ebook img

HP Fortify Static Code Analyzer User Guide PDF

136 Pages·2015·1.02 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview HP Fortify Static Code Analyzer User Guide

HP Fortify Static Code Analyzer Software Version:4.40 User Guide DocumentReleaseDate:November2015 SoftwareReleaseDate:November2015 UserGuide LegalNotices Warranty TheonlywarrantiesforHPproductsandservicesaresetforthintheexpresswarrantystatements accompanyingsuchproductsandservices.Nothinghereinshouldbeconstruedasconstitutingan additionalwarranty.HPshallnotbeliablefortechnicaloreditorialerrorsoromissionscontainedherein. Theinformationcontainedhereinissubjecttochangewithoutnotice. RestrictedRightsLegend Confidentialcomputersoftware.ValidlicensefromHPrequiredforpossession,useorcopying.Consistent withFAR12.211and12.212,CommercialComputerSoftware,ComputerSoftwareDocumentation,and TechnicalDataforCommercialItemsarelicensedtotheU.S.Governmentundervendor'sstandard commerciallicense. Thesoftwareisrestrictedtousesolelyforthepurposeofscanningsoftwareforsecurityvulnerabilitiesthatis (i)ownedbyyou;(ii)forwhichyouhaveavalidlicensetouse;or(iii)withtheexplicitconsentoftheownerof thesoftwaretobescanned,andmaynotbeusedforanyotherpurpose. Youshallnotinstallorusethesoftwareonanythirdpartyorshared(hosted)serverwithoutexplicitconsent fromthethirdparty. CopyrightNotice ©Copyright2003-2015 HewlettPackardEnterpriseDevelopmentLP DocumentationUpdates Thetitlepageofthisdocumentcontainsthefollowingidentifyinginformation: SoftwareVersionnumber l DocumentReleaseDate,whichchangeseachtimethedocumentisupdated l SoftwareReleaseDate,whichindicatesthereleasedateofthisversionofthesoftware l Tocheckforrecentupdatesortoverifythatyouareusingthemostrecenteditionofadocument,goto: https://protect724.hp.com/welcome Youwillreceiveupdatedorneweditionsifyousubscribetotheappropriateproductsupportservice.Contact yourHPsalesrepresentativefordetails. HPFortifyStaticCodeAnalyzer(4.40) Page2of136 UserGuide Contents Preface 9 ContactingHP FortifySupport 9 ForMoreInformation 9 AbouttheHP FortifySoftwareSecurityCenterDocumentationSet 9 Change Log 10 Chapter1:Introduction 11 AbouttheHPFortifySoftwareSecurityCenterComponents 11 AboutHPFortifyStaticCodeAnalyzer 11 AboutAnalyzers 12 AboutHP FortifyCloudScan 13 AbouttheHP FortifyScanWizard 14 RelatedDocuments 14 Chapter2:AnalysisProcessOverview 15 AbouttheAnalysisProcess 15 AbouttheTranslationPhase 16 AboutSCAMobileBuildSessions 16 CreatingaMobileBuildSession 17 ImportingaMobileBuildSession 17 AbouttheAnalysisPhase 17 AboutMemoryConsiderations 18 AboutParallelAnalysis 18 AboutVerificationoftheTranslationandAnalysisPhase 18 Chapter3:Translating Java Code 20 JavaCommand-LineSyntax 20 Java/J2EEOptions 21 JavaCommand-LineExamples 22 IntegratingwithAntusingtheSCACompilerAdapter 22 HandlingResolutionWarnings 23 JavaWarnings 23 HPFortifyStaticCodeAnalyzer(4.40) Page3of136 UserGuide UsingFindBugs 23 TranslatingJ2EEApplications 24 PrerequisiteforTranslatingCodeUsingLegacyVersionsoftheJ2EESDK 25 TranslatingtheJavaFiles 25 TranslatingJSPProjects,ConfigurationFiles,andDeploymentDescriptors 26 J2EEWarnings 26 TranslatingJavaBytecode 26 Chapter4:Translating .NET Code 28 AboutTranslating.NETCode 28 .NETCommand-LineSyntax 28 .NETCommand-LineOptions 29 TranslatingSimple.NETApplications 29 TranslatingASP.NET1.1(VisualStudioVersion2003)Projects 