Tutorial: Build the Sample Program (Command Line)

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

Build the Sample Program (C#)

We will build and analyze the project with a codesonar analyze command line.

Save a copy of BasicCsharp.cs to the working directory (right-click on the link and select Save Target As... or equivalent).
Make sure your browser does not append any file extension (such as .txt) to the downloaded file. If it does, rename the file back to BasicCsharp.cs.

The CodeSonar C# analysis operates on compiled C# bytecode, so we start by compiling BasicCsharp.cs with csc.

csc /debug:full /define:DEBUG BasicCsharp.cs

If the path to your C# compiler executable is not in your PATH, you will need to provide the full path to csc.
If you prefer, you can use your normal .NET build tools instead of invoking csc. Make sure you output the resulting BasicCsharp.exe to the current directory, and that your build generates BasicCsharp.pdb and enables debug mode.
(You can choose a different output directory, provided that you specify the path to BasicCsharp.exe in the next step.)

Execute the project build/analysis command.
If your hub is running at the default location, you don't need to specify it.

Default hub location	CodeSonar SaaS	codesonar analyze cs-BasicProj -remote "/saas/*" cs-dotnet-scan -include-artifacts BasicCsharp.exe
Default hub location	otherwise	codesonar analyze cs-BasicProj cs-dotnet-scan -include-artifacts BasicCsharp.exe
Explicit hub location	CodeSonar SaaS	codesonar analyze cs-BasicProj -remote "/saas/" hub_address:hub_port* cs-dotnet-scan -include-artifacts BasicCsharp.exe
Explicit hub location	otherwise	codesonar analyze cs-BasicProj hub_address:hub_port cs-dotnet-scan -include-artifacts BasicCsharp.exe

Note that this command line includes the following elements.

Command Line Element	Value	Notes
Project Name	cs-BasicProj	This functions as the unique identifier for the analyzed project when analysis results are sent to the hub. We give the CodeSonar project a different name from the underlying software project (BasicProj) to distinguish them for the purpose of the tutorial. There is, however, no reason you cannot give a CodeSonar project the same name as the analyzed software project, and many users prefer to do so.
Project Path	[empty]	We will analyze in the current working directory. File cs-BasicProj.prj and directory cs-BasicProj.prj_files/ will be created here to store analysis information.
Analysis Launch Daemon	-remote "/saas/" or [empty]*	For CodeSonar SaaS analysis, instruct the hub to choose a suitable analysis launch daemon from its saas launchd group so that the analysis can be started and managed remotely. Otherwise, start and manage the analysis locally.
Hub Location	hub_address:hub_port	The location of the hub you are using. If your hub is running at the default location, you do not need to specify it.
Observed Build Command	cs-dotnet-scan -include-artifacts BasicCsharp.exe cs-dotnet-scan itself is a null function: its only purpose is to be recognized by CodeSonar so that the C# bytecode and source files it specifies can be incorporated into the project. -include-artifacts BasicCsharp.exe specifies that file BasicCsharp.exe in the current directory should be included in the CodeSonar project as an ordinary artifact: one for which we wish CodeSonar to issue warnings and are providing the corresponding source code. We don't need to specify the location of the source file BasicCsharp.cs: CodeSonar will obtain this information from the PDB file. (For full information on the cs-dotnet-scan command, see Build and Analysis for C# Projects)

If CodeSonar requests a hub user account username and password, enter them at the prompt.
(If Anonymous can authorize the analysis, CodeSonar will not prompt you for credentials.)

If you need hub account credentials to proceed but do not have any, consult the hub Administrator. They may need to create a user account for you, or to provide you with information about an existing account that has been created for you.

Once the command has been authorized, CodeSonar will start building the project. Command-line output will describe the actions that CodeSonar is performing.

In some cases you may be prompted to perform one or more of the following.

Accept the CodeSonar License	[Command line prompt] If this is the first time you are building a project and you have not yet accepted the CodeSonar license agreement, CodeSonar will print the text of the agreement and ask whether you want to accept it. Press y to accept the license and proceed with the build. (If you accidentally press the wrong key, causing CodeSonar to abandon the build, just re-run the build command.) If your window history is not long enough to scroll over the entire text of the license agreement, you can examine the agreement file at $CSONAR/EULA.txt.
Opt in or out of uploading anonymous usage statistics	[Command line prompt] If this is the first time you are building a project and you have not yet specified whether you want to upload anonymized usage statistics to CodeSecure, CodeSonar will ask "Send anonymous usage statistics to CodeSecure?" now. Press y to opt in; n to opt out. You can change this setting at any time.
User Account Control	If User Account Control is enabled, your system may request permission for cs_uac_daemonize.exe from CodeSecure, Inc to continue. Click Continue to proceed.
Service Authentication	[Dialog, Windows only] If you are running CodeSonar with services, a services authentication dialog may open at the point where the command-line output looks something like this: ... ok Checking whether I can connect to [::1]:num... ok Creating cshub database... ok Enter your username and password, and click OK. For more information, see section CodeSonar as a Windows Service.

CodeSonar will continue building, then perform the analysis and print a URL for the analysis results.

...
codesonar: Logging to cs-BasicProj.prj_files\log.txt...
your_build_command
codesonar: Building cs-BasicProj.prj...
codesonar: Analysis initialized.
codesonar: Live progress and results are visible at:
codesonar: http://[::1]:7340/analysis/1.html
codesonar: This url is only accessible from http clients on machine_name.
codesonar: However, there may be other urls that are more widely accessible.

(If you specified a different hub location, this will be reflected in the result location URL.)

Open the specified URL in a web browser.

If the CodeSonar GUI displays a message requesting that you sign in, enter your hub user account credentials.

You will not be asked to sign in if the hub is configured to permit anonymous browsing. Hubs with factory settings will permit anonymous browsing.
If you are asked to sign in and do not know your hub user account username or password, consult your hub Administrator.

Go on to Analysis Page and Warning Reports.

To report problems with this documentation, please visit https://support.codesecure.com/.