Menu
We have thousands of different log messages coded using the log4net library and string format method calls.
One problem with this is that it's only at run time that we get an error if the string format parameters like {0}, {1}, {2} have the right count of method parameters.
Many of these methods only get called on error conditions that rarely or never occur during automated testing.
So is there any tool that can scan all C# code and notify of any string format problems?
NOTE: I see many other questions on here at static code analysis which appears duplicate but after looking at some of those tools, they don't seem to handle this specific situation.
IF nothing really good for this, we'll write this tool in-house.
987
Static application security testing (SAST), or static analysis, is a testing methodology that analyzes source code to find security vulnerabilities that make your organization's applications susceptible to attack. SAST scans an application before the code is compiled. It's also known as white box testing.
Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards.
Static code analysis also supports DevOps by creating an automated feedback loop. Developers will know early on if there are any problems in their code. And it will be easier to fix those problems.
FxCop/Code Analysis can do this.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
