klocwork
environment
[!NOTE|label:references:]
video: Klocwork Demo
analysis
[!NOTE|label:references:] issue severity
1 - Critical
2 - Error
3 - Warning
4 - Review
5 - Severity 5
6 - Severity 6
7 - Severity 7
8 - Severity 8
9 - Severity 9
10 - Severity 10
[!NOTE|label:references:] sample code
capture build settings
$ kwinject --output "<.out_path>" <original build command>
i.e.:
$ kwinject --output "~/npp/npp.out" devenv "~/npp/PowerEditor/visual.net/notepadPlus.sln" /Rebuild
run an analysis using the build spec
$ kwbuildproject --url "<kw_url:kw_port>/<project_name>" \ --tables-directory "<table_path>" \ "<.out_path>"
i.e.:
$ kwbuildproject --url "http://klocwork.domain.com/NotepadPlusPlus" --tables-directory "~/npp/npp_tables" "~/npp/npp.out"
load the database
$ kwadmin --url "<kw_url:kw_port>" \ load "<project_name>" \ "<table_path>"
i.e.:
$ kwadmin --url "http://klocwork.domain.com" load "NotepadPlusPlus" "~/npp/npp_tables"
debug for authentication issue
$ kwadmin --debug --url <Klocwork server url> list-projects
logout via
$ kwauth --log-out
[!NOTE|label:references:] sample code
re-create the build spec
$ kwinject --output "~/kw.out" <regular command line>
i.e.
$ kwinject --output "~/npp/npp.out" devenv "~/npp/PowerEditor/visual.net/notepadPlus.sln" /Rebuild
force a full analysis
$ kwbuildproject --url "<kw_url:kw_port>/<project_name>" \ --tables-directory "<table_path>" \ --force "<.out file>"
i.e.:
$ kwbuildproject --url "http://klocwork.domain.com/NotepadPlusPlus" --tables-directory "~/npp/npp_tables" --force "~/npp/npp.out"
load the result
$ kwadmin --url "<kw_url:kw_port>" \ load "<project_name>" \ "<table_path>"
i.e.:
$ kwadmin --url http://klocwork.domain.com/ load NotepadPlusPlus "~/npp/npp_tables"
[!NOTE|label:references:] sample code
update the build settings
$ kwinject --update "<.out_path>" <original build command>
i.e.:
$ kwinject --update "~/npp/npp.out" devenv "~/npp/PowerEditor/visual.net/notepadPlus.sln" /Build
execute the incremental analysis
$ kwbuildproject --url "<kw_url:kw_port>/<project_name>" \ --tables-directory "<table_path>" \ --incremental "<table_path>"
i.e.:
$ kwbuildproject --url "http://klocwork.domain.com/NotepadPlusPlus" --tables-directory "~/npp/npp_tables" --incremental "~/npp/npp_tables"
load the result
$ kwadmin --url "<kw_url:kw_port>" \ load "<project_name>" \ "<table_path>"
i.e.:
$ kwadmin --url "http://klocwork.domain.com" load NotepadPlusPlus "~/npp/npp_tables"
load result from both windows and linux
[!NOTE|label:references:] sample code kwbuildproject
create an integration project on kw server via command line
$ kwadmin --url "<kw_url:kw_port>" \ create-project "<project_name>"
i.e.:
$ kwadmin --url http://klocwork.domain.com create-project NotepadPlusPlus
capture build settings on linux machine
$ kwinject --output "<.out_path>" <original build command>
i.e.:
$ kwinject --output "~/npp/npp.out" make
run an analysis using the build spec on linux
$ kwbuildproject --url "<kw_url:kw_port>/<project_name>" \ [--project "<project_name>"] --tables-directory "<table_path>" \ "<.out_path>"
i.e.:
$ kwbuildproject --url "http://klocwork.domain.com/NotepadPlusPlus" \ --tables-directory "~/npp/npp_tables" \ "~/npp/npp.out"
$ kwbuildproject --tables-directory <dir> \ [--url http://<klocwork_server_host>:<klocwork_server_port>/<server_project>] \ [<other_options>] \ <build_specification_1> [<build_specification_2>...]
