JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
Third-Party External

Go Warning Classes Corresponding to Staticcheck Checks

This page describes the CodeSonar warning classes that are assigned to Go warnings imported from a SARIF file produced by Staticcheck.

See also the table of CodeSonar warning classes that are supported for all languages. If these classes are enabled, the corresponding CodeSonar checks will include all Go source files that were imported into the project with codesonar go_scan.py, codesonar import_sarif.py, or codesonar add_source_files.py.

Introduction

This page describes the CodeSonar warning classes that are assigned to Go warnings imported from a SARIF file produced by Staticcheck.

For information on setting up your CodeSonar project to incorporate Go source code and the corresponding Staticcheck results, see Including Go Components in a CodeSonar Project.

Go Warning Classes from Staticcheck Checks

When CodeSonar imports a SARIF file, it determines a corresponding CodeSonar warning class for each rule object in the SARIF rules. If a given warning class does not already exist, the SARIF importer creates it.

There is special handling for SARIF files produced by Staticcheck.

Staticcheck-specific handling for warning class names and categories

CodeSonar Warning Property Value
Name Generated from the results of running staticcheck -list-checks (or from a file specified with the -staticcheck-list option to codesonar import-sarif.py).
  • The id property of the SARIF rule object is used to look up the corresponding rule description in this list.
  • " (Staticcheck)" is appended to the resulting string.
    This greatly reduces the chance of collision with warning class names from other sources, which is important because warning class Name is a unique identifier. It also provides a ready mechanism for visually and programmatically identifying CodeSonar warnings that originate from Staticcheck results.
Categories When a warning class is based on a Staticcheck check, its categories depend on whether the warning class is built in to CodeSonar or created by the SARIF importer.
  • In both cases, the class has a category of the form Staticheck:<id>
    <id> is the Staticcheck check ID, which matches the id property of the SARIF rule object.
  • For built-in classes only, there is also a warning class mnemonic: GO.<set>.<abbr>
    <set> describes the set to which the Staticcheck check belongs, and <abbr> is an abbreviation of the class Name.
otherwise Other warning class properties are not set by the SARIF importer.

Example

Suppose the imported SARIF file includes a rule object like the following.

# ...
    "rules":[
        # ...
      {
        "id": "SA2001",
        # SARIF produced by Staticcheck does not include a "name"
        # ...
      },
      # ...
    ],
# ...

(This corresponds to the Staticcheck Empty critical section, did you mean to defer the unlock? check.)

  1. CodeSonar computes the corresponding warning class name: "Empty Critical Section, Did You Mean to Defer the Unlock? (Staticcheck)".
  2. If there is not already a warning class with this name, CodeSonar creates the warning class. The class categories will be
  3. CodeSonar creates a "Empty Critical Section, Did You Mean to Defer the Unlock? (Staticcheck)" warning instance for each result entry in the SARIF that has "ruleId":"SA2001".

SARIF files produced by Staticcheck

CodeSonar will consider a SARIF file to be produced by Staticcheck in the following cases.

Built-in Go Warning Classes

These warning classes correspond to checks from Staticcheck version 2023.1.6.

