1CSMOCK(1)                        User Commands                       CSMOCK(1)
2
3
4

NAME

6       csmock - run static analysis of the given SRPM using mock
7

DESCRIPTION

9       usage:  csmock  [-h]  [-r MOCK_PROFILE] [-t TOOLS] [-a] [-l] [--install
10       INSTALL]
11
12              [-o OUTPUT] [-f]  [-j  JOBS]  [--rpm-build-opts  RPM_BUILD_OPTS]
13              [--cswrap-timeout   CSWRAP_TIMEOUT]   [-U   EMBED_CONTEXT]  [-k]
14              [--skip-init]     [--no-clean]     [--no-scan]     [--run-check]
15              [--no-run-check]      [--print-defects]     [--no-print-defects]
16              [--base-srpm    BASE_SRPM]    [--base-root    BASE_MOCK_PROFILE]
17              [--skip-patches     |    --diff-patches    |    -c    SHELL_CMD]
18              [--defect-blacklist DEFECT_BLACKLIST] [--version] [-w  GCC_WARN‐
19              ING_LEVEL]   [--gcc-sanitize-address   |  --gcc-sanitize-leak  |
20              --gcc-sanitize-thread]                [--gcc-sanitize-undefined]
21              [--gcc-add-flag       GCC_ADD_FLAG]       [--gcc-add-c-only-flag
22              GCC_ADD_C_ONLY_FLAG]                    [--gcc-add-cxx-only-flag
23              GCC_ADD_CXX_ONLY_FLAG]       [--gcc-del-flag       GCC_DEL_FLAG]
24              [--use-host-cppcheck] [--clang-add-flag CLANG_ADD_FLAG]  [--ban‐
25              dit-scan-build] [--no-bandit-scan-build] [--bandit-scan-install]
26              [--no-bandit-scan-install] [--bandit-evt-filter  BANDIT_EVT_FIL‐
27              TER]         [--bandit-severity-filter        {LOW,MEDIUM,HIGH}]
28              [--pylint-scan-build]                   [--no-pylint-scan-build]
29              [--pylint-scan-install]               [--no-pylint-scan-install]
30              [--pylint-evt-filter                          PYLINT_EVT_FILTER]
31              [--shellcheck-scan-build]           [--no-shellcheck-scan-build]
32              [--shellcheck-scan-install]       [--no-shellcheck-scan-install]
33              [SRPM]
34
35   positional arguments:
36       SRPM   source RPM package to be scanned by static analyzers
37
38   optional arguments:
39       -h, --help
40              show this help message and exit
41
42       -r MOCK_PROFILE, --root MOCK_PROFILE
43              mock profile to use (defaults to mock's default)
44
45       -t TOOLS, --tools TOOLS
46              comma-spearated  list  of  tools  to  enable  (use  --listavail‐
47              able-tools to see the list of available tools)
48
49       -a, --all-tools
50              enable all available tools (use  --list-available-tools  to  see
51              the list of available tools)
52
53       -l, --list-available-tools
54              list available tools and exit
55
56       --install INSTALL
57              space-separated list of packages to install into the chroot
58
59       -o OUTPUT, --output OUTPUT
60              name of the tarball or directory to put the results to
61
62       -f, --force
63              overwrite the resulting file or directory if it exists already
64
65       -j JOBS, --jobs JOBS
66              maximal number of jobs running in parallel (passed to 'make')
67
68       --rpm-build-opts RPM_BUILD_OPTS
69              shell-quoted options passed to rpm-build
70
71       --cswrap-timeout CSWRAP_TIMEOUT
72              maximal amount of time taken by analysis of a single module [s]
73
74       -U EMBED_CONTEXT, --embed-context EMBED_CONTEXT
75              embed  a number of lines of context from the source file for the
76              key event (defaults to 3).
77
78       -k, --keep-going
79              continue as much as possible after an error
80
81       --skip-init
82              do not run 'mock --init' before the scan  (may  lead  to  unpre‐
83              dictable scan results)
84
85       --no-clean
86              do not clean chroot when it becomes unused
87
88       --no-scan
89              do not analyze any package, just check versions of the analyzers
90
91       --run-check
92              run the %check section of specfile (disabled by default)
93
94       --no-run-check
95              disables --run-check
96
97       --print-defects
98              print  the  resulting list of defects (default if connected to a
99              tty)
100
101       --no-print-defects
102              disables --print-defects
103
104       --base-srpm BASE_SRPM
105              perform a differential scan against the specified base pacakge
106
107       --base-root BASE_MOCK_PROFILE
108              mock  profile  to  use  for  the  base  scan  (use   only   with
109              --base-srpm)
110
111       --skip-patches
112              skip patches not annotated by %{?_rawbuild} (vanilla build)
113
114       --diff-patches
115              scan with/without patches and diff the lists of defects
116
117       -c SHELL_CMD, --shell-cmd SHELL_CMD
118              use shell command to build the given tarball (instead of SRPM)
119
120       --defect-blacklist DEFECT_BLACKLIST
121              suppress  known  false  positives  loaded  from  the  given file
122              (defaults to "/usr/share/csmock/defectblacklist.err"  if  avail‐
