OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only

FW: [sarif] Asking for output of analysis tools that produce code paths

  • 1.  FW: [sarif] Asking for output of analysis tools that produce code paths

    Posted 01-31-2018 21:12
        From: Larry Golding (Comcast) [mailto:larrygolding@comcast.net] Sent: Monday, January 29, 2018 3:48 PM To: 'James A. Kupsch' <kupsch@cs.wisc.edu>; mikefan@microsoft.com Cc: 'Vamshi Basupalli' <vamshi@cs.wisc.edu> Subject: RE: [sarif] Asking for output of analysis tools that produce code paths   Thanks Jim, that's very helpful! I uploaded your samples to the directory Tool Samples/SWAMP Tools in the repo and provided a README.md. Here are my takeaways from studying them: 1. cppcheck The code paths in the cppcheck sample ( lighttpd-1.4.45---ubuntu-16.04-64---cppcheck
    esultsassessment_report15.xml , line 4) are very simple. Only one of them (the first one, the “redundant assignment” error) has more than one location in the path. 2. clang In the clang sample, I’ll need your help interpreting the contents of the .plist file. Those nested dict/key/array/dict/key… elements exceed my complexity limit