Task: Delete an Analysis with a Python Script

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

Task: Delete an Analysis with a Python Script

You can use a script to delete an existing analysis from the command line.

Removing an analysis removes some, but not all, of the information associated with the analysis:

The analysis description and other analysis summary information.
The warning instances issued by the analysis, but not user annotations or notes on the warnings. This means that if new instances of the same warnings are issued by a future analysis, the user annotations and notes will be applied to those new instances.
All file instances belonging to the analysis.

You might want to remove an analysis if:

It is very old and no longer conveys any useful information.
The analysis process has stalled for some reason and you want to try again.
It is an exact duplicate of another analysis of the same project (for example, if two users analyzed the same version of the project and sent results to the same hub).

This task provides a Python script for deleting a specified analysis, along with some suggestions for modifying the script to suit your needs.

For other scripting options, see:

Note: The Python script in this task is structured to be as similar as possible to those in the other download script tasks listed above.

Some Python-specific script authoring notes are provided below.
For a more 'Pythonic' download script example, see getlogs.py

Permissions Required
Other Requirements
The Deletion Script
Using the Script
Modifying the Script
Writing Other Scripts
Running Scripts Automatically
Links

Permissions Required

The script requires that special user Anonymous has the following permissions for the analysis A of interest and the analyzed project P.

See Modifying the Script for information on modifying the script to specify credentials for a non-Anonymous user with the required permissions.

Other Requirements

The example script imports standard Python modules argparse, os, re, and subprocess.

You will need a Python installation to run the script. If you do not have a local installation, you can use the cspython shipped with CodeSonar:

Make sure that $CSONAR/codesonar/bin is in your PATH, where $CSONAR is the CodeSonar installation directory.
To run the script, invoke Python with cspython (rather than python as in the examples below).

Use the cURL shipped with CodeSonar: $CSONAR/third-party/curl/inst/bin/curl, where $CSONAR is the CodeSonar installation directory. Either:

add $CSONAR/third-party/curl/inst/bin/ to the front of your PATH,
or
edit the script so that the setting of curl_cmd specifies the full path to $CSONAR/third-party/curl/inst/bin/curl.

The Deletion Script

The following script will delete

the analysis whose analysis ID matches the second argument passed to the script,
on the hub specified in the first argument to the script.

import argparse
import subprocess
import os
import re

# Delete the specified analysis from the specified hub.
def del_analysis(hubaddr, analysis_id):
    curl_cmd = ['curl']

    def check_page(url):
        args = ['-o', os.devnull, '-w', '%{http_code}', url]
        http_code = subprocess.check_output(curl_cmd + args)
        return (int(http_code.strip())==200)

    analysis_html_url = f'{hubaddr}/analysis/{analysis_id}.html'

    # The relative URL to POST to is shown in the "action" attribute
    # of the "remove_analysis_form" form: extract it from there.
    analysis_dl = subprocess.Popen(curl_cmd + [analysis_html_url],
                                   stdout=subprocess.PIPE)
    analysis_page = analysis_dl.communicate()[0].decode()

    projpage_match = re.search(r'<form\s+name="remove_analysis_form"\s+method="POST"\s+action="([^"]*)">',
                               analysis_page)
    if projpage_match is None:
        print('Could not get analysis page', analysis_html_url)
        print('This is probably because of one of the following:')
        print('- you do not have ANALYSIS_READ permission for the analysis, or')
        print('- there is no such analysis.')
        exit(1)

    project_html_url = f'{hubaddr}{projpage_match.group(1)}'
    # Make sure the Project page is accessible, otherwise there is no
    # point trying to POST to it.
    if not check_page(project_html_url):
        print('Could not get project page', project_html_url)
        print('Make sure you have PROJECT_READ permission for this project.')
        exit(1)

    delete_args = ['-L',
                   '--cookie-jar','cookies.txt',
                   '-d', f'remove_analysis_id={analysis_id}',
                   project_html_url]
    subprocess.check_call(curl_cmd + delete_args)

    if check_page(analysis_html_url):
        print('Could not delete analysis', analysis_id)
        print('Make sure you have ANALYSIS_DELETE permission for the analysis.')
        exit(1)


