Check Methods for codesonar_citool.py -check and codesonar_gerrit

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

General

Check Methods
for codesonar_citool.py -check and codesonar_gerrit_citool.py -check

This file describes the available check methods for use with the -check option to the analyze and check forms of the codesonar_citool.py and codesonar_gerrit_citool.py commands.

Overview
-check alert
-check warning
-check warning-class
-check warning-priority
-check warning-severity

Overview

The analyze and check forms of the codesonar_citool.py command have an optional -check option that you can use to specify one or more conditions on the CodeSonar analysis results. If any of the conditions are not satisfied, the codesonar_citool.py command will exit with a non-zero exit code.

The codesonar_gerrit_citool.py command extends codesonar_citool.py, so these check methods are also available with the -check option to codesonar_gerrit_citool.py analyze and codesonar_gerrit_citool.py check

There are several available check varieties. Most of these varieties inspect various properties of the warnings issued by the analysis; one variety applies to analysis alerts.

-check alert [+message] [+-message] [+color=colors]
-check warning [+columns=columns] [+tolerance=N] [+rows=M]
-check warning-class [+class] [+tolerance=N] [+rows=M]
-check warning-priority [+priority] [+tolerance=N]
-check warning-severity [+severity] [+scale=scale] [+tolerance=N]

Note

Links in this page to -fail-code, -summary, and search options documentation will link to the manual page for codesonar_citool.py. The information for these options is applicable to both codesonar_citool.py and codesonar_gerrit_citool.py: it is repeated in the codesonar_gerrit_citool.py manual page for convenience only.

Other Relevant Options

The following options to codesonar_citool.py and codesonar_gerrit_citool.py are also relevant.

-fail-code	Specify the exit code to return if a check fails.
-summary	When specified, the exported summary will contain a section for each check specified with -check.

-check alert [+message] [+-message] [+color=colors]

Check for the presence of alerts on the analysis. Alerts may signal problems with the analysis which may make the entire analysis invalid.

Argument	Default	Description	Can specify multiple times?
+message	only alerts of the specified colors	An alert message to specifically include in this check.	YES
+-message	none	An alert message to specifically exclude from this check.	YES
+color=colors	RED if no +message arguments, none otherwise	Include all alerts of the specified colors: a comma-separated list of alert color names. Accepted alert color names are: {RED, YELLOW, BLUE, GREEN}.	no

Default alert check

If no explicit -check alert [...] is specified, the command will perform the default alert check, which is equivalent to:

-check alert +color=RED

Examples

Example 1. No explicit -check alert [...] is specified. The default alert check is performed, and will fail if the analysis has issued any red alerts.
Example 2. The following check is explicitly specified with no optional arguments, so defaults are used. The check will fail is the analysis has issued any red alerts.
```
-check alert
```
- There is no +color argument: the default setting of RED is used, because there is also no +message argument.
- Because an explicit -check alert [...] is specified, the default alert check is not performed.
Example 3. The following check always trivially passes.
```
-check alert +color=
```
- There is no +message argument and the +color argument is explicitly set to the empty list: there is nothing to check.
- Because an explicit -check alert [...] is specified, the default alert check is not performed.
Example 4. The following check will fail if the analysis issues any red or orange alerts other than "Bad File System".
```
-check alert +colors="RED,ORANGE" +-"Bad File System"
```
- Because an explicit -check alert [...] is specified, the default alert check is not performed.
Example 5. The following check will fail if the analysis issues any "Analysis Stuck (No Slaves)" or "Analysis Stalled" alerts.
```
-check alert +"Analysis Stuck (No Slaves)" +"Analysis Stalled"
```
- Because an explicit -check alert [...] is specified, the default alert check is not performed.

-check warning [+columns=columns] [+tolerance=N] [+rows=M]

Did the analysis issue too many warnings?

Argument	Default	Description	Can specify multiple times?
+tolerance=N	0 (zero)	The check will fail if the analysis issued more than N warnings	no
+columns=columns	"score,class,file,lineNumber"	If -summary is specified, the summary section corresponding to this check will include the specified columns in the specified order. columns is a comma-separated list of column names. Accepted column names are: { id, class, score, file, lineNumber, procedure}. If -summary is not specified, this argument has no effect.	no
+rows=M	10	If -summary is specified, the summary section corresponding to this check will include a maximum of M rows. If -summary is not specified, this argument has no effect.	no

Examples

Example 1. No optional arguments are specified, so defaults are used: the following check will fail if the analysis reported any warnings (after search options are applied). If -summary is specified, the summary section corresponding to this check will have columns score, class, file, lineNumber (in that order), and a maximum of 10 rows.
```
-check warning
```
Example 2. The following check will fail if the analysis reported more than 10 warnings (after search options are applied). If -summary is specified, the summary section corresponding to this check will have columns id, class, and score (in that order), and a maximum of 20 rows.
```
-check warning +tolerance=10 +rows=20 +columns="id,class,score"
```

-check warning-class [+class] [+tolerance=N] [+rows=M]

Did the analysis issue too many warnings of the specified warning classes?

