1CSGREP(1) User Commands CSGREP(1)
2
3
4
6 csgrep - filter the list of defects by the specified regex-based predi‐
7 cates
8
10 csgrep [options] [file1.err [...]], where options are:
11
13 --checker arg
14 defect matches if its checker matches the given regex (each de‐
15 fect has assigned exactly one checker)
16
17 --path arg
18 defect matches if the path of its key event matches the given
19 regex
20
21 --event arg
22 defect matches if its key event matches the given regex (each
23 defect has exactly one key event, which determines its location
24 in the code)
25
26 --error arg
27 defect matches if the message of its key event matches the given
28 regex
29
30 --msg arg
31 defect matches if any of its messages matches the given regex
32
33 --tool arg
34 defect matches if it was detected by tool that matches the given
35 regex
36
37 --annot arg
38 defect matches if its annotation matches the given regex
39
40 --src-annot arg
41 defect matches if an annotation in the _source_ file matches the
42 given regex
43
44 --drop-scan-props
45 do not propagate scan properties
46
47 -U [ --embed-context ] arg
48 embed a number of lines of context from the source file for the
49 key event
50
51 --prune-events arg
52 event is preserved if its verbosity level is below the given
53 number
54
55 -u [ --remove-duplicates ]
56 remove defects that are not unique by their key event
57
58 --set-scan-prop arg
59 NAME:VALUE pair to override the specified scan property
60
61 --strip-path-prefix arg
62 string prefix to strip from path (applied after all filters)
63
64 -i [ --ignore-case ]
65 ignore case when matching regular expressions
66
67 -v [ --invert-match ]
68 select defects that do not match the selected criteria
69
70 -n [ --invert-regex ]
71 invert regular expressions in all predicates
72
73 -f [ --filter-file ] arg
74 read custom filtering rules from a file in JSON format
75
76 --color
77 use colorized console output (default if connected to a termi‐
78 nal)
79
80 --no-color
81 do not use colorized console output
82
83 -q [ --quiet ]
84 do not report any parsing errors
85
86 --mode arg (=grep)
87 grep, json, evtstat, files, filestat, grouped, sarif, stat, or
88 dig_key_events
89
90 --help print the usage of csgrep
91
92 --version
93 print the version of csgrep
94
96 The --filter-file option takes a list of JSON files in the following
97 format. Missing replace entry is equal to "replace" : "".
98
99 {
100 "msg-filter" : [
101 {
102 "checker" : "DIVINE|SYMBIOTIC",
103 "regexp" : "memory"
104 },
105 {
106 "checker" : "COMPILER_WARNING",
107 "regexp" : "called on unallocated object",
108 "replace" : "called correctly, no UB here"
109 }
110 ]
111 }
112
114 csgrep exits with status 0 if arguments are valid and input files are
115 parsed successfully. It does not matter whether any defects were
116 matched or not.
117
119 Error: FORWARD_NULL (CWE-476):
120 libhsm.c:1168: assign_zero: Assigning: key_handles = NULL.
121 libhsm.c:1210: var_deref_op: Dereferencing null pointer key_handles.
122
123 In the above example, FORWARD_NULL is the checker, assign_zero and
124 var_deref_op are events, where var_deref_op is the key event and
125 "Dereferencing null pointer key_handles." is the message associated
126 with the key event.
127
129 dig_key_events - for each defect, print only the checker and key event
130
131 evtstat - print overall checker/key_event statistics for the matched
132 defects
133
134 files - print only names of error files that contain the matched de‐
135 fects
136
137 filestat - print statistics of matched defects per individual source
138 files
139
140 grep - print matched defects using the same format as expected on the
141 input
142
143 grouped - print matched defects, grouped by error files they originate
144 from
145
146 json - print matched defects in a JSON format
147
148 sarif - print matched defects in a SARIF format
149
150 stat - print overall statistics of the matched defects in given error
151 files
152
153
154
155csgrep 2.8.0 December 2022 CSGREP(1)