diff --git a/analyzer/codechecker_analyzer/analyzers/infer/analyzer.py b/analyzer/codechecker_analyzer/analyzers/infer/analyzer.py index 8d7456b359..122b3ccd04 100644 --- a/analyzer/codechecker_analyzer/analyzers/infer/analyzer.py +++ b/analyzer/codechecker_analyzer/analyzers/infer/analyzer.py @@ -12,7 +12,6 @@ # TODO distutils will be removed in python3.12 import shlex import subprocess -import json from pathlib import Path import sys from typing import List, Optional @@ -105,14 +104,12 @@ def get_analyzer_checkers(cls): """ Return the list of the supported checkers. """ + context = analyzer_context.get_context() + command = [cls.analyzer_binary(), "help", "--list-issue-types"] - desc = json.load( - open(Path(__file__).parent / "descriptions.json", - "r", encoding="utf-8")) checker_list = [] try: - env = analyzer_context.get_context().get_env_for_bin( - cls.analyzer_binary()) + env = context.get_env_for_bin(cls.analyzer_binary()) env.update(TZ='UTC') output = subprocess.check_output(command, stderr=subprocess.DEVNULL, @@ -122,16 +119,18 @@ def get_analyzer_checkers(cls): if len(data) < 7: continue - entry_id = data[0].lower() - if entry_id in desc: - description = desc[entry_id] - else: - checker = data[6] if len(data) == 7 else data[5] - description = f"used by '{checker}' checker" + checker = f'infer-{data[0].lower().replace("_", "-")}' + + description = context.checker_labels.label_of_checker( + checker, + 'description', + cls.ANALYZER_NAME) + + if not description: + user = data[6] if len(data) == 7 else data[5] + description = f"used by '{user}' checker" - entry_id = entry_id.replace("_", "-") - checker_list.append((f"infer-{entry_id}", - description)) + checker_list.append((checker, description)) return checker_list except (subprocess.CalledProcessError) as e: LOG.error(e.stderr) diff --git a/analyzer/codechecker_analyzer/analyzers/infer/descriptions.json b/analyzer/codechecker_analyzer/analyzers/infer/descriptions.json deleted file mode 100644 index 0a9bafd750..0000000000 --- a/analyzer/codechecker_analyzer/analyzers/infer/descriptions.json +++ /dev/null @@ -1,200 +0,0 @@ -{ - "arbitrary_code_execution_under_lock": "A call that may execute arbitrary code (such as registered, or chained, callbacks) is made while holding a lock. This code may deadlock whenever the callbacks obtain locks themselves, so it is an unsafe pattern.", - "bad_arg": "Bad arg in Erlang: Reports an error when the type of an argument is wrong or the argument is badly formed. Corresponds to the badarg error in the Erlang runtime.", - "bad_arg_latent": "A latent BAD_ARG. See the documentation on Pulse latent issues.", - "bad_generator": "Bad generator in Erlang: Reports an error when a wrong type is used in a generator. Corresponds to the bad_generator error in the Erlang runtime.", - "bad_generator_latent": "A latent BAD_GENERATOR. See the documentation on Pulse latent issues.", - "bad_key": "Bad key in Erlang: Reports an error when trying to access or update a non-existing key in a map. Corresponds to the {badkey,K} error in the Erlang runtime.", - "bad_key_latent": "A latent BAD_KEY. See the documentation on Pulse latent issues.", - "bad_map": "Bad map in Erlang: Reports an error when trying to access or update a key for a term that is not a map. Corresponds to the {badmap,...} error in the Erlang runtime.", - "bad_map_latent": "A latent BAD_MAP. See the documentation on Pulse latent issues.", - "bad_record": "Bad record in Erlang: Reports an error when trying to access or update a record with the wrong name. Corresponds to the {badrecord,Name} error in the Erlang runtime.", - "bad_record_latent": "A latent BAD_RECORD. See the documentation on Pulse latent issues.", - "bad_return": "Bad return in Erlang: The dynamic type of a returned value disagrees with the static type given in the spec.", - "bad_return_latent": "A latent BAD_RETURN. See the documentation on Pulse latent issues.", - "biabduction_memory_leak": "See MEMORY_LEAK_C.", - "biabduction_retain_cycle": "See RETAIN_CYCLE.", - "block_parameter_not_null_checked": "This error type is reported only in Objective-C/Objective-C++. It happens when a method has a block as a parameter, and the block is executed in the method's body without checking it for nil first. If a nil block is passed to the method, then this will cause a crash. For example:", - "buffer_overrun_l1": "This is reported when outside of buffer bound is accessed. It can corrupt memory and may introduce security issues in C/C++.", - "buffer_overrun_l2": "See BUFFER_OVERRUN_L1", - "buffer_overrun_l3": "See BUFFER_OVERRUN_L1", - "buffer_overrun_l4": "See BUFFER_OVERRUN_L1", - "buffer_overrun_l5": "See BUFFER_OVERRUN_L1", - "buffer_overrun_s2": "See BUFFER_OVERRUN_L1", - "buffer_overrun_u5": "See BUFFER_OVERRUN_L1", - "captured_strong_self": "This check is about when a strong pointer to self is captured in a block. This could lead to retain cycles or unexpected behavior since to avoid retain cycles one usually uses a local strong pointer or a captured weak pointer instead.", - "checkers_allocates_memory": "A method annotated with @NoAllocation transitively calls new.", - "checkers_annotation_reachability_error": "A method annotated with an annotation @A transitively calls a method annotated @B where the combination of annotations is forbidden (for example, @UiThread calling @WorkerThread).", - "checkers_calls_expensive_method": "A method annotated with @PerformanceCritical transitively calls a method annotated @Expensive.", - "checkers_expensive_overrides_unannotated": "A method annotated with @Expensive overrides an un-annotated method.", - "checkers_fragment_retains_view": "This error type is Android-specific. It fires when a Fragment type fails to nullify one or more of its declared View fields in onDestroyView. In performance-sensitive applications, a Fragment should initialize all View's in onCreateView and nullify them in onDestroyView. If a Fragment is placed on the back stack and fails to nullify a View in onDestroyView, it will retain a useless reference to that View that will not be cleaned up until the Fragment is resumed or destroyed.", - "checkers_printf_args": "This error is reported when the argument types to a printf method do not match the format string.", - "config_impact": "Infer reports this issue when an expensive function is called without a config check. The config is usually a boolean value that enables experimental new features and it is defined per application/codebase, e.g. gatekeepers. To determine whether a function is expensive or not, the checker relies on modeled functions that are assumed to be expensive, e.g. string operations, regular expression match, or DB accesses.", - "config_impact_strict": "This is similar to CONFIG_IMPACT issue but the analysis reports all ungated codes irrespective of whether they are expensive or not.", - "config_usage": "Infer reports this issue when a config value is used as branch condition in a function. The config is usually a boolean value that enables experimental new features and it is defined per application/codebase, e.g. gatekeepers.", - "constant_address_dereference": "This is reported when an address at an absolute location, e.g. 1234, is dereferenced. It is a more general version of the NULLPTR_DEREFERENCE error type that is reported when the address is a constant other than zero.", - "constant_address_dereference_latent": "A latent CONSTANT_ADDRESS_DEREFERENCE. See the documentation on Pulse latent issues.", - "create_intent_from_uri": "Create an intent/start a component using a (possibly user-controlled) URI. may or may not be an issue depending on where the URI comes from.", - "cross_site_scripting": "Untrusted data flows into HTML; XSS risk.", - "cxx_ref_captured_in_block": "This check flags when a C++ reference is captured in an escaping block. This means that the block will be leaving the current scope, i.e. it is not annotated with __attribute__((noescape)).", - "dangling_pointer_dereference": "DATALOG_FACT", - "datalog_fact": "Datalog fact used as input for a datalog solver.", - "data_flow_to_sink": "A flow of data was detected to a sink.", - "deadlock": "This error is currently reported in Java. A deadlock occurs when two distinct threads try to acquire two locks in reverse orders. The following code illustrates a textbook example. Of course, in real deadlocks, the lock acquisitions may be separated by deeply nested call chains.", - "dead_store": "This error is reported in C++. It fires when the value assigned to a variables is never used (e.g., int i = 1; i = 2; return i;).", - "divide_by_zero": "EMPTY_VECTOR_ACCESS", - "empty_vector_access": "This error type is reported only in C++, in versions >= C++11.", - "execution_time_complexity_increase": "Infer reports this issue when the execution time complexity of a program increases in degree: e.g. from constant to linear or from logarithmic to quadratic. This issue type is only reported in differential mode: i.e when we are comparing the cost analysis results of two runs of infer on a file. Check out examples in here.", - "execution_time_complexity_increase_ui_thread": "Infer reports this issue when the execution time complexity of the procedure increases in degree and the procedure runs on the UI (main) thread.", - "execution_time_unreachable_at_exit": "This issue type indicates that the program's execution doesn't reach the exit node (where our analysis computes the final cost of the procedure). Hence, we cannot compute a static bound for the procedure.", - "expensive_execution_time": "[EXPERIMENTAL] This warning indicates that the procedure has non-constant and non-top execution cost. By default, this issue type is disabled. To enable it, set enabled=true in costKind.ml.", - "expensive_loop_invariant_call": "We report this issue type when a function is loop-invariant and also expensive (i.e. at least has linear complexity as determined by the cost analysis).", - "exposed_insecure_intent_handling": "Undocumented.", - "guardedby_violation": "A field annotated with @GuardedBy is being accessed by a call-chain that starts at a non-private method without synchronization.", - "impure_function": "This issue type indicates impure functions. For instance, below functions would be marked as impure:", - "inefficient_keyset_iterator": "This issue is raised when", - "inferbo_alloc_is_big": "malloc is passed a large constant value (>=10^6). For example, int n = 1000000; malloc(n); generates INFERBO_ALLOC_IS_BIG on malloc(n).", - "inferbo_alloc_is_negative": "malloc is called with a negative size. For example, int n = 3 - 5; malloc(n); generates INFERBO_ALLOC_IS_NEGATIVE on malloc(n).", - "inferbo_alloc_is_zero": "malloc is called with a zero size. For example, int n = 3 - 3; malloc(n); generates INFERBO_ALLOC_IS_ZERO on malloc(n).", - "inferbo_alloc_may_be_big": "malloc may be called with a large value. For example, int n = b ? 