--- proj6.0p0.conf 2021-07-28 18:33:02.163230800 +1200 +++ proj6.1p0.conf 2021-07-28 18:33:05.502363100 +1200 @@ -1,7 +1,7 @@ # For emacs: -*- Shell-script -*- # ###################################################################### -# CodeSonar 6.0p0 Configuration File +# CodeSonar 6.1p0 Configuration File ###################################################################### # # CodeSonar will use preferences defined in this file when running @@ -14,9 +14,9 @@ # # # The file format is a sequence of lines of the form: -# PREFERENCE = VALUE +# PREFERENCE = VALUE # or -# PREFERENCE += VALUE +# PREFERENCE += VALUE # # - Backslash can be used at the end of a line to continue a line. # - A comment is a line where the first non-whitespace character is @@ -157,7 +157,7 @@ # # If [path/to/] is provided, the mapping only applies to # executables with matching paths or subpaths. For example, -# COMPILER_MODELS += bin\mycc.exe -> cl +# COMPILER_MODELS += bin\mycc.exe -> cl # will match invocations of c:\bin\mycc.exe and # c:\very\long\path\to\bin\mycc.exe, but not c:\mybin\mycc.exe or # c:\usr\lib\mycc.exe. @@ -198,9 +198,9 @@ # Later COMPILER_MODELS rules can supersede earlier ones. For # example, if the configuration file contains the following rule # sequence: -# COMPILER_MODELS += a/b/mycc -> cl:AB -# COMPILER_MODELS += c/d/mycc -> cl:CD -# COMPILER_MODELS += mycc -> cl:EF +# COMPILER_MODELS += a/b/mycc -> cl:AB +# COMPILER_MODELS += c/d/mycc -> cl:CD +# COMPILER_MODELS += mycc -> cl:EF # then all compilations with mycc, including compilations with # a/b/mycc and c/d/mycc, will be associated with compiler model cl # and ABI key EF. @@ -215,112 +215,112 @@ # expanding the range. # # Windows default models: -# COMPILER_MODELS += arm-none-eabi-g++.exe -> gpp -# COMPILER_MODELS += arm-none-eabi-gcc.exe -> gcc -# COMPILER_MODELS += armcc.exe -> armcc -# COMPILER_MODELS += armcl.exe -> cl6x -# COMPILER_MODELS += armclang.exe -> armclang -# COMPILER_MODELS += armcpp.exe -> armcc -# COMPILER_MODELS += bcc32.exe -> borland -# COMPILER_MODELS += c166.exe -> tasking -# COMPILER_MODELS += c51.exe -> c51 -# COMPILER_MODELS += cc21k.exe -> visualdsp -# COMPILER_MODELS += ccblkfn.exe -> visualdsp -# COMPILER_MODELS += ccrx.exe -> ccrx -# COMPILER_MODELS += ccts.exe -> visualdsp -# COMPILER_MODELS += ch38.exe -> ch38 -# COMPILER_MODELS += cl.exe -> cl -# COMPILER_MODELS += cl2000.exe -> cl6x -# COMPILER_MODELS += cl30.exe -> cl30 -# COMPILER_MODELS += cl430.exe -> cl6x -# COMPILER_MODELS += cl470.exe -> cl6x -# COMPILER_MODELS += cl55.exe -> cl6x -# COMPILER_MODELS += cl6x.exe -> cl6x -# COMPILER_MODELS += clang++.exe -> clangpp -# COMPILER_MODELS += clang.exe -> clang -# COMPILER_MODELS += clarm.exe -> cl -# COMPILER_MODELS += clmips.exe -> cl -# COMPILER_MODELS += clsh.exe -> cl -# COMPILER_MODELS += clthumb.exe -> cl -# COMPILER_MODELS += cosmic.exe -> cosmic -# COMPILER_MODELS += cp166.exe -> tasking -# COMPILER_MODELS += cpcp.exe -> tasking -# COMPILER_MODELS += cptc.exe -> tasking -# COMPILER_MODELS += ctc.exe -> tasking -# COMPILER_MODELS += cvavr-null.exe -> cvavr -# COMPILER_MODELS += cw-cc.exe -> xcc -# COMPILER_MODELS += dcc.exe -> dcc -# COMPILER_MODELS += dplus.exe -> dcc -# COMPILER_MODELS += ecom68.exe -> ecomppc -# COMPILER_MODELS += ecom800.exe -> ecomppc -# COMPILER_MODELS += ecom86.exe -> ecomppc -# COMPILER_MODELS += ecomarm.exe -> ecomppc -# COMPILER_MODELS += ecommip.exe -> ecomppc -# COMPILER_MODELS += ecomppc.exe -> ecomppc -# COMPILER_MODELS += ecomx86.exe -> ecomppc -# COMPILER_MODELS += g++-3.exe -> gpp -# COMPILER_MODELS += g++-4.exe -> gpp -# COMPILER_MODELS += g++.exe -> gpp -# COMPILER_MODELS += gcc-3.exe -> gcc -# COMPILER_MODELS += gcc-4.exe -> gcc -# COMPILER_MODELS += gcc.exe -> gcc -# COMPILER_MODELS += gpp.exe -> gpp -# COMPILER_MODELS += gxx.exe -> gpp -# COMPILER_MODELS += i686-pc-mingw32-g++.exe -> gpp -# COMPILER_MODELS += i686-pc-mingw32-gcc.exe -> gcc -# COMPILER_MODELS += icc430.exe -> icc430 -# COMPILER_MODELS += iccarm.exe -> iccarm -# COMPILER_MODELS += iccavr.exe -> iccavr -# COMPILER_MODELS += iccm32c.exe -> iccm32c -# COMPILER_MODELS += iccrx.exe -> iccrx -# COMPILER_MODELS += iccstm8.exe -> iccstm8 -# COMPILER_MODELS += iccv850.exe -> iccv850 -# COMPILER_MODELS += mwccmcf.exe -> mwccmcf -# COMPILER_MODELS += null-cc.exe -> xcc -# COMPILER_MODELS += picc.exe -> picc -# COMPILER_MODELS += qcc.exe -> qcc -# COMPILER_MODELS += shc.exe -> shc -# COMPILER_MODELS += shcpp.exe -> shcpp -# COMPILER_MODELS += tcc.exe -> armcc -# COMPILER_MODELS += tcpp.exe -> armcc -# COMPILER_MODELS += x86_64-pc-mingw32-g++.exe -> gpp -# COMPILER_MODELS += x86_64-pc-mingw32-gcc.exe -> gcc +# COMPILER_MODELS += arm-none-eabi-g++.exe -> gpp +# COMPILER_MODELS += arm-none-eabi-gcc.exe -> gcc +# COMPILER_MODELS += armcc.exe -> armcc +# COMPILER_MODELS += armcl.exe -> cl6x +# COMPILER_MODELS += armclang.exe -> armclang +# COMPILER_MODELS += armcpp.exe -> armcc +# COMPILER_MODELS += bcc32.exe -> borland +# COMPILER_MODELS += c166.exe -> tasking +# COMPILER_MODELS += c51.exe -> c51 +# COMPILER_MODELS += cc21k.exe -> visualdsp +# COMPILER_MODELS += ccblkfn.exe -> visualdsp +# COMPILER_MODELS += ccrx.exe -> ccrx +# COMPILER_MODELS += ccts.exe -> visualdsp +# COMPILER_MODELS += ch38.exe -> ch38 +# COMPILER_MODELS += cl.exe -> cl +# COMPILER_MODELS += cl2000.exe -> cl6x +# COMPILER_MODELS += cl30.exe -> cl30 +# COMPILER_MODELS += cl430.exe -> cl6x +# COMPILER_MODELS += cl470.exe -> cl6x +# COMPILER_MODELS += cl55.exe -> cl6x +# COMPILER_MODELS += cl6x.exe -> cl6x +# COMPILER_MODELS += clang++.exe -> clangpp +# COMPILER_MODELS += clang.exe -> clang +# COMPILER_MODELS += clarm.exe -> cl +# COMPILER_MODELS += clmips.exe -> cl +# COMPILER_MODELS += clsh.exe -> cl +# COMPILER_MODELS += clthumb.exe -> cl +# COMPILER_MODELS += cosmic.exe -> cosmic +# COMPILER_MODELS += cp166.exe -> tasking +# COMPILER_MODELS += cpcp.exe -> tasking +# COMPILER_MODELS += cptc.exe -> tasking +# COMPILER_MODELS += ctc.exe -> tasking +# COMPILER_MODELS += cvavr-null.exe -> cvavr +# COMPILER_MODELS += cw-cc.exe -> xcc +# COMPILER_MODELS += dcc.exe -> dcc +# COMPILER_MODELS += dplus.exe -> dcc +# COMPILER_MODELS += ecom68.exe -> ecomppc +# COMPILER_MODELS += ecom800.exe -> ecomppc +# COMPILER_MODELS += ecom86.exe -> ecomppc +# COMPILER_MODELS += ecomarm.exe -> ecomppc +# COMPILER_MODELS += ecommip.exe -> ecomppc +# COMPILER_MODELS += ecomppc.exe -> ecomppc +# COMPILER_MODELS += ecomx86.exe -> ecomppc +# COMPILER_MODELS += g++-3.exe -> gpp +# COMPILER_MODELS += g++-4.exe -> gpp +# COMPILER_MODELS += g++.exe -> gpp +# COMPILER_MODELS += gcc-3.exe -> gcc +# COMPILER_MODELS += gcc-4.exe -> gcc +# COMPILER_MODELS += gcc.exe -> gcc +# COMPILER_MODELS += gpp.exe -> gpp +# COMPILER_MODELS += gxx.exe -> gpp +# COMPILER_MODELS += i686-pc-mingw32-g++.exe -> gpp +# COMPILER_MODELS += i686-pc-mingw32-gcc.exe -> gcc +# COMPILER_MODELS += icc430.exe -> icc430 +# COMPILER_MODELS += iccarm.exe -> iccarm +# COMPILER_MODELS += iccavr.exe -> iccavr +# COMPILER_MODELS += iccm32c.exe -> iccm32c +# COMPILER_MODELS += iccrx.exe -> iccrx +# COMPILER_MODELS += iccstm8.exe -> iccstm8 +# COMPILER_MODELS += iccv850.exe -> iccv850 +# COMPILER_MODELS += mwccmcf.exe -> mwccmcf +# COMPILER_MODELS += null-cc.exe -> xcc +# COMPILER_MODELS += picc.exe -> picc +# COMPILER_MODELS += qcc.exe -> qcc +# COMPILER_MODELS += shc.exe -> shc +# COMPILER_MODELS += shcpp.exe -> shcpp +# COMPILER_MODELS += tcc.exe -> armcc +# COMPILER_MODELS += tcpp.exe -> armcc +# COMPILER_MODELS += x86_64-pc-mingw32-g++.exe -> gpp +# COMPILER_MODELS += x86_64-pc-mingw32-gcc.exe -> gcc # # POSIX default models: -# COMPILER_MODELS += arm-none-eabi-g++ -> gpp -# COMPILER_MODELS += arm-none-eabi-gcc -> gcc -# COMPILER_MODELS += armcc -> armcc -# COMPILER_MODELS += armclang -> armclang -# COMPILER_MODELS += armcpp -> armcc -# COMPILER_MODELS += c++ -> gpp -# COMPILER_MODELS += cc -> cc -# COMPILER_MODELS += ch38 -> ch38 -# COMPILER_MODELS += clang -> clang -# COMPILER_MODELS += clang++ -> clangpp -# COMPILER_MODELS += cosmic -> cosmic -# COMPILER_MODELS += dcc -> dcc -# COMPILER_MODELS += dplus -> dcc -# COMPILER_MODELS += ecom68 -> ecomppc -# COMPILER_MODELS += ecom800 -> ecomppc -# COMPILER_MODELS += ecom86 -> ecomppc -# COMPILER_MODELS += ecomarm -> ecomppc -# COMPILER_MODELS += ecommip -> ecomppc -# COMPILER_MODELS += ecomppc -> ecomppc -# COMPILER_MODELS += ecomx86 -> ecomppc -# COMPILER_MODELS += g++ -> gpp -# COMPILER_MODELS += gcc -> gcc -# COMPILER_MODELS += gpp -> gpp -# COMPILER_MODELS += gxx -> gpp -# COMPILER_MODELS += mcpcom -> mcpcom -# COMPILER_MODELS += null-cc -> xcc -# COMPILER_MODELS += qcc -> qcc -# COMPILER_MODELS += shc -> shc -# COMPILER_MODELS += shcpp -> shcpp -# COMPILER_MODELS += tcc -> armcc -# COMPILER_MODELS += tcpp -> armcc +# COMPILER_MODELS += arm-none-eabi-g++ -> gpp +# COMPILER_MODELS += arm-none-eabi-gcc -> gcc +# COMPILER_MODELS += armcc -> armcc +# COMPILER_MODELS += armclang -> armclang +# COMPILER_MODELS += armcpp -> armcc +# COMPILER_MODELS += c++ -> gpp +# COMPILER_MODELS += cc -> cc +# COMPILER_MODELS += ch38 -> ch38 +# COMPILER_MODELS += clang -> clang +# COMPILER_MODELS += clang++ -> clangpp +# COMPILER_MODELS += cosmic -> cosmic +# COMPILER_MODELS += dcc -> dcc +# COMPILER_MODELS += dplus -> dcc +# COMPILER_MODELS += ecom68 -> ecomppc +# COMPILER_MODELS += ecom800 -> ecomppc +# COMPILER_MODELS += ecom86 -> ecomppc +# COMPILER_MODELS += ecomarm -> ecomppc +# COMPILER_MODELS += ecommip -> ecomppc +# COMPILER_MODELS += ecomppc -> ecomppc +# COMPILER_MODELS += ecomx86 -> ecomppc +# COMPILER_MODELS += g++ -> gpp +# COMPILER_MODELS += gcc -> gcc +# COMPILER_MODELS += gpp -> gpp +# COMPILER_MODELS += gxx -> gpp +# COMPILER_MODELS += mcpcom -> mcpcom +# COMPILER_MODELS += null-cc -> xcc +# COMPILER_MODELS += qcc -> qcc +# COMPILER_MODELS += shc -> shc +# COMPILER_MODELS += shcpp -> shcpp +# COMPILER_MODELS += tcc -> armcc +# COMPILER_MODELS += tcpp -> armcc # # On all EXCEPT Windows: -# COMPILER_MODELS += QCC -> qcc +# COMPILER_MODELS += QCC -> qcc # # To activate the Hi-Tech compiler model for Linux: # COMPILER_MODELS += picc -> picc @@ -339,11 +339,11 @@ # systems: # COMPILER_MODELS += cl6x -> cl6x # COMPILER_MODELS += cl30 -> cl30x -# COMPILER_MODELS += armcl -> cl6x -# COMPILER_MODELS += cl430 -> cl6x -# COMPILER_MODELS += cl470 -> cl6x +# COMPILER_MODELS += armcl -> cl6x +# COMPILER_MODELS += cl430 -> cl6x +# COMPILER_MODELS += cl470 -> cl6x # COMPILER_MODELS += cl55 -> cl6x -# COMPILER_MODELS += cl2000 -> cl6x +# COMPILER_MODELS += cl2000 -> cl6x # # To activate the MPLab C18 C Compiler model (mcc18): # COMPILER_MODELS += mcc18.exe -> mcc18 @@ -360,10 +360,10 @@ # will disable recognition of some Green Hills compilers because of # an executable name conflict. # -# (Windows) +# (Windows) # COMPILER_MODELS += ccppc.exe -> ccppc # COMPILER_MODELS += c++ppc.exe -> c++ppc -# (other systems) +# (other systems) # COMPILER_MODELS += ccppc -> ccppc # COMPILER_MODELS += c++ppc -> c++ppc # @@ -378,52 +378,52 @@ # Custom Usage Examples # # [Windows] Treat anything named mycc.exe like cl. -# COMPILER_MODELS += mycc.exe -> cl +# COMPILER_MODELS += mycc.exe -> cl # # [Windows] Treat c:\compilers\mycc.exe (but not, eg, # c:\usr\local\mycc.exe) like cl. -# COMPILER_MODELS += c:\compilers\mycc.exe -> cl +# COMPILER_MODELS += c:\compilers\mycc.exe -> cl # # [Windows] Treat C:\Program Files (x86)\My IDE v8\bin\mycc.exe # like cl. Note that the path must be quoted because it contains # spaces. Microsoft libc command line encoding rules # [doc/html/FAQ.html#libc_commandline] apply (even on non-Windows # systems). -# COMPILER_MODELS += "C:\Program Files (x86)\My IDE v8\bin\mycc.exe" -> cl +# COMPILER_MODELS += "C:\Program Files (x86)\My IDE v8\bin\mycc.exe" -> cl # # [Windows] Treat any executable with path suffix bin\mycc.exe like # cl. Note that this will match the path in the previous example, # but not (for example) C:\mybin\mycc.exe. -# COMPILER_MODELS += bin\mycc.exe -> cl +# COMPILER_MODELS += bin\mycc.exe -> cl # # [Windows] Treat anything named mycc.exe like cl. Associate ABI # key ABC with any translation units compiled by this compiler. -# COMPILER_MODELS += mycc.exe -> cl:ABC +# COMPILER_MODELS += mycc.exe -> cl:ABC # # [Windows] Handle all compilations with any cl.exe executable # using the cl compiler model, using ABI keys to distinguish # compilations from certain cl.exe installations. -# COMPILER_MODELS += cl.exe -> cl:default -# COMPILER_MODELS += C:\bin\a\b\cl.exe -> cl:AB -# COMPILER_MODELS += C:\bin\c\d\cl.exe -> cl:CD +# COMPILER_MODELS += cl.exe -> cl:default +# COMPILER_MODELS += C:\bin\a\b\cl.exe -> cl:AB +# COMPILER_MODELS += C:\bin\c\d\cl.exe -> cl:CD # # [Posix] Treat anything named mycc like gcc. -# COMPILER_MODELS += mycc -> gcc +# COMPILER_MODELS += mycc -> gcc # # [Posix] Treat /tmp/mycc (an absolute path) like gcc. -# COMPILER_MODELS += /tmp/mycc -> gcc +# COMPILER_MODELS += /tmp/mycc -> gcc # # [Posix] Treat any executable with path suffix tmp/mycc like gcc. # Note that this will match the path in the previous example, but # not (for example) /u/mytmp/mycc. -# COMPILER_MODELS += tmp/mycc -> gcc +# COMPILER_MODELS += tmp/mycc -> gcc # # [Posix] Handle all compilations with any gcc executable using the # gcc compiler model, using ABI keys to distinguish compilations # from certain gcc installations. -# COMPILER_MODELS += gcc -> gcc:default -# COMPILER_MODELS += /a/b/gcc -> gcc:AB -# COMPILER_MODELS += /c/d/gcc -> gcc:CD +# COMPILER_MODELS += gcc -> gcc:default +# COMPILER_MODELS += /a/b/gcc -> gcc:AB +# COMPILER_MODELS += /c/d/gcc -> gcc:CD # # [ANCHOR random_filename] If your build system generates randomly- # named files each time it runs, you may be able to use a @@ -433,18 +433,18 @@ # # For example, suppose your regular software built uses a tool # called mybuild, whose behavior is such that -# mybuild gcc [options] -c A.c +# mybuild gcc [options] -c A.c # creates a randomly-named copy .c of A.c and then invokes -# gcc [options] -c .c +# gcc [options] -c .c # Then you can model the compilation as taking place on A.c rather # than a succession of .c using the following pair of rules. # -# [Posix] -# COMPILER_MODELS += mybuild -> gcc -# DISABLED_COMPILERS += gcc -# [Windows] -# COMPILER_MODELS += mybuild.exe -> gcc -# DISABLED_COMPILERS += gcc.exe +# [Posix] +# COMPILER_MODELS += mybuild -> gcc +# DISABLED_COMPILERS += gcc +# [Windows] +# COMPILER_MODELS += mybuild.exe -> gcc +# DISABLED_COMPILERS += gcc.exe # Parameter DISABLED_COMPILERS @@ -479,111 +479,111 @@ # The following compiler executables are recognized by default on # Windows systems. To ignore invocations of a specific executable, # use the corresponding DISABLED_COMPILERS rule. -# DISABLED_COMPILERS += arm-none-eabi-g++.exe -# DISABLED_COMPILERS += arm-none-eabi-gcc.exe -# DISABLED_COMPILERS += armcc.exe -# DISABLED_COMPILERS += armcl.exe -# DISABLED_COMPILERS += armclang.exe -# DISABLED_COMPILERS += armcpp.exe -# DISABLED_COMPILERS += bcc32.exe -# DISABLED_COMPILERS += c166.exe -# DISABLED_COMPILERS += c51.exe -# DISABLED_COMPILERS += cc21k.exe -# DISABLED_COMPILERS += ccblkfn.exe -# DISABLED_COMPILERS += ccrx.exe -# DISABLED_COMPILERS += ccts.exe -# DISABLED_COMPILERS += ch38.exe -# DISABLED_COMPILERS += cl.exe -# DISABLED_COMPILERS += cl2000.exe -# DISABLED_COMPILERS += cl30.exe -# DISABLED_COMPILERS += cl430.exe -# DISABLED_COMPILERS += cl470.exe -# DISABLED_COMPILERS += cl55.exe -# DISABLED_COMPILERS += cl6x.exe -# DISABLED_COMPILERS += clang++.exe -# DISABLED_COMPILERS += clang.exe -# DISABLED_COMPILERS += clarm.exe -# DISABLED_COMPILERS += clmips.exe -# DISABLED_COMPILERS += clsh.exe -# DISABLED_COMPILERS += clthumb.exe -# DISABLED_COMPILERS += cosmic.exe -# DISABLED_COMPILERS += cp166.exe -# DISABLED_COMPILERS += cpcp.exe -# DISABLED_COMPILERS += cptc.exe -# DISABLED_COMPILERS += ctc.exe -# DISABLED_COMPILERS += cvavr-null.exe -# DISABLED_COMPILERS += cw-cc.exe -# DISABLED_COMPILERS += dcc.exe -# DISABLED_COMPILERS += dplus.exe -# DISABLED_COMPILERS += ecom68.exe -# DISABLED_COMPILERS += ecom800.exe -# DISABLED_COMPILERS += ecom86.exe -# DISABLED_COMPILERS += ecomarm.exe -# DISABLED_COMPILERS += ecommip.exe -# DISABLED_COMPILERS += ecomppc.exe -# DISABLED_COMPILERS += ecomx86.exe -# DISABLED_COMPILERS += g++-3.exe -# DISABLED_COMPILERS += g++-4.exe -# DISABLED_COMPILERS += g++.exe -# DISABLED_COMPILERS += gcc-3.exe -# DISABLED_COMPILERS += gcc-4.exe -# DISABLED_COMPILERS += gcc.exe -# DISABLED_COMPILERS += gpp.exe -# DISABLED_COMPILERS += gxx.exe -# DISABLED_COMPILERS += i686-pc-mingw32-g++.exe -# DISABLED_COMPILERS += i686-pc-mingw32-gcc.exe -# DISABLED_COMPILERS += icc430.exe -# DISABLED_COMPILERS += iccarm.exe -# DISABLED_COMPILERS += iccavr.exe -# DISABLED_COMPILERS += iccm32c.exe -# DISABLED_COMPILERS += iccrx.exe -# DISABLED_COMPILERS += iccstm8.exe -# DISABLED_COMPILERS += iccv850.exe -# DISABLED_COMPILERS += mwccmcf.exe -# DISABLED_COMPILERS += null-cc.exe -# DISABLED_COMPILERS += picc.exe -# DISABLED_COMPILERS += qcc.exe -# DISABLED_COMPILERS += shc.exe -# DISABLED_COMPILERS += shcpp.exe -# DISABLED_COMPILERS += tcc.exe -# DISABLED_COMPILERS += tcpp.exe -# DISABLED_COMPILERS += x86_64-pc-mingw32-g++.exe -# DISABLED_COMPILERS += x86_64-pc-mingw32-gcc.exe +# DISABLED_COMPILERS += arm-none-eabi-g++.exe +# DISABLED_COMPILERS += arm-none-eabi-gcc.exe +# DISABLED_COMPILERS += armcc.exe +# DISABLED_COMPILERS += armcl.exe +# DISABLED_COMPILERS += armclang.exe +# DISABLED_COMPILERS += armcpp.exe +# DISABLED_COMPILERS += bcc32.exe +# DISABLED_COMPILERS += c166.exe +# DISABLED_COMPILERS += c51.exe +# DISABLED_COMPILERS += cc21k.exe +# DISABLED_COMPILERS += ccblkfn.exe +# DISABLED_COMPILERS += ccrx.exe +# DISABLED_COMPILERS += ccts.exe +# DISABLED_COMPILERS += ch38.exe +# DISABLED_COMPILERS += cl.exe +# DISABLED_COMPILERS += cl2000.exe +# DISABLED_COMPILERS += cl30.exe +# DISABLED_COMPILERS += cl430.exe +# DISABLED_COMPILERS += cl470.exe +# DISABLED_COMPILERS += cl55.exe +# DISABLED_COMPILERS += cl6x.exe +# DISABLED_COMPILERS += clang++.exe +# DISABLED_COMPILERS += clang.exe +# DISABLED_COMPILERS += clarm.exe +# DISABLED_COMPILERS += clmips.exe +# DISABLED_COMPILERS += clsh.exe +# DISABLED_COMPILERS += clthumb.exe +# DISABLED_COMPILERS += cosmic.exe +# DISABLED_COMPILERS += cp166.exe +# DISABLED_COMPILERS += cpcp.exe +# DISABLED_COMPILERS += cptc.exe +# DISABLED_COMPILERS += ctc.exe +# DISABLED_COMPILERS += cvavr-null.exe +# DISABLED_COMPILERS += cw-cc.exe +# DISABLED_COMPILERS += dcc.exe +# DISABLED_COMPILERS += dplus.exe +# DISABLED_COMPILERS += ecom68.exe +# DISABLED_COMPILERS += ecom800.exe +# DISABLED_COMPILERS += ecom86.exe +# DISABLED_COMPILERS += ecomarm.exe +# DISABLED_COMPILERS += ecommip.exe +# DISABLED_COMPILERS += ecomppc.exe +# DISABLED_COMPILERS += ecomx86.exe +# DISABLED_COMPILERS += g++-3.exe +# DISABLED_COMPILERS += g++-4.exe +# DISABLED_COMPILERS += g++.exe +# DISABLED_COMPILERS += gcc-3.exe +# DISABLED_COMPILERS += gcc-4.exe +# DISABLED_COMPILERS += gcc.exe +# DISABLED_COMPILERS += gpp.exe +# DISABLED_COMPILERS += gxx.exe +# DISABLED_COMPILERS += i686-pc-mingw32-g++.exe +# DISABLED_COMPILERS += i686-pc-mingw32-gcc.exe +# DISABLED_COMPILERS += icc430.exe +# DISABLED_COMPILERS += iccarm.exe +# DISABLED_COMPILERS += iccavr.exe +# DISABLED_COMPILERS += iccm32c.exe +# DISABLED_COMPILERS += iccrx.exe +# DISABLED_COMPILERS += iccstm8.exe +# DISABLED_COMPILERS += iccv850.exe +# DISABLED_COMPILERS += mwccmcf.exe +# DISABLED_COMPILERS += null-cc.exe +# DISABLED_COMPILERS += picc.exe +# DISABLED_COMPILERS += qcc.exe +# DISABLED_COMPILERS += shc.exe +# DISABLED_COMPILERS += shcpp.exe +# DISABLED_COMPILERS += tcc.exe +# DISABLED_COMPILERS += tcpp.exe +# DISABLED_COMPILERS += x86_64-pc-mingw32-g++.exe +# DISABLED_COMPILERS += x86_64-pc-mingw32-gcc.exe # # The following compiler executables are recognized by default on # Posix systems. To ignore invocations of a specific executable, # use the corresponding DISABLED_COMPILERS rule. -# DISABLED_COMPILERS += arm-none-eabi-g++ -# DISABLED_COMPILERS += arm-none-eabi-gcc -# DISABLED_COMPILERS += armcc -# DISABLED_COMPILERS += armclang -# DISABLED_COMPILERS += armcpp -# DISABLED_COMPILERS += c++ -# DISABLED_COMPILERS += cc -# DISABLED_COMPILERS += ch38 -# DISABLED_COMPILERS += clang -# DISABLED_COMPILERS += clang++ -# DISABLED_COMPILERS += cosmic -# DISABLED_COMPILERS += dcc -# DISABLED_COMPILERS += dplus -# DISABLED_COMPILERS += ecom68 -# DISABLED_COMPILERS += ecom800 -# DISABLED_COMPILERS += ecom86 -# DISABLED_COMPILERS += ecomarm -# DISABLED_COMPILERS += ecommip -# DISABLED_COMPILERS += ecomppc -# DISABLED_COMPILERS += ecomx86 -# DISABLED_COMPILERS += g++ -# DISABLED_COMPILERS += gcc -# DISABLED_COMPILERS += gpp -# DISABLED_COMPILERS += gxx -# DISABLED_COMPILERS += mcpcom -# DISABLED_COMPILERS += null-cc -# DISABLED_COMPILERS += qcc -# DISABLED_COMPILERS += shc -# DISABLED_COMPILERS += shcpp -# DISABLED_COMPILERS += tcc -# DISABLED_COMPILERS += tcpp +# DISABLED_COMPILERS += arm-none-eabi-g++ +# DISABLED_COMPILERS += arm-none-eabi-gcc +# DISABLED_COMPILERS += armcc +# DISABLED_COMPILERS += armclang +# DISABLED_COMPILERS += armcpp +# DISABLED_COMPILERS += c++ +# DISABLED_COMPILERS += cc +# DISABLED_COMPILERS += ch38 +# DISABLED_COMPILERS += clang +# DISABLED_COMPILERS += clang++ +# DISABLED_COMPILERS += cosmic +# DISABLED_COMPILERS += dcc +# DISABLED_COMPILERS += dplus +# DISABLED_COMPILERS += ecom68 +# DISABLED_COMPILERS += ecom800 +# DISABLED_COMPILERS += ecom86 +# DISABLED_COMPILERS += ecomarm +# DISABLED_COMPILERS += ecommip +# DISABLED_COMPILERS += ecomppc +# DISABLED_COMPILERS += ecomx86 +# DISABLED_COMPILERS += g++ +# DISABLED_COMPILERS += gcc +# DISABLED_COMPILERS += gpp +# DISABLED_COMPILERS += gxx +# DISABLED_COMPILERS += mcpcom +# DISABLED_COMPILERS += null-cc +# DISABLED_COMPILERS += qcc +# DISABLED_COMPILERS += shc +# DISABLED_COMPILERS += shcpp +# DISABLED_COMPILERS += tcc +# DISABLED_COMPILERS += tcpp @@ -865,7 +865,7 @@ # will be used. # # For example: -# CODEWARRIOR_INSTALLS += "C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.0" +# CODEWARRIOR_INSTALLS += "C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.0" # Parameter CODEWARRIOR_PLUGINS @@ -907,7 +907,7 @@ # will be used. # # For example: -# CODEWARRIOR_PLUGINS += "C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.0\bin\plugins\compiler\MCFCCompiler.dll" +# CODEWARRIOR_PLUGINS += "C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.0\bin\plugins\compiler\MCFCCompiler.dll" # # Parameter IGNORED_COMPILATIONS @@ -935,7 +935,7 @@ # discard path:, or the SYSTEM_INCLUDE_PATHS setting. # # For example, -# IGNORED_COMPILATIONS += ^.*foo\.c$ +# IGNORED_COMPILATIONS += ^.*foo\.c$ # specifies that compilations of files whose paths end in "foo.c" # should be ignored. This includes compilations of "foo.c", # "/usr/local/foo.c", and "mydir/myfoo.c", but not "foo.cpp". @@ -945,11 +945,11 @@ # Note that backslashes used as directory separators need to be # escaped, so a rule containing a Windows path will look # (something) like the following: -# IGNORED_COMPILATIONS += bar\\foo\.c +# IGNORED_COMPILATIONS += bar\\foo\.c # # The forward slashes used as directory separators on other systems # do not require escaping: -# IGNORED_COMPILATIONS += bar/foo\.c +# IGNORED_COMPILATIONS += bar/foo\.c # Parameter IGNORED_COMPILATION_COMMANDS # @@ -977,7 +977,7 @@ # command or none of it. # # For example: -# IGNORED_COMPILATION_COMMANDS += gcc -c foo.c +# IGNORED_COMPILATION_COMMANDS += gcc -c foo.c # Parameter ERROR_LIMIT_PER_COMPILATION @@ -1359,8 +1359,8 @@ # [doc/html/FAQ.html#libc_commandline] apply (even on non-Windows # systems). For example: # -# EDG_FRONTEND_OPTIONS_PREPEND += -DM_INT_TYPE=int -# EDG_FRONTEND_OPTIONS_PREPEND += -DM_ULONG_TYPE="unsigned long int" +# EDG_FRONTEND_OPTIONS_PREPEND += -DM_INT_TYPE=int +# EDG_FRONTEND_OPTIONS_PREPEND += -DM_ULONG_TYPE="unsigned long int" #EDG_FRONTEND_OPTIONS_PREPEND += @@ -1389,11 +1389,11 @@ # Notes # To add mydir to the list of directories searched for include # files: -# EDG_FRONTEND_OPTIONS_APPEND += -Imydir +# EDG_FRONTEND_OPTIONS_APPEND += -Imydir # # To set macro MYMACRO to the empty string (useful if you are # getting a parser error complaining that MYMACRO is undefined): -# EDG_FRONTEND_OPTIONS_APPEND += -DMYMACRO= +# EDG_FRONTEND_OPTIONS_APPEND += -DMYMACRO= # # # If you are using this parameter to define a preprocessor macro @@ -1402,8 +1402,8 @@ # [doc/html/FAQ.html#libc_commandline] apply (even on non-Windows # systems). For example: # -# EDG_FRONTEND_OPTIONS_APPEND += -DM_CHAR_P_TYPE=char* -# EDG_FRONTEND_OPTIONS_APPEND += -DM_UINT_TYPE="unsigned int" +# EDG_FRONTEND_OPTIONS_APPEND += -DM_CHAR_P_TYPE=char* +# EDG_FRONTEND_OPTIONS_APPEND += -DM_UINT_TYPE="unsigned int" #EDG_FRONTEND_OPTIONS_APPEND += @@ -1610,7 +1610,7 @@ # # Type # A string of the form -# s///+ +# s///+ # # where: # @@ -1633,49 +1633,49 @@ # [http://www.boost.org/doc/libs/1_63_0/libs/regex/doc/html/boost_regex/ref/syntax_option_type.html] # correspondences: # -# -M no_mod_m -# -S no_mod_s -# A awk -# B basic -# C no_char_classes -# D sed -# E extended -# G grep -# H egrep -# I icase -# L literal -# N normal -# O collate -# P perl -# Q bk_plus_qm -# S mod_s -# T no_intervals -# X mod_x +# -M no_mod_m +# -S no_mod_s +# A awk +# B basic +# C no_char_classes +# D sed +# E extended +# G grep +# H egrep +# I icase +# L literal +# N normal +# O collate +# P perl +# Q bk_plus_qm +# S mod_s +# T no_intervals +# X mod_x # # Boost regular expression match_flag_type # [http://www.boost.org/doc/libs/1_63_0/libs/regex/doc/html/boost_regex/ref/match_flag_type.html] # correspondences: # -# a match_not_bob -# c match_continuous -# d match_default -# e match_extra -# fa format_all -# fc format_no_copy -# fd format_default -# ff format_first_only -# fl format_literal -# fp format_perl -# fs format_sed -# m match_single_line -# n match_not_null -# z match_not_eob -# $ match_not_eol -# * match_any -# . match_not_dot_newline -# < match_not_bow -# > match_not_eow -# ^ match_not_bol +# a match_not_bob +# c match_continuous +# d match_default +# e match_extra +# fa format_all +# fc format_no_copy +# fd format_default +# ff format_first_only +# fl format_literal +# fp format_perl +# fs format_sed +# m match_single_line +# n match_not_null +# z match_not_eob +# $ match_not_eol +# * match_any +# . match_not_dot_newline +# < match_not_bow +# > match_not_eow +# ^ match_not_bol # # Notes # SOURCE_PATTERN_REPLACEMENT rules are typically used to improve @@ -1708,15 +1708,15 @@ # expression based replacement as described below. # # For example, -# SOURCE_PATTERN_REPLACEMENT+=s/foo//I +# SOURCE_PATTERN_REPLACEMENT+=s/foo//I # specifies that all occurrences of "foo" in the source code, # regardless of case, should be deleted. This is exactly equivalent # to -# SOURCE_PATTERN_REPLACEMENT+=s*foo**I +# SOURCE_PATTERN_REPLACEMENT+=s*foo**I # (the same expression with a different delimiter), and to -# SOURCE_PATTERN=foo -# SOURCE_REPLACEMENT= -# SOURCE_MODIFIERS=I +# SOURCE_PATTERN=foo +# SOURCE_REPLACEMENT= +# SOURCE_MODIFIERS=I # # You can specify as many SOURCE_PATTERN_REPLACEMENT entries as you # want: replacements will be carried out in the same order that the @@ -1795,7 +1795,7 @@ # execute on the source files before preprocessing occurs. # # For example, -# SOURCE_REPLACE_COMMAND+=sed -e 's#@ *0x[0-9a-fA-F][0-9a-fA-F]*#/* CSURF: At removed */#' +# SOURCE_REPLACE_COMMAND+=sed -e 's#@ *0x[0-9a-fA-F][0-9a-fA-F]*#/* CSURF: At removed */#' # specifies that all strings consisting of "@" followed by zero or # more spaces followed by a hexadecimal number should be replaced # by a comment reading "/* CSURF: At removed */" @@ -1811,7 +1811,7 @@ # # Here is an example of how to convert from a popular shift JIS # variant to UTF8: -# SOURCE_REPLACE_COMMAND += $GTHOME/third-party/apr-iconv/inst/bin/apriconv -f cp932 -t utf-8 +# SOURCE_REPLACE_COMMAND += $GTHOME/third-party/apr-iconv/inst/bin/apriconv -f cp932 -t utf-8 # Parameter PREPROCESS_IF_FAIL @@ -1914,7 +1914,7 @@ # override the setting of this parameter. # # For example: -# FATSTATS_DUMP_FILE = /PATH/TO/dump_file +# FATSTATS_DUMP_FILE = /PATH/TO/dump_file # Parameter MAX_CONCURRENT_PARSE_PROCESSES @@ -1991,7 +1991,7 @@ # that ship with CodeSonar. # # For example: -# COMPILER_MODEL_PLUGINS += /PATH/TO/libsamplecm.so +# COMPILER_MODEL_PLUGINS += /PATH/TO/libsamplecm.so # Will add the compiler model samplecm. # Parameter SEND_HOOK_LOG_TO_HUB @@ -2215,10 +2215,10 @@ # # Notes # For example: -# HUB_ADDRESS = 127.0.0.1:7340 -# HUB_ADDRESS = 0.0.0.0:7340 -# HUB_ADDRESS = [::1]:7340 -# HUB_ADDRESS = [::]:7340 +# HUB_ADDRESS = 127.0.0.1:7340 +# HUB_ADDRESS = 0.0.0.0:7340 +# HUB_ADDRESS = [::1]:7340 +# HUB_ADDRESS = [::]:7340 # # This parameter is ignored by the CodeSonar Windows build wizard. # @@ -2245,7 +2245,7 @@ # # Notes # For example: -# ANALYSIS_NAME = Bob's Project Revision 472 +# ANALYSIS_NAME = Bob's Project Revision 472 # # CodeSonar will generate a name for the analysis if none is # specified. @@ -2282,7 +2282,7 @@ # This parameter has no effect on non-Windows systems. # # For example: -# USE_SERVICES = Yes +# USE_SERVICES = Yes ## USE_SERVICES = Yes @@ -2499,10 +2499,10 @@ # This setting has no effect if REQUEST_REMOTE_ANALYSIS_SLAVES=No. # # Examples: -# REMOTE_ANALYSIS_SLAVES_LAUNCHDS += /siteA/* -# REMOTE_ANALYSIS_SLAVES_LAUNCHDS += /siteA/alex@sparky -# REMOTE_ANALYSIS_SLAVES_LAUNCHDS += 123 -# REMOTE_ANALYSIS_SLAVES_LAUNCHDS += -123 +# REMOTE_ANALYSIS_SLAVES_LAUNCHDS += /siteA/* +# REMOTE_ANALYSIS_SLAVES_LAUNCHDS += /siteA/alex@sparky +# REMOTE_ANALYSIS_SLAVES_LAUNCHDS += 123 +# REMOTE_ANALYSIS_SLAVES_LAUNCHDS += -123 # # For more information, see the manual section on Distributed # Analysis [doc/html/Workings/DistributedAnalysis.html]. @@ -2558,10 +2558,10 @@ # This setting has no effect if REQUEST_REMOTE_DAEMON_SLAVES=No. # # Examples: -# REMOTE_DAEMON_SLAVES_LAUNCHDS += /siteA/* -# REMOTE_DAEMON_SLAVES_LAUNCHDS += /siteA/alex@sparky -# REMOTE_DAEMON_SLAVES_LAUNCHDS += 123 -# REMOTE_DAEMON_SLAVES_LAUNCHDS += -123 +# REMOTE_DAEMON_SLAVES_LAUNCHDS += /siteA/* +# REMOTE_DAEMON_SLAVES_LAUNCHDS += /siteA/alex@sparky +# REMOTE_DAEMON_SLAVES_LAUNCHDS += 123 +# REMOTE_DAEMON_SLAVES_LAUNCHDS += -123 # # For more information, see the manual section on Distributed # Analysis [doc/html/Workings/DistributedAnalysis.html]. @@ -2925,16 +2925,16 @@ # # Notes # Examples: -# ANALYSIS_MASTER_LISTEN_INTERFACE=0.0.0.0 -# ANALYSIS_MASTER_LISTEN_INTERFACE=0.0.0.0:1234 -# ANALYSIS_MASTER_LISTEN_INTERFACE=127.0.0.1 -# ANALYSIS_MASTER_LISTEN_INTERFACE=127.0.0.1:1234 -# ANALYSIS_MASTER_LISTEN_INTERFACE=[::] -# ANALYSIS_MASTER_LISTEN_INTERFACE=[::]:1234 -# ANALYSIS_MASTER_LISTEN_INTERFACE=[::1] -# ANALYSIS_MASTER_LISTEN_INTERFACE=[::1]:1234 -# ANALYSIS_MASTER_LISTEN_INTERFACE=mymachine -# ANALYSIS_MASTER_LISTEN_INTERFACE=mymachine:1234 +# ANALYSIS_MASTER_LISTEN_INTERFACE=0.0.0.0 +# ANALYSIS_MASTER_LISTEN_INTERFACE=0.0.0.0:1234 +# ANALYSIS_MASTER_LISTEN_INTERFACE=127.0.0.1 +# ANALYSIS_MASTER_LISTEN_INTERFACE=127.0.0.1:1234 +# ANALYSIS_MASTER_LISTEN_INTERFACE=[::] +# ANALYSIS_MASTER_LISTEN_INTERFACE=[::]:1234 +# ANALYSIS_MASTER_LISTEN_INTERFACE=[::1] +# ANALYSIS_MASTER_LISTEN_INTERFACE=[::1]:1234 +# ANALYSIS_MASTER_LISTEN_INTERFACE=mymachine +# ANALYSIS_MASTER_LISTEN_INTERFACE=mymachine:1234 # # For distributed analysis, ensure that specifies an # interface that other machines in the analysis cloud will be able @@ -3091,16 +3091,16 @@ # # Notes # Examples: -# DAEMON_MASTER_LISTEN_INTERFACE=0.0.0.0 -# DAEMON_MASTER_LISTEN_INTERFACE=0.0.0.0:1234 -# DAEMON_MASTER_LISTEN_INTERFACE=127.0.0.1 -# DAEMON_MASTER_LISTEN_INTERFACE=127.0.0.1:1234 -# DAEMON_MASTER_LISTEN_INTERFACE=[::] -# DAEMON_MASTER_LISTEN_INTERFACE=[::]:1234 -# DAEMON_MASTER_LISTEN_INTERFACE=[::1] -# DAEMON_MASTER_LISTEN_INTERFACE=[::1]:1234 -# DAEMON_MASTER_LISTEN_INTERFACE=mymachine -# DAEMON_MASTER_LISTEN_INTERFACE=mymachine:1234 +# DAEMON_MASTER_LISTEN_INTERFACE=0.0.0.0 +# DAEMON_MASTER_LISTEN_INTERFACE=0.0.0.0:1234 +# DAEMON_MASTER_LISTEN_INTERFACE=127.0.0.1 +# DAEMON_MASTER_LISTEN_INTERFACE=127.0.0.1:1234 +# DAEMON_MASTER_LISTEN_INTERFACE=[::] +# DAEMON_MASTER_LISTEN_INTERFACE=[::]:1234 +# DAEMON_MASTER_LISTEN_INTERFACE=[::1] +# DAEMON_MASTER_LISTEN_INTERFACE=[::1]:1234 +# DAEMON_MASTER_LISTEN_INTERFACE=mymachine +# DAEMON_MASTER_LISTEN_INTERFACE=mymachine:1234 # # For distributed analysis, ensure that specifies an # interface that other machines in the analysis cloud will be able @@ -3369,35 +3369,35 @@ # Example 1: Discard all warnings belonging to any class with a # LANG.MEM.