load the database on windows
$ kwadmin --url "<kw_url:kw_port>" \ load "<project_name>" \ "<table_path>"
i.e.:
$ kwadmin --url "http://klocwork.domain.com/NotepadPlusPlus" \ load NotepadPlusPlus \ "~/npp/npp_tables"
[!NOTE|label:references:]
inserting the kwwrap command line before your compiler and linker names
CC = gcc
convert to
CC = kwwrap -o <path_to_kwwrap_trace_file> gcc
// or
CC = kwwrap -o <path_to_kwwrap_trace_file> $(command -v gcc)
or via creating wrapper scripts
execute the original build command
Convert the build trace into a build specification with kwinject
$ kwinject --trace-in <path_to_kwwrap_trace_file> \
--output <path_to_kwinject_output_file>
i.e.:
$ kwinject --trace-in C:/temp/kwwrap.trace \ --output C:/Klocwork/temp/kwinject.out
create environment variables
$ LDSHARED="kwwrap -o /temp/kwwrap.trace $(command -v gcc)"
$ CC="kwwrap -o /temp/kwwrap.trace $(command -v gcc)"
$ C++="kwwrap -o /temp/kwwrap.trace $(command -v g++)"
$ CMAKE="kwwrap -o /temp/kwwrap.trace $(command -v cmake)"
$ AR="kwwrap -o /temp/kwwrap.trace $(command -v ar) rc"
$ export CC C++ CMAKE AR LDSHARED
build with original command
$ cmake
use kwwrap with CMake and generate the trace
$ kwinject --trace-in /temp/kwwrap.trace --output kwinject.out
creating wrapper scripts
$ echo "kwwrap -r -o <path_to_kwwrap_trace_file> $(command -v gcc)" > $HOME/.hook/gcc
$ echo "kwwrap -r -o <path_to_kwwrap_trace_file> $(command -v g++)" > $HOME/.hook/g++
$ echo "kwwrap -r -o <path_to_kwwrap_trace_file> $(command -v cmake)" > $HOME/.hook/cmake
$ chmod +x $HOME/.hook/*
setup environment variables
$ export KWWRAP_HOOKS_DIR="$HOME/.hook"
$ export PATH=${KWWRAP_HOOKS_DIR}:${PATH}
build with original command
$ cmake # the original command
use kwwrap with CMake and generate the trace
$ kwinject --trace-in /temp/kwwrap.trace --output kwinject.out
[!NOTE|label:homepages:]
authentication
[!TIP|label:references:]
Failing authentication if host name is not found You can enable kwauth to fail authentication in the case where the server host name was not found in the certificate CN or Subject Alternative Name by setting the verifyCertificate option to true. Enabling this results in the following error message if the host name cannot be found:
Unable to authenticate using SSL with <url>
To set this value to true, create a 'client_config.xml' file in your {client_tools_install_folder}\config\ folder (if it does not already exist). The file must contain the following:
<?xml version="1.0" encoding="UTF-8"?> <params> <host resolveHost="false" verifyCertificate="true"/> </params>
Note that setting
resolveHost="false"
is not mandatory, but doing so can prevent the Klocwork Server from resolving the wrong FQDN as the Server will use whatever host you specify in a remote server URL.
[!NOTE|label:references:]
$ export KLOCWORK_LTOKEN=/home/marslo/.klocwork/ltoken
$ kwauth --url https://klocwork.domain.com:443
Login: marslo
Password: ****
$ cat /home/marslo/.klocwork/ltoen
klocwork.domain.com;443;marslo;abcdefg1234567**************************************************
import your projects and server settings
[!NOTE|label:references:]
api
# import project $ curl --data "action=import_project&user=myself&project=my_project&sourceURL=http://oldserver:8080&sourceAdmin=user&sourcePassword=pwd" http://local.klocwork.com:8080/review/api # import server configuration $ curl --data "action=import_server_configuration&user=myself&sourceURL=http://oldserver:8080&sourceAdmin=user&sourcePassword=pwd" http://local.klocwork.com:8080/review/api
cli
# import $ kwadmin import-config <project_name> <file> # i.e.: $ kwadmin import-config workspace C:\Klocwork\OurMetrics.mconf # export $ kwadmin export-config [options] <project-name> <server-file> <local-file> # i.e.: $ kwadmin export-config Toolbus ExportedOurMetrics.mconf C:\Klocwork\OurMetrics.mconf
# kwxsync import single project $ kwxsync [<options>] <project_name_1>|<project_URL_1> <project_name_2>|<project_URL_2> [...] # i.e.: $ kwxsync --url https://klocwork.domain.com:443 -f -c project project-backup
report
CI
[!NOTE|label:reference:]
pipeline {
agent any
environment {
KLOCWORK_URL = "http://localhost:8080"
KLOCWORK_PROJECT = "zlib-pipeline"
KLOCWORK_LICENSE_HOST = "flexlm-server"
KLOCWORK_LICENSE_PORT = "27000"
KLOCWORK_LTOKEN = ""
