1CSGREP(1) User Commands CSGREP(1)
2
6 csgrep - filter the list of defects by the specified regex-based predi‐
7 cates
8
10 csgrep [options] [file1.err [...]], where options are:
11
13 --checker arg
14 defect matches if its checker matches the given regex (each de‐
15 fect has assigned exactly one checker)
16 --path arg
18 defect matches if the path of its key event matches the given
19 regex
20 --event arg
22 defect matches if its key event matches the given regex (each
23 defect has exactly one key event, which determines its location
24 in the code)
25 --error arg
27 defect matches if the message of its key event matches the given
28 regex
29 --msg arg
31 defect matches if any of its messages matches the given regex
32 --tool arg
34 defect matches if it was detected by tool that matches the given
35 regex
36 --annot arg
38 defect matches if its annotation matches the given regex
39 --src-annot arg
41 defect matches if an annotation in the _source_ file matches the
42 given regex
43 --drop-scan-props
45 do not propagate scan properties
46 -U [ --embed-context ] arg
48 embed a number of lines of context from the source file for the
49 key event
50 --prune-events arg
52 event is preserved if its verbosity level is below the given
53 number
54 -u [ --remove-duplicates ]
56 remove defects that are not unique by their key event
57 --strip-path-prefix arg
59 string prefix to strip from path (applied after all filters)
60 -i [ --ignore-case ]
62 ignore case when matching regular expressions
63 -v [ --invert-match ]
65 select defects that do not match the selected criteria
66 -n [ --invert-regex ]
68 invert regular expressions in all predicates
69 -f [ --filter-file ] arg
71 read custom filtering rules from a file in JSON format
72 --color
74 use colorized console output (default if connected to a termi‐
75 nal)
76 --no-color
78 do not use colorized console output
79 -q [ --quiet ]
81 do not report any parsing errors
82 --mode arg (=grep)
84 grep, json, evtstat, files, filestat, grouped, sarif, stat, or
85 dig_key_events
86 --help print the usage of csgrep
88 --version
90 print the version of csgrep
91
93 The --filter-file option takes a list of JSON files in the following
94 format. Missing replace entry is equal to replace : "".
95 {
97 "msg-filter" : [
98 {
99 "checker" : "DIVINE|SYMBIOTIC",
100 "regexp" : "memory"
101 },
102 {
103 "checker" : "COMPILER_WARNING",
104 "regexp" : "called on unallocated object",
105 "replace" : "called correctly, no UB here"
106 }
107 ]
108 }
109
111 csgrep exits with status 0 if arguments are valid and input files are
112 parsed successfully. It does not matter whether any defects were
113 matched or not.
114
116 Error: FORWARD_NULL (CWE-476):
117 libhsm.c:1168: assign_zero: Assigning: key_handles = NULL.
118 libhsm.c:1210: var_deref_op: Dereferencing null pointer key_handles.
119 In the above example, FORWARD_NULL is the checker , assign_zero and
121 var_deref_op are events , where var_deref_op is the key event and
122 "Dereferencing null pointer key_handles." is the message associated
123 with the key event.
124
126 dig_key_events - for each defect, print only the checker and key event
127 evtstat - print overall checker/key_event statistics for the matched
129 defects
130 files - print only names of error files that contain the matched de‐
132 fects
133 filestat - print statistics of matched defects per individual source
135 files
136 grep - print matched defects using the same format as expected on the
138 input
139 grouped - print matched defects, grouped by error files they originate
141 from
142 json - print matched defects in a JSON format
144 stat - print overall statistics of the matched defects in given error
146 files
147csgrep 2.6.0 June 2022 CSGREP(1)