123              able)
124
125       --version
126              print the version of csmock and exit
127
128       -w GCC_WARNING_LEVEL, --gcc-warning-level GCC_WARNING_LEVEL
129              Adjust  GCC  warning level. -w0 means default flags, -w1 appends
130              -Wall and -Wextra, and -w2 enables some other  useful  warnings.
131              (automatically enables the GCC plugin)
132
133       --gcc-sanitize-address
134              enable %check and compile with -fsanitize=address
135
136       --gcc-sanitize-leak
137              enable %check and compile with -fsanitize=leak
138
139       --gcc-sanitize-thread
140              enable %check and compile with -fsanitize=thread
141
142       --gcc-sanitize-undefined
143              enable %check and compile with -fsanitize=undefined
144
145       --gcc-add-flag GCC_ADD_FLAG
146              append  the  given  compiler flag when invoking gcc (can be used
147              multiple times)
148
149       --gcc-add-c-only-flag GCC_ADD_C_ONLY_FLAG
150              append the given compiler flag when invoking gcc for C  (can  be
151              used multiple times)
152
153       --gcc-add-cxx-only-flag GCC_ADD_CXX_ONLY_FLAG
154              append the given compiler flag when invoking gcc for C++ (can be
155              used multiple times)
156
157       --gcc-del-flag GCC_DEL_FLAG
158              drop the given compiler flag when invoking gcc (can be used mul‐
159              tiple times)
160
161       --use-host-cppcheck
162              use  host's Cppcheck instead of the one in chroot (automatically
163              enables the Cppcheck plug-in)
164
165       --clang-add-flag CLANG_ADD_FLAG
166              append the given flag when invoking clang static  analyzer  (can
167              be used multiple times)
168
169       --bandit-scan-build
170              make  bandit  scan  files  in  the  build directory (disabled by
171              default)
172
173       --no-bandit-scan-build
174              disables --bandit-scan-build
175
176       --bandit-scan-install
177              make bandit scan files in  the  install  directory  (enabled  by
178              default)
179
180       --no-bandit-scan-install
181              disables --bandit-scan-install
182
183       --bandit-evt-filter BANDIT_EVT_FILTER
184              report  only  Bandit  defects  whose key event matches the given
185              regex (defaults to '^B[0-9]+')
186
187       --bandit-severity-filter {LOW,MEDIUM,HIGH}
188              suppress Bandit defects whose  severity  level  is  below  given
189              level (default 'LOW')
190
191       --pylint-scan-build
192              make  pylint  scan  files  in  the  build directory (disabled by
193              default)
194
195       --no-pylint-scan-build
196              disables --pylint-scan-build
197
198       --pylint-scan-install
199              make pylint scan files in  the  install  directory  (enabled  by
200              default)
201
202       --no-pylint-scan-install
203              disables --pylint-scan-install
204
205       --pylint-evt-filter PYLINT_EVT_FILTER
206              filter  out  Pylint  defects  whose  key event matches the given
207              regex (defaults to '^W[0-9]+',  use  '.*'  to  get  all  defects
208              detected by Pylint)
209
210       --shellcheck-scan-build
211              make  shellcheck  scan files in the build directory (disabled by
212              default)
213
214       --no-shellcheck-scan-build
215              disables --shellcheck-scan-build
216
217       --shellcheck-scan-install
218              make shellcheck scan files in the install directory (enabled  by
219              default)
220
221       --no-shellcheck-scan-install
222              disables --shellcheck-scan-install
223

OUTPUT FORMAT

225       If  not  overridden  by  the --output option, csmock creates an archive
226       NVR.tar.xz in the current directory for an SRPM named  NVR.src.rpm  (or
227       NVR.tar.*  if  the --shell-cmd option is used).  The archive contains a
228       directory named NVR as the only  top-level  directory,  containing  the
229       following items:
230
231       scan-results.err  - scan results encoded as plain-text (for source code
232       editors)
233
234       scan-results.html - scan results encoded  as  HTML  (suitable  for  web
235       browsers)
236
237       scan-results.js  - scan results, including scan metadata, encoded using
238       JSON
239
240       scan-results-summary.txt - total count of defects found  by  particular
241       checkers
242
243       scan.ini - scan metadata encoded in the INI format
244
245       scan.log - scan log file (useful for debugging scan failures)
246
247       debug  -  a  directory  containing additional data (intended for csmock
248       debugging)
249
250       Note that external plug-ins of csmock may create additional files  (not
251       covered by this man page) in the directory with results.
252
253
254
255csmock csmock-2.4.0-1.fc32       February 2020                       CSMOCK(1)
Impressum