# Set up.
def go():
    parser = argparse.ArgumentParser(
        description=('Delete an analysis from a CodeSonar hub,'
                     + 'as specified by the command-line arguments.'))
        
    parser.add_argument("hub",
                        help="The hub URL.")
    parser.add_argument("aid",
                        help="The analysis ID for the analysis to delete.")
    args = parser.parse_args()

    allargs = (args.hub, args.aid)
    if not any([a is None for a in allargs]):
        del_analysis(*allargs)

go()

This Python script uses an HTTP POST request to perform the deletion: the POST request is for the Project page for the analyzed project, and must specify remove_analysis_id=aid, where aid is the analysis ID of the analysis to be deleted. It outputs the HTML landing page that reports successful deletion.

The hub functionality for deleting an analysis entails several HTTP redirects across a single session. When you are using an anonymous session, as here, it must be tracked using cookies. The script uses cURL options to ensure that the redirects and cookies are properly accounted for:

-L instructs cURL to follow redirects.
--cookie-jar cookies.txt instructs cURL to use local file cookies.txt to manage any cookies involved in completing the command.
File cookies.txt will be created in your working directory, if it does not already exist.

Inspect the HTML source for an Analysis page to see the remove_analysis_form form and how its components correspond to the HTTP POST request constructed by the script.

Using the Script

To use this script with your hub, do the following.

Copy delete_analysis.py to a suitable directory. The remainder of these instructions will refer to this directory as rundir.
Make sure you have full file permissions in rundir, and that using file rundir/cookies.txt to manage cookies for this task will not cause conflicts with other uses of rundir. If there is a problem, either:
- select a different rundir, or
- edit the script to specify a different file name with --cookie-jar.

Run the script:

cd rundir
python delete_analysis.py protocol://host:port aid

where

protocol	is the protocol for your hub: http or https.
host:port	is the location of your hub.
aid	is the analysis ID for the analysis that you wish to delete. You can find the analysis ID: in the URL specified at the end build/analysis command output, which will be of the form http://hub_location/analysis/analysis_id.html, or by running the following command, where path/to/projname.prj_files/ is the analysis directory codesonar analysis_id.py path/to/projname.prj_files/ or in file path/to/projname.prj_files/aid.txt, where path/to/projname.prj_files/ is the analysis directory, or in the Analysis Details section of the corresponding Analysis page.

The script will output information about its progress.

Open the analysis page protocol://host:port/analysis/aid.html in your web browser to confirm that the analysis is no longer available.

Invocation Example

Using the hub at http://[::1]:7341, delete the analysis with ID 3:

python delete_analysis.py http://[::1]:7341 3

Troubleshooting

Get more verbose output	For more verbose curl output, edit delete_analysis.py so that curl is invoked with the -v flag. For example: curl_cmd=['curl', '-v']
No files downloaded	If there is no HTML output, this indicates that cURL did not download anything. This can occur if you have an HTTPS-enabled hub with a self-signed hub server certificate. To instruct curl to accept self-signed certificates, edit delete_analysis.py so that curl is invoked with the -k flag. For example: curl_cmd=['curl', '-k']
Downloaded files contain "Permission Denied" messages	If there is an output HTML file but it contains a "Permission Denied" message rather than a page reporting successful deletion, this indicates that Anonymous does not have the required permissions. You will need to specify credentials for a user with these permissions.

Modifying the Script

You may wish to make one or more of the following modifications.

Stop printing the resulting HTML file to output
Read analysis ID from analysis directory
Provide credentials for a non-Anonymous user

Stop printing the resulting HTML file to output

If you don't want to see the final HTML file notifying you of successful deletion as part of your script's output, you can redirect it to the null location by modifying your curl command. Note that if you make further changes that you need to debug later, you may wish to lift this suppression at least temporarily.