30 HandlingResolutionWarnings 31 About.NETWarnings 31 AboutASP.NETWarnings 32 Chapter5:Translating C and C++Code 33 CandC++Command-LineSyntax 33 BuildIntegration 34 ModifyingaBuildScripttoInvokeSCA 35 TouchlessBuildIntegration 35 ScanningPre-processedCandC++Code 36 Chapter6:Translating ABAP Code 37 AboutTranslatingABAPCode 37 AboutScanningABAPCode 37 AboutINCLUDEProcessing 38 ImportingtheHPFortifyABAPExtractorTransportRequest 38 AddingSCAtoYourFavoritesList 39 RunningtheHPFortifyABAPExtractor 40 Chapter7:Translating RubyCode 43 RubyCommand-LineSyntax 43 RubyOptions 43 AddingLibraries 44 AddingMultipleLibraryPaths 44 HPFortifyStaticCodeAnalyzer(4.40) Page4of136 UserGuide AddingGemPaths 44 Chapter8:Translating Flexand ActionScript 45 ActionScriptCommand-LineSyntax 45 FlexandActionScriptCommand-LineOptions 45 ActionScriptCommand-LineExamples 46 AboutHandlingResolutionWarnings 47 AboutActionScriptWarnings 47 Chapter9:Translating Code forMobile Platforms 48 AboutTranslatingObjective-C++Code 48 Prerequisites 48 Objective-C++Command-LineSyntax 48 XcodeCompilerErrors 49 AboutTranslatingGoogleAndroidCode 49 Chapter9:Translating COBOL Code 50 PreparingCOBOLSourceFilesforTranslation 50 COBOLCommand-LineSyntax 51 AboutAuditingCOBOLScans 52 Chapter10:Translating OtherLanguages 53 AboutTranslatingPythonCode 53 PythonCommand-LineOptions 54 AboutTranslatingColdFusionCode 54 ColdFusionCommand-LineSyntax 54 ColdFusionOptions 55 AboutTranslatingSQL 55 PL/SQLCommand-LineExample 55 T-SQLCommand-LineExample 56 AboutTranslatingASP/VBScriptVirtualRoots 56 ClassicASPCommand-LineExample 58 JavaScriptCommand-LineExample 58 VBScriptCommand-LineExample 58 PHPCommand-LineExample 58 Chapter11:Command-Line Utilities 59 AboutSCAUtilities 59 HPFortifyStaticCodeAnalyzer(4.40) Page5of136 UserGuide OtherCommand-LineUtilities 60 PrecompilingMSVisualStudio2003ASP.NETPages 60 CheckingtheSCAScanStatus 61 SCAStateUtilityOptions 61 AboutWorkingwithFPRFiles 63 MergingFPRFiles 63 DisplayingAnalysisResultsforanFPRFile 64 MigratingAuditDatafromPreviousFPRVersions 66 ExtractingaSourceArchivefromanFPRFile 67 AboutGeneratingReports 68 GeneratingaBIRTReport 68 GeneratingaLegacyReport 70 AboutUpdatingSecurityContent 71 UpdatingSecurityContent 71 Chapter12:Troubleshooting and Support 73 UsingtheLogFiletoDebugProblems 73 AbouttheTranslationFailedMessage 73 AboutJSPTranslationProblems 74 AboutC/C++PrecompiledHeaderFiles 74 ReportingBugsandRequestingEnhancements 75 AppendixA:Command-Line Interface 76 OutputOptions 76 TranslationOptions 77 AnalysisOptions 78 Directives 79 OtherOptions 80 SpecifyingFiles 81 AppendixB:Parallel AnalysisMode 82 AboutParallelAnalysisMode 82 HardwareRequirements 82 ConfiguringParallelAnalysisMode 82 RunninginParallelAnalysisMode 83 AppendixC:Using the SourceanalyzerAntTask 84 AbouttheSourceanalyzerAntTask 84 HPFortifyStaticCodeAnalyzer(4.40) Page6of136 UserGuide UsingtheSourceanalyzerAntTask 84 AntProperties 86 SourceanalyzerTaskOptions 86 AppendixD:Filtering the Analysis 90 AboutFilterFiles 90 FilterFileExample 90 AppendixE:MSBuild Integration 93 SetupforMSBuildIntegration 93 SettingWindowsEnvironmentVariablesforTouchlessIntegrationofSCA 93 AddingCustomTaskstoyourMSBuildProject 94 AddingFortify.TranslateTask 96 AddingFortify.ScanTask 96 AddingFortify.CleanTask 97 AddingFortify.SSCTask 