1CSMOCK(1)                        User Commands                       CSMOCK(1)
2
3
4

NAME

6       csmock - run static analysis of the given SRPM using mock
7

DESCRIPTION

9       usage:  csmock  [-h]  [-r MOCK_PROFILE] [-t TOOLS] [-a] [-l] [--install
10       INSTALL]
11
12              [-o OUTPUT] [-f]  [-j  JOBS]  [--rpm-build-opts  RPM_BUILD_OPTS]
13              [--cswrap-timeout   CSWRAP_TIMEOUT]   [-U   EMBED_CONTEXT]  [-k]
14              [--skip-init]     [--no-clean]     [--no-scan]     [--run-check]
15              [--no-run-check]      [--print-defects]     [--no-print-defects]
16              [--base-srpm    BASE_SRPM]    [--base-root    BASE_MOCK_PROFILE]
17              [--skip-patches     |    --diff-patches    |    -c    SHELL_CMD]
18              [--known-false-positives    KNOWN_FALSE_POSITIVES]    [--use-lo‐
19              gin-shell]     [--no-use-login-shell]     [--version]    [--val‐
20              grind-add-flag   VALGRIND_ADD_FLAG]   [--valgrind-timeout   VAL‐
21              GRIND_TIMEOUT] [--strace-add-flag STRACE_ADD_FLAG] [-w GCC_WARN‐
22              ING_LEVEL]  [--gcc-analyze]   [--gcc-analyze-add-flag   GCC_ANA‐
23              LYZE_ADD_FLAG]    [--gcc-set-env]    [--gcc-sanitize-address   |
24              --gcc-sanitize-leak | --gcc-sanitize-thread] [--gcc-sanitize-un‐
25              defined]  [--gcc-add-flag  GCC_ADD_FLAG]  [--gcc-add-c-only-flag
26              GCC_ADD_C_ONLY_FLAG]                    [--gcc-add-cxx-only-flag
27              GCC_ADD_CXX_ONLY_FLAG]       [--gcc-del-flag       GCC_DEL_FLAG]
28              [--use-host-cppcheck]  [--cppcheck-add-flag   CPPCHECK_ADD_FLAG]
29              [--clang-add-flag      CLANG_ADD_FLAG]     [--bandit-scan-build]
30              [--no-bandit-scan-build]   [--bandit-scan-install]    [--no-ban‐
31              dit-scan-install]     [--bandit-evt-filter    BANDIT_EVT_FILTER]
32              [--bandit-severity-filter                     {LOW,MEDIUM,HIGH}]
33              [--pylint-scan-build]                   [--no-pylint-scan-build]
34              [--pylint-scan-install]               [--no-pylint-scan-install]
35              [--pylint-evt-filter                          PYLINT_EVT_FILTER]
36              [--shellcheck-scan-build]           [--no-shellcheck-scan-build]
37              [--shellcheck-scan-install]       [--no-shellcheck-scan-install]
38              [SRPM]
39
40   positional arguments:
41       SRPM   source RPM package to be scanned by static analyzers
42
43   optional arguments:
44       -h, --help
45              show this help message and exit
46
47       -r MOCK_PROFILE, --root MOCK_PROFILE
48              mock profile to use (defaults to mock's default)
49
50       -t TOOLS, --tools TOOLS
51              comma-spearated  list  of  tools  to  enable  (use  --listavail‐
52              able-tools to see the list of available tools)
53
54       -a, --all-tools
55              enable  all  available  tools (use --list-available-tools to see
56              the list of available tools)
57
58       -l, --list-available-tools
59              list available tools and exit
60
61       --install INSTALL
62              space-separated list of packages to install into the chroot
63
64       -o OUTPUT, --output OUTPUT
65              name of the tarball or directory to put the results to
66
67       -f, --force
68              overwrite the resulting file or directory if it exists already
69
70       -j JOBS, --jobs JOBS
71              maximal number of jobs running in parallel (passed to 'make')
72
73       --rpm-build-opts RPM_BUILD_OPTS
74              shell-quoted options passed to rpm-build
75
76       --cswrap-timeout CSWRAP_TIMEOUT
77              maximal amount of time taken by analysis of a single module [s]
78
79       -U EMBED_CONTEXT, --embed-context EMBED_CONTEXT
80              embed a number of lines of context from the source file for  the
81              key event (defaults to 3).
82
83       -k, --keep-going
84              continue as much as possible after an error
85
86       --skip-init
87              do  not  run  'mock  --init' before the scan (may lead to unpre‐
88              dictable scan results)
89
90       --no-clean
91              do not clean chroot when it becomes unused
92
93       --no-scan
94              do not analyze any package, just check versions of the analyzers
95
96       --run-check
97              run the %check section of specfile (disabled by default)
98
99       --no-run-check
100              disables --run-check
101
102       --print-defects
103              print the resulting list of defects (default if connected  to  a
104              tty)
105
106       --no-print-defects
107              disables --print-defects
108
109       --base-srpm BASE_SRPM
110              perform a differential scan against the specified base pacakge
111
112       --base-root BASE_MOCK_PROFILE
113              mock   profile   to  use  for  the  base  scan  (use  only  with
114              --base-srpm)
115
116       --skip-patches
117              skip patches not annotated by %{?_rawbuild} (vanilla build)
118
119       --diff-patches
120              scan with/without patches and diff the lists of defects
121
122       -c SHELL_CMD, --shell-cmd SHELL_CMD
123              use shell command to build the given tarball (instead of SRPM)
124
125       --known-false-positives KNOWN_FALSE_POSITIVES
126              suppress known false positives loaded from the given  file  (de‐
127              faults  to "/usr/share/csmock/known-falsepositives.js" if avail‐
128              able)
129
130       --use-login-shell
131              use login shell for build (default)
132
133       --no-use-login-shell
134              disables --use-login-shell
135
136       --version
137              print the version of csmock and exit
138
139       --valgrind-add-flag VALGRIND_ADD_FLAG