Class Name Mnemonic
"for { Select { ..." With an Empty Default Branch Spins (Staticcheck) GO.CORRECTNESS.FSWAED
"x = Append(y)" Is Equivalent to "x = Y" (Staticcheck) GO.DEADCODE.XAIETX
'&*x' Gets Simplified to 'x', It Does Not Copy 'x' (Staticcheck) GO.DEADCODE.XGSTXI
'(*net Url.URL).Query' Returns a Copy, Modifying It Doesn't Change the URL (Staticcheck) GO.DEADCODE.NUUQRA
'(*regexp.Regexp).FindAll' Called With 'n == 0', Which Will Always Return Zero Results (Staticcheck) GO.STDLIB.RRFCWN
'Printf' With Dynamic First Argument and No Further Arguments (Staticcheck) GO.STDLIB.PWDFAA
'TestMain' Doesn't Call 'os.Exit', Hiding Test Failures (Staticcheck) GO.TESTING.TDCOEH
'else' Branch of a Type Assertion Is Probably Not Reading the Right Value (Staticcheck) GO.DUBIOUS.EBOATA
'io.Seeker.Seek' Is Being Called With the Whence Constant As the First Argument, but It Should Be the Second (Staticcheck) GO.STDLIB.ISSIBC
'sort.Slice' Can Only Be Used on Slices (Staticcheck) GO.STDLIB.SSCOBU
'strings.Replace' Called With 'n == 0', Which Does Nothing (Staticcheck) GO.STDLIB.SRCWN0
'sync.WaitGroup.Add' Called Inside the Goroutine, Leading to a Race Condition (Staticcheck) GO.CONCURRENCY.SWACIT
'x % 1' Is Always Zero (Staticcheck) GO.DEADCODE.X1IAZ
A Function Argument Is Overwritten Before Its First Use (Staticcheck) GO.DEADCODE.AFAIOB
A Function's Error Value Should Be Its Last Return Value (Staticcheck) GO.STYLE.AFEVSB
A Nil 'context.Context' Is Being Passed to a Function, Consider Using 'context.TODO' Instead (Staticcheck) GO.STDLIB.ANCCIB
A String Cutset Contains Duplicate Characters (Staticcheck) GO.STDLIB.ASCCDC
A Switch's Default Case Should Be the First or Last Case (Staticcheck) GO.STYLE.ASDCSB
A Value Assigned to a Variable Is Never Read Before Being Overwritten. Forgotten Error Check or Dead Code? (Staticcheck) GO.DEADCODE.AVATAV
An If Else If Chain Has Repeated Conditions and No Side-effects; If the Condition Didn't Match the First Time, It Won't Match the Second Time, Either (Staticcheck) GO.DEADCODE.AIEICH
Assigning to 'b.N' in Benchmarks Distorts the Results (Staticcheck) GO.TESTING.ATBNIB
Assignment to Nil Map (Staticcheck) GO.CORRECTNESS.ATNM
Atomic Access to 64-bit Variable Must Be 64-bit Aligned (Staticcheck) GO.STDLIB.AAT64V
Avoid Zero-width and Control Characters in String Literals (Staticcheck) GO.STYLE.AZACCI
Binary Operator Has Identical Expressions on Both Sides (Staticcheck) GO.DEADCODE.BOHIEO
Break Statement With No Effect. Did You Mean to Break Out of an Outer Loop? (Staticcheck) GO.DEADCODE.BSWNED
Called 'testing.T.FailNow' or 'SkipNow' in a Goroutine, Which Isn't Allowed (Staticcheck) GO.CONCURRENCY.CTTFOS
Calling Functions Like 'math.Ceil' on Floats Converted From Integers Doesn't Do Anything Useful (Staticcheck) GO.DEADCODE.CFLMCO
Cannot Marshal Channels or Functions (Staticcheck) GO.STDLIB.CMCOF
Certain Bitwise Operations, Such As 'x ^ 0', Do Not Do Anything Useful (Staticcheck) GO.DEADCODE.CBOSAX
Channels Used With 'os Signal.Notify' Should Be Buffered (Staticcheck) GO.STDLIB.CUWOSN
Checking Never-nil Value Against Nil (Staticcheck) GO.DEADCODE.CNVAN
Checking for Impossible Return Value From a Builtin Function (Staticcheck) GO.DEADCODE.CFIRVF
