.org/api/process.html#process_process_memoryusage - https://nodejs.org/api/v8.html#v8_v8_getheapstatistics We could observe heap after each file...
We would currently analyze (and fail) on files such as https://github.com/SonarResearchScanning/odoo/blob/master/addons/web/static/lib/pdfjs/build/pdf.js we should revisit our detection of generated code and avoid such files automatically.