* mnemonic # [doc/html/WarningClasses/MnemonicHierarchy.html#LANG_MEM]. -# WARNING_FILTER += discard categories:LANG.MEM +# WARNING_FILTER += discard categories:LANG.MEM # # Example 2: Discard all warnings whose class is Buffer Underrun, # Type Underrun, or any user-defined class with "underrun" in its # name. -# WARNING_FILTER += discard class:underrun +# WARNING_FILTER += discard class:underrun # # Example 3: Discard all warnings in the compilation unit # [doc/html/Elements/PROPERTIES_File.html#compilation_unit_def] # associated with mylib.cpp -# WARNING_FILTER += discard compilation_unit=mylib.cpp +# WARNING_FILTER += discard compilation_unit=mylib.cpp # # Example 4: Assign all warnings in file mylib.h to alex. If the # hub has no user called alex, this rule has no effect. -# WARNING_FILTER += owner:=alex file=mylib.h +# WARNING_FILTER += owner:=alex file=mylib.h # # Example 5: Assign all warnings in system include files to sandy. # If the hub has no user called sandy, this rule has no effect. -# WARNING_FILTER += owner:=sandy is_sysinclude +# WARNING_FILTER += owner:=sandy is_sysinclude # # Example 6: Discard all warnings in C compilation units. -# WARNING_FILTER += discard language=c +# WARNING_FILTER += discard language=c # # Example 7: Discard all warnings issued at line 47 (of any file). -# WARNING_FILTER += discard line=47 +# WARNING_FILTER += discard line=47 # # Example 8: Discard all warnings whose associated Listing XML # contains substring 'callPrinter'. -# WARNING_FILTER += discard listing_xml:callPrinter +# WARNING_FILTER += discard listing_xml:callPrinter # # Example 9: For all warnings issued in procedure writeThis(), set # Priority to "Incredible". For all warnings issued in any other @@ -3408,8 +3408,8 @@ # - if "Incredible" was not already a candidate Priority value on # the hub, it will be added to the list of candidates once a # warning with "Incredible" Priority is submitted. -# WARNING_FILTER += priority:="P0: High" procedure:write -# WARNING_FILTER += priority:="Incredible" procedure=writeThis +# WARNING_FILTER += priority:="P0: High" procedure:write +# WARNING_FILTER += priority:="Incredible" procedure=writeThis # # Example 10: In C compilation units, discard all warnings issued # in a procedure whose name contains substring 'gridproc'. In C++ @@ -3417,7 +3417,7 @@ # such that the fully-qualified procedure name contains substring # 'gridproc', or one of the argument type names contains substring # gridproc. -# WARNING_FILTER += discard procedure_typed:gridproc +# WARNING_FILTER += discard procedure_typed:gridproc # # Example 11: In C++ compilation units, discard all warnings issued # in a procedure with exactly one, unsigned int, argument. @@ -3426,7 +3426,7 @@ # templating): warnings issued in those procedures will also be # discarded. In C compilation units, this rule will not match # anything. -# WARNING_FILTER += discard procedure_typed:"(unsigned int)" +# WARNING_FILTER += discard procedure_typed:"(unsigned int)" # # Example 12: In C++ compilation units, discard all warnings issued # inside the procedures with the specified (fully-qualified) names. @@ -3435,707 +3435,905 @@ # of the procedure name with cs_pdg_procedure_name() # [doc/html/API/CAPI/cs__pdg_8h.html#func_cs_pdg_procedure_name] # before creating the WARNING_FILTER rule. -# WARNING_FILTER += discard procedure_typed:"std::vector>::operator [](unsigned long)" -# WARNING_FILTER += discard procedure_typed:"only_param::return_S(int *)" +# WARNING_FILTER += discard procedure_typed:"std::vector>::operator [](unsigned long)" +# WARNING_FILTER += discard procedure_typed:"only_param::return_S(int *)" # # Example 13: Discard all warnings in procedures that are not # reachable from main() (this REACHABILITY_ROOTS rule matches any # function called main occurring in any file in the project). -# REACHABILITY_ROOTS = :main -# WARNING_FILTER += discard reachable=0 +# REACHABILITY_ROOTS = :main +# WARNING_FILTER += discard reachable=0 # # Example 14: Discard all warnings whose Listing begins with a # procedure whose name is "ignoreme" followed by one or more digits # (eg ignoreme1(), ignoreme275(), ...). -# WARNING_FILTER += discard path_start_procedure=~ignoreme\d+ +# WARNING_FILTER += discard path_start_procedure=~ignoreme\d+ # # Example 15: Discard all warnings in files whose path includes # directory ignoredir. Using two rules with different path # separators provides (some) portability. -# WARNING_FILTER += discard path:/ignoredir/ -# WARNING_FILTER += discard path:\ignoredir\ +# WARNING_FILTER += discard path:/ignoredir/ +# WARNING_FILTER += discard path:\ignoredir\ # # Example 16: Discard all warnings in files whose path includes # directory "ignore dir" (note the space). Using two rules with # different path separators provides (some) portability. Patterns # containing spaces must be quoted, and backslashes must be escaped # in quoted strings. -# WARNING_FILTER += discard path:"/ignore dir/" -# WARNING_FILTER += discard path:"\\ignore dir\\" +# WARNING_FILTER += discard path:"/ignore dir/" +# WARNING_FILTER += discard path:"\\ignore dir\\" # # Example 17: Discard all warnings occurring on a source line that # contains the text "do not issue a warning here" (presumably in a # comment). -# WARNING_FILTER += discard line_contents:"do not issue a warning here" +# WARNING_FILTER += discard line_contents:"do not issue a warning here" # # Example 18: Discard all warnings for which the first function in # Listing XML is a library model or is called (directly or # transitively) by a library model. -# WARNING_FILTER += discard starts_in_source_libraries=1 +# WARNING_FILTER += discard starts_in_source_libraries=1 # # The following checks are enabled by default. To discard warnings # of a particular class, use the corresponding "discard" rule. -# (C and C++ warning classes) -# WARNING_FILTER += discard class="Arctangent Domain Error" -# WARNING_FILTER += discard class="Argument Too High" -# WARNING_FILTER += discard class="Argument Too Low" -# WARNING_FILTER += discard class="Blocking in Critical Section" -# WARNING_FILTER += discard class="Buffer Overrun" -# WARNING_FILTER += discard class="Buffer Underrun" -# WARNING_FILTER += discard class="Cast Alters Value" -# WARNING_FILTER += discard class="Coercion Alters Value" -# WARNING_FILTER += discard class="Command Injection" -# WARNING_FILTER += discard class="Copy-Paste Error" -# WARNING_FILTER += discard class="Dangerous Function Cast" -# WARNING_FILTER += discard class="Deadlock" -# WARNING_FILTER += discard class="Division By Zero" -# WARNING_FILTER += discard class="Double Close" -# WARNING_FILTER += discard class="Double Free" -# WARNING_FILTER += discard class="Double Initialization" -# WARNING_FILTER += discard class="Double Lock" -# WARNING_FILTER += discard class="Double Unlock" -# WARNING_FILTER += discard class="Empty Branch Statement" -# WARNING_FILTER += discard class="Empty for Statement" -# WARNING_FILTER += discard class="Empty if Statement" -# WARNING_FILTER += discard class="Empty switch Statement" -# WARNING_FILTER += discard class="Empty while Statement" -# WARNING_FILTER += discard class="Encryption without Padding" -# WARNING_FILTER += discard class="File System Race Condition" -# WARNING_FILTER += discard class="Float Division By Zero" -# WARNING_FILTER += discard class="Floating Point Domain Error" -# WARNING_FILTER += discard class="Floating Point Range Error" -# WARNING_FILTER += discard class="Format String Injection" -# WARNING_FILTER += discard class="Format String Type Error" -# WARNING_FILTER += discard class="Format String" -# WARNING_FILTER += discard class="Free Non-Heap Variable" -# WARNING_FILTER += discard class="Free Null Pointer" -# WARNING_FILTER += discard class="Function Call Has No Effect" -# WARNING_FILTER += discard class="Gamma on Zero" -# WARNING_FILTER += discard class="GlobalHandle on GMEM_FIXED Memory" -# WARNING_FILTER += discard class="GlobalLock on GMEM_FIXED Memory" -# WARNING_FILTER += discard class="GlobalUnlock on GMEM_FIXED Memory" -# WARNING_FILTER += discard class="Hardcoded Authentication" -# WARNING_FILTER += discard class="Hardcoded Crypto Key" -# WARNING_FILTER += discard class="Hardcoded Crypto Salt" -# WARNING_FILTER += discard class="Ignored Return Value" -# WARNING_FILTER += discard class="Integer Overflow of Allocation Size" -# WARNING_FILTER += discard class="LDAP Injection" -# WARNING_FILTER += discard class="Leak" -# WARNING_FILTER += discard class="Library Injection" -# WARNING_FILTER += discard class="LocalHandle on LMEM_FIXED Memory" -# WARNING_FILTER += discard class="LocalLock on LMEM_FIXED Memory" -# WARNING_FILTER += discard class="LocalUnlock on LMEM_FIXED Memory" -# WARNING_FILTER += discard class="Logarithm on Negative Value" -# WARNING_FILTER += discard class="Logarithm on Zero" -# WARNING_FILTER += discard class="MAX_PATH Exceeded" -# WARNING_FILTER += discard class="Misaligned Object" -# WARNING_FILTER += discard class="Missing Return Statement" -# WARNING_FILTER += discard class="Missing Return Value" -# WARNING_FILTER += discard class="Negative Character Value" -# WARNING_FILTER += discard class="Negative Shift Amount" -# WARNING_FILTER += discard class="Negative file descriptor" -# WARNING_FILTER += discard class="No Space For Null Terminator" -# WARNING_FILTER += discard class="Null Pointer Dereference" -# WARNING_FILTER += discard class="Null Security Descriptor" -# WARNING_FILTER += discard class="Null Test After Dereference" -# WARNING_FILTER += discard class="Overlapping Memory Regions" -# WARNING_FILTER += discard class="Plaintext Storage of Password" -# WARNING_FILTER += discard class="Plaintext Transmission of Password" -# WARNING_FILTER += discard class="Pool Mismatch" -# WARNING_FILTER += discard class="Raises FE_INVALID" -# WARNING_FILTER += discard class="Redundant Condition" -# WARNING_FILTER += discard class="Return Pointer to Freed" -# WARNING_FILTER += discard class="Return Pointer to Local" -# WARNING_FILTER += discard class="SQL Injection" -# WARNING_FILTER += discard class="Shift Amount Exceeds Bit Width" -# WARNING_FILTER += discard class="Tainted Buffer Access" -# WARNING_FILTER += discard class="Tainted Environment Variable" -# WARNING_FILTER += discard class="Try-lock that will never succeed" -# WARNING_FILTER += discard class="Type Mismatch" -# WARNING_FILTER += discard class="Type Overrun" -# WARNING_FILTER += discard class="Type Underrun" -# WARNING_FILTER += discard class="Undefined Power of Zero" -# WARNING_FILTER += discard class="Uninitialized Variable" -# WARNING_FILTER += discard class="Unreachable Call" -# WARNING_FILTER += discard class="Unreachable Computation" -# WARNING_FILTER += discard class="Unreachable Conditional" -# WARNING_FILTER += discard class="Unreachable Data Flow" -# WARNING_FILTER += discard class="Unreasonable Size Argument" -# WARNING_FILTER += discard class="Unterminated C String" -# WARNING_FILTER += discard class="Unused Value" -# WARNING_FILTER += discard class="Use After Close" -# WARNING_FILTER += discard class="Use After Free" -# WARNING_FILTER += discard class="Use of GetTempFileName" -# WARNING_FILTER += discard class="Use of SO_REUSEADDR" -# WARNING_FILTER += discard class="Use of Weak Cryptographic Algorithm" -# WARNING_FILTER += discard class="Use of crypt" -# WARNING_FILTER += discard class="Use of drem" -# WARNING_FILTER += discard class="Use of gamma" -# WARNING_FILTER += discard class="Use of gets" -# WARNING_FILTER += discard class="Use of mktemp" -# WARNING_FILTER += discard class="Use of tmpfile" -# WARNING_FILTER += discard class="Use of tmpnam" -# WARNING_FILTER += discard class="Useless Assignment" -# WARNING_FILTER += discard class="Varargs Function Cast" -# WARNING_FILTER += discard class="cosh on High Number" -# WARNING_FILTER += discard class="cosh on Low Number" -# WARNING_FILTER += discard class="sqrt on Negative Value" -# -# (Java warning classes) -# WARNING_FILTER += discard class="== Always Fails (Java)" -# WARNING_FILTER += discard class="== Always Fails Because Types Always Different (Java)" -# WARNING_FILTER += discard class="Abs on random (Java)" -# WARNING_FILTER += discard class="Accessing File in Permissive Mode (Java)" -# WARNING_FILTER += discard class="Ambiguous Call from Inner Class (Java)" -# WARNING_FILTER += discard class="Android Leak (Java)" -# WARNING_FILTER += discard class="Anonymous LDAP Authentication (Java)" -# WARNING_FILTER += discard class="Approximate e Constant (Java)" -# WARNING_FILTER += discard class="Approximate pi Constant (Java)" -# WARNING_FILTER += discard class="Array Parameter Empty (Java)" -# WARNING_FILTER += discard class="Assertion Contains Side Effects (Java)" -# WARNING_FILTER += discard class="Assignment in Conditional (Java)" -# WARNING_FILTER += discard class="Asymmetric compareTo (Java)" -# WARNING_FILTER += discard class="Bitwise AND on Boolean (Java)" -# WARNING_FILTER += discard class="Bitwise AND on Boolean Constant (Java)" -# WARNING_FILTER += discard class="Bitwise OR on Boolean (Java)" -# WARNING_FILTER += discard class="Bitwise OR on Boolean Constant (Java)" -# WARNING_FILTER += discard class="Blocking in Critical Section (Java)" -# WARNING_FILTER += discard class="Broad Throws Clause (Java)" -# WARNING_FILTER += discard class="Call Might Return Null (Java)" -# WARNING_FILTER += discard class="Cast: Integer to Floating Point (Java)" -# WARNING_FILTER += discard class="Cast: int Computation to long (Java)" -# WARNING_FILTER += discard class="Class Enables Debug Features (Java)" -# WARNING_FILTER += discard class="Closeable Not Closed (Java)" -# WARNING_FILTER += discard class="Closeable Not Stored (Java)" -# WARNING_FILTER += discard class="Code Injection (Java)" -# WARNING_FILTER += discard class="Command Injection (Java)" -# WARNING_FILTER += discard class="Comparison to Empty String (Java)" -# WARNING_FILTER += discard class="Cross Site Scripting (Java)" -# WARNING_FILTER += discard class="Cryptographic Algorithm with Risky Default Cipher (Java)" -# WARNING_FILTER += discard class="Cryptographic Algorithm with Weak Cipher (Java)" -# WARNING_FILTER += discard class="Cryptographic Algorithm with Weak Hash (Java)" -# WARNING_FILTER += discard class="DLL Injection (Java)" -# WARNING_FILTER += discard class="DOS Injection (Java)" -# WARNING_FILTER += discard class="Debug Call (Java)" -# WARNING_FILTER += discard class="Debug Warning (Java)" -# WARNING_FILTER += discard class="Defines equals but not hashCode (Java)" -# WARNING_FILTER += discard class="Defines hashCode but not equals (Java)" -# WARNING_FILTER += discard class="Deprecated Cryptography Provider (Java)" -# WARNING_FILTER += discard class="Double-Checked Locking (Java)" -# WARNING_FILTER += discard class="Empty Branch Statement (Java)" -# WARNING_FILTER += discard class="Empty Exception Handler (Java)" -# WARNING_FILTER += discard class="Empty jar File Archived (Java)" -# WARNING_FILTER += discard class="Empty zip File Archived (Java)" -# WARNING_FILTER += discard class="Exception Information Disclosure (Java)" -# WARNING_FILTER += discard class="Field Never Read (Java)" -# WARNING_FILTER += discard class="Field Never Written (Java)" -# WARNING_FILTER += discard class="Floating Point Equality (Java)" -# WARNING_FILTER += discard class="Fragment Injection (Java)" -# WARNING_FILTER += discard class="Generic Exception Handler (Java)" -# WARNING_FILTER += discard class="Hardcoded Filename (Java)" -# WARNING_FILTER += discard class="Hardcoded Password (Java)" -# WARNING_FILTER += discard class="Hardcoded Random Seed (Java)" -# WARNING_FILTER += discard class="Hostname in Condition (Java)" -# WARNING_FILTER += discard class="Ignored Return Value (Java)" -# WARNING_FILTER += discard class="Ignored Return Value for Pure Function (Java)" -# WARNING_FILTER += discard class="Impossible Client Side Locking (Java)" -# WARNING_FILTER += discard class="Inappropriate Exception Handler (Java)" -# WARNING_FILTER += discard class="Inappropriate Instanceof (Java)" -# WARNING_FILTER += discard class="Ineffective Cleansing of Fragment Taint (Java)" -# WARNING_FILTER += discard class="Inefficient Bitwise AND (Java)" -# WARNING_FILTER += discard class="Inefficient Bitwise OR (Java)" -# WARNING_FILTER += discard class="Inefficient Box-Unbox (Java)" -# WARNING_FILTER += discard class="Inefficient Instantiation (Java)" -# WARNING_FILTER += discard class="Inner Class Should be Static (Java)" -# WARNING_FILTER += discard class="Insecure Cookie (Java)" -# WARNING_FILTER += discard class="Insecure Key Derivation (Java)" -# WARNING_FILTER += discard class="Insecure Random Number Generator (Java)" -# WARNING_FILTER += discard class="Insecure Socket Factory (Java)" -# WARNING_FILTER += discard class="Insecure XSLT Execution (Java)" -# WARNING_FILTER += discard class="Insecure verifier Override for Hostname (Java)" -# WARNING_FILTER += discard class="Insecure verify Override for Certificate (Java)" -# WARNING_FILTER += discard class="Instanceof Always False (Java)" -# WARNING_FILTER += discard class="Instanceof Always True (Java)" -# WARNING_FILTER += discard class="JavaScript Enabled (Java)" -# WARNING_FILTER += discard class="JavaScript File Access from File URLs (Java)" -# WARNING_FILTER += discard class="LDAP Authentication Disabled (Java)" -# WARNING_FILTER += discard class="Lambda Parameter may be null (Java)" -# WARNING_FILTER += discard class="Method Enables Debug Features (Java)" -# WARNING_FILTER += discard class="Method Names Differ Only in Case (Java)" -# WARNING_FILTER += discard class="Method Should Not Return null (Java)" -# WARNING_FILTER += discard class="Missing Authentication Annotation (Java)" -# WARNING_FILTER += discard class="Missing Call to super (Java)" -# WARNING_FILTER += discard class="Missing Equals Override (Java)" -# WARNING_FILTER += discard class="Missing JavaScript Entry Point (Java)" -# WARNING_FILTER += discard class="Missing JavaScript Execution (Java)" -# WARNING_FILTER += discard class="Missing Serial Version Field (Java)" -# WARNING_FILTER += discard class="Missing isValidFragment Override (Java)" -# WARNING_FILTER += discard class="Mutable Enumeration (Java)" -# WARNING_FILTER += discard class="Non-Object compareTo Parameter (Java)" -# WARNING_FILTER += discard class="Non-overriding Method Signature (Java)" -# WARNING_FILTER += discard class="Nonserializable Field (Java)" -# WARNING_FILTER += discard class="Nonserializable Field Element (Java)" -# WARNING_FILTER += discard class="Nonserializable Outer Class (Java)" -# WARNING_FILTER += discard class="Null Parameter Dereference (Java)" -# WARNING_FILTER += discard class="Null Pointer Dereference (Java)" -# WARNING_FILTER += discard class="Password in Property File (Java)" -# WARNING_FILTER += discard class="Permissive File Mode (Java)" -# WARNING_FILTER += discard class="Possible XML External Entity Reference (Java)" -# WARNING_FILTER += discard class="Potential Infinite Recursion (Java)" -# WARNING_FILTER += discard class="Potential LDAP Poisoning (Java)" -# WARNING_FILTER += discard class="Redundant Call for Integral Argument (Java)" -# WARNING_FILTER += discard class="Redundant Call for String Argument (Java)" -# WARNING_FILTER += discard class="Redundant Condition (Java)" -# WARNING_FILTER += discard class="Redundant Implements Clause (Java)" -# WARNING_FILTER += discard class="Reflection Bypasses Member Accessibility (Java)" -# WARNING_FILTER += discard class="Reflection Injection (Java)" -# WARNING_FILTER += discard class="Reflection Modifies Member Accessibility (Java)" -# WARNING_FILTER += discard class="Return null Array (Java)" -# WARNING_FILTER += discard class="Return null Boolean (Java)" -# WARNING_FILTER += discard class="Return null Optional (Java)" -# WARNING_FILTER += discard class="Risky Cipher Algorithm (Java)" -# WARNING_FILTER += discard class="Risky Cipher Field (Java)" -# WARNING_FILTER += discard class="Risky Class Cast (Java)" -# WARNING_FILTER += discard class="Risky Cryptographic Algorithm (Java)" -# WARNING_FILTER += discard class="Risky Cryptographic Field (Java)" -# WARNING_FILTER += discard class="Risky JavaScript Interface (Java)" -# WARNING_FILTER += discard class="Risky array store (Java)" -# WARNING_FILTER += discard class="SQL Injection (Java)" -# WARNING_FILTER += discard class="Shadowed Identifier (Java)" -# WARNING_FILTER += discard class="Should Use == Instead of equals() (Java)" -# WARNING_FILTER += discard class="Should Use equals() Instead of == (Java)" -# WARNING_FILTER += discard class="Single-use Random Number Generator (Java)" -# WARNING_FILTER += discard class="Static Field Assigned Non-Static (Java)" -# WARNING_FILTER += discard class="Synchronization on Interned String (Java)" -# WARNING_FILTER += discard class="Synchronization on static (Java)" -# WARNING_FILTER += discard class="Synchronous Call to Thread Body (Java)" -# WARNING_FILTER += discard class="Tainted @Trusted Value (Java)" -# WARNING_FILTER += discard class="Tainted Bundle (Java)" -# WARNING_FILTER += discard class="Tainted Control (Java)" -# WARNING_FILTER += discard class="Tainted Data in Vulnerable Method (Java)" -# WARNING_FILTER += discard class="Tainted Expression Evaluation (Java)" -# WARNING_FILTER += discard class="Tainted HTTP Response (Java)" -# WARNING_FILTER += discard class="Tainted Hardware Device Property (Java)" -# WARNING_FILTER += discard class="Tainted LDAP Attribute (Java)" -# WARNING_FILTER += discard class="Tainted LDAP Filter (Java)" -# WARNING_FILTER += discard class="Tainted Log (Java)" -# WARNING_FILTER += discard class="Tainted Message (Java)" -# WARNING_FILTER += discard class="Tainted Network Address (Java)" -# WARNING_FILTER += discard class="Tainted Path (Java)" -# WARNING_FILTER += discard class="Tainted Regular Expression (Java)" -# WARNING_FILTER += discard class="Tainted Resource (Java)" -# WARNING_FILTER += discard class="Tainted Session (Java)" -# WARNING_FILTER += discard class="Tainted URL (Java)" -# WARNING_FILTER += discard class="Tainted XAML (Java)" -# WARNING_FILTER += discard class="Tainted XML (Java)" -# WARNING_FILTER += discard class="Tainted Xpath (Java)" -# WARNING_FILTER += discard class="Unchecked Parameter Dereference (Java)" -# WARNING_FILTER += discard class="Unexpected Serial Version Field (Java)" -# WARNING_FILTER += discard class="Universal JavaScript Access to File URLs (Java)" -# WARNING_FILTER += discard class="Unnecessary Field (Java)" -# WARNING_FILTER += discard class="Unnecessary Instantiation for GetClass (Java)" -# WARNING_FILTER += discard class="Unreachable Instruction (Java)" -# WARNING_FILTER += discard class="Unsafe Base64 Encoding (Java)" -# WARNING_FILTER += discard class="Untrusted Network Host (Java)" -# WARNING_FILTER += discard class="Unused Class (Java)" -# WARNING_FILTER += discard class="Unused Field (Java)" -# WARNING_FILTER += discard class="Unused Method (Java)" -# WARNING_FILTER += discard class="Unused Object (Java)" -# WARNING_FILTER += discard class="Unused Value: Actual Parameter (Java)" -# WARNING_FILTER += discard class="Unused Value: Variable (Java)" -# WARNING_FILTER += discard class="Unused Value: Write to Parameter (Java)" -# WARNING_FILTER += discard class="Use of Hardware ID (Java)" -# WARNING_FILTER += discard class="Use of Insecure verify for Certificate (Java)" -# WARNING_FILTER += discard class="Use of Insecure verify for Hostname (Java)" -# WARNING_FILTER += discard class="Useless Assignment (Java)" -# WARNING_FILTER += discard class="Useless Assignment to Default (Java)" -# WARNING_FILTER += discard class="Useless Class Cast (Java)" -# WARNING_FILTER += discard class="Useless Synchronization (Java)" -# WARNING_FILTER += discard class="Useless volatile Modifier (Java)" -# WARNING_FILTER += discard class="Weak Cryptographic Value (Java)" -# WARNING_FILTER += discard class="Weak Hash Algorithm (Java)" -# WARNING_FILTER += discard class="Weak Hash Algorithm Field (Java)" -# WARNING_FILTER += discard class="clone Non-cloneable (Java)" -# WARNING_FILTER += discard class="clone Subclass of Non-clonable (Java)" -# WARNING_FILTER += discard class="clone not final (Java)" -# WARNING_FILTER += discard class="compareTo in Non-Comparable Class (Java)" -# WARNING_FILTER += discard class="compareTo without equals (Java)" -# WARNING_FILTER += discard class="compareTo/equals mismatch (Java)" -# WARNING_FILTER += discard class="equals Always Fails (Java)" -# WARNING_FILTER += discard class="equals Parameter Should Be Object (Java)" -# WARNING_FILTER += discard class="equals on Array (Java)" -# WARNING_FILTER += discard class="toString on Array (Java)" +# (C and C++ warning classes) +# WARNING_FILTER += discard class="Arctangent Domain Error" +# WARNING_FILTER += discard class="Argument Too High" +# WARNING_FILTER += discard class="Argument Too Low" +# WARNING_FILTER += discard class="Blocking in Critical Section" +# WARNING_FILTER += discard class="Buffer Overrun" +# WARNING_FILTER += discard class="Buffer Underrun" +# WARNING_FILTER += discard class="Cast Alters Value" +# WARNING_FILTER += discard class="Coercion Alters Value" +# WARNING_FILTER += discard class="Command Injection" +# WARNING_FILTER += discard class="Copy-Paste Error" +# WARNING_FILTER += discard class="Dangerous Function Cast" +# WARNING_FILTER += discard class="Deadlock" +# WARNING_FILTER += discard class="Division By Zero" +# WARNING_FILTER += discard class="Double Close" +# WARNING_FILTER += discard class="Double Free" +# WARNING_FILTER += discard class="Double Initialization" +# WARNING_FILTER += discard class="Double Lock" +# WARNING_FILTER += discard class="Double Unlock" +# WARNING_FILTER += discard class="Empty Branch Statement" +# WARNING_FILTER += discard class="Empty for Statement" +# WARNING_FILTER += discard class="Empty if Statement" +# WARNING_FILTER += discard class="Empty switch Statement" +# WARNING_FILTER += discard class="Empty while Statement" +# WARNING_FILTER += discard class="Encryption without Padding" +# WARNING_FILTER += discard class="File System Race Condition" +# WARNING_FILTER += discard class="Float Division By Zero" +# WARNING_FILTER += discard class="Floating Point Domain Error" +# WARNING_FILTER += discard class="Floating Point Range Error" +# WARNING_FILTER += discard class="Format String Injection" +# WARNING_FILTER += discard class="Format String Type Error" +# WARNING_FILTER += discard class="Format String" +# WARNING_FILTER += discard class="Free Non-Heap Variable" +# WARNING_FILTER += discard class="Free Null Pointer" +# WARNING_FILTER += discard class="Function Call Has No Effect" +# WARNING_FILTER += discard class="Gamma on Zero" +# WARNING_FILTER += discard class="GlobalHandle on GMEM_FIXED Memory" +# WARNING_FILTER += discard class="GlobalLock on GMEM_FIXED Memory" +# WARNING_FILTER += discard class="GlobalUnlock on GMEM_FIXED Memory" +# WARNING_FILTER += discard class="Hardcoded Authentication" +# WARNING_FILTER += discard class="Hardcoded Crypto Key" +# WARNING_FILTER += discard class="Hardcoded Crypto Salt" +# WARNING_FILTER += discard class="Ignored Return Value" +# WARNING_FILTER += discard class="Integer Overflow of Allocation Size" +# WARNING_FILTER += discard class="LDAP Injection" +# WARNING_FILTER += discard class="Leak" +# WARNING_FILTER += discard class="Library Injection" +# WARNING_FILTER += discard class="LocalHandle on LMEM_FIXED Memory" +# WARNING_FILTER += discard class="LocalLock on LMEM_FIXED Memory" +# WARNING_FILTER += discard class="LocalUnlock on LMEM_FIXED Memory" +# WARNING_FILTER += discard class="Logarithm on Negative Value" +# WARNING_FILTER += discard class="Logarithm on Zero" +# WARNING_FILTER += discard class="MAX_PATH Exceeded" +# WARNING_FILTER += discard class="Misaligned Object" +# WARNING_FILTER += discard class="Missing Return Statement" +# WARNING_FILTER += discard class="Missing Return Value" +# WARNING_FILTER += discard class="Negative Character Value" +# WARNING_FILTER += discard class="Negative Shift Amount" +# WARNING_FILTER += discard class="Negative file descriptor" +# WARNING_FILTER += discard class="No Space For Null Terminator" +# WARNING_FILTER += discard class="Null Pointer Dereference" +# WARNING_FILTER += discard class="Null Security Descriptor" +# WARNING_FILTER += discard class="Null Test After Dereference" +# WARNING_FILTER += discard class="Overlapping Memory Regions" +# WARNING_FILTER += discard class="Plaintext Storage of Password" +# WARNING_FILTER += discard class="Plaintext Transmission of Password" +# WARNING_FILTER += discard class="Pool Mismatch" +# WARNING_FILTER += discard class="Raises FE_INVALID" +# WARNING_FILTER += discard class="Redundant Condition" +# WARNING_FILTER += discard class="Return Pointer to Freed" +# WARNING_FILTER += discard class="Return Pointer to Local" +# WARNING_FILTER += discard class="SQL Injection" +# WARNING_FILTER += discard class="Shift Amount Exceeds Bit Width" +# WARNING_FILTER += discard class="Tainted Buffer Access" +# WARNING_FILTER += discard class="Tainted Environment Variable" +# WARNING_FILTER += discard class="Try-lock that will never succeed" +# WARNING_FILTER += discard class="Type Mismatch" +# WARNING_FILTER += discard class="Type Overrun" +# WARNING_FILTER += discard class="Type Underrun" +# WARNING_FILTER += discard class="Undefined Power of Zero" +# WARNING_FILTER += discard class="Uninitialized Variable" +# WARNING_FILTER += discard class="Unreachable Call" +# WARNING_FILTER += discard class="Unreachable Computation" +# WARNING_FILTER += discard class="Unreachable Conditional" +# WARNING_FILTER += discard class="Unreachable Data Flow" +# WARNING_FILTER += discard class="Unreasonable Size Argument" +# WARNING_FILTER += discard class="Unterminated C String" +# WARNING_FILTER += discard class="Unused Value" +# WARNING_FILTER += discard class="Use After Close" +# WARNING_FILTER += discard class="Use After Free" +# WARNING_FILTER += discard class="Use of GetTempFileName" +# WARNING_FILTER += discard class="Use of SO_REUSEADDR" +# WARNING_FILTER += discard class="Use of Weak Cryptographic Algorithm" +# WARNING_FILTER += discard class="Use of crypt" +# WARNING_FILTER += discard class="Use of drem" +# WARNING_FILTER += discard class="Use of gamma" +# WARNING_FILTER += discard class="Use of gets" +# WARNING_FILTER += discard class="Use of mktemp" +# WARNING_FILTER += discard class="Use of tmpfile" +# WARNING_FILTER += discard class="Use of tmpnam" +# WARNING_FILTER += discard class="Useless Assignment" +# WARNING_FILTER += discard class="Varargs Function Cast" +# WARNING_FILTER += discard class="cosh on High Number" +# WARNING_FILTER += discard class="cosh on Low Number" +# WARNING_FILTER += discard class="sqrt on Negative Value" +# +# (Java warning classes) +# WARNING_FILTER += discard class="== Always Fails Because Types Always Different (Java)" +# WARNING_FILTER += discard class="Abs on random (Java)" +# WARNING_FILTER += discard class="Accessing File in Permissive Mode (Java)" +# WARNING_FILTER += discard class="Ambiguous Call from Inner Class (Java)" +# WARNING_FILTER += discard class="Android Leak (Java)" +# WARNING_FILTER += discard class="Anonymous LDAP Authentication (Java)" +# WARNING_FILTER += discard class="Approximate e Constant (Java)" +# WARNING_FILTER += discard class="Approximate pi Constant (Java)" +# WARNING_FILTER += discard class="Array Parameter Empty (Java)" +# WARNING_FILTER += discard class="Assertion Contains Side Effects (Java)" +# WARNING_FILTER += discard class="Assignment in Conditional (Java)" +# WARNING_FILTER += discard class="Asymmetric compareTo (Java)" +# WARNING_FILTER += discard class="Bitwise AND on Boolean (Java)" +# WARNING_FILTER += discard class="Bitwise AND on Boolean Constant (Java)" +# WARNING_FILTER += discard class="Bitwise OR on Boolean (Java)" +# WARNING_FILTER += discard class="Bitwise OR on Boolean Constant (Java)" +# WARNING_FILTER += discard class="Blocking in Critical Section (Java)" +# WARNING_FILTER += discard class="Broad Throws Clause (Java)" +# WARNING_FILTER += discard class="Call Might Return Null (Java)" +# WARNING_FILTER += discard class="Cast: Integer to Floating Point (Java)" +# WARNING_FILTER += discard class="Cast: int Computation to long (Java)" +# WARNING_FILTER += discard class="Class Enables Debug Features (Java)" +# WARNING_FILTER += discard class="Closeable Not Closed (Java)" +# WARNING_FILTER += discard class="Closeable Not Stored (Java)" +# WARNING_FILTER += discard class="Code Injection (Java)" +# WARNING_FILTER += discard class="Command Injection (Java)" +# WARNING_FILTER += discard class="Comparison to Empty String (Java)" +# WARNING_FILTER += discard class="Cross Site Scripting (Java)" +# WARNING_FILTER += discard class="Cryptographic Algorithm with Risky Default Cipher (Java)" +# WARNING_FILTER += discard class="Cryptographic Algorithm with Weak Cipher (Java)" +# WARNING_FILTER += discard class="Cryptographic Algorithm with Weak Hash (Java)" +# WARNING_FILTER += discard class="DLL Injection (Java)" +# WARNING_FILTER += discard class="DOS Injection (Java)" +# WARNING_FILTER += discard class="Debug Call (Java)" +# WARNING_FILTER += discard class="Debug Warning (Java)" +# WARNING_FILTER += discard class="Defines equals but not hashCode (Java)" +# WARNING_FILTER += discard class="Defines hashCode but not equals (Java)" +# WARNING_FILTER += discard class="Deprecated Cryptography Provider (Java)" +# WARNING_FILTER += discard class="Double-Checked Locking (Java)" +# WARNING_FILTER += discard class="Empty Branch Statement (Java)" +# WARNING_FILTER += discard class="Empty Exception Handler (Java)" +# WARNING_FILTER += discard class="Empty jar File Archived (Java)" +# WARNING_FILTER += discard class="Empty zip File Archived (Java)" +# WARNING_FILTER += discard class="Exception Information Disclosure (Java)" +# WARNING_FILTER += discard class="Field Never Read (Java)" +# WARNING_FILTER += discard class="Field Never Written (Java)" +# WARNING_FILTER += discard class="Floating Point Equality (Java)" +# WARNING_FILTER += discard class="Fragment Injection (Java)" +# WARNING_FILTER += discard class="Generic Exception Handler (Java)" +# WARNING_FILTER += discard class="Hardcoded Filename (Java)" +# WARNING_FILTER += discard class="Hardcoded Password (Java)" +# WARNING_FILTER += discard class="Hardcoded Random Seed (Java)" +# WARNING_FILTER += discard class="Hostname in Condition (Java)" +# WARNING_FILTER += discard class="Ignored Return Value (Java)" +# WARNING_FILTER += discard class="Ignored Return Value for Pure Function (Java)" +# WARNING_FILTER += discard class="Impossible Client Side Locking (Java)" +# WARNING_FILTER += discard class="Impossible reference comparison (Java)" +# WARNING_FILTER += discard class="Inappropriate Exception Handler (Java)" +# WARNING_FILTER += discard class="Inappropriate Instanceof (Java)" +# WARNING_FILTER += discard class="Ineffective Cleansing of Fragment Taint (Java)" +# WARNING_FILTER += discard class="Inefficient Bitwise AND (Java)" +# WARNING_FILTER += discard class="Inefficient Bitwise OR (Java)" +# WARNING_FILTER += discard class="Inefficient Box-Unbox (Java)" +# WARNING_FILTER += discard class="Inefficient Instantiation (Java)" +# WARNING_FILTER += discard class="Inner Class Should be Static (Java)" +# WARNING_FILTER += discard class="Insecure Cookie (Java)" +# WARNING_FILTER += discard class="Insecure Key Derivation (Java)" +# WARNING_FILTER += discard class="Insecure Random Number Generator (Java)" +# WARNING_FILTER += discard class="Insecure Socket Factory (Java)" +# WARNING_FILTER += discard class="Insecure XSLT Execution (Java)" +# WARNING_FILTER += discard class="Insecure verifier Override for Hostname (Java)" +# WARNING_FILTER += discard class="Insecure verify Override for Certificate (Java)" +# WARNING_FILTER += discard class="Instanceof Always False (Java)" +# WARNING_FILTER += discard class="Instanceof Always True (Java)" +# WARNING_FILTER += discard class="JavaScript Enabled (Java)" +# WARNING_FILTER += discard class="JavaScript File Access from File URLs (Java)" +# WARNING_FILTER += discard class="LDAP Authentication Disabled (Java)" +# WARNING_FILTER += discard class="Lambda Parameter may be null (Java)" +# WARNING_FILTER += discard class="Method Enables Debug Features (Java)" +# WARNING_FILTER += discard class="Method Names Differ Only in Case (Java)" +# WARNING_FILTER += discard class="Method Should Not Return null (Java)" +# WARNING_FILTER += discard class="Missing Authentication Annotation (Java)" +# WARNING_FILTER += discard class="Missing Call to super (Java)" +# WARNING_FILTER += discard class="Missing Equals Override (Java)" +# WARNING_FILTER += discard class="Missing JavaScript Entry Point (Java)" +# WARNING_FILTER += discard class="Missing JavaScript Execution (Java)" +# WARNING_FILTER += discard class="Missing Serial Version Field (Java)" +# WARNING_FILTER += discard class="Missing isValidFragment Override (Java)" +# WARNING_FILTER += discard class="Mutable Enumeration (Java)" +# WARNING_FILTER += discard class="Non-Object compareTo Parameter (Java)" +# WARNING_FILTER += discard class="Non-overriding Method Signature (Java)" +# WARNING_FILTER += discard class="Nonserializable Field (Java)" +# WARNING_FILTER += discard class="Nonserializable Field Element (Java)" +# WARNING_FILTER += discard class="Nonserializable Outer Class (Java)" +# WARNING_FILTER += discard class="Null Parameter Dereference (Java)" +# WARNING_FILTER += discard class="Null Pointer Dereference (Java)" +# WARNING_FILTER += discard class="Password in Property File (Java)" +# WARNING_FILTER += discard class="Permissive File Mode (Java)" +# WARNING_FILTER += discard class="Possible XML External Entity Reference (Java)" +# WARNING_FILTER += discard class="Potential Infinite Recursion (Java)" +# WARNING_FILTER += discard class="Potential LDAP Poisoning (Java)" +# WARNING_FILTER += discard class="Redundant Call for Integral Argument (Java)" +# WARNING_FILTER += discard class="Redundant Call for String Argument (Java)" +# WARNING_FILTER += discard class="Redundant Condition (Java)" +# WARNING_FILTER += discard class="Redundant Implements Clause (Java)" +# WARNING_FILTER += discard class="Reflection Bypasses Member Accessibility (Java)" +# WARNING_FILTER += discard class="Reflection Injection (Java)" +# WARNING_FILTER += discard class="Reflection Modifies Member Accessibility (Java)" +# WARNING_FILTER += discard class="Return null Array (Java)" +# WARNING_FILTER += discard class="Return null Boolean (Java)" +# WARNING_FILTER += discard class="Return null Optional (Java)" +# WARNING_FILTER += discard class="Risky Cipher Algorithm (Java)" +# WARNING_FILTER += discard class="Risky Cipher Field (Java)" +# WARNING_FILTER += discard class="Risky Class Cast (Java)" +# WARNING_FILTER += discard class="Risky Cryptographic Algorithm (Java)" +# WARNING_FILTER += discard class="Risky Cryptographic Field (Java)" +# WARNING_FILTER += discard class="Risky JavaScript Interface (Java)" +# WARNING_FILTER += discard class="Risky array store (Java)" +# WARNING_FILTER += discard class="SQL Injection (Java)" +# WARNING_FILTER += discard class="Shadowed Identifier (Java)" +# WARNING_FILTER += discard class="Should Use == Instead of equals() (Java)" +# WARNING_FILTER += discard class="Should Use equals() Instead of == (Java)" +# WARNING_FILTER += discard class="Single-use Random Number Generator (Java)" +# WARNING_FILTER += discard class="Static Field Assigned Non-Static (Java)" +# WARNING_FILTER += discard class="Synchronization on Interned String (Java)" +# WARNING_FILTER += discard class="Synchronization on static (Java)" +# WARNING_FILTER += discard class="Synchronous Call to Thread Body (Java)" +# WARNING_FILTER += discard class="Tainted @Trusted Value (Java)" +# WARNING_FILTER += discard class="Tainted Bundle (Java)" +# WARNING_FILTER += discard class="Tainted Control (Java)" +# WARNING_FILTER += discard class="Tainted Data in Vulnerable Method (Java)" +# WARNING_FILTER += discard class="Tainted Expression Evaluation (Java)" +# WARNING_FILTER += discard class="Tainted HTTP Response (Java)" +# WARNING_FILTER += discard class="Tainted Hardware Device Property (Java)" +# WARNING_FILTER += discard class="Tainted LDAP Attribute (Java)" +# WARNING_FILTER += discard class="Tainted LDAP Filter (Java)" +# WARNING_FILTER += discard class="Tainted Log (Java)" +# WARNING_FILTER += discard class="Tainted Message (Java)" +# WARNING_FILTER += discard class="Tainted Network Address (Java)" +# WARNING_FILTER += discard class="Tainted Path (Java)" +# WARNING_FILTER += discard class="Tainted Regular Expression (Java)" +# WARNING_FILTER += discard class="Tainted Resource (Java)" +# WARNING_FILTER += discard class="Tainted Session (Java)" +# WARNING_FILTER += discard class="Tainted URL (Java)" +# WARNING_FILTER += discard class="Tainted XAML (Java)" +# WARNING_FILTER += discard class="Tainted XML (Java)" +# WARNING_FILTER += discard class="Tainted Xpath (Java)" +# WARNING_FILTER += discard class="Unchecked Parameter Dereference (Java)" +# WARNING_FILTER += discard class="Unexpected Serial Version Field (Java)" +# WARNING_FILTER += discard class="Universal JavaScript Access to File URLs (Java)" +# WARNING_FILTER += discard class="Unnecessary Field (Java)" +# WARNING_FILTER += discard class="Unnecessary Instantiation for GetClass (Java)" +# WARNING_FILTER += discard class="Unreachable Instruction (Java)" +# WARNING_FILTER += discard class="Untrusted Network Host (Java)" +# WARNING_FILTER += discard class="Unused Class (Java)" +# WARNING_FILTER += discard class="Unused Field (Java)" +# WARNING_FILTER += discard class="Unused Method (Java)" +# WARNING_FILTER += discard class="Unused Object (Java)" +# WARNING_FILTER += discard class="Unused Value: Actual Parameter (Java)" +# WARNING_FILTER += discard class="Unused Value: Variable (Java)" +# WARNING_FILTER += discard class="Unused Value: Write to Parameter (Java)" +# WARNING_FILTER += discard class="Use of Hardware ID (Java)" +# WARNING_FILTER += discard class="Use of Insecure verify for Certificate (Java)" +# WARNING_FILTER += discard class="Use of Insecure verify for Hostname (Java)" +# WARNING_FILTER += discard class="Useless Assignment (Java)" +# WARNING_FILTER += discard class="Useless Assignment to Default (Java)" +# WARNING_FILTER += discard class="Useless Class Cast (Java)" +# WARNING_FILTER += discard class="Useless Synchronization (Java)" +# WARNING_FILTER += discard class="Useless volatile Modifier (Java)" +# WARNING_FILTER += discard class="Weak Cryptographic Value (Java)" +# WARNING_FILTER += discard class="Weak Hash Algorithm (Java)" +# WARNING_FILTER += discard class="Weak Hash Algorithm Field (Java)" +# WARNING_FILTER += discard class="clone Non-cloneable (Java)" +# WARNING_FILTER += discard class="clone not final (Java)" +# WARNING_FILTER += discard class="compareTo in Non-Comparable Class (Java)" +# WARNING_FILTER += discard class="compareTo without equals (Java)" +# WARNING_FILTER += discard class="compareTo/equals mismatch (Java)" +# WARNING_FILTER += discard class="equals Always Fails (Java)" +# WARNING_FILTER += discard class="equals Parameter Should Be Object (Java)" +# WARNING_FILTER += discard class="equals on Array (Java)" +# WARNING_FILTER += discard class="toString on Array (Java)" +# +# (C# warning classes) +# WARNING_FILTER += discard class="== Always Fails Because Types Always Different (C#)" +# WARNING_FILTER += discard class="Abs on random (C#)" +# WARNING_FILTER += discard class="Ambiguous Call from Inner Class (C#)" +# WARNING_FILTER += discard class="Anonymous LDAP Authentication (C#)" +# WARNING_FILTER += discard class="Approximate e Constant (C#)" +# WARNING_FILTER += discard class="Approximate pi Constant (C#)" +# WARNING_FILTER += discard class="Assignment in Conditional (C#)" +# WARNING_FILTER += discard class="Asymmetric compareTo (C#)" +# WARNING_FILTER += discard class="Bitwise AND on Boolean (C#)" +# WARNING_FILTER += discard class="Bitwise AND on Boolean Constant (C#)" +# WARNING_FILTER += discard class="Bitwise OR on Boolean (C#)" +# WARNING_FILTER += discard class="Bitwise OR on Boolean Constant (C#)" +# WARNING_FILTER += discard class="Blocking in Critical Section (C#)" +# WARNING_FILTER += discard class="Broad Throws Clause (C#)" +# WARNING_FILTER += discard class="Call Might Return Null (C#)" +# WARNING_FILTER += discard class="Cast: Integer to Floating Point (C#)" +# WARNING_FILTER += discard class="Cast: int Computation to long (C#)" +# WARNING_FILTER += discard class="Class Enables Debug Features (C#)" +# WARNING_FILTER += discard class="Closeable Not Closed (C#)" +# WARNING_FILTER += discard class="Closeable Not Stored (C#)" +# WARNING_FILTER += discard class="Code Injection (C#)" +# WARNING_FILTER += discard class="Command Injection (C#)" +# WARNING_FILTER += discard class="Comparison to Empty String (C#)" +# WARNING_FILTER += discard class="Cross Site Scripting (C#)" +# WARNING_FILTER += discard class="Cryptographic Algorithm with Risky Default Cipher (C#)" +# WARNING_FILTER += discard class="Cryptographic Algorithm with Weak Cipher (C#)" +# WARNING_FILTER += discard class="Cryptographic Algorithm with Weak Hash (C#)" +# WARNING_FILTER += discard class="DLL Injection (C#)" +# WARNING_FILTER += discard class="DOS Injection (C#)" +# WARNING_FILTER += discard class="Debug Call (C#)" +# WARNING_FILTER += discard class="Debug Warning (C#)" +# WARNING_FILTER += discard class="Defines equals but not hashCode (C#)" +# WARNING_FILTER += discard class="Defines hashCode but not equals (C#)" +# WARNING_FILTER += discard class="Deprecated Cryptography Provider (C#)" +# WARNING_FILTER += discard class="Double-Checked Locking (C#)" +# WARNING_FILTER += discard class="Empty Branch Statement (C#)" +# WARNING_FILTER += discard class="Empty Exception Handler (C#)" +# WARNING_FILTER += discard class="Empty zip File Archived (C#)" +# WARNING_FILTER += discard class="Exception Information Disclosure (C#)" +# WARNING_FILTER += discard class="Field Never Read (C#)" +# WARNING_FILTER += discard class="Field Never Written (C#)" +# WARNING_FILTER += discard class="Floating Point Equality (C#)" +# WARNING_FILTER += discard class="Generic Exception Handler (C#)" +# WARNING_FILTER += discard class="Hardcoded Filename (C#)" +# WARNING_FILTER += discard class="Hardcoded Password (C#)" +# WARNING_FILTER += discard class="Hardcoded Random Seed (C#)" +# WARNING_FILTER += discard class="Hostname in Condition (C#)" +# WARNING_FILTER += discard class="Ignored Return Value (C#)" +# WARNING_FILTER += discard class="Ignored Return Value for Pure Function (C#)" +# WARNING_FILTER += discard class="Impossible Client Side Locking (C#)" +# WARNING_FILTER += discard class="Impossible reference comparison (C#)" +# WARNING_FILTER += discard class="Inappropriate Exception Handler (C#)" +# WARNING_FILTER += discard class="Inappropriate Instanceof (C#)" +# WARNING_FILTER += discard class="Inefficient Bitwise AND (C#)" +# WARNING_FILTER += discard class="Inefficient Bitwise OR (C#)" +# WARNING_FILTER += discard class="Insecure Cookie (C#)" +# WARNING_FILTER += discard class="Insecure Key Derivation (C#)" +# WARNING_FILTER += discard class="Insecure Random Number Generator (C#)" +# WARNING_FILTER += discard class="Insecure XSLT Execution (C#)" +# WARNING_FILTER += discard class="Instanceof Always False (C#)" +# WARNING_FILTER += discard class="Instanceof Always True (C#)" +# WARNING_FILTER += discard class="Method Enables Debug Features (C#)" +# WARNING_FILTER += discard class="Method Names Differ Only in Case (C#)" +# WARNING_FILTER += discard class="Method Should Not Return null (C#)" +# WARNING_FILTER += discard class="Missing Authentication Annotation (C#)" +# WARNING_FILTER += discard class="Missing Call to super (C#)" +# WARNING_FILTER += discard class="Missing Equals Override (C#)" +# WARNING_FILTER += discard class="Mutable Enumeration (C#)" +# WARNING_FILTER += discard class="Non-Object compareTo Parameter (C#)" +# WARNING_FILTER += discard class="Non-overriding Method Signature (C#)" +# WARNING_FILTER += discard class="Nonserializable Field (C#)" +# WARNING_FILTER += discard class="Nonserializable Field Element (C#)" +# WARNING_FILTER += discard class="Nonserializable Outer Class (C#)" +# WARNING_FILTER += discard class="Null Parameter Dereference (C#)" +# WARNING_FILTER += discard class="Null Pointer Dereference (C#)" +# WARNING_FILTER += discard class="Password in Property File (C#)" +# WARNING_FILTER += discard class="Possible XML External Entity Reference (C#)" +# WARNING_FILTER += discard class="Potential Infinite Recursion (C#)" +# WARNING_FILTER += discard class="Redundant Call for Integral Argument (C#)" +# WARNING_FILTER += discard class="Redundant Call for String Argument (C#)" +# WARNING_FILTER += discard class="Redundant Condition (C#)" +# WARNING_FILTER += discard class="Reflection Bypasses Member Accessibility (C#)" +# WARNING_FILTER += discard class="Reflection Injection (C#)" +# WARNING_FILTER += discard class="Reflection Modifies Member Accessibility (C#)" +# WARNING_FILTER += discard class="Return null Array (C#)" +# WARNING_FILTER += discard class="Risky Cipher Algorithm (C#)" +# WARNING_FILTER += discard class="Risky Cipher Field (C#)" +# WARNING_FILTER += discard class="Risky Class Cast (C#)" +# WARNING_FILTER += discard class="Risky Cryptographic Algorithm (C#)" +# WARNING_FILTER += discard class="Risky Cryptographic Field (C#)" +# WARNING_FILTER += discard class="Risky array store (C#)" +# WARNING_FILTER += discard class="SQL Injection (C#)" +# WARNING_FILTER += discard class="Shadowed Identifier (C#)" +# WARNING_FILTER += discard class="Should Use == Instead of equals() (C#)" +# WARNING_FILTER += discard class="Should Use equals() Instead of == (C#)" +# WARNING_FILTER += discard class="Single-use Random Number Generator (C#)" +# WARNING_FILTER += discard class="Static Field Assigned Non-Static (C#)" +# WARNING_FILTER += discard class="Synchronization on Interned String (C#)" +# WARNING_FILTER += discard class="Synchronization on static (C#)" +# WARNING_FILTER += discard class="Synchronous Call to Thread Body (C#)" +# WARNING_FILTER += discard class="Tainted @Trusted Value (C#)" +# WARNING_FILTER += discard class="Tainted Bundle (C#)" +# WARNING_FILTER += discard class="Tainted Control (C#)" +# WARNING_FILTER += discard class="Tainted Expression Evaluation (C#)" +# WARNING_FILTER += discard class="Tainted HTTP Response (C#)" +# WARNING_FILTER += discard class="Tainted Hardware Device Property (C#)" +# WARNING_FILTER += discard class="Tainted LDAP Attribute (C#)" +# WARNING_FILTER += discard class="Tainted LDAP Filter (C#)" +# WARNING_FILTER += discard class="Tainted Log (C#)" +# WARNING_FILTER += discard class="Tainted Message (C#)" +# WARNING_FILTER += discard class="Tainted Network Address (C#)" +# WARNING_FILTER += discard class="Tainted Path (C#)" +# WARNING_FILTER += discard class="Tainted Regular Expression (C#)" +# WARNING_FILTER += discard class="Tainted Resource (C#)" +# WARNING_FILTER += discard class="Tainted Session (C#)" +# WARNING_FILTER += discard class="Tainted URL (C#)" +# WARNING_FILTER += discard class="Tainted XAML (C#)" +# WARNING_FILTER += discard class="Tainted XML (C#)" +# WARNING_FILTER += discard class="Tainted Xpath (C#)" +# WARNING_FILTER += discard class="Unchecked Parameter Dereference (C#)" +# WARNING_FILTER += discard class="Unnecessary Field (C#)" +# WARNING_FILTER += discard class="Unreachable Instruction (C#)" +# WARNING_FILTER += discard class="Unused Class (C#)" +# WARNING_FILTER += discard class="Unused Field (C#)" +# WARNING_FILTER += discard class="Unused Method (C#)" +# WARNING_FILTER += discard class="Unused Object (C#)" +# WARNING_FILTER += discard class="Unused Value: Actual Parameter (C#)" +# WARNING_FILTER += discard class="Unused Value: Variable (C#)" +# WARNING_FILTER += discard class="Unused Value: Write to Parameter (C#)" +# WARNING_FILTER += discard class="Useless Assignment (C#)" +# WARNING_FILTER += discard class="Useless Assignment to Default (C#)" +# WARNING_FILTER += discard class="Useless Class Cast (C#)" +# WARNING_FILTER += discard class="Useless Synchronization (C#)" +# WARNING_FILTER += discard class="Useless volatile Modifier (C#)" +# WARNING_FILTER += discard class="Weak Cryptographic Value (C#)" +# WARNING_FILTER += discard class="Weak Hash Algorithm (C#)" +# WARNING_FILTER += discard class="Weak Hash Algorithm Field (C#)" +# WARNING_FILTER += discard class="clone Non-cloneable (C#)" +# WARNING_FILTER += discard class="clone not final (C#)" +# WARNING_FILTER += discard class="compareTo in Non-Comparable Class (C#)" +# WARNING_FILTER += discard class="compareTo without equals (C#)" +# WARNING_FILTER += discard class="compareTo/equals mismatch (C#)" +# WARNING_FILTER += discard class="equals Always Fails (C#)" +# WARNING_FILTER += discard class="equals Parameter Should Be Object (C#)" +# WARNING_FILTER += discard class="equals on Array (C#)" +# WARNING_FILTER += discard class="toString on Array (C#)" # # The following checks are disabled by default. To enable checks # for a particular class, use the corresponding "allow" rule. # (Checks for some classes may require additional settings in order # to work correctly. See the individual warning class documentation # in the manual for full information.) -# (C and C++ warning classes) -# WARNING_FILTER += allow class="## Follows # Operator" -# WARNING_FILTER += allow class="/* in Comment" -# WARNING_FILTER += allow class="// in Comment" -# WARNING_FILTER += allow class="2$Buffer Overrun" -# WARNING_FILTER += allow class="Addition Overflow of Allocation Size" -# WARNING_FILTER += allow class="Addition Overflow of Size" -# WARNING_FILTER += allow class="Array Parameter Mismatch" -# WARNING_FILTER += allow class="Assembly Pragma" -# WARNING_FILTER += allow class="Assignment Result in Expression" -# WARNING_FILTER += allow class="Assignment in Conditional" -# WARNING_FILTER += allow class="Backwards goto" -# WARNING_FILTER += allow class="Basic Numerical Type Used" -# WARNING_FILTER += allow class="Bit-field Signedness Not Explicit" -# WARNING_FILTER += allow class="Bit-field Too Short" -# WARNING_FILTER += allow class="Body Is Not Compound Statement" -# WARNING_FILTER += allow class="Boolean switch Expression" -# WARNING_FILTER += allow class="C++ Comment in C" -# WARNING_FILTER += allow class="C-style Cast" -# WARNING_FILTER += allow class="Cast Removes const Qualifier" -# WARNING_FILTER += allow class="Cast Removes volatile Qualifier" -# WARNING_FILTER += allow class="Cast: Arithmetic Type/Void Pointer" -# WARNING_FILTER += allow class="Cast: Non-integer Arithmetic Type/Object Pointer" -# WARNING_FILTER += allow class="Cast: Object Pointers" -# WARNING_FILTER += allow class="Code Before #include" -# WARNING_FILTER += allow class="Coercion: Integer Constant to Pointer" -# WARNING_FILTER += allow class="Comment Suggests Code Unfinished" -# WARNING_FILTER += allow class="Commented-out Code" -# WARNING_FILTER += allow class="Condition Contains Side Effects" -# WARNING_FILTER += allow class="Condition Is Not Boolean" -# WARNING_FILTER += allow class="Conditional Compilation" -# WARNING_FILTER += allow class="Conflicting Lock Order" -# WARNING_FILTER += allow class="Confusing Literal Suffix" -# WARNING_FILTER += allow class="Confusing Operator Overload" -# WARNING_FILTER += allow class="Continue Statement" -# WARNING_FILTER += allow class="Conversion from Function Pointer" -# WARNING_FILTER += allow class="Conversion to Function Pointer" -# WARNING_FILTER += allow class="Conversion: Pointer to Incomplete" -# WARNING_FILTER += allow class="Conversion: Pointer/Integer" -# WARNING_FILTER += allow class="Conversion: Void Pointer to Object Pointer" -# WARNING_FILTER += allow class="Dangerous Include File Name" -# WARNING_FILTER += allow class="Data Race" -# WARNING_FILTER += allow class="Declaration of Flexible Array Member" -# WARNING_FILTER += allow class="Declaration of Reserved Name" -# WARNING_FILTER += allow class="Declaration of Variable Length Array" -# WARNING_FILTER += allow class="Dynamic Allocation After Initialization" -# WARNING_FILTER += allow class="Ellipsis" -# WARNING_FILTER += allow class="Essential Type Diagnostic" -# WARNING_FILTER += allow class="Excessive Stack Depth" -# WARNING_FILTER += allow class="Expression Value Widened by Assignment" -# WARNING_FILTER += allow class="Expression Value Widened by Other Operand" -# WARNING_FILTER += allow class="Extern Array Without Size" -# WARNING_FILTER += allow class="FILE* Dereference" -# WARNING_FILTER += allow class="Float Pointer Conversion" -# WARNING_FILTER += allow class="Float-typed Loop Counter" -# WARNING_FILTER += allow class="Floating Point Equality" -# WARNING_FILTER += allow class="Function Defined in Header File" -# WARNING_FILTER += allow class="Function Pointer Conversion" -# WARNING_FILTER += allow class="Function Pointer" -# WARNING_FILTER += allow class="Function Too Long" -# WARNING_FILTER += allow class="Function-Like Macro" -# WARNING_FILTER += allow class="GNU Extension" -# WARNING_FILTER += allow class="GNU Typeof" -# WARNING_FILTER += allow class="Global Variable Declared with Different Types" -# WARNING_FILTER += allow class="Goto Statement" -# WARNING_FILTER += allow class="Hardcoded DNS Name" -# WARNING_FILTER += allow class="High Risk Loop" -# WARNING_FILTER += allow class="Implicit Address of Function" -# WARNING_FILTER += allow class="Implicit Function Declaration" -# WARNING_FILTER += allow class="Inappropriate Assignment Type" -# WARNING_FILTER += allow class="Inappropriate Bit-field Type" -# WARNING_FILTER += allow class="Inappropriate Cast Type" -# WARNING_FILTER += allow class="Inappropriate Cast Type: Expression" -# WARNING_FILTER += allow class="Inappropriate Character Arithmetic" -# WARNING_FILTER += allow class="Inappropriate Operand Type" -# WARNING_FILTER += allow class="Incomplete Function Prototype" -# WARNING_FILTER += allow class="Inconsistent Enumerator Initialization" -# WARNING_FILTER += allow class="Inconsistent Function Declarations" -# WARNING_FILTER += allow class="Inconsistent Object Declarations" -# WARNING_FILTER += allow class="Inline Assembly Code" -# WARNING_FILTER += allow class="Inline Function Not static" -# WARNING_FILTER += allow class="Invalid Preprocessor Directive" -# WARNING_FILTER += allow class="Label Not In Enclosing Block" -# WARNING_FILTER += allow class="Leftover Debug Code" -# WARNING_FILTER += allow class="Library Function Override" -# WARNING_FILTER += allow class="Line Splicing in Comment" -# WARNING_FILTER += allow class="Lock/Unlock Mismatch" -# WARNING_FILTER += allow class="Locked Twice" -# WARNING_FILTER += allow class="Macro Defined in Function Body" -# WARNING_FILTER += allow class="Macro Definition of Reserved Name" -# WARNING_FILTER += allow class="Macro Does Not End With } or )" -# WARNING_FILTER += allow class="Macro Does Not Start With { or (" -# WARNING_FILTER += allow class="Macro Name is C Keyword" -# WARNING_FILTER += allow class="Macro Parameter Not Parenthesized" -# WARNING_FILTER += allow class="Macro Undefined in Function Body" -# WARNING_FILTER += allow class="Macro Undefinition of Reserved Name" -# WARNING_FILTER += allow class="Macro Uses # Operator" -# WARNING_FILTER += allow class="Macro Uses ## Operator" -# WARNING_FILTER += allow class="Macro Uses -> Operator" -# WARNING_FILTER += allow class="Macro Uses Unary * Operator" -# WARNING_FILTER += allow class="Macro Uses [] Operator" -# WARNING_FILTER += allow class="Malformed #include" -# WARNING_FILTER += allow class="Malformed for-loop Condition" -# WARNING_FILTER += allow class="Malformed for-loop Initialization" -# WARNING_FILTER += allow class="Malformed for-loop Step" -# WARNING_FILTER += allow class="Malformed switch Statement" -# WARNING_FILTER += allow class="Member Function Could Be const" -# WARNING_FILTER += allow class="Member Function Could Be static" -# WARNING_FILTER += allow class="Memory Protection Removal" -# WARNING_FILTER += allow class="Microsoft Extension" -# WARNING_FILTER += allow class="Mismatched Operand Types" -# WARNING_FILTER += allow class="Misplaced Return Statement" -# WARNING_FILTER += allow class="Misplaced case" -# WARNING_FILTER += allow class="Misplaced default" -# WARNING_FILTER += allow class="Missing Braces in Initialization" -# WARNING_FILTER += allow class="Missing External Declaration" -# WARNING_FILTER += allow class="Missing External Definition" -# WARNING_FILTER += allow class="Missing Final else" -# WARNING_FILTER += allow class="Missing Literal Suffix" -# WARNING_FILTER += allow class="Missing Lock Acquisition" -# WARNING_FILTER += allow class="Missing Lock Release" -# WARNING_FILTER += allow class="Missing Parentheses" -# WARNING_FILTER += allow class="Missing break" -# WARNING_FILTER += allow class="Missing default" -# WARNING_FILTER += allow class="Missing for-loop Step" -# WARNING_FILTER += allow class="Missing for-loop Termination" -# WARNING_FILTER += allow class="Mixed Assembly and Code" -# WARNING_FILTER += allow class="Modified Parameter" -# WARNING_FILTER += allow class="Multiple Abnormal Loop Exits" -# WARNING_FILTER += allow class="Multiple Declarations On Line" -# WARNING_FILTER += allow class="Multiple Declarations of a Global" -# WARNING_FILTER += allow class="Multiple External Declarations" -# WARNING_FILTER += allow class="Multiple External Definitions" -# WARNING_FILTER += allow class="Multiple Return Statements" -# WARNING_FILTER += allow class="Multiple Statements On Line" -# WARNING_FILTER += allow class="Multiplication Overflow of Allocation Size" -# WARNING_FILTER += allow class="Multiplication Overflow of Size" -# WARNING_FILTER += allow class="Nested Function Declaration" -# WARNING_FILTER += allow class="Nested Locks" -# WARNING_FILTER += allow class="No Matching #endif" -# WARNING_FILTER += allow class="No Matching #if" -# WARNING_FILTER += allow class="Non-Boolean Preprocessor Expression" -# WARNING_FILTER += allow class="Non-const String Literal" -# WARNING_FILTER += allow class="Non-distinct Identifiers: External Names" -# WARNING_FILTER += allow class="Non-distinct Identifiers: Macro/Macro" -# WARNING_FILTER += allow class="Non-distinct Identifiers: Macro/Other" -# WARNING_FILTER += allow class="Non-distinct Identifiers: Nested Scope" -# WARNING_FILTER += allow class="Non-distinct Identifiers: Same Scope" -# WARNING_FILTER += allow class="Non-unique Identifiers: External Name" -# WARNING_FILTER += allow class="Non-unique Identifiers: Internal Name" -# WARNING_FILTER += allow class="Non-unique Identifiers: Tag" -# WARNING_FILTER += allow class="Non-unique Identifiers: Typedef" -# WARNING_FILTER += allow class="Not All Warnings Are Enabled" -# WARNING_FILTER += allow class="Not Enough Assertions" -# WARNING_FILTER += allow class="Object Defined in Header File" -# WARNING_FILTER += allow class="Octal Constant" -# WARNING_FILTER += allow class="Over-initialized Element" -# WARNING_FILTER += allow class="Partially Uninitialized Aggregate" -# WARNING_FILTER += allow class="Partially Uninitialized Array" -# WARNING_FILTER += allow class="Pointed-to Type Could Be const" -# WARNING_FILTER += allow class="Pointer Arithmetic" -# WARNING_FILTER += allow class="Pointer Before Beginning of Object" -# WARNING_FILTER += allow class="Pointer Past End of Object" -# WARNING_FILTER += allow class="Pointer Type Inside Typedef" -# WARNING_FILTER += allow class="Possible Anti-Debugging" -# WARNING_FILTER += allow class="Potential Timebomb" -# WARNING_FILTER += allow class="Potential Unbounded Loop" -# WARNING_FILTER += allow class="Preprocessing Directives in Macro Argument" -# WARNING_FILTER += allow class="Recursion" -# WARNING_FILTER += allow class="Recursive Macro" -# WARNING_FILTER += allow class="Restrict Qualifier Used" -# WARNING_FILTER += allow class="Risky Integer Promotion" -# WARNING_FILTER += allow class="Scope Could Be File Static" -# WARNING_FILTER += allow class="Scope Could Be Local Static" -# WARNING_FILTER += allow class="Side Effects in Expression with Decrement" -# WARNING_FILTER += allow class="Side Effects in Expression with Increment" -# WARNING_FILTER += allow class="Side Effects in Initializer List" -# WARNING_FILTER += allow class="Side Effects in Logical Operand" -# WARNING_FILTER += allow class="Side Effects in sizeof" -# WARNING_FILTER += allow class="Signal Handler Entry Point" -# WARNING_FILTER += allow class="Socket In Wrong State" -# WARNING_FILTER += allow class="Static Array Parameter" -# WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" -# WARNING_FILTER += allow class="Subtraction Underflow of Size" -# WARNING_FILTER += allow class="Tainted Allocation Size" -# WARNING_FILTER += allow class="Tainted Configuration Setting" -# WARNING_FILTER += allow class="Tainted Filename" -# WARNING_FILTER += allow class="Tainted Network Address" -# WARNING_FILTER += allow class="Tainted Write" -# WARNING_FILTER += allow class="Task Delay Function" -# WARNING_FILTER += allow class="Thread Entry Point" -# WARNING_FILTER += allow class="Too Few Cases in switch" -# WARNING_FILTER += allow class="Too Many Dereferences" -# WARNING_FILTER += allow class="Too Many Parameters" -# WARNING_FILTER += allow class="Too Much Indirection in Declaration" -# WARNING_FILTER += allow class="Trigraph" -# WARNING_FILTER += allow class="Truncation of Allocation Size" -# WARNING_FILTER += allow class="Truncation of Size" -# WARNING_FILTER += allow class="Typographically Ambiguous Identifiers" -# WARNING_FILTER += allow class="Unbalanced Parenthesis" -# WARNING_FILTER += allow class="Unchecked Parameter Dereference" -# WARNING_FILTER += allow class="Undefined Macro in #if" -# WARNING_FILTER += allow class="Unexercised Call" -# WARNING_FILTER += allow class="Unexercised Computation" -# WARNING_FILTER += allow class="Unexercised Conditional" -# WARNING_FILTER += allow class="Unexercised Control Flow" -# WARNING_FILTER += allow class="Unexercised Data Flow" -# WARNING_FILTER += allow class="Union Type" -# WARNING_FILTER += allow class="Unknown Lock" -# WARNING_FILTER += allow class="Unreachable Control Flow" -# WARNING_FILTER += allow class="Unspecified Array Size with Designator Initialization" -# WARNING_FILTER += allow class="Unterminated Escape Sequence" -# WARNING_FILTER += allow class="Untrusted Library Load" -# WARNING_FILTER += allow class="Untrusted Network Host" -# WARNING_FILTER += allow class="Untrusted Network Port" -# WARNING_FILTER += allow class="Untrusted Process Creation" -# WARNING_FILTER += allow class="Unused Label" -# WARNING_FILTER += allow class="Unused Macro" -# WARNING_FILTER += allow class="Unused Parameter" -# WARNING_FILTER += allow class="Unused Tag" -# WARNING_FILTER += allow class="Unused Type" -# WARNING_FILTER += allow class="Unused Variable" -# WARNING_FILTER += allow class="Use of #undef" -# WARNING_FILTER += allow class="Use of Exception Handling Function" -# WARNING_FILTER += allow class="Use of " -# WARNING_FILTER += allow class="Use of " -# WARNING_FILTER += allow class="Use of Feature" -# WARNING_FILTER += allow class="Use of Input/Output Macro" -# WARNING_FILTER += allow class="Use of Input/Output" -# WARNING_FILTER += allow class="Use of Allocator/Deallocator Macro" -# WARNING_FILTER += allow class="Use of Allocator/Deallocator" -# WARNING_FILTER += allow class="Use of " -# WARNING_FILTER += allow class="Use of Time/Date Function" -# WARNING_FILTER += allow class="Use of Input/Output Macro" -# WARNING_FILTER += allow class="Use of Input/Output" -# WARNING_FILTER += allow class="Use of AddAccessAllowedAce" -# WARNING_FILTER += allow class="Use of AddAccessDeniedAce" -# WARNING_FILTER += allow class="Use of AfxLoadLibrary" -# WARNING_FILTER += allow class="Use of AfxParseURL" -# WARNING_FILTER += allow class="Use of CoLoadLibrary" -# WARNING_FILTER += allow class="Use of Comma Operator" -# WARNING_FILTER += allow class="Use of CreateFile" -# WARNING_FILTER += allow class="Use of CreateProcess" -# WARNING_FILTER += allow class="Use of CreateThread" -# WARNING_FILTER += allow class="Use of FormatMessage" -# WARNING_FILTER += allow class="Use of LoadLibrary" -# WARNING_FILTER += allow class="Use of LoadModule" -# WARNING_FILTER += allow class="Use of MoveFile" -# WARNING_FILTER += allow class="Use of OemToAnsi" -# WARNING_FILTER += allow class="Use of OemToChar" -# WARNING_FILTER += allow class="Use of SHCreateProcessAsUserW" -# WARNING_FILTER += allow class="Use of ShellExecute" -# WARNING_FILTER += allow class="Use of StrCatChainW" -# WARNING_FILTER += allow class="Use of WinExec" -# WARNING_FILTER += allow class="Use of XML_ExternalEntityParserCreate" -# WARNING_FILTER += allow class="Use of _exec" -# WARNING_FILTER += allow class="Use of _spawn" -# WARNING_FILTER += allow class="Use of abort" -# WARNING_FILTER += allow class="Use of atof" -# WARNING_FILTER += allow class="Use of atoi" -# WARNING_FILTER += allow class="Use of atol" -# WARNING_FILTER += allow class="Use of atoll" -# WARNING_FILTER += allow class="Use of bsearch" -# WARNING_FILTER += allow class="Use of catopen" -# WARNING_FILTER += allow class="Use of chroot" -# WARNING_FILTER += allow class="Use of cuserid" -# WARNING_FILTER += allow class="Use of execlp" -# WARNING_FILTER += allow class="Use of execvp" -# WARNING_FILTER += allow class="Use of exit" -# WARNING_FILTER += allow class="Use of getenv" -# WARNING_FILTER += allow class="Use of getlogin" -# WARNING_FILTER += allow class="Use of getopt" -# WARNING_FILTER += allow class="Use of getpass" -# WARNING_FILTER += allow class="Use of getwd" -# WARNING_FILTER += allow class="Use of longjmp" -# WARNING_FILTER += allow class="Use of memset" -# WARNING_FILTER += allow class="Use of mkstemp" -# WARNING_FILTER += allow class="Use of offsetof" -# WARNING_FILTER += allow class="Use of popen" -# WARNING_FILTER += allow class="Use of qsort" -# WARNING_FILTER += allow class="Use of rand" -# WARNING_FILTER += allow class="Use of rand48 Function" -# WARNING_FILTER += allow class="Use of random" -# WARNING_FILTER += allow class="Use of realpath" -# WARNING_FILTER += allow class="Use of recvmsg" -# WARNING_FILTER += allow class="Use of setjmp" -# WARNING_FILTER += allow class="Use of setuid" -# WARNING_FILTER += allow class="Use of signal" -# WARNING_FILTER += allow class="Use of strcat" -# WARNING_FILTER += allow class="Use of strchr" -# WARNING_FILTER += allow class="Use of strcmp" -# WARNING_FILTER += allow class="Use of strcoll" -# WARNING_FILTER += allow class="Use of strcpy" -# WARNING_FILTER += allow class="Use of strcspn" -# WARNING_FILTER += allow class="Use of strlen" -# WARNING_FILTER += allow class="Use of strpbrk" -# WARNING_FILTER += allow class="Use of strrchr" -# WARNING_FILTER += allow class="Use of strspn" -# WARNING_FILTER += allow class="Use of strstr" -# WARNING_FILTER += allow class="Use of strtok" -# WARNING_FILTER += allow class="Use of strtrns" -# WARNING_FILTER += allow class="Use of syslog" -# WARNING_FILTER += allow class="Use of system" -# WARNING_FILTER += allow class="Use of t_open" -# WARNING_FILTER += allow class="Use of ttyname" -# WARNING_FILTER += allow class="Use of vfork" -# WARNING_FILTER += allow class="Using Declaration in Header File" -# WARNING_FILTER += allow class="Using Directive in Header File" -# WARNING_FILTER += allow class="Using Directive" -# WARNING_FILTER += allow class="Variable Could Be const" -# WARNING_FILTER += allow class="Variadic Macro" -# WARNING_FILTER += allow class="Warnings Not Treated As Errors" -# WARNING_FILTER += allow class="Weak Cryptography" -# WARNING_FILTER += allow class="Write to Read Only File" -# WARNING_FILTER += allow class="chroot without chdir" -# -# (Java warning classes) -# WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" -# WARNING_FILTER += allow class="Android Message Injection (Java)" -# WARNING_FILTER += allow class="Android URL Injection (Java)" -# WARNING_FILTER += allow class="Certificate Added to Root Store (Java)" -# WARNING_FILTER += allow class="Deprecated Transfer Protocol (Java)" -# WARNING_FILTER += allow class="Deserializable Class (Java)" -# WARNING_FILTER += allow class="Deserializing Non-Serializable Class (Java)" -# WARNING_FILTER += allow class="Disabled Input Validation (Java)" -# WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" -# WARNING_FILTER += allow class="Field Too Visible (Java)" -# WARNING_FILTER += allow class="Field may be null (deep) (Java)" -# WARNING_FILTER += allow class="Hardcoded IP Address (Java)" -# WARNING_FILTER += allow class="Inadequate Salt (Java)" -# WARNING_FILTER += allow class="Insecure Class Loader (Java)" -# WARNING_FILTER += allow class="Method Disables Security Setting (Java)" -# WARNING_FILTER += allow class="Method Should be final (Java)" -# WARNING_FILTER += allow class="Method Should be private (Java)" -# WARNING_FILTER += allow class="Missing synchronized Statement (Java)" -# WARNING_FILTER += allow class="Mutable Constant Field (Java)" -# WARNING_FILTER += allow class="Naming Style Violation (Java)" -# WARNING_FILTER += allow class="Null Pointer Dereference (deep) (Java)" -# WARNING_FILTER += allow class="Return Value may Contain null Element (Java)" -# WARNING_FILTER += allow class="Return Value may be null (Java)" -# WARNING_FILTER += allow class="Security Annotation Conflict (Java)" -# WARNING_FILTER += allow class="Sensitive Data Cached (Java)" -# WARNING_FILTER += allow class="Sensitive Data Written to External Storage (Java)" -# WARNING_FILTER += allow class="Sensitive Data Written to Local File (Java)" -# WARNING_FILTER += allow class="Serialization Not Disabled (Java)" -# WARNING_FILTER += allow class="Static Field Too Visible (Java)" -# WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (Java)" -# WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (Java)" -# WARNING_FILTER += allow class="Unguarded Field (Java)" -# WARNING_FILTER += allow class="Unguarded Method (Java)" -# WARNING_FILTER += allow class="Unguarded Parameter (Java)" -# WARNING_FILTER += allow class="Useless null Test (Java)" -# WARNING_FILTER += allow class="Useless null Test of Field (Java)" -# WARNING_FILTER += allow class="Useless null Test of Parameter (Java)" -# WARNING_FILTER += allow class="Useless null Test of Return Value (Java)" -# WARNING_FILTER += allow class="null Passed to Method (deep) (Java)" +# (C and C++ warning classes) +# WARNING_FILTER += allow class="## Follows # Operator" +# WARNING_FILTER += allow class="/* in Comment" +# WARNING_FILTER += allow class="// in Comment" +# WARNING_FILTER += allow class="2$Buffer Overrun" +# WARNING_FILTER += allow class="Addition Overflow of Allocation Size" +# WARNING_FILTER += allow class="Addition Overflow of Size" +# WARNING_FILTER += allow class="Anonymous Namespace in Header File" +# WARNING_FILTER += allow class="Array Parameter Mismatch" +# WARNING_FILTER += allow class="Array to Pointer Decay" +# WARNING_FILTER += allow class="Assembly Pragma" +# WARNING_FILTER += allow class="Assignment Result in Expression" +# WARNING_FILTER += allow class="Assignment in Conditional" +# WARNING_FILTER += allow class="Backwards goto" +# WARNING_FILTER += allow class="Basic Numerical Type Used" +# WARNING_FILTER += allow class="Bit-field Signedness Not Explicit" +# WARNING_FILTER += allow class="Bit-field Too Short" +# WARNING_FILTER += allow class="Body Is Not Compound Statement" +# WARNING_FILTER += allow class="Boolean switch Expression" +# WARNING_FILTER += allow class="C++ Comment in C" +# WARNING_FILTER += allow class="C-style Cast" +# WARNING_FILTER += allow class="Cast Removes const Qualifier" +# WARNING_FILTER += allow class="Cast Removes volatile Qualifier" +# WARNING_FILTER += allow class="Cast: Arithmetic Type/Void Pointer" +# WARNING_FILTER += allow class="Cast: Non-integer Arithmetic Type/Object Pointer" +# WARNING_FILTER += allow class="Cast: Object Pointers" +# WARNING_FILTER += allow class="Code Before #include" +# WARNING_FILTER += allow class="Coercion: Integer Constant to Pointer" +# WARNING_FILTER += allow class="Comment Suggests Code Unfinished" +# WARNING_FILTER += allow class="Commented-out Code" +# WARNING_FILTER += allow class="Condition Contains Side Effects" +# WARNING_FILTER += allow class="Condition Is Not Boolean" +# WARNING_FILTER += allow class="Conditional Compilation" +# WARNING_FILTER += allow class="Conflicting Lock Order" +# WARNING_FILTER += allow class="Confusing Literal Suffix" +# WARNING_FILTER += allow class="Confusing Operator Overload" +# WARNING_FILTER += allow class="Continue Statement" +# WARNING_FILTER += allow class="Conversion from Function Pointer" +# WARNING_FILTER += allow class="Conversion to Function Pointer" +# WARNING_FILTER += allow class="Conversion: Pointer to Incomplete" +# WARNING_FILTER += allow class="Conversion: Pointer/Integer" +# WARNING_FILTER += allow class="Conversion: Void Pointer to Object Pointer" +# WARNING_FILTER += allow class="Dangerous Include File Name" +# WARNING_FILTER += allow class="Data Race" +# WARNING_FILTER += allow class="Declaration of Flexible Array Member" +# WARNING_FILTER += allow class="Declaration of Reserved Name" +# WARNING_FILTER += allow class="Declaration of Variable Length Array" +# WARNING_FILTER += allow class="Dynamic Allocation After Initialization" +# WARNING_FILTER += allow class="Ellipsis" +# WARNING_FILTER += allow class="Essential Type Diagnostic" +# WARNING_FILTER += allow class="Excessive Stack Depth" +# WARNING_FILTER += allow class="Expression Value Widened by Assignment" +# WARNING_FILTER += allow class="Expression Value Widened by Other Operand" +# WARNING_FILTER += allow class="Extern Array Without Size" +# WARNING_FILTER += allow class="FILE* Dereference" +# WARNING_FILTER += allow class="Float Pointer Conversion" +# WARNING_FILTER += allow class="Float-typed Loop Counter" +# WARNING_FILTER += allow class="Floating Point Equality" +# WARNING_FILTER += allow class="Function Defined in Header File" +# WARNING_FILTER += allow class="Function Pointer Conversion" +# WARNING_FILTER += allow class="Function Pointer" +# WARNING_FILTER += allow class="Function Too Long" +# WARNING_FILTER += allow class="Function-Like Macro" +# WARNING_FILTER += allow class="GNU Extension" +# WARNING_FILTER += allow class="GNU Typeof" +# WARNING_FILTER += allow class="Global Variable Declared with Different Types" +# WARNING_FILTER += allow class="Goto Statement" +# WARNING_FILTER += allow class="Hardcoded DNS Name" +# WARNING_FILTER += allow class="High Risk Loop" +# WARNING_FILTER += allow class="Implicit Address of Function" +# WARNING_FILTER += allow class="Implicit Function Declaration" +# WARNING_FILTER += allow class="Inappropriate Assignment Type" +# WARNING_FILTER += allow class="Inappropriate Bit-field Type" +# WARNING_FILTER += allow class="Inappropriate Cast Type" +# WARNING_FILTER += allow class="Inappropriate Cast Type: Expression" +# WARNING_FILTER += allow class="Inappropriate Character Arithmetic" +# WARNING_FILTER += allow class="Inappropriate Declaration in Global Namespace" +# WARNING_FILTER += allow class="Inappropriate Operand Type" +# WARNING_FILTER += allow class="Incomplete Function Prototype" +# WARNING_FILTER += allow class="Inconsistent Enumerator Initialization" +# WARNING_FILTER += allow class="Inconsistent Function Declarations" +# WARNING_FILTER += allow class="Inconsistent Object Declarations" +# WARNING_FILTER += allow class="Inline Assembly Code" +# WARNING_FILTER += allow class="Inline Function Not static" +# WARNING_FILTER += allow class="Invalid Preprocessor Directive" +# WARNING_FILTER += allow class="Label Not In Enclosing Block" +# WARNING_FILTER += allow class="Leftover Debug Code" +# WARNING_FILTER += allow class="Library Function Override" +# WARNING_FILTER += allow class="Line Splicing in Comment" +# WARNING_FILTER += allow class="Lock/Unlock Mismatch" +# WARNING_FILTER += allow class="Locked Twice" +# WARNING_FILTER += allow class="Macro Defined in Function Body" +# WARNING_FILTER += allow class="Macro Definition of Reserved Name" +# WARNING_FILTER += allow class="Macro Does Not End With } or )" +# WARNING_FILTER += allow class="Macro Does Not Start With { or (" +# WARNING_FILTER += allow class="Macro Name is C Keyword" +# WARNING_FILTER += allow class="Macro Parameter Not Parenthesized" +# WARNING_FILTER += allow class="Macro Undefined in Function Body" +# WARNING_FILTER += allow class="Macro Undefinition of Reserved Name" +# WARNING_FILTER += allow class="Macro Uses # Operator" +# WARNING_FILTER += allow class="Macro Uses ## Operator" +# WARNING_FILTER += allow class="Macro Uses -> Operator" +# WARNING_FILTER += allow class="Macro Uses Unary * Operator" +# WARNING_FILTER += allow class="Macro Uses [] Operator" +# WARNING_FILTER += allow class="Malformed #include" +# WARNING_FILTER += allow class="Malformed for-loop Condition" +# WARNING_FILTER += allow class="Malformed for-loop Initialization" +# WARNING_FILTER += allow class="Malformed for-loop Step" +# WARNING_FILTER += allow class="Malformed switch Statement" +# WARNING_FILTER += allow class="Member Function Could Be const" +# WARNING_FILTER += allow class="Member Function Could Be static" +# WARNING_FILTER += allow class="Memory Protection Removal" +# WARNING_FILTER += allow class="Method Default Value Mismatch" +# WARNING_FILTER += allow class="Microsoft Extension" +# WARNING_FILTER += allow class="Mismatched Operand Types" +# WARNING_FILTER += allow class="Misplaced Return Statement" +# WARNING_FILTER += allow class="Misplaced Using Declaration" +# WARNING_FILTER += allow class="Misplaced case" +# WARNING_FILTER += allow class="Misplaced default" +# WARNING_FILTER += allow class="Missing Braces in Initialization" +# WARNING_FILTER += allow class="Missing External Declaration" +# WARNING_FILTER += allow class="Missing External Definition" +# WARNING_FILTER += allow class="Missing Final else" +# WARNING_FILTER += allow class="Missing Literal Suffix" +# WARNING_FILTER += allow class="Missing Lock Acquisition" +# WARNING_FILTER += allow class="Missing Lock Release" +# WARNING_FILTER += allow class="Missing Parentheses" +# WARNING_FILTER += allow class="Missing break" +# WARNING_FILTER += allow class="Missing default" +# WARNING_FILTER += allow class="Missing for-loop Step" +# WARNING_FILTER += allow class="Missing for-loop Termination" +# WARNING_FILTER += allow class="Mixed Assembly and Code" +# WARNING_FILTER += allow class="Modified Parameter" +# WARNING_FILTER += allow class="Multiple Abnormal Loop Exits" +# WARNING_FILTER += allow class="Multiple Declarations On Line" +# WARNING_FILTER += allow class="Multiple Declarations of a Global" +# WARNING_FILTER += allow class="Multiple External Declarations" +# WARNING_FILTER += allow class="Multiple External Definitions" +# WARNING_FILTER += allow class="Multiple Return Statements" +# WARNING_FILTER += allow class="Multiple Statements On Line" +# WARNING_FILTER += allow class="Multiplication Overflow of Allocation Size" +# WARNING_FILTER += allow class="Multiplication Overflow of Size" +# WARNING_FILTER += allow class="NULL Used as Integer" +# WARNING_FILTER += allow class="Naming Style Violation" +# WARNING_FILTER += allow class="Nested Function Declaration" +# WARNING_FILTER += allow class="Nested Locks" +# WARNING_FILTER += allow class="No Matching #endif" +# WARNING_FILTER += allow class="No Matching #if" +# WARNING_FILTER += allow class="Non-Boolean Preprocessor Expression" +# WARNING_FILTER += allow class="Non-const String Literal" +# WARNING_FILTER += allow class="Non-distinct Identifiers: External Names" +# WARNING_FILTER += allow class="Non-distinct Identifiers: Macro/Macro" +# WARNING_FILTER += allow class="Non-distinct Identifiers: Macro/Other" +# WARNING_FILTER += allow class="Non-distinct Identifiers: Nested Scope" +# WARNING_FILTER += allow class="Non-distinct Identifiers: Same Scope" +# WARNING_FILTER += allow class="Non-unique Identifiers: External Name" +# WARNING_FILTER += allow class="Non-unique Identifiers: Internal Name" +# WARNING_FILTER += allow class="Non-unique Identifiers: Tag" +# WARNING_FILTER += allow class="Non-unique Identifiers: Typedef" +# WARNING_FILTER += allow class="Not All Warnings Are Enabled" +# WARNING_FILTER += allow class="Not Enough Assertions" +# WARNING_FILTER += allow class="Object Defined in Header File" +# WARNING_FILTER += allow class="Octal Constant" +# WARNING_FILTER += allow class="Over-initialized Element" +# WARNING_FILTER += allow class="Partially Uninitialized Aggregate" +# WARNING_FILTER += allow class="Partially Uninitialized Array" +# WARNING_FILTER += allow class="Pointed-to Type Could Be const" +# WARNING_FILTER += allow class="Pointer Arithmetic" +# WARNING_FILTER += allow class="Pointer Before Beginning of Object" +# WARNING_FILTER += allow class="Pointer Past End of Object" +# WARNING_FILTER += allow class="Pointer Type Inside Typedef" +# WARNING_FILTER += allow class="Possible Anti-Debugging" +# WARNING_FILTER += allow class="Potential Timebomb" +# WARNING_FILTER += allow class="Potential Unbounded Loop" +# WARNING_FILTER += allow class="Preprocessing Directives in Macro Argument" +# WARNING_FILTER += allow class="Recursion" +# WARNING_FILTER += allow class="Recursive Macro" +# WARNING_FILTER += allow class="Restrict Qualifier Used" +# WARNING_FILTER += allow class="Risky Integer Promotion" +# WARNING_FILTER += allow class="Scope Could Be File Static" +# WARNING_FILTER += allow class="Scope Could Be Local Static" +# WARNING_FILTER += allow class="Side Effects in Expression with Decrement" +# WARNING_FILTER += allow class="Side Effects in Expression with Increment" +# WARNING_FILTER += allow class="Side Effects in Initializer List" +# WARNING_FILTER += allow class="Side Effects in Logical Operand" +# WARNING_FILTER += allow class="Side Effects in sizeof" +# WARNING_FILTER += allow class="Signal Handler Entry Point" +# WARNING_FILTER += allow class="Socket In Wrong State" +# WARNING_FILTER += allow class="Static Array Parameter" +# WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" +# WARNING_FILTER += allow class="Subtraction Underflow of Size" +# WARNING_FILTER += allow class="Tainted Allocation Size" +# WARNING_FILTER += allow class="Tainted Configuration Setting" +# WARNING_FILTER += allow class="Tainted Filename" +# WARNING_FILTER += allow class="Tainted Network Address" +# WARNING_FILTER += allow class="Tainted Write" +# WARNING_FILTER += allow class="Task Delay Function" +# WARNING_FILTER += allow class="Thread Entry Point" +# WARNING_FILTER += allow class="Too Few Cases in switch" +# WARNING_FILTER += allow class="Too Many Dereferences" +# WARNING_FILTER += allow class="Too Many Parameters" +# WARNING_FILTER += allow class="Too Much Indirection in Declaration" +# WARNING_FILTER += allow class="Trigraph" +# WARNING_FILTER += allow class="Truncation of Allocation Size" +# WARNING_FILTER += allow class="Truncation of Size" +# WARNING_FILTER += allow class="Typographically Ambiguous Identifiers" +# WARNING_FILTER += allow class="Unbalanced Parenthesis" +# WARNING_FILTER += allow class="Unchecked Parameter Dereference" +# WARNING_FILTER += allow class="Undefined Macro in #if" +# WARNING_FILTER += allow class="Unexercised Call" +# WARNING_FILTER += allow class="Unexercised Computation" +# WARNING_FILTER += allow class="Unexercised Conditional" +# WARNING_FILTER += allow class="Unexercised Control Flow" +# WARNING_FILTER += allow class="Unexercised Data Flow" +# WARNING_FILTER += allow class="Union Type" +# WARNING_FILTER += allow class="Unknown Lock" +# WARNING_FILTER += allow class="Unreachable Control Flow" +# WARNING_FILTER += allow class="Unspecified Array Size with Designator Initialization" +# WARNING_FILTER += allow class="Unterminated Escape Sequence" +# WARNING_FILTER += allow class="Untrusted Library Load" +# WARNING_FILTER += allow class="Untrusted Network Host" +# WARNING_FILTER += allow class="Untrusted Network Port" +# WARNING_FILTER += allow class="Untrusted Process Creation" +# WARNING_FILTER += allow class="Unused Label" +# WARNING_FILTER += allow class="Unused Macro" +# WARNING_FILTER += allow class="Unused Parameter" +# WARNING_FILTER += allow class="Unused Tag" +# WARNING_FILTER += allow class="Unused Type" +# WARNING_FILTER += allow class="Unused Variable" +# WARNING_FILTER += allow class="Use of #undef" +# WARNING_FILTER += allow class="Use of Exception Handling Function" +# WARNING_FILTER += allow class="Use of " +# WARNING_FILTER += allow class="Use of " +# WARNING_FILTER += allow class="Use of Feature" +# WARNING_FILTER += allow class="Use of Input/Output Macro" +# WARNING_FILTER += allow class="Use of Input/Output" +# WARNING_FILTER += allow class="Use of Allocator/Deallocator Macro" +# WARNING_FILTER += allow class="Use of Allocator/Deallocator" +# WARNING_FILTER += allow class="Use of " +# WARNING_FILTER += allow class="Use of Time/Date Function" +# WARNING_FILTER += allow class="Use of Input/Output Macro" +# WARNING_FILTER += allow class="Use of Input/Output" +# WARNING_FILTER += allow class="Use of AddAccessAllowedAce" +# WARNING_FILTER += allow class="Use of AddAccessDeniedAce" +# WARNING_FILTER += allow class="Use of AfxLoadLibrary" +# WARNING_FILTER += allow class="Use of AfxParseURL" +# WARNING_FILTER += allow class="Use of CoLoadLibrary" +# WARNING_FILTER += allow class="Use of Comma Operator" +# WARNING_FILTER += allow class="Use of CreateFile" +# WARNING_FILTER += allow class="Use of CreateProcess" +# WARNING_FILTER += allow class="Use of CreateThread" +# WARNING_FILTER += allow class="Use of FormatMessage" +# WARNING_FILTER += allow class="Use of LoadLibrary" +# WARNING_FILTER += allow class="Use of LoadModule" +# WARNING_FILTER += allow class="Use of MoveFile" +# WARNING_FILTER += allow class="Use of OemToAnsi" +# WARNING_FILTER += allow class="Use of OemToChar" +# WARNING_FILTER += allow class="Use of SHCreateProcessAsUserW" +# WARNING_FILTER += allow class="Use of ShellExecute" +# WARNING_FILTER += allow class="Use of StrCatChainW" +# WARNING_FILTER += allow class="Use of WinExec" +# WARNING_FILTER += allow class="Use of XML_ExternalEntityParserCreate" +# WARNING_FILTER += allow class="Use of _exec" +# WARNING_FILTER += allow class="Use of _spawn" +# WARNING_FILTER += allow class="Use of abort" +# WARNING_FILTER += allow class="Use of atof" +# WARNING_FILTER += allow class="Use of atoi" +# WARNING_FILTER += allow class="Use of atol" +# WARNING_FILTER += allow class="Use of atoll" +# WARNING_FILTER += allow class="Use of bsearch" +# WARNING_FILTER += allow class="Use of catopen" +# WARNING_FILTER += allow class="Use of chroot" +# WARNING_FILTER += allow class="Use of cuserid" +# WARNING_FILTER += allow class="Use of execlp" +# WARNING_FILTER += allow class="Use of execvp" +# WARNING_FILTER += allow class="Use of exit" +# WARNING_FILTER += allow class="Use of getenv" +# WARNING_FILTER += allow class="Use of getlogin" +# WARNING_FILTER += allow class="Use of getopt" +# WARNING_FILTER += allow class="Use of getpass" +# WARNING_FILTER += allow class="Use of getwd" +# WARNING_FILTER += allow class="Use of longjmp" +# WARNING_FILTER += allow class="Use of memset" +# WARNING_FILTER += allow class="Use of mkstemp" +# WARNING_FILTER += allow class="Use of offsetof" +# WARNING_FILTER += allow class="Use of popen" +# WARNING_FILTER += allow class="Use of qsort" +# WARNING_FILTER += allow class="Use of rand" +# WARNING_FILTER += allow class="Use of rand48 Function" +# WARNING_FILTER += allow class="Use of random" +# WARNING_FILTER += allow class="Use of realpath" +# WARNING_FILTER += allow class="Use of recvmsg" +# WARNING_FILTER += allow class="Use of setjmp" +# WARNING_FILTER += allow class="Use of setuid" +# WARNING_FILTER += allow class="Use of signal" +# WARNING_FILTER += allow class="Use of strcat" +# WARNING_FILTER += allow class="Use of strchr" +# WARNING_FILTER += allow class="Use of strcmp" +# WARNING_FILTER += allow class="Use of strcoll" +# WARNING_FILTER += allow class="Use of strcpy" +# WARNING_FILTER += allow class="Use of strcspn" +# WARNING_FILTER += allow class="Use of strlen" +# WARNING_FILTER += allow class="Use of strpbrk" +# WARNING_FILTER += allow class="Use of strrchr" +# WARNING_FILTER += allow class="Use of strspn" +# WARNING_FILTER += allow class="Use of strstr" +# WARNING_FILTER += allow class="Use of strtok" +# WARNING_FILTER += allow class="Use of strtrns" +# WARNING_FILTER += allow class="Use of syslog" +# WARNING_FILTER += allow class="Use of system" +# WARNING_FILTER += allow class="Use of t_open" +# WARNING_FILTER += allow class="Use of ttyname" +# WARNING_FILTER += allow class="Use of vfork" +# WARNING_FILTER += allow class="Using Declaration in Header File" +# WARNING_FILTER += allow class="Using Directive in Header File" +# WARNING_FILTER += allow class="Using Directive" +# WARNING_FILTER += allow class="Variable Could Be const" +# WARNING_FILTER += allow class="Variadic Macro" +# WARNING_FILTER += allow class="Warnings Not Treated As Errors" +# WARNING_FILTER += allow class="Weak Cryptography" +# WARNING_FILTER += allow class="Write to Read Only File" +# WARNING_FILTER += allow class="chroot without chdir" +# +# (Java warning classes) +# WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" +# WARNING_FILTER += allow class="Android Message Injection (Java)" +# WARNING_FILTER += allow class="Android URL Injection (Java)" +# WARNING_FILTER += allow class="Certificate Added to Root Store (Java)" +# WARNING_FILTER += allow class="Deprecated Transfer Protocol (Java)" +# WARNING_FILTER += allow class="Deserializable Class (Java)" +# WARNING_FILTER += allow class="Deserializing Non-Serializable Class (Java)" +# WARNING_FILTER += allow class="Disabled Input Validation (Java)" +# WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" +# WARNING_FILTER += allow class="Field Too Visible (Java)" +# WARNING_FILTER += allow class="Field may be null (deep) (Java)" +# WARNING_FILTER += allow class="Hardcoded IP Address (Java)" +# WARNING_FILTER += allow class="Inadequate Salt (Java)" +# WARNING_FILTER += allow class="Insecure Class Loader (Java)" +# WARNING_FILTER += allow class="Method Disables Security Setting (Java)" +# WARNING_FILTER += allow class="Method Should be final (Java)" +# WARNING_FILTER += allow class="Method Should be private (Java)" +# WARNING_FILTER += allow class="Missing synchronized Statement (Java)" +# WARNING_FILTER += allow class="Mutable Constant Field (Java)" +# WARNING_FILTER += allow class="Naming Style Violation (Java)" +# WARNING_FILTER += allow class="Null Pointer Dereference (deep) (Java)" +# WARNING_FILTER += allow class="Return Value may Contain null Element (Java)" +# WARNING_FILTER += allow class="Return Value may be null (Java)" +# WARNING_FILTER += allow class="Security Annotation Conflict (Java)" +# WARNING_FILTER += allow class="Sensitive Data Cached (Java)" +# WARNING_FILTER += allow class="Sensitive Data Written to External Storage (Java)" +# WARNING_FILTER += allow class="Sensitive Data Written to Local File (Java)" +# WARNING_FILTER += allow class="Serialization Not Disabled (Java)" +# WARNING_FILTER += allow class="Static Field Too Visible (Java)" +# WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (Java)" +# WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (Java)" +# WARNING_FILTER += allow class="Unguarded Field (Java)" +# WARNING_FILTER += allow class="Unguarded Method (Java)" +# WARNING_FILTER += allow class="Unguarded Parameter (Java)" +# WARNING_FILTER += allow class="Unsafe Base64 Encoding (Java)" +# WARNING_FILTER += allow class="Useless null Test (Java)" +# WARNING_FILTER += allow class="Useless null Test of Field (Java)" +# WARNING_FILTER += allow class="Useless null Test of Parameter (Java)" +# WARNING_FILTER += allow class="Useless null Test of Return Value (Java)" +# WARNING_FILTER += allow class="clone Subclass of Non-clonable (Java)" +# WARNING_FILTER += allow class="null Passed to Method (deep) (Java)" +# +# (C# warning classes) +# WARNING_FILTER += allow class="Actual Parameter Element may be null (C#)" +# WARNING_FILTER += allow class="Certificate Added to Root Store (C#)" +# WARNING_FILTER += allow class="Deprecated Transfer Protocol (C#)" +# WARNING_FILTER += allow class="Deserializable Class (C#)" +# WARNING_FILTER += allow class="Deserializing Non-Serializable Class (C#)" +# WARNING_FILTER += allow class="Disabled Input Validation (C#)" +# WARNING_FILTER += allow class="Empty jar File Archived (C#)" +# WARNING_FILTER += allow class="Field Element may be null (deep) (C#)" +# WARNING_FILTER += allow class="Field Too Visible (C#)" +# WARNING_FILTER += allow class="Field may be null (deep) (C#)" +# WARNING_FILTER += allow class="Hardcoded IP Address (C#)" +# WARNING_FILTER += allow class="Inadequate Salt (C#)" +# WARNING_FILTER += allow class="Lambda Parameter may be null (C#)" +# WARNING_FILTER += allow class="Method Disables Security Setting (C#)" +# WARNING_FILTER += allow class="Method Should be final (C#)" +# WARNING_FILTER += allow class="Method Should be private (C#)" +# WARNING_FILTER += allow class="Missing Serial Version Field (C#)" +# WARNING_FILTER += allow class="Missing synchronized Statement (C#)" +# WARNING_FILTER += allow class="Mutable Constant Field (C#)" +# WARNING_FILTER += allow class="Naming Style Violation (C#)" +# WARNING_FILTER += allow class="Null Pointer Dereference (deep) (C#)" +# WARNING_FILTER += allow class="Return Value may Contain null Element (C#)" +# WARNING_FILTER += allow class="Return Value may be null (C#)" +# WARNING_FILTER += allow class="Return null Boolean (C#)" +# WARNING_FILTER += allow class="Return null Optional (C#)" +# WARNING_FILTER += allow class="Security Annotation Conflict (C#)" +# WARNING_FILTER += allow class="Serialization Not Disabled (C#)" +# WARNING_FILTER += allow class="Static Field Too Visible (C#)" +# WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (C#)" +# WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (C#)" +# WARNING_FILTER += allow class="Unexpected Serial Version Field (C#)" +# WARNING_FILTER += allow class="Unguarded Field (C#)" +# WARNING_FILTER += allow class="Unguarded Method (C#)" +# WARNING_FILTER += allow class="Unguarded Parameter (C#)" +# WARNING_FILTER += allow class="Unsafe Base64 Encoding (C#)" +# WARNING_FILTER += allow class="Useless null Test (C#)" +# WARNING_FILTER += allow class="Useless null Test of Field (C#)" +# WARNING_FILTER += allow class="Useless null Test of Parameter (C#)" +# WARNING_FILTER += allow class="Useless null Test of Return Value (C#)" +# WARNING_FILTER += allow class="clone Subclass of Non-clonable (C#)" +# WARNING_FILTER += allow class="null Passed to Method (deep) (C#)" # # To enable additional buffer overrun checking, which can best be # described as better at finding buffer overruns involving pointer # arithmetic: -# WARNING_FILTER += allow class="2$Buffer Overrun" +# WARNING_FILTER += allow class="2$Buffer Overrun" # # To discard integer overflow warnings that occur entirely within # system headers: -# WARNING_FILTER += discard class="Integer Overflow of Allocation Size" is_sysinclude +# WARNING_FILTER += discard class="Integer Overflow of Allocation Size" is_sysinclude #WARNING_FILTER += discard language="C++" is_sysinclude #WARNING_FILTER += discard class="Cast Alters Value" is_sysinclude @@ -4264,6 +4462,12 @@ # check for and warnings to issue when those functions occur. # - BAD_FUNCTION_REGEX is a regular expression. If a reference to a # function that matches this is found, then a warning is issued. +# Matches are with respect to the cs_pdg_procedure_name() +# [doc/html/API/CAPI/cs__pdg_8h.html#func_cs_pdg_procedure_name]. +# In C compilation units, this is the procedure name only (no +# type information or name qualification). In C++ compilation +# units, it will also include template instantiations, name +# qualification, and argument types. # - BAD_FUNCTION_MESSAGE will be used as the warning class name. It # defaults to "Bad Function". If the message contains any # characters that are special to HTML, they must be HTML-encoded. @@ -4315,49 +4519,86 @@ # the standard class will apply and any BAD_FUNCTION_CATEGORIES or # BAD_FUNCTION_BASE_RANK specified in the set will not be used. # -# Examples: -# BAD_FUNCTION_REGEX = ^gets$ -# BAD_FUNCTION_MESSAGE = Use of gets -# BAD_FUNCTION_CATEGORIES = BADFUNC.BO.GETS;CWE:242 -# BAD_FUNCTION_BASE_RANK = 1.0 -# BAD_FUNCTION_SIGNIFICANCE = SECURITY -# specifies that uses of the function "gets" should be flagged as -# warnings. -# -# The following introduces a warning on use of the function -# "memset" because some compilers may insecurely remove the call -# during optimization. See CWE:14 +# Example 1: the following specifies that uses of the function +# "gets" should be flagged as warnings. +# BAD_FUNCTION_REGEX = ^gets$ +# BAD_FUNCTION_MESSAGE = Use of gets +# BAD_FUNCTION_CATEGORIES = BADFUNC.BO.GETS;CWE:242 +# BAD_FUNCTION_BASE_RANK = 1.0 +# BAD_FUNCTION_SIGNIFICANCE = SECURITY +# +# Example 2: the following introduces a warning on use of the +# function "memset". This warning is useful because some compilers +# may insecurely remove the call during optimization. See CWE:14 # [http://cwe.mitre.org/data/definitions/14.html] for details. -# BAD_FUNCTION_REGEX = ^memset$ -# BAD_FUNCTION_MESSAGE = Use of memset -# BAD_FUNCTION_CATEGORIES = BADFUNC.MEMSET;CWE:14 -# BAD_FUNCTION_BASE_RANK = 10.0 -# BAD_FUNCTION_SIGNIFICANCE = SECURITY -# -# For functions in C++ compilation units with C++ linkage, the -# regular expression will be matched against the fully qualified -# function signature (including namespace and template components). -# For example, suppose we have function myfunc() in such a -# compilation unit, where myfunc() returns int and has one int -# parameter. Then: -# BAD_FUNCTION_REGEX = ^int myfunc(int)$ -# will match a use of myfunc(). If myfunc() is overloaded, only -# uses with the corresponding type signature will match. We can -# remove the delimiters from the regular expression to widen the -# search: -# BAD_FUNCTION_REGEX = myfunc -# will match all uses of myfunc(), regardless of type signature, -# but will also match uses of myfunc_2(), not_myfunc(), and so on. -# It is important to note that -# BAD_FUNCTION_REGEX = ^myfunc$ -# will not match ANY use of myfunc() in this compilation unit. -# -# To inspect the function signature strings that CodeSonar will be -# matching BAD_FUNCTION_REGEX expressions against, use the -# CodeSonar Plug-In API +# BAD_FUNCTION_REGEX = ^memset$ +# BAD_FUNCTION_MESSAGE = Use of memset +# BAD_FUNCTION_CATEGORIES = BADFUNC.MEMSET;CWE:14 +# BAD_FUNCTION_BASE_RANK = 10.0 +# BAD_FUNCTION_SIGNIFICANCE = SECURITY +# +# If you are writing BAD_FUNCTION_* rule sets for a C++ compilation +# unit and want to precisely match exactly one function, you will +# need the precise "verbose name" of the function. Rather than +# attempting to predict the verbose name, we strongly recommend +# that you recover it using the CodeSonar API. For example, you +# could use the CodeSonar Plug-In API # [doc/html/API/CodeSonarPlugins/PluginAPI.html] to write a plug-in -# that traverses the PDGs of the project, getting the function -# ABS_LOC for each and then printing its name. +# that traverses the procedures of the project, printing the +# verbose name of each. +# +# For example, suppose we have a C++ compilation unit that includes +# the following. +# +# namespace ns{ +# // ... +# class C { +# public: +# int myfunc(void); // function of interest +# //... +# }; +# //... +# } +# +# The CodeSonar API reports that the verbose name of the marked +# "function of interest" is ns::C::myfunc(). +# +# We can use the following rule to match uses of this function and +# only of this function. +# BAD_FUNCTION_REGEX = ^ns::C::myfunc\(\)$ +# +# If ns::C::myfunc() is overloaded, only uses with no arguments +# will match. +# +# We can remove the delimiters from the regular expression to widen +# the search: +# BAD_FUNCTION_REGEX = ns::C::myfunc\(\) +# This will match all uses of ns::C::myfunc(), but will also match +# uses of otherns::C::myfunc() and so on. +# +# We can remove the namespace and class qualifiers to widen the +# search further: +# BAD_FUNCTION_REGEX = myfunc\(\) +# This will also match functions such as ns:C:myfunc, ns:B:myfunc, +# otherns::D::othermyfunc(). +# +# If we remove the parenthesized parameter list the match is wider +# still: +# BAD_FUNCTION_REGEX = myfunc +# This will also match ns:B:a_myfunc_2, and even +# otherns::myfunc::fname(). +# +# It is important to note that none of the following will match ANY +# use of the function of interest in this compilation unit. +# BAD_FUNCTION_REGEX = ^myfunc$ +# BAD_FUNCTION_REGEX = ^myfunc()$ +# BAD_FUNCTION_REGEX = ^myfunc\(void\)$ +# The second of these non-matching rules is equivalent to the +# first, since its parentheses aren't escaped and so are +# interpreted as subexpression delimiters rather than literal +# characters. The third expresses a type signature that is +# semantically equivalent to that in the verbose name, but is not a +# string match. # # The $str$Class_Name form used in some of the BAD_FUNCTION_MESSAGE # factory settings is for internal GrammaTech use. Do not imitate @@ -4441,7 +4682,7 @@ #BAD_FUNCTION_REGEX = ^system$|^_wsystem$ #BAD_FUNCTION_MESSAGE = Use of system -#BAD_FUNCTION_CATEGORIES = BADFUNC.PATH.SYSTEM;CWE:676;CWE:1165;Misra2004:20.11;Misra2012:21.8;MisraC++2008:18-0-3;AUTOSARC++14:M18-0-3;CERT-C:ENV33-C;TS17961:syscall;DISA-4r3:V-70261;DISA-3r10:V-6157;DISA-3r10:V-16810 +#BAD_FUNCTION_CATEGORIES = BADFUNC.PATH.SYSTEM;CWE:676;CWE:1165;Misra2004:20.11;Misra2012:21.8;MisraC++2008:18-0-3;AUTOSARC++14:M18-0-3;CERT-C:ENV33-C;TS17961:5.8-syscall;DISA-4r3:V-70261;DISA-3r10:V-6157;DISA-3r10:V-16810 #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY @@ -4689,7 +4930,7 @@ #BAD_FUNCTION_REGEX = ^signal$ #BAD_FUNCTION_MESSAGE = Use of signal -#BAD_FUNCTION_CATEGORIES = BADFUNC.SIGNAL;CWE:676;CWE:1166;CWE:1169;MisraC++2008:18-7-1;AUTOSARC++14:M18-7-1;CERT-C:CON37-C;CERT-C:SIG34-C;CERT-C:SIG02-C;TS17961:accsig;TS17961:asyncsig;TS17961:sigcall;BSI:SIGNAL-01 +#BAD_FUNCTION_CATEGORIES = BADFUNC.SIGNAL;CWE:676;CWE:1166;CWE:1169;MisraC++2008:18-7-1;AUTOSARC++14:M18-7-1;CERT-C:CON37-C;CERT-C:SIG34-C;CERT-C:SIG02-C;TS17961:5.3-accsig;TS17961:5.5-asyncsig;TS17961:5.7-sigcall;BSI:SIGNAL-01 #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY @@ -4735,19 +4976,19 @@ #BAD_FUNCTION_REGEX = ^strcpy$|^StrCpy(A|W)?