Comparing 'runtime.GOOS' or 'runtime.GOARCH' Against Impossible Value (Staticcheck) GO.DEADCODE.CRGORG
Comparing Unsigned Values Against Negative Values Is Pointless (Staticcheck) GO.DEADCODE.CUVANV
Comparing a Value Against NaN Even Though No Value Is Equal to NaN (Staticcheck) GO.DEADCODE.CAVANE
Comparing the Address of a Variable Against Nil (Staticcheck) GO.DEADCODE.CTAOAV
Converting a String to a Slice of Runes Before Ranging Over It (Staticcheck) GO.PERFORMANCE.CASTAS
Deferred 'Lock' Right After Locking, Likely Meant to Defer 'Unlock' Instead (Staticcheck) GO.CONCURRENCY.DLRALL
Deferring 'Close' Before Checking for a Possible Error (Staticcheck) GO.CORRECTNESS.DCBCFA
Defers in Infinite Loops Will Never Execute (Staticcheck) GO.CORRECTNESS.DIILWN
Defers in Range Loops May Not Run When You Expect Them to (Staticcheck) GO.DUBIOUS.DIRLMN
Deleting a Directory That Shouldn't Be Deleted (Staticcheck) GO.DUBIOUS.DADTSB
Discarding the Return Values of a Function Without Side Effects, Making the Call Pointless (Staticcheck) GO.DEADCODE.DTRVOA
Don't Use 'fmt.Sprintf("%s", X)' Unnecessarily (Staticcheck) GO.SIMPLIFICATION.DUFSXU
Don't Use Yoda Conditions (Staticcheck) GO.STYLE.DUYC
Dot Imports Are Discouraged (Staticcheck) GO.STYLE.DIAD
Drop Unnecessary Use of the Blank Identifier (Staticcheck) GO.SIMPLIFICATION.DUUOTB
Dubious Bit Shifting of a Fixed Size Integer Value (Staticcheck) GO.DUBIOUS.DBSOAF
Elaborate Way of Sleeping (Staticcheck) GO.SIMPLIFICATION.EWOS
Empty Body in an If or Else Branch (Staticcheck) GO.DUBIOUS.EBIAIO
Empty Critical Section, Did You Mean to Defer the Unlock? (Staticcheck) GO.CONCURRENCY.ECSDYM
Field Assignment That Will Never Be Observed. Did You Mean to Use a Pointer Receiver? (Staticcheck) GO.DEADCODE.FATWNB
Go Constants Cannot Express Negative Zero (Staticcheck) GO.DEADCODE.GCCENZ
Importing the Same Package Multiple Times (Staticcheck) GO.STYLE.ITSPMT
Impossible Comparison of Interface Value With Untyped Nil (Staticcheck) GO.DEADCODE.ICOIVW
Impossible Type Assertion (Staticcheck) GO.CORRECTNESS.ITA
Inappropriate Key in Call to 'context.WithValue' (Staticcheck) GO.STDLIB.IKICTC
Incorrect or Missing Package Comment (Staticcheck) GO.STYLE.IOMPC
Incorrectly Formatted Error String (Staticcheck) GO.STYLE.IFES
Ineffective Attempt at Generating Random Number (Staticcheck) GO.DEADCODE.IAAGRN
Ineffective Attempt at Sorting Slice (Staticcheck) GO.DEADCODE.IAASS
Inefficient String Comparison With 'strings.ToLower' or 'strings.ToUpper' (Staticcheck) GO.PERFORMANCE.ISCWST
Infinite Recursive Call (Staticcheck) GO.CORRECTNESS.IRC
Integer Division of Literals That Results in Zero (Staticcheck) GO.DEADCODE.IDOLTR
Invalid Argument in Call to a 'strconv' Function (Staticcheck) GO.STDLIB.IAICTA
Invalid First Argument to 'exec.Command' (Staticcheck) GO.STDLIB.IFATEC
Invalid Format in 'time.Parse' (Staticcheck) GO.STDLIB.IFITP
Invalid Printf Call (Staticcheck) GO.CORRECTNESS.IPC
Invalid Regular Expression (Staticcheck) GO.STDLIB.IRE
Invalid Struct Tag (Staticcheck) GO.CORRECTNESS.IST
Invalid Template (Staticcheck) GO.STDLIB.IT
Invalid URL in 'net Url.Parse' (Staticcheck) GO.STDLIB.IUINUP
It Is Not Possible to Use '(*time.Timer).Reset''s Return Value Correctly (Staticcheck) GO.STDLIB.IINPTU