3 : 1000000; malloc(n); generates INFERBO_ALLOC_MAY_BE_BIG on malloc(n).", - "inferbo_alloc_may_be_negative": "malloc may be called with a negative value. For example, int n = b ? 3 : -5; malloc(n); generates INFERBO_ALLOC_MAY_BE_NEGATIVE on malloc(n).", - "infinite_execution_time": "This warning indicates that Infer was not able to determine a static upper bound on the execution cost of the procedure. By default, this issue type is disabled.", - "example-1-t-due-to-expressivity": "For instance, Inferbo's interval analysis is limited to affine expressions. Hence, we can't statically estimate an upper bound on the below example and obtain T(unknown) cost:", - "example-2-t-due-to-unmodeled-calls": "Another common case where we get T cost is when Infer cannot statically determine the range of values for loop bounds. For instance,", - "example-3-t-due-to-calling-another-t-costed-function": "Since the analysis is inter-procedural, another example we can have T cost is if at least one of the callees has T cost.", - "insecure_intent_handling": "Undocumented.", - "integer_overflow_l1": "This is reported when integer overflow occurred by integer operations such as addition, subtraction, and multiplication. For example, int n = INT_MAX; int m = n + 3; generates a INTEGER_OVERFLOW_L1 on n + 3.", - "integer_overflow_l2": "See INTEGER_OVERFLOW_L1", - "integer_overflow_l5": "See INTEGER_OVERFLOW_L1", - "integer_overflow_u5": "See INTEGER_OVERFLOW_L1", - "interface_not_thread_safe": "This error indicates that you have invoked an interface method not annotated with @ThreadSafe from a thread-safe context (e.g., code that uses locks or is marked @ThreadSafe). The fix is to add the @ThreadSafe annotation to the interface or to the interface method. For background on why these annotations are needed, see the detailed explanation here.", - "invalid_sil": "The SIL instruction does not conform to the expected subset of instructions expected for the front-end of the language for the analyzed code.", - "invariant_call": "We report this issue type when a function call is loop-invariant and hoistable, i.e.", - "ipc_on_ui_thread": "A blocking Binder IPC call occurs on the UI thread.", - "javascript_injection": "Untrusted data flows into JavaScript.", - "lab_resource_leak": "Toy issue.", - "lockless_violation": "A method implements an interface signature annotated with @Lockless but which transitively acquires a lock.", - "lock_consistency_violation": "This is an error reported on C++ and Objective C classes whenever:", - "fixing-lock-consistency-violation-reports": "Avoid the offending access (most often the read). Of course, this may not be possible. Use synchronization to protect the read, by using the same lock protecting the corresponding write. Make the method doing the read access private. This should silence the warning, since Infer looks for a pair of non-private methods. Objective-C: Infer considers a method as private if it's not exported in the header-file interface.", - "logging_private_data": "Undocumented.", - "memory_leak_c": "Memory leak in C", - "memory-leak-in-c": "This error type is only reported in C and Objective-C code. In Java we do not report memory leaks because it is a garbage collected language.", - "memory-leak-in-objective-c": "Additionally, in Objective-C, Infer reports memory leaks that happen when objects from Core Foundation or Core Graphics don't get released.", - "memory_leak_cpp": "See MEMORY_LEAK_C", - "missing_required_prop": "This issues is reported when a required @Prop is missing.", - "examples": "Assume that the following Litho Component specification is defined as follows where prop1 is optional and prop2 is required.", - "mixed_self_weakself": "This check reports an issue when an Objective-C block captures both self and weakSelf, a weak pointer to self. Possibly the developer meant to capture only weakSelf to avoid a retain cycle, but made a typo and used self instead of strongSelf. In this case, this could cause a retain cycle.", - "modifies_immutable": "This issue type indicates modifications to fields marked as @Immutable. For instance, below function mutateArray would be marked as modifying immutable field testArray:", - "multiple_weakself": "This check reports when an Objective-C block uses weakSelf (a weak pointer to self) more than once. This could lead to unexpected behaviour. Even if weakSelf is not nil in the first use, it could be nil in the following uses since the object that weakSelf points to could be freed anytime.", - "mutual_recursion_cycle": "A recursive call or mutually recursive call has been detected. This does not mean that the program won't terminate, just that the code is recursive. You should double-check if the recursion is intended and if it can lead to non-termination or a stack overflow.", - "nil_block_call": "This check reports when one tries to call an Objective-C block that is nil. This causes a crash.", - "nil_block_call_latent": "A latent NIL_BLOCK_CALL. See the documentation on Pulse latent issues.", - "nil_insertion_into_collection": "This checks reports when nil is passed to collections in Objective-C such as arrays and dictionaries. This causes a crash.", - "arrays": "Adding objects to an array, inserting objects at a given index, or replacing objects at a given index, can all lead to a crash when the object is nil.", - "dictionaries": "Adding a nil value in a dictionary causes a crash. If the concept of nil is required, one can add [NSNull null] instead.", - "nil_insertion_into_collection_latent": "A latent NIL_INSERTION_INTO_COLLECTION. See the documentation on Pulse latent issues.", - "nil_messaging_to_non_pod": "In Objective-C, calling a method on nil (or in Objective-C terms, sending a message to nil) does not crash, it simply returns a falsy value (nil/0/false). However, sending a message that returns a non-POD C++ type (POD being \"Plain Old Data\", essentially anything that cannot be compiled as a C-style struct) to nil causes undefined behaviour.", - "nil_messaging_to_non_pod_latent": "A latent NIL_MESSAGING_TO_NON_POD. See the documentation on Pulse latent issues.", - "no_matching_branch_in_try": "No matching branch is found when evaluating the of section of a try expression. Corresponds to the {try_clause,V} error in the Erlang runtime.", - "no_matching_branch_in_try_latent": "A latent NO_MATCHING_BRANCH_IN_TRY. See the documentation on Pulse latent issues.", - "no_matching_case_clause": "No matching case clause in Erlang: Reports an error when none of the clauses of a case match the expression. Corresponds to the {case_clause,V} error in the Erlang runtime.", - "no_matching_case_clause_latent": "A latent NO_MATCHING_CASE_CLAUSE. See the documentation on Pulse latent issues.", - "no_matching_else_clause": "No matching else clause in Erlang: Reports an error when none of the clauses of an else match the short-circuit result from maybe body. Corresponds to the {else_clause,V} error in the Erlang runtime.", - "no_matching_else_clause_latent": "A latent NO_MATCHING_ELSE_CLAUSE. See the documentation on Pulse latent issues.", - "no_matching_function_clause": "No matching function clause in Erlang: Reports an error when none of the clauses of a function match the arguments of a call. Corresponds to the function_clause error in the Erlang runtime.", - "no_matching_function_clause_latent": "A latent NO_MATCHING_FUNCTION_CLAUSE. See the documentation on Pulse latent issues.", - "no_match_of_rhs": "No match of right hand side value in Erlang: Reports an error when the right hand side value of a match expression does not match the pattern on the left hand side. Corresponds to the {badmatch,V} error in the Erlang runtime.", - "no_match_of_rhs_latent": "A latent NO_MATCH_OF_RHS. See the documentation on Pulse latent issues.", - "no_true_branch_in_if": "No true branch when evaluating an if expression in Erlang: Reports an error when none of the branches of an if expression evaluate to true. Corresponds to the if_clause error in the Erlang runtime.", - "no_true_branch_in_if_latent": "A latent NO_TRUE_BRANCH_IN_IF. See the documentation on Pulse latent issues.", - "nullptr_dereference": "Infer reports null dereference bugs in Java, C, C++, and Objective-C when it is possible that the null pointer is dereferenced, leading to a crash.", - "null-dereference-in-java": "Many of Infer's reports of potential Null Pointer Exceptions (NPE) come from code of the form", - "null-dereference-in-c": "Here is an example of an inter-procedural null dereference bug in C:", - "null-dereference-in-objective-c": "In Objective-C, null dereferences are less common than in Java, but they still happen and their cause can be hidden. In general, passing a message to nil does not cause a crash and returns nil, but dereferencing a pointer directly does cause a crash.", - "nullptr_dereference_in_nullsafe_class": "Infer reports null dereference bugs in Java, C, C++, and Objective-C when it is possible that the null pointer is dereferenced, leading to a crash.", - "null-dereference-in-java-1": "Many of Infer's reports of potential Null Pointer Exceptions (NPE) come from code of the form", - "null-dereference-in-c-1": "Here is an example of an inter-procedural null dereference bug in C:", - "null-dereference-in-objective-c-1": "In Objective-C, null dereferences are less common than in Java, but they still happen and their cause can be hidden. In general, passing a message to nil does not cause a crash and returns nil, but dereferencing a pointer directly does cause a crash.", - "nullptr_dereference_in_nullsafe_class_latent": "A latent NULLPTR_DEREFERENCE_IN_NULLSAFE_CLASS. See the documentation on Pulse latent issues.", - "nullptr_dereference_latent": "A latent NULLPTR_DEREFERENCE. See the documentation on Pulse latent issues.", - "null_argument": "This issue type indicates `nil` being