Edit delete_analysis.py to add the -o flag with a suitable value to the definition of delete_args:

delete_args = ['-o', os.devnull,
               '-L',              
               '--cookie-jar', 'cookies.txt',
               '-d', f'remove_analysis_id={analysis_id}',
               project_html_url]

Read analysis ID from analysis directory

Instead of specifying the analysis ID on the command line, you can change the script to read the analysis directory from the command line and then read the most recent analysis ID from the analysis directory.

In function go(), replace line

parser.add_argument("aid", help="The analysis ID for the analysis to delete.")

with a line adding an adir argument.

parser.add_argument("adir", help="The analysis .prj_files directory.")

In function go(), change the definition of allargs to:
```
allargs = (args.hub, args.adir)
```

Modify the del_analysis() function header, and add two new lines to the very beginning of the function definition.

def del_analysis(hubaddr, analysis_dir):
    with open(os.path.join(analysis_dir,'aid.txt'),'r') as aidfile:
        analysis_id=aidfile.read()

When you invoke the script, specify the analysis directory as the second argument.
For example: using the hub at http://[::1]:7341, delete the analysis whose analysis directory is /myprojects/projectX.prj_files/.

python delete_analysis.py http://[::1]:7341 /myprojects/projectX.prj_files/

Provide credentials for a non-Anonymous user

If your hub is configured so that special user Anonymous does not have the required permissions, you will need to edit the script to submit credentials for a suitable hub user account.

We recommend using bearer authentication. Alternative mechanisms are described in the table below.

For bearer authentication, do the following.

If you do not already have a suitable session and bearer token to use, generate them now.
1. Navigate to the User Sessions page for your selected hub user account.
2. Use the Create Session form to create a new session with a suitably long Expires setting.
  When you click Create Session, the page will be reloaded and the Bearer Token for your new session will be displayed at the top of the page.
  IMPORTANT: Make a note of the Bearer Token now. Once you refresh or navigate away from this page there will be no further opportunity to view the token.
3. Save the bearer token to a file. The remainder of these instructions will refer to this file as path/to/bearerfile.
Edit delete_analysis.py to add the following setting before the curl_cmd setting.
```
with open('path/to/bearerfile','r') as bearerfile:
   bearer_token = bearerfile.read().strip()
```
where

path/to/bearerfile is the path to the file containing the bearer token you want to use.

path/to/bearerfile	is the path to the file containing the bearer token you want to use.

Edit delete_analysis.py to modify the setting of curl_cmd:

curl_cmd=['curl', '-H', f"Authorization: Bearer {bearer_token}"]

Edit delete_analysis.py to modify the setting of delete_args:
```
delete_args=['-L',
             '-d', f'remove_analysis_id={analysis_id}'
             project_html_url] 
```
Note that '--cookie-jar' and 'cookies.txt' have been removed: the HTTP redirects are all within the bearer session.

For more information about bearer authentication in CodeSonar, see User Sessions and Anonymous Sessions: Bearer Authentication.

If you don't want to use bearer authentication, you can choose one of the options from the following table.

Certificate

If the hub is configured for certificate-based authentication, you can edit the script to specify a suitable user certificate.

If the account does not already have a user certificate and key, generate them now.

Edit delete_analysis.py to add the following settings before the curl_cmd setting.

cert_path='path/to/usercert.pem'
key_path='path/to/certkey.pem'

where

path/to/usercert.pem	is the path to the hub user account's user certificate.
path/to/certkey.pem	is the path to the private key corresponding to the user certificate.

Edit delete_analysis.py to modify the setting of curl_cmd:

curl_cmd=['curl', '-k', 
          '-X', 'POST',
          '-d', '"sif_sign_in=yes&sif_use_tls=yes&sif_log_out_competitor=yes"',
          '--cert', cert_path,
          '--key', key_path]

Omit the -k argument if your hub's hub server certificate is not self-signed.

