Tutorial - Creating a taxonomy and viewing the results
In this topic: |
Tutorial - Creating a taxonomy and viewing the results
This tutorial shows you how to:
- set up a taxonomy in Klocwork Static Code Analysis to support an internal coding policy
- apply the taxonomy in Klocwork Static Code Analysis and connected desktops
You need the "Change project settings" permission to perform these tasks.
For more information on taxonomies and using the Configuration Editor, see Configuring checkers for the integration build analysis.
Our example company has a policy to flag and eliminate all Null-Pointer Dereference (NPD) issues, all Buffer Overflow (ABR and ABV) issues, and two specific security vulnerabilities: SV.INCORRECT_RESOURCE_HANDLING.URH and SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS.
Setting up the Company Policy taxonomy
First, we need to set up the Company Policy taxonomy in the Configuration Editor.
- Launch the standalone Taxonomy Editor.
- The Taxonomy Editor appears.
- Right-click any white space and click New taxonomy.
- In the Create new taxonomy dialog, enter "Company Policy" and click OK.
- Expand the C and C++ taxonomy.
- Ctrl-click the Buffer Overflow and Null Pointer Dereference categories.
- Right-click and select Copy.
- Right-click Company Policy and select Paste.
- Now, we're going to add two security vulnerability checkers to the taxonomy.
- Right-click Company Policy and select Add issue.
- In the Issue code field, start typing SV.IN.
- Autocompletion fills in the rest of the name and suggests checkers matching your entry.
- Select SV.INCORRECT_RESOURCE_HANDLING.URH and click OK .
- Repeat the previous two steps, but this time select SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS.
- Click OK and save your new taxonomy file somewhere you can find it.
- Log in to Klocwork Static Code Analysis.
- In Klocwork Static Code Analysis's project list, click the project you want to upload the file to.
- The project details appear.
- In the project details, click Configuration.
- On the Configuration page, click Add a configuration file.
- In the Choose file dialog, browse to:
- <projects_root>/projects/<project_name>/rules/<yourtaxonomyfile>.tconf (or wherever you chose to save your taxonomy file)
- where<project_name> is the project whose configuration you want to copy.
- Click Upload.
- Your new Company Policy taxonomy appears in the tree.
- Expand the Company Policy taxonomy and make sure that all the NPD and ABV checkers are enabled.
- Add a check to SV.INCORRECT_RESOURCE_HANDLING.URH and SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS to enable them.
- Click
to save your changes.
Now we'll use our taxonomy in Klocwork Static Code Analysis.
Using the taxonomy in Klocwork Static Code Analysis for report and issue management
We'll create a view, so that you will see only issues in the Company Policy taxonomy.
- In Klocwork Static Code Analysis's project list, click the project you configured.
- Click views.
- On the Views page, click Create a new view.
- In the text field, enter "Company Policy".
- In the Search field, enter:
- taxonomy:"Company Policy"
- Select the public checkbox. This will make the view available to all users with access to this project.
- Click Create to save your view.
- Your view appears in the list. Note that the number of open issues for the Company Policy view is different from the default view.
-
- Click the link for open issues within the Company Policy view.
- Note that the Company Policy view is visible in the breadcrumb, and you can easily switch to another view.
-
- Click reports on the upper right.
- Note that report data is also filtered by the Company Policy view.
- Click Top 10 Open Issues.
- The report shows only issues of the types we included in the Company Policy taxonomy.
-
Grouping and filtering by taxonomy in connected desktops
Connected desktop users can filter and group issues by taxonomy to get a clearer picture of how they're performing against the Company Policy. For this example, we'll use Visual Studio 2008.
Grouping by taxonomy
You can group issues by taxonomy to get a picture of how issues are distributed across multiple taxonomies by clicking the icon.
You'll see issues distributed across taxonomies. If the same issue is detected in more than one taxonomy, you'll see it listed under each applicable taxonomy.
Filtering by taxonomy
If you want to see only issues for a specific taxonomy, filtering by taxonomy is the way to do this.
- Click the
filter icon.
- Note for Visual Studio users: The filter icon filters local issues only. Use the Taxonomy list to filter by taxonomy.
- Under Taxonomies, deselect all but Company Policy.
- Click OK.
The only issues you see listed are of the types included in the Company Policy taxonomy.