Add a workaround to suppress specified files from Coverity Scan analysis
Re-implement temporary(?) non-functional filter to ignore specific source
code parts by Coverity Scan using "--fs-capture-search-exclude-regex" CLI
parameter of "cov-build" tool. This functionality is important to
filter out e.g. node_modules or src/tests. Instead we can remove all
specified files after we got local build results but before we send them
to Coverity server.
Issue-ID: CIMAN-260
Signed-off-by: Artem Naluzhnyy <A.Naluzhnyy@samsung.com>
Change-Id: I1175b593966a8b8732aa3f6841e9c450766de752
diff --git a/shell/maven-coverity.sh b/shell/maven-coverity.sh
index f263963..51bd273 100644
--- a/shell/maven-coverity.sh
+++ b/shell/maven-coverity.sh
@@ -23,23 +23,29 @@
SUBMISSION_INITIAL_REST_INTERVAL=30 # seconds, will be doubled after each attempt
#-----------------------------------------------------------------------------
-# Process parameters for JS/PHP/Ruby files analysis
+# Process parameters for JS/TS/Python/Ruby/PHP files analysis
-FS_CAPTURE_SEARCH_PARAMS=''
if [ -n "${SEARCH_PATHS:=}" ]; then
for SEARCH_PATH in ${SEARCH_PATHS}; do
if [ -d "${SEARCH_PATH}" ]; then
- FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search '${SEARCH_PATH}'"
+ FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS:=} --fs-capture-search '${SEARCH_PATH}'"
else
echo "'${SEARCH_PATH}' from \$SEARCH_PATHS is not an existing directory." >&2
exit 1
fi
done
-fi
-for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do
- FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'"
-done
+ for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do
+ EXCLUDE_REGEX=${EXCLUDE_REGEX//\'/\'\\\'\'} # escape single quote "'"
+ FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'"
+
+ # FIXME: a hack to deal with temporary(?) non-functional filter to ignore
+ # specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex"
+ # CLI parameter for "cov-build" tool). The hack can be removed when this CLI
+ # parameter is fixed on Coverity side.
+ FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS="${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=} --tu-pattern 'file('\\''${EXCLUDE_REGEX}'\\'')'"
+ done
+fi
#-----------------------------------------------------------------------------
# Check if we are allowed to submit results to Coverity Scan service
@@ -120,7 +126,8 @@
eval cov-build \
--dir 'cov-int' \
- ${FS_CAPTURE_SEARCH_PARAMS} \
+ --append-log \
+ ${FS_CAPTURE_SEARCH_PARAMS:=} \
"${MVN}" clean install \
--errors \
--global-settings "${GLOBAL_SETTINGS_FILE}" \
@@ -128,10 +135,23 @@
${MAVEN_OPTIONS:=} \
${MAVEN_PARAMS:=}
+# FIXME: a hack to deal with temporary(?) non-functional filter to ignore
+# specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex"
+# CLI parameter for "cov-build" tool). The hack can be removed when this CLI
+# parameter is fixed on Coverity side.
+if [ -n "${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=}" ]; then
+ eval cov-manage-emit \
+ --dir 'cov-int' \
+ ${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS} \
+ delete
+fi
+
+# Extract git data for analysed files
cov-import-scm \
--dir 'cov-int' \
--scm 'git'
+# List all analysed files from the project
cov-manage-emit \
--dir cov-int \
list \
@@ -140,6 +160,7 @@
'^Translation unit:$' \
| sed \
's!^[[:digit:]]\+ -> !!' \
+| sort \
> 'coverity-scan-analysed-files.log'
#-----------------------------------------------------------------------------