Regular Expression Analysis
Regular expression (regex) analysis provides the ability to use regular expression rules for detecting vulnerabilities in both file content and file names. This analysis can detect vulnerable secrets such as passwords, keys, and credentials in project files. The Configuration Analyzer includes the regex analysis capability.
Regex analysis recursively examines all file paths and path patterns included in the translation phase. Every file, for each directory found is analyzed unless it is specifically excluded from the translation. To manage the files that are included in regex analysis, the following options are available:
-
Exclude any file or directory with the
-excludeoption in the translation phase.For more information about this option, see Translation Options.
-
By default, regex analysis excludes all detectible binary files. To include binary files in the analysis, add the following property to the
fortify-sca.propertiesfile (or include this property on the command line using the-Doption):com.fortify.sca.regex.ExcludeBinaries = false -
By default, regex analysis excludes files larger than 10 MB to ensure that the scan time is acceptable. You can change the maximum file size (in megabytes) with the following property:
com.fortify.sca.regex.MaxSize = <max_file_size_mb>
To disable regex analysis, add the following property to the fortify-sca.properties file or include it on the command line:
com.fortify.sca.regex.Enable = falseSee Also