coverity分析端软件环境搭建

在某linux机器的/share2/coverity/ 目录下安装使用coverity说明

从官网下载安装文件：cov-analysis-linux64-2019.06.sh 放置于/share2/coverity/ 目录下

我是由于机器安装软件太多，所以选择/share2/coverity/ 目录下安装的，一般情况建议目录/home/coverity。

参考资料：

Coverity 8.7.1 命令与 Ant 任务说明书： https://download.csdn.net/download/qq_33163046/12116661

安装前还需要：

服务端账号/密码： usr/password

license.config文件

rule.txt

1. 安装步骤

root用户进入根目录

# cd /share2/coverity

添加执行权限

# chmod +x cov-analysis-linux64-2019.06.sh

运行安装包

# ./cov-analysis-linux64-2019.06.sh

确认安装

#o

选择语言为中文

#4

不停按回车阅读许可条款

选择接受许可条款

#1

配置安装目录

Where should Coverity Analysis be installed?

#/share2/coverity/cov-analysis

Which components should be installed?

1: Coverity Static Analysis and Dynamic Analysis. [*1]

2: Extend SDK

3: Architecture Analysis

(To show the description of a component, please enter one of *1)

Please enter a comma-separated list of the selected values or [Enter] for the default selection:

[1]

这里选择默认值，直接回车即可

#enter

Are you using a Coverity license or FLEXnet?

Please choose the type of license you have. The license is Coverity type, a

file with a name ending in .dat; or FLEXnet type.

If you plan to use FLEXnet licensing and Dynamic Analysis, choose Both.

License types to install

Coverity (you have a .dat file) [1, Enter], FLEXnet (you have a .lic file) [2], Both [3]

这里选择2并回车，采用浮动license文件配置

#2

Choose the way you want to set up your license.config file.

We're ready to set up your license.config file, which tells Coverity

applications where your FLEXnet license server is. If you will use a single

license server, choose Basic. If your license servers are a redundant

"triad", choose Advanced. If you already have a license.config file that you

want to use, choose that option.

License server configuration

Basic [1, Enter], Advanced [2], Use an existing license.config file [3]

这里选择1并回车，浮动license文件配置为基本模式

#1

Enter the host name and port of your FLEXnet server

License server host name

[localhost]

这里选择默认值，直接回车即可

#enter

License server port

[27000]

这里选择默认值，直接回车即可

#enter

Extracting files ...

                                                                           

Setup has finished installing Coverity Analysis on your computer.

Start the Coverity Wizard?

Yes [y, Enter], No [n]

这里选择n并回车，不启动Coverity Wizard

#n

Finishing installation ...

2.license.config文件更新

安装完成后将license.config文件复制到安装目录下的bin目录下，覆盖。

/share2/coverity/cov-analysis-linux64-2019.06/bin/

3.配置环境变量

环境变量PATH中增加  /share2/coverity/cov-analysis/bin ,并检查是否添加成功

在.bash_profile中添写蓝色路径：

PATH=$PATH:$HOME/bin:/share2/coverity/cov-analysis/bin:/usr/sbin:/sbin:/usr/local/bin;export PATH

4.配置编译器，执行（Coverity 8.7.1 命令与Ant 任务说明书page 72）：

# cov-configure --gcc

# cov-configure --comptype gcc --compiler cc --template  

提示：[WARNING] Template config template-ld-config-0 already exists for ld and will be reused.

-- 平台编译一般使用cc命令（虽然实际cc通过文件链接指向gcc），因此还需要执行该命令

上述命令只需执行一次。

5.创建可以正常编译的代码环境

将/share2/coverity目录下放一个完整的接口机可编译环境。（我的cov-analysis 和lib,bin同一目录层级）在.bash_profile里的第一次使用${HOME}前，加上HOME=/share2/coverity, 更改编译的主目录，变量生效后执行.sentenv_64.sh, 到代码目录执行该代码的编译命令 ,确认可以正常编译。（如果你是/home/cvoerity目录就比我简单多了。）

6.构建

确认可以正常编译后，在该目录执行（Coverity 8.7.1 命令与Ant 任务说明书page 39）

# cov-build --dir cov make Clean Install

make Clean Install是我代码的makefile里的编译命令。执行成功标志

7 C/C++ compilation units (100%) are ready for analysis

The cov-build utility completed successfully.

7.执行

取扫描规则rule.txt 放于编译命令执行上一个目录层。然后执行（Coverity 8.7.1 命令与Ant 任务说明书page 2）

#cov-analyze --dir cov @@../rule.txt

执行成功标志的最后几行为：

[STATUS] Running analysis

|0----------25-----------50----------75---------100|

****************************************************

[STATUS] Exporting summaries

|0----------25-----------50----------75---------100|

****************************************************

Analysis summary report:

------------------------

Files analyzed                 : 8

Total LoC input to cov-analyze : 45532

Functions analyzed             : 241

Paths analyzed                 : 94669

Time taken by analysis         : 00:02:41

Defect occurrences found       : 242 Total

                                  19 AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK

                                   1 CHECKED_RETURN

                                 171 DC.STRING_BUFFER

                                   1 DEADCODE

                                   1 MISSING_BREAK

                                  35 OVERRUN

                                   1 PW.PARAMETER_HIDDEN

                                   1 SIZEOF_MISMATCH

                                   9 STACK_USE

                                   2 UNREACHABLE

                                   1 UNUSED_VALUE

在rule.txt里，规则如下：

--all

--rule

--enable-constraint-fpp

--enable-callgraph-metrics

--enable-fnptr

--enable-virtual

--enable

USER_POINTER

--enable

DC.STRING_BUFFER

--enable

ENUM_AS_BOOLEAN

--enable

UNENCRYPTED_SENSITIVE_DATA

--enable

WEAK_GUARD

--enable

WEAK_PASSWORD_HASH

--enable

HARDCODED_CREDENTIALS

--enable

AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK

--enable

INTEGER_OVERFLOW

--enable

MIXED_ENUMS

--enable

RISKY_CRYPTO

--enable

COM.ADDROF_LEAK

--enable

COM.BSTR.ALLOC

--enable

COM.BSTR.BAD_COMPARE

--enable

COM.BSTR.NE_NON_BSTR

--enable

FLOATING_POINT_EQUALITY

--enable

VCALL_IN_CTOR_DTOR

8.上传到服务端页面上

执行命令（Coverity 8.7.1 命令与Ant 任务说明书page 2）

#cov-commit-defects --dir cov --host 127.0.0.1 --user XiaoXiangzai --password project-cov_0001 --stream STRAM-NAME