From 59016a40819cdff7d3cf0a1c52f1ce64689e9234 Mon Sep 17 00:00:00 2001 From: Artem Naluzhnyy Date: Sun, 11 Aug 2019 20:48:23 +0200 Subject: [PATCH] Add a workaround to suppress specified files from Coverity Scan analysis Re-implement temporary(?) non-functional filter to ignore specific source code parts by Coverity Scan using "--fs-capture-search-exclude-regex" CLI parameter of "cov-build" tool. This functionality is important to filter out e.g. node_modules or src/tests. Instead we can remove all specified files after we got local build results but before we send them to Coverity server. Issue-ID: CIMAN-260 Signed-off-by: Artem Naluzhnyy Change-Id: I1175b593966a8b8732aa3f6841e9c450766de752 --- shell/maven-coverity.sh | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/shell/maven-coverity.sh b/shell/maven-coverity.sh index f263963fe..51bd2733f 100644 --- a/shell/maven-coverity.sh +++ b/shell/maven-coverity.sh @@ -23,23 +23,29 @@ SUBMISSION_ATTEMPTS=5 SUBMISSION_INITIAL_REST_INTERVAL=30 # seconds, will be doubled after each attempt #----------------------------------------------------------------------------- -# Process parameters for JS/PHP/Ruby files analysis +# Process parameters for JS/TS/Python/Ruby/PHP files analysis -FS_CAPTURE_SEARCH_PARAMS='' if [ -n "${SEARCH_PATHS:=}" ]; then for SEARCH_PATH in ${SEARCH_PATHS}; do if [ -d "${SEARCH_PATH}" ]; then - FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search '${SEARCH_PATH}'" + FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS:=} --fs-capture-search '${SEARCH_PATH}'" else echo "'${SEARCH_PATH}' from \$SEARCH_PATHS is not an existing directory." >&2 exit 1 fi done -fi -for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do - FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'" -done + for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do + EXCLUDE_REGEX=${EXCLUDE_REGEX//\'/\'\\\'\'} # escape single quote "'" + FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'" + + # FIXME: a hack to deal with temporary(?) non-functional filter to ignore + # specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex" + # CLI parameter for "cov-build" tool). The hack can be removed when this CLI + # parameter is fixed on Coverity side. + FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS="${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=} --tu-pattern 'file('\\''${EXCLUDE_REGEX}'\\'')'" + done +fi #----------------------------------------------------------------------------- # Check if we are allowed to submit results to Coverity Scan service @@ -120,7 +126,8 @@ export MAVEN_OPTS eval cov-build \ --dir 'cov-int' \ - ${FS_CAPTURE_SEARCH_PARAMS} \ + --append-log \ + ${FS_CAPTURE_SEARCH_PARAMS:=} \ "${MVN}" clean install \ --errors \ --global-settings "${GLOBAL_SETTINGS_FILE}" \ @@ -128,10 +135,23 @@ eval cov-build \ ${MAVEN_OPTIONS:=} \ ${MAVEN_PARAMS:=} +# FIXME: a hack to deal with temporary(?) non-functional filter to ignore +# specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex" +# CLI parameter for "cov-build" tool). The hack can be removed when this CLI +# parameter is fixed on Coverity side. +if [ -n "${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=}" ]; then + eval cov-manage-emit \ + --dir 'cov-int' \ + ${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS} \ + delete +fi + +# Extract git data for analysed files cov-import-scm \ --dir 'cov-int' \ --scm 'git' +# List all analysed files from the project cov-manage-emit \ --dir cov-int \ list \ @@ -140,6 +160,7 @@ cov-manage-emit \ '^Translation unit:$' \ | sed \ 's!^[[:digit:]]\+ -> !!' \ +| sort \ > 'coverity-scan-analysed-files.log' #----------------------------------------------------------------------------- -- 2.16.6