...
| Code Block |
|---|
// parasoft-suppress <rule-id>|<rule-category>|ALL "<suppression comment>" |
Examples:
| Code Block |
|---|
int proc1(boolean a, boolean b, int i)
{
if (a | b) // parasoft-suppress |
...
CWE "suppress all rules in category |
...
CWE"
if (b = a) // parasoft-suppress |
...
...
...
...
ASI"
{
String emptyString1 = ""; // parasoft-suppress |
...
...
3 "suppress all rules in category |
...
...
3"
}
else
{
String emptyString2 = ""; // parasoft-suppress |
...
SECURITY.WSC.SL BD.PB.VOVR CWE.563.VOVR "suppress |
...
...
}
return i++; // parasoft-suppress ALL "suppress all rules"
} |
| Anchor |
|---|
| block_suppression |
|---|
| block_suppression |
|---|
|
Block Suppression
...
| Code Block |
|---|
// parasoft-begin-suppress <rule-id>|<rule-category>|ALL "<suppression comment>"
... code block ...
// parasoft-end-suppress <rule-id>|<rule-category>|ALL "<suppression comment>" |
Examples:
| Code Block |
|---|
int proc2(boolean a, boolean b, int i)
{
// parasoft-begin-suppress |
...
CWE "begin suppress all rules in category |
...
CWE"
if (a | b)
if(b = a)
// parasoft-end-suppress |
...
CWE "end suppress all rules in category |
...
...
{
String emptyString = "";
}
return i++;
}
int proc3(boolean a, boolean b, int i)
{
if (a | b)
// parasoft-begin-suppress PB.TYPO.ASI "begin suppress |
...
rule PB.TYPO.ASI"
if(b = a)
// parasoft-end-suppress |
...
PB.TYPO.ASI "end suppress |
...
rule PB.TYPO.ASI"
{
String emptyString = "";
}
return i++;
}
int proc4(boolean a, boolean b, int i)
{
// parasoft-begin-suppress CWE-3 "begin suppress all rules in category |
...
...
3"
if (a | b)
if(b = a)
{
String emptyString = "";
}
return i++;
// parasoft-end-suppress |
...
CWE-3 "end suppress all rules in category |
...
CWE with severity level 3"
}
// parasoft-begin-suppress ALL "begin suppress all rules" |
...
int proc5(boolean a, boolean b, int i)
{
if (a | b)
if(b = a)
{
String emptyString = "";
}
return i++;
}
// parasoft-end-suppress ALL "end suppress all rules" |
...
To suppress multiple rules in a file, include the following at the beginning/end of the file:
| Code Block |
|---|
// parasoft-begin-suppress |
...
SECURITY.WSC.SL BD.PB.VOVR CWE.563.VOVR "begin suppress |
...
...
"
.....
// parasoft-end-suppress SECURITY.WSC.SL BD.PB.VOVR CWE.563.VOVR "end suppress multiple rules" |
| Anchor |
|---|
| In-file Suppressions Format |
|---|
| In-file Suppressions Format |
|---|
|
Defining Suppressions in Suppression Files
...
Use the following format to add suppression entries to parasoft.suppress files:
| Code Block |
|---|
suppression-begin
file: Account.java (required)
line: 12 (optional)
rule-id: CODSTA-123 (optional)
message: Exact violation message (optional)
reason: Approved (optional)
author: devel (optional)
date: 2020-09-21 (optional)
suppression-end |
Example:
At a minimum, you must specify the source file where the problem was detected. This will suppress all findings reported for the specified file. In the following example, all findings detected in the Account file will be suppressed:
| Code Block |
|---|
suppression-begin
file: Account.java
suppression-end |
Other attributes are optional and help you fine-tune the suppression. In the following example, all findings that the PB.TYPO.TLS rule detected in the Account file are suppressed, regardless on which code line they occur:
| Code Block |
|---|
suppression-begin
file: Account.java
rule-id: PB.TYPO.TLS
suppression-end |
Notes on Attributes
- It is a good practice to specify the reason for suppression.
- The
line attribute should be used with caution as it may invalidate the suppression if the code is moved to another line when the source file is modified.
...