$|^strccpy$|^strcadd$ #BAD_FUNCTION_MESSAGE = Use of strcpy -#BAD_FUNCTION_CATEGORIES = BADFUNC.BO.STRCPY;CWE:251;CWE:676;CWE:1161;MisraC++2008:18-0-5;AUTOSARC++14:M18-0-5;CERT-C:STR07-C;TS17961:taintstrcpy;BSI:STRCPY +#BAD_FUNCTION_CATEGORIES = BADFUNC.BO.STRCPY;CWE:251;CWE:676;CWE:1161;MisraC++2008:18-0-5;AUTOSARC++14:M18-0-5;CERT-C:STR07-C;TS17961:5.36-taintstrcpy;BSI:STRCPY #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^(ua)?lstrcpy(A|W)?$|^olestrcpy$ #BAD_FUNCTION_MESSAGE = Use of strcpy -#BAD_FUNCTION_CATEGORIES = BADFUNC.BO.STRCPY;CWE:251;CWE:676;CWE:1161;MisraC++2008:18-0-5;AUTOSARC++14:M18-0-5;CERT-C:STR07-C;TS17961:taintstrcpy;BSI:STRCPY +#BAD_FUNCTION_CATEGORIES = BADFUNC.BO.STRCPY;CWE:251;CWE:676;CWE:1161;MisraC++2008:18-0-5;AUTOSARC++14:M18-0-5;CERT-C:STR07-C;TS17961:5.36-taintstrcpy;BSI:STRCPY #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^_f?tcscpy$|^_?mbscpy$|^wcscpy$ #BAD_FUNCTION_MESSAGE = Use of strcpy -#BAD_FUNCTION_CATEGORIES = BADFUNC.BO.STRCPY;CWE:251;CWE:676;CWE:1161;MisraC++2008:18-0-5;AUTOSARC++14:M18-0-5;CERT-C:STR07-C;TS17961:taintstrcpy;BSI:STRCPY +#BAD_FUNCTION_CATEGORIES = BADFUNC.BO.STRCPY;CWE:251;CWE:676;CWE:1161;MisraC++2008:18-0-5;AUTOSARC++14:M18-0-5;CERT-C:STR07-C;TS17961:5.36-taintstrcpy;BSI:STRCPY #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY @@ -4964,105 +5205,90 @@ #BAD_FUNCTION_REGEX = ^[dD][eE][sS]_ecb(2)?_encrypt$ #BAD_FUNCTION_MESSAGE = Weak Cryptography -#BAD_FUNCTION_INFO = it is a cryptographically weak algorithm (one of the MD5 or DES family of algorithms) #BAD_FUNCTION_CATEGORIES = BADFUNC.WEAKCRYPTO;CWE:327 #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^[dD][eE][sS]_(x|n|p)cbc_encrypt$ #BAD_FUNCTION_MESSAGE = Weak Cryptography -#BAD_FUNCTION_INFO = it is a cryptographically weak algorithm (one of the MD5 or DES family of algorithms) #BAD_FUNCTION_CATEGORIES = BADFUNC.WEAKCRYPTO;CWE:327 #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^[dD][eE][sS]_(c|o)fb(64)?_encrypt$ #BAD_FUNCTION_MESSAGE = Weak Cryptography -#BAD_FUNCTION_INFO = it is a cryptographically weak algorithm (one of the MD5 or DES family of algorithms) #BAD_FUNCTION_CATEGORIES = BADFUNC.WEAKCRYPTO;CWE:327 #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^[dD][eE][sS]_ede2_(cbc|cfb64|ofb64)_encrypt$ #BAD_FUNCTION_MESSAGE = Weak Cryptography -#BAD_FUNCTION_INFO = it is a cryptographically weak algorithm (one of the MD5 or DES family of algorithms) #BAD_FUNCTION_CATEGORIES = BADFUNC.WEAKCRYPTO;CWE:327 #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^[dD][eE][sS]_(f)?crypt$ #BAD_FUNCTION_MESSAGE = Weak Cryptography -#BAD_FUNCTION_INFO = it is a cryptographically weak algorithm (one of the MD5 or DES family of algorithms) #BAD_FUNCTION_CATEGORIES = BADFUNC.WEAKCRYPTO;CWE:327 #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^MD(2|4|5)(_Init|_Update|_Final)?$ #BAD_FUNCTION_MESSAGE = Weak Cryptography -#BAD_FUNCTION_INFO = it is a cryptographically weak algorithm (one of the MD5 or DES family of algorithms) #BAD_FUNCTION_CATEGORIES = BADFUNC.WEAKCRYPTO;CWE:327 #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^ptrace$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^IsDebuggerPresent$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^NtQueryInformationProcess$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^ProcessDebugObjectHandle$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^RtlQueryProcessHeapInformation$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^RtlQueryProcessDebugInformation$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^SetUnhandledExceptionFilter$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^NtCreateDebugObject$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY #BAD_FUNCTION_REGEX = ^NtQuerySystemInformation$ #BAD_FUNCTION_MESSAGE = Possible Anti-Debugging -#BAD_FUNCTION_INFO = it can be used to detect a debugger #BAD_FUNCTION_CATEGORIES = BADFUNC.ANTIDEBUG #BAD_FUNCTION_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY @@ -5070,21 +5296,18 @@ ## Floating Point bad functions #BAD_FUNCTION_REGEX = ^_?_?gamma[fl]?$ #BAD_FUNCTION_MESSAGE = Use of gamma -#BAD_FUNCTION_INFO = it is not portable. Use tgamma() or lgamma() instead #BAD_FUNCTION_CATEGORIES = BADFUNC.FLOAT.GAMMA #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = RELIABILITY #BAD_FUNCTION_REGEX = ^_?_?drem[fl]?$ #BAD_FUNCTION_MESSAGE = Use of drem -#BAD_FUNCTION_INFO = it is obsolete. Use remainder() instead #BAD_FUNCTION_CATEGORIES = BADFUNC.FLOAT.DREM #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = RELIABILITY #BAD_FUNCTION_REGEX = ^(malloc|calloc|realloc|free)$ #BAD_FUNCTION_MESSAGE = Use of Allocator/Deallocator -#BAD_FUNCTION_INFO = it is disallowed by some coding standards #BAD_FUNCTION_CATEGORIES = BADFUNC.STDLIB_H_MEM;AUTOSARC++14:18-5-1;Misra2012:21.3;Misra2004:20.4;JPL:5;CWE:710;POW10:3 #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = STYLE @@ -5092,7 +5315,6 @@ ## For OWASP 2017 rule A4 #BAD_FUNCTION_REGEX = ^XML_ExternalEntityParserCreate$ #BAD_FUNCTION_MESSAGE = Use of XML_ExternalEntityParserCreate -#BAD_FUNCTION_INFO = use is error prone. Can lead to inclusion of external entity references. #BAD_FUNCTION_CATEGORIES = BADFUNC.XML_EXTERNALENTITYPARSERCREATE;OWASP-2017:A4 #BAD_FUNCTION_BASE_RANK = 1.0 #BAD_FUNCTION_SIGNIFICANCE = SECURITY @@ -5116,12 +5338,12 @@ # # Notes # For example: -# PLUGINS += /tmp/pname.py -# PLUGINS += /tmp/pname.so -# PLUGINS += /tmp/pname.dll -# PLUGINS += /tmp/pname.bundle -# PLUGINS += $GTHOME/projectXplugins/pname.so -# PLUGINS += c:\Documents and Settings\Bob\Desktop\pname.dll +# PLUGINS += /tmp/pname.py +# PLUGINS += /tmp/pname.so +# PLUGINS += /tmp/pname.dll +# PLUGINS += /tmp/pname.bundle +# PLUGINS += $GTHOME/projectXplugins/pname.so +# PLUGINS += c:\Documents and Settings\Bob\Desktop\pname.dll # # For more information about CodeSonar plug-ins, see CodeSonar # Plug-In API [doc/html/API/CodeSonarPlugins/PluginAPI.html]. @@ -5167,14 +5389,14 @@ # [doc/html/API/CoreAPI.html#impls]. # # For example: -# JAVA_PLUGIN_JVM = C:\Program Files\Java\jre6\bin\server\jvm.dll -# JAVA_PLUGIN_JVM = /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/server/libjvm.so -# JAVA_PLUGIN_JVM = /Library/Java/JavaVirtualMachines/jdk1.7.0_51.jdk/Contents/Home/jre/lib/server/libjvm.dylib +# JAVA_PLUGIN_JVM = C:\Program Files\Java\jre6\bin\server\jvm.dll +# JAVA_PLUGIN_JVM = /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/server/libjvm.so +# JAVA_PLUGIN_JVM = /Library/Java/JavaVirtualMachines/jdk1.7.0_51.jdk/Contents/Home/jre/lib/server/libjvm.dylib # # In some situations on Mac OS, Java may falsely complain that it # isn't installed (JDK-7131356). One workaround is to use # libjli.dylib instead of libjvm.dylib: -# JAVA_PLUGIN_JVM = /Library/Java/JavaVirtualMachines/jdk1.7.0_51.jdk/Contents/Home/jre/lib/jli/libjli.dylib +# JAVA_PLUGIN_JVM = /Library/Java/JavaVirtualMachines/jdk1.7.0_51.jdk/Contents/Home/jre/lib/jli/libjli.dylib # Parameter JAVA_PLUGIN_CLASSPATH @@ -5201,7 +5423,7 @@ # [doc/html/API/CoreAPI.html#impls]. # # For example: -# JAVA_PLUGIN_CLASSPATH += c:\pluginclasspath +# JAVA_PLUGIN_CLASSPATH += c:\pluginclasspath # Parameter JAVA_PLUGIN_JVM_FLAGS @@ -5228,10 +5450,10 @@ # [doc/html/API/CoreAPI.html#impls]. # # For example: -# JAVA_PLUGIN_JVM_FLAGS += -Xmx2g -# JAVA_PLUGIN_JVM_FLAGS += -Djava.compiler=NONE -# JAVA_PLUGIN_JVM_FLAGS += -Djava.library.path=c:\mylibs -# JAVA_PLUGIN_JVM_FLAGS += -verbose:jni +# JAVA_PLUGIN_JVM_FLAGS += -Xmx2g +# JAVA_PLUGIN_JVM_FLAGS += -Djava.compiler=NONE +# JAVA_PLUGIN_JVM_FLAGS += -Djava.library.path=c:\mylibs +# JAVA_PLUGIN_JVM_FLAGS += -verbose:jni # Parameter JAVA_PLUGIN_CLASSES @@ -5260,34 +5482,34 @@ # [doc/html/API/CoreAPI.html#impls]. # # Below is a small sample plug-in. -# import com.grammatech.cs.*; -# import java.lang.*; -# -# class echo_point_visitor extends point_visitor{ -# public echo_point_visitor() throws result{} -# -# public void visit(point p) -# { -# System.out.println("Java visits " + p); -# } -# }; -# -# public class Test{ -# public static void main() { -# try{ -# analysis.add_point_visitor(new echo_point_visitor()); -# }catch(result r){ -# System.out.println(r); -# } -# } -# } +# import com.grammatech.cs.*; +# import java.lang.*; +# +# class echo_point_visitor extends point_visitor{ +# public echo_point_visitor() throws result{} +# +# public void visit(point p) +# { +# System.out.println("Java visits " + p); +# } +# }; +# +# public class Test{ +# public static void main() { +# try{ +# analysis.add_point_visitor(new echo_point_visitor()); +# }catch(result r){ +# System.out.println(r); +# } +# } +# } # # Then to include this plug-in, make sure the path to the class # file/package is specified with JAVA_PLUGIN_CLASSPATH, then use # JAVA_PLUGIN_CLASSES to specify the class name: -# JAVA_PLUGIN_CLASSES += Test +# JAVA_PLUGIN_CLASSES += Test # or, if it is in a package: -# JAVA_PLUGIN_CLASSES += com/example/csplugin/Test +# JAVA_PLUGIN_CLASSES += com/example/csplugin/Test # Parameter CSHARP_PLUGIN_DOTNET_VERSION @@ -5336,7 +5558,7 @@ # # Each assembly must contain a class named Main with a public # static method named main, with signature: -# public static int main(String dummy) +# public static int main(String dummy) # # CodeSonar will instantiate variable $GTHOME with the path to the # CodeSonar installation. @@ -5347,43 +5569,43 @@ # [doc/html/API/CoreAPI.html#impls]. # # Below is a small sample plug-in. -# using System; -# -# class echo_point_visitor: point_visitor{ -# public echo_point_visitor(){} -# -# public override void visit(point p) -# { -# /* Always wrap visitors in exception handlers. If an -# * exception isn't caught, behavior is undefined. -# */ -# try{ -# Console.WriteLine("csharp visits " + p); -# } -# catch( Exception e ) -# { -# Console.WriteLine(e); -# } -# } -# }; -# -# public class Main -# { -# public static int main(String dummy) -# { -# /* Always wrap everything in an exception handler. If an -# * exception isn't caught, behavior is undefined. -# */ -# try{ -# analysis.add_point_visitor(new echo_point_visitor()); -# } -# catch( Exception e ) -# { -# Console.WriteLine(e); -# } -# return 0; // ignored -# } -# } +# using System; +# +# class echo_point_visitor: point_visitor{ +# public echo_point_visitor(){} +# +# public override void visit(point p) +# { +# /* Always wrap visitors in exception handlers. If an +# * exception isn't caught, behavior is undefined. +# */ +# try{ +# Console.WriteLine("csharp visits " + p); +# } +# catch( Exception e ) +# { +# Console.WriteLine(e); +# } +# } +# }; +# +# public class Main +# { +# public static int main(String dummy) +# { +# /* Always wrap everything in an exception handler. If an +# * exception isn't caught, behavior is undefined. +# */ +# try{ +# analysis.add_point_visitor(new echo_point_visitor()); +# } +# catch( Exception e ) +# { +# Console.WriteLine(e); +# } +# return 0; // ignored +# } +# } # ## CSHARP_PLUGINS += h:\pluginassembly.dll @@ -5413,14 +5635,14 @@ # If set to "No", then the following would be suppressed (assuming # CodeSonar does not find a place where p is assigned NULL): # -# if( p == NULL ) -# *p = 42; +# if( p == NULL ) +# *p = 42; # # but this would not: # -# p = NULL; -# if( p == NULL ) -# *p = 42; +# p = NULL; +# if( p == NULL ) +# *p = 42; # # It may be difficult to find vulnerabilities in functions that are # never called when this is set to "No", since the values of the @@ -5460,16 +5682,16 @@ # CodeSonar does not find a place where i is assigned a negative # value): # -# int A[10]; -# if( i < 0 ) -# A[i] = 42; +# int A[10]; +# if( i < 0 ) +# A[i] = 42; # # but this would not: # -# int A[10]; -# i = -1; -# if( i < 0 ) -# A[i] = 42; +# int A[10]; +# i = -1; +# if( i < 0 ) +# A[i] = 42; # # It may be difficult to find vulnerabilities in functions that are # never called when this is set to "No", since the values of the @@ -5609,9 +5831,9 @@ # # int *p = &s->f; /* this is ok, even if s is null */ # *p = 42; /* this is where the program will -# * crash if s was null, because an -# * address such as '4' is being dereferenced -# * (assuming f is 4 bytes into s). */ +# * crash if s was null, because an +# * address such as '4' is being dereferenced +# * (assuming f is 4 bytes into s). */ # #NULL_POINTER_THRESHOLD = 4096 @@ -6248,11 +6470,11 @@ # # Example 1: Your analysis machine is 50% faster than CodeSonar's # "canonical machine". -# CPU_SPEED_ADJUSTMENT = 150 +# CPU_SPEED_ADJUSTMENT = 150 # # Example 2: Your analysis machine is only half as fast as # CodeSonar's "canonical machine". -# CPU_SPEED_ADJUSTMENT = 50 +# CPU_SPEED_ADJUSTMENT = 50 # # CPU_SPEED_ADJUSTMENT assumes that all of the machines used in a # distributed analysis run at the same speed. If this is not the @@ -6578,36 +6800,36 @@ # values of this setting. # # Requires LOOP_COUNTER_DISTRUST=1 or higher: -# void x1(){ -# int i = 0; int A[10]; -# for(;;){ i++; A[i] = 10; } -# } +# void x1(){ +# int i = 0; int A[10]; +# for(;;){ i++; A[i] = 10; } +# } # # Requires LOOP_COUNTER_DISTRUST=2 or higher: -# void x2(){ -# int i = 0; -# int A[10]; -# while(getchar() != 'c'){ i++; A[i] = 10; } -# } +# void x2(){ +# int i = 0; +# int A[10]; +# while(getchar() != 'c'){ i++; A[i] = 10; } +# } # # Requires LOOP_COUNTER_DISTRUST=3 or higher: -# void x3(){ -# int i = 0; -# int A[10]; -# for(i = 0; i < 20; i++ ){ if( inscrutible_condition() ) break; A[i] = 10; } -# } +# void x3(){ +# int i = 0; +# int A[10]; +# for(i = 0; i < 20; i++ ){ if( inscrutible_condition() ) break; A[i] = 10; } +# } # # Requires LOOP_COUNTER_DISTRUST=4 or higher: -# void x4(){ -# int i = 0; int A[10]; int j = inscrutible_number(); -# for(i = 0; i < j; i++ ){ if( inscrutible_condition() ) break; A[i] = 10; } -# } +# void x4(){ +# int i = 0; int A[10]; int j = inscrutible_number(); +# for(i = 0; i < j; i++ ){ if( inscrutible_condition() ) break; A[i] = 10; } +# } # # Requires LOOP_COUNTER_DISTRUST=5: -# void x5(){ -# int i = 0; int A[10]; -# for(i = 0; inscrutible_condition(); i++ ){ A[i] = 10; } -# } +# void x5(){ +# int i = 0; int A[10]; +# for(i = 0; inscrutible_condition(); i++ ){ A[i] = 10; } +# } #LOOP_COUNTER_DISTRUST = 2 @@ -6709,12 +6931,12 @@ # Notes # "Similar paths" are paths with the same start and end points. For # example, suppose you had the following code. -# int *p = 0; -# if( x ) -# x = 1; -# else -# x = 2; -# *p = 42; +# int *p = 0; +# if( x ) +# x = 1; +# else +# x = 2; +# *p = 42; # # To see Null Pointer Dereference paths through both branches of # the conditional statement, set MAX_SIMILAR_PATHS to 2 (or @@ -7574,17 +7796,17 @@ # functions to check for ignored return values. The following table # summarizes the options. # -# +---------------+-------------------+----------------------------------------------+--------------------------------------------+ -# | Function has | Warning if return | User-specified rules | Built-in (factory setting) rules | -# | side effects? | value ignored on | | | -# +---------------+-------------------+----------------------------------------------+--------------------------------------------+ -# | Yes | ANY path | RETURN_CHECKER_CHECKED_FUNCS | RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS | -# +---------------+-------------------+----------------------------------------------+--------------------------------------------+ -# | No | ALL paths | RETURN_CHECKER_CHECKED_PURE_FUNCS | RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS | -# | ("pure") +-------------------+----------------------------------------------+--------------------------------------------+ -# | | ANY path | RETURN_CHECKER_CHECKED_PURE_SOME_PATHS_FUNCS | - | -# +---------------+-------------------+----------------------------------------------+--------------------------------------------+ -# +# +---------------+-------------------+----------------------------------------------+--------------------------------------------+ +# | Function has | Warning if return | User-specified rules | Built-in (factory setting) rules | +# | side effects? | value ignored on | | | +# +---------------+-------------------+----------------------------------------------+--------------------------------------------+ +# | Yes | ANY path | RETURN_CHECKER_CHECKED_FUNCS | RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS | +# +---------------+-------------------+----------------------------------------------+--------------------------------------------+ +# | No | ALL paths | RETURN_CHECKER_CHECKED_PURE_FUNCS | RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS | +# | ("pure") +-------------------+----------------------------------------------+--------------------------------------------+ +# | | ANY path | RETURN_CHECKER_CHECKED_PURE_SOME_PATHS_FUNCS | - | +# +---------------+-------------------+----------------------------------------------+--------------------------------------------+ +# #RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^backtrace$ #RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^backtrace_symbols$ @@ -9620,7 +9842,7 @@ # # Type # A string of the form -# , , , +# , , , # where: # - is the position of the format string argument # (counting from 1). @@ -9841,7 +10063,7 @@ # # Type # A string of the form -# , +# , # where: # - is an argument position (counting from 1) # - is a Boost 'POSIX Extended Regular Expression' @@ -9982,7 +10204,7 @@ # FORCE_THREAD_ENTRY_NAMES or THREAD_ENTRY_METHOD_NAMES rules, # inspect the Analysis Log [doc/html/GUI/GUI_Log_Analysis.html] for # lines of the following form. -# Identified (initial) thread entry function: +# Identified (initial) thread entry function: # Parameter THREAD_ENTRY_METHOD_NAMES @@ -10045,7 +10267,7 @@ # THREAD_ENTRY_METHOD_NAMES rules, inspect the Analysis Log # [doc/html/GUI/GUI_Log_Analysis.html] for lines of the following # form. -# Identified (initial) thread entry function: +# Identified (initial) thread entry function: #THREAD_ENTRY_METHOD_NAMES += ^run$ @@ -10083,8 +10305,8 @@ # models [doc/html/C_Module/LibraryModels/ConcurrencyModels.html]. # # Example rules: -# SEMOPEN_FUNCTIONS += ^semOpen$ -# SEMOPEN_FUNCTIONS += ^sem_open$ +# SEMOPEN_FUNCTIONS += ^semOpen$ +# SEMOPEN_FUNCTIONS += ^sem_open$ # Parameter LOCK_FUNCTIONS @@ -10118,15 +10340,15 @@ # # For example, suppose a project uses wrapper mylock(): # -# void mylock(GMutex *m){ -# /* ... */ -# g_mutex_lock(m); -# return; -# } -# -# void nounlock(GMutex *m){ -# mylock(m); -# } +# void mylock(GMutex *m){ +# /* ... */ +# g_mutex_lock(m); +# return; +# } +# +# void nounlock(GMutex *m){ +# mylock(m); +# } # # If we set LOCK_FUNCTIONS += ^mylock$, the analysis will issue a # "Missing Lock Release" in the body of function nounlock(). @@ -10178,15 +10400,15 @@ # # For example, suppose a project uses wrapper myunlock(): # -# void myunlock(GMutex *m){ -# g_mutex_unlock(m); -# /* ... */ -# return; -# } -# -# void nolock(GMutex *m){ -# myunlock(m); -# } +# void myunlock(GMutex *m){ +# g_mutex_unlock(m); +# /* ... */ +# return; +# } +# +# void nolock(GMutex *m){ +# myunlock(m); +# } # # If we set UNLOCK_FUNCTIONS += ^myunlock$, the analysis will issue # a "Missing Lock Acquisition" warning in the body of function @@ -10206,7 +10428,7 @@ # models [doc/html/C_Module/LibraryModels/ConcurrencyModels.html]. # # Example rule: -# UNLOCK_FUNCTIONS += ^my_unlock_wrapper$ +# UNLOCK_FUNCTIONS += ^my_unlock_wrapper$ # Parameter LOCK_MAX_PENDING_WARNINGS_PER_PROCEDURE @@ -10524,7 +10746,7 @@ # # Notes # For example, -# PTR_INSIDE_TYPEDEF_EXCEPTION += _ptr$ +# PTR_INSIDE_TYPEDEF_EXCEPTION += _ptr$ # specifies that typedefs whose name end with _ptr are allowed to # have pointers in their definitions. # @@ -10561,7 +10783,7 @@ # # Specifically, the depth-first search will terminate after # visiting a number of procedures equal to: -# DFS_MAX_VISITED_COEFFICIENT * (# of procedures changed) + DFS_MAX_VISITED_CONSTANT +# DFS_MAX_VISITED_COEFFICIENT * (# of procedures changed) + DFS_MAX_VISITED_CONSTANT # # Notes # Note that the Recursion and Dynamic Allocation After @@ -10813,7 +11035,7 @@ # # Type # A string of the form -# , +# , # where: # - is the maximum allowable depth, in bytes. # - is a Boost 'POSIX Extended Regular Expression' @@ -10910,8 +11132,8 @@ # Behavior # If "Yes", CodeSonar will issue Unused Value warnings in cases # like: -# x = 3; -# x = 4; +# x = 3; +# x = 4; # # If "No", such cases will not trigger Unused Value warnings. # @@ -10934,8 +11156,8 @@ # Behavior # If "Yes", CodeSonar will issue Redundant Condition warnings in # cases like: -# if ( 0 ) -# ... +# if ( 0 ) +# ... # # If "No", such cases will not trigger Redundant Condition # warnings. @@ -10950,7 +11172,7 @@ # # Type # String of the form -# A -> B +# A -> B # where A and B are function names. # # Behavior @@ -10982,32 +11204,32 @@ # full name of the function as used by the linker. Microsoft libc # command line encoding rules [doc/html/FAQ.html#libc_commandline] # apply (even on non-Windows systems). For example: -# // This maps the foo method to the bar method. -# // FUNCTION_MAP += "ns::x::foo(unsigned int)" -> "ns::x::bar(unsigned int)" -# namespace ns{ +# // This maps the foo method to the bar method. +# // FUNCTION_MAP += "ns::x::foo(unsigned int)" -> "ns::x::bar(unsigned int)" +# namespace ns{ # typedef unsigned U; # template # struct x{ -# void foo(U i){} -# void bar(unsigned i){1/i;} -# void baz(void){foo(0);} +# void foo(U i){} +# void bar(unsigned i){1/i;} +# void baz(void){foo(0);} # }; # void f(x *p) # { p->baz(); } -# }; +# }; # # Behavior is undefined if csonar_replace_A is defined and -# FUNCTION_MAP += A -> B -# is specified, for any functions \tt A and \tt B. -# -# Example 1: specify that \tt fatal causes the program to abort. -# FUNCTION_MAP += fatal -> abort +# FUNCTION_MAP += A -> B +# is specified, for any functions A and B. +# +# Example 1: specify that fatal causes the program to abort. +# FUNCTION_MAP += fatal -> abort # # Example 2: specify that pmalloc behaves like malloc: -# FUNCTION_MAP += pmalloc -> malloc +# FUNCTION_MAP += pmalloc -> malloc # # Example 3: specify that pfree behaves like free: -# FUNCTION_MAP += pfree -> free +# FUNCTION_MAP += pfree -> free #FUNCTION_MAP += @@ -11079,31 +11301,31 @@ # Notes # The following test case will produce a Null Pointer Dereference # warning if this preference is set to UNKNOWABLE or ADVERSARIAL. -# int *p = 0; -# volatile int i; -# i = 5; -# if( i != 5 ) -# *p; +# int *p = 0; +# volatile int i; +# i = 5; +# if( i != 5 ) +# *p; # # The following test case will produce a Division By Zero warning # if this preference is set to ADVERSARIAL. -# volatile int i; -# i = 5; -# 10 / i; +# volatile int i; +# i = 5; +# 10 / i; # # The following test case will produce a Division By Zero warning # if this preference is set to ADVERSARIAL or IGNORE. -# volatile int i; -# i = 0; -# 10 / i; +# volatile int i; +# i = 0; +# 10 / i; # # The following test case will produce an Unreachable Code: 5 # warning classes warning if this preference is set to IGNORE. -# int j; -# volatile int timer = 0; -# while( timer != 1000 ) -# ; -# j = 42; +# int j; +# volatile int timer = 0; +# while( timer != 1000 ) +# ; +# j = 42; #VOLATILE_TREATMENT = UNKNOWABLE @@ -11136,15 +11358,15 @@ # the following when FLOAT_IS_ADVERSARIAL=Yes because the # denominator is treated as adversarial even though it is a # constant. -# float c = 5.0 / 2.0 +# float c = 5.0 / 2.0 # # The following test case will produce two Buffer Overrun warnings # when FLOAT_IS_ADVERSARIAL=Yes. -# char A[10]; -# double d = 11.0; -# A[d] = 0; -# d = 5.0; -# A[d] = 0; +# char A[10]; +# double d = 11.0; +# A[d] = 0; +# d = 5.0; +# A[d] = 0; #FLOAT_IS_ADVERSARIAL = No @@ -11178,20 +11400,20 @@ # analysis will allow for the possibility that the value of bound # could be changed by separate code, and so issue a Buffer # Overrun warning. -# int bound = 100; -# void foo(void) { -# char buf[100]; -# int i = getchar(); -# if( i >= bound || i < 0 ) return; -# buf[i] = 'c'; -# } +# int bound = 100; +# void foo(void) { +# char buf[100]; +# int i = getchar(); +# if( i >= bound || i < 0 ) return; +# buf[i] = 'c'; +# } # # The following test case will produce a Null Pointer Dereference # warning if it is analyzed with INFER_CONST=Yes. -# int *ip; -# void foo(void) { -# *ip = 7; -# } +# int *ip; +# void foo(void) { +# *ip = 7; +# } # This is because ip is implicitly zero-initialized, and no other # value is ever assigned to ip. Therefore, CodeSonar assumes that # ip must always be zero. To avoid the zero-initialization, you can @@ -11254,16 +11476,16 @@ # Behavior # If set to "Yes", Pointer Past End of Object warnings will be # issued in cases like the following. -# int A[10]; -# int *p = &A[10]; +# int A[10]; +# int *p = &A[10]; # # Notes # The factory setting is "No" because many codebases may have # cursor pointers that reach the end of an object but are never # dereferenced, as in the following example. -# int A[10]; -# int *p; -# for( p = A; p < &A[10]; p++ ); +# int A[10]; +# int *p; +# for( p = A; p < &A[10]; p++ ); # #WARN_POINTER_AT_END = No @@ -11435,14 +11657,14 @@ # other metrics. # # Expression grammar: -# S -> expr -# expr -> expr + expr | expr - expr | expr * expr | expr / expr | -# const | metric | function(expr, ...) -# function -> cos | sin | tan | acos | asin | atan | atan2 | cosh | sinh | -# tanh | exp | ldexp | log | log10 | pow | sqrt | -# ceil | fabs | floor | fmod | sum | prod | avg | min | max -# metric -> "[a-zA-Z0-9]+\[granularity\]" -# granularity -> ANALYSIS | COMPUNIT | FILE | PROCEDURE +# S -> expr +# expr -> expr + expr | expr - expr | expr * expr | expr / expr | +# const | metric | function(expr, ...) +# function -> cos | sin | tan | acos | asin | atan | atan2 | cosh | sinh | +# tanh | exp | ldexp | log | log10 | pow | sqrt | +# ceil | fabs | floor | fmod | sum | prod | avg | min | max +# metric -> "[a-zA-Z0-9]+\[granularity\]" +# granularity -> ANALYSIS | COMPUNIT | FILE | PROCEDURE # # - All metric values must match an existing metric; metric tags # are case-sensitive. @@ -11453,23 +11675,23 @@ # when the derived metric has granularity greater than the # referenced metric. See table below (sum is used as example). # -# +---------------------+-------------------+-----------------------------+ -# | derived metric gran | expression | description | -# +---------------------+-------------------+-----------------------------+ -# | FILE | sum(PROCEDURE) | Sums over all procedures in | -# | | | the file. | -# | | | | -# | COMPUNIT | sum(PROCEDURE) | Sums over all procedures in | -# | | | the compilation unit. | -# | | | | -# | ANALYSIS | sum(PROCEDURE) | Sums over all procedures in | -# | | | the analyzed project. | -# | | | | -# | COMPUNIT | sum(FILE) | Sums over all files in the | -# | | | compilation unit. | -# | | | | -# | ... etc | -# +-----------------------------------------------------------------------+ +# +---------------------+-------------------+-----------------------------+ +# | derived metric gran | expression | description | +# +---------------------+-------------------+-----------------------------+ +# | FILE | sum(PROCEDURE) | Sums over all procedures in | +# | | | the file. | +# | | | | +# | COMPUNIT | sum(PROCEDURE) | Sums over all procedures in | +# | | | the compilation unit. | +# | | | | +# | ANALYSIS | sum(PROCEDURE) | Sums over all procedures in | +# | | | the analyzed project. | +# | | | | +# | COMPUNIT | sum(FILE) | Sums over all files in the | +# | | | compilation unit. | +# | | | | +# | ... etc | +# +-----------------------------------------------------------------------+ # # Behavior # If a properly formed derived metric is specified, that metric @@ -11663,28 +11885,28 @@ # Instruct CodeSonar to issue a warning of class "High Cyclomatic # Complexity" for any function with a cyclomatic complexity of 20 # or more. -# METRIC_WARNING_CONDITION = vG[PROCEDURE] >= 20 -# METRIC_WARNING_CLASS_NAME = High Cyclomatic Complexity -# METRIC_WARNING_CATEGORIES = METRIC.VG -# METRIC_WARNING_BASE_RANK = 5.0 -# METRIC_WARNING_SIGNIFICANCE = STYLE +# METRIC_WARNING_CONDITION = vG[PROCEDURE] >= 20 +# METRIC_WARNING_CLASS_NAME = High Cyclomatic Complexity +# METRIC_WARNING_CATEGORIES = METRIC.VG +# METRIC_WARNING_BASE_RANK = 5.0 +# METRIC_WARNING_SIGNIFICANCE = STYLE # # Instruct CodeSonar to issue a warning of class "Large procedure" # for any function containing more than 100 lines with code: -# METRIC_WARNING_CONDITION = LCode[PROCEDURE] > 100 -# METRIC_WARNING_CLASS_NAME = Large procedure -# METRIC_WARNING_CATEGORIES = METRIC.LCODE -# METRIC_WARNING_BASE_RANK = 1.0 -# METRIC_WARNING_SIGNIFICANCE = STYLE +# METRIC_WARNING_CONDITION = LCode[PROCEDURE] > 100 +# METRIC_WARNING_CLASS_NAME = Large procedure +# METRIC_WARNING_CATEGORIES = METRIC.LCODE +# METRIC_WARNING_BASE_RANK = 1.0 +# METRIC_WARNING_SIGNIFICANCE = STYLE # # Instruct CodeSonar to issue a warning of class "Too few comments" # for any insufficiently commented function (defined here as a # function containing fewer than 5 lines with comments). -# METRIC_WARNING_CONDITION = LCom[PROCEDURE] < 5 -# METRIC_WARNING_CLASS_NAME = Too few comments -# METRIC_WARNING_CATEGORIES = METRIC.LCOM -# METRIC_WARNING_BASE_RANK = 2.0 -# METRIC_WARNING_SIGNIFICANCE = STYLE +# METRIC_WARNING_CONDITION = LCom[PROCEDURE] < 5 +# METRIC_WARNING_CLASS_NAME = Too few comments +# METRIC_WARNING_CATEGORIES = METRIC.LCOM +# METRIC_WARNING_BASE_RANK = 2.0 +# METRIC_WARNING_SIGNIFICANCE = STYLE # # Note that the categories in these examples are arbitrary text. # @@ -11903,18 +12125,18 @@ # # Notes # For example, -# NON_TERMINATING_LOOP_MARK += /[*] @non-terminating@ [*]/ +# NON_TERMINATING_LOOP_MARK += /[*] @non-terminating@ [*]/ # specifies that Potential Unbounded Loop warnings will not be # triggered by any loop whose condition line contains the comment # /* @non-terminating@ */. # # Don't issue warnings for loops whose condition looks like for(;;) # : -# NON_TERMINATING_LOOP_MARK += for *[(] *; *; *[)] +# NON_TERMINATING_LOOP_MARK += for *[(] *; *; *[)] # # Don't issue warnings for loops whose condition looks like # while(1) : -# NON_TERMINATING_LOOP_MARK += while *[(] *1 *[)] +# NON_TERMINATING_LOOP_MARK += while *[(] *1 *[)] # # Note that the Potential Unbounded Loop check is disabled by # default: use a WARNING_FILTER rule to enable it. @@ -11948,7 +12170,7 @@ # # Notes # For example, -# PROGRAM_ENTRY_POINTS += ^init$ +# PROGRAM_ENTRY_POINTS += ^init$ # specifies that the check should start at function(s) named init. # # Note that the Dynamic Allocation After Initialization check is @@ -11987,7 +12209,7 @@ # # Notes # For example, -# ALLOCATOR_FUNCTIONS += ^mmap$ +# ALLOCATOR_FUNCTIONS += ^mmap$ # specifies that mmap() should be considered an allocator # # Note that the Dynamic Allocation After Initialization check is @@ -12024,7 +12246,7 @@ # # Notes # For example, -# DYN_INIT_FUNCTIONS += ^dyn_init$ +# DYN_INIT_FUNCTIONS += ^dyn_init$ # specifies that function(s) dyn_init() can directly or # transitively call allocator functions without triggering a # warning. @@ -12056,7 +12278,7 @@ # # Notes # For example, -# ASSERT_FAIL_FUNCTIONS += ^__assert_fail$ +# ASSERT_FAIL_FUNCTIONS += ^__assert_fail$ # specifies that calls to __assert_fail() should be considered # assertions. Some systems implement the assert macro using # __assert_fail(). @@ -12105,13 +12327,13 @@ # # WARNING_FILTER discard rules can specify is_sysinclude to match # warnings whose Listing XML lies entirely within system include -# files as designated by SYSTEM_INCLUDE_FILES. +# files as designated by SYSTEM_INCLUDE_PATHS. # # For example, the factory settings for WARNING_FILTER include the # following rule: all warnings in C++ code whose Listing XML lies # entirely within system include files will be discarded. Note that # this rule does not affect warnings in C code. -# WARNING_FILTER += discard language="C++" is_sysinclude +# WARNING_FILTER += discard language="C++" is_sysinclude #SYSTEM_INCLUDE_PATHS += /codesonar/smel/ #SYSTEM_INCLUDE_PATHS += /codesonar/libmodels/ @@ -12253,20 +12475,20 @@ # # For example, suppose we have undefined function g() and are # analyzing the following code. -# int funcA(){ -# char *p = malloc(5); -# if (p) {g(p);} -# return 1; -# } -# -# int funcB(){ -# char *p = malloc(5); -# if (p) { -# g(p); -# p++; -# } -# return 2; -# } +# int funcA(){ +# char *p = malloc(5); +# if (p) {g(p);} +# return 1; +# } +# +# int funcB(){ +# char *p = malloc(5); +# if (p) { +# g(p); +# p++; +# } +# return 2; +# } # # With ASSUME_UNDEFINED_PARAMETERS_MAYBE_FREED=Yes, CodeSonar # assumes that... @@ -12362,18 +12584,18 @@ # For a typical simple C program, we might be only interested in # reachability from main(), and consider any procedure that is not # [transitively] called by main() to be unreachable. For example: -# REACHABILITY_ROOTS = main.c:main +# REACHABILITY_ROOTS = main.c:main # # Example 1: all of the following will match procedure main() in # file /home/me/myproject/src/main.c -# REACHABILITY_ROOTS += :main -# REACHABILITY_ROOTS += main.c:main -# REACHABILITY_ROOTS += /main.c:main -# REACHABILITY_ROOTS += myproject/src/main.c:main +# REACHABILITY_ROOTS += :main +# REACHABILITY_ROOTS += main.c:main +# REACHABILITY_ROOTS += /main.c:main +# REACHABILITY_ROOTS += myproject/src/main.c:main # # Example 2: the following will match any procedure in every file # whose full path name has foo.c as a suffix. -# REACHABILITY_ROOTS += foo.c:* +# REACHABILITY_ROOTS += foo.c:* # # We define sets REACHABLE_FROM_ROOTS and # REACHABLE_FROM_ROOTS_EXTENDED. @@ -12490,10 +12712,10 @@ # in the set will not be used. # # Example: -# HARDCODED_ARGS_REGEX = ^crypt(_r)?