#90 Wrong analyzer version being saved
Opened 6 years ago by athoscr. Modified 6 years ago

After running the example fetcher on a clean database:

When I run

# select * from analyzers;

I see

 id |    name    | version 
----+------------+---------
  1 | cppcheck   | 1.0.0
  2 | flawfinder | 1.0.0

When I actually wanted

 id |    name    | version 
----+------------+---------
  1 | cppcheck   | 1.31
  2 | flawfinder | 1.80

This means we have been saving wrong versions for the analyzers.


The version values come from the kiskadee.conf file. While it is nice to maintain versions of the analyzers in the config file, so we have control over them, we should either:

1) Check if the version of the analyzer being run is the same as the one in the config file. If not, do not run it; throw warning/error message.

2) Do not set versions of analyzers in the config file: run the latest analyzer on the project being analyzed and save it. The version can be fetched from the analysis report or from the command line (I would prefer the former). Either way, we will need to make some changes in the runner module.

I believe 2 is a better option for now. Any thoughts?

Add the analyzers version on the config file was implemented a long time ago (when kiskadee analysis was still immature). I agree with the option 2. To get the analyzer version we can use firehose. It have a tag named generator, that is the name of the analyzer, and it version. We already store this tag on the database.

Login to comment on this ticket.

Metadata