Hard-Coded Username/Password

If you will be running the Python script under secure conditions, you may be willing to specify the account username and password directly in the script invocation.

For example, if your hub location is http://[::1]:7340 and the hub user account has username jean and password xyz123, the first argument to the script would be http://jean:xyz123@[::1]:7340.

Example: Use the hub user account with username jean and password xyz123 to authorize deleting the analysis with ID 3 on the hub at http://[::1]:7340:

python delete_analysis.py http://jean:xyz123@[::1]:7340 3

Username and password must both be URL-encoded.

Username/Password: Other

See the curl man page for alternative username/password authentication mechanisms.

See CodeSonar HTTP API: Authentication for more information on authentication strategies.

Writing Other Scripts

You can follow the overall structure of this script to create Python scripts that download other kinds of file from the hub.

In general, the process for constructing a script will be along the following lines.

Determine the GUI page type you are interested in.
Look at the the GUI reference page for your required page type to determine the following information.
- The page's URL or URL scheme: use this to construct the URL or URLs for your script to download.
- The alternative page output formats that are available: if you want to process pages in one of these formats rather than HTML, check that your required format is available and construct the download URLs accordingly.
- The RBAC permissions required to access the page and its contents. If special user Anonymous does not have these permissions, the Python script will need to provide authentication credentials for a hub user account that has the permissions.
If your script will be carrying out a task that modifies the hub database (adding, deleting, or modifying elements), inspect the GUI page HTML to look at the <form ... > element that provides access to the functionality you are interested in. Your script will need to include an HTTP POST request (via curl or similar) that corresponds to the one issued when the form is submitted.
Make sure your Python script includes the following elements.
- One or more download URLs, or a mechanism for constructing them.
- Some way of handling the downloaded URLs: one of the following.
  - The location to which the URLs should be downloaded, or a way to obtain the location.
  - An explicit redirect to the null location.
  - No specific handling, so that the downloaded files are all part of the script output.
- A curl invocation that acts on the the URL or URLs.
See the troubleshooting notes above if you encounter problems.
The Python script in this task is structured to be as similar as possible to those in the .sh and .bat download script examples. You may prefer to do one or more of the following to take advantage of Python libraries.
- Download pages as XML, and parse with xml.etree.ElementTree to extract required information. Note, however, that there are some cases where information that can be extracted from in the HTML version of a given GUI page type is not present in the XML version. For example, the Project ID of the analyzed project can be extracted from an HTML Analysis page but not from the XML (or CSV, or JSON) version of the same page.
- Use subprocess.Popen() instead of subprocess.call() to let multiple fetches occur in parallel. This can provide significant improvements in running time if the script is fetching a large number of pages.
- Use one of the following instead of invoking curl with subprocess methods.
  - urllib2 (Python 2) / urllib (Python 3)
  - requests (not in the Standard Library)
  - PycURL (not in the Standard Library)
- Have the script URL-encode script arguments, rather than requiring that the user encode them. For example, you can use urllib.urlencode() (Python 2) / urllib.parse.urlencode() (Python 3).

Running Scripts Automatically

You can use your system tools to arrange for the Python script to be run automatically.

However, a more suitable approach in most automatic analysis deletion use cases is to use the analysis auto-deletion functionality provided by the hub. This section is provided for completeness only.

For example, if you are using cron, add the following line to your crontab to run delete_analysis.py at 2:05am every day, deleting the analysis on hub http://red:7341 whose analysis directory is /home/projectX.prj_files/.

5 2 * * * python /path/to/delete_analysis.py http://red:7341 `cat /home/projectX.prj_files/aid.txt`

Links

Note. This page contains references to HTTP API documentation, which is served directly by the hub and cannot be accessed via a file:// URL. For active HTTP API documentation links, start a hub (if one is not already running), then open the manual from the hub.

To report problems with this documentation, please visit https://support.codesecure.com/.