$ -# HARDCODED_ARGS_LIST = 2 -# HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Salt -# HARDCODED_ARGS_SIGNIFICANCE = SECURITY +# HARDCODED_ARGS_REGEX = ^crypt(_r)?$ +# HARDCODED_ARGS_LIST = 2 +# HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Salt +# HARDCODED_ARGS_SIGNIFICANCE = SECURITY # specifies that the second argument to crypt() and crypt_r() # should not be hardcoded, and that warnings of class "Hardcoded # Crypto Salt" should be issued at locations where this constraint @@ -12997,23 +13219,23 @@ # This setting might be used to disable taint kinds that are # trusted in the context of the subject software. For example, # suppose we have this code: -# system(getenv("FOO")); +# system(getenv("FOO")); # # CodeSonar would, by default, issue a Command Injection warning. # However, perhaps this warning is undesirable because, in this # context, the environment is trusted. You can disable environment # taint to suppress this and other similar warnings: -# DISABLED_TAINT_KINDS += environment +# DISABLED_TAINT_KINDS += environment # # # The following taint kinds are enabled by default. -# DISABLED_TAINT_KINDS += dns -# DISABLED_TAINT_KINDS += environment -# DISABLED_TAINT_KINDS += fd -# DISABLED_TAINT_KINDS += file -# DISABLED_TAINT_KINDS += file_metadata -# DISABLED_TAINT_KINDS += network -# DISABLED_TAINT_KINDS += registry +# DISABLED_TAINT_KINDS += dns +# DISABLED_TAINT_KINDS += environment +# DISABLED_TAINT_KINDS += fd +# DISABLED_TAINT_KINDS += file +# DISABLED_TAINT_KINDS += file_metadata +# DISABLED_TAINT_KINDS += network +# DISABLED_TAINT_KINDS += registry #DISABLED_TAINT_KINDS += time @@ -13176,12 +13398,12 @@ # confusing results or false positives, such as the following # division by zero: # -# p = unknown_value(); -# if( rand() ) { -# *p = 42; -# j = 0; -# } else { j = 1; } -# if( !p ) j = 1 / j; +# p = unknown_value(); +# if( rand() ) { +# *p = 42; +# j = 0; +# } else { j = 1; } +# if( !p ) j = 1 / j; #NULL_POINTER_DEREF_CRASHES = Yes @@ -13198,7 +13420,7 @@ # # Type # a list of Java build options -# [doc/html/Java_Module/Building/JavaBuildOptions.html] +# [doc/html/Java_Module/Building/Building.html#java_options] # # Microsoft libc command line encoding rules # [doc/html/FAQ.html#libc_commandline] apply (even on non-Windows @@ -13232,7 +13454,7 @@ # # Type # a list of Java build options -# [doc/html/Java_Module/Building/JavaBuildOptions.html] +# [doc/html/Java_Module/Building/Building.html#java_options] # # Microsoft libc command line encoding rules # [doc/html/FAQ.html#libc_commandline] apply (even on non-Windows @@ -13245,6 +13467,54 @@ #JAVA_FLAGS_APPEND += +# Parameter CSHARP_FLAGS_PREPEND +# +# Purpose +# Modify the set of options being passed to the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html]. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# a list of C# build options +# [doc/html/Csharp_Module/Building/Building.html] +# +# Behavior +# The specified options will be prepended to the set of options +# passed to the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html]. +# +# Notes +# The += operator will actually prepend to this preference (in all +# cases except for other parameters with names of the form +# *_PREPEND, the += operator appends). This means that if you +# specify two CSHARP_FLAGS_PREPEND+= settings, the options in the +# second rule will be prepended to the options in the first +# setting. + +#CSHARP_FLAGS_PREPEND += + + +# Parameter CSHARP_FLAGS_APPEND +# +# Purpose +# Modify the set of options being passed to the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html]. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# a list of C# build options +# [doc/html/Csharp_Module/Building/Building.html] +# +# Behavior +# The specified options will be appended to the set of options +# passed to the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html]. + +#CSHARP_FLAGS_APPEND += # Parameter MAX_POINTER_ANALYSIS_PASSES @@ -13315,8 +13585,8 @@ # For example, CodeSonar will only issue a Tainted Buffer Access # warning for the following code fragment if # TAINTED_BUF_TRIGGER_ON_UNKNOWN_BUFFERS=Yes. -# p = undefined_function(); -# p[getchar()] = 42; +# p = undefined_function(); +# p[getchar()] = 42; # Setting TAINTED_BUF_TRIGGER_ON_UNKNOWN_BUFFERS=Yes will # potentially generate a large number of false positive Tainted # Buffer Access warnings. @@ -13506,7 +13776,7 @@ # # Type # A whitespace separated list of triples of the form -# ,, +# ,, # where: # - is the name of the Boolean type # - is the name of the true value for type @@ -13514,11 +13784,11 @@ # # Notes # For example, if your program has the following: -# typedef unsigned char bool; -# const bool true = 1; -# const bool false = 0; +# typedef unsigned char bool; +# const bool true = 1; +# const bool false = 0; # you would use -# BOOL_TYPES += bool,true,false +# BOOL_TYPES += bool,true,false # # The += operator can be used to specify multiple triples. # @@ -13860,13 +14130,13 @@ # an int is used as the left-hand operand of an arithmetic shift, # then that value is first cast to int before the shift is applied. # Hence, the following code -# char c; -# c << 10; -# c << 64; +# char c; +# c << 10; +# c << 64; # is equivalent to -# char c; -# ((int)c) << 10; -# ((int)c) << 64; +# char c; +# ((int)c) << 10; +# ((int)c) << 64; # # When checker Shift Amount Exceeds Bit Width is applied to an # arithmetic shift, the width in bits of the left-hand operand is @@ -13877,13 +14147,13 @@ # either one or two warnings. # # MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH=Yes (2 warnings): -# char c; -# c << 10; /* Shift Amount Exceeds Bit Width */ -# c << 64; /* Shift Amount Exceeds Bit Width */ +# char c; +# c << 10; /* Shift Amount Exceeds Bit Width */ +# c << 64; /* Shift Amount Exceeds Bit Width */ # MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH=No (1 warning): -# char c; -# c << 10; -# c << 64; /* Shift Amount Exceeds Bit Width */ +# char c; +# c << 10; +# c << 64; /* Shift Amount Exceeds Bit Width */ ## MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH = No @@ -13911,11 +14181,11 @@ # For example, Comment Suggests Code Unfinished warnings will be # reported on lines 1 and 4 of the following code fragment. # -# /* 1 */ /* TODO: complete before release */ -# /* 2 */ void incomplete(void) -# /* 3 */ { -# /* 4 */ // FIXME: to be implemented later -# /* 5 */ } +# /* 1 */ /* TODO: complete before release */ +# /* 2 */ void incomplete(void) +# /* 3 */ { +# /* 4 */ // FIXME: to be implemented later +# /* 5 */ } #UNFINISHED_CODE_TAGS += FIXME #UNFINISHED_CODE_TAGS += TODO @@ -14019,13 +14289,13 @@ # specified in the set will not be used. # # Examples: -# BAD_MACRO_CLASS = Use of Forbidden Macro -# BAD_MACRO_NAME = ^MAX$ -# BAD_MACRO_INFO = MAX is bad -# BAD_MACRO_NAME = ^MIN$ -# BAD_MACRO_INFO = MIN is bad -# BAD_MACRO_BASE_RANK = 1.0 -# BAD_MACRO_SIGNIFICANCE = RELIABILITY +# BAD_MACRO_CLASS = Use of Forbidden Macro +# BAD_MACRO_NAME = ^MAX$ +# BAD_MACRO_INFO = MAX is bad +# BAD_MACRO_NAME = ^MIN$ +# BAD_MACRO_INFO = MIN is bad +# BAD_MACRO_BASE_RANK = 1.0 +# BAD_MACRO_SIGNIFICANCE = RELIABILITY # # specifies a single warning class that will trigger if a macro # named either MAX or MIN defined in any file are used. @@ -14033,7 +14303,6 @@ #BAD_MACRO_CLASS = Use of offsetof #BAD_MACRO_NAME = ^(offsetof)$ -#BAD_MACRO_INFO = offsetof is disallowed because it has portability problems #BAD_MACRO_FILENAME = stddef.h$ #BAD_MACRO_CATEGORIES = BADMACRO.OFFSETOFF;Misra2004:20.6;MisraC++2008:18-2-1;AUTOSARC++14:M18-2-1 #BAD_MACRO_BASE_RANK = 12.0 @@ -14042,7 +14311,6 @@ #BAD_MACRO_CLASS = Use of Feature #BAD_MACRO_NAME = ^(va_arg|va_start|va_end|va_copy)$ -#BAD_MACRO_INFO = is used. Violation of MISRA C 2012:17.1: The features of <stdarg.h> shall not be used #BAD_MACRO_FILENAME = stdarg.h$ #BAD_MACRO_CATEGORIES = BADMACRO.STDARG_H;Misra2012:17.1 #BAD_MACRO_BASE_RANK = 10.0 @@ -14065,14 +14333,12 @@ #BAD_MACRO_CLASS = Use of Allocator/Deallocator Macro #BAD_MACRO_NAME = ^(malloc|calloc|realloc|free)$ #BAD_MACRO_FILENAME = stdlib.h$ -#BAD_MACRO_INFO = is disallowed by some coding standards #BAD_MACRO_CATEGORIES = BADMACRO.STDLIB_H_MEM;AUTOSARC++14:18-5-1;Misra2012:21.3;Misra2004:20.4;JPL:5;CWE:710;POW10:3 #BAD_MACRO_BASE_RANK = 1.0 #BAD_MACRO_SIGNIFICANCE = STYLE #BAD_MACRO_CLASS = Use of Weak Cryptographic Algorithm #BAD_MACRO_NAME = ^(CALG_3DES|CALG_3DES_112|CALG_DES|CALG_DESX|CALG_MD2|CALG_MD4|CALG_MD5|CALG_HUGHES_MD5|CALG_RC2|CALG_RC4|CALG_RC5)$ -#BAD_MACRO_INFO = is a weak cryptographic algorithm #BAD_MACRO_CATEGORIES = BADMACRO.WEAK_CRYPTO;CWE:327 #BAD_MACRO_BASE_RANK = 1.0 #BAD_MACRO_SIGNIFICANCE = SECURITY @@ -14538,7 +14804,7 @@ # For example, to warn about any hardcoded port, put the following # after all other NETWORK_PORT_BLACKLIST and NETWORK_PORT_WHITELIST # rules. -# NETWORK_PORT_BLACKLIST = .* +# NETWORK_PORT_BLACKLIST = .* @@ -14777,13 +15043,13 @@ # Setting POINTED_TO_CAPACITY_DEFAULTS_TO_TYPE_BOUNDARY=No permits # CodeSonar to detect the buffer overrun in the following code. -# void f(int x){ +# void f(int x){ # int A[10][10]; # int *q = &A[x][0]; # q[5] = 42; -# } -# -# void g(){ f(11); } +# } +# +# void g(){ f(11); } # # Note that the "2$Buffer Overrun" warning class is one of several # detectors for buffer overruns, and unlike the others is disabled @@ -14902,7 +15168,7 @@ # useful to you. For example, suppose that you are only interested # in the essential types of expressions in source file # problemfile.c. Then your rule will be: -# WARNING_FILTER += allow class="Essential Type Diagnostic" file=problemfile.c +# WARNING_FILTER += allow class="Essential Type Diagnostic" file=problemfile.c #ESSENTIAL_TYPE_DIAGNOSTIC_ENABLED = No @@ -14934,11 +15200,11 @@ # In the following example, suppose that unknown_value() is some # untainted value that the analysis isn't sure about. Then a Type # Underrun warning will be reported only if UNDER_BY_ONE=Yes: -# void f(){ -# int x = unknown_value(); -# int A[10]; -# if( x > -2 ) A[x] = 42; -# } +# void f(){ +# int x = unknown_value(); +# int A[10]; +# if( x > -2 ) A[x] = 42; +# } #UNDER_BY_ONE = No @@ -14997,11 +15263,11 @@ # Notes # Format String Type Error warnings will only be issued in the # following code if FORMAT_STRING_WARN_ON_SIGN_MISMATCH=Yes. -# void f(){ -# printf( "%u\n", 42 ); -# printf( "%x\n", 42 ); -# printf( "%d\n", 42U ); -# } +# void f(){ +# printf( "%u\n", 42 ); +# printf( "%x\n", 42 ); +# printf( "%d\n", 42U ); +# } #FORMAT_STRING_WARN_ON_SIGN_MISMATCH = No @@ -15031,11 +15297,11 @@ # On ABIs where int and long have the same size, Format String Type # Error warnings will only be issued in the following code if # FORMAT_STRING_WARN_ON_EQUAL_SIZE=Yes. -# void f(){ -# assert( sizeof(int) == sizeof(long) ); -# printf( "%d\n", 42L ); -# printf( "%ld\n", 42 ); -# } +# void f(){ +# assert( sizeof(int) == sizeof(long) ); +# printf( "%d\n", 42L ); +# printf( "%ld\n", 42 ); +# } # # A setting of Yes is useful for codebases intended to portable to # multiple architectures. For example, the code above works @@ -15181,32 +15447,30 @@ # - JAVA: Specific to the Java Build/Analysis # - WC_JAVA.IO.INJ.CODE: Used by Code Injection (Java) # - WC_JAVA.IO.INJ.COMMAND: Used by Command Injection (Java) -# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.IO.INJ.XSS: Used by Cross Site Scripting (Java) # - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java) +# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection +# (Java) # - WC_JAVA.IO.INJ.SQL: Used by SQL Injection (Java) -# - WC_JAVA.IO.INJ.XSS: Used by Cross Site Scripting (Java) -# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) +# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) # - WC_JAVA.IO.TAINT.BUNDLE: Used by Tainted Bundle (Java) # - WC_JAVA.IO.TAINT.CONTROL: Used by Tainted Control (Java) -# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device -# Property (Java) # - WC_JAVA.IO.TAINT.EVAL: Used by Tainted Expression Evaluation # (Java) # - WC_JAVA.IO.TAINT.HTTP: Used by Tainted HTTP Response (Java) +# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (Java) # - WC_JAVA.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute # (Java) -# - WC_JAVA.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter -# (Java) # - WC_JAVA.IO.TAINT.LOG: Used by Tainted Log (Java) # - WC_JAVA.IO.TAINT.MESSAGE: Used by Tainted Message (Java) +# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) # - WC_JAVA.IO.TAINT.PATH: Used by Tainted Path (Java) -# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection -# (Java) # - WC_JAVA.IO.TAINT.REGEX: Used by Tainted Regular Expression # (Java) # - WC_JAVA.IO.TAINT.RESOURCE: Used by Tainted Resource (Java) # - WC_JAVA.IO.TAINT.SESSION: Used by Tainted Session (Java) -# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) # - WC_JAVA.IO.TAINT.URL: Used by Tainted URL (Java) # - WC_JAVA.IO.TAINT.XAML: Used by Tainted XAML (Java) # - WC_JAVA.IO.TAINT.XML: Used by Tainted XML (Java) @@ -15252,7 +15516,7 @@ # # Notes # A list of the available JVM options is available in the Oracle -# java command line documentation +# Java command line documentation # [doc/html/Preferences/https://docs.oracle.com/en/java/javase/11/tools/java.html], # in section "Standard Options for Java". @@ -15275,12 +15539,12 @@ # # Behavior # The whole value of this parameter will be prepended to the list -# of JVM arguments that is used to start the java analysis launcher +# of JVM arguments that is used to start the Java analysis launcher # JVM. To specify multiple options, separate them with a space. # # Notes # A list of the available JVM options is available in the Oracle -# java command line documentation +# Java command line documentation # [doc/html/Preferences/https://docs.oracle.com/en/java/javase/11/tools/java.html], # in section "Standard Options for Java". @@ -15334,6 +15598,7 @@ # Behavior # The specified value is interpreted as an upper bound on memory. +#JAVA_LAUNCHER_MEMORY = 512 # Parameter JAVA_ANALYSIS_MEMORY_MANAGEMENT @@ -15403,5 +15668,2390 @@ # Notes # A value between 4 and 8 is recommended. - #JAVA_ANALYSIS_JVM_CONCURRENCY= + + +# Parameter JAVA_ANALYSIS_TRUST_DATABASE +# +# Purpose +# Specifies whether or not the Java taint analysis +# [doc/html/WarningClasses/JAVA/InjectionSourcesAndSinks.html] +# should trust data that originates from database queries, rather +# than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.IO.INJ.ANDROID.MESSAGE: Used by Android Message +# Injection (Java) +# - WC_JAVA.IO.INJ.ANDROID.URL: Used by Android URL Injection +# (Java) +# - WC_JAVA.IO.INJ.CODE: Used by Code Injection (Java) +# - WC_JAVA.IO.INJ.COMMAND: Used by Command Injection (Java) +# - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java) +# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection +# (Java) +# - WC_JAVA.IO.INJ.SQL: Used by SQL Injection (Java) +# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) +# - WC_JAVA.IO.TAINT.BUNDLE: Used by Tainted Bundle (Java) +# - WC_JAVA.IO.TAINT.CONTROL: Used by Tainted Control (Java) +# - WC_JAVA.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (Java) +# - WC_JAVA.IO.TAINT.HTTP: Used by Tainted HTTP Response (Java) +# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (Java) +# - WC_JAVA.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (Java) +# - WC_JAVA.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (Java) +# - WC_JAVA.IO.TAINT.LOG: Used by Tainted Log (Java) +# - WC_JAVA.IO.TAINT.MESSAGE: Used by Tainted Message (Java) +# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) +# - WC_JAVA.IO.TAINT.PATH: Used by Tainted Path (Java) +# - WC_JAVA.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (Java) +# - WC_JAVA.IO.TAINT.RESOURCE: Used by Tainted Resource (Java) +# - WC_JAVA.IO.TAINT.SESSION: Used by Tainted Session (Java) +# - WC_JAVA.IO.TAINT.URL: Used by Tainted URL (Java) +# - WC_JAVA.IO.TAINT.XAML: Used by Tainted XAML (Java) +# - WC_JAVA.IO.TAINT.XML: Used by Tainted XML (Java) +# - WC_JAVA.IO.TAINT.XPATH: Used by Tainted Xpath (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from database queries will be not be +# treated as tainted, and cannot cause a taint-related warning to +# be issued. +# - No : data originating from database queries will be treated as +# tainted. If any such data reaches a taint sink +# [doc/html/WarningClasses/JAVA/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/JAVA/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to come from a database query if it originates +# from a field or method return value annotated with +# @com.juliasoft.julia.checkers.flows.UntrustedDatabase. While this +# annotation can be manually placed by users of the analysis, +# CodeSonar automatically annotates some well-known library methods +# (see the Java taint source +# [doc/html/WarningClasses/JAVA/InjectionSources.html] list). + +#JAVA_ANALYSIS_TRUST_DATABASE = No + + +# Parameter JAVA_ANALYSIS_TRUST_DEVICE +# +# Purpose +# Specifies whether or not the Java taint analysis +# [doc/html/WarningClasses/JAVA/InjectionSourcesAndSinks.html] +# should trust data that originates from the specific device +# running the application, rather than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.IO.INJ.ANDROID.MESSAGE: Used by Android Message +# Injection (Java) +# - WC_JAVA.IO.INJ.ANDROID.URL: Used by Android URL Injection +# (Java) +# - WC_JAVA.IO.INJ.CODE: Used by Code Injection (Java) +# - WC_JAVA.IO.INJ.COMMAND: Used by Command Injection (Java) +# - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java) +# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection +# (Java) +# - WC_JAVA.IO.INJ.SQL: Used by SQL Injection (Java) +# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) +# - WC_JAVA.IO.TAINT.BUNDLE: Used by Tainted Bundle (Java) +# - WC_JAVA.IO.TAINT.CONTROL: Used by Tainted Control (Java) +# - WC_JAVA.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (Java) +# - WC_JAVA.IO.TAINT.HTTP: Used by Tainted HTTP Response (Java) +# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (Java) +# - WC_JAVA.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (Java) +# - WC_JAVA.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (Java) +# - WC_JAVA.IO.TAINT.LOG: Used by Tainted Log (Java) +# - WC_JAVA.IO.TAINT.MESSAGE: Used by Tainted Message (Java) +# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) +# - WC_JAVA.IO.TAINT.PATH: Used by Tainted Path (Java) +# - WC_JAVA.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (Java) +# - WC_JAVA.IO.TAINT.RESOURCE: Used by Tainted Resource (Java) +# - WC_JAVA.IO.TAINT.SESSION: Used by Tainted Session (Java) +# - WC_JAVA.IO.TAINT.URL: Used by Tainted URL (Java) +# - WC_JAVA.IO.TAINT.XAML: Used by Tainted XAML (Java) +# - WC_JAVA.IO.TAINT.XML: Used by Tainted XML (Java) +# - WC_JAVA.IO.TAINT.XPATH: Used by Tainted Xpath (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from the device will be not be treated +# as tainted, and cannot cause a taint-related warning to be +# issued. +# - No : data originating from the device will be treated as +# tainted. If any such data reaches a taint sink +# [doc/html/WarningClasses/JAVA/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/JAVA/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to come from the device the application is +# running on if it originates from a field or method return value +# annotated with +# @com.juliasoft.julia.checkers.flows.UntrustedDevice. While this +# annotation can be manually placed by users of the analysis, +# CodeSonar automatically annotates some well-known library methods +# (see the Java taint source +# [doc/html/WarningClasses/JAVA/InjectionSources.html] list). + +#JAVA_ANALYSIS_TRUST_DEVICE = No + + +# Parameter JAVA_ANALYSIS_TRUST_ENVIRONMENT +# +# Purpose +# Specifies whether or not the Java taint analysis +# [doc/html/WarningClasses/JAVA/InjectionSourcesAndSinks.html] +# should trust data that originates from the environment or from +# system properties, rather than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.IO.INJ.ANDROID.MESSAGE: Used by Android Message +# Injection (Java) +# - WC_JAVA.IO.INJ.ANDROID.URL: Used by Android URL Injection +# (Java) +# - WC_JAVA.IO.INJ.CODE: Used by Code Injection (Java) +# - WC_JAVA.IO.INJ.COMMAND: Used by Command Injection (Java) +# - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java) +# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection +# (Java) +# - WC_JAVA.IO.INJ.SQL: Used by SQL Injection (Java) +# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) +# - WC_JAVA.IO.TAINT.BUNDLE: Used by Tainted Bundle (Java) +# - WC_JAVA.IO.TAINT.CONTROL: Used by Tainted Control (Java) +# - WC_JAVA.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (Java) +# - WC_JAVA.IO.TAINT.HTTP: Used by Tainted HTTP Response (Java) +# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (Java) +# - WC_JAVA.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (Java) +# - WC_JAVA.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (Java) +# - WC_JAVA.IO.TAINT.LOG: Used by Tainted Log (Java) +# - WC_JAVA.IO.TAINT.MESSAGE: Used by Tainted Message (Java) +# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) +# - WC_JAVA.IO.TAINT.PATH: Used by Tainted Path (Java) +# - WC_JAVA.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (Java) +# - WC_JAVA.IO.TAINT.RESOURCE: Used by Tainted Resource (Java) +# - WC_JAVA.IO.TAINT.SESSION: Used by Tainted Session (Java) +# - WC_JAVA.IO.TAINT.URL: Used by Tainted URL (Java) +# - WC_JAVA.IO.TAINT.XAML: Used by Tainted XAML (Java) +# - WC_JAVA.IO.TAINT.XML: Used by Tainted XML (Java) +# - WC_JAVA.IO.TAINT.XPATH: Used by Tainted Xpath (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from the environment or from system +# properties will be not be treated as tainted, and cannot cause +# a taint-related warning to be issued. +# - No : data originating from the environment or from system +# properties will be treated as tainted. If any such data reaches +# a taint sink [doc/html/WarningClasses/JAVA/InjectionSinks.html] +# without being cleansed of the taint by a corresponding taint +# sanitizer +# [doc/html/WarningClasses/JAVA/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to come from the environment or from system +# properties if it originates from a field or method return value +# annotated with +# @com.juliasoft.julia.checkers.flows.UntrustedEnvironment. While +# this annotation can be manually placed by users of the analysis, +# CodeSonar automatically annotates some well-known library methods +# (see the Java taint source +# [doc/html/WarningClasses/JAVA/InjectionSources.html] list). + +#JAVA_ANALYSIS_TRUST_ENVIRONMENT = Yes + + +# Parameter JAVA_ANALYSIS_TRUST_EXTERNAL_STREAMS +# +# Purpose +# Specifies whether or not the Java taint analysis +# [doc/html/WarningClasses/JAVA/InjectionSourcesAndSinks.html] +# should trust data that originates from external streams or +# sockets, rather than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.IO.INJ.ANDROID.MESSAGE: Used by Android Message +# Injection (Java) +# - WC_JAVA.IO.INJ.ANDROID.URL: Used by Android URL Injection +# (Java) +# - WC_JAVA.IO.INJ.CODE: Used by Code Injection (Java) +# - WC_JAVA.IO.INJ.COMMAND: Used by Command Injection (Java) +# - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java) +# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection +# (Java) +# - WC_JAVA.IO.INJ.SQL: Used by SQL Injection (Java) +# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) +# - WC_JAVA.IO.TAINT.BUNDLE: Used by Tainted Bundle (Java) +# - WC_JAVA.IO.TAINT.CONTROL: Used by Tainted Control (Java) +# - WC_JAVA.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (Java) +# - WC_JAVA.IO.TAINT.HTTP: Used by Tainted HTTP Response (Java) +# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (Java) +# - WC_JAVA.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (Java) +# - WC_JAVA.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (Java) +# - WC_JAVA.IO.TAINT.LOG: Used by Tainted Log (Java) +# - WC_JAVA.IO.TAINT.MESSAGE: Used by Tainted Message (Java) +# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) +# - WC_JAVA.IO.TAINT.PATH: Used by Tainted Path (Java) +# - WC_JAVA.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (Java) +# - WC_JAVA.IO.TAINT.RESOURCE: Used by Tainted Resource (Java) +# - WC_JAVA.IO.TAINT.SESSION: Used by Tainted Session (Java) +# - WC_JAVA.IO.TAINT.URL: Used by Tainted URL (Java) +# - WC_JAVA.IO.TAINT.XAML: Used by Tainted XAML (Java) +# - WC_JAVA.IO.TAINT.XML: Used by Tainted XML (Java) +# - WC_JAVA.IO.TAINT.XPATH: Used by Tainted Xpath (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from external streams or sockets will be +# not be treated as tainted, and cannot cause a taint-related +# warning to be issued. +# - No : data originating from external streams or sockets will be +# treated as tainted. If any such data reaches a taint sink +# [doc/html/WarningClasses/JAVA/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/JAVA/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to come from an external stream or socket if +# it originates from a field or method return value annotated with +# @com.juliasoft.julia.checkers.flows.UntrustedExternalStreams. +# While this annotation can be manually placed by users of the +# analysis, CodeSonar automatically annotates some well-known +# library methods (see the Java taint source +# [doc/html/WarningClasses/JAVA/InjectionSources.html] list). + +#JAVA_ANALYSIS_TRUST_EXTERNAL_STREAMS = Yes + + +# Parameter JAVA_ANALYSIS_TRUST_USER_INPUT +# +# Purpose +# Specifies whether or not the Java taint analysis +# [doc/html/WarningClasses/JAVA/InjectionSourcesAndSinks.html] +# should trust data that originates from web requests or console +# input, rather than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.IO.INJ.ANDROID.MESSAGE: Used by Android Message +# Injection (Java) +# - WC_JAVA.IO.INJ.ANDROID.URL: Used by Android URL Injection +# (Java) +# - WC_JAVA.IO.INJ.CODE: Used by Code Injection (Java) +# - WC_JAVA.IO.INJ.COMMAND: Used by Command Injection (Java) +# - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java) +# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection +# (Java) +# - WC_JAVA.IO.INJ.SQL: Used by SQL Injection (Java) +# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) +# - WC_JAVA.IO.TAINT.BUNDLE: Used by Tainted Bundle (Java) +# - WC_JAVA.IO.TAINT.CONTROL: Used by Tainted Control (Java) +# - WC_JAVA.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (Java) +# - WC_JAVA.IO.TAINT.HTTP: Used by Tainted HTTP Response (Java) +# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (Java) +# - WC_JAVA.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (Java) +# - WC_JAVA.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (Java) +# - WC_JAVA.IO.TAINT.LOG: Used by Tainted Log (Java) +# - WC_JAVA.IO.TAINT.MESSAGE: Used by Tainted Message (Java) +# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) +# - WC_JAVA.IO.TAINT.PATH: Used by Tainted Path (Java) +# - WC_JAVA.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (Java) +# - WC_JAVA.IO.TAINT.RESOURCE: Used by Tainted Resource (Java) +# - WC_JAVA.IO.TAINT.SESSION: Used by Tainted Session (Java) +# - WC_JAVA.IO.TAINT.URL: Used by Tainted URL (Java) +# - WC_JAVA.IO.TAINT.XAML: Used by Tainted XAML (Java) +# - WC_JAVA.IO.TAINT.XML: Used by Tainted XML (Java) +# - WC_JAVA.IO.TAINT.XPATH: Used by Tainted Xpath (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from web requests or console input will +# be not be treated as tainted, and cannot cause a taint-related +# warning to be issued. +# - No : data originating from web requests or console input will +# be treated as tainted. If any such data reaches a taint sink +# [doc/html/WarningClasses/JAVA/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/JAVA/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to be user input if it originates from a field +# or method return value annotated with +# @com.juliasoft.julia.checkers.flows.UntrustedUserInput. While +# this annotation can be manually placed by users of the analysis, +# CodeSonar automatically annotates some well-known library methods +# (see the Java taint source +# [doc/html/WarningClasses/JAVA/InjectionSources.html] list). + + +#JAVA_ANALYSIS_TRUST_USER_INPUT = No + + +# Parameter JAVA_ANALYSIS_MERGE_CREATION_POINTS +# +# Purpose +# Specifies whether or not the Java build/analysis +# [doc/html/Java_Module/Building/Building.html] will collapse +# bytecode instructions that create objects of the same type inside +# the same class. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.IO.INJ.ANDROID.MESSAGE: Used by Android Message +# Injection (Java) +# - WC_JAVA.IO.INJ.ANDROID.URL: Used by Android URL Injection +# (Java) +# - WC_JAVA.INSEC.CERT.RS: Used by Certificate Added to Root Store +# (Java) +# - WC_JAVA.IO.INJ.CODE: Used by Code Injection (Java) +# - WC_JAVA.IO.INJ.COMMAND: Used by Command Injection (Java) +# - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java) +# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.INSEC.DTP: Used by Deprecated Transfer Protocol (Java) +# - WC_JAVA.INSEC.DIV: Used by Disabled Input Validation (Java) +# - WC_JAVA.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (Java) +# - WC_JAVA.DEEPNULL.FIELD: Used by Field may be null (deep) (Java) +# - WC_JAVA.HARDCODED.IP: Used by Hardcoded IP Address (Java) +# - WC_JAVA.INSEC.MDSS: Used by Method Disables Security Setting +# (Java) +# - WC_JAVA.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (Java) +# - WC_JAVA.DEEPNULL.DEREF: Used by Null Pointer Dereference (deep) +# (Java) +# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection +# (Java) +# - WC_JAVA.IO.INJ.SQL: Used by SQL Injection (Java) +# - WC_JAVA.INSEC.SAC: Used by Security Annotation Conflict (Java) +# - WC_JAVA.MISC.SD.CACHE: Used by Sensitive Data Cached (Java) +# - WC_JAVA.MISC.SD.EXT: Used by Sensitive Data Written to External +# Storage (Java) +# - WC_JAVA.MISC.SD.FILE: Used by Sensitive Data Written to Local +# File (Java) +# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) +# - WC_JAVA.IO.TAINT.BUNDLE: Used by Tainted Bundle (Java) +# - WC_JAVA.IO.TAINT.CONTROL: Used by Tainted Control (Java) +# - WC_JAVA.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (Java) +# - WC_JAVA.IO.TAINT.HTTP: Used by Tainted HTTP Response (Java) +# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (Java) +# - WC_JAVA.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (Java) +# - WC_JAVA.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (Java) +# - WC_JAVA.IO.TAINT.LOG: Used by Tainted Log (Java) +# - WC_JAVA.IO.TAINT.MESSAGE: Used by Tainted Message (Java) +# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) +# - WC_JAVA.IO.TAINT.PATH: Used by Tainted Path (Java) +# - WC_JAVA.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (Java) +# - WC_JAVA.IO.TAINT.RESOURCE: Used by Tainted Resource (Java) +# - WC_JAVA.IO.TAINT.SESSION: Used by Tainted Session (Java) +# - WC_JAVA.IO.TAINT.URL: Used by Tainted URL (Java) +# - WC_JAVA.IO.TAINT.XAML: Used by Tainted XAML (Java) +# - WC_JAVA.IO.TAINT.XML: Used by Tainted XML (Java) +# - WC_JAVA.IO.TAINT.XPATH: Used by Tainted Xpath (Java) +# - WC_JAVA.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (Java) +# - WC_JAVA.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (Java) +# - WC_JAVA.CONCURRENCY.UG.FIELD: Used by Unguarded Field (Java) +# - WC_JAVA.CONCURRENCY.UG.METH: Used by Unguarded Method (Java) +# - WC_JAVA.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (Java) +# - WC_JAVA.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : all instructions inside the same class X that create +# objects of the same type Y are treated as the same instruction. +# In particular, all instances of Y created inside X are +# considered to be the same object. +# - No : all object creation instructions are treated as distinct. +# +# Notes +# The loss of object sensitivity caused by setting this to Yes can +# lead to both false positives and false negatives but speeds up +# the analysis and reduces memory cost. +# +# For sufficiently large analyzed applications - those with more +# than 300k reachable bytecode instructions - the Java analysis +# will always behave as if this option is set to Yes. + +#JAVA_ANALYSIS_MERGE_CREATION_POINTS = No + + +# Parameter JAVA_ANALYSIS_FIELD_SENSITIVE +# +# Purpose +# Specifies whether or not the Java build/analysis +# [doc/html/Java_Module/Building/Building.html] will track +# information about individual fields of each object. