Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.

Перейти к файлу

Xin Shi 73eea3e90b Target Linux-64 (#137 )		2022-05-03 17:54:55 -07:00
.build	Consolidate release pipelines (#104 )	2022-01-20 11:23:01 -08:00
Cilsil	Remove Duplicate Binary Filenames From Analysis (#136 )	2022-05-03 16:38:56 -07:00
Cilsil.Test	Preload IDisposable Type Environment Prior to Translation (#126 )	2022-04-15 09:46:59 -07:00
Examples	update interprocedural examples (#114 )	2022-03-08 14:38:45 -08:00
InferSharpModels	Update to .NET 5.0 and Abstract Record Handling Fix (#33 )	2021-01-27 16:54:28 -08:00
System	Update to .NET 5.0 and Abstract Record Handling Fix (#33 )	2021-01-27 16:54:28 -08:00
.editorconfig	Initial commit (#1 )	2020-09-14 15:59:03 -07:00
.gitattributes	Initial commit (#1 )	2020-09-14 15:59:03 -07:00
.gitignore	Initial commit (#1 )	2020-09-14 15:59:03 -07:00
CODE_OF_CONDUCT.md	Initial CODE_OF_CONDUCT.md commit	2020-07-02 12:22:12 -07:00
CONTRIBUTING.md	Update to .NET 5.0 and Abstract Record Handling Fix (#33 )	2021-01-27 16:54:28 -08:00
Dockerfile	Target Linux-64 (#137 )	2022-05-03 17:54:55 -07:00
Infersharp.sln	Preload IDisposable Type Environment Prior to Translation (#126 )	2022-04-15 09:46:59 -07:00
LICENSE	Initial LICENSE commit	2020-07-02 12:22:12 -07:00
NOTICE.md	Initial commit (#1 )	2020-09-14 15:59:03 -07:00
README.md	Update README.md (#99 )	2021-12-18 09:20:25 -08:00
RUNNING_INFERSHARP_ON_WINDOWS.md	Simplify instructions (#88 )	2021-11-17 17:05:23 -08:00
RUNNING_IN_DOCKER.md	Simplify instructions (#88 )	2021-11-17 17:05:23 -08:00
SECURITY.md	Initial SECURITY.md commit	2020-07-02 12:22:14 -07:00
TROUBLESHOOTING.md	Update TROUBLESHOOTING.md (#55 )	2021-03-12 06:37:07 -08:00
build_csharp_models.sh	Consolidate Infer# analysis backend (#43 )	2021-03-03 11:17:19 -08:00
run_infersharp.sh	Preload IDisposable Type Environment Prior to Translation (#126 )	2022-04-15 09:46:59 -07:00

README.md

InferSharp

InferSharp (also referred to as Infer#) is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects race conditions, null pointer dereferences and resource leaks. Read more about our approach in the Wiki page.

In addition to implementing the C# frontend, we contributed our language-agnostic serialization layer (Commit #1361) to facebook/infer, which opens up opportunities for additional language support in the future.

New: InferSharp is now integrated in VS and VSCode!

VS Demo

VSCode Demo

Public Announcements

InferSharp v1.2 Blog
InferSharp v1.0 Blog
Facebook Engineering Blog
.NET Community Standup
Visual Studio Toolbox - YouTube, Channel9

Get Started

The latest version is . Please refer to the release page for more information on the changes.

VS Extension

Please see here to use InferSharp in VS.

VSCode Extension

Please see here to use InferSharp in VSCode.

Windows Subsystem for Linux

The instructions can be found here.

GitHub Action

The instructions can be found here.

Azure Pipelines

Infer# can be run as an Azure Pipelines container job. An example can be found here.

Docker Image

The instructions can be found here.

Build from Source

Use this Dockerfile to build images and binaries from source. It builds the latest code from microsoft/infersharp:main + facebook/infer:main by default.

Troubleshooting

Please refer to the troubleshooting guide.

Contributing

We welcome contributions. Please follow this guideline.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Security Reporting Instructions

Please do not report security vulnerabilities through public GitHub issues. Instead, please follow this guideline.