Neo: Sonarcloud Scanning Errors

Created on 28 Nov 2018  路  5Comments  路  Source: neo-project/neo

Hi Guys,

Took the liberty of scanning the master of https://github.com/neo-project/neo

It's picked up a good number of C# bugs and vulnerabilities. Severity on most isn't that high though it would still be nice for someone to go through these and do a tidy. Suggested fixes aren't all that major from what I can see. Report is here. I've got a Jenkins job running to re-scan on a push of the master - report is publicly accessible: https://sonarcloud.io/dashboard?id=BillpNEO

If anyone has a chance to go through these I think it would great to get the code base to a sonar AAA where possible. Suggested fixes are in line on the issues tab.

Cheers

Bill

discussion
Source
picture bpetridis
👍2

Most helpful comment

Thanks for all @bpetridis :)

picture shargon on 3 Dec 2018
👍2

All 5 comments

I'm happy to run through these and action the recommendations myself but I'll need some peer review. I'll start on it today and advise.

bpetridis picture bpetridis on 29 Nov 2018

Most of them are not vulnerabilities, is more about code standars. I fix the two that i could consider a bug.

The Random class should be avoided in certains cases, but in this cases i think that is not neccessary, maybe here yes https://sonarcloud.io/project/issues?id=BillpNEO&open=AWcVb3VdkEeD8QRkVVnz&resolved=false&types=SECURITY_HOTSPOT

shargon picture shargon on 30 Nov 2018

Excellent, thanks @shargon , re your take, yes they are simply best practice, they may not all be applicable or permissible for the intended functionality - like this one for instance - it doesn't really fly in crypto code so that's a flat ignore :-) https://sonarcloud.io/project/issues?id=BillpNEO&open=AWcVb3VakEeD8QRkVVnt&resolved=false&types=BUG.

You'll notice the overall assessment is very much within the acceptable guidelines. At this good level of code quality, any small adjustments to get the numbers further down will result in a much better overall compliance rating. I'll watch for the push and rescan at which point we can view the results. Complete compliance is a nice to have as long as the overall assessment is a pass.

bpetridis picture bpetridis on 30 Nov 2018
👍2

re-scanned, wow you guys have been busy last few days :-) - FYI yep looking a lot nicer 馃憤馃憤馃憤 . If it's ok I'll leave this threads going and keep scanning away in the background and pop an update if it starts going south? Thanks heaps mate.

bpetridis picture bpetridis on 1 Dec 2018
🎉1

Thanks for all @bpetridis :)

shargon picture shargon on 3 Dec 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

igormcoelho picture igormcoelho  路  3Comments
shargon picture shargon  路  4Comments
Tommo-L picture Tommo-L  路  4Comments
lock9 picture lock9  路  4Comments
vncoelho picture vncoelho  路  3Comments