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.IO.INJ.ANDROID.MESSAGE: Used by Android Message +# Injection (Java) +# - WC_JAVA.IO.INJ.ANDROID.URL: Used by Android URL Injection +# (Java) +# - WC_JAVA.IO.INJ.CODE: Used by Code Injection (Java) +# - WC_JAVA.IO.INJ.COMMAND: Used by Command Injection (Java) +# - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java) +# - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java) +# - WC_JAVA.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (Java) +# - WC_JAVA.DEEPNULL.FIELD: Used by Field may be null (deep) (Java) +# - WC_JAVA.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (Java) +# - WC_JAVA.DEEPNULL.DEREF: Used by Null Pointer Dereference (deep) +# (Java) +# - WC_JAVA.IO.TAINT.REFLECTION: Used by Reflection Injection +# (Java) +# - WC_JAVA.IO.INJ.SQL: Used by SQL Injection (Java) +# - WC_JAVA.MISC.SD.CACHE: Used by Sensitive Data Cached (Java) +# - WC_JAVA.MISC.SD.EXT: Used by Sensitive Data Written to External +# Storage (Java) +# - WC_JAVA.MISC.SD.FILE: Used by Sensitive Data Written to Local +# File (Java) +# - WC_JAVA.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (Java) +# - WC_JAVA.IO.TAINT.BUNDLE: Used by Tainted Bundle (Java) +# - WC_JAVA.IO.TAINT.CONTROL: Used by Tainted Control (Java) +# - WC_JAVA.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (Java) +# - WC_JAVA.IO.TAINT.HTTP: Used by Tainted HTTP Response (Java) +# - WC_JAVA.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (Java) +# - WC_JAVA.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (Java) +# - WC_JAVA.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (Java) +# - WC_JAVA.IO.TAINT.LOG: Used by Tainted Log (Java) +# - WC_JAVA.IO.TAINT.MESSAGE: Used by Tainted Message (Java) +# - WC_JAVA.IO.TAINT.ADDR: Used by Tainted Network Address (Java) +# - WC_JAVA.IO.TAINT.PATH: Used by Tainted Path (Java) +# - WC_JAVA.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (Java) +# - WC_JAVA.IO.TAINT.RESOURCE: Used by Tainted Resource (Java) +# - WC_JAVA.IO.TAINT.SESSION: Used by Tainted Session (Java) +# - WC_JAVA.IO.TAINT.URL: Used by Tainted URL (Java) +# - WC_JAVA.IO.TAINT.XAML: Used by Tainted XAML (Java) +# - WC_JAVA.IO.TAINT.XML: Used by Tainted XML (Java) +# - WC_JAVA.IO.TAINT.XPATH: Used by Tainted Xpath (Java) +# - WC_JAVA.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (Java) +# - WC_JAVA.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (Java) +# - WC_JAVA.CONCURRENCY.UG.FIELD: Used by Unguarded Field (Java) +# - WC_JAVA.CONCURRENCY.UG.METH: Used by Unguarded Method (Java) +# - WC_JAVA.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (Java) +# - WC_JAVA.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : the Java analysis will track information about each field +# of each object. +# - No : for each object, the Java analysis will track one set of +# information covering all fields (that is, it treats the fields +# as interchangeable). In particular, if one field of an object O +# becomes tainted, the analysis will consider all fields of O to +# be tainted. +# +# Notes +# Setting this to Yes will generally reduce the number of false +# positives, but uses more time and memory than setting to No. + + +#JAVA_ANALYSIS_FIELD_SENSITIVE = Yes + + +# Parameter JAVA_ANALYSIS_REQUIRE_ANDROID_MANIFEST +# +# Purpose +# For Android checks that rely on manifest data, specifies whether +# or not at least one Android manifest must be submitted in order +# for the check to be performed. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.IO.INJ.FRAGMENT: Used by Fragment Injection (Java) +# - WC_JAVA.IO.TAINT.IC.FRAGMENT: Used by Ineffective Cleansing of +# Fragment Taint (Java) +# - WC_JAVA.CLASS.OR.ISVALIDFRAGMENT: Used by Missing +# isValidFragment Override (Java) +# - WC_JAVA.MISC.SD.CACHE: Used by Sensitive Data Cached (Java) +# - WC_JAVA.MISC.SD.EXT: Used by Sensitive Data Written to External +# Storage (Java) +# - WC_JAVA.MISC.SD.FILE: Used by Sensitive Data Written to Local +# File (Java) +# - WC_JAVA.IO.TAINT.VULN: Used by Tainted Data in Vulnerable +# Method (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : checks for the listed warning classes will only be +# performed if at least one Android manifest has been included +# with the files submitted for analysis. +# - No : checks for the listed warning classes will be performed +# even if no manifest has been submitted. Worst-case assumptions +# will be applied in situations where manifest data is required, +# typically resulting in a large number of false positives. + +#JAVA_ANALYSIS_REQUIRE_ANDROID_MANIFEST = Yes + + +# Parameter JAVA_ANALYSIS_FIELD_VISIBILITY +# +# Purpose +# For warning classes related to field visibility, specifies the +# field visibility types that will be considered by the warning +# class checks. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.CLASS.VIS.FIELD: Used by Field Too Visible (Java) +# - WC_JAVA.CLASS.VIS.SFIELD: Used by Static Field Too Visible +# (Java) +# +# Type +# { PUBLIC, PROTECTED, PACKAGE, PRIVATE } +# +# Behavior +# Warning classes that reason about field visibility inspect fields +# with visibility equal to, or less restrictive than, the value of +# this parameter. +# +# - PUBLIC : checks for the listed warning classes will only +# consider fields with public visibility. +# - PROTECTED : checks for the listed warning classes will consider +# fields with public or protected visibility. +# - PACKAGE checks for the listed warning classes will consider +# fields with public, protected, or package (no modifier) +# visibility. +# - PRIVATE : checks for the listed warning classes will consider +# fields of all visibility types: public, protected, package (no +# modifier), and private. + +#JAVA_ANALYSIS_FIELD_VISIBILITY = PROTECTED + + +# Parameter JAVA_ANALYSIS_FAST_DEEP_CHECK +# +# Purpose +# For warning classes whose checks can involve additional +# supporting analyses, specifies whether or not those additional +# analyses should be skipped (generally in order to save time). +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (Java) +# - WC_JAVA.DEEPNULL.FIELD: Used by Field may be null (deep) (Java) +# - WC_JAVA.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (Java) +# - WC_JAVA.DEEPNULL.DEREF: Used by Null Pointer Dereference (deep) +# (Java) +# - WC_JAVA.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (Java) +# - WC_JAVA.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (Java) +# - WC_JAVA.CONCURRENCY.UG.FIELD: Used by Unguarded Field (Java) +# - WC_JAVA.CONCURRENCY.UG.METH: Used by Unguarded Method (Java) +# - WC_JAVA.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (Java) +# - WC_JAVA.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : checks for the listed warning classes will not +# incorporate additional supporting analyses such as reachability +# analysis and expression nullness checking. In situations where +# data from these additional analyses is required, worst-case +# assumptions will be applied. +# - No : checks for the listed warning classes will incorporate the +# additional supporting analyses. +# +# Notes +# Setting this to Yes will speed up the analysis, but generally +# lead to more false positives. + +#JAVA_ANALYSIS_FAST_DEEP_CHECK = No + + +# Parameter JAVA_ANALYSIS_INITIALIZATION_CHECK +# +# Purpose +# Specifies whether or not a preliminary "class initialization +# analysis" will be performed before checks for those warning +# classes that may benefit from it. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (Java) +# - WC_JAVA.DEEPNULL.FIELD: Used by Field may be null (deep) (Java) +# - WC_JAVA.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (Java) +# - WC_JAVA.DEEPNULL.DEREF: Used by Null Pointer Dereference (deep) +# (Java) +# - WC_JAVA.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (Java) +# - WC_JAVA.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (Java) +# - WC_JAVA.CONCURRENCY.UG.FIELD: Used by Unguarded Field (Java) +# - WC_JAVA.CONCURRENCY.UG.METH: Used by Unguarded Method (Java) +# - WC_JAVA.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (Java) +# - WC_JAVA.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : checks for the listed warning classes will be preceded by +# a "class initialization analysis" to determine the locations at +# which a class is initialized (and so its static initializer is +# called). +# - No : the Java analysis will treat all accesses to class objects +# as possible class initialization points. This is an +# overapproximation: some of these accesses may be unreachable, +# or may occur after the class has already been initialized. +# +# Notes +# Setting this to Yes can reduce the number of false positives, but +# increases analysis time. + +#JAVA_ANALYSIS_INITIALIZATION_CHECK = No + + +# Parameter JAVA_ANALYSIS_DEEP_NULLNESS_CONSERVATIVE_CHECK +# +# Purpose +# Specifies whether or not the analysis should treat all inputs +# received by the application as if they might be null. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (Java) +# - WC_JAVA.DEEPNULL.FIELD: Used by Field may be null (deep) (Java) +# - WC_JAVA.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (Java) +# - WC_JAVA.DEEPNULL.DEREF: Used by Null Pointer Dereference (deep) +# (Java) +# - WC_JAVA.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (Java) +# - WC_JAVA.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (Java) +# - WC_JAVA.CONCURRENCY.UG.FIELD: Used by Unguarded Field (Java) +# - WC_JAVA.CONCURRENCY.UG.METH: Used by Unguarded Method (Java) +# - WC_JAVA.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (Java) +# - WC_JAVA.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : the analysis will account for the possibility of null +# values in unwritten fields, values returned by library methods, +# and parameters of methods selected as entry points. +# - No : the analysis will assume that such values are always non- +# null. +# +# Notes +# A Yes setting represents the worst-case scenario for nullness +# issues. There will generally lead to a higher number of warnings +# than a No setting, possibly including false positives. + +#JAVA_ANALYSIS_DEEP_NULLNESS_CONSERVATIVE_CHECK = No + + +# Parameter JAVA_ANALYSIS_CONCURRENCY_GUARDS_MODE +# +# Purpose +# Specifies how checks for concurrency warning classes should +# interpret @GuardedBy annotations. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (Java) +# - WC_JAVA.CONCURRENCY.UG.FIELD: Used by Unguarded Field (Java) +# - WC_JAVA.CONCURRENCY.UG.METH: Used by Unguarded Method (Java) +# - WC_JAVA.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (Java) +# +# Type +# { byValue, byName } +# +# Behavior +# - byName : @GuardedBy annotations refer to the names of the +# annotated variables or fields. +# +# - byValue : @GuardedBy annotations refer to the values contained +# in the annotated variables or fields. Variables assigned these +# values must therefore also be guarded. +# +# Notes +# For example, consider the following code. +# +# @GuardedBy(x) +# Object a; // a must be guarded by x +# Object b; // b doesn't have to be guarded +# // ... +# b = a; +# +# If JAVA_ANALYSIS_CONCURRENCY_GUARDS_MODE=byName, this code +# fragment will not cause the analysis to infer any guard +# requirements for b. +# +# If JAVA_ANALYSIS_CONCURRENCY_GUARDS_MODE=byValue, the analysis +# will infer that b must be guarded by x at all points after the +# assignment b=a. + +#JAVA_ANALYSIS_CONCURRENCY_GUARDS_MODE = byName + + +# Parameter JAVA_ANALYSIS_CONCURRENCY_CALLS +# +# Purpose +# When JAVA_ANALYSIS_CONCURRENCY_GUARDS_MODE=byValue, specifies +# whether or not the analysis will treat method calls on guarded +# variables as dereferences of those variables. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (Java) +# - WC_JAVA.CONCURRENCY.UG.FIELD: Used by Unguarded Field (Java) +# - WC_JAVA.CONCURRENCY.UG.METH: Used by Unguarded Method (Java) +# - WC_JAVA.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (Java) +# +# Type +# { Yes, No } +# +# Behavior +# +# If JAVA_ANALYSIS_CONCURRENCY_GUARDS_MODE=byValue, behavior is as +# follows. +# +# - Yes : method calls Obj.meth() are considered to be dereferences +# of the method receiver Obj, and this information is used in +# computing inferred @GuardedBy annotations for Obj. +# Specifically, the analysis will not infer a @GuardedBy +# annotation for Obj unless it can infer the same annotation for +# meth(). +# - No : method calls are not considered to be dereferences of the +# method receiver. This is the factory setting, since instance +# method calls only access the class tag of the value, which is +# constant in Java and cannot be involved in a data race. +# +# If JAVA_ANALYSIS_CONCURRENCY_GUARDS_MODE=byName, the setting of +# this parameter has no effect. +# +# Notes +# Setting this to Yes will generally lead to fewer inferred +# @GuardedBy annotations. + +#JAVA_ANALYSIS_CONCURRENCY_CALLS = No + + +# Parameter JAVA_ANALYSIS_STRICT_MODE +# +# Purpose +# Specifies whether or not CodeSonar should perform stricter +# checking for certain Java warning classes. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.NULL.RET.UNCHECKED: Used by Call Might Return Null +# (Java) +# - WC_JAVA.INSEC.DTP: Used by Deprecated Transfer Protocol (Java) +# - WC_JAVA.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (Java) +# - WC_JAVA.DEEPNULL.FIELD: Used by Field may be null (deep) (Java) +# - WC_JAVA.CRYPTO.SALT: Used by Inadequate Salt (Java) +# - WC_JAVA.NULL.PARAM.LAMBDA: Used by Lambda Parameter may be null +# (Java) +# - WC_JAVA.NULL.RET.NONNULL: Used by Method Should Not Return null +# (Java) +# - WC_JAVA.NULL.PARAM.ACTUAL: Used by Null Parameter Dereference +# (Java) +# - WC_JAVA.NULL.DEREF: Used by Null Pointer Dereference (Java) +# - WC_JAVA.DEEPNULL.DEREF: Used by Null Pointer Dereference (deep) +# (Java) +# - WC_JAVA.NULL.RET.ARRAY: Used by Return null Array (Java) +# - WC_JAVA.NULL.RET.BOOL: Used by Return null Boolean (Java) +# - WC_JAVA.NULL.RET.OPT: Used by Return null Optional (Java) +# - WC_JAVA.STRUCT.UPD: Used by Unchecked Parameter Dereference +# (Java) +# - WC_JAVA.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (Java) +# - WC_JAVA.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (Java) +# - WC_JAVA.CLASS.CLONE.SCNC: Used by clone Subclass of Non- +# clonable (Java) +# - WC_JAVA.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (Java) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : the analysis will perform stricter checking for the +# listed warning classes. +# - No : this additional checking will not be performed. +# +# Notes +# Refer to the individual warning class documentation pages for +# information about the precise effects of this parameter on each +# class. +# +# Setting this to Yes will generally lead to fewer false negative +# warnings, but more false positives and a longer analysis time. +# +# The clone Subclass of Non-clonable (Java) and Inadequate Salt +# (Java) classes can only be enabled if this is set to Yes. + +#JAVA_ANALYSIS_STRICT_MODE = No + + +# Parameter JAVA_ANALYSIS_PEDANTIC_MODE +# +# Purpose +# Specifies whether or not CodeSonar should perform more pedantic +# checking for certain Java warning classes. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - JAVA: Specific to the Java Build/Analysis +# - WC_JAVA.STRUCT.EXCP.GEH: Used by Generic Exception Handler +# (Java) +# - WC_JAVA.HARDCODED.IP: Used by Hardcoded IP Address (Java) +# - WC_JAVA.CLASS.ICSBS: Used by Inner Class Should be Static +# (Java) +# - WC_JAVA.CLASS.SER.FNON: Used by Nonserializable Field (Java) +# - WC_JAVA.CLASS.CAST: Used by Risky Class Cast (Java) +# - WC_JAVA.CRYPTO.BASE64: Used by Unsafe Base64 Encoding (Java) +# +# Type +# { Yes, No } +# +# Behavior +# +# - Yes : the analysis will perform more pedantic checking for the +# listed warning classes. +# - No : this additional checking will not be performed. +# +# Notes +# Refer to the individual warning class documentation pages for +# information about the precise effects of this parameter on each +# class. +# +# Setting this to Yes will generally lead to fewer false negative +# warnings, but more false positives and a longer analysis time. +# There may be many more warnings than with a No setting. +# +# The Inner Class Should be Static (Java) and Unsafe Base64 +# Encoding (Java) classes can only be enabled if this is set to +# Yes. + +#JAVA_ANALYSIS_PEDANTIC_MODE = No + + +# Parameter CSHARP_ANALYSIS_FRAMEWORK +# +# Purpose +# Inform the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html] about the runtime +# environment of the analyzed application. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# { net10, net11, net20, net30, net35, net40, net45, net451, +# net452, net46, net461, net462, net47, net471, net472, net48, +# netcoreapp1.0, netcoreapp1.1, netcoreapp2.0, netcoreapp2.1, +# netcoreapp2.2, netcoreapp3.0, netcoreapp3.1, net5.0 } +# +# Behavior +# If a value is specified for CSHARP_ANALYSIS_FRAMEWORK, CodeSonar +# will analyze the application with respect to the corresponding +# runtime environment. The affects the set of classes that will be +# treated as available in the runtime environment, the inheritance +# relationships of those classes, and the class semantics. +# +# If no value is specified, CodeSonar will attempt to infer the +# appropriate runtime environment from the class versions of +# analyzed classes. + +#CSHARP_ANALYSIS_FRAMEWORK = + + +# Parameter CSHARP_ANALYSIS_ENTRY_POINTS_MODE +# +# Purpose +# Specifies how the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html] will determine +# the application's entry points: the methods that can be invoked +# by the runtime environment and that should be considered starting +# points of the analysis. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# { ALL_ENTRIES, ONLY_EXPLICIT_ENTRIES, ONLY_STANDARD_ENTRIES, +# LIBRARY, ALL_METHODS } +# +# Behavior +# - ALL_ENTRIES : treat all public and protected methods and +# constructors as entry points. +# - ONLY_EXPLICIT_ENTRIES: treat methods and constructors as entry +# points if and only if they are annotated as @EntryPoint. +# - ONLY_STANDARD_ENTRIES : only consider default entry points like +# main methods, Swing event handlers, and Android event handlers. +# - LIBRARY : treat all public and protected methods and +# constructors as entry points, and assume that non-final classes +# might be redefined in the future. +# - ALL_METHODS : treat all public, protected and private methods +# and constructors as entry points. + +#CSHARP_ANALYSIS_ENTRY_POINTS_MODE = ALL_ENTRIES + + +# Parameter CSHARP_ANALYSIS_ENABLE_ASSERTIONS +# +# Purpose +# Specifies whether or not the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html] will treat +# assertion statements as if they are executed. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : The analysis will treat assertion statements as if they +# are executed. Warnings can be reported in assertion code, and +# assertion side effects are considered by the analysis. +# - No : The analysis will proceed as if all assertions have been +# removed. Warnings will not be reported for any assertion code, +# and side effects from assertions will not be accounted for. + +#CSHARP_ANALYSIS_ENABLE_ASSERTIONS = No + + +# Parameter CSHARP_ANALYSIS_TIMEOUT +# +# Purpose +# Specifies a timeout (in seconds) for the overall C# +# build/analysis [doc/html/Csharp_Module/Building/Building.html]. +# +# Behavior +# - integer N : if the C# Build/Analysis hasn't finished after N +# seconds, it will halt with an error message. No analysis +# results are produced in this case. +# +# Tags +# - TIME_LIMIT: Analysis Time Limits +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# non-negative integer +# +# Notes +# The factory setting of 10800 correponds to 3 hours. + +#CSHARP_ANALYSIS_TIMEOUT = 10800 + +# Parameter CSHARP_ANALYSIS_PREPROCESSING_TIMEOUT +# +# Purpose +# Specifies a timeout (in seconds) for the preprocessing phase of +# the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html]. +# +# Behavior +# - integer N : if the C# preprocessing hasn't finished after N +# seconds, it will halt with an error message. No analysis +# results are produced in this case. +# +# Tags +# - TIME_LIMIT: Analysis Time Limits +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# non-negative integer +# +# Notes +# The factory setting of 600 correponds to 10 minutes. + +#CSHARP_ANALYSIS_PREPROCESSING_TIMEOUT = 600 + + +# Parameter CSHARP_ANALYSIS_ADVANCED_INJECTION +# +# Purpose +# Specifies whether or not the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html] will perform +# advanced checking for injection-related issues. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.IO.INJ.CODE: Used by Code Injection (C#) +# - WC_CSHARP.IO.INJ.COMMAND: Used by Command Injection (C#) +# - WC_CSHARP.IO.INJ.XSS: Used by Cross Site Scripting (C#) +# - WC_CSHARP.IO.INJ.DLL: Used by DLL Injection (C#) +# - WC_CSHARP.IO.INJ.DENIAL: Used by DOS Injection (C#) +# - WC_CSHARP.IO.TAINT.REFLECTION: Used by Reflection Injection +# (C#) +# - WC_CSHARP.IO.INJ.SQL: Used by SQL Injection (C#) +# - WC_CSHARP.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (C#) +# - WC_CSHARP.IO.TAINT.BUNDLE: Used by Tainted Bundle (C#) +# - WC_CSHARP.IO.TAINT.CONTROL: Used by Tainted Control (C#) +# - WC_CSHARP.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (C#) +# - WC_CSHARP.IO.TAINT.HTTP: Used by Tainted HTTP Response (C#) +# - WC_CSHARP.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (C#) +# - WC_CSHARP.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (C#) +# - WC_CSHARP.IO.TAINT.LOG: Used by Tainted Log (C#) +# - WC_CSHARP.IO.TAINT.MESSAGE: Used by Tainted Message (C#) +# - WC_CSHARP.IO.TAINT.ADDR: Used by Tainted Network Address (C#) +# - WC_CSHARP.IO.TAINT.PATH: Used by Tainted Path (C#) +# - WC_CSHARP.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (C#) +# - WC_CSHARP.IO.TAINT.RESOURCE: Used by Tainted Resource (C#) +# - WC_CSHARP.IO.TAINT.SESSION: Used by Tainted Session (C#) +# - WC_CSHARP.IO.TAINT.URL: Used by Tainted URL (C#) +# - WC_CSHARP.IO.TAINT.XAML: Used by Tainted XAML (C#) +# - WC_CSHARP.IO.TAINT.XML: Used by Tainted XML (C#) +# - WC_CSHARP.IO.TAINT.XPATH: Used by Tainted Xpath (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : Advanced checking for injection-related issues is +# performed. This requires more resources than the No setting, +# but provides results that account for the flow of tainted data +# within the program. +# +# - No : Only basic checking is performed for these warning +# classes. This has a lower resource cost than the Yes setting +# but may miss some vulnerabilities. +# +# Notes +# Setting this to Yes will generally produce more false positives +# than setting to No. + +#CSHARP_ANALYSIS_ADVANCED_INJECTION = No + + +# Parameter CSHARP_ANALYSIS_JVM_OPTIONS +# +# Purpose +# Specify options to the JVM that will execute the C# +# build/analysis [doc/html/Csharp_Module/Building/Building.html]. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# string +# +# Behavior +# The whole value of this parameter will be prepended to the list +# of JVM arguments that is used to start the C# analysis JVM. To +# specify multiple options, separate them with a space. +# +# Notes +# A list of the available JVM options is available in the Oracle +# Java command line documentation +# [doc/html/Preferences/https://docs.oracle.com/en/java/javase/11/tools/java.html], +# in section "Standard Options for Java". + +#CSHARP_ANALYSIS_JVM_OPTIONS = + + +# Parameter CSHARP_LAUNCHER_JVM_OPTIONS +# +# Purpose +# Customize the execution of the JVM that will execute the C# +# build/analysis [doc/html/Csharp_Module/Building/Building.html] +# launcher. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# string +# +# Behavior +# The whole value of this parameter will be prepended to the list +# of JVM arguments that is used to start the C# analysis launcher +# JVM. To specify multiple options, separate them with a space. +# +# Notes +# A list of the available JVM options is available in the Oracle +# Java command line documentation +# [doc/html/Preferences/https://docs.oracle.com/en/java/javase/11/tools/java.html], +# in section "Standard Options for Java". + +#CSHARP_LAUNCHER_JVM_OPTIONS = + + +# Parameter CSHARP_ANALYSIS_MAX_MEMORY +# +# Purpose +# In combination with CSHARP_ANALYSIS_MEMORY_MANAGEMENT, specifies +# the maximum amount of memory that the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html] can use in +# megabytes (MiB). +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# , where is a non-negative integer. +# +# Behavior +# The specified value is interpreted as an upper bound on memory. +# +# - When CSHARP_ANALYSIS_MEMORY_MANAGEMENT=ADAPTIVE or +# CSHARP_ANALYSIS_MEMORY_MANAGEMENT=SIMPLE, the specified value +# contributes to determining the memory limit specified when +# invoking the JVM for the C# build/analysis. +# - When CSHARP_ANALYSIS_MEMORY_MANAGEMENT=NONE, the specified +# value has no effect. +# +# See CSHARP_ANALYSIS_MEMORY_MANAGEMENT for more information. + +#CSHARP_ANALYSIS_MAX_MEMORY = 16384 + + +# Parameter CSHARP_LAUNCHER_MEMORY +# +# Purpose +# Specifies the maximum amount of memory that the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html] launcher can use +# in megabytes (MiB). +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# , where is a non-negative integer. +# +# Behavior +# The specified value is interpreted as an upper bound on memory. + +#CSHARP_LAUNCHER_MEMORY = 1024 + + +# Parameter CSHARP_ANALYSIS_MEMORY_MANAGEMENT +# +# Purpose +# In combination with CSHARP_ANALYSIS_MAX_MEMORY, specifies how the +# C# build/analysis [doc/html/Csharp_Module/Building/Building.html] +# will manage its memory limit. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# { ADAPTIVE, NONE, SIMPLE } +# +# Behavior +# - ADAPTIVE : The JVM that executes the analysis is passed +# argument -Xmx , where is the lower of the value +# specified for CSHARP_ANALYSIS_MAX_MEMORY and the amount of +# memory currently available on the system. +# - NONE : No -Xmx option is passed to the JVM that executes the +# analysis. Memory management and garbage collection are +# completely handled by the Java runtime and the operating +# system. The value of CSHARP_ANALYSIS_MAX_MEMORY is ignored. +# - SIMPLE: The JVM that executes the analysis is passed argument +# -Xmx , where is the value specified for +# CSHARP_ANALYSIS_MAX_MEMORY. +# +# Notes +# Setting this to ADAPTIVE usually leads to easier recovery in case +# of out of memory errors. + +#CSHARP_ANALYSIS_MEMORY_MANAGEMENT = ADAPTIVE + + +# Parameter CSHARP_ANALYSIS_JVM_CONCURRENCY +# +# Purpose +# Specifies the number of CPUs that the JVM executing the C# +# analysis is allowed to use. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# - CSHARP: Specific to the C# Build/Analysis +# +# Type +# integer in the range 1.., where is the total +# number of cores on the analysis machine. +# +# Behavior +# If CSHARP_ANALYSIS_JVM_CONCURRENCY is set with +# CSHARP_ANALYSIS_JVM_CONCURRENCY=, the active processor count +# of the JVM executing the C# analysis will be set to . +# +# If CSHARP_ANALYSIS_JVM_CONCURRENCY is not set, the number +# of active processors to use is computed using the total number of +# cores available on the analysis machine and the settings of +# parameters ANALYSIS_SLAVES, MAX_ANALYSIS_SLAVES, and +# REQUEST_REMOTE_ANALYSIS_SLAVES, as follows. +# - if REQUEST_REMOTE_ANALYSIS_SLAVES=No and ANALYSIS_SLAVES=Auto, +# =min(min(, 8), MAX_ANALYSIS_SLAVES) +# - otherwise, if REQUEST_REMOTE_ANALYSIS_SLAVES=No, +# =min(ANALYSIS_SLAVES, MAX_ANALYSIS_SLAVES) +# - otherwise, =min(min(, 4), MAX_ANALYSIS_SLAVES) +# +# Notes +# A value between 4 and 8 is recommended. + +#CSHARP_ANALYSIS_JVM_CONCURRENCY= + + +# Parameter CSHARP_ANALYSIS_TRUST_DATABASE +# +# Purpose +# Specifies whether or not the C# taint analysis +# [doc/html/WarningClasses/CSHARP/InjectionSourcesAndSinks.html] +# should trust data that originates from database queries, rather +# than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.IO.INJ.CODE: Used by Code Injection (C#) +# - WC_CSHARP.IO.INJ.COMMAND: Used by Command Injection (C#) +# - WC_CSHARP.IO.INJ.DLL: Used by DLL Injection (C#) +# - WC_CSHARP.IO.INJ.DENIAL: Used by DOS Injection (C#) +# - WC_CSHARP.IO.TAINT.REFLECTION: Used by Reflection Injection +# (C#) +# - WC_CSHARP.IO.INJ.SQL: Used by SQL Injection (C#) +# - WC_CSHARP.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (C#) +# - WC_CSHARP.IO.TAINT.BUNDLE: Used by Tainted Bundle (C#) +# - WC_CSHARP.IO.TAINT.CONTROL: Used by Tainted Control (C#) +# - WC_CSHARP.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (C#) +# - WC_CSHARP.IO.TAINT.HTTP: Used by Tainted HTTP Response (C#) +# - WC_CSHARP.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (C#) +# - WC_CSHARP.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (C#) +# - WC_CSHARP.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (C#) +# - WC_CSHARP.IO.TAINT.LOG: Used by Tainted Log (C#) +# - WC_CSHARP.IO.TAINT.MESSAGE: Used by Tainted Message (C#) +# - WC_CSHARP.IO.TAINT.ADDR: Used by Tainted Network Address (C#) +# - WC_CSHARP.IO.TAINT.PATH: Used by Tainted Path (C#) +# - WC_CSHARP.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (C#) +# - WC_CSHARP.IO.TAINT.RESOURCE: Used by Tainted Resource (C#) +# - WC_CSHARP.IO.TAINT.SESSION: Used by Tainted Session (C#) +# - WC_CSHARP.IO.TAINT.URL: Used by Tainted URL (C#) +# - WC_CSHARP.IO.TAINT.XAML: Used by Tainted XAML (C#) +# - WC_CSHARP.IO.TAINT.XML: Used by Tainted XML (C#) +# - WC_CSHARP.IO.TAINT.XPATH: Used by Tainted Xpath (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from database queries will be not be +# treated as tainted, and cannot cause a taint-related warning to +# be issued. +# - No : data originating from database queries will be treated as +# tainted. If any such data reaches a taint sink +# [doc/html/WarningClasses/CSHARP/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/CSHARP/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to come from a database query if it originates +# from a field or method return value with the +# [com.juliasoft.julia.checkers.flows.UntrustedDatabase] attribute. +# While this attribute can be manually applied by users of the +# analysis, CodeSonar automatically applies it to some well-known +# library methods (see the C# taint source +# [doc/html/WarningClasses/CSHARP/InjectionSources.html] list). + +#CSHARP_ANALYSIS_TRUST_DATABASE = No + + +# Parameter CSHARP_ANALYSIS_TRUST_DEVICE +# +# Purpose +# Specifies whether or not the C# taint analysis +# [doc/html/WarningClasses/CSHARP/InjectionSourcesAndSinks.html] +# should trust data that originates from the specific device +# running the application, rather than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.IO.INJ.CODE: Used by Code Injection (C#) +# - WC_CSHARP.IO.INJ.COMMAND: Used by Command Injection (C#) +# - WC_CSHARP.IO.INJ.DLL: Used by DLL Injection (C#) +# - WC_CSHARP.IO.INJ.DENIAL: Used by DOS Injection (C#) +# - WC_CSHARP.IO.TAINT.REFLECTION: Used by Reflection Injection +# (C#) +# - WC_CSHARP.IO.INJ.SQL: Used by SQL Injection (C#) +# - WC_CSHARP.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (C#) +# - WC_CSHARP.IO.TAINT.BUNDLE: Used by Tainted Bundle (C#) +# - WC_CSHARP.IO.TAINT.CONTROL: Used by Tainted Control (C#) +# - WC_CSHARP.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (C#) +# - WC_CSHARP.IO.TAINT.HTTP: Used by Tainted HTTP Response (C#) +# - WC_CSHARP.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (C#) +# - WC_CSHARP.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (C#) +# - WC_CSHARP.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (C#) +# - WC_CSHARP.IO.TAINT.LOG: Used by Tainted Log (C#) +# - WC_CSHARP.IO.TAINT.MESSAGE: Used by Tainted Message (C#) +# - WC_CSHARP.IO.TAINT.ADDR: Used by Tainted Network Address (C#) +# - WC_CSHARP.IO.TAINT.PATH: Used by Tainted Path (C#) +# - WC_CSHARP.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (C#) +# - WC_CSHARP.IO.TAINT.RESOURCE: Used by Tainted Resource (C#) +# - WC_CSHARP.IO.TAINT.SESSION: Used by Tainted Session (C#) +# - WC_CSHARP.IO.TAINT.URL: Used by Tainted URL (C#) +# - WC_CSHARP.IO.TAINT.XAML: Used by Tainted XAML (C#) +# - WC_CSHARP.IO.TAINT.XML: Used by Tainted XML (C#) +# - WC_CSHARP.IO.TAINT.XPATH: Used by Tainted Xpath (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from the device will be not be treated +# as tainted, and cannot cause a taint-related warning to be +# issued. +# - No : data originating from the device will be treated as +# tainted. If any such data reaches a taint sink +# [doc/html/WarningClasses/CSHARP/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/CSHARP/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to come from the device the application is +# running on if it originates from a field or method return value +# with the [com.juliasoft.julia.checkers.flows.UntrustedDevice] +# attribute. While this attribute can be manually applied by users +# of the analysis, CodeSonar automatically applies it to some well- +# known library methods (see the C# taint source +# [doc/html/WarningClasses/CSHARP/InjectionSources.html] list). + +#CSHARP_ANALYSIS_TRUST_DEVICE = No + + +# Parameter CSHARP_ANALYSIS_TRUST_ENVIRONMENT +# +# Purpose +# Specifies whether or not the C# taint analysis +# [doc/html/WarningClasses/CSHARP/InjectionSourcesAndSinks.html] +# should trust data that originates from the environment or from +# system properties, rather than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.IO.INJ.CODE: Used by Code Injection (C#) +# - WC_CSHARP.IO.INJ.COMMAND: Used by Command Injection (C#) +# - WC_CSHARP.IO.INJ.DLL: Used by DLL Injection (C#) +# - WC_CSHARP.IO.INJ.DENIAL: Used by DOS Injection (C#) +# - WC_CSHARP.IO.TAINT.REFLECTION: Used by Reflection Injection +# (C#) +# - WC_CSHARP.IO.INJ.SQL: Used by SQL Injection (C#) +# - WC_CSHARP.