1CSGREP(1) User Commands CSGREP(1)
2
3
4
6 csgrep - filter the list of defects by the specified regex-based predi‐
7 cates
8
10 csgrep [options] [file1.err [...]], where options are:
11
13 --checker arg
14 defect matches if its checker matches the given regex (each de‐
15 fect has assigned exactly one checker)
16
17 --path arg
18 defect matches if the path of its key event matches the given
19 regex
20
21 --event arg
22 defect matches if its key event matches the given regex (each
23 defect has exactly one key event, which determines its location
24 in the code)
25
26 --error arg
27 defect matches if the message of its key event matches the given
28 regex
29
30 --msg arg
31 defect matches if any of its messages matches the given regex
32
33 --tool arg
34 defect matches if it was detected by tool that matches the given
35 regex
36
37 --annot arg
38 defect matches if its annotation matches the given regex
39
40 --src-annot arg
41 defect matches if an annotation in the _source_ file matches the
42 given regex
43
44 --drop-scan-props
45 do not propagate scan properties
46
47 -U [ --embed-context ] arg
48 embed a number of lines of context from the source file for the
49 key event
50
51 --prune-events arg
52 event is preserved if its verbosity level is below the given
53 number
54
55 -u [ --remove-duplicates ]
56 remove defects that are not unique by their key event
57
58 --strip-path-prefix arg
59 string prefix to strip from path (applied after all filters)
60
61 -i [ --ignore-case ]
62 ignore case when matching regular expressions
63
64 -v [ --invert-match ]
65 select defects that do not match the selected criteria
66
67 -n [ --invert-regex ]
68 invert regular expressions in all predicates
69
70 -f [ --filter-file ] arg
71 read custom filtering rules from a file in JSON format
72
73 --color
74 use colorized console output (default if connected to a termi‐
75 nal)
76
77 --no-color
78 do not use colorized console output
79
80 -q [ --quiet ]
81 do not report any parsing errors
82
83 --mode arg (=grep)
84 grep, json, evtstat, files, filestat, grouped, sarif, stat, or
85 dig_key_events
86
87 --help print the usage of csgrep
88
89 --version
90 print the version of csgrep
91
93 The --filter-file option takes a list of JSON files in the following
94 format. Missing replace entry is equal to replace : "".
95
96 {
97 "msg-filter" : [
98 {
99 "checker" : "DIVINE|SYMBIOTIC",
100 "regexp" : "memory"
101 },
102 {
103 "checker" : "COMPILER_WARNING",
104 "regexp" : "called on unallocated object",
105 "replace" : "called correctly, no UB here"
106 }
107 ]
108 }
109
111 csgrep exits with status 0 if arguments are valid and input files are
112 parsed successfully. It does not matter whether any defects were
113 matched or not.
114
116 Error: FORWARD_NULL (CWE-476):
117 libhsm.c:1168: assign_zero: Assigning: key_handles = NULL.
118 libhsm.c:1210: var_deref_op: Dereferencing null pointer key_handles.
119
120 In the above example, FORWARD_NULL is the checker , assign_zero and
121 var_deref_op are events , where var_deref_op is the key event and
122 "Dereferencing null pointer key_handles." is the message associated
123 with the key event.
124
126 dig_key_events - for each defect, print only the checker and key event
127
128 evtstat - print overall checker/key_event statistics for the matched
129 defects
130
131 files - print only names of error files that contain the matched de‐
132 fects
133
134 filestat - print statistics of matched defects per individual source
135 files
136
137 grep - print matched defects using the same format as expected on the
138 input
139
140 grouped - print matched defects, grouped by error files they originate
141 from
142
143 json - print matched defects in a JSON format
144
145 stat - print overall statistics of the matched defects in given error
146 files
147
148
149
150csgrep 2.6.0 June 2022 CSGREP(1)