Section 3. Ensuring a Working Build Environment

Previous page
Table of content
Next page

3. Ensuring a Working Build Environment

To make it easy to integrate the Source Code Analysis Engine into your environment, the SCA Engine uses the same conventions as the tools you use to compile and build the application. The purpose of this exercise is to ensure that you are comfortable within your existing build environment before you attempt to integrate source analysis.

For analyzing C and C++ programs, ensure that there is a compiler supported by Fortify Software installed on your computer. (See the README.txt on the CD for a list of supported compilers.)

This exercise assumes that you are using gcc to compile C and C++. If you are using Windows and have not yet installed a supported compiler (such as Microsoft cl), you can install gcc as part of Cygwin <http://www.cygwin.com/>.

Depending on how you typically build your project, it is likely that you will also need a build tool, such as make or ant, installed on your computer.

Typical compilers and linkers search for and resolve certain symbols when building a working program. The SCA Engine is similar to a "security compiler" that operates on the source code base. As such, the SCA Engine functions optimally when it can resolve all of the symbols found in the program.

The more code you analyze, the more comprehensive the results will be. C, C++, and .NET projects must compile completely in order for the SCA Engine to analyze them successfully. However, the architecture of the SCA Engine does make it capable of analyzing individual or incomplete Java files if you choose to do soalbeit at the cost of reduced accuracy due to the unresolved symbols.

  1. Verify that you can compile a simple program without any errors.

    • For C and C++ source code:

      • Change to the following directory:

        Install_Directory/Samples/basic/stackbuffer

      • Enter the following command:

        gcc stackbuffer.c

    • For Java source code:

      • Change to the following directory:

        Install_Directory/Samples/basic/eightball

      • Enter the following command:

        javac EightBall.java

    • For .NET projects:

      • Open the following file in Visual Studio .NET:

        Install_Directory\Samples\advanced\csharp\Sample1\ Sample1.sln

      • Verify that the project is configured to build in debug mode.

      • Choose Rebuild Solution from the Build menu.

  2. Ensure that you can successfully build the project that you plan to use for source code analysis.

    • For C and C++ projects, you typically run the make or nmake utility.

    • For Java projects, you typically use ant.

    • For .NET projects, you typically use Visual Studio.



Previous page
Table of content
Next page
Software Security. Building Security In
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
Year: 2004
Pages: 154
Authors: Gary McGraw
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Special Edition Using Crystal Reports 10
File System Forensic Analysis
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy