Regular Expression Analysis
Regular expression (regex) analysis provides the ability for using regular expression rules to detect vulnerabilities in both file content and file names. This analysis can detect vulnerable secrets such as passwords, keys, and credentials in project files. The Configuration Analyzer includes the regex analysis capability.
Important! Regex analysis is language agnostic and therefore it might detect vulnerabilities in file types that Fortify Static Code Analyzer does not officially support.
Regex analysis recursively examines all file paths and path patterns included in the translation phase. Every file, for each directory found is analyzed unless it is specifically excluded from the translation. To manage the files that are included in regex analysis, the following options are available:
-
Exclude any file or directory with the
-excludeoption in the translation phase.For more information about this option, see Translation Options.
-
By default, regex analysis excludes all detectible binary files. To include binary files in the analysis, add the following property to the
fortify-sca.propertiesfile (or include this property on the command line using the-Doption):com.fortify.sca.regex.ExcludeBinaries = false -
By default, regex analysis excludes files larger than 10 MB to ensure that the scan time is acceptable. You can change the maximum file size (in megabytes) with the following property:
com.fortify.sca.regex.MaxSize = <max_file_size_mb>
To disable regex analysis, add the following property to the fortify-sca.properties file or include it on the command line:
com.fortify.sca.regex.Enable = falseSee Also