This topic explains how to manually suppress Parasoft findings in source code or in a suppression file. See Suppressing Findings in the GUI for information about suppressing findings using the UI of your IDE.
Introduction
You can prevent C/C++test from reporting specific static analysis findings by defining suppressions. Suppressions are useful when you generally follow a rule, but decide to ignore specific occurrences of the reported finding. If you do not want to receive findings for any violations of a specific rule, disable the rule in the test configuration.
Defining Suppressions in Source Code
Suppression schemes can be defined in the source code with the syntax specified below.
Line Suppression
Line suppression allows for suppressing violations in a single line. The suppression comment must be specified at the end of the line of code where the violation occurs, using the following syntax:
// parasoft-suppress <rule-id>|<rule-category>|ALL "<suppression comment>"
Examples:
int proc1(bool a, bool b, int i)
{
if (a | b) // parasoft-suppress CERT_C "suppress all rules in category CERT_C"
if (b = a)// parasoft-suppress CERT_C-EXP45 "suppress rule CERT_C-EXP45"
{
std::string emptyString1 = ""; // parasoft-suppress JSF-3 "suppress all rules in category Joint Strike Fighter with severity level 3"
}
else
{
std::string emptyString2 = ""; // parasoft-suppress CERT_C-DCL00 JSF-043 JSF-051 "suppress multiple rules"
}
return i++; // parasoft-suppress ALL "suppress all rules"
}
Next Line Suppression
Next line suppression allows for suppressing violations in a single line. The suppression comment must be specified just before the line of code where the violation occurs, using the following syntax:
// parasoft-suppress-next-line <rule-id>|<rule-category>|ALL "<suppression comment>"
Other comments or empty lines are not allowed between the suppression comment and the line that contains the suppressed findings. The only exception is when a list of next line suppressions is specified:
// parasoft-suppress-next-line AUTOSAR-A7_1_1-a "reason for suppression AUTOSAR-A7_1_1-a" // parasoft-suppress-next-line AUTOSAR-A7_1_1-b "reason for suppression AUTOSAR-A7_1_1-b" // parasoft-suppress-next-line AUTOSAR-A8_5_2-a "reason for suppression AUTOSAR-A8_5_2-a" ... code line ...
Examples:
int proc1(bool a, bool b, int i)
{
// parasoft-suppress-next-line CERT_C "suppress all rules in category CERT_C"
if (a | b)
// parasoft-suppress-next-line CERT_C-EXP45 "suppress rule CERT_C-EXP45"
if (b = a)
{
// parasoft-suppress-next-line JSF-3 "suppress all rules in category Joint Strike Fighter with severity level 3"
std::string emptyString1 = "";
}
// parasoft-suppress-next-line ALL "suppress all rules"
return i++;
}
Block Suppression
Block suppression allows for suppressing violations in a block of code. The suppression begin/end comments must be specified before/after the block of code where the violations occur, using the following syntax:
// parasoft-begin-suppress <rule-id>|<rule-category>|ALL "<suppression comment>" ... code block ... // parasoft-end-suppress <rule-id>|<rule-category>|ALL "<suppression comment>"
Examples:
int proc2(bool a, bool b, int i)
{
// parasoft-begin-suppress CERT_C "begin suppress all rules in category CERT_C"
if (a | b)
if(b = a)
// parasoft-end-suppress CERT_C "end suppress all rules in category CERT_C"
{
std::string emptyString1 = "";
}
return i++;
}
int proc3(bool a, bool b, int i)
{
if (a | b)
// parasoft-begin-suppress CERT_C-EXP45 "begin suppress rule CERT_C-EXP45"
if(b = a)
// parasoft-end-suppress CERT_C-EXP45 "end suppress rule CERT_C-EXP45"
{
std::string emptyString1 = "";
}
return i++;
}
int proc4(bool a, bool b, int i)
{
// parasoft-begin-suppress JSF-3 "begin suppress all rules in category Joint Strike Fighter with severity level 3"
if (a | b)
if(b = a)
{
std::string emptyString1 = "";
}
return i++;
// parasoft-end-suppress JSF-3 "end suppress all rules in category Joint Strike Fighter with severity level 3"
}
// parasoft-begin-suppress ALL "begin suppress all rules"
int proc5(bool a, bool b, int i)
{
if (a | b)
if(b = a)
{
std::string emptyString1 = "";
}
return i++;
}
// parasoft-end-suppress ALL "end suppress all rules"
To suppress multiple rules in a file, include the following at the beginning/end of the file:
// parasoft-begin-suppress CERT_C-DCL00 JSF-043 JSF-051 "begin suppress multiple rules" ..... // parasoft-end-suppress CERT_C-DCL00 JSF-043 JSF-051 "end suppress multiple rules"
Defining Suppressions in Suppression Files
You can suppress the reporting of selected findings by creating parasoft.suppress files that specify the attributes of findings you want to suppress. A suppression file should be located in the same directory as the source file that contains the findings.
We recommend that suppression files be checked in your source control system. This allows you to share information about suppressions with other team members and easily review the suppressions on a branch in your SCM repository before merging the code into the main stream of development, such as "master", "trunk", etc.
Use the following format to add suppression entries to parasoft.suppress files:
suppression-begin file: Account.cpp (required) line: 12 (optional) rule-id: CODSTA-123 (optional) message: Exact violation message (optional) reason: Approved (optional) author: devel (optional) date: 2020-09-21 (optional) suppression-end
Example:
At a minimum, you must specify the source file where the problem was detected. This will suppress all findings reported for the specified file. In the following example, all findings detected in the Account file will be suppressed:
suppression-begin file: Account.cpp reason: false positive suppression-end
suppression-begin file: Account.cpp rule-id: PB.TYPO.TLS suppression-end
Notes on Attributes
- It is a good practice to specify the reason for suppression.
- The
lineattribute should be used with caution as it may invalidate the suppression if the code is moved to another line when the source file is modified.
Defining Line Suppressions Based on Regex Patterns
You can configure C/C++test to automatically suppress static rule violations that are detected on lines that match a regular expression pattern. This may be useful when you want to suppress findings that are difficult to suppress using the in-line or in-code suppressions, such as Qt macros.
You can specify the regex patterns by the configuring the following options in your .properties file or in the command line (see Configuration Overview):
cpptest.result.line.suppressions.enabled=true // Enables creating regex-based suppressions. cpptest.result.line.suppressions.pattern=[regex<rule-id|rule-category|ALL>;regex<rule-id|rule-category|ALL>] // Specifies a semicolon-separated list of regex patterns.
Note: The <> brackets are only required if you want to specify rules. The rule specifiers can also be comma-separated list.
Static rule violations that occur on lines that match the configured regex pattern(s) will be suppressed. For example, the following configuration will suppresses all findings detected on code lines that contain "Q_" anywhere on the line:
cpptest.result.line.suppressions.enabled=true cpptest.result.line.suppressions.pattern=.*Q_.*<OPT>
