CodeSonar Plug-in for Visual Studio: Tutorial [Windows only]

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

C and C++

Third-Party External

CodeSonar Plug-in for Visual Studio: Tutorial [Windows only]

This tutorial introduces you to the CodeSonar plug-in for Visual Studio using a sample program that is provided with the product.

You will use the plug-in to build and analyze the sample program, then to browse and interpret the analysis results.

Before You Start
Files
Set Up the Sample Project
Build and Analyze the Project
View the Analysis Results
Visual Studio Plug-in Links

Before You Start

If you have not already installed the CodeSonar plug-in for Visual Studio, install and configure it now.

Ensure all prerequisites have been satisfied. (This includes installing CodeSonar and Visual Studio if they are not already installed.)
Install the CodeSonar plug-in.
Create a working directory for the tutorial.
Identify the hub you will use; start the hub if it is not already running.
If you don't already have a hub user account, create one now. You will need the following permissions in order to perform the steps in this tutorial.
- The following, all for the root project tree: ANALYSIS_READ, ANALYSIS_TERMINATE, ANALYSIS_WARNING_EXISTS, ANALYSIS_WARNING_READ, PROJECT_ADD_CHILD, PTREE_ADD_CHILD.
  If your hub user account does not have all these permissions for the root project tree, but does have the corresponding permissions for a different project tree or project, you can do this tutorial with minor changes: see the notes below.
- Global permissions G_LIST_PROPERTIES and G_LIST_USERS.
  If your account does not have these permissions, you will not be able to do this tutorial.
If the hub is configured to prevent anonymous users from creating their own accounts, you will need to ask a hub administrator to create an account for you before proceeding.

Files

We use the sample BasicProj.c file provided with the Basic Tutorial.

Save a copy of BasicProj.c to your working directory.

Set Up the Sample Project

Now set up the sample Visual Studio project ready for building and analyzing with CodeSonar.

Start Visual Studio, if it is not already running.
Create a new Visual Studio project containing the BasicProj.c.
1. Select File > New > Project from the main menu bar.
  A New Project dialog will open.
2. Click Empty Project to select it.
3. Enter csBasicVisualStudio in the Name field.
4. Click the Browse button next to the Location field, then use the dialog that opens to select your working directory.
5. Click OK.
  The csBasicVisualStudio project will now be shown in the Solution Explorer panel.
6. Right-click on the Source Files folder and select Add > Existing Item.
7. Navigate to your working directory and select BasicProj.c.
8. Click Add.
  BasicProj.c will be visible in the Source Files folder.
Set up the project properties.
You will set the project's analysis mode to Hook mode, specify a CodeSonar hub to manage the analysis results, and enter your hub credentials. You will only need to do this once for each project.
1. In Solution Explorer, right-click on the csBasicVisualStudio project.
  A menu will open.
2. Select CodeSonar > Properties from the menu.
  Visual Studio will display the Properties dialog for the project, with the CodeSonar project properties selected.
3. Enter your hub location in the Hub address field.
4. Specify your authentication credentials in the Authentication Type section.
  1. Set Authentication type to Password.
  2. Enter the username and password for your hub user account in the corresponding form fields.
5. Specify additional build/analysis properties in the Build/Analyze section.
  1. Select Hook build.
  2. Select Local Analysis.
6. Click Apply, then OK.
Right-click on the project again, and select CodeSonar > Enable > Hook Build from the menu (if it is not already selected).
A dialog will open, explaining that enabling hook build will trigger a clean on the selected project.
Click OK.

Build and Analyze the Project

The Visual Studio project is now set up to work with CodeSonar.

In the Solution Explorer, right-click on the csBasicVisualStudio project.
A menu will open.
Select CodeSonar > Build/Analyze Project from the menu.
A dialog will open, explaining that the analysis completed and asking if you want to save changes. Click OK.
The Analysis Report view will open to show the progress and current results of the analysis.

View the Analysis Results

The Analysis Report panel will look (something) like the following.

analysis report view

Initially the panel will show the Overview tab.

The panel on the left provides summary information about the analysis and its findings.
The panel on the right contains links to additional information presented in the CodeSonar web GUI.

We will look at some the warnings issued by the analysis.

Switch to the Warnings tab.
If necessary, resize the columns so you can read the table contents comfortably.
Double-click the table entry for the "Null Pointer Dereference" warning that occurs on line 17.
- The source listing for BasicProj.c will open, and scroll to the warning location.
- The Warning view for the warning will open.
Look at the source listing.
Information about the warning is overlaid on the listing.
- The source code at the warning location is highlighted.
- A warning marker is shown in the left margin at the warning location.
- Orange markings to the right of the scrollbar show warning locations within the file (including the location of the current warning).
Look at the warning panel.
- The Warning panel header contains basic identifying information about the warning, in the following format.
  Warning_Class at File_Name: line_num id=warning_id
- Initially the view will show the Code tab, which contains an annotated code excerpt that shows the context in which the warning was issued.
Scroll through the Warning panel to see its contents.
Try hovering and clicking on various elements to see what happens. For example:
- macro names such as NULL
- line numbers
- control flow markings , , and (in the left margin, to the right of the line numbers)
- data event markings (in the left margin, to the left of the line numbers)
- the source file path (at the top of the excerpt)
- excerpt expansion links and (at the top and bottom of the excerpt)
- "See related event" links
Switch to the Notes tab.
Use the pull-down menus to specify a Priority, State, Finding, and Owner for this warning.
Enter a note in the Note field.
Click the Save button. The Change History will update to include a notification for the changes you just made.
These changes were made on the CodeSonar hub, so all hub users will be able to see them.
Click (at the top right of the Warning view).
The web GUI Warning Report page for this warning will open in your web browser.
Check to confirm that your updated warning annotations are displayed in the web GUI.

This is the end of the Visual Studio Tutorial. If you like, you can go to the tutorial index and choose another tutorial exercise.

If you don't have the required root project tree permissions

The tutorial steps described above require you to have the following permissions for the root project tree: ANALYSIS_READ, ANALYSIS_TERMINATE, ANALYSIS_WARNING_EXISTS, ANALYSIS_WARNING_READ, PROJECT_ADD_CHILD, PTREE_ADD_CHILD.

If you don't have all these permissions root project tree, but do have the corresponding permissions for a different project tree or project, you can do this tutorial with minor changes. There are two cases.

Case 1: there is some project tree T such that your hub user account has ANALYSIS_READ T, ANALYSIS_TERMINATE T, ANALYSIS_WARNING_EXISTS T, ANALYSIS_WARNING_READ T, PROJECT_ADD_CHILD T, and PTREE_ADD_CHILD T.
- When you are setting up the Build/Analyze properties, set Project to /path/to/Tname/csBasicVisualStudio, where /path/to/Tname/ is the PTree Path for T.
Case 2: there is already a project P on your hub for analyzing BasicProj.c, and your hub user account has ANALYSIS_READ P, ANALYSIS_TERMINATE P, ANALYSIS_WARNING_EXISTS P, ANALYSIS_WARNING_READ P, and PROJECT_ADD_CHILD P. You do not need any PTREE_ADD_CHILD permission in this case.
- When you are setting up the Build/Analyze properties, set Project to /parent/path/Pname, where /parent/path/Pname is the Project Path for P.

Visual Studio Plug-in Links

The following sections provide detailed information about installing and using the CodeSonar plug-in for Visual Studio.

To report problems with this documentation, please visit https://support.codesecure.com/.