klocwork

reference:

environment

reference:

analysis

issue severity

  • 1 - Critical

  • 2 - Error

  • 3 - Warning

  • 4 - Review

  • 5 - Severity 5

  • 6 - Severity 6

  • 7 - Severity 7

  • 8 - Severity 8

  • 9 - Severity 9

  • 10 - Severity 10

initial a klocwork analysis

sample code

  • capture build settings

    $ kwinject --output "<.out_path>" <original build command>

    • i.e.:

      $ kwinject --output "~/npp/npp.out" devenv "~/npp/PowerEditor/visual.net/notepadPlus.sln" /Rebuild

  • run an analysis using the build spec

    $ kwbuildproject --url "<kw_url:kw_port>/<project_name>" \
                 --tables-directory "<table_path>" \
                 "<.out_path>"

    • i.e.:

      $ kwbuildproject --url "http://klocwork.domain.com/NotepadPlusPlus" --tables-directory "~/npp/npp_tables" "~/npp/npp.out"

  • load the database

    $ kwadmin --url "<kw_url:kw_port>" \
          load "<project_name>" \
          "<table_path>"

    • i.e.:

      $ kwadmin --url "http://klocwork.domain.com" load "NotepadPlusPlus" "~/npp/npp_tables"

    • debug for authentication issue

      $ kwadmin --debug --url <Klocwork server url> list-projects

      • logout via

        $ kwauth --log-out

full build analysis

sample code

  • re-create the build spec

    $ kwinject --output "~/kw.out" <regular command line>

    • i.e.

      $ kwinject --output "~/npp/npp.out" devenv "~/npp/PowerEditor/visual.net/notepadPlus.sln" /Rebuild

  • force a full analysis

    $ kwbuildproject --url "<kw_url:kw_port>/<project_name>" \
                 --tables-directory "<table_path>" \
                 --force "<.out file>"

    • i.e.:

      $ kwbuildproject --url "http://klocwork.domain.com/NotepadPlusPlus" --tables-directory "~/npp/npp_tables" --force "~/npp/npp.out"

  • load the result

    $ kwadmin --url "<kw_url:kw_port>" \
          load "<project_name>" \
          "<table_path>"

    • i.e.:

      $ kwadmin --url http://klocwork.domain.com/ load NotepadPlusPlus "~/npp/npp_tables"

incremental build analysis

sample code

  • update the build settings

    $ kwinject --update "<.out_path>" <original build command>

    • i.e.:

      $ kwinject --update "~/npp/npp.out" devenv "~/npp/PowerEditor/visual.net/notepadPlus.sln" /Build

  • execute the incremental analysis

    $ kwbuildproject --url "<kw_url:kw_port>/<project_name>" \
                 --tables-directory "<table_path>" \
                 --incremental "<table_path>"

    • i.e.:

      $ kwbuildproject --url "http://klocwork.domain.com/NotepadPlusPlus" --tables-directory "~/npp/npp_tables" --incremental "~/npp/npp_tables"

  • load the result

    $ kwadmin --url "<kw_url:kw_port>" \
          load "<project_name>" \
          "<table_path>"

    • i.e.:

      $ kwadmin --url "http://klocwork.domain.com" load NotepadPlusPlus "~/npp/npp_tables"

load result from both windows and linux

sample code kwbuildproject

  • create an integration project on kw server via command line

    $ kwadmin --url "<kw_url:kw_port>" \
          create-project "<project_name>"

    • i.e.:

      $ kwadmin --url http://klocwork.domain.com create-project NotepadPlusPlus

  • capture build settings on linux machine

    $ kwinject --output "<.out_path>" <original build command>

    • i.e.:

      $ kwinject --output "~/npp/npp.out" make

  • run an analysis using the build spec on linux

    $ kwbuildproject --url "<kw_url:kw_port>/<project_name>" \
                [--project "<project_name>"]
                 --tables-directory "<table_path>" \
                 "<.out_path>"

    • i.e.:

      $ kwbuildproject --url "http://klocwork.domain.com/NotepadPlusPlus" \
                 --tables-directory "~/npp/npp_tables" \
                 "~/npp/npp.out"

    • load multiple specification

      $ kwbuildproject --tables-directory <dir> \
                 [--url http://<klocwork_server_host>:<klocwork_server_port>/<server_project>] \
                 [<other_options>] \
                 <build_specification_1> [<build_specification_2>...]

  • load the database on windows

    $ kwadmin --url "<kw_url:kw_port>" \
          load "<project_name>" \
          "<table_path>"

    • i.e.:

      $ kwadmin --url "http://klocwork.domain.com/NotepadPlusPlus" \
          load NotepadPlusPlus \
          "~/npp/npp_tables"

using kwwrap plus kwinject to generate a build specification

reference:

Note: For distributed builds, you must run the following procedure on all build machines and merge the resultant build trace files.

