Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
PVS-Studio 7.18: updates and enhancemen…

PVS-Studio 7.18: updates and enhancements

Apr 13 2022

Meet the latest PVS-Studio release — 7.18. This article will tell you about how we improved the analysis of modern C++, the search of security defects from the OWASP Top 10 list, and a new feature for embedded developers.

0934_Release_7_18/image1.png

You can find more security defects: PVS-Studio covers 9 out of 10 categories from the OWASP Top Ten 2021

We continue developing PVS-Studio as a SAST solution. This allows our clients find even more potential vulnerabilities.

One of our main directions is the development of security diagnostics to find defects from the OWASP Top 10 2021 list. Now PVS-Studio covers 9 out of 10 categories of this list. You can find the mapping of PVS-Studio diagnostics rules to OWASP Top 10 categories here.

One category remained uncovered – A06:2021. One of the ways to cover this category is to make the analyzer look for components with known vulnerabilities in projects. In other words, PVS-Studio should perform the software composition analysis (SCA).

We want to add SCA to the C# analyzer first. We plan to do this in one of our future releases.

New compiler monitoring mode on Windows: it catches all compiler launches

Compiler monitoring system allows users to perform build-system independent analysis of C and C++ projects on Windows. All that matters is that PVS-Studio should support the compiler used in the project.

However, the monitoring system had a drawback: if the compiler process was completed quickly, the system could not always catch it. Due to this, PVS-Studio did not analyze files whose compilation could not be intercepted.

Most often, developers who write code for embedded platforms have encountered that problem.

The new analysis mode solves the problem described. New mode allows PVS-Studio intercept all compiler launches. It doesn't matter whether the code is compiled quickly or not.

We described the new mode in more detail in the documentation.

PVS-Studio and Visual Studio Code

You can work with the PVS-Studio reports in Visual Studio Code. To do this, follow the steps:

  • install the Sarif Viewer plugin;
  • convert the log to SARIF format;
  • open the analyzer report.

We described these steps in detail in the documentation.

You can't run the analysis directly from Visual Studio Code yet. If you would like such a feature to be added, please contact us. Based on the feedback, we will assess how much this functionality is in demand.

Deeper analysis of C++ code

We have updated the type system in the C++ analyzer. Now PVS-Studio understands modern C++ better: the standard library, complex constructions, templates. Diagnostics have become more accurate, which means they find more unsafe places and issue fewer false positive warnings.

More details — in the talk.

PVS-Studio integration with CMake and GitHub Actions

In the new documentation sections, we described how PVS-Studio can be integrated into GitHub Actions and CMake.

New diagnostics

C, C++

  • V1079. Parameter of 'std::stop_token' type is not used inside function's body.
  • V1080. Call of 'std::is_constant_evaluated' function always returns the same value.
  • V1081. Argument of abs() function is minimal negative value. Such absolute value can't be represented in two's complement. This leads to undefined behavior.
  • V1082. Function marked as 'noreturn' may return control. This will result in undefined behavior.

C#

  • V5619. OWASP. Possible log injection. Potentially tainted data is written into logs.
  • V5620. OWASP. Possible LDAP injection. Potentially tainted data is used in a search filter.
  • V5621. OWASP. Error message contains potentially sensitive data that may be exposed.

To read, watch, and evaluate

To read

Since the last release, we have checked the code quality of several open-source projects:

We found several proofs why static analysis is better to use regularly. How? You can find the details here, in short — the algorithm is something like this:

  • developers write new code for open-source projects;
  • we analyze it with PVS-Studio;
  • we look at the analyzer reports and find errors that developers missed;
  • we write about errors in our blog.

Some of the issues found are reviewed in the following articles:

In addition, we wrote articles about security. We described the defects associated with the processing of XML files, namely:

  • what vulnerabilities look like in the code;
  • how to perform an attack on the application with a vulnerability;
  • what are the consequences.

We wrote about this in two articles:

Check out more articles in our blog.

To watch

We not only write articles, but also make videos. These are new videos on our YouTube channel:

To evaluate

If you don't have a trial key

Do you want to evaluate PVS-Studio? Follow 3 simple steps:

  • request a trial key;
  • download a distribution;
  • check a project.

This page will help you go through all the steps. Don't forget to leave your feedback. :)

If you have a trial key

You can download the latest version of PVS-Studio here.

Popular related articles


Comments (0)

Next comments next comments
close comment form