passed as argument where a non-nil value expected.", - "null_argument_latent": "A latent NULL_ARGUMENT. See the documentation on Pulse latent issues.", - "null_dereference": "See NULLPTR_DEREFERENCE.", - "optional_empty_access": "Optional Empty Access warnings are reported when we try to retrieve the value of a folly::Optional when it is empty (i.e. folly::none).", - "optional_empty_access_latent": "A latent OPTIONAL_EMPTY_ACCESS. See the documentation on Pulse latent issues.", - "premature_nil_termination_argument": "This error type is reported in C and Objective-C. In many variadic methods, nil is used to signify the end of the list of input objects. This is similar to nil-termination of C strings. If one of the arguments that is not the last argument to the method is nil as well, Infer reports an error because that may lead to unexpected behavior.", - "pulse_cannot_instantiate_abstract_class": "Instantiating an abstract class will lead to Cannot instantiate abstract class error.", - "pulse_const_refable": "This issue is reported when a function parameter is a) passed by value and b) is not modified inside the function. Instead, parameter can be passed by const reference, i.e. converted to a const& so that no unnecessary copy is created at the callsite of the function.", - "pulse_dict_missing_key": "This issue is similar to PULSE_UNINITIALIZED_VALUE, but it is to warn reading a missing key of dictionary in Hack.", - "pulse_dynamic_type_mismatch": "This error is reported in Hack. It fires when we detect an operation that is incompatible with the dynamic type of its arguments.", - "pulse_readonly_shared_ptr_param": "This issue is reported when a shared pointer parameter is a) passed by value and b) is used only for reading, rather than lifetime extension. At the callsite, this might cause a potentially expensive unnecessary copy of the shared pointer, especially when many number of threads are sharing it. To avoid this, consider 1) passing the raw pointer instead and 2) use std::shared_ptr::get at callsites.", - "pulse_reference_stability": "The family of maps folly::F14ValueMap, folly::F14VectorMap, and by extension folly::F14FastMap differs slightly from std::unordered_map as it does not provide reference stability. When the map resizes such as when reserve is called or new elements are added, all existing references become invalid and should not be used.", - "pulse_resource_leak": "See RESOURCE_LEAK", - "pulse_transitive_access": "This issue tracks spurious accesses that are reachable from specific entry functions.", - "pulse_unawaited_awaitable": "Awaitable values created by calls to asynchronous methods should eventually be awaited along all codepaths (even if their value is unused). Hence the following is not OK", - "pulse_uninitialized_const": "This issue is similar to PULSE_UNINITIALIZED_VALUE, but it is to detect the uninitialized abstract const value in Hack.", - "pulse_uninitialized_value": "The code uses a variable that has not been initialized, leading to unpredictable or unintended results.", - "pulse_unnecessary_copy": "This is reported when Infer detects an unnecessary copy of an object via copy constructor where neither the source nor the copied variable are modified before the variable goes out of scope. Rather than the copy, a reference to the source object could be used to save memory.", - "pulse_unnecessary_copy_assignment": "See PULSE_UNNECESSARY_COPY.", - "pulse_unnecessary_copy_assignment_const": "See PULSE_UNNECESSARY_COPY.", - "pulse_unnecessary_copy_assignment_movable": "See PULSE_UNNECESSARY_COPY_MOVABLE.", - "pulse_unnecessary_copy_intermediate": "This is reported when Infer detects an unnecessary temporary copy of an intermediate object where copy is created to be passed down to a function unnecessarily. Instead, the intermediate object should either be moved into the callee or the type of the callee's parameter should be made const &.", - "pulse_unnecessary_copy_intermediate_const": "See PULSE_UNNECESSARY_COPY.", - "pulse_unnecessary_copy_movable": "This is reported when Infer detects an unnecessary copy into a field where", - "pulse_unnecessary_copy_optional": "This is reported when Infer detects an unnecessary copy of an object via optional value construction where the source is not modified before it goes out of scope. To avoid the copy, we can move the source object or change the callee's type.", - "pulse_unnecessary_copy_optional_const": "See PULSE_UNNECESSARY_COPY_OPTIONAL.", - "pulse_unnecessary_copy_return": "This is similar to PULSE_UNNECESSARY_COPY, but reported when a callee returns a copied value and it is not modified in its caller. We may be able to return const-ref typed value or try std::move to avoid the copy.", - "pure_function": "This issue type indicates pure functions. For instance, below functions would be marked as pure:", - "quandary_taint_error": "Generic taint error when nothing else fits.", - "regex_op_on_ui_thread": "A potentially costly operation on a regular expression occurs on the UI thread.", - "resource_leak": "Infer reports resource leaks in C, Objective-C and Java. In general, resources are entities such as files, sockets, connections, etc, that need to be closed after being used.", - "resource-leak-in-c": "This is an example of a resource leak in C code:", - "resource-leak-in-java": "For the remaining of this section, we will consider examples of resource leaks in Java code.", - "basics-and-standard-idiom": "Some objects in Java, the resources, are supposed to be closed when you stop using them, and failure to close is a resource leak. Resources include input streams, output streams, readers, writers, sockets, http connections, cursors, and json parsers.", - "nested_allocations": "When a resource allocation is included as an argument to a constructor, if the constructor fails it can leave an unreachable resource that no one can close.", - "allocation-of-jsonparser-and-cursor-resources": "Some resources are created inside libraries instead of by \"new\".", - "escaping-resources-and-exceptions": "Sometimes you want to return a resource to the outside, in which case you should not close it, but you still need to be careful of exceptions in case control skips past the return leaving no one to close. Here is a simple example of a positive use of escaping resources.", - "java-7s-try-with-resources": "(For use with Java 7 only)", - "retain_cycle": "A retain cycle is a situation when object A retains object B, and object B retains object A at the same time. Here is an example:", - "retain_cycle_no_weak_info": "A retain cycle is a situation when object A retains object B, and object B retains object A at the same time. Here is an example:", - "scope_leakage": "This issue type indicates that a class with scope annotation A stores a field with whose (dynamic) type (or one of its super types) is annotated with scope B such that a scope nesting restriction is violated. By \"stores\", we mean either directly or transitively.", - "sensitive_data_flow": "A flow of sensitive data was detected from a source.", - "shell_injection": "Environment variable or file data flowing to shell.", - "shell_injection_risk": "Code injection if the caller of the endpoint doesn't sanitize on its end.", - "sql_injection": "Untrusted and unescaped data flows to SQL.", - "sql_injection_risk": "Untrusted and unescaped data flows to SQL.", - "stack_variable_address_escape": "Reported when an address pointing into the stack of the current function will escape to its calling context. Such addresses will become invalid by the time the function actually returns so are potentially dangerous.", - "starvation": "This error is reported in Java, and specifically on Android. These reports are triggered when a method that runs on the UI thread may block, thus potentially leading to an Application Not Responding error.", - "static_initialization_order_fiasco": "This error is reported in C++. It fires when the initialization of a static variable A, accesses a static variable B from another translation unit (usually another .cpp file). There are no guarantees whether B has been already initialized or not at that point.", - "strict_mode_violation": "Android has a feature called strict mode, which if enabled, will flag the occasions where the main thread makes a call that results in disk I/O, waiting on a network socket, etc. The analysis catching starvation errors and deadlocks (the --starvation analysis) has the ability to statically detect such violations.", - "strong_self_not_checked": "This checks reports a potential issue when a block captures weakSelf (a weak pointer to self), then one assigns this pointer to a local variable strongSelf inside the block and uses this variable without checking first whether it is nil. The problem here is that the weak pointer could be nil at the time when the block is executed. So, the correct usage is to first check whether strongSelf is a valid pointer, and then use it.", - "taint_error": "A taint flow was detected from a source to a sink", - "thread_safety_violation": "This warning indicates a potential data race in Java. The analyser is called RacerD and this section gives brief but a mostly complete description of its features. See the RacerD page for more in-depth information and examples.", - "thread-safety-what-is-a-data-race": "Here a data race is a pair of accesses to the same member field such that:", - "thread-safety-potential-fixes": "Synchronizing the accesses (using the synchronized keyword, thread-exclusion such as atomic objects, volatile etc). Making an offending method private -- this will exclude it from being checked at the top level, though it will be checked if called by a public method which may itself, e.g., hold a lock when calling it. Putting the two accesses on the same thread, e.g., by using @MainThread or @ThreadConfined.", - "thread-safety-conditions-checked-before-reporting": "The class and method are not marked @ThreadSafe(enableChecks = false), and,", - "thread-safety-thread-annotations-recognized-by-racerd": "These class and method annotations imply the method is on the main thread: @MainThread, @UiThread", - "thread-safety-other-annotations-and-what-they-do": "These annotations can be found at com.facebook.infer.annotation.