Describe the bug
❯ semgrep -h
Usage: semgrep -h [OPTIONS] [TARGET]...
Try 'semgrep -h --help' for help.
Error: No such option: -h
To Reproduce
$ semgrep -h
Expected behavior
-h should have the same output as --help
Screenshots
If applicable, add screenshots to help explain your problem.
What is the priority of the bug to you?
Describe the solution you'd like
Move the fixtures folder to outside internal and place it under root as a “sibling” to internal, pkg, cmd and the rest. The reason why is because internal/ is a special directory name recognized by the go tool which will prevent one package from being imported by another unless both share a common ancestor.
Requirements
Golang basic level.
Many repositories need to fix, so please help if you like.
If you could help, it would be helpful if you could comment before starting the work not to overlapping.
Run exit command after lint.
echo '::group:: Running golangci-lint with reviewdog 🐶 ...'
go
Describe the bug
In the docs found here:
https://bandit.readthedocs.io/en/latest/plugins/index.html#complete-test-plugin-listing
B109 and B111 show a description instead of a plugin name. This looks inconsistent since all the other plugin names are listed. I believe this is a result of a recent change to remove these deprecated plugins.
To Reproduce
The SEO for individual message start to take effects :
Result:
But we lack some information to easily navigate. The information I
Affects PMD Version:
6.17
Rule:
All rulesets.
Description:
PMD output does not inform the user as to the number of rules contravened while running the tool. The user has to look at the output file.
Code Sample demonstrating the issue:
Sep 01, 2019 9:42:45 AM net.sourceforge.pmd.cache.FileAnalysisCache loadFromFile
INFO: Analysis cache loaded
Sep 01, 2019 9:
Is your feature request related to a problem? Please describe.
It would be nice that imports-blacklist rule supports regex or match any sub-packages.
Describe the solution you'd like
adding
[rule.imports-blacklist]
arguments = ["github.com/pkgA/pkgB", "github.com/pkg1/**/pkg2"]
configuration would prevent following imports:
import "github.com/pkgA/pkgB"
import "github.com/pkgA
This would allow for more localized suppressions. Say we have a method foo(Object o) in an annotated third-party library where o has no type annotation, but o really should be @Nullable, as foo() can handle being passed null as a parameter. In code checked by NullAway, say you write:
void bigMethod() {
...
foo(null); // NullAway reports an error
...
}I beli
[spotbugs] Running SpotBugs...
[spotbugs] Unexpected problem occured during version sanity check
[spotbugs] Reported exception:
[spotbugs] java.lang.AbstractMethodError: Receiver class org.slf4j.nop.NOPServiceProvider does not define or inherit an implementation of the resolved method 'abstract java.lang.String getRequesteApiVersion()' of interface org.slf4j.
I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue
Let me know if you would like any help in implementing.
Rubberduck version information
The info below can be copy-paste-completed from the first lines of Rubberduck's log or the About box:
Rubberduck version [Version 2.5.2.6030
OS: Microsoft Windows NT 10.0.22000.0, x64
Host Product: Microsoft Office x64
Host Version: 16.0.14701.20226
Host Executable: WINWORD.EXE
Description
Language inspection for assignment of LCase suggests usi
Add a description, image, and links to the static-code-analysis topic page so that developers can more easily learn about it.
To associate your repository with the static-code-analysis topic, visit your repo's landing page and select "manage topics."
alloranyso it's obvious that I want to fail on anythingbecause someone reading
--fail-level Aneeds to read up on what that means whereas `--fail-level an