From: Larry Golding (Comcast) [mailto:
larrygolding@comcast.net] Sent: Monday, January 29, 2018 3:48 PM To: 'James A. Kupsch' <
kupsch@cs.wisc.edu>;
mikefan@microsoft.com Cc: 'Vamshi Basupalli' <
vamshi@cs.wisc.edu> Subject: RE: [sarif] Asking for output of analysis tools that produce code paths Thanks Jim, that's very helpful! I uploaded your samples to the directory Tool Samples/SWAMP Tools in the repo and provided a README.md. Here are my takeaways from studying them: 1. cppcheck The code paths in the cppcheck sample ( lighttpd-1.4.45---ubuntu-16.04-64---cppcheck
esultsassessment_report15.xml , line 4) are very simple. Only one of them (the first one, the “redundant assignment” error) has more than one location in the path. 2. clang In the clang sample, I’ll need your help interpreting the contents of the .plist file. Those nested dict/key/array/dict/key… elements exceed my complexity limit