How to exclude files and folders when using Fortify with MSBuild - fortify

I "translate" my sources with msbuild using the following command:
sourceanalyzer -b sample -exclude "**/*.xml" "**/Test/**" msbuild sample.sln /maxcpucount:1
After this is done I analyze the source with:
sourceanalyzer -b sample -scan -f result.fpr
The sample.sln solution contains a lot of test projects too. Those projects produce a lot of findings I’m not interested in. How can I exclude those projects? They are all in "Test" sub folders. I’ve tried the –exclude switch with no luck. I guess it is ignored when building with msbuild.
The analyzer also produces findings for xml files which comes with 3rd party libraries. This is interesting but I do not want to have them in my report. The exclude does also not work here.

here is the official Fortify documentation (from version 17.10):
File specifiers are expressions that allow you to pass a long list of files to Fortify Static Code Analyzer using wild card characters. Fortify Static Code Analyzer recognizes two types of wild card characters: a single asterisk character () matches part of a file name, and double asterisk characters (**) recursively matches directories. You can specify one or more files, one or more file specifiers, or a combination of files and file specifiers.*
<files> | <file specifiers>
The following table describes the different file specifiers forms:
dirname : All files found in the named directory or any subdirectories.
dirname/**/Example.java: Any file named Example.java found in the named directory or any subdirectories.
dirname/*.java: Any file with the extension .java found in the named directory.
dirname/**/*.java: Any file with the extension .java found in the named directory or any subdirectories.
/**/*: All files found in the named directory or any subdirectories (same as ).
Note: Windows and many Unix shells automatically expand parameters that contain the asterisk character (), so you must enclose file-specifier expressions in quotes. Also, on Windows, you can use the backslash character () as the directory separator instead of the forward slash (/).*
File specifiers do not apply to C, C++, or Objective-C++ languages.
According to the above documentation, you would have to pass all "Test" subfolders paths:
-exclude path1/**/*|path2/**/*|etc..
but the last documentation line is saying that it will not be supported in C/C++/ObjectiveC++.

Related

In Delphi is it possible to use enviroment variables in include statement?

I need to include StyleUtils.inc and StyleAPI.inc in my source file, but I don't want to copy the files to my project folder, or reference the files directly, as the contents and location could change on newer versions of Delphi, although I can see the files under C:\Program Files (x86)\Embarcadero\Studio\22.0\source\vcl.
The BDS environment variable points to C:\Program Files (x86)\Embarcadero\Studio\22.0, so I was wanting to include the files as below, but I have tried escaping with $(), ${}, %%, but the variable is not being referenced.
{$I $(BDS)\Source\Vcl\StyleUtils.inc}
No, you cannot use environment variables in {$I} directive. What you need to do instead is use a relative path in the directive, and then specify the root folder in the project's Search path configuration, per the documentation:
https://docwiki.embarcadero.com/RADStudio/en/Include_file_(Delphi)
If the filename does not specify a directory path, then, in addition to searching for the file in the same directory as the current module, Delphi searches in the directories specified in the Search path input box on the Delphi Compiler page of the Project > Options dialog box (or in the directories specified in a -I option on the command line compiler).

Should I add src/MAlonzo to .gitignore?

Compiling my Agda code results in a src/MAlonzo directory being created. (Where src/MyProject is where my Agda code lives.) It contains a bunch of .hs (Haskell) and .o (object) files.
Is there anything in this directory that I should commit, or do people typically add /src/MAlonzo to their .gitignore?
I'm asking because I'm surprised that build artifacts are being put in the src directory instead of the _build directory. I wonder if there's a reason for that.
Yes. MAlonzo is the GHC backend used for compiling and running Agda programs. Everything there is automatically generated from your Agda source files.

How to run QAC tool from command line?

I have a C project and I would like to run QAC tool v7.0 from command line. I tried the following option,
C:\qac.exe -via <project_name.prj>
However, when I run the above command. I get an error saying the "VersionTag" is not found. The "VersionTag" string is the first line in the .prj file. I am not sure this is the right way to run this tool. Any help appreciated.
The qac -help is not giving valuable information either. The tool version is pretty old and the company 'Programming Research' behind this tool also has been renamed? to Perforce. They do not have any information about command line invocation either from the existing documentation or webpage.
The QAC utility is the "engine" part of the QAC package, corresponding to a compiler.
It won't be happy being run on command line without a number of environment variables:
QACBIN must point to the bin directory of the QAC package installation;
QACHELPFILES must point to the location of message help files;
QACOUTPUT points to the location where output files will be generated (binary .err file for each source file and textual .met file containing semantic and metric information.
The -via parameter to the command line should point at a text file containing other parameters used by the utility.
The .prj file is a package-level file defining the location of C source files being analysed plus their configuration settings files, among other things. It definitely should not be passed directly as a parameter to the QAC utility.
This should get you started, and other questions need to be more specific.

What are different among various dot nix files?

