static-code-analysis

There are some annoying warnings when building the documentation site:

$ antora --pull antora-playbook.yml
asciidoctor: WARNING: skipping reference to missing attribute: 1
asciidoctor: WARNING: skipping reference to missing attribute: 3
asciidoctor: WARNING: skipping reference to missing attribute: word
asciidoctor: WARNING: skipping reference to missing attribute: word
asciidoctor: W

$ semgrep --validate --config ./notexists.yml
Fetching rules from https://semgrep.dev/registry.
$

The command does with an error exit status, but I would expect it to print an error.

Is your feature request related to a problem? Please describe.
the file pkg/defaultRules/defaultRules.yaml is used by our backend as well as the cli itself. Moving it can result in a failure in getting the file for creating new policies in the dashboard

Describe the solution you'd like
Add a step in the ci the verifies that the file pkg/defaultRules/defaultRules.yaml exists (in th

Many repositories need to fix, so please help if you like.

If you could help, it would be helpful if you could comment before starting the work not to overlapping.

Fix example

Run exit command after lint.

echo '::group:: Running golangci-lint with reviewdog 🐶 ...'
go

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. create .bandit file with content:

[bandit]
tests: B101,B102,B301

2. run bandit -c .bandit -r module/
3. get error:
   [main] ERROR .bandit : Error parsing file.

Expected behavior
working as described in readme

Bandit version

ba

Current problem

For

result = ''
for number in ['1', '2', '3']:
    result += number  # [consider-using-join]

Where the final result would be "".join(['1', '2', '3']) we already raise a consider-using-join. Sometime function that could be join instead are sneakier, for example:

result = ''
for number in ['1', '2', '3']:
    result += f"{number}

Affects PMD Version:

6.45.0

Description:

UseCollectionIsEmptyRule fails with NPE if:

1. object under test is declared as re

Elm has the option to output errors as JSON (via a flag), and something like that is handy for writing tooling around it. I'm trying to integrate pytype into ALE and this would make it a lot easier.

Is your feature request related to a problem? Please describe.

When one is using the method "WriteString" of the type "strings::Builder" and does not handle the error it is flagged because all errors must be handled. However, This method never returns an error. Hence, it makes sense to ignore it (even by default).

The problem with revive is, that it does not allow to ignore methods with

This would allow for more localized suppressions. Say we have a method foo(Object o) in an annotated third-party library where o has no type annotation, but o really should be @Nullable, as foo() can handle being passed null as a parameter. In code checked by NullAway, say you write:

void bigMethod() {
  ...
  foo(null); // NullAway reports an error
  ...
}

I beli

[spotbugs] Running SpotBugs...     
    [spotbugs] Unexpected problem occured during version sanity check         
    [spotbugs] Reported exception:         
[spotbugs] java.lang.AbstractMethodError: Receiver class org.slf4j.nop.NOPServiceProvider does not define or inherit an implementation of the resolved method 'abstract java.lang.String getRequesteApiVersion()' of interface org.slf4j.

I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue 👍

Let me know if you would like any help in implementing.

Rubberduck version information
The info below can be copy-paste-completed from the first lines of Rubberduck's log or the About box:

Rubberduck version [Version 2.5.2.6030
OS: Microsoft Windows NT 10.0.22000.0, x64
Host Product: Microsoft Office x64
Host Version: 16.0.14701.20226
Host Executable: WINWORD.EXE

Description
Language inspection for assignment of LCase suggests usi