  1. inserting the kwwrap command line before your compiler and linker names

CC = gcc

convert to

CC = kwwrap -o <path_to_kwwrap_trace_file> gcc
// or
CC = kwwrap -o <path_to_kwwrap_trace_file> $(command -v gcc)

or via creating wrapper scripts

  1. execute the original build command

  2. Convert the build trace into a build specification with kwinject

$ kwinject --trace-in <path_to_kwwrap_trace_file> \
           --output <path_to_kwinject_output_file>

  • i.e.:

    $ kwinject --trace-in C:/temp/kwwrap.trace \
           --output C:/Klocwork/temp/kwinject.out

when editing the makefile is not an option

i.e.: <path_to_kwwrap_trace_file> is /temp/kwwrap.trace

using environment variables

  1. create environment variables

$ LDSHARED="kwwrap -o /temp/kwwrap.trace $(command -v gcc)"
$ CC="kwwrap -o /temp/kwwrap.trace $(command -v gcc)"
$ C++="kwwrap -o /temp/kwwrap.trace $(command -v g++)"
$ CMAKE="kwwrap -o /temp/kwwrap.trace $(command -v cmake)"
$ AR="kwwrap -o /temp/kwwrap.trace $(command -v ar) rc"
$ export CC C++ CMAKE AR LDSHARED

  1. build with original command

$ cmake

  1. use kwwrap with CMake and generate the trace

$ kwinject --trace-in /temp/kwwrap.trace --output kwinject.out

using wrapper scripts

  1. creating wrapper scripts

$ echo "kwwrap -r -o <path_to_kwwrap_trace_file> $(command -v gcc)" > $HOME/.hook/gcc
$ echo "kwwrap -r -o <path_to_kwwrap_trace_file> $(command -v g++)" > $HOME/.hook/g++
$ echo "kwwrap -r -o <path_to_kwwrap_trace_file> $(command -v cmake)" > $HOME/.hook/cmake
$ chmod +x $HOME/.hook/*

  1. setup environment variables

$ export KWWRAP_HOOKS_DIR="$HOME/.hook"
$ export PATH=${KWWRAP_HOOKS_DIR}:${PATH}

  1. build with original command

$ cmake # the original command

  1. use kwwrap with CMake and generate the trace

$ kwinject --trace-in /temp/kwwrap.trace --output kwinject.out

authentication

[!TIP] references:

Failing authentication if host name is not found You can enable kwauth to fail authentication in the case where the server host name was not found in the certificate CN or Subject Alternative Name by setting the verifyCertificate option to true. Enabling this results in the following error message if the host name cannot be found: 

Unable to authenticate using SSL with <url>

To set this value to true, create a 'client_config.xml' file in your {client_tools_install_folder}\config\ folder (if it does not already exist). The file must contain the following:

<?xml version="1.0" encoding="UTF-8"?>
   <params>
     <host resolveHost="false" verifyCertificate="true"/>
   </params>

Note that setting resolveHost="false" is not mandatory, but doing so can prevent the Klocwork Server from resolving the wrong FQDN as the Server will use whatever host you specify in a remote server URL.

ltoken is used to authenticate users with tools such as kwbuildproject:

  • Windows:C:\Users<user_name>.klocwork\ltoken

  • Unix:~/.klocwork/ltoken

  • Mac:~/.klocwork/ltoken If there is no ltoken file in your .klocwork directory, run kwauth to generate the file.

get ltoken

[!NOTE|label:references:]

$ export KLOCWORK_LTOKEN=/home/marslo/.klocwork/ltoken
$ kwauth --url https://klocwork.domain.com:443
Login: marslo
Password: ****
$ cat /home/marslo/.klocwork/ltoen
klocwork.domain.com;443;marslo;abcdefg1234567**************************************************

import your projects and server settings

[!NOTE|label:references:]

  • api

    # import project
$ curl --data "action=import_project&user=myself&project=my_project&sourceURL=http://oldserver:8080&sourceAdmin=user&sourcePassword=pwd" http://local.klocwork.com:8080/review/api

# import server configuration
$ curl --data "action=import_server_configuration&user=myself&sourceURL=http://oldserver:8080&sourceAdmin=user&sourcePassword=pwd" http://local.klocwork.com:8080/review/api

  • cli

    # import
$ kwadmin import-config <project_name> <file>
# i.e.:
$ kwadmin import-config workspace C:\Klocwork\OurMetrics.mconf

# export
$ kwadmin export-config [options] <project-name> <server-file> <local-file>
# i.e.:
$ kwadmin export-config Toolbus ExportedOurMetrics.mconf C:\Klocwork\OurMetrics.mconf
    # kwxsync import single project
$ kwxsync [<options>] <project_name_1>|<project_URL_1> <project_name_2>|<project_URL_2> [...]

