PVS-Studio 7.22: Visual Studio Code, Qt Creator, .NET 7

PVS-Studio 7.22 has been released. It includes plugins for Visual Studio Code and Qt Creator, support of .NET 7 projects analysis, enhanced Best Warnings filter and new diagnostic rules. Learn more information on the release in this short note.

Plugins for Visual Studio Code and Qt Creator

New plugins provide even more options for cross-platform work. Now you can use them to work with logs: view warnings, filter them, sort them in a grid, etc. You can't run the analysis yet — we plan to add this feature in future releases.

This is how the plugin for Visual Studio Code looks like (the screenshot is clickable):

And here is the plugin for Qt Creator (the screenshot is also clickable):

The documentation on the new plugins can be found on the following pages:

• Visual Studio Code plugin's documentation;
• Qt Creator plugin's documentation.

Support of Blazor components analysis, C# 11, and .NET 7

In this case, pretty much everything is evident from the title. The C# analyzer on Linux and macOS now works on .NET 7 as well.

Let us clarify a couple of things regarding Blazor components: PVS-Studio now checks @code blocks in .razor files. We're going to write an article exploring this topic in more details.

Enhanced Best Warnings mechanism

Best Warnings is a mechanism that selects the analyzer's most interesting warnings. It's particularly useful when you try PVS-Studio for the first time, as it helps you see in one click the most interesting issues the analyzer has detected.

There are several Best Warnings updates in this release at once:

1. We've modified the filter interface. The "Best Warnings" button is now easier to find — you can see it on the main panel of the PVS-Studio main window (the screenshot is clickable):

If needed, you can hide the filter button through the settings (the "Show Best Warnings Button" option).

2. We've adjusted the "weights" of diagnostics and selection algorithms. This should make the list of warnings more interesting.

3. We've integrated the filter into several more IDEs. Previously, the Best Warnings mechanism was only available in the Visual Studio plugin. Now, in addition to VS, the filter can be used in the "C and C++ Compiler Monitoring UI" utility, as well as in plugins for IntelliJ IDEA, Rider, CLion.

See the updated Best Warnings documentation on this page.

New diagnostic rules

C, C++

• V836. Decreased performance. Unnecessary copying is detected when declaring a variable. Consider declaring the variable as a reference.
• V2018. Cast should not remove 'const' qualifier from the type that is pointed to by a pointer or a reference.
• V2019. Cast should not remove 'volatile' qualifier from the type that is pointed to by a pointer or a reference.

C#

• V3183. Code formatting implies that the statement should not be a part of the 'then' branch that belongs to the preceding 'if' statement.
• V5626. OWASP. Possible ReDoS vulnerability. Potentially tainted data is processed by regular expression that contains an unsafe pattern.
• V5627. OWASP. Possible NoSQL injection. Potentially tainted data is used to create query.
• V5628. OWASP. Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file.

Articles

For those who code in C++:

• PVS-Studio and RPCS3: the best warnings in one click.
• How we were looking for a bug in PVS-Studio or 278 GB of log files.
• 0,1,2, Freddy came for Blender.
• Examples of errors that PVS-Studio found in LLVM 15.0.
• How PVS-Studio prevents rash code changes, example N6.

For those who code in C#:

• .NET 7: suspicious places and errors in the source code.
• What's new in C# 11: overview.
• What 's new in .NET 7?
• How has LINQ performance enhanced in .NET 7?
• Catastrophic backtracking: how can a regular expression cause a ReDoS vulnerability?

Other:

• PVS-Studio: 2 features for a quick start.
• Why are you doing my job? Types of people who don't write to support.
• A software bug captured Apple and other huge companies.

**

You can download PVS-Studio 7.22 here.

Subscribe to the PVS-Studio newsletter to receive the PVS-Studio press releases by email.