JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.0p0 Hot Tips | CONFIDENTIAL | CodeSecure Inc |
This tutorial illustrates the use of the CodeSonar Python API to construct custom plug-ins for CodeSonar.
Note: Depending on the hub configuration, you may be prompted for hub user account credentials to authenticate and authorize codesonar build and codesonar analyze commands. See Hub Authentication: Authenticated codesonar Subcommands for more information.
CodeSonar SaaS Note: If you want to use your own custom plug-ins with CodeSonar SaaS, contact CodeSecure support for assistance. The installation instructions provided in this page are not sufficient to make plug-ins available to SaaS analyses.
The plug-in for Part One implements a check for variable names containing upper case characters. There are three important elements in the plug-in:
Parts of file UCvar_plugin.py are reproduced below.
# # Copyright (c) 2023, an unpublished work by CodeSecure, Inc. # ALL RIGHTS RESERVED # # Copyright (c) 2017-2023, an unpublished work by GrammaTech, Inc. # ALL RIGHTS RESERVED # # This software is furnished under a license and may be used and # copied only in accordance with the terms of such license and the # inclusion of the above copyright notice. This software or any # other copies thereof may not be provided or otherwise made # available to any other person. Title to and ownership of the # software is retained by CodeSecure, Inc. # # UCvar_plugin.py # # a small example plugin that reports declarations for variables # whose names contain upper case characters import cs # The plug-in defines a new warning class to go with its new check. We # do not associate any CodeSonar mnemonics or CWE identifiers with the # new class, as none are appropriate. The new warning class must be # created in the top level scope. upvar_wc = cs.analysis.create_warningclass( 'Variable name has upper case characters', '', 1.0, cs.warningclass_flags.PADDING, cs.warning_significance.STYLE ) # Visitors should be at the finest granularity that is appropriate # for the check. This plug-in is checking a property of variable # names, so we define a visitor that operates on symbols. @cs.symbol_visitor # \visitor decorator \ def check_var_case(sym): nm = sym.name() # cs.symbol.name() # If there are one or more upper case characters and the variable # is declared in user code, issue a warning and return. if nm != nm.lower(): try: (symfi,symline) = sym.file_line() # cs.symbol.file_line() except cs.result as r: # If no position, do not report warning. Raise any other errors. if r != cs.result.NO_POSITION: raise else: if not symfi.is_system_include(): # cs.sfileinst.is_system_include() upvar_wc.report(symfi, # cs.warningclass.report() symline, 'Variable name %s has upper case character'%nm)
Install the plug-in:
We have provided an extremely short example program to exercise the plug-in. You can also try building other programs into CodeSonar projects to see how many variables they contain whose names include upper case letters.
| with cl: |
codesonar analyze testvar host:port cl /c
testvar.c
|
|---|---|
| with gcc: |
codesonar analyze testvar host:port gcc -c
testvar.c
|
Note that procedure names are not associated with the warnings. This is because we issued the warnings with the warningclass.report() form for reporting a warning with a location, which does not report a procedure name (because, among other reasons, a line may contain multiple procedures).
If you don't want to be warned in future about variable names containing upper case letters:
(If you used an alternative location, remove the associated PLUGINS configuration file setting).
The plug-in for Part Two implements a check for mismatched parentheses in the output of a program. This involves setting up a step visitor to ensure that the control-flow paths in the program involve properly balanced calls to the procedures that write opening and closing parentheses.
callseq_plugin.py contains comments describing the various elements of the plug-in. See these comments for details.
Install the plug-in:
We have provided an extremely short example program to exercise the plug-in.
| with cl: |
codesonar analyze callseq host:port cl /c
callseq_sample.c
|
|---|---|
| with gcc: |
codesonar analyze callseq host:port gcc -c
callseq_sample.c
|
If you don't want to use this plug-in in future:
(If you used an alternative location, remove the associated PLUGINS configuration file setting).
General Information:
| Visitors | Plug-ins are based on visitors, which specify actions to be carried out on elements of the CodeSonar internal representation (IR) at various stages of the analysis. |
|---|---|
| Writing Plug-Ins | General information about creating plug-ins to attach custom functionality to the CodeSonar analysis. |
| Plug-In Tutorial | Two annotated example plug-ins (each provided in all API languages), with building and installation instructions. |
| AST API Tutorial | The AST API tutorial (provided in all API languages) also uses plug-ins. |
Additional sample plugins can be found at $CSONAR/codesonar/plugins/*.py where $CSONAR is your CodeSonar installation directory.
Specific API Language:
| Plug-In Guidelines | Key API References | |
|---|---|---|
| C++ | Writing C++ Plug-Ins | classes analysis, visitor, warningclass, project_metricclass, compunit_metricclass, sfile_metricclass, procedure_metricclass. |
| Python | Writing Python Plug-Ins | Visitor decorators, Metric decorators; classes analysis, warningclass, project_metricclass, compunit_metricclass, sfile_metricclass, procedure_metricclass. |
| C | Writing C Plug-Ins | CodeSonar Plug-In API: C Functions and Types for Visitors, Warnings, and Metrics |