# i.e.:
$ kwxsync --url https://klocwork.domain.com:443 -f -c project project-backup

report

creating a report

CI

reference:

Jenkinsfile

pipeline {
  agent any

  environment {
    KLOCWORK_URL = "http://localhost:8080"
    KLOCWORK_PROJECT = "zlib-pipeline"
    KLOCWORK_LICENSE_HOST = "flexlm-server"
    KLOCWORK_LICENSE_PORT = "27000"
    KLOCWORK_LTOKEN = ""
  }

  stages {
    stage('Get src from git') {
      steps {
        git 'https://github.com/madler/zlib.git'
      }
    } // stage : clone code

    stage('Klocwork Build') {
      steps {
        klocworkBuildSpecGeneration([
          additionalOpts: '',
          buildCommand: 'c:\\dev\\zlib-git.bat',
          ignoreErrors: true,
          output: 'kwinject.out',
          tool: 'kwinject'
        ])
      }
    } // stage : klocwork build

    stage('Klocwork Analysis') {
      steps {
        klocworkIntegrationStep1([
          additionalOpts: '',
          buildSpec: 'kwinject.out',
          disableKwdeploy: true,
          duplicateFrom: '',
          enabledCreateProject: true,
          ignoreCompileErrors: true,
          importConfig: '',
          incrementalAnalysis:       false,
          tablesDir: 'kwtables'
        ])
      }
    } // stage : klocwork analysis

    stage('Klocwork Db-load') {
      steps {
        klocworkIntegrationStep2 reportConfig: [
                                   displayChart: true,
                                   query: 'status:Analyze'
                                 ],
                                 serverConfig: [
                                   additionalOpts: '',
                                   buildName: '',
                                   tablesDir: 'kwtables'
                                 ]
      }
    } // stage : klocwork db-load

    stage('Build Failure Conditions') {
      steps {
        klocworkFailureCondition([
          enableCiFailureCondition: true,
          failureConditionCiConfigs: [[
            withDiffList: true,
            diffFileList: 'my_list.txt',
            enableHTMLReporting: true,
            name: 'one',
            reportFile: '',
            threshold: '1',]]
        ])
      }
    } // stage : build failure conditions
  } // stages
} // pipeline

  • full static code analysis

    stage("full static code analysis") {
  steps{
    echo "performance integration analysis"
    klocworkIntegrationStep1([
      buildSpec: "${KLOCWORK_BUILDSPEC}",
      tableDir: "${KLONWORK_TABLES}",
      incrementalAnalysis : true,
      ignoreCompileErrors: false,
      importConfig : "",
      additionalOpts: "--replace-path ${WORKSPACE}=workspace",
      disableKwdeploy: true
    ])
  }
}

ssl

renew LDAP cert

[!NOTE|label:references:]

$ keytool -import -alias ldaproot  -file rootca.cer -keystore cacerts
$ keytool -import -alias ldapInter -file inter.cer  -keystore cacerts
$ keytool -import -alias ldap      -file ldap.cer   -keystore cacerts

using a secure klocwork server connection

[!TIP] for klocwork 2020.4 Build 20.4.0.81

  • Create a self-signed keystore file

    # from <server_install>, run the following command:
# The keystore is saved into the Tomcat config directory at <projects_root>/tomcat/conf.
$ _jvm/bin/keytool -genkeypair -alias tomcat \
                   -keyalg RSA \
                   -keystore <projects_root>/tomcat/conf/.keystore \
                   -dname "cn=<KlocworkServer_hostname>, ou=<your_organizational_unit>,o=<your_organization>" \
                   -keypass changeit \
                   -storepass changeit

# i.e.:
$ _jvm/bin/keytool -genkeypair -alias tomcat \
                   -keyalg RSA \
                   -keystore <projects_root>/tomcat/conf/.keystore \
                   -dname "cn=testserver.klocwork.com, ou=Development, o=Klocwork" \
                   -keypass changeit \
                   -storepass changeit

  • Configure the Klocwork Server to use SSL (manually)

    
$ grep klocwork.protocol <projects_root>/config/admin.conf
- klocwork.protocol=http
+ klocwork.protocol=https

$ grep Connector <projects_root>/tomcat/conf/server.template
-  <Connector port="$PORT" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="64" minSpareThreads="20" redirectPort="8443" acceptCount="200" connectionTimeout="20000" URIEncoding="UTF-8" compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla,traviata" compressableMimeType="text/html,text/xml,text/javascript" maxPostSize="-1" />
+  <Connector port="$PORT" maxthreads="4-" minSpareThreads="20" maxSpareThreads="40" enableLooksups="false" redirectPort="8443" acceptCount="50" debug="0" connectionTimeout="20000" compression="on" compressionMinSize="2048" noCompressionUserAgents=".*MSIE.*,gozilla,traviata" compressableMimeType="text/html,text/xml" maxPostSize="0" />

  • restart klocwork service

    [!TIP|label:see also:]

    $ kwservice --projects-root <projects_root> stop
$ kwservice --projects-root <projects_root> start

# or
$ kwservice --projects-root <projects_root> restart klocwork

  • verify

    $ kwadmin --ssl --host klocwork.example.com -port 443 list-projects
# same as
$ kwadmin --url https://klocwork.example.com:443 list-projects

  • disabling the ssl connection

    [!NOTE]

    • Simple bind failed error when trying to connect to Active Directory

      simple bind failed: ad.hostname.com:636

    1. import the ldap server public certificate directly into the klocwork keystore

    # location
<path_to_JVM_install>\_jvm\lib\security\cacerts

    1. ask your LDAP administrator to set this extension of your LDAP server certificate to non-critical

    [!NOTE|label:references:]

Previousnginx certNextkwadmin

Last updated