Example/Tutorial: Custom Checking with CodeSonar Plug-Ins

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

Example/Tutorial: Custom Checking with CodeSonar Plug-Ins

One of the primary uses of CodeSonar plug-ins is for implementing custom checks. Checks implemented in plug-ins can operate directly on CodeSonar's internal representation of a program: this approach is more powerful than that provided by the Extension API, but checks can be more difficult to implement. For a side-by-side comparison of the two approaches, see Extending CodeSonar.

This tutorial illustrates the plug-in approach with two custom checks.

CodeSonar SaaS Note: If you want to use your own custom plug-ins with CodeSonar SaaS, contact CodeSecure support for assistance. The installation instructions provided in this page are not sufficient to make plug-ins available to SaaS analyses.

We have provided source code for two small example plug-ins.

Part One	A check for variable names containing upper case characters.
Part Two	A check for mismatched square and round parentheses in the output of a program.

There are versions of both plug-ins for each supported API language: C++, Python, and C. You can experiment with any or all of the of the plug-ins: note that if you install multiple versions of the "same" plug-in, every problem will be flagged multiple times.

Note

In this section (and throughout this manual), $CSONAR indicates the CodeSonar installation directory.

If you have defined environment variable CSONAR to the location of the CodeSonar installation directory, you can use $CSONAR directly in your command lines. On Windows systems, use %CSONAR% in place of $CSONAR.
If you don't want to use environment variables, replace $CSONAR with the path to your CodeSonar installation directory before using the command lines.

Getting Started

To get started:

Copy the following files to a working directory.
- testvar.c : A small program that exercises the upper-case check plug-in (tutorial Part One).
- callseq_sample.c : An extremely small program that exercises the parenthesis check plug-in (tutorial Part Two).
Decide which API language you wish to use.

Copy the corresponding plug-in source file to the working directory, and go on to the language-specific part of the tutorial.

API language	Plug-in Source Files		Go on to...
API language	Part One	Part Two	Go on to...
C++	UCvar_plugin.cpp	callseq_plugin.cpp	Plug-In API Tutorial: C++ Version
Python	UCvar_plugin.py	callseq_plugin.py	Plug-In API Tutorial: Python Version
C	UCvar_plugin.c	callseq_plugin.c	Plug-In API Tutorial: C Version

To report problems with this documentation, please visit https://support.codesecure.com/.