Merge Variable Declaration and Assignment (Staticcheck) GO.SIMPLIFICATION.MVDAA
Missing an Optimization Opportunity When Indexing Maps By Byte Slices (Staticcheck) GO.PERFORMANCE.MAOOWI
Modifying the Buffer in an 'io.Writer' Implementation (Staticcheck) GO.STDLIB.MTBIAI
Multiple, Identical Build Constraints in the Same File (Staticcheck) GO.DEADCODE.MIBCIT
Negating a Boolean Twice ('!!b') Is the Same As Writing 'b'. This Is Either Redundant, or a Typo. (Staticcheck) GO.DEADCODE.NABTBI
Non-canonical Key in 'http.Header' Map (Staticcheck) GO.STDLIB.NKIHHM
Non-pointer Value Passed to 'Unmarshal' or 'Decode' (Staticcheck) GO.STDLIB.NVPTUO
Omit Comparison With Boolean Constant (Staticcheck) GO.SIMPLIFICATION.OCWBC
Omit Default Slice Index (Staticcheck) GO.SIMPLIFICATION.ODSI
Omit Redundant Control Flow (Staticcheck) GO.SIMPLIFICATION.ORCF
Omit Redundant Nil Check Around Loop (Staticcheck) GO.SIMPLIFICATION.ORNCAL
Omit Redundant Nil Check in Type Assertion (Staticcheck) GO.SIMPLIFICATION.ORNCIT
Omit Redundant Nil Check on Slices (Staticcheck) GO.SIMPLIFICATION.ORNCOS
Only the First Constant Has an Explicit Type (Staticcheck) GO.DUBIOUS.OTFCHA
Overlapping Byte Slices Passed to an Encoder (Staticcheck) GO.STDLIB.OBSPTA
Passing Odd-sized Slice to Function Expecting Even Size (Staticcheck) GO.CORRECTNESS.POSTFE
Poorly Chosen Identifier (Staticcheck) GO.STYLE.PCI
Poorly Chosen Name for Error Variable (Staticcheck) GO.STYLE.PCNFEV
Poorly Chosen Name for Variable of Type 'time.Duration' (Staticcheck) GO.STYLE.PCNFVO
Poorly Chosen Receiver Name (Staticcheck) GO.STYLE.PCRN
Possible Nil Pointer Dereference (Staticcheck) GO.CORRECTNESS.PNPD
Range Over the String Directly (Staticcheck) GO.SIMPLIFICATION.ROTSD
Redundant Call to 'net Http.CanonicalHeaderKey' in Method Call on 'net Http.Header' (Staticcheck) GO.SIMPLIFICATION.RCTNHC
Redundant Type in Variable Declaration (Staticcheck) GO.STYLE.RTIVD
Replace 'time.Now().Sub(x)' With 'time.Since(x)' (Staticcheck) GO.SIMPLIFICATION.RTNSWT
Replace 'x.Sub(time.Now())' With 'time.Until(x)' (Staticcheck) GO.SIMPLIFICATION.RXSNWT
Replace Call to 'bytes.Compare' With 'bytes.Equal' (Staticcheck) GO.SIMPLIFICATION.RCTBCW
Replace Call to 'strings.Index' With 'strings.Contains' (Staticcheck) GO.SIMPLIFICATION.RCTSIW
Replace Manual Trimming With 'strings.TrimPrefix' (Staticcheck) GO.SIMPLIFICATION.RMTWST
Replace for Loop With Call to Copy (Staticcheck) GO.SIMPLIFICATION.RFLWCT
Self-assignment of Variables (Staticcheck) GO.DEADCODE.SOV
Should Use Constants for HTTP Error Codes, Not Magic Numbers (Staticcheck) GO.STYLE.SUCFHE
Simplify "make" Call By Omitting Redundant Arguments (Staticcheck) GO.SIMPLIFICATION.SMCBOR
Simplify Error Construction With 'fmt.Errorf' (Staticcheck) GO.SIMPLIFICATION.SECWFE
Simplify Regular Expression By Using Raw String Literal (Staticcheck) GO.SIMPLIFICATION.SREBUR
Simplify Returning Boolean Expression (Staticcheck) GO.SIMPLIFICATION.SRBE
Storing Non-pointer Values in 'sync.Pool' Allocates Memory (Staticcheck) GO.PERFORMANCE.SNVISP
Suspiciously Small Untyped Constant in 'time.Sleep' (Staticcheck) GO.STDLIB.SSUCIT
The Documentation of an Exported Function Should Start With the Function's Name (Staticcheck) GO.STYLE.TDOAEF
The Documentation of an Exported Type Should Start With Type's Name (Staticcheck) GO.STYLE.TDOAET