Argument	Default	Description	Can specify multiple times?
+class	all warning classes are considered	Name of a warning class to include when counting warnings for this check.	YES
+tolerance=N	0 (zero)	The check will fail if the analysis issued more than N warnings of the specified warning classes. If any search options are specified, this count considers only warnings that meet the specified search conditions.	no
+rows=M	unlimited	If -summary is specified, the summary section corresponding to this check will include a maximum of M rows. If -summary is not specified, this argument has no effect.	no

Examples

Example 1. No optional arguments are specified, so defaults are used: the following check will fail if the analysis reported any warnings (after search options are applied) of any class. If -summary is specified, the summary section corresponding to this check will have an unlimited number of rows.
```
-check warning-class
```
Example 2. The following check will fail if the analysis reported more than 1 warning (after search options are applied) of class "Leak" or "Buffer Overrun". If -summary is specified, the summary section corresponding to this check will have at most one row.
```
-check warning-class +Leak +"Buffer Overrun" +tolerance=1 +rows=1
```

-check warning-priority [+priority] [+tolerance=N]

Did the analysis issue too many warnings with the specified priorities?

Argument	Default	Description	Can specify multiple times?
+priority	"P0: High"	Name of a warning priority to include when counting warnings for this check. The specified priority must be the name of a priority that is defined on the hub.	YES
+tolerance=N	0 (zero)	The check will fail if the analysis issued more than N warnings with one of the specified priorities. If any search options are specified, this count considers only warnings that meet the specified search conditions.	no

Examples

Example 1. No optional arguments are specified, so defaults are used: the following check will fail if the analysis reported any warnings (after search options are applied) with priority "P0: High".
```
-check warning-priority
```
Example 2. The following check will fail if the analysis reported more than 5 warnings (after search options are applied) with priority "P0: High" or "P2: Medium".
```
-check warning-priority +"P1: High" +"P2: Medium" +tolerance=5
```

-check warning-severity [+severity] [+scale=scale] [+tolerance=N]

Did the analysis issue too many warnings with scores in the specified severity classes?

Argument	Default	Description	Can specify multiple times?
+severity	High	Name of a severity class to include when counting warnings for this check. With the default +scale setting, the available classes are {High, Medium, Low}.	YES
+scale=scale	"Low:21:Medium:56:High"	Defines the set of severity classes to use for this check, as a list of severity class names alternating with warning score threshold values separated by a colon (:). The default setting specifies that "Low" severity class contains warnings with score 0-21, "Medium" is 21-56, and "High" is 56-100.	no
+tolerance=N	0 (zero)	The check will fail if the analysis issued more than N warnings with scores that fall into the specified severity classes. If any search options are specified, this count considers only warnings that meet the specified search conditions.	no

Examples

Example 1. No optional arguments are specified, so defaults are used: the following check will fail if the analysis reported any warnings (after search options are applied) with score >= 56.
```
-check warning-severity
```
Example 2. The following check will fail if the analysis reported more than 6 warnings (after search options are applied) with score > 50.
```
-check warning-severity +extreme +bad +scale="ok:20:moderate:50:bad:80:extreme" +tolerance=6
```

To report problems with this documentation, please visit https://support.codesecure.com/.

Check Methods for codesonar_citool.py -check and codesonar_gerrit_citool.py -check

Overview

Note

Other Relevant Options

-check alert [+message] [+-message] [+color=colors]

Default alert check

Examples

-check warning [+columns=columns] [+tolerance=N] [+rows=M]

Examples

-check warning-class [+class] [+tolerance=N] [+rows=M]

Examples

-check warning-priority [+priority] [+tolerance=N]

Examples

-check warning-severity [+severity] [+scale=scale] [+tolerance=N]

Examples

Check Methods
for codesonar_citool.py -check and codesonar_gerrit_citool.py -check