JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
This section provides an illustrated usage example for the SARIF importer.
For more examples, see Including Tier 3 Components in a CodeSonar Project, and the individual language examples linked from that page.
We have provided the following files for this example.
| hello.c | The short C source file that is the subject of the analysis. |
|---|---|
| hello.sarif | A SARIF file describing a warning that has been detected in hello.c. |
This example will set up a Makefile to be used with make to compile the source code and invoke the SARIF importer. If you use a different build system, replace the Makefile edits and make invocations described below with their equivalents in the system you are using.
In this section (and throughout this manual), $CSONAR indicates the CodeSonar installation directory.
For example, if you are using make then create a Makefile like the following.
CC = gcc
.PHONY: all clean
all: hello
hello: hello.o
$(CC) -o hello hello.o
hello.o: hello.c
$(CC) -c hello.c
clean:
rm -f *.o *.exe *~ core
If you are using make, your Makefile will now look like the following.
CC = gcc .PHONY: all clean csonar_scan all: hello hello: hello.o $(CC) -o hello hello.o hello.o: hello.c $(CC) -c hello.c clean: rm -f *.o *.exe *~ core csonar_scan: all hello.sarif codesonar import_sarif.py hello.sarif
The Analysis: Warnings tab will list one warning of class "C1023 name" and one warning of class "C1729 name", as shown in the following screenshot fragment.
The warning location (highlighted in red and with the warning description box attached) is line 10 of hello.c. There are two interesting locations (code lines highlighted in blue).
{
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "CodeSkanner",
"rules": [
{
"id": "C1729",
"name": "C1729 name",
"fullDescription": {
"text": "This is a simple warning."
},
"helpUri": "https://example.com/rules/C1729"
},
{
"id": "C1023",
"name": "C1023 name",
"fullDescription": {
"text": "This is a pathy warning."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://example.com/rules/C1023"
}
]
}
},
"artifacts": [
{
"location": {
"uri": "hello.c"
},
"mimeType": "text/c"
}
],
"results": [
{
"ruleId": "C1023",
"ruleIndex": 1,
"message": {
"text": "end point."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"index": 0
},
"region": {
"startLine": 10,
"startColumn": 5,
"endLine": 10,
"endColumn": 6
}
}
}
],
"codeFlows": [
{
"threadFlows": [
{
"locations": [
{
"location": {
"physicalLocation": {
"artifactLocation": {
"index": 0
},
"region": {
"startLine": 16,
"startColumn": 5,
"endLine": 16,
"endColumn": 6
}
},
"message": {
"text": "First point; essential."
}
},
"importance": "essential"
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"index": 0
},
"region": {
"startLine": 19,
"startColumn": 5,
"endLine": 19,
"endColumn": 9
}
},
"message": {
"text": "Second point in flow: important."
}
},
"importance": "essential"
}
]
}
]
}
]
},
{
"ruleId": "C1729",
"ruleIndex": 0,
"message": {
"text": "This is a violation of C1729."
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"index": 0
},
"region": {
"startLine": 4
}
}
}
],
"hostedViewerUri": "https://example.com/search?q=1729"
}
],
"columnKind": "utf16CodeUnits"
}
]
}
To report problems with this documentation, please visit https://support.codesecure.com/.