Skip to content

A VS Code extension for advanced, modern, static analysis of C/C++ that supports a number of back-end analyzer programs.

License

Notifications You must be signed in to change notification settings

unai-i/vscode-c-cpp-flylint

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

C/C++ Advanced Lint for VS Code

Version Installs Rating Build Status Code Climate

A Visual Studio Code extension supporting a number of static code analyzers for C and C++ code.

Features

  • On-the-fly linting within the code editor, upon file save or after file edits.
  • Automatically finds available static analysis tools.
  • Easily supports additional static analyzers with minimum development effort.

Supported Static Analyzers

Requirements

At least one of the above static code analyzers must be installed on your machine(s).

The extension should support any versions of the listed static code analyzers; and will attempt to locate them within your PATH environment variable.

If a tool is not automatically found, the appropriate c-cpp-flylint.*.executable configuration must be specified manually.

Debian & Ubuntu

Clang is available via apt-get:

# sudo apt-get install clang

CppCheck is available via apt-get:

# sudo apt-get install cppcheck

Flexelint is commercial software; however, it may be obtained from the URL mentioned elsewhere in this documentation.

PC-lint and PC-lint Plus are commercial software; however, they may be obtained from the URL mentioned elsewhere in this documentation.

FlawFinder is available via pip:

# sudo pip install flawfinder

lizard is available via pip:

# sudo pip install lizard
macOS

For macOS users, Clang is already included when Xcode and its' CLI tools are installed.

For macOS users, CppCheck can most easily be installed through Homebrew.

# brew install cppcheck

Flexelint is commercial software; however, it may be obtained from the URL mentioned elsewhere in this documentation.

PC-lint and PC-lint Plus are commercial software; however, they may be obtained from the URL mentioned elsewhere in this documentation.

Windows

Windows users may download and install the static code analyzers from the listed URLs mentioned elsewhere in this documentation.

If PC-lint has been installed, be certain to use the Flexelint configuration sections, specifying the full path and filename of PC-lint as the c-cpp-flylint.flexelint.executable configuration option.

Usage

Once all requirements are met, the extension may be installed through one of the available marketplaces:

After the extension is installed, one must then decide on how to best implement the necessary configuration changes to best meet their project and/or environment needs. For instance, would cppcheck best be configured globally, for all projects; or configured for a whole workspace; or configured for a specific project.

Once an above choice is made, open the appropriate configuration window. See VSCode documentation for help on accessing user, workspace, and project configuration windows.

It is then recommended to narrow in to the extension's configuration; to view, and decide upon each and every setting. Start with enabling the linters desired and disabling those not, along with mapping any necessary build/compiler flags, as needed by most of the linters.

It is a huge help if the linters being configured are in working order on the command-line, prior to an attempt at configuring the extension within VSCode.

Security

This extension runs a few third-party command-line tools found from the locations determined by the PATH or Path environment variable, and the settings such as "c-cpp-flylint.clang.executable" or "c-cpp-flylint.cppcheck.executable". Configuring them in workspace settings allows users to conveniently select a different set of tools based on project's need, but also allows attackers to run arbitrary binaries on your machine if they successfully convince you to open a random repository. In order to reduce the security risk, this extension reads the settings from user settings, by default. If the repository can be trusted and workspace settings must be used, you can mark the workspace as a trusted workspace using the "C/C++ Flylint: Toggle Workspace Trust Flag" command.

Configuration Settings

Due to the large quantity of configuration options -- in tandem with the ever growing number of supported static code analyzers -- all configuration options are not documented here.

However, every configuration option is well documented within File -> Preferences -> Settings [alternatively, one of the keybindings: Command+, or Ctrl+,].

Development Setup

  • run npm install inside the project root

Developing the Server

  • open VS Code rooted inside the project root.
  • run cd server && npm run test && cd .. to execute the unit-tests for all linters.
  • run npm run compile or npm run watch to build the server and it will compile it into the client/out folder.
  • to debug press F5 which attaches a debugger to the server.

Developing the Extension/Client

  • open VS Code rooted inside the project root.
  • run F5 to build and debug the whole (client with the server) extension.

Project details

Both the source code and issue tracker are hosted at GitHub.

For support purposes, please visit the above URL and select from the Issue and/or Pull Request areas.

License

Copyright (C) 2017-2021 Joseph Benden.

Licensed under the MIT License.

About

A VS Code extension for advanced, modern, static analysis of C/C++ that supports a number of back-end analyzer programs.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • TypeScript 96.1%
  • JavaScript 3.5%
  • Other 0.4%