To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (an extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
PVS-Studio 7.18: updates and enhancemen…

PVS-Studio 7.18: updates and enhancements

Apr 13 2022

Meet the latest PVS-Studio release — 7.18. This article will tell you about how we improved the analysis of modern C++, the search of security defects from the OWASP Top 10 list, and a new feature for embedded developers.

0934_Release_7_18/image1.png

You can find more security defects: PVS-Studio covers 9 out of 10 categories from the OWASP Top Ten 2021

We continue developing PVS-Studio as a SAST solution. This allows our clients find even more potential vulnerabilities.

One of our main directions is the development of security diagnostics to find defects from the OWASP Top 10 2021 list. Now PVS-Studio covers 9 out of 10 categories of this list. You can find the mapping of PVS-Studio diagnostics rules to OWASP Top 10 categories here.

One category remained uncovered – A06:2021. One of the ways to cover this category is to make the analyzer look for components with known vulnerabilities in projects. In other words, PVS-Studio should perform the software composition analysis (SCA).

We want to add SCA to the C# analyzer first. We plan to do this in one of our future releases.

New compiler monitoring mode on Windows: it catches all compiler launches

Compiler monitoring system allows users to perform build-system independent analysis of C and C++ projects on Windows. All that matters is that PVS-Studio should support the compiler used in the project.

However, the monitoring system had a drawback: if the compiler process was completed quickly, the system could not always catch it. Due to this, PVS-Studio did not analyze files whose compilation could not be intercepted.

Most often, developers who write code for embedded platforms have encountered that problem.

The new analysis mode solves the problem described. New mode allows PVS-Studio intercept all compiler launches. It doesn't matter whether the code is compiled quickly or not.

We described the new mode in more detail in the documentation.

PVS-Studio and Visual Studio Code

You can work with the PVS-Studio reports in Visual Studio Code. To do this, follow the steps:

  • install the Sarif Viewer plugin;
  • convert the log to SARIF format;
  • open the analyzer report.

We described these steps in detail in the documentation.

You can't run the analysis directly from Visual Studio Code yet. If you would like such a feature to be added, please contact us. Based on the feedback, we will assess how much this functionality is in demand.

Deeper analysis of C++ code

We have updated the type system in the C++ analyzer. Now PVS-Studio understands modern C++ better: the standard library, complex constructions, templates. Diagnostics have become more accurate, which means they find more unsafe places and issue fewer false positive warnings.

More details — in the talk.

PVS-Studio integration with CMake and GitHub Actions

In the new documentation sections, we described how PVS-Studio can be integrated into GitHub Actions and CMake.

New diagnostics

C, C++

  • V1079. Parameter of 'std::stop_token' type is not used inside function's body.
  • V1080. Call of 'std::is_constant_evaluated' function always returns the same value.
  • V1081. Argument of abs() function is minimal negative value. Such absolute value can't be represented in two's complement. This leads to undefined behavior.
  • V1082. Function marked as 'noreturn' may return control. This will result in undefined behavior.

C#

  • V5619. OWASP. Possible log injection. Potentially tainted data is written into logs.
  • V5620. OWASP. Possible LDAP injection. Potentially tainted data is used in a search filter.
  • V5621. OWASP. Error message contains potentially sensitive data that may be exposed.

To read, watch, and evaluate

To read

Since the last release, we have checked the code quality of several open-source projects:

We found several proofs why static analysis is better to use regularly. How? You can find the details here, in short — the algorithm is something like this:

  • developers write new code for open-source projects;
  • we analyze it with PVS-Studio;
  • we look at the analyzer reports and find errors that developers missed;
  • we write about errors in our blog.

Some of the issues found are reviewed in the following articles:

In addition, we wrote articles about security. We described the defects associated with the processing of XML files, namely:

  • what vulnerabilities look like in the code;
  • how to perform an attack on the application with a vulnerability;
  • what are the consequences.

We wrote about this in two articles:

Check out more articles in our blog.

To watch

We not only write articles, but also make videos. These are new videos on our YouTube channel:

To evaluate

If you don't have a trial key

Do you want to evaluate PVS-Studio? Follow 3 simple steps:

  • request a trial key;
  • download a distribution;
  • check a project.

This page will help you go through all the steps. Don't forget to leave your feedback. :)

If you have a trial key

You can download the latest version of PVS-Studio here.

Popular related articles
PVS-Studio 7.17: Unreal Engine, ASP.NET Core, Texas Instruments

Date: Feb 14 2022

Author: Sergey Vasiliev

We are pleased to announce the first release of PVS-Studio in 2022. In this article, we discuss various enhancements in managing Unreal Engine and ASP.NET Core projects. Keep reading to learn about n…
PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6

Date: Dec 10 2021

Author: Andrey Karpov

This is the latest release of PVS-Studio in 2021. With it, the PVS-Studio team accomplishes several important goals. Now, PVS-Studio supports Visual Studio 2022, the .NET 6 platform and C# 10.0. We i…
PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

Date: Oct 11 2021

Author: Andrey Karpov

We are actively developing the PVS-Studio static analysis tool towards detecting Safety and Security-related errors. To be more precise, we've expanded the coverage of the MISRA C:2012 and OWASP ASVS…
PVS-Studio 7.14: intermodular analysis in C++ and plugin for JetBrains CLion

Date: Aug 16 2021

Author: Andrey Karpov

The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer's infrastructure. This time we added the plugin for JetBrains CLion. Moreover…
PVS-Studio 7.13: SQL injections, Blame Notifier, .NET 5

Date: May 31 2021

Author: Andrey Karpov

The newest PVS-Studio static analyzer version will please you with these features: tainted data analysis, .NET 5 support. The Blame Notifier utility can now sort warnings by commit date.

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept