This topic explains how to manually suppress Parasoft findings in source code or in a suppression file. See Suppressing Findings in the GUI for information about suppressing findings using the UI of your IDE.

Introduction

You can prevent Jtest from reporting specific static analysis findings by defining suppressions. Suppressions are useful when you generally follow a rule, but decide to ignore specific occurrences of the reported finding. If you do not want to receive findings for any violations of a specific rule, disable the rule in the test configuration.

Defining Suppressions in Source Code

Suppression schemes can be defined in the source code with the syntax specified below.

Line Suppression

Line suppression allows for suppressing violations in a single line. The suppression comment must be specified at the end of the line of code where the violation occurs, using the following syntax:

// parasoft-suppress <rule-id>|<rule-category>|ALL "<suppression comment>"

Examples:

int proc1(boolean a, boolean b, int i)
{
    if (a | b)                          // parasoft-suppress CWE "suppress all rules in category CWE"
        if (b = a)                       // parasoft-suppress PB.TYPO.ASI "suppress rule PB.TYPO.ASI"
        {
            String emptyString1 = "";    // parasoft-suppress CWE-3 "suppress all rules in category CWE with severity level 3                                            	 // and lower"
        }
        else
        {
            String emptyString2 = "";    // parasoft-suppress SECURITY.WSC.SL BD.PB.VOVR CWE.563.VOVR "suppress multiple rules"
        }
    return i++;                         // parasoft-suppress ALL "suppress all rules"
}

Next Line Suppression

Next line suppression allows for suppressing violations in a single line. The suppression comment must be specified just before the line of code where the violation occurs, using the following syntax:

// parasoft-suppress-next-line <rule-id>|<rule-category>|ALL "<suppression comment>"

Other comments or empty lines are not allowed between the suppression comment and the line that contains the suppressed findings. The only exception is when a list of next line suppressions is specified:

// parasoft-suppress-next-line CODSTA.NEA "reason for suppression CODSTA.NEA"
// parasoft-suppress-next-line FORMAT.MCH "reason for suppression FORMAT.MCH"
// parasoft-suppress-next-line JAVADOC "reason for suppression JAVADOC "
... code line ...
In this case, all suppressions will be applied to the first line after the last suppression comment.

Examples:

int proc1(boolean a, boolean b, int i)
{
 	// parasoft-suppress-next-line CWE "suppress all rules in category CWE"
    if (a | b)  
 		// parasoft-suppress-next-line PB.TYPO.ASI "suppress rule PB.TYPO.ASI"                         
        if (b = a)
        {
			// parasoft-suppress-next-line CWE-3 "suppress all rules in category CWE with severity level 3 and lower"
            String emptyString1 = "";    
        }
	// parasoft-suppress-next-line ALL "suppress all rules"
    return i++;                         
}

Block Suppression

Block suppression allows for suppressing violations in a block of code. The suppression begin/end comments must be specified before/after the block of code where the violations occur, using the following syntax:

// parasoft-begin-suppress <rule-id>|<rule-category>|ALL "<suppression comment>"
... code block ...
// parasoft-end-suppress   <rule-id>|<rule-category>|ALL "<suppression comment>"

The 'parasoft-begin-suppress' and 'parasoft-end-suppress' comments must be in separate lines.

Examples:

int proc2(boolean a, boolean b, int i)
{  
    // parasoft-begin-suppress CWE "begin suppress all rules in category CWE"
    if (a | b)                         
        if(b = a)
    // parasoft-end-suppress CWE "end suppress all rules in category CWE"
        {
            String emptyString = "";   
        }
    return i++;                        
}
 
int proc3(boolean a, boolean b, int i)
{  
    if (a | b)
        // parasoft-begin-suppress PB.TYPO.ASI "begin suppress rule PB.TYPO.ASI"
        if(b = a)
        // parasoft-end-suppress PB.TYPO.ASI "end suppress rule PB.TYPO.ASI"
        {
            String emptyString = "";   
        }
    return i++;                        
}
 
int proc4(boolean a, boolean b, int i)
{  
    // parasoft-begin-suppress CWE-3 "begin suppress all rules in category CWE with severity level 3 and lower"
    if (a | b)
        if(b = a)
        {
            String emptyString = "";   
        }
    return i++;
    // parasoft-end-suppress CWE-3 "end suppress all rules in category CWE with severity level 3 and lower"
}
 
