Kinook Software Forums

Kinook Software Forums (http://www.kinook.com/Forum/index.php)
-   [VBP] Third Party Tools (http://www.kinook.com/Forum/forumdisplay.php?f=3)
-   -   VBP and HP Fortify (http://www.kinook.com/Forum/showthread.php?t=5194)

James.Mathews 08-14-2013 03:27 PM

VBP and HP Fortify
 
I am using VBP 7.7a

Is there a way to turn off quotation marks around the default location of the Devenv / MSBuild / VCBuild?

Is there a way to turn off escape characters around the same? similar to:{Tools\Application Options\Logging(More)\"Escape special characters in step output macros"}

Alternatively is there a way to keep VBP from inserting "&&" after "Command to run before main command"?

Also how does VBP determine the default location of devenv?

Thank you,
James Mathews

kinook 08-14-2013 04:05 PM

Quote:

Originally Posted by James.Mathews (Post 20478)
I am using VBP 7.7a

Is there a way to turn off quotation marks around the default location of the Devenv / MSBuild / VCBuild?

If the executable path+filename contains spaces, quotes are required and will be included. If the filename doesn't contain spaces, quotes are not required and will not be included.

Quote:

Is there a way to turn off escape characters around the same? similar to:{Tools\Application Options\Logging(More)\"Escape special characters in step output macros"}
What escape characters? Please provide more info.
http://www.kinook.com/Forum/showthread.php?t=3044

Quote:

Alternatively is there a way to keep VBP from inserting "&&" after "Command to run before main command"?
No -- that is required syntax for executing multiple commands at once.
http://www.microsoft.com/resources/d....mspx?mfr=true

Quote:

Also how does VBP determine the default location of devenv?
The Make VS* actions determine the version of the solution/project being built and attempt to locate the corresponding version of devenv.com.

James.Mathews 08-14-2013 04:47 PM

Quote:

Originally Posted by kinook (Post 20480)
If the executable path+filename contains spaces, quotes are required and will be included. If the filename doesn't contain spaces, quotes are not required and will not be included.

I need to override this behavior. I need to end up with something like this:
{[1]"}sourceanalyzer{[1]"} -b %someBuildID% {[2]"}%devenv%{[2]"} {[3]"}%solutionToCompile%{[3]"} %anyBuildVariables%
where {[x]"} indicate quotes that follow the behavior you outlined and x indicates a set (both must be either present or absent.)


Quote:

Originally Posted by kinook (Post 20480)
What escape characters?

I include a quote in the override devenv path, something like this:
"sourceanalyzer -b %buildID% "%devenv%
hoping for:
""sourceanalyzer -b someBuildID "pathtodevenv\devenv.com" ....
but getting:
"\"sourceanalyzer -b someBuildID \"pathtodevenv\devenv.com" ....

Quote:

Originally Posted by kinook (Post 20480)
No -- that is required syntax for executing multiple commands at once.
http://www.microsoft.com/resources/d....mspx?mfr=true

I understand, but I need to pass:
%devenv% %solutionToCompile% %anyBuildVariables%
as parameters to sourceanalyzer -b %buildID%



Quote:

Originally Posted by kinook (Post 20480)
The Make VS* actions determine the version of the solution/project being built and attempt to locate the corresponding version of devenv.com.

yes, but where does Make VS* get the information? If it is the registry I can set a Write Registry at the beginning of each section of the script to change it to:
sourceanalyzer -b %buildID% %correctDEVENV%
and reset it afterwards. Using this solution I would still need to overcome the quotation issue from above, but would save me a lot of time modifying each step by hand.



Also before you sugest using something like "Run Script" let me explain my situation...

To give you a idea of the size of the project, using VBP it takes over 14 hours to compile, one of the 2 current versions of this software utilize VB6 and VS2010, the other version uses VS2010, vs2008, VS2005, and VB6 (it is the older version). The older version has over 2000 steps, the newer is segmented across ~40 build files.

In addition, we are not the developers, we provide software assurance on these products for the US Govt. Every time the developer drops new software, we provide static code analysis and regression testing on it. They use VBP 7.7a, and every time there is a new drop we get a new set of build files.

Thank you for your assistance,
James Mathews

kinook 08-14-2013 05:25 PM

There isn't a way to prevent quoting of the devenv command or escaping of additional extra quote characters added to a command.

Locating devenv.com does use registry lookups, but it's fairly involved for the various versions, bitness of Windows, fallback to App Paths, etc.

I think you might need to use a Run Program action and call sourceanalyzer directly. You could use the object model to iterate over all Make VS steps in the projects and create matching Run Program steps calling sourceanalyzer.
http://www.kinook.com/VisBuildPro/Ma...bjectmodel.htm
http://www.kinook.com/VisBuildPro/Ma...riptsample.htm

Another possibility might be to create your own custom executable that calls sourceanalyzer, and specify that executable in the Override field on the Options tab of the Make VS action.
http://www.kinook.com/VisBuildPro/Ma...optionstab.htm

James.Mathews 08-14-2013 05:32 PM

Quote:

Originally Posted by kinook (Post 20480)
I think you might need to use a Run Program action and call sourceanalyzer directly. You could use the object model to iterate over all Make VS steps in the projects and create matching Run Program steps calling sourceanalyzer

I will look into this.

Quote:

Another possibility might be to create your own custom executable that calls sourceanalyzer, and specify that executable in the Override field on the Options tab of the Make VS action.
http://www.kinook.com/VisBuildPro/Ma...optionstab.htm
I have considered this approach, was hoping to avoid it.

Is there any possibility of integrating Fortify into future versions of VBP? Say a check box in the to turn it on and a textbox to enter a build id in the various Make VS* actions?

It won't help me now but down the road it probably will (up to the developer)

Thank you,

James Mathews

kinook 08-14-2013 09:09 PM

Possibly. Does the vendor provide a trial download or online documentation for the product?

James.Mathews 08-15-2013 07:40 AM

Quote:

Originally Posted by kinook (Post 20486)
Possibly. Does the vendor provide a trial download or online documentation for the product?

I just sent a email to my HP contact, we'll see what he says.

kinook 10-25-2013 04:13 PM

In the latest build (8.5.0.1), there is a new Prefix main command option on the Advanced tab of Run Program and derived actions to prefix the main command instead of running as a separate command (&&), which should allow you to call sourceanalyzer from a Make VS* action.


All times are GMT -5. The time now is 08:41 AM.


Copyright 1999-2019 Kinook Software, Inc.