About downloading source files
To translate ABAP code, the Fortify ABAP Extractor program downloads source files to the presentation server, and optionally, starts OpenText SAST. You need to use an account with permission to download files to the local system and execute operating system commands.
Because the extractor program is executed online, you might receive a max dialog work process time reached message if the volume of source files selected for extraction exceeds the allowable process run time. To work around this, download large projects as a series of smaller Extractor tasks. For example, if your project consists of four different packages, download each package separately into the same project directory. If the exception occurs frequently, work with your SAP Basis administrator to increase the maximum time limit (rdisp/max_wprun_time).
When a PACKAGE is extracted from ABAP, the Fortify ABAP Extractor extracts everything from TDEVC with a parentcl field that matches the package name. It then recursively extracts everything else from TDEVC with a parentcl field equal to those already extracted from TDEVC. The field extracted from TDEVC is devclass.
The devclass values are treated as a set of program names and handled the same way as a program name, which you can provide.
Programs are extracted from TRDIR by comparing the name field with either:
- The program name specified in the selection screen
- The list of values extracted from
TDEVCif a package was provided
The rows from TRDIR are those for which the name field has the given program name and the expression LIKEprogramname is used to extract rows.
This final list of names is used with READ REPORT to get code out of the SAP system. This method reads classes and methods out as well as merely REPORTS, for the record.
Each READ REPORT call produces a file in the temporary folder on the local system. OpenText SAST translates and scans this set of files to produce an FPR file that you can open with Fortify Audit Workbench.