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (C#) +# - WC_CSHARP.IO.TAINT.BUNDLE: Used by Tainted Bundle (C#) +# - WC_CSHARP.IO.TAINT.CONTROL: Used by Tainted Control (C#) +# - WC_CSHARP.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (C#) +# - WC_CSHARP.IO.TAINT.HTTP: Used by Tainted HTTP Response (C#) +# - WC_CSHARP.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (C#) +# - WC_CSHARP.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (C#) +# - WC_CSHARP.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (C#) +# - WC_CSHARP.IO.TAINT.LOG: Used by Tainted Log (C#) +# - WC_CSHARP.IO.TAINT.MESSAGE: Used by Tainted Message (C#) +# - WC_CSHARP.IO.TAINT.ADDR: Used by Tainted Network Address (C#) +# - WC_CSHARP.IO.TAINT.PATH: Used by Tainted Path (C#) +# - WC_CSHARP.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (C#) +# - WC_CSHARP.IO.TAINT.RESOURCE: Used by Tainted Resource (C#) +# - WC_CSHARP.IO.TAINT.SESSION: Used by Tainted Session (C#) +# - WC_CSHARP.IO.TAINT.URL: Used by Tainted URL (C#) +# - WC_CSHARP.IO.TAINT.XAML: Used by Tainted XAML (C#) +# - WC_CSHARP.IO.TAINT.XML: Used by Tainted XML (C#) +# - WC_CSHARP.IO.TAINT.XPATH: Used by Tainted Xpath (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from the environment or from system +# properties will be not be treated as tainted, and cannot cause +# a taint-related warning to be issued. +# - No : data originating from the environment or from system +# properties will be treated as tainted. If any such data reaches +# a taint sink +# [doc/html/WarningClasses/CSHARP/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/CSHARP/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to come from the environment or from system +# properties if it originates from a field or method return value +# with the +# [com.juliasoft.julia.checkers.flows.UntrustedEnvironment] +# attribute. While this attribute can be manually applied by users +# of the analysis, CodeSonar automatically applies it to some well- +# known library methods (see the C# taint source +# [doc/html/WarningClasses/CSHARP/InjectionSources.html] list). + +#CSHARP_ANALYSIS_TRUST_ENVIRONMENT = Yes + + +# Parameter CSHARP_ANALYSIS_TRUST_EXTERNAL_STREAMS +# +# Purpose +# Specifies whether or not the C# taint analysis +# [doc/html/WarningClasses/CSHARP/InjectionSourcesAndSinks.html] +# should trust data that originates from external streams or +# sockets, rather than treating it as tainted. + +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.IO.INJ.CODE: Used by Code Injection (C#) +# - WC_CSHARP.IO.INJ.COMMAND: Used by Command Injection (C#) +# - WC_CSHARP.IO.INJ.DLL: Used by DLL Injection (C#) +# - WC_CSHARP.IO.INJ.DENIAL: Used by DOS Injection (C#) +# - WC_CSHARP.IO.TAINT.REFLECTION: Used by Reflection Injection +# (C#) +# - WC_CSHARP.IO.INJ.SQL: Used by SQL Injection (C#) +# - WC_CSHARP.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (C#) +# - WC_CSHARP.IO.TAINT.BUNDLE: Used by Tainted Bundle (C#) +# - WC_CSHARP.IO.TAINT.CONTROL: Used by Tainted Control (C#) +# - WC_CSHARP.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (C#) +# - WC_CSHARP.IO.TAINT.HTTP: Used by Tainted HTTP Response (C#) +# - WC_CSHARP.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (C#) +# - WC_CSHARP.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (C#) +# - WC_CSHARP.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (C#) +# - WC_CSHARP.IO.TAINT.LOG: Used by Tainted Log (C#) +# - WC_CSHARP.IO.TAINT.MESSAGE: Used by Tainted Message (C#) +# - WC_CSHARP.IO.TAINT.ADDR: Used by Tainted Network Address (C#) +# - WC_CSHARP.IO.TAINT.PATH: Used by Tainted Path (C#) +# - WC_CSHARP.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (C#) +# - WC_CSHARP.IO.TAINT.RESOURCE: Used by Tainted Resource (C#) +# - WC_CSHARP.IO.TAINT.SESSION: Used by Tainted Session (C#) +# - WC_CSHARP.IO.TAINT.URL: Used by Tainted URL (C#) +# - WC_CSHARP.IO.TAINT.XAML: Used by Tainted XAML (C#) +# - WC_CSHARP.IO.TAINT.XML: Used by Tainted XML (C#) +# - WC_CSHARP.IO.TAINT.XPATH: Used by Tainted Xpath (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from external streams or sockets will be +# not be treated as tainted, and cannot cause a taint-related +# warning to be issued. +# - No : data originating from external streams or sockets will be +# treated as tainted. If any such data reaches a taint sink +# [doc/html/WarningClasses/CSHARP/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/CSHARP/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to come from an external stream or socket if +# it originates from a field or method return value with the +# [com.juliasoft.julia.checkers.flows.UntrustedExternalStreams] +# attribute. While this attribute can be manually applied by users +# of the analysis, CodeSonar automatically applies it to some well- +# known library methods (see the C# taint source +# [doc/html/WarningClasses/CSHARP/InjectionSources.html] list). + +#CSHARP_ANALYSIS_TRUST_EXTERNAL_STREAMS = Yes + + +# Parameter CSHARP_ANALYSIS_TRUST_USER_INPUT +# +# Purpose +# Specifies whether or not the C# taint analysis +# [doc/html/WarningClasses/CSHARP/InjectionSourcesAndSinks.html] +# should trust data that originates from web requests or console +# input, rather than treating it as tainted. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.IO.INJ.CODE: Used by Code Injection (C#) +# - WC_CSHARP.IO.INJ.COMMAND: Used by Command Injection (C#) +# - WC_CSHARP.IO.INJ.DLL: Used by DLL Injection (C#) +# - WC_CSHARP.IO.INJ.DENIAL: Used by DOS Injection (C#) +# - WC_CSHARP.IO.TAINT.REFLECTION: Used by Reflection Injection +# (C#) +# - WC_CSHARP.IO.INJ.SQL: Used by SQL Injection (C#) +# - WC_CSHARP.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (C#) +# - WC_CSHARP.IO.TAINT.BUNDLE: Used by Tainted Bundle (C#) +# - WC_CSHARP.IO.TAINT.CONTROL: Used by Tainted Control (C#) +# - WC_CSHARP.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (C#) +# - WC_CSHARP.IO.TAINT.HTTP: Used by Tainted HTTP Response (C#) +# - WC_CSHARP.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (C#) +# - WC_CSHARP.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (C#) +# - WC_CSHARP.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (C#) +# - WC_CSHARP.IO.TAINT.LOG: Used by Tainted Log (C#) +# - WC_CSHARP.IO.TAINT.MESSAGE: Used by Tainted Message (C#) +# - WC_CSHARP.IO.TAINT.ADDR: Used by Tainted Network Address (C#) +# - WC_CSHARP.IO.TAINT.PATH: Used by Tainted Path (C#) +# - WC_CSHARP.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (C#) +# - WC_CSHARP.IO.TAINT.RESOURCE: Used by Tainted Resource (C#) +# - WC_CSHARP.IO.TAINT.SESSION: Used by Tainted Session (C#) +# - WC_CSHARP.IO.TAINT.URL: Used by Tainted URL (C#) +# - WC_CSHARP.IO.TAINT.XAML: Used by Tainted XAML (C#) +# - WC_CSHARP.IO.TAINT.XML: Used by Tainted XML (C#) +# - WC_CSHARP.IO.TAINT.XPATH: Used by Tainted Xpath (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : data originating from web requests or console input will +# be not be treated as tainted, and cannot cause a taint-related +# warning to be issued. +# - No : data originating from web requests or console input will +# be treated as tainted. If any such data reaches a taint sink +# [doc/html/WarningClasses/CSHARP/InjectionSinks.html] without +# being cleansed of the taint by a corresponding taint sanitizer +# [doc/html/WarningClasses/CSHARP/InjectionSanitizers.html], a +# warning will be issued. +# +# Notes +# Data is considered to be user input if it originates from a field +# or method return value with the +# [com.juliasoft.julia.checkers.flows.UntrustedUserInput] +# attribute. While this attribute can be manually applied by users +# of the analysis, CodeSonar automatically applies it to some well- +# known library methods (see the C# taint source +# [doc/html/WarningClasses/CSHARP/InjectionSources.html] list). + +#CSHARP_ANALYSIS_TRUST_USER_INPUT = No + + +# Parameter CSHARP_ANALYSIS_MERGE_CREATION_POINTS +# +# Purpose +# Specifies whether or not the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html] will collapse +# bytecode instructions that create objects of the same type inside +# the same class. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.INSEC.CERT.RS: Used by Certificate Added to Root +# Store (C#) +# - WC_CSHARP.IO.INJ.CODE: Used by Code Injection (C#) +# - WC_CSHARP.IO.INJ.COMMAND: Used by Command Injection (C#) +# - WC_CSHARP.IO.INJ.DLL: Used by DLL Injection (C#) +# - WC_CSHARP.IO.INJ.DENIAL: Used by DOS Injection (C#) +# - WC_CSHARP.INSEC.DTP: Used by Deprecated Transfer Protocol (C#) +# - WC_CSHARP.INSEC.DIV: Used by Disabled Input Validation (C#) +# - WC_CSHARP.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (C#) +# - WC_CSHARP.DEEPNULL.FIELD: Used by Field may be null (deep) (C#) +# - WC_CSHARP.HARDCODED.IP: Used by Hardcoded IP Address (C#) +# - WC_CSHARP.INSEC.MDSS: Used by Method Disables Security Setting +# (C#) +# - WC_CSHARP.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (C#) +# - WC_CSHARP.DEEPNULL.DEREF: Used by Null Pointer Dereference +# (deep) (C#) +# - WC_CSHARP.IO.TAINT.REFLECTION: Used by Reflection Injection +# (C#) +# - WC_CSHARP.IO.INJ.SQL: Used by SQL Injection (C#) +# - WC_CSHARP.INSEC.SAC: Used by Security Annotation Conflict (C#) +# - WC_CSHARP.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (C#) +# - WC_CSHARP.IO.TAINT.BUNDLE: Used by Tainted Bundle (C#) +# - WC_CSHARP.IO.TAINT.CONTROL: Used by Tainted Control (C#) +# - WC_CSHARP.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (C#) +# - WC_CSHARP.IO.TAINT.HTTP: Used by Tainted HTTP Response (C#) +# - WC_CSHARP.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (C#) +# - WC_CSHARP.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (C#) +# - WC_CSHARP.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (C#) +# - WC_CSHARP.IO.TAINT.LOG: Used by Tainted Log (C#) +# - WC_CSHARP.IO.TAINT.MESSAGE: Used by Tainted Message (C#) +# - WC_CSHARP.IO.TAINT.ADDR: Used by Tainted Network Address (C#) +# - WC_CSHARP.IO.TAINT.PATH: Used by Tainted Path (C#) +# - WC_CSHARP.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (C#) +# - WC_CSHARP.IO.TAINT.RESOURCE: Used by Tainted Resource (C#) +# - WC_CSHARP.IO.TAINT.SESSION: Used by Tainted Session (C#) +# - WC_CSHARP.IO.TAINT.URL: Used by Tainted URL (C#) +# - WC_CSHARP.IO.TAINT.XAML: Used by Tainted XAML (C#) +# - WC_CSHARP.IO.TAINT.XML: Used by Tainted XML (C#) +# - WC_CSHARP.IO.TAINT.XPATH: Used by Tainted Xpath (C#) +# - WC_CSHARP.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (C#) +# - WC_CSHARP.CONCURRENCY.UG.FIELD: Used by Unguarded Field (C#) +# - WC_CSHARP.CONCURRENCY.UG.METH: Used by Unguarded Method (C#) +# - WC_CSHARP.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (C#) +# - WC_CSHARP.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : all instructions inside the same class X that create +# objects of the same type Y are treated as the same instruction. +# In particular, all instances of Y created inside X are +# considered to be the same object. +# - No : all object creation instructions are treated as distinct. +# +# Notes +# The loss of object sensitivity caused by setting this to Yes can +# lead to both false positives and false negatives but speeds up +# the analysis and reduces memory cost. +# +# For sufficiently large analyzed applications - those with more +# than 300k reachable bytecode instructions - the C# analysis will +# always behave as if this option is set to Yes. + +#CSHARP_ANALYSIS_MERGE_CREATION_POINTS = No + + +# Parameter CSHARP_ANALYSIS_FIELD_SENSITIVE +# +# Purpose +# Specifies whether or not the C# build/analysis +# [doc/html/Csharp_Module/Building/Building.html] will track +# information about individual fields of each object. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.IO.INJ.CODE: Used by Code Injection (C#) +# - WC_CSHARP.IO.INJ.COMMAND: Used by Command Injection (C#) +# - WC_CSHARP.IO.INJ.DLL: Used by DLL Injection (C#) +# - WC_CSHARP.IO.INJ.DENIAL: Used by DOS Injection (C#) +# - WC_CSHARP.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (C#) +# - WC_CSHARP.DEEPNULL.FIELD: Used by Field may be null (deep) (C#) +# - WC_CSHARP.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (C#) +# - WC_CSHARP.DEEPNULL.DEREF: Used by Null Pointer Dereference +# (deep) (C#) +# - WC_CSHARP.IO.TAINT.REFLECTION: Used by Reflection Injection +# (C#) +# - WC_CSHARP.IO.INJ.SQL: Used by SQL Injection (C#) +# - WC_CSHARP.IO.TAINT.TRUSTED: Used by Tainted @Trusted Value (C#) +# - WC_CSHARP.IO.TAINT.BUNDLE: Used by Tainted Bundle (C#) +# - WC_CSHARP.IO.TAINT.CONTROL: Used by Tainted Control (C#) +# - WC_CSHARP.IO.TAINT.EVAL: Used by Tainted Expression Evaluation +# (C#) +# - WC_CSHARP.IO.TAINT.HTTP: Used by Tainted HTTP Response (C#) +# - WC_CSHARP.IO.TAINT.DEVICE: Used by Tainted Hardware Device +# Property (C#) +# - WC_CSHARP.IO.TAINT.LDAP.ATTR: Used by Tainted LDAP Attribute +# (C#) +# - WC_CSHARP.IO.TAINT.LDAP.FILTER: Used by Tainted LDAP Filter +# (C#) +# - WC_CSHARP.IO.TAINT.LOG: Used by Tainted Log (C#) +# - WC_CSHARP.IO.TAINT.MESSAGE: Used by Tainted Message (C#) +# - WC_CSHARP.IO.TAINT.ADDR: Used by Tainted Network Address (C#) +# - WC_CSHARP.IO.TAINT.PATH: Used by Tainted Path (C#) +# - WC_CSHARP.IO.TAINT.REGEX: Used by Tainted Regular Expression +# (C#) +# - WC_CSHARP.IO.TAINT.RESOURCE: Used by Tainted Resource (C#) +# - WC_CSHARP.IO.TAINT.SESSION: Used by Tainted Session (C#) +# - WC_CSHARP.IO.TAINT.URL: Used by Tainted URL (C#) +# - WC_CSHARP.IO.TAINT.XAML: Used by Tainted XAML (C#) +# - WC_CSHARP.IO.TAINT.XML: Used by Tainted XML (C#) +# - WC_CSHARP.IO.TAINT.XPATH: Used by Tainted Xpath (C#) +# - WC_CSHARP.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (C#) +# - WC_CSHARP.CONCURRENCY.UG.FIELD: Used by Unguarded Field (C#) +# - WC_CSHARP.CONCURRENCY.UG.METH: Used by Unguarded Method (C#) +# - WC_CSHARP.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (C#) +# - WC_CSHARP.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : the C# analysis will track information about each field +# of each object. +# - No : for each object, the C# analysis will track one set of +# information covering all fields (that is, it treats the fields +# as interchangeable). In particular, if one field of an object O +# becomes tainted, the analysis will consider all fields of O to +# be tainted. +# +# Notes +# Setting this to Yes will generally reduce the number of false +# positives, but uses more time and memory than setting to No. + + +#CSHARP_ANALYSIS_FIELD_SENSITIVE = Yes + + +# Parameter CSHARP_ANALYSIS_FIELD_VISIBILITY +# +# Purpose +# For warning classes related to field visibility, specifies the +# field visibility types that will be considered by the warning +# class checks. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.CLASS.VIS.FIELD: Used by Field Too Visible (C#) +# - WC_CSHARP.CLASS.VIS.SFIELD: Used by Static Field Too Visible +# (C#) +# +# Type +# { PUBLIC, PROTECTED, PACKAGE, PRIVATE } +# +# Behavior +# Warning classes that reason about field visibility inspect fields +# with visibility equal to, or less restrictive than, the value of +# this parameter. +# +# - PUBLIC : checks for the listed warning classes will only +# consider fields with public visibility. +# - PROTECTED : checks for the listed warning classes will consider +# fields with public or protected visibility. +# - PACKAGE checks for the listed warning classes will consider +# fields with public, protected, or package (no modifier) +# visibility. +# - PRIVATE : checks for the listed warning classes will consider +# fields of all visibility types: public, protected, package (no +# modifier), and private. + +#CSHARP_ANALYSIS_FIELD_VISIBILITY = PROTECTED + + +# Parameter CSHARP_ANALYSIS_FAST_DEEP_CHECK +# +# Purpose +# For warning classes whose checks can involve additional +# supporting analyses, specifies whether or not those additional +# analyses should be skipped (generally in order to save time). +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (C#) +# - WC_CSHARP.DEEPNULL.FIELD: Used by Field may be null (deep) (C#) +# - WC_CSHARP.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (C#) +# - WC_CSHARP.DEEPNULL.DEREF: Used by Null Pointer Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (C#) +# - WC_CSHARP.CONCURRENCY.UG.FIELD: Used by Unguarded Field (C#) +# - WC_CSHARP.CONCURRENCY.UG.METH: Used by Unguarded Method (C#) +# - WC_CSHARP.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (C#) +# - WC_CSHARP.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : checks for the listed warning classes will not +# incorporate additional supporting analyses such as reachability +# analysis and expression nullness checking. In situations where +# data from these additional analyses is required, worst-case +# assumptions will be applied. +# - No : checks for the listed warning classes will incorporate the +# additional supporting analyses. +# +# Notes +# Setting this to Yes will speed up the analysis, but generally +# lead to more false positives. + +#CSHARP_ANALYSIS_FAST_DEEP_CHECK = No + + +# Parameter CSHARP_ANALYSIS_INITIALIZATION_CHECK +# +# Purpose +# Specifies whether or not a preliminary "class initialization +# analysis" will be performed before checks for those warning +# classes that may benefit from it. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (C#) +# - WC_CSHARP.DEEPNULL.FIELD: Used by Field may be null (deep) (C#) +# - WC_CSHARP.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (C#) +# - WC_CSHARP.DEEPNULL.DEREF: Used by Null Pointer Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (C#) +# - WC_CSHARP.CONCURRENCY.UG.FIELD: Used by Unguarded Field (C#) +# - WC_CSHARP.CONCURRENCY.UG.METH: Used by Unguarded Method (C#) +# - WC_CSHARP.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (C#) +# - WC_CSHARP.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : checks for the listed warning classes will be preceded by +# a "class initialization analysis" to determine the locations at +# which a class is initialized (and so its static initializer is +# called). +# - No : the C# analysis will treat all accesses to class objects +# as possible class initialization points. This is an +# overapproximation: some of these accesses may be unreachable, +# or may occur after the class has already been initialized. +# +# Notes +# Setting this to Yes can reduce the number of false positives, but +# increases analysis time. + +#CSHARP_ANALYSIS_INITIALIZATION_CHECK = No + + +# Parameter CSHARP_ANALYSIS_DEEP_NULLNESS_CONSERVATIVE_CHECK +# +# Purpose +# Specifies whether or not the analysis should treat all inputs +# received by the application as if they might be null. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (C#) +# - WC_CSHARP.DEEPNULL.FIELD: Used by Field may be null (deep) (C#) +# - WC_CSHARP.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (C#) +# - WC_CSHARP.DEEPNULL.DEREF: Used by Null Pointer Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (C#) +# - WC_CSHARP.CONCURRENCY.UG.FIELD: Used by Unguarded Field (C#) +# - WC_CSHARP.CONCURRENCY.UG.METH: Used by Unguarded Method (C#) +# - WC_CSHARP.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (C#) +# - WC_CSHARP.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : the analysis will account for the possibility of null +# values in unwritten fields, values returned by library methods, +# and parameters of methods selected as entry points. +# - No : the analysis will assume that such values are always non- +# null. +# +# Notes +# A Yes setting represents the worst-case scenario for nullness +# issues. There will generally lead to a higher number of warnings +# than a No setting, possibly including false positives. + +#CSHARP_ANALYSIS_DEEP_NULLNESS_CONSERVATIVE_CHECK = No + + +# Parameter CSHARP_ANALYSIS_CONCURRENCY_GUARDS_MODE +# +# Purpose +# Specifies how checks for concurrency warning classes should +# interpret [GuardedBy] attributes. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (C#) +# - WC_CSHARP.CONCURRENCY.UG.FIELD: Used by Unguarded Field (C#) +# - WC_CSHARP.CONCURRENCY.UG.METH: Used by Unguarded Method (C#) +# - WC_CSHARP.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (C#) +# +# Type +# { byValue, byName } +# +# Behavior +# For example, consider the following code. +# +# [GuardedBy(x)] +# Object a; // a must be guarded by x +# Object b; // b doesn't have to be guarded +# // ... +# b = a; +# +# If CSHARP_ANALYSIS_CONCURRENCY_GUARDS_MODE=byName, this code +# fragment will not cause the analysis to infer any guard +# requirements for b. +# +# If CSHARP_ANALYSIS_CONCURRENCY_GUARDS_MODE=byValue, the analysis +# will infer that b must be guarded by x at all points after the +# assignment b=a. + +#CSHARP_ANALYSIS_CONCURRENCY_GUARDS_MODE = byName + + +# Parameter CSHARP_ANALYSIS_CONCURRENCY_CALLS +# +# Purpose +# When CSHARP_ANALYSIS_CONCURRENCY_GUARDS_MODE=byValue, specifies +# whether or not the analysis will treat method calls on guarded +# variables as dereferences of those variables. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.CONCURRENCY.SYNC.MSS: Used by Missing synchronized +# Statement (C#) +# - WC_CSHARP.CONCURRENCY.UG.FIELD: Used by Unguarded Field (C#) +# - WC_CSHARP.CONCURRENCY.UG.METH: Used by Unguarded Method (C#) +# - WC_CSHARP.CONCURRENCY.UG.PARAM: Used by Unguarded Parameter +# (C#) +# +# Type +# { Yes, No } +# +# Behavior +# If CSHARP_ANALYSIS_CONCURRENCY_GUARDS_MODE=byValue, behavior is +# as follows. +# +# - Yes : method calls Obj.meth() are considered to be dereferences +# of the method receiver Obj, and this information is used in +# computing inferred [GuardedBy] attributes for Obj. +# Specifically, the analysis will not infer a [GuardedBy] +# attribute for Obj unless it can infer the same attribute for +# meth(). +# - No : method calls are not considered to be dereferences of the +# method receiver. This is the factory setting, since instance +# method calls only access the class tag of the value, which is +# constant in C# and cannot be involved in a data race. +# +# If CSHARP_ANALYSIS_CONCURRENCY_GUARDS_MODE=byName, the setting of +# this parameter has no effect. +# +# Notes +# Setting this to Yes will generally lead to fewer inferred +# [GuardedBy] attributes. + +#CSHARP_ANALYSIS_CONCURRENCY_CALLS = No + + +# Parameter CSHARP_ANALYSIS_STRICT_MODE +# +# Purpose +# Specifies whether or not CodeSonar should perform stricter +# checking for certain C# warning classes. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.NULL.RET.UNCHECKED: Used by Call Might Return Null +# (C#) +# - WC_CSHARP.INSEC.DTP: Used by Deprecated Transfer Protocol (C#) +# - WC_CSHARP.DEEPNULL.EFIELD: Used by Field Element may be null +# (deep) (C#) +# - WC_CSHARP.DEEPNULL.FIELD: Used by Field may be null (deep) (C#) +# - WC_CSHARP.CRYPTO.SALT: Used by Inadequate Salt (C#) +# - WC_CSHARP.NULL.PARAM.LAMBDA: Used by Lambda Parameter may be +# null (C#) +# - WC_CSHARP.NULL.RET.NONNULL: Used by Method Should Not Return +# null (C#) +# - WC_CSHARP.NULL.PARAM.ACTUAL: Used by Null Parameter Dereference +# (C#) +# - WC_CSHARP.NULL.DEREF: Used by Null Pointer Dereference (C#) +# - WC_CSHARP.DEEPNULL.DEREF: Used by Null Pointer Dereference +# (deep) (C#) +# - WC_CSHARP.NULL.RET.ARRAY: Used by Return null Array (C#) +# - WC_CSHARP.NULL.RET.BOOL: Used by Return null Boolean (C#) +# - WC_CSHARP.NULL.RET.OPT: Used by Return null Optional (C#) +# - WC_CSHARP.STRUCT.UPD: Used by Unchecked Parameter Dereference +# (C#) +# - WC_CSHARP.STRUCT.DUPD: Used by Unchecked Parameter Dereference +# (deep) (C#) +# - WC_CSHARP.STRUCT.UPED: Used by Unchecked Parameter Element +# Dereference (deep) (C#) +# - WC_CSHARP.CLASS.CLONE.SCNC: Used by clone Subclass of Non- +# clonable (C#) +# - WC_CSHARP.DEEPNULL.PARAM.ACTUAL: Used by null Passed to Method +# (deep) (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : the analysis will perform stricter checking for the +# listed warning classes. +# - No : this additional checking will not be performed. +# +# Notes +# Refer to the individual warning class documentation pages for +# information about the precise effects of this parameter on each +# class. +# +# Setting this to Yes will generally lead to fewer false negative +# warnings, but more false positives and a longer analysis time. +# +# The clone Subclass of Non-clonable (C#) and Inadequate Salt (C#) +# classes can only be enabled if this is set to Yes. + +#CSHARP_ANALYSIS_STRICT_MODE = No + + +# Parameter CSHARP_ANALYSIS_PEDANTIC_MODE +# +# Purpose +# Specifies whether or not CodeSonar should perform more pedantic +# checking for certain C# warning classes. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - CSHARP: Specific to the C# Build/Analysis +# - WC_CSHARP.STRUCT.EXCP.GEH: Used by Generic Exception Handler +# (C#) +# - WC_CSHARP.HARDCODED.IP: Used by Hardcoded IP Address (C#) +# - WC_CSHARP.CLASS.SER.FNON: Used by Nonserializable Field (C#) +# - WC_CSHARP.CLASS.CAST: Used by Risky Class Cast (C#) +# - WC_CSHARP.CRYPTO.BASE64: Used by Unsafe Base64 Encoding (C#) +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : the analysis will perform more pedantic checking for the +# listed warning classes. +# - No : this additional checking will not be performed. +# +# Notes +# Refer to the individual warning class documentation pages for +# information about the precise effects of this parameter on each +# class. +# +# Setting this to Yes will generally lead to fewer false negative +# warnings, but more false positives and a longer analysis time. +# There may be many more warnings than with a No setting. +# +# The Unsafe Base64 Encoding (C#) class can only be enabled if this +# is set to Yes. + +#CSHARP_ANALYSIS_PEDANTIC_MODE = No + +# IDENTIFIER_NAMING__PREFIX +# IDENTIFIER_NAMING__SUFFIX +# IDENTIFIER_NAMING__CASE +# IDENTIFIER_NAMING__REGEX +# +# one of: +# { ABSTRACT_CLASS, CLASS, CLASS_CONSTANT, CLASS_MEMBER, +# CLASS_METHOD, CONSTANT, CONSTANT_MEMBER, CONSTANT_PARAMETER, +# CONSTANT_POINTER_PARAMETER, CONSTEXPR_FUNCTION, CONSTEXPR_METHOD, +# CONSTEXPR_VARIABLE, ENUM, ENUM_CONSTANT, FUNCTION, +# GLOBAL_CONSTANT, GLOBAL_CONSTANT_POINTER, GLOBAL_FUNCTION, +# GLOBAL_POINTER, GLOBAL_VARIABLE, INLINE_NAMESPACE, +# LOCAL_CONSTANT, LOCAL_CONSTANT_POINTER, LOCAL_POINTER, +# LOCAL_VARIABLE, MACRO_DEFINITION, MEMBER, METHOD, NAMESPACE, +# PARAMETER, PARAMETER_PACK, POINTER_PARAMETER, PRIVATE_MEMBER, +# PRIVATE_METHOD, PROTECTED_MEMBER, PROTECTED_METHOD, +# PUBLIC_MEMBER, PUBLIC_METHOD, STATIC_CONSTANT, STATIC_VARIABLE, +# STRUCT, TEMPLATE_PARAMETER, TEMPLATE_TEMPLATE_PARAMETER, TYPEDEF, +# TYPE_ALIAS, TYPE_TEMPLATE_PARAMETER, UNION, +# VALUE_TEMPLATE_PARAMETER, VARIABLE, VIRTUAL_METHOD } +# +# Purpose +# Use the IDENTIFIER_NAMING_* family of parameters to define naming +# rules that identifiers of a particular ID_KIND must not violate. +# If a naming rule is violated, a Naming Style Violation warning +# will be issued. +# +# Tags +# - WC_LANG.ID.STYLE: Used by Naming Style Violation +# +# Type +# - IDENTIFIER_NAMING__PREFIX: string +# - IDENTIFIER_NAMING__SUFFIX: string +# - IDENTIFIER_NAMING__CASE: { aNy_CasE, lower_case, +# UPPER_CASE, camelBack, CamelCase, Camel_Snake_Case, +# camel_Snake_Back } +# - IDENTIFIER_NAMING__REGEX: Boost 'POSIX Extended +# Regular Expression' +# [http://www.boost.org/doc/libs/1_63_0/libs/regex/doc/html/boost_regex/syntax/basic_extended.html] +# +# Behavior +# These parameters are used to specify naming rules that +# identifiers of a particular kind must not violate. If an +# identifier is found to be in violation of any of the naming rules +# specified for that kind, a warning will be issued. +# - IDENTIFIER_NAMING__PREFIX is a string. If defined, all +# identifiers of the selected kind must begin with the prefix; +# otherwise, a warning will be issued. Note that if an identifier +# matches a prefix rule, the matched portion of the identifier +# will be exempt from consideration of any suffix or case rule +# for that identifier kind. +# - IDENTIFIER_NAMING__SUFFIX is a string. If defined, all +# identifiers of the selected kind must end with the suffix; +# otherwise, a warning will be issued. Note that if an identifier +# matches a suffix rule, the matched portion of the identifier +# will be exempt from consideration of any case rule for that +# identifier kind. +# - IDENTIFIER_NAMING__CASE is one of the following +# strings: { aNy_CasE, lower_case, UPPER_CASE, camelBack, +# CamelCase, Camel_Snake_Case, camel_Snake_Back }. Each string is +# a mnemonic for the following regular expressions: +# +# aNy_CasE = ^.*$ +# lower_case = ^[a-z][a-z0-9_]*$ +# UPPER_CASE = ^[A-Z][A-Z0-9_]*$ +# camelBack = ^[a-z][a-zA-Z0-9]*$ +# CamelCase = ^[A-Z][a-zA-Z0-9]*$ +# Camel_Snake_Case = ^[A-Z][a-z0-9]*(_[A-Z][a-z0-9]*)* +# camel_Snake_Back = ^[a-z][a-z0-9]*(_[A-Z][a-z0-9]*)* +# +# If defined, all identifiers of the selected kind must match the +# case rule; otherwise a warning will be issued. +# - IDENTIFIER_NAMING__REGEX is a regular expression. If +# defined, all identifiers of the selected kind must match at +# least one of the provided regular expressions; otherwise, a +# warning will be issued. Note that multiple regex rules may be +# specified for a given identifier kind using the += operator. +# The set of regular expressions specified for a given kind are +# concatenated together into a single alternation of the form ( +# regex1 | regex2 | ... | regexn), which each identifier of the +# selected kind is matched against. Note that regex matching +# employs boolean OR logic, not boolean AND logic. In order for a +# match to occur, the regular expression must match the whole +# identifier starting from the first character and exhausting the +# whole string. For example, the regular expression [a-z].* will +# match the identifier aFunc but not the identifier _aFunc, as +# the latter matches only the substring aFunc but not the leading +# underscore. +# +# Notes +# +# Use the += operator to define a regex rule. Use the = operator +# for all other rules. +# +# STRUCT and CLASS identifier kinds are somewhat interchangeable; +# STRUCT rules are applied to CLASS identifiers in the absence of +# CLASS rules, and vice versa. +# +# Prefix, suffix, and case rules are matched greedily in that +# order. For example, if an identifier matches a prefix rule, the +# matched portion of the identifier will be removed from the +# identifier before proceeding to match any suffix or case rule. +# Regex rules, however, are matched independently of any prefix, +# suffix, or case rules. For example, if a prefix rule and a regex +# rule have been defined for a given identifier kind, the matching +# of the prefix rule will have no impact on the matching of the +# regex rule and vice versa. +# +# Depending on how a regex is specified and the identifier string +# it is being matched against, a Miscellaneous Error may be issued +# to the hub if the underlying call to boost::regex_match() throws +# an exception due to the complexity of matching the regular +# expression exceeding predefined bounds. If this occurs, refactor +# the regular expression to make each choice made by the state +# machine unambiguous thereby removing the possibility of any +# exponential backtracking during the matching operation. +# +# Examples: +# IDENTIFIER_NAMING_GLOBAL_FUNCTION_REGEX += .*func.* +# IDENTIFIER_NAMING_GLOBAL_FUNCTION_PREFIX = F_ +# IDENTIFIER_NAMING_GLOBAL_FUNCTION_SUFFIX = _F +# IDENTIFIER_NAMING_GLOBAL_FUNCTION_CASE = camel_Snake_Back +# IDENTIFIER_NAMING_GLOBAL_FUNCTION_REGEX += [^0-9]* +# IDENTIFIER_NAMING_VARIABLE_PREFIX = G_ +# IDENTIFIER_NAMING_VARIABLE_SUFFIX = G_ +# IDENTIFIER_NAMING_STRUCT_REGEX = ^[a-z] +# IDENTIFIER_NAMING_STRUCT_REGEX = [A-Z]$ +# IDENTIFIER_NAMING_ENUM_CASE = UPPER_CASE +# +# defines naming rules for GLOBAL_FUNCTION, VARIABLE, STRUCT, and +# ENUM identifiers. +# +# void F_myfunc_Foo_F(void); /* Matches: Although the case rule camel_Snake_Back is defined, +# which includes the requirement that the identifier must start +# with a lowercase letter, the prefix is matched first, followed +# by the suffix, and these matched portions of the identifier +# are removed before matching against the case rule. The remaining +# portion of the identifier, myfunc_Foo, matches the case rule. */ +# void F__myfunc_Foo_F(void); /* 'Invalid naming style for global function +# F__myfunc_Foo_F; case does not match +# camel_Snake_Back.' After matching the prefix F_, +# the remaining unmatched portion of the identifier, +# _myfunc_Foo_F, is matched against the case and suffix +# rules. _myfunc_Foo_F does not match the case rule +# camel_Snake_Back because it does not start with a +# lowercase letter. */ +# void F_func1_F(void); /* Matches: Although this violates the second regex rule by containing +# a digit, it matches at least one of the other regex rules, in this +# case the first one, so no warning is issued. */ +# int G_myintG_ = 0; /* Matches */ +# int G_ = 1; /* 'Invalid naming style for variable G_; suffix does not match G_.' +# After matching the prefix G_, the remaining unmatched portion of the identifier +# is the empty string, which does not match the suffix rule. */ +# class MyClass { +# private: +# int foo; +# int bar; +# }; /* 'Invalid naming style for struct MyClass; does not match the regular expression [A-Z]$.' +# Note two things: +# 1). Although MyClass is a class identifier, the struct rules are applied to it in the +# absence of class rules. +# 2). The first regex rule for structs was overwritten by the second rule; +# the second rule was specified using = instead of +=. */ +# enum _DAYS_OF_THE_WEEK { MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY}; +# /* 'Invalid naming style for enum _DAYS_OF_THE_WEEK; case does not match UPPER_CASE.' +# * Although all letters are uppercase, UPPER_CASE has the additional requirement that +# * the identifier must start with an uppercase character, not an underscore. +# */ +#