// parasoft-begin-suppress ALL "begin suppress all rules"
int proc5(boolean a, boolean b, int i)
{
    if (a | b)
        if(b = a)
        {
            String emptyString = "";   
        }
    return i++;
}
// parasoft-end-suppress ALL "end suppress all rules"

To suppress multiple rules in a file, include the following at the beginning/end of the file: 

// parasoft-begin-suppress SECURITY.WSC.SL BD.PB.VOVR CWE.563.VOVR "begin suppress multiple rules" 
..... 
// parasoft-end-suppress SECURITY.WSC.SL BD.PB.VOVR CWE.563.VOVR "end suppress multiple rules"

Notes

  • It is a good practice to specify the reason for suppression.
  • The following rule patterns are supported:
    <rule-id>|<rule-category>|ALL
    For example (the following examples are for suppressing violations in a single line):

    • Suppress rule PB.TYPO.TLS:

      // parasoft-suppress PB.TYPO.TLS
    • Suppress all rules in category CODSTA:
      // parasoft-suppress CODSTA
    • Suppress all rules in category CODSTA with severity level 4 and lower:
      // parasoft-suppress CODSTA-4
    • Suppress multiple rules:

      // parasoft-suppress SECURITY.WSC.SL BD.PB.VOVR CWE.563.VOVR


    • Suppress all rules:
      // parasoft-suppress ALL

Defining Suppressions in Suppression Files

You can suppress the reporting of selected findings by creating parasoft.suppress files that specify the attributes of findings you want to suppress. A suppression file should either be located in the same directory as the source file that contains the findings, or you can specify its location in the Additional Settings window (see Configuring Additional Settings) using the suppression.infile.location option. This option specifies the location of a suppression file that will be used for suppressing violations both in the CLI and IDE. A location can be defined:

  • as an absolute path to a file
  • using attributes: ${file_name}, ${file_loc} and ${project_loc}, e.g. ${file_loc}/parasoft.suppress

For example: suppression.infile.location=C:/parasoft/suppression/storage/parasoft.suppress

We recommend that suppression files be checked in your source control system. This allows you to share information about suppressions with other team members and easily review the suppressions on a branch in your SCM repository before merging the code into the main stream of development, such as "master", "trunk", etc.

Use the following format to add suppression entries to parasoft.suppress files:

suppression-begin
file: Account.java                (required)
line: 12                          (optional)
rule-id: CODSTA-4                 (optional)
message: Exact violation message  (optional)
reason: Approved                  (optional)
author: devel                     (optional)
date: 2020-09-21                  (optional)
suppression-end

Example:

At a minimum, you must specify the source file where the problem was detected. This will suppress all findings reported for the specified file. In the following example, all findings detected in the Account file will be suppressed:

suppression-begin
file: Account.java
suppression-end
You can use the following wildcards and other parameters to specify the file path (this is especially helpful when a non-default location of the parasoft.suppress file is configured in the Additional Settings window):

ParameterDescription
?Wildcard that matches one character (any character except path separators)
*Wildcard that matches zero or more characters (not including path separators)
**Wildcard that matches zero or more path segments.
/Separator for all operating systems
"[non-alphanumeric characters]"Use quotation marks when paths contain spaces or other non-alphanumeric characters.

Other attributes are optional and help you fine-tune the suppression. In the following example, all findings that the PB.TYPO.TLS rule detected in the Account file are suppressed, regardless on which code line they occur:

suppression-begin
file: Account.java
rule-id: PB.TYPO.TLS
suppression-end

Notes

  • It is a good practice to specify the reason for suppression.
  • The line attribute should be used with caution as it may invalidate the suppression if the code is moved to another line when the source file is modified.
  • The following values are supported for the rule-id attribute:
    <rule-id>|<rule-category>|ALL
    For example:

    • Suppress rule PB.TYPO.TLS:

      suppression-begin
file: **/autogenerated/*
rule-id: PB.TYPO.TLS
suppression-end
    • Suppress all rules in category CODSTA:
      suppression-begin
file: **/autogenerated/*
rule-id: CODSTA
suppression-end
    • Suppress all rules in category CODSTA with severity level 4 and lower:
      suppression-begin
file: **/autogenerated/*
rule-id: CODSTA-4
suppression-end
    • Suppress all rules:
      suppression-begin
file: **/autogenerated/*
rule-id: ALL
suppression-end
  • In the message attribute, the following wildcards are supported:
    • ? - Any character
    • * - Any sequence of characters

  • No labels

Need assistance? Visit our support page