|
|
After you have relaxed findings, Squore will check for source code changes around the location of the relaxation and will alert you if a relaxed finding should be re-examined by flagging it as suspicious (new in 18.0). The suspicious state is a flag that is automatically added to relaxed finding and does not affect their relaxation state.
To see suspicious findings in action, we will relax the Missing Break at line 40 in audio/a_bus.c
in the project called
Saturn. Click the Current node in the portfolio, find the artefact in
the project and enter a relaxation comment for the Missing Break at line 40:
When saving the finding relaxation, the source code viewer changes the marker for the finding to a grey warning sign (new in 18.0) to indicate that the violation was relaxed.
The next version of the file included in the library does not seem to include any fix for the specific violation, but instead uses a renamed variable in the artefact where the finding is:
static inline int __bus_run_fx(int bus, int in_slot, int *busses[], unsigned frames) { audio_bus_t *b = &bustab[bus]; --in_slot; /* No IFX on in_slot 0! */ switch(b->insert[in_slot].current_state) { case FX_STATE_RUNNING: case FX_STATE_SILENT: case FX_STATE_RESTING: if(b->in_use) /* Do we have input? */ b->insert[in_slot].process(&b->insert[in_slot], busses[bus], frames); else { b->insert[in_slot].process_r(&b->insert[in_slot], NULL, busses[bus], frames); b->in_use = 1; } /* Check if the plugin actually produced valid output! */ return (FX_STATE_RUNNING == b->insert[in_slot].current_state); default: /* No plugin, or plugin not running. */ return 0; } }
Since the relaxed violation is still there, analysing this code triggers the suspicious finding warning in the web interface to alert you in case you need to revise the finding status now that the code has changed. Click the banner to reveal the suspicious finding, as shown below:
Clicking the banner automatically applies a filter that lets you view the suspicious findings, but you can also set up this filter manually using the Suspicious? option on the Findings tab (new in 18.0).
Note that the violation is still relaxed with the Legacy System status, but the Suspicious flag was attached to it. Click the source code icon next to the finding to view the source code in this new version. The marker for the finding is now purple, which is the colour used to highlight suspicious findings (new in 18.0):
After reviewing the finding, you can remove the suspicious flag by opening the Change Status... dialog again and change the relaxation status or comment, or just remove the suspicious flag:
When you save your changes, the suspicious warning banner disappears, as there are no more suspicious findings to review in the project.
Detection of suspicious findings is activated by default and is a parameter of Squan Sources that can be tweaked by modifying the following parameters in the project wizard: