Merge branch 'nautajc-static-analysis' into 'master'

  - local: 'python/pylint.yml'

  - local: 'python/safety.yml'

  - local: 'c/cppcheck.yml'

  - local: 'c/flawfinder.yml'

  - local: 'yaml/yamllint.yml'

docker:kaniko:

    # Not happy with this, but we need it so --cov works, without breaking other jobs

    PYTHON_PACKAGE: mypackage

c:cppcheck:

  variables:

    ERROR_EXIT_CODE: 0

    CHECK_PATH: templates_tests/c

c:flawfinder:

  variables:

    ERROR_LEVEL: "6"

    CHECK_PATH: templates_tests/c

workflow:

  rules:

    # Run if we're in a merge request

c:cppcheck:

  stage: test

  image: registry.gitlab.com/notno/test/c:latest

  variables:

    CHECK_PATH: "."  # Can be a file

    DEFAULT_ARGS: "--report-progress --verbose"

    EXTRA_ARGS: ""

    ENABLE: "all"

    ERROR_EXIT_CODE: 1  # Which exit code on failure

  script:

    - cppcheck --xml-version=2 ${DEFAULT_ARGS} ${EXTRA_ARGS} --enable=${ENABLE} --error-exitcode=0 ${CHECK_PATH} 2> cppcheck-result.xml

    - cppcheck_junit cppcheck-result.xml cppcheck-junit.xml

    - cppcheck ${EXTRA_ARGS} --enable=${ENABLE} --error-exitcode=${ERROR_EXIT_CODE} ${CHECK_PATH}

  needs: []

  artifacts:

    reports:

      junit: cppcheck-junit.xml

c:flawfinder:

  stage: test

  image: registry.gitlab.com/notno/test/c:latest

  variables:

    ERROR_LEVEL: "3"

    MIN_LEVEL: "1"

    DEFAULT_ARGS: "--falsepositive --immediate --context"

    EXTRA_ARGS: ""

    CHECK_PATH: "."  # Can be a file

  script:

    - flawfinder ${DEFAULT_ARGS} ${EXTRA_ARGS} --minlevel ${MIN_LEVEL} --error-level=${ERROR_LEVEL} ${CHECK_PATH}

  needs: []

variables:

  FLAWFINDER_ERROR_LEVEL: "3"

  DIRECTORIES: "."

include:

  - local: 'C/flawfinder.yml'

  - local: 'C/cppcheck.yml'

#include "stdio.h"

void foo(int x)

{

    int buf[10];

    buf[x] = 0; // <- ERROR

    if (x == 1000) {}

}

int main() {

  int num;

  scanf("%d", &num);

  foo(num);

}