Filter file example
As an example, the following output is from a scan of the EightBall.java sample. This sample project is included in the OpenText_SAST_Fortify_Samples_<version>.zip archive in the basic/eightball directory.
The following commands are executed to produce the analysis results:
sourceanalyzer -b eightball EightBall.java sourceanalyzer -b eightball -scan
The following results show five detected issues:
[F7A138CDE5235351F6A4405BA4AD7C53 : low : Unchecked Return Value : semantic ]
EightBall.java(12) : Reader.read()
[6291C6A33303ED270C269917AA8A1005 : high : Path Manipulation : dataflow ]
EightBall.java(12) : ->new FileReader(0)
EightBall.java(8) : <=> (filename)
EightBall.java(8) : <->Integer.parseInt(0->return)
EightBall.java(6) : <=> (filename)
EightBall.java(4) : ->EightBall.main(0)
[176CC0B182267DD538992E87EF41815F : critical : Path Manipulation : dataflow ]
EightBall.java(12) : ->new FileReader(0)
EightBall.java(6) : <=> (filename)
EightBall.java(4) : ->EightBall.main(0)
[E4B3ACF92911ED6D98AAC15876739EC7 : high : Unreleased Resource : Streams : controlflow ]
EightBall.java(12) : start -> loaded : new FileReader(...)
EightBall.java(14) : loaded -> end_of_scope : end scope : Resource leaked
EightBall.java(12) : start -> loaded : new FileReader(...)
EightBall.java(12) : java.io.IOException thrown
EightBall.java(12) : loaded -> loaded : throw
EightBall.java(12) : loaded -> end_of_scope : end scope : Resource leaked : java.io.IOException thrown
[BB9F74FFA0FF75C9921D0093A0665BEB : low : J2EE Bad Practices : Leftover Debug Code : structural ]
EightBall.java(4)
The following is an example filter file that performs the following:
- Remove all results related to the J2EE Bad Practice category
- Remove the Path Manipulation based on its instance ID
- Remove any dataflow issues that were generated from a specific rule ID
#This is a category to filter from scan output
J2EE Bad Practices
#This is an instance ID of a specific issue to be filtered #from scan output
6291C6A33303ED270C269917AA8A1005
#This is a specific Rule ID that leads to the reporting of a #specific issue in the scan output: in this case the #dataflow sink for a Path Manipulation issue.
823FE039-A7FE-4AAD-B976-9EC53FFE4A59
To test the filtered output, copy the above text and paste it into a file with the name test_filter.txt.
To apply the filtering in the test_filter.txt file, execute the following command:
sourceanalyzer -b eightball -scan -filter test_filter.txt
The filtered analysis produces the following results:
[176CC0B182267DD538992E87EF41815F : critical : Path Manipulation : dataflow ]
EightBall.java(12) : ->new FileReader(0)
EightBall.java(6) : <=> (filename)
EightBall.java(4) : ->EightBall.main(0)
[E4B3ACF92911ED6D98AAC15876739EC7 : high : Unreleased Resource : Streams : controlflow ]
EightBall.java(12) : start -> loaded : new FileReader(...)
EightBall.java(14) : loaded -> end_of_scope : end scope : Resource leaked
EightBall.java(12) : start -> loaded : new FileReader(...)
EightBall.java(12) : java.io.IOException thrown
EightBall.java(12) : loaded -> loaded : throw
EightBall.java(12) : loaded -> end_of_scope : end scope : Resource leaked : java.io.IOException thrown