*.", - "topl_error": "A violation of a Topl property (user-specified). There is an execution path in the code that drives a Topl property from a start state to an error state.", - "topl_error_latent": "A latent TOPL_ERROR. See the documentation on Pulse latent issues.", - "untrusted_buffer_access": "Untrusted data of any kind flowing to buffer.", - "untrusted_deserialization": "User-controlled deserialization.", - "untrusted_deserialization_risk": "User-controlled deserialization", - "untrusted_environment_change_risk": "User-controlled environment mutation.", - "untrusted_file": "User-controlled file creation; may be vulnerable to path traversal and more.", - "untrusted_file_risk": "User-controlled file creation; may be vulnerable to path traversal and more.", - "untrusted_heap_allocation": "Untrusted data of any kind flowing to heap allocation. this can cause crashes or DOS.", - "untrusted_intent_creation": "Creating an Intent from user-controlled data.", - "untrusted_url_risk": "Untrusted flag, environment variable, or file data flowing to URL.", - "untrusted_variable_length_array": "Untrusted data of any kind flowing to stack buffer allocation. Trying to allocate a stack buffer that's too large will cause a stack overflow.", - "user_controlled_sql_risk": "Untrusted data flows to SQL (no injection risk).", - "use_after_delete": "An address that was invalidated by a call to delete in C++ is dereferenced.", - "use_after_delete_latent": "A latent USE_AFTER_DELETE. See the documentation on Pulse latent issues.", - "use_after_free": "An address that was invalidated by a call to free in C is dereferenced.", - "use_after_free_latent": "A latent USE_AFTER_FREE. See the documentation on Pulse latent issues.", - "use_after_lifetime": "The lifetime of an object has ended but that object is being accessed. For example, the address of a variable holding a C++ object is accessed after the variable has gone out of scope:", - "use_after_lifetime_latent": "A latent USE_AFTER_LIFETIME. See the documentation on Pulse latent issues.", - "vector_invalidation": "An address pointing into a C++ std::vector might have become invalid. This can happen when an address is taken into a vector, then the vector is mutated in a way that might invalidate the address, for example by adding elements to the vector, which might trigger a re-allocation of the entire vector contents (thereby invalidating the pointers into the previous location of the contents).", - "vector_invalidation_latent": "A latent VECTOR_INVALIDATION. See the documentation on Pulse latent issues.", - "weak_self_in_no_escape_block": "This check reports when weakSelf (a weak pointer to self) is used in a block, and this block is passed to a \"no escaping\" method. This means that the block passed to that method won't be leaving the current scope, this is marked with the annotation NS_NOESCAPE." -} \ No newline at end of file diff --git a/codechecker_common/checker_labels.py b/codechecker_common/checker_labels.py index 2afea8a66b..7f1f630a85 100644 --- a/codechecker_common/checker_labels.py +++ b/codechecker_common/checker_labels.py @@ -41,7 +41,8 @@ class CheckerLabels: # default value of the label also needs to be provided here. UNIQUE_LABELS = { 'severity': 'UNSPECIFIED', - 'blacklist': 'false'} + 'blacklist': 'false', + 'description': ''} def __init__(self, checker_labels_dir: str): if not os.path.isdir(checker_labels_dir): diff --git a/config/labels/analyzers/infer.json b/config/labels/analyzers/infer.json index 70db334d4e..5bbcfa762b 100644 --- a/config/labels/analyzers/infer.json +++ b/config/labels/analyzers/infer.json @@ -2,6 +2,7 @@ "analyzer": "infer", "labels": { "infer-arbitrary-code-execution-under-lock": [ + "description:A call that may execute arbitrary code (such as registered, or chained, callbacks) is made while holding a lock. This code may deadlock whenever the callbacks obtain locks themselves, so it is an unsafe pattern.", "doc_url:https://fbinfer.com/docs/all-issue-types#arbitrary_code_execution_under_lock", "profile:unknown", "severity:HIGH" @@ -37,61 +38,73 @@ "severity:HIGH" ], "infer-bad-arg": [ + "description:Bad arg in Erlang: Reports an error when the type of an argument is wrong or the argument is badly formed. Corresponds to the badarg error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_arg", "profile:unknown", "severity:HIGH" ], "infer-bad-arg-latent": [ + "description:A latent BAD_ARG. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_arg_latent", "profile:unknown", "severity:HIGH" ], "infer-bad-generator": [ + "description:Bad generator in Erlang: Reports an error when a wrong type is used in a generator. Corresponds to the bad_generator error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_generator", "profile:unknown", "severity:HIGH" ], "infer-bad-generator-latent": [ + "description:A latent BAD_GENERATOR. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_generator_latent", "profile:unknown", "severity:HIGH" ], "infer-bad-key": [ + "description:Bad key in Erlang: Reports an error when trying to access or update a non-existing key in a map. Corresponds to the {badkey,K} error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_key", "profile:unknown", "severity:HIGH" ], "infer-bad-key-latent": [ + "description:A latent BAD_KEY. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_key_latent", "profile:unknown", "severity:HIGH" ], "infer-bad-map": [ + "description:Bad map in Erlang: Reports an error when trying to access or update a key for a term that is not a map. Corresponds to the {badmap,...} error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_map", "profile:unknown", "severity:HIGH" ], "infer-bad-map-latent": [ + "description:A latent BAD_MAP. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_map_latent", "profile:unknown", "severity:HIGH" ], "infer-bad-record": [ + "description:Bad record in Erlang: Reports an error when trying to access or update a record with the wrong name. Corresponds to the {badrecord,Name} error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_record", "profile:unknown", "severity:HIGH" ], "infer-bad-record-latent": [ + "description:A latent BAD_RECORD. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_record_latent", "profile:unknown", "severity:HIGH" ], "infer-bad-return": [ + "description:Bad return in Erlang: The dynamic type of a returned value disagrees with the static type given in the spec.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_return", "profile:unknown", "severity:HIGH" ], "infer-bad-return-latent": [ + "description:A latent BAD_RETURN. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#bad_return_latent", "profile:unknown", "severity:HIGH" @@ -102,51 +115,61 @@ "severity:MEDIUM" ], "infer-biabduction-memory-leak": [ + "description:See MEMORY_LEAK_C.", "doc_url:https://fbinfer.com/docs/all-issue-types#biabduction_memory_leak", "profile:unknown", "severity:HIGH" ], "infer-biabduction-retain-cycle": [ + "description:See RETAIN_CYCLE.", "doc_url:https://fbinfer.com/docs/all-issue-types#biabduction_retain_cycle", "profile:unknown", "severity:HIGH" ], "infer-block-parameter-not-null-checked": [ + "description:This error type is reported only in Objective-C/Objective-C++. It happens when a method has a block as a parameter, and the block is executed in the method's body without checking it for nil first. If a nil block is passed to the method, then this will cause a crash. For example:", "doc_url:https://fbinfer.com/docs/all-issue-types#block_parameter_not_null_checked", "profile:unknown", "severity:MEDIUM" ], "infer-buffer-overrun-l1": [ + "description:This is reported when outside of buffer bound is accessed. It can corrupt memory and may introduce security issues in C/C++.", "doc_url:https://fbinfer.com/docs/all-issue-types#buffer_overrun_l1", "profile:unknown", "severity:HIGH" ], "infer-buffer-overrun-l2": [ + "description:See BUFFER_OVERRUN_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#buffer_overrun_l2", "profile:unknown", "severity:HIGH" ], "infer-buffer-overrun-l3": [ + "description:See BUFFER_OVERRUN_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#buffer_overrun_l3", "profile:unknown", "severity:HIGH" ], "infer-buffer-overrun-l4": [ + "description:See BUFFER_OVERRUN_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#buffer_overrun_l4", "profile:unknown", "severity:HIGH" ], "infer-buffer-overrun-l5": [ + "description:See BUFFER_OVERRUN_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#buffer_overrun_l5", "profile:unknown", "severity:HIGH" ], "infer-buffer-overrun-s2": [ + "description:See BUFFER_OVERRUN_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#buffer_overrun_s2", "profile:unknown", "severity:HIGH" ], "infer-buffer-overrun-u5": [ + "description:See BUFFER_OVERRUN_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#buffer_overrun_u5", "profile:unknown", "severity:HIGH" @@ -157,36 +180,43 @@ "severity:HIGH" ], "infer-captured-strong-self": [ + "description:This check is about when a strong pointer to self is captured in a block. This could lead to retain cycles or unexpected behavior since to avoid retain cycles one usually uses a local strong pointer or a captured weak pointer instead.", "doc_url:https://fbinfer.com/docs/all-issue-types#captured_strong_self", "profile:unknown", "severity:HIGH" ], "infer-checkers-allocates-memory": [ + "description:A method annotated with @NoAllocation transitively calls new.", "doc_url:https://fbinfer.com/docs/all-issue-types#checkers_allocates_memory", "profile:unknown", "severity:HIGH" ], "infer-checkers-annotation-reachability-error": [ + "description:A method annotated with an annotation @A transitively calls a method annotated @B where the combination of annotations is forbidden (for example, @UiThread calling @WorkerThread).", "doc_url:https://fbinfer.com/docs/all-issue-types#checkers_annotation_reachability_error", "profile:unknown", "severity:HIGH" ], "infer-checkers-calls-expensive-method": [ + "description:A method annotated with @PerformanceCritical transitively calls a method annotated @Expensive.", "doc_url:https://fbinfer.com/docs/all-issue-types#checkers_calls_expensive_method", "profile:unknown", "severity:HIGH" ], "infer-checkers-expensive-overrides-unannotated": [ + "description:A method annotated with @Expensive overrides an un-annotated method.", "doc_url:https://fbinfer.com/docs/all-issue-types#checkers_expensive_overrides_unannotated", "profile:unknown", "severity:HIGH" ], "infer-checkers-fragment-retains-view": [ + "description:This error type is Android-specific. It fires when a Fragment type fails to nullify one or more of its declared View fields in onDestroyView. In performance-sensitive applications, a Fragment should initialize all View's in onCreateView and nullify them in onDestroyView. If a Fragment is placed on the back stack and fails to nullify a View in onDestroyView, it will retain a useless reference to that View that will not be cleaned up until the Fragment is resumed or destroyed.", "doc_url:https://fbinfer.com/docs/all-issue-types#checkers_fragment_retains_view", "profile:unknown", "severity:MEDIUM" ], "infer-checkers-printf-args": [ + "description:This error is reported when the argument types to a printf method do not match the format string.", "doc_url:https://fbinfer.com/docs/all-issue-types#checkers_printf_args", "profile:unknown", "severity:HIGH" @@ -207,41 +237,49 @@ "severity:MEDIUM" ], "infer-config-impact": [ + "description:Infer reports this issue when an expensive function is called without a config check. The config is usually a boolean value that enables experimental new features and it is defined per application/codebase, e.g. gatekeepers. To determine whether a function is expensive or not, the checker relies on modeled functions that are assumed to be expensive, e.g. string operations, regular expression match, or DB accesses.", "doc_url:https://fbinfer.com/docs/all-issue-types#config_impact", "profile:unknown", "severity:STYLE" ], "infer-config-impact-strict": [ + "description:This is similar to CONFIG_IMPACT issue but the analysis reports all ungated codes irrespective of whether they are expensive or not.", "doc_url:https://fbinfer.com/docs/all-issue-types#config_impact_strict", "profile:unknown", "severity:STYLE" ], "infer-config-usage": [ + "description:Infer reports this issue when a config value is used as branch condition in a function. The config is usually a boolean value that enables experimental new features and it is defined per application/codebase, e.g. gatekeepers.", "doc_url:https://fbinfer.com/docs/all-issue-types#config_usage", "profile:unknown", "severity:LOW" ], "infer-constant-address-dereference": [ + "description:This is reported when an address at an absolute location, e.g. 1234, is dereferenced. It is a more general version of the NULLPTR_DEREFERENCE error type that is reported when the address is a constant other than zero.", "doc_url:https://fbinfer.com/docs/all-issue-types#constant_address_dereference", "profile:unknown", "severity:MEDIUM" ], "infer-constant-address-dereference-latent": [ + "description:A latent CONSTANT_ADDRESS_DEREFERENCE. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#constant_address_dereference_latent", "profile:unknown", "severity:MEDIUM" ], "infer-create-intent-from-uri": [ + "description:Create an intent/start a component using a (possibly user-controlled) URI. may or may not be an issue depending on where the URI comes from.", "doc_url:https://fbinfer.com/docs/all-issue-types#create_intent_from_uri", "profile:unknown", "severity:HIGH" ], "infer-cross-site-scripting": [ + "description:Untrusted data flows into HTML; XSS risk.", "doc_url:https://fbinfer.com/docs/all-issue-types#cross_site_scripting", "profile:unknown", "severity:HIGH" ], "infer-cxx-ref-captured-in-block": [ + "description:This check flags when a C++ reference is captured in an escaping block. This means that the block will be leaving the current scope, i.e. it is not annotated with __attribute__((noescape)).", "doc_url:https://fbinfer.com/docs/all-issue-types#cxx_ref_captured_in_block", "profile:unknown", "severity:HIGH" @@ -252,6 +290,7 @@ "severity:HIGH" ], "infer-dangling-pointer-dereference": [ + "description:DATALOG_FACT", "doc_url:https://fbinfer.com/docs/all-issue-types#dangling_pointer_dereference", "profile:unknown", "severity:HIGH" @@ -262,26 +301,31 @@ "severity:MEDIUM" ], "infer-datalog-fact": [ + "description:Datalog fact used as input for a datalog solver.", "doc_url:https://fbinfer.com/docs/all-issue-types#datalog_fact", "profile:unknown", "severity:LOW" ], "infer-data-flow-to-sink": [ + "description:A flow of data was detected to a sink.", "doc_url:https://fbinfer.com/docs/all-issue-types#data_flow_to_sink", "profile:unknown", "severity:STYLE" ], "infer-deadlock": [ + "description:This error is currently reported in Java. A deadlock occurs when two distinct threads try to acquire two locks in reverse orders. The following code illustrates a textbook example. Of course, in real deadlocks, the lock acquisitions may be separated by deeply nested call chains.", "doc_url:https://fbinfer.com/docs/all-issue-types#deadlock", "profile:unknown", "severity:HIGH" ], "infer-dead-store": [ + "description:This error is reported in C++. It fires when the value assigned to a variables is never used (e.g., int i = 1; i = 2; return i;).", "doc_url:https://fbinfer.com/docs/all-issue-types#dead_store", "profile:unknown", "severity:HIGH" ], "infer-divide-by-zero": [ + "description:EMPTY_VECTOR_ACCESS", "doc_url:https://fbinfer.com/docs/all-issue-types#divide_by_zero", "profile:unknown", "severity:HIGH" @@ -292,36 +336,43 @@ "severity:HIGH" ], "infer-empty-vector-access": [ + "description:This error type is reported only in C++, in versions >= C++11.", "doc_url:https://fbinfer.com/docs/all-issue-types#empty_vector_access", "profile:unknown", "severity:HIGH" ], "infer-execution-time-complexity-increase": [ + "description:Infer reports this issue when the execution time complexity of a program increases in degree: e.g. from constant to linear or from logarithmic to quadratic. This issue type is only reported in differential mode: i.e when we are comparing the cost analysis results of two runs of infer on a file. Check out examples in here.", "doc_url:https://fbinfer.com/docs/all-issue-types#execution_time_complexity_increase", "profile:unknown", "severity:HIGH" ], "infer-execution-time-complexity-increase-ui-thread": [ + "description:Infer reports this issue when the execution time complexity of the procedure increases in degree and the procedure runs on the UI (main) thread.", "doc_url:https://fbinfer.com/docs/all-issue-types#execution_time_complexity_increase_ui_thread", "profile:unknown", "severity:HIGH" ], "infer-execution-time-unreachable-at-exit": [ + "description:This issue type indicates that the program's execution doesn't reach the exit node (where our analysis computes the final cost of the procedure). Hence, we cannot compute a static bound for the procedure.", "doc_url:https://fbinfer.com/docs/all-issue-types#execution_time_unreachable_at_exit", "profile:unknown", "severity:HIGH" ], "infer-expensive-execution-time": [ + "description:[EXPERIMENTAL] This warning indicates that the procedure has non-constant and non-top execution cost. By default, this issue type is disabled. To enable it, set enabled=true in costKind.ml.", "doc_url:https://fbinfer.com/docs/all-issue-types#expensive_execution_time", "profile:unknown", "severity:HIGH" ], "infer-expensive-loop-invariant-call": [ + "description:We report this issue type when a function is loop-invariant and also expensive (i.e. at least has linear complexity as determined by the cost analysis).", "doc_url:https://fbinfer.com/docs/all-issue-types#expensive_loop_invariant_call", "profile:unknown", "severity:HIGH" ], "infer-exposed-insecure-intent-handling": [ + "description:Undocumented.", "doc_url:https://fbinfer.com/docs/all-issue-types#exposed_insecure_intent_handling", "profile:unknown", "severity:HIGH" @@ -332,46 +383,55 @@ "severity:LOW" ], "infer-guardedby-violation": [ + "description:A field annotated with @GuardedBy is being accessed by a call-chain that starts at a non-private method without synchronization.", "doc_url:https://fbinfer.com/docs/all-issue-types#guardedby_violation", "profile:unknown", "severity:MEDIUM" ], "infer-impure-function": [ + "description:This issue type indicates impure functions. For instance, below functions would be marked as impure:", "doc_url:https://fbinfer.com/docs/all-issue-types#impure_function", "profile:unknown", "severity:HIGH" ], "infer-inefficient-keyset-iterator": [ + "description:This issue is raised when", "doc_url:https://fbinfer.com/docs/all-issue-types#inefficient_keyset_iterator", "profile:unknown", "severity:MEDIUM" ], "infer-inferbo-alloc-is-big": [ + "description:malloc is passed a large constant value (>=10^6). For example, int n = 1000000; malloc(n); generates INFERBO_ALLOC_IS_BIG on malloc(n).", "doc_url:https://fbinfer.com/docs/all-issue-types#inferbo_alloc_is_big", "profile:unknown", "severity:HIGH" ], "infer-inferbo-alloc-is-negative": [ + "description:malloc is called with a negative size. For example, int n = 3 - 5; malloc(n); generates INFERBO_ALLOC_IS_NEGATIVE on malloc(n).", "doc_url:https://fbinfer.com/docs/all-issue-types#inferbo_alloc_is_negative", "profile:unknown", "severity:HIGH" ], "infer-inferbo-alloc-is-zero": [ + "description:malloc is called with a zero size. For example, int n = 3 - 3; malloc(n); generates INFERBO_ALLOC_IS_ZERO on malloc(n).", "doc_url:https://fbinfer.com/docs/all-issue-types#inferbo_alloc_is_zero", "profile:unknown", "severity:HIGH" ], "infer-inferbo-alloc-may-be-big": [ + "description:malloc may be called with a large value. For example, int n = b ? 3 : 1000000; malloc(n); generates INFERBO_ALLOC_MAY_BE_BIG on malloc(n).", "doc_url:https://fbinfer.com/docs/all-issue-types#inferbo_alloc_may_be_big", "profile:unknown", "severity:HIGH" ], "infer-inferbo-alloc-may-be-negative": [ + "description:malloc may be called with a negative value. For example, int n = b ? 