}
stages {
stage('Get src from git') {
steps {
git 'https://github.com/madler/zlib.git'
}
} // stage : clone code
stage('Klocwork Build') {
steps {
klocworkBuildSpecGeneration([
additionalOpts: '',
buildCommand: 'c:\\dev\\zlib-git.bat',
ignoreErrors: true,
output: 'kwinject.out',
tool: 'kwinject'
])
}
} // stage : klocwork build
stage('Klocwork Analysis') {
steps {
klocworkIntegrationStep1([
additionalOpts: '',
buildSpec: 'kwinject.out',
disableKwdeploy: true,
duplicateFrom: '',
enabledCreateProject: true,
ignoreCompileErrors: true,
importConfig: '',
incrementalAnalysis: false,
tablesDir: 'kwtables'
])
}
} // stage : klocwork analysis
stage('Klocwork Db-load') {
steps {
klocworkIntegrationStep2 reportConfig: [
displayChart: true,
query: 'status:Analyze'
],
serverConfig: [
additionalOpts: '',
buildName: '',
tablesDir: 'kwtables'
]
}
} // stage : klocwork db-load
stage('Build Failure Conditions') {
steps {
klocworkFailureCondition([
enableCiFailureCondition: true,
failureConditionCiConfigs: [[
withDiffList: true,
diffFileList: 'my_list.txt',
enableHTMLReporting: true,
name: 'one',
reportFile: '',
threshold: '1',]]
])
}
} // stage : build failure conditions
} // stages
} // pipeline
stage("full static code analysis") { steps{ echo "performance integration analysis" klocworkIntegrationStep1([ buildSpec: "${KLOCWORK_BUILDSPEC}", tableDir: "${KLONWORK_TABLES}", incrementalAnalysis : true, ignoreCompileErrors: false, importConfig : "", additionalOpts: "--replace-path ${WORKSPACE}=workspace", disableKwdeploy: true ]) } }
ssl
renew LDAP cert
[!NOTE|label:references:]
keytool and java :
/opt/Klocwork/Server/_jvm/bin
[SOLVED]-LDAPS : SIMPLE BIND FAILED-JAVA
- -djdk.tls.client.protocols=tlsv1 + -djdk.tls.client.protocols=tlsv1,tlsv1.1,tlsv1.2,tlsv1.3
$ keytool -import -alias ldaproot -file rootca.cer -keystore cacerts
$ keytool -import -alias ldapInter -file inter.cer -keystore cacerts
$ keytool -import -alias ldap -file ldap.cer -keystore cacerts
using a secure klocwork server connection
[!TIP] for klocwork 2020.4 Build 20.4.0.81
Create a self-signed keystore file
# from <server_install>, run the following command: # The keystore is saved into the Tomcat config directory at <projects_root>/tomcat/conf. $ _jvm/bin/keytool -genkeypair -alias tomcat \ -keyalg RSA \ -keystore <projects_root>/tomcat/conf/.keystore \ -dname "cn=<KlocworkServer_hostname>, ou=<your_organizational_unit>,o=<your_organization>" \ -keypass changeit \ -storepass changeit # i.e.: $ _jvm/bin/keytool -genkeypair -alias tomcat \ -keyalg RSA \ -keystore <projects_root>/tomcat/conf/.keystore \ -dname "cn=testserver.klocwork.com, ou=Development, o=Klocwork" \ -keypass changeit \ -storepass changeit
Configure the Klocwork Server to use SSL (manually)
$ grep klocwork.protocol <projects_root>/config/admin.conf - klocwork.protocol=http + klocwork.protocol=https $ grep Connector <projects_root>/tomcat/conf/server.template - <Connector port="$PORT" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="64" minSpareThreads="20" redirectPort="8443" acceptCount="200" connectionTimeout="20000" URIEncoding="UTF-8" compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla,traviata" compressableMimeType="text/html,text/xml,text/javascript" maxPostSize="-1" /> + <Connector port="$PORT" maxthreads="4-" minSpareThreads="20" maxSpareThreads="40" enableLooksups="false" redirectPort="8443" acceptCount="50" debug="0" connectionTimeout="20000" compression="on" compressionMinSize="2048" noCompressionUserAgents=".*MSIE.*,gozilla,traviata" compressableMimeType="text/html,text/xml" maxPostSize="0" />
restart klocwork service
[!TIP|label:see also:]
$ kwservice --projects-root <projects_root> stop $ kwservice --projects-root <projects_root> start # or $ kwservice --projects-root <projects_root> restart klocwork
verify
$ kwadmin --ssl --host klocwork.example.com -port 443 list-projects # same as $ kwadmin --url https://klocwork.example.com:443 list-projects
disabling the ssl connection
[!NOTE]
Simple bind failed error when trying to connect to Active Directory
simple bind failed: ad.hostname.com:636
import the ldap server public certificate directly into the klocwork keystore
# location <path_to_JVM_install>\_jvm\lib\security\cacerts
[!NOTE|label:references:]
Last updated
Was this helpful?