I am new to nixos, this is my understanding about configurations
Configuration files created by installer
/etc/nixos/configuration.nix :: The central point of system description used by nixos-rebuild
/etc/nixos/hardware-configuration.nix :: to be include in above configuration.nix
Configuration files for packages
<package>.nix on nixpkgs github :: configuration for each module (options are searchable on nixos package page)
These are what I do not fully understand
defatult.nix (any where in filesystem) :: for nix-shell like .bashrc
~/.nixpkgs/config.nix :: nix-env overrided configuration for each users
~/.config/<various>.nix :: ?? no idea
Am I understand it right?
Where can I find more information on these configuration files?
You don't call all of these files configuration files. E.g. the <package>.nix files are rather called derivations. What all these files share is the language in which they are written.
/etc/nixos/configuration.nix is indeed where you configure your system and ~/.nixpkgs/config.nix where you configure nix-env.
default.nix doesn't mean anything in particular except that this is the default file that it selected by the commands nix-build and nix-shell when you give them a directory as argument instead of a specific file. Note e.g. that the nixpkgs collection (on GitHub like you noticed already) contains a lot of such default.nix files.
To understand all of this better I advise you to read Nix-pills (that's a long series but it's worth it) and of course the NixOS, Nix and nixpkgs manuals.

Adding a new build rule to parse all rtf files

Xcode includes a flexible build rules system. The documentation is all but non-existant however.
A project I am working on for iOS 5 and iOS 6 includes an rtf help file. For iOS 6, I can convert the rtf file into an archived NSAttributedString object, then load that at runtimeand display it directly to a UITextView. For iOS 5, I can't (without a lot of work in Core Text...) so I want just the text without the style info.
I wrote a command line tool, RTFToData that takes an RTF file as input and generates a .txt file and a .data file (where the .data file contains a version of the styled text that my project knows how to use.)
Here is the syntax of my command line tool:
RTFToData [-o] source_path [destination_path]
-o (optional) overwite existing files
source_path (required) path to source RTF file (must have extension "rtf" or "RTF"
destination_directory (optional.) writes output files to source file directory if no destination specified
destination_directory must exist if specified.
I want to set up my project so that I can add .rtf files as sources (with the "add to target" checkbox NOT checked.) I want Xcode to run my RTFToData command on each file specifying that the output files should be copied into a directory and then added to the target.
Ideally, I'd like the build process to know about the dependencies between my source .rtf files and the processed .data and .txt files. If I touch a .rtf file, I'd like the build process to re-run the rtftodata command.
I am a makefile and unix scripting neophyte. I THINK I can use a run script build rule that will do this, but I am unclear on how. I guess I need to write a script that finds all files of type ".rtf", pipes that list of files into an invocation of my RTFToData.
Can somebody outline the steps I need to take in the Xcode IDE to make my project handle this smoothly?
As a side-note, is there some directory where you can put command line tools so they are available to the current version of Xcode? So far I've been installing the RTFToData command in /Library/usr/bin, but I'd really like the build tool to be included in the project, or at the very least, not have to use sudo to set up every development machine that is used to build this project.
Create a custom build phase
Add the .rtf files to your project and make sure they are added to your target.
Go to your target settings and select the "Build Rules" tab:
Click the "Add Build Rule" button at the bottom.
You want to configure your rule based on something like this:
Enter a standard wildcard glob for the files you want to match (*.rtf).
Inside the script section you can make use of a number of environment variables. Assuming your glob has matched the input file Test.rtf you have access to these vars:
INPUT_FILE_PATH = /path/to/your/project/source/Test.rtf
INPUT_FILE_NAME = Test.rtf
INPUT_FILE_BASE = Test
INPUT_FILE_SUFFIX = .rtf
INPUT_FILE_DIR = /path/to/your/project/source/
You want to process your file and send it to the ${DERIVED_FILES_DIR} directory with whatever new filename or extension you need. In this case we take the base filename from the input and give it a new extension.
Fill out the "Output Files" section with the same output file you used in the script. This will ensure the dependency system works and that the file will be copied to your .app. The script will only be run if the input has changed or the output file is missing from the .app.
Note that the "Output Files" should not have double quotes. The paths will be quoted for you by Xcode.
If your script generates multiple output files, add extra entries for those as well.
Once this is all set up, .rtf files added to your target will be converted to whatever output files your script generates. The original .rtf files will not exist in the final .app.
Where to put scripts/programs
As a side-note, is there some directory where you can put command line
tools so they are available to the current version of Xcode?
Put your tools somewhere below the directory that contains your .xcproject. Then from your build phase/rules use the ${SRCROOT} environment variable, which is the directory containing your project:
Assuming this file system layout:
/path/to/project/project.xcodeproj
/path/to/project/Tools/CommandLineTool
Use this in your build phase/rules:
"${SRCROOT}/Tools/CommandLineTool" "${INPUT_FILE_PATH}" ...
Remember to use double-quotes everywhere you can!

Resources