3 : -5; malloc(n); generates INFERBO_ALLOC_MAY_BE_NEGATIVE on malloc(n).", "doc_url:https://fbinfer.com/docs/all-issue-types#inferbo_alloc_may_be_negative", "profile:unknown", "severity:HIGH" ], "infer-infinite-execution-time": [ + "description:This warning indicates that Infer was not able to determine a static upper bound on the execution cost of the procedure. By default, this issue type is disabled.", "doc_url:https://fbinfer.com/docs/all-issue-types#infinite_execution_time", "profile:unknown", "severity:HIGH" @@ -382,46 +442,55 @@ "severity:MEDIUM" ], "infer-insecure-intent-handling": [ + "description:Undocumented.", "doc_url:https://fbinfer.com/docs/all-issue-types#insecure_intent_handling", "profile:unknown", "severity:HIGH" ], "infer-integer-overflow-l1": [ + "description:This is reported when integer overflow occurred by integer operations such as addition, subtraction, and multiplication. For example, int n = INT_MAX; int m = n + 3; generates a INTEGER_OVERFLOW_L1 on n + 3.", "doc_url:https://fbinfer.com/docs/all-issue-types#integer_overflow_l1", "profile:unknown", "severity:HIGH" ], "infer-integer-overflow-l2": [ + "description:See INTEGER_OVERFLOW_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#integer_overflow_l2", "profile:unknown", "severity:HIGH" ], "infer-integer-overflow-l5": [ + "description:See INTEGER_OVERFLOW_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#integer_overflow_l5", "profile:unknown", "severity:HIGH" ], "infer-integer-overflow-u5": [ + "description:See INTEGER_OVERFLOW_L1", "doc_url:https://fbinfer.com/docs/all-issue-types#integer_overflow_u5", "profile:unknown", "severity:HIGH" ], "infer-interface-not-thread-safe": [ + "description:This error indicates that you have invoked an interface method not annotated with @ThreadSafe from a thread-safe context (e.g., code that uses locks or is marked @ThreadSafe). The fix is to add the @ThreadSafe annotation to the interface or to the interface method. For background on why these annotations are needed, see the detailed explanation here.", "doc_url:https://fbinfer.com/docs/all-issue-types#interface_not_thread_safe", "profile:unknown", "severity:MEDIUM" ], "infer-invalid-sil": [ + "description:The SIL instruction does not conform to the expected subset of instructions expected for the front-end of the language for the analyzed code.", "doc_url:https://fbinfer.com/docs/all-issue-types#invalid_sil", "profile:unknown", "severity:HIGH" ], "infer-invariant-call": [ + "description:We report this issue type when a function call is loop-invariant and hoistable, i.e.", "doc_url:https://fbinfer.com/docs/all-issue-types#invariant_call", "profile:unknown", "severity:HIGH" ], "infer-ipc-on-ui-thread": [ + "description:A blocking Binder IPC call occurs on the UI thread.", "doc_url:https://fbinfer.com/docs/all-issue-types#ipc_on_ui_thread", "profile:unknown", "severity:MEDIUM" @@ -432,26 +501,31 @@ "severity:HIGH" ], "infer-javascript-injection": [ + "description:Untrusted data flows into JavaScript.", "doc_url:https://fbinfer.com/docs/all-issue-types#javascript_injection", "profile:unknown", "severity:HIGH" ], "infer-lab-resource-leak": [ + "description:Toy issue.", "doc_url:https://fbinfer.com/docs/all-issue-types#lab_resource_leak", "profile:unknown", "severity:HIGH" ], "infer-lockless-violation": [ + "description:A method implements an interface signature annotated with @Lockless but which transitively acquires a lock.", "doc_url:https://fbinfer.com/docs/all-issue-types#lockless_violation", "profile:unknown", "severity:HIGH" ], "infer-lock-consistency-violation": [ + "description:This is an error reported on C++ and Objective C classes whenever:", "doc_url:https://fbinfer.com/docs/all-issue-types#lock_consistency_violation", "profile:unknown", "severity:MEDIUM" ], "infer-logging-private-data": [ + "description:Undocumented.", "doc_url:https://fbinfer.com/docs/all-issue-types#logging_private_data", "profile:unknown", "severity:HIGH" @@ -472,36 +546,43 @@ "severity:HIGH" ], "infer-memory-leak-c": [ + "description:Memory leak in C", "doc_url:https://fbinfer.com/docs/all-issue-types#memory_leak_c", "profile:unknown", "severity:HIGH" ], "infer-memory-leak-cpp": [ + "description:See MEMORY_LEAK_C", "doc_url:https://fbinfer.com/docs/all-issue-types#memory_leak_cpp", "profile:unknown", "severity:HIGH" ], "infer-missing-required-prop": [ + "description:This issues is reported when a required @Prop is missing.", "doc_url:https://fbinfer.com/docs/all-issue-types#missing_required_prop", "profile:unknown", "severity:HIGH" ], "infer-mixed-self-weakself": [ + "description:This check reports an issue when an Objective-C block captures both self and weakSelf, a weak pointer to self. Possibly the developer meant to capture only weakSelf to avoid a retain cycle, but made a typo and used self instead of strongSelf. In this case, this could cause a retain cycle.", "doc_url:https://fbinfer.com/docs/all-issue-types#mixed_self_weakself", "profile:unknown", "severity:HIGH" ], "infer-modifies-immutable": [ + "description:This issue type indicates modifications to fields marked as @Immutable. For instance, below function mutateArray would be marked as modifying immutable field testArray:", "doc_url:https://fbinfer.com/docs/all-issue-types#modifies_immutable", "profile:unknown", "severity:HIGH" ], "infer-multiple-weakself": [ + "description:This check reports when an Objective-C block uses weakSelf (a weak pointer to self) more than once. This could lead to unexpected behaviour. Even if weakSelf is not nil in the first use, it could be nil in the following uses since the object that weakSelf points to could be freed anytime.", "doc_url:https://fbinfer.com/docs/all-issue-types#multiple_weakself", "profile:unknown", "severity:HIGH" ], "infer-mutual-recursion-cycle": [ + "description:A recursive call or mutually recursive call has been detected. This does not mean that the program won't terminate, just that the code is recursive. You should double-check if the recursion is intended and if it can lead to non-termination or a stack overflow.", "doc_url:https://fbinfer.com/docs/all-issue-types#mutual_recursion_cycle", "profile:unknown", "severity:MEDIUM" @@ -512,136 +593,163 @@ "severity:HIGH" ], "infer-nil-block-call": [ + "description:This check reports when one tries to call an Objective-C block that is nil. This causes a crash.", "doc_url:https://fbinfer.com/docs/all-issue-types#nil_block_call", "profile:unknown", "severity:HIGH" ], "infer-nil-block-call-latent": [ + "description:A latent NIL_BLOCK_CALL. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#nil_block_call_latent", "profile:unknown", "severity:HIGH" ], "infer-nil-insertion-into-collection": [ + "description:This checks reports when nil is passed to collections in Objective-C such as arrays and dictionaries. This causes a crash.", "doc_url:https://fbinfer.com/docs/all-issue-types#nil_insertion_into_collection", "profile:unknown", "severity:HIGH" ], "infer-nil-insertion-into-collection-latent": [ + "description:A latent NIL_INSERTION_INTO_COLLECTION. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#nil_insertion_into_collection_latent", "profile:unknown", "severity:HIGH" ], "infer-nil-messaging-to-non-pod": [ + "description:In Objective-C, calling a method on nil (or in Objective-C terms, sending a message to nil) does not crash, it simply returns a falsy value (nil/0/false). However, sending a message that returns a non-POD C++ type (POD being \"Plain Old Data\", essentially anything that cannot be compiled as a C-style struct) to nil causes undefined behaviour.", "doc_url:https://fbinfer.com/docs/all-issue-types#nil_messaging_to_non_pod", "profile:unknown", "severity:HIGH" ], "infer-nil-messaging-to-non-pod-latent": [ + "description:A latent NIL_MESSAGING_TO_NON_POD. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#nil_messaging_to_non_pod_latent", "profile:unknown", "severity:HIGH" ], "infer-no-matching-branch-in-try": [ + "description:No matching branch is found when evaluating the of section of a try expression. Corresponds to the {try_clause,V} error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_matching_branch_in_try", "profile:unknown", "severity:HIGH" ], "infer-no-matching-branch-in-try-latent": [ + "description:A latent NO_MATCHING_BRANCH_IN_TRY. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_matching_branch_in_try_latent", "profile:unknown", "severity:HIGH" ], "infer-no-matching-case-clause": [ + "description:No matching case clause in Erlang: Reports an error when none of the clauses of a case match the expression. Corresponds to the {case_clause,V} error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_matching_case_clause", "profile:unknown", "severity:HIGH" ], "infer-no-matching-case-clause-latent": [ + "description:A latent NO_MATCHING_CASE_CLAUSE. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_matching_case_clause_latent", "profile:unknown", "severity:HIGH" ], "infer-no-matching-else-clause": [ + "description:No matching else clause in Erlang: Reports an error when none of the clauses of an else match the short-circuit result from maybe body. Corresponds to the {else_clause,V} error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_matching_else_clause", "profile:unknown", "severity:HIGH" ], "infer-no-matching-else-clause-latent": [ + "description:A latent NO_MATCHING_ELSE_CLAUSE. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_matching_else_clause_latent", "profile:unknown", "severity:HIGH" ], "infer-no-matching-function-clause": [ + "description:No matching function clause in Erlang: Reports an error when none of the clauses of a function match the arguments of a call. Corresponds to the function_clause error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_matching_function_clause", "profile:unknown", "severity:HIGH" ], "infer-no-matching-function-clause-latent": [ + "description:A latent NO_MATCHING_FUNCTION_CLAUSE. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_matching_function_clause_latent", "profile:unknown", "severity:HIGH" ], "infer-no-match-of-rhs": [ + "description:No match of right hand side value in Erlang: Reports an error when the right hand side value of a match expression does not match the pattern on the left hand side. Corresponds to the {badmatch,V} error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_match_of_rhs", "profile:unknown", "severity:HIGH" ], "infer-no-match-of-rhs-latent": [ + "description:A latent NO_MATCH_OF_RHS. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_match_of_rhs_latent", "profile:unknown", "severity:HIGH" ], "infer-no-true-branch-in-if": [ + "description:No true branch when evaluating an if expression in Erlang: Reports an error when none of the branches of an if expression evaluate to true. Corresponds to the if_clause error in the Erlang runtime.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_true_branch_in_if", "profile:unknown", "severity:HIGH" ], "infer-no-true-branch-in-if-latent": [ + "description:A latent NO_TRUE_BRANCH_IN_IF. