Micro Focus Fortify Static Code Analyzer User Guide

Micro Focus Fortify Static Code Analyzer

Software Version: 18.20

User Guide

Document Release Date: November 2018 Software Release Date: November 2018

User Guide

Legal Notices

Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors ("Micro Focus") are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

Copyright Notice

? Copyright 2003 - 2018 Micro Focus or one of its affiliates

Trademark Notices

AdobeTM is a trademark of Adobe Systems Incorporated. Microsoft? and Windows? are U.S. registered trademarks of Microsoft Corporation. UNIX? is a registered trademark of The Open Group.

Documentation Updates

The title page of this document contains the following identifying information: l Software Version number l Document Release Date, which changes each time the document is updated l Software Release Date, which indicates the release date of this version of the software To check for recent updates or to verify that you are using the most recent edition of a document, go to:

Micro Focus Fortify Static Code Analyzer (18.20)

Page 2 of 161

User Guide

Contents

Preface Contacting Micro Focus Fortify Customer Support For More Information About the Documentation Set

Change Log

Chapter 1: Introduction Fortify Static Code Analyzer Fortify CloudScan Fortify Scan Wizard Fortify Software Security Content About the Analyzers Related Documents All Products Micro Focus Fortify Software Security Center Micro Focus Fortify Static Code Analyzer

Chapter 2: Analysis Process Overview Analysis Process Parallel Processing Translation Phase Mobile Build Sessions Mobile Build Session Version Compatibility Creating a Mobile Build Session Importing a Mobile Build Session Analysis Phase Incremental Analysis Translation and Analysis Phase Verification

Chapter 3: Translating Java Code Java Command-Line Syntax Java Command-Line Options Java Command-Line Examples Handling Resolution Warnings Java Warnings Using FindBugs

Micro Focus Fortify Static Code Analyzer (18.20)

9 9 9 9

10

13 13 13 14 14 14 16 16 17 17

19 19 20 20 21 21 21 21 22 22 23

24 24 25 27 27 27 28

Page 3 of 161

User Guide

Translating Java EE Applications

29

Translating the Java Files

29

Translating JSP Projects, Configuration Files, and Deployment Descriptors

29

Java EE Translation Warnings

29

Translating Java Bytecode

30

Troubleshooting JSP Translation Issues

30

Chapter 4: Translating .NET Code

32

About Translating .NET Code

32

.NET Command-Line Syntax

33

Translating .NET Binaries

34

Binary .NET Translation Command-Line Options

35

Handling Translation Errors

38

.NET Translation Errors

38

Errors

38

Chapter 5: Translating C and C++ Code

39

C and C++ Code Translation Prerequisites

39

C and C++ Command-Line Syntax

39

Options for Code in Visual Studio Solution or MSBuild Project

40

Scanning Pre-processed C and C++ Code

40

Chapter 6: Translating JavaScript Technologies

41

Translating Pure JavaScript Projects

41

Skipping Translation of JavaScript Library Files

41

Translating JavaScript Projects with HTML Files

42

Including External JavaScript or HTML in the Translation

43

Translating AngularJS Code

43

Scanning JavaScript Technologies

44

Chapter 7: Translating Python Code

45

Python Translation Command-Line Syntax

45

Including Import Files

45

Including Namespace Packages

46

Using the Django Framework with Python

46

Python Command-Line Options

46

Python Command-Line Examples

47

Chapter 8: Translating Code for Mobile Platforms

48

Micro Focus Fortify Static Code Analyzer (18.20)

Page 4 of 161

User Guide

Translating Apple iOS Projects iOS Project Translation Prerequisites iOS Code Analysis Command-Line Syntax

Translating Android Projects Android Project Translation Prerequisites Android Code Analysis Command-Line Syntax Filtering Issues Detected in Android Layout Files

Chapter 9: Translating Ruby Code Ruby Command-Line Syntax Ruby Command-Line Options Adding Libraries Adding Gem Paths

Chapter 10: Translating Apex and Visualforce Code Apex Translation Prerequisites Apex and Visualforce Command-Line Syntax Apex and Visualforce Command-Line Options Downloading Customized Salesforce Database Structure Information

Chapter 11: Translating COBOL Code Preparing COBOL Source Files for Translation COBOL Command-Line Syntax COBOL Command-Line Options

Chapter 12: Translating Other Languages Translating PHP Code PHP Command-Line Options Translating ABAP Code INCLUDE Processing Importing the Transport Request Adding Fortify Static Code Analyzer to Your Favorites List Running the Fortify ABAP Extractor Uninstalling the Fortify ABAP Extractor Translating Flex and ActionScript Flex and ActionScript Command-Line Options ActionScript Command-Line Examples Handling Resolution Warnings ActionScript Warnings Translating ColdFusion Code ColdFusion Command-Line Syntax

Micro Focus Fortify Static Code Analyzer (18.20)

48 48 49 49 49 50 50

51 51 51 52 52

53 53 53 54 54

56 56 57 57

59 59 59 60 60 61 61 62 63 64 64 65 66 66 66 66

Page 5 of 161

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download