The Documentation of an Exported Variable or Constant Should Start With Variable's Name (Staticcheck) GO.STYLE.TDOAEV
The Empty for Loop ("for {}") Spins and Can Block the Scheduler (Staticcheck) GO.CORRECTNESS.TEFLFS
The Finalizer References the Finalized Object, Preventing Garbage Collection (Staticcheck) GO.CORRECTNESS.TFRTFO
The Loop Exits Unconditionally After One Iteration (Staticcheck) GO.DEADCODE.TLEUAO
The Result of 'append' Will Never Be Observed Anywhere (Staticcheck) GO.DEADCODE.TROAWN
The Variable in the Loop Condition Never Changes, Are You Incrementing the Wrong Variable? (Staticcheck) GO.DEADCODE.TVITLC
Trapping a Signal That Cannot Be Trapped (Staticcheck) GO.STDLIB.TASTCB
Trying to Marshal a Struct With No Public Fields Nor Custom Marshaling (Staticcheck) GO.DUBIOUS.TTMASW
Type Assertion to Current Type (Staticcheck) GO.SIMPLIFICATION.TATCT
Unnecessarily Complex Way of Printing Formatted String (Staticcheck) GO.SIMPLIFICATION.UCWOPF
Unnecessary Guard Around Call to "delete" (Staticcheck) GO.SIMPLIFICATION.UGACTD
Unnecessary Guard Around Map Access (Staticcheck) GO.SIMPLIFICATION.UGAMA
Unnecessary Use of 'fmt.Sprint' (Staticcheck) GO.SIMPLIFICATION.UUOFS
Unreachable Case Clause in a Type Switch (Staticcheck) GO.DEADCODE.UCCIAT
Unsupported Argument to Functions in 'encoding Binary' (Staticcheck) GO.STDLIB.UATFIE
Unused Code (Staticcheck) GO.UC.UC
Use "copy" for Sliding Elements (Staticcheck) GO.SIMPLIFICATION.UCFSE
Use "for { ... }" for Infinite Loops (Staticcheck) GO.SIMPLIFICATION.UFFIL
Use 'bytes.Buffer.String' or 'bytes.Buffer.Bytes' (Staticcheck) GO.SIMPLIFICATION.UBBSOB
Use 'sort.Ints(x)', 'sort.Float64s(x)', and 'sort.Strings(x)' (Staticcheck) GO.SIMPLIFICATION.USISFA
Use Consistent Method Receiver Names (Staticcheck) GO.STYLE.UCMRN
Use Plain Channel Send or Receive Instead of Single-case Select (Staticcheck) GO.SIMPLIFICATION.UPCSOR
Use Result of Type Assertion to Simplify Cases (Staticcheck) GO.SIMPLIFICATION.UROTAT
Use a Single 'append' to Concatenate Two Slices (Staticcheck) GO.SIMPLIFICATION.UASATC
Use a Type Conversion Instead of Manually Copying Struct Fields (Staticcheck) GO.SIMPLIFICATION.UATCIO
Using 'bytes.Equal' to Compare Two 'net.IP' (Staticcheck) GO.STDLIB.UBETCT
Using 'regexp.Match' or Related in a Loop, Should Use 'regexp.Compile' (Staticcheck) GO.PERFORMANCE.URMORI
Using 'time.Tick' in a Way That Will Leak. Consider Using 'time.NewTicker', and Only Use 'time.Tick' in Tests, Commands and Endless Functions (Staticcheck) GO.STDLIB.UTTIAW
Using Io.WriteString to Write '[]byte' (Staticcheck) GO.PERFORMANCE.UIWTWB
Using a Deprecated Function, Variable, Constant or Field (Staticcheck) GO.STDLIB.UADFVC
Using a Non-octal 'os.FileMode' That Looks Like It Was Meant to Be in Octal. (Staticcheck) GO.DUBIOUS.UANOFT
Using an Invalid Host:port Pair With a 'net.Listen'-related Function (Staticcheck) GO.STDLIB.UAIHPW
Various Methods in the "strings" Package Expect Valid UTF-8, but Invalid Input Is Provided (Staticcheck) GO.STDLIB.VMITSP

Enabling and Disabling

You have multiple degrees of control over reporting for the warnings issued by Staticcheck.

 

To report problems with this documentation, please visit https://support.codesecure.com/.