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#no_true_branch_in_if_latent", "profile:unknown", "severity:HIGH" ], "infer-nullptr-dereference": [ + "description:Infer reports null dereference bugs in Java, C, C++, and Objective-C when it is possible that the null pointer is dereferenced, leading to a crash.", "doc_url:https://fbinfer.com/docs/all-issue-types#nullptr_dereference", "profile:unknown", "severity:HIGH" ], "infer-nullptr-dereference-in-nullsafe-class": [ + "description:Infer reports null dereference bugs in Java, C, C++, and Objective-C when it is possible that the null pointer is dereferenced, leading to a crash.", "doc_url:https://fbinfer.com/docs/all-issue-types#nullptr_dereference_in_nullsafe_class", "profile:unknown", "severity:HIGH" ], "infer-nullptr-dereference-in-nullsafe-class-latent": [ + "description:A latent NULLPTR_DEREFERENCE_IN_NULLSAFE_CLASS. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#nullptr_dereference_in_nullsafe_class_latent", "profile:unknown", "severity:HIGH" ], "infer-nullptr-dereference-latent": [ + "description:A latent NULLPTR_DEREFERENCE. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#nullptr_dereference_latent", "profile:unknown", "severity:HIGH" ], "infer-null-argument": [ + "description:This issue type indicates `nil` being passed as argument where a non-nil value expected.", "doc_url:https://fbinfer.com/docs/all-issue-types#null_argument", "profile:unknown", "severity:HIGH" ], "infer-null-argument-latent": [ + "description:A latent NULL_ARGUMENT. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#null_argument_latent", "profile:unknown", "severity:HIGH" ], "infer-null-dereference": [ + "description:See NULLPTR_DEREFERENCE.", "doc_url:https://fbinfer.com/docs/all-issue-types#null_dereference", "profile:unknown", "severity:HIGH" ], "infer-optional-empty-access": [ + "description:Optional Empty Access warnings are reported when we try to retrieve the value of a folly::Optional when it is empty (i.e. folly::none).", "doc_url:https://fbinfer.com/docs/all-issue-types#optional_empty_access", "profile:unknown", "severity:HIGH" ], "infer-optional-empty-access-latent": [ + "description:A latent OPTIONAL_EMPTY_ACCESS. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#optional_empty_access_latent", "profile:unknown", "severity:HIGH" @@ -657,161 +765,193 @@ "severity:MEDIUM" ], "infer-premature-nil-termination-argument": [ + "description:This error type is reported in C and Objective-C. In many variadic methods, nil is used to signify the end of the list of input objects. This is similar to nil-termination of C strings. If one of the arguments that is not the last argument to the method is nil as well, Infer reports an error because that may lead to unexpected behavior.", "doc_url:https://fbinfer.com/docs/all-issue-types#premature_nil_termination_argument", "profile:unknown", "severity:MEDIUM" ], "infer-pulse-cannot-instantiate-abstract-class": [ + "description:Instantiating an abstract class will lead to Cannot instantiate abstract class error.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_cannot_instantiate_abstract_class", "profile:unknown", "severity:HIGH" ], "infer-pulse-const-refable": [ + "description:This issue is reported when a function parameter is a) passed by value and b) is not modified inside the function. Instead, parameter can be passed by const reference, i.e. converted to a const& so that no unnecessary copy is created at the callsite of the function.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_const_refable", "profile:unknown", "severity:HIGH" ], "infer-pulse-dict-missing-key": [ + "description:This issue is similar to PULSE_UNINITIALIZED_VALUE, but it is to warn reading a missing key of dictionary in Hack.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_dict_missing_key", "profile:unknown", "severity:HIGH" ], "infer-pulse-dynamic-type-mismatch": [ + "description:This error is reported in Hack. It fires when we detect an operation that is incompatible with the dynamic type of its arguments.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_dynamic_type_mismatch", "profile:unknown", "severity:HIGH" ], "infer-pulse-readonly-shared-ptr-param": [ + "description:This issue is reported when a shared pointer parameter is a) passed by value and b) is used only for reading, rather than lifetime extension. At the callsite, this might cause a potentially expensive unnecessary copy of the shared pointer, especially when many number of threads are sharing it. To avoid this, consider 1) passing the raw pointer instead and 2) use std::shared_ptr::get at callsites.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_readonly_shared_ptr_param", "profile:unknown", "severity:HIGH" ], "infer-pulse-reference-stability": [ + "description:The family of maps folly::F14ValueMap, folly::F14VectorMap, and by extension folly::F14FastMap differs slightly from std::unordered_map as it does not provide reference stability. When the map resizes such as when reserve is called or new elements are added, all existing references become invalid and should not be used.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_reference_stability", "profile:unknown", "severity:HIGH" ], "infer-pulse-resource-leak": [ + "description:See RESOURCE_LEAK", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_resource_leak", "profile:unknown", "severity:HIGH" ], "infer-pulse-transitive-access": [ + "description:This issue tracks spurious accesses that are reachable from specific entry functions.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_transitive_access", "profile:unknown", "severity:HIGH" ], "infer-pulse-unawaited-awaitable": [ + "description:Awaitable values created by calls to asynchronous methods should eventually be awaited along all codepaths (even if their value is unused). Hence the following is not OK", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unawaited_awaitable", "profile:unknown", "severity:HIGH" ], "infer-pulse-uninitialized-const": [ + "description:This issue is similar to PULSE_UNINITIALIZED_VALUE, but it is to detect the uninitialized abstract const value in Hack.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_uninitialized_const", "profile:unknown", "severity:HIGH" ], "infer-pulse-uninitialized-value": [ + "description:The code uses a variable that has not been initialized, leading to unpredictable or unintended results.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_uninitialized_value", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy": [ + "description:This is reported when Infer detects an unnecessary copy of an object via copy constructor where neither the source nor the copied variable are modified before the variable goes out of scope. Rather than the copy, a reference to the source object could be used to save memory.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-assignment": [ + "description:See PULSE_UNNECESSARY_COPY.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_assignment", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-assignment-const": [ + "description:See PULSE_UNNECESSARY_COPY.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_assignment_const", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-assignment-movable": [ + "description:See PULSE_UNNECESSARY_COPY_MOVABLE.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_assignment_movable", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-intermediate": [ + "description:This is reported when Infer detects an unnecessary temporary copy of an intermediate object where copy is created to be passed down to a function unnecessarily. Instead, the intermediate object should either be moved into the callee or the type of the callee's parameter should be made const &.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_intermediate", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-intermediate-const": [ + "description:See PULSE_UNNECESSARY_COPY.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_intermediate_const", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-movable": [ + "description:This is reported when Infer detects an unnecessary copy into a field where", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_movable", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-optional": [ + "description:This is reported when Infer detects an unnecessary copy of an object via optional value construction where the source is not modified before it goes out of scope. To avoid the copy, we can move the source object or change the callee's type.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_optional", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-optional-const": [ + "description:See PULSE_UNNECESSARY_COPY_OPTIONAL.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_optional_const", "profile:unknown", "severity:HIGH" ], "infer-pulse-unnecessary-copy-return": [ + "description:This is similar to PULSE_UNNECESSARY_COPY, but reported when a callee returns a copied value and it is not modified in its caller. We may be able to return const-ref typed value or try std::move to avoid the copy.", "doc_url:https://fbinfer.com/docs/all-issue-types#pulse_unnecessary_copy_return", "profile:unknown", "severity:HIGH" ], "infer-pure-function": [ + "description:This issue type indicates pure functions. For instance, below functions would be marked as pure:", "doc_url:https://fbinfer.com/docs/all-issue-types#pure_function", "profile:unknown", "severity:HIGH" ], "infer-quandary-taint-error": [ + "description:Generic taint error when nothing else fits.", "doc_url:https://fbinfer.com/docs/all-issue-types#quandary_taint_error", "profile:unknown", "severity:HIGH" ], "infer-regex-op-on-ui-thread": [ + "description:A potentially costly operation on a regular expression occurs on the UI thread.", "doc_url:https://fbinfer.com/docs/all-issue-types#regex_op_on_ui_thread", "profile:unknown", "severity:MEDIUM" ], "infer-resource-leak": [ + "description:Infer reports resource leaks in C, Objective-C and Java. In general, resources are entities such as files, sockets, connections, etc, that need to be closed after being used.", "doc_url:https://fbinfer.com/docs/all-issue-types#resource_leak", "profile:unknown", "severity:HIGH" ], "infer-retain-cycle": [ + "description:A retain cycle is a situation when object A retains object B, and object B retains object A at the same time. Here is an example:", "doc_url:https://fbinfer.com/docs/all-issue-types#retain_cycle", "profile:unknown", "severity:HIGH" ], "infer-retain-cycle-no-weak-info": [ + "description:A retain cycle is a situation when object A retains object B, and object B retains object A at the same time. Here is an example:", "doc_url:https://fbinfer.com/docs/all-issue-types#retain_cycle_no_weak_info", "profile:unknown", "severity:HIGH" ], "infer-scope-leakage": [ + "description:This issue type indicates that a class with scope annotation A stores a field with whose (dynamic) type (or one of its super types) is annotated with scope B such that a scope nesting restriction is violated. By \"stores\", we mean either directly or transitively.", "doc_url:https://fbinfer.com/docs/all-issue-types#scope_leakage", "profile:unknown", "severity:HIGH" ], "infer-sensitive-data-flow": [ + "description:A flow of sensitive data was detected from a source.", "doc_url:https://fbinfer.com/docs/all-issue-types#sensitive_data_flow", "profile:unknown", "severity:STYLE" ], "infer-shell-injection": [ + "description:Environment variable or file data flowing to shell.", "doc_url:https://fbinfer.com/docs/all-issue-types#shell_injection", "profile:unknown", "severity:HIGH" ], "infer-shell-injection-risk": [ + "description:Code injection if the caller of the endpoint doesn't sanitize on its end.", "doc_url:https://fbinfer.com/docs/all-issue-types#shell_injection_risk", "profile:unknown", "severity:HIGH" @@ -822,36 +962,43 @@ "severity:LOW" ], "infer-sql-injection": [ + "description:Untrusted and unescaped data flows to SQL.", "doc_url:https://fbinfer.com/docs/all-issue-types#sql_injection", "profile:unknown", "severity:HIGH" ], "infer-sql-injection-risk": [ + "description:Untrusted and unescaped data flows to SQL.", "doc_url:https://fbinfer.com/docs/all-issue-types#sql_injection_risk", "profile:unknown", "severity:HIGH" ], "infer-stack-variable-address-escape": [ + "description:Reported when an address pointing into the stack of the current function will escape to its calling context. Such addresses will become invalid by the time the function actually returns so are potentially dangerous.", "doc_url:https://fbinfer.com/docs/all-issue-types#stack_variable_address_escape", "profile:unknown", "severity:HIGH" ], "infer-starvation": [ + "description:This error is reported in Java, and specifically on Android. These reports are triggered when a method that runs on the UI thread may block, thus potentially leading to an Application Not Responding error.", "doc_url:https://fbinfer.com/docs/all-issue-types#starvation", "profile:unknown", "severity:HIGH" ], "infer-static-initialization-order-fiasco": [ + "description:This error is reported in C++. It fires when the initialization of a static variable A, accesses a static variable B from another translation unit (usually another .cpp file). There are no guarantees whether B has been already initialized or not at that point.", "doc_url:https://fbinfer.com/docs/all-issue-types#static_initialization_order_fiasco", "profile:unknown", "severity:HIGH" ], "infer-strict-mode-violation": [ + "description:Android has a feature called strict mode, which if enabled, will flag the occasions where the main thread makes a call that results in disk I/O, waiting on a network socket, etc. The analysis catching starvation errors and deadlocks (the --starvation analysis) has the ability to statically detect such violations.", "doc_url:https://fbinfer.com/docs/all-issue-types#strict_mode_violation", "profile:unknown", "severity:HIGH" ], "infer-strong-self-not-checked": [ + "description:This checks reports a potential issue when a block captures weakSelf (a weak pointer to self), then one assigns this pointer to a local variable strongSelf inside the block and uses this variable without checking first whether it is nil. The problem here is that the weak pointer could be nil at the time when the block is executed. So, the correct usage is to first check whether strongSelf is a valid pointer, and then use it.", "doc_url:https://fbinfer.com/docs/all-issue-types#strong_self_not_checked", "profile:unknown", "severity:HIGH" @@ -862,21 +1009,25 @@ "severity:HIGH" ], "infer-taint-error": [ + "description:A taint flow was detected from a source to a sink", "doc_url:https://fbinfer.com/docs/all-issue-types#taint_error", "profile:unknown", "severity:HIGH" ], "infer-thread-safety-violation": [ + "description:This warning indicates a potential data race in Java. The analyser is called RacerD and this section gives brief but a mostly complete description of its features. See the RacerD page for more in-depth information and examples.", "doc_url:https://fbinfer.com/docs/all-issue-types#thread_safety_violation", "profile:unknown", "severity:MEDIUM" ], "infer-topl-error": [ + "description:A violation of a Topl property (user-specified). There is an execution path in the code that drives a Topl property from a start state to an error state.", "doc_url:https://fbinfer.com/docs/all-issue-types#topl_error", "profile:unknown", "severity:HIGH" ], "infer-topl-error-latent": [ + "description:A latent TOPL_ERROR. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#topl_error_latent", "profile:unknown", "severity:HIGH" @@ -887,101 +1038,121 @@ "severity:HIGH" ], "infer-untrusted-buffer-access": [ + "description:Untrusted data of any kind flowing to buffer.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_buffer_access", "profile:unknown", "severity:HIGH" ], "infer-untrusted-deserialization": [ + "description:User-controlled deserialization.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_deserialization", "profile:unknown", "severity:HIGH" ], "infer-untrusted-deserialization-risk": [ + "description:User-controlled deserialization", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_deserialization_risk", "profile:unknown", "severity:HIGH" ], "infer-untrusted-environment-change-risk": [ + "description:User-controlled environment mutation.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_environment_change_risk", "profile:unknown", "severity:HIGH" ], "infer-untrusted-file": [ + "description:User-controlled file creation; may be vulnerable to path traversal and more.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_file", "profile:unknown", "severity:HIGH" ], "infer-untrusted-file-risk": [ + "description:User-controlled file creation; may be vulnerable to path traversal and more.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_file_risk", "profile:unknown", "severity:HIGH" ], "infer-untrusted-heap-allocation": [ + "description:Untrusted data of any kind flowing to heap allocation. this can cause crashes or DOS.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_heap_allocation", "profile:unknown", "severity:HIGH" ], "infer-untrusted-intent-creation": [ + "description:Creating an Intent from user-controlled data.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_intent_creation", "profile:unknown", "severity:HIGH" ], "infer-untrusted-url-risk": [ + "description:Untrusted flag, environment variable, or file data flowing to URL.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_url_risk", "profile:unknown", "severity:HIGH" ], "infer-untrusted-variable-length-array": [ + "description:Untrusted data of any kind flowing to stack buffer allocation. Trying to allocate a stack buffer that's too large will cause a stack overflow.", "doc_url:https://fbinfer.com/docs/all-issue-types#untrusted_variable_length_array", "profile:unknown", "severity:HIGH" ], "infer-user-controlled-sql-risk": [ + "description:Untrusted data flows to SQL (no injection risk).", "doc_url:https://fbinfer.com/docs/all-issue-types#user_controlled_sql_risk", "profile:unknown", "severity:HIGH" ], "infer-use-after-delete": [ + "description:An address that was invalidated by a call to delete in C++ is dereferenced.", "doc_url:https://fbinfer.com/docs/all-issue-types#use_after_delete", "profile:unknown", "severity:HIGH" ], "infer-use-after-delete-latent": [ + "description:A latent USE_AFTER_DELETE. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#use_after_delete_latent", "profile:unknown", "severity:HIGH" ], "infer-use-after-free": [ + "description:An address that was invalidated by a call to free in C is dereferenced.", "doc_url:https://fbinfer.com/docs/all-issue-types#use_after_free", "profile:unknown", "severity:HIGH" ], "infer-use-after-free-latent": [ + "description:A latent USE_AFTER_FREE. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#use_after_free_latent", "profile:unknown", "severity:HIGH" ], "infer-use-after-lifetime": [ + "description:The lifetime of an object has ended but that object is being accessed. For example, the address of a variable holding a C++ object is accessed after the variable has gone out of scope:", "doc_url:https://fbinfer.com/docs/all-issue-types#use_after_lifetime", "profile:unknown", "severity:HIGH" ], "infer-use-after-lifetime-latent": [ + "description:A latent USE_AFTER_LIFETIME. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#use_after_lifetime_latent", "profile:unknown", "severity:HIGH" ], "infer-vector-invalidation": [ + "description:An address pointing into a C++ std::vector might have become invalid. This can happen when an address is taken into a vector, then the vector is mutated in a way that might invalidate the address, for example by adding elements to the vector, which might trigger a re-allocation of the entire vector contents (thereby invalidating the pointers into the previous location of the contents).", "doc_url:https://fbinfer.com/docs/all-issue-types#vector_invalidation", "profile:unknown", "severity:HIGH" ], "infer-vector-invalidation-latent": [ + "description:A latent VECTOR_INVALIDATION. See the documentation on Pulse latent issues.", "doc_url:https://fbinfer.com/docs/all-issue-types#vector_invalidation_latent", "profile:unknown", "severity:HIGH" ], "infer-weak-self-in-no-escape-block": [ + "description:This check reports when weakSelf (a weak pointer to self) is used in a block, and this block is passed to a \"no escaping\" method. This means that the block passed to that method won't be leaving the current scope, this is marked with the annotation NS_NOESCAPE.", "doc_url:https://fbinfer.com/docs/all-issue-types#weak_self_in_no_escape_block", "profile:unknown", "severity:HIGH" @@ -1227,4 +1398,4 @@ "severity:HIGH" ] } -} \ No newline at end of file +}