Codacy tag is used for issues related with the Codacy platform and/or its open source tools.
- the Codacy platform: https://www.codacy.com/
- its open source tools: https://github.com/codacy
Questions tagged [codacy]
59 questions
26
votes
3 answers
Audit url open for permitted schemes. Allowing use of "file:" or custom schemes is often unexpected
I am using this statement in Python:
jsonreq = json.dumps({'jsonrpc': '2.0', 'id': 'qwer', 'method': 'aria2.pauseAll'})
jsonreq = jsonreq.encode('ascii')
c = urllib.request.urlopen('http://localhost:6800/jsonrpc', jsonreq)
I am getting this…
Kapil Sharma
- 263
- 3
- 4
16
votes
2 answers
Why is it bad pratice calling an array index with a variable?
I'm currently developing a little game in Javascript and I'm using Codacy to review my code and help me cleaning it.
One of the most seen error is Generic Object Injection Sink (security/detect-object-injection).
It happens when I'm trying to access…
Nevios
- 263
- 1
- 3
- 11
15
votes
3 answers
requireNotNull vs sure operator !! in Kotlin
We have a Kotlin based application and recently we added third party code quality tools (Detekt in Codacy). However, we started facing UnsafeCallOnNullableType errors.
We found that approach viable to use is to add requireNotNull checks on all…
ashu
- 1,197
- 2
- 14
- 30
9
votes
1 answer
What advantages does scala.util.Try have over try..catch?
Searching online for the answer gives two prominent posts (Codacy's and Daniel Westheide's), and both give the same answer as Scala's official documentation for Try:
An important property of Try shown in the above example is its ability to…
Dan Li
- 866
- 1
- 7
- 19
8
votes
2 answers
Eslint config file from codacy
I'm using codacy to monitor code quality, but it would be nice to see what codacy will catch before a push. I see that it uses eslint and several other tools to decide what to catch. Is there a way to generate a .eslintrc config file from codacy?…
LBaelish
- 649
- 1
- 8
- 21
7
votes
5 answers
Scala avoid using null
I hava a project on github that is analysed by codacy . The analysis suggest to "Avoid using null" for the following line of code:
def doSomethingWithPath(path:Path) = {
require(path != null, "Path should not be null") //<-to avoid
…
raisercostin
- 8,777
- 5
- 67
- 76
6
votes
1 answer
How to specify compilation database for clang-tidy
I am struggling with running clang-tidy for my project. I am trying to run clang-tidy for my project for send data to Codacy. I am doing it like this:
clang-tidy $PWD -header-filter=.*,-checks=-*,clang-analyzer-*,-clang-analyzer-cplusplus* |…
Vento
- 155
- 2
- 8
5
votes
2 answers
Configure Codacy to review all branches of a monitored branch?
Right now we have Codacy monitoring a DEV branch, and as per recommended practices, whenever we do something, we create a personal branch of DEV, work on that, and then merge back in. Thing is, if Codacy finds a problem, we have to branch out of…
user2191247
5
votes
2 answers
how to fix codacy alert "Generic Object Injection Sink"
Below is my code. I don't think there is any problem.
How can I fool codacy? If I can't use obj[key], then what the hell is this thing? There is no way I can avoid [].
handleClick = (e, titleProps) => {
const { index } = titleProps
const…
Nicolas S.Xu
- 13,794
- 31
- 84
- 129
5
votes
1 answer
Codacy bad First argument given to super
While reviewing some code through codacy, Codacy gave an issue for the following piece of code:
def MyClass(OldClass):
def __init__(self, arg1, arg2, *args, **kwargs)
self.arg1 = arg1
self.arg2 = arg2
super(OldClass,…
Daniel Lee
- 7,189
- 2
- 26
- 44
5
votes
2 answers
space indentation expected - Codacy
I heard that good practice is to use something to check my code. I found something called Codacy. I understand everything except 'space indentation expected' from TSLint and TSLint4. Is it because my ident in project is tab? If yes, how can I change…
DonLeo
- 345
- 1
- 4
- 16
4
votes
1 answer
Is it possible to get codacy to check usage of imported modules?
I have an ever-growing list of modules to ignore in my pylintrc:
ignored-modules=anytree,apsw,bs4,cachecontrol,dateutil,inflect,matplotlib,markdown,munch,MySQLdb,pytest,pytz,requests_oauthlib,rrule,seaborn,titlecase,untangle,googleapiclient
because…
Thomas David Baker
- 1,037
- 10
- 24
4
votes
1 answer
Meteor-coverage seems to show executed statements as not covered
I'm using the meteor-coverage package (version 1.1.4) with mocha (version 2.4.5_6) and meteor version 1.4.4.1 on Ubuntu 14.04 LTS. I have been able to produce very pretty test coverage reports, but it seems that for the client-side tests something…
Gijs
- 84
- 10
4
votes
0 answers
Python/Codacy - Standard pseudo-random generators are not suitable for security/cryptographic purposes
I have the following code
def get_random_date(year_start, year_end):
return "%s-%s" % (random.randrange(year_start, year_end), random.randrange(1, 12))
and I'm getting the warning from Codacy: Standard pseudo-random generators are not suitable…
user1187968
- 7,154
- 16
- 81
- 152
3
votes
1 answer
Node application testing and LCOV report generation with Mocha
My group recently started working on a previously existing Node application written entirely in ES6 (its been through a couple of different developers prior to us working on it). The application is minimally unit tested using Mocha and Nyan as the…
user2360062
- 663
- 2
- 7
- 19