97 AddingFortify.CloudScanTask 98 AppendixF:Maven Integration 99 AbouttheMavenPlugin 99 InstallingtheMavenPlugin 100 TestingtheMavenPlugin 100 UpdatingtheMavenPlugin 101 UsingtheMavenPlugin 101 ExcludingFilesfromtheScan 103 UninstallingtheMavenPlugin 103 AdditionalDocumentation 103 AppendixG:HP FortifyScan Wizard 104 AboutHP FortifyScanWizard 104 StartingtheHP FortifyScanWizard 105 StartingScanWizardonaSystemwithSCAandApplicationsInstalled 105 StartingHP FortifyScanWizardasaStand-AloneUtility 106 AppendixH:Sample Files 107 AbouttheSampleFiles 107 BasicSamples 107 AdvancedSamples 109 HPFortifyStaticCodeAnalyzer(4.40) Page7of136 UserGuide AppendixI:Issue Tuning 111 WrapperDetection 111 InterproceduralConstantPropagation 112 SelectiveMapOperationTracking 112 AppendixJ:Configuration Options 113 AboutHPFortifyStaticCodeAnalyzerPropertiesFiles 113 PropertiesFileFormat 113 PrecedenceofSettingProperties 114 fortify-sca.properties 115 fortify-sca-quickscan.properties 132 Send Documentation Feedback 136 HPFortifyStaticCodeAnalyzer(4.40) Page8of136 UserGuide Preface Preface Contacting HP Fortify Support Ifyouhavequestionsorcommentsaboutusingthisproduct,contactHP FortifyTechnicalSupport usingoneofthefollowingoptions. ToManageYourSupportCases, AcquireLicenses, andManageYourAccount https://support.fortify.com ToEmail Support [email protected] ToCall Support 650.735.2215 For More Information FormoreinformationonHP EnterpriseSecuritySoftwareproducts: http://www.hpenterprisesecurity.com About the HP Fortify Software Security Center Documentation Set TheHP FortifySoftwareSecurityCenterdocumentationsetcontainsinstallation,user,and deploymentguidesforallHP FortifySoftwareSecurityCenterproductsandcomponents.Inaddition, youwillfindtechnicalnotesandreleasenotesthatdescribenewfeatures,knownissues,andlast- minuteupdates.Youcanaccessthelatestversionsofthesedocumentsfromthefollowing HP ESP usercommunityProtect724website: https://protect724.hp.com/welcome Youwillneedtoregisterforanaccount. HPFortifyStaticCodeAnalyzer(4.40) Page9of136 UserGuide ChangeLog Change Log Thefollowingtablelistschangesmadetothisguide. Software Release-Version Change 4.40-01 Added: "Command-LineUtilities"onpage59(wasaseparateuserguide) l "HP FortifyScanWizard"onpage104(wasaseparateTechnicalNote) l "GeneratingaBIRTReport"onpage68command-lineutility l Updated: "MavenIntegration"onpage99 l "TranslatingJavaBytecode"onpage26 l "SCAStateUtilityOptions"onpage61 l "ConfigurationOptions"onpage113 l Removed:"AboutCommandLineBuildsinVisualStudio6.0"(nolonger supported) 4.30-01 Updated: "ConfigurationOptions"onpage113 l Pythoninformation l "Translating.NETCode"onpage28withsupportforVisualStudio2015 l iOSscanninginformationin"TranslatingCodeforMobilePlatforms"onpage l 48 Added:SectiononJavaBytecodein"TranslatingJavaCode"onpage20 4.21-02 Removed:BuildMonitor(deprecated) 4.21-01 Added:"TranslatingRubyCode"onpage43 Updated:"TranslatingABAPCode"onpage37 HPFortifyStaticCodeAnalyzer(4.40) Page10of136

Description:
About the HP Fortify Software Security Center Documentation Set. 9 Precompiling MS Visual Studio 2003 ASP Removed: "About Command Line Builds in Visual Studio 6.0" (no longer The installation process downloads and updates the HP Fortify security content .. Visual Studio 2012: 11.0. ○.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.