140              append the given flag when invoking valgrind (can be used multi‐
141              ple times)
142
143       --valgrind-timeout VALGRIND_TIMEOUT
144              maximal amount of time taken by analysis of a single process [s]
145
146       --strace-add-flag STRACE_ADD_FLAG
147              append the given flag when invoking strace (can be used multiple
148              times)
149
150       -w GCC_WARNING_LEVEL, --gcc-warning-level GCC_WARNING_LEVEL
151              Adjust GCC warning level. -w0 means default flags,  -w1  appends
152              -Wall  and  -Wextra, and -w2 enables some other useful warnings.
153              (automatically enables the GCC plugin)
154
155       --gcc-analyze
156              run `gcc -fanalyzer` in a separate process
157
158       --gcc-analyze-add-flag GCC_ANALYZE_ADD_FLAG
159              append the given flag when invoking  `gcc  -fanalyzer`  (can  be
160              used multiple times)
161
162       --gcc-set-env
163              set $CC and $CXX to gcc and g++, respectively, for build
164
165       --gcc-sanitize-address
166              enable %check and compile with -fsanitize=address
167
168       --gcc-sanitize-leak
169              enable %check and compile with -fsanitize=leak
170
171       --gcc-sanitize-thread
172              enable %check and compile with -fsanitize=thread
173
174       --gcc-sanitize-undefined
175              enable %check and compile with -fsanitize=undefined
176
177       --gcc-add-flag GCC_ADD_FLAG
178              append  the  given  compiler flag when invoking gcc (can be used
179              multiple times)
180
181       --gcc-add-c-only-flag GCC_ADD_C_ONLY_FLAG
182              append the given compiler flag when invoking gcc for C  (can  be
183              used multiple times)
184
185       --gcc-add-cxx-only-flag GCC_ADD_CXX_ONLY_FLAG
186              append the given compiler flag when invoking gcc for C++ (can be
187              used multiple times)
188
189       --gcc-del-flag GCC_DEL_FLAG
190              drop the given compiler flag when invoking gcc (can be used mul‐
191              tiple times)
192
193       --use-host-cppcheck
194              use  host's Cppcheck instead of the one in chroot (automatically
195              enables the Cppcheck plug-in)
196
197       --cppcheck-add-flag CPPCHECK_ADD_FLAG
198              append the given flag when invoking cppcheck (can be used multi‐
199              ple times)
200
201       --clang-add-flag CLANG_ADD_FLAG
202              append  the  given flag when invoking clang static analyzer (can
203              be used multiple times)
204
205       --bandit-scan-build
206              make bandit scan files in the build directory (disabled  by  de‐
207              fault)
208
209       --no-bandit-scan-build
210              disables --bandit-scan-build
211
212       --bandit-scan-install
213              make  bandit scan files in the install directory (enabled by de‐
214              fault)
215
216       --no-bandit-scan-install
217              disables --bandit-scan-install
218
219       --bandit-evt-filter BANDIT_EVT_FILTER
220              report only Bandit defects whose key  event  matches  the  given
221              regex (defaults to '^B[0-9]+')
222
223       --bandit-severity-filter {LOW,MEDIUM,HIGH}
224              suppress  Bandit  defects  whose  severity  level is below given
225              level (default 'LOW')
226
227       --pylint-scan-build
228              make pylint scan files in the build directory (disabled  by  de‐
229              fault)
230
231       --no-pylint-scan-build
232              disables --pylint-scan-build
233
234       --pylint-scan-install
235              make  pylint scan files in the install directory (enabled by de‐
236              fault)
237
238       --no-pylint-scan-install
239              disables --pylint-scan-install
240
241       --pylint-evt-filter PYLINT_EVT_FILTER
242              filter out Pylint defects whose  key  event  matches  the  given
243              regex  (defaults  to '^W[0-9]+', use '.*' to get all defects de‐
244              tected by Pylint)
245
246       --shellcheck-scan-build
247              make shellcheck scan files in the build directory  (disabled  by
248              default)
249
250       --no-shellcheck-scan-build
251              disables --shellcheck-scan-build
252
253       --shellcheck-scan-install
254              make  shellcheck scan files in the install directory (enabled by
255              default)
256
257       --no-shellcheck-scan-install
258              disables --shellcheck-scan-install
259

OUTPUT FORMAT

261       If not overridden by the --output option,  csmock  creates  an  archive
262       NVR.tar.xz  in  the current directory for an SRPM named NVR.src.rpm (or
263       NVR.tar.* if the --shell-cmd option is used).  The archive  contains  a
264       directory  named  NVR  as  the only top-level directory, containing the
265       following items:
266
267       scan-results.err - scan results encoded as plain-text (for source  code
268       editors)
269
270       scan-results.html  -  scan  results  encoded  as HTML (suitable for web
271       browsers)
272
273       scan-results.js - scan results, including scan metadata, encoded  using
274       JSON
275
276       scan-results-summary.txt  -  total count of defects found by particular
277       checkers
278
279       scan.ini - scan metadata encoded in the INI format
280
281       scan.log - scan log file (useful for debugging scan failures)
282
283       debug - a directory containing additional data (intended for csmock de‐
284       bugging)
285
286       Note  that external plug-ins of csmock may create additional files (not
287       covered by this man page) in the directory with results.
288
289
290
291csmock csmock-2.8.0-1.fc34         May 2021                          CSMOCK(1)
Impressum