Skip to main content

Configure C++ Macros and Build Files

In version 9.4, a semi-automatic approach was added to improve the way the Checkmarx C++ parser handles macros and build files. This section provides a high-level description of what is offered.

Notice

From 9.4 on, the configuration as code CppDefaultMacros.json file is replaced by the approach described in this section.

Note that the CppDefaultMacros.json file is still considered if it exists at the root of the project being scanned, and it overrides all information obtained from the semi-automatic approach.

Overview

The objective was to reduce the manual work of configuring a CppDefaultMacros.json file for each project being scanned, by providing the following:

  • A method of inspecting and extracting macros, including paths and other information from the build files present in the project being scanned.

  • A method of extracting macros from different repositories and adding them to a database to be used during the C++ preprocessing.

6436185257.png

C++ Build Files Support

The new approach includes elementary support for the most common C++ build files.

Currently, the following files/build technologies are detected:

  • Makefiles

  • CMake

  • Autotools

  • QMake

  • Compile Database

We inspect these files to extract (when possible):

  • Macro Definitions

  • Global Include paths

  • Target OS Architecture Information

  • Other specific options, such as trigraphs

C++ Macros Database

CPPMacroDBMaker is a CLI application that allows Checkmarx and customers to create a database of C++ macros and their definition to be used in CxSAST scans.

This database is constructed from a list of sources for macros provided to the application via a text file where each line follows this syntax: <url> tab <file extension> tab <libName> .

For example:

https://raw.githubusercontent.com/cloudflare/jpegtran/master/jerror.h .h jerror

The execution of this application occurs offline:

  • During release build creation - by Checkmarx

  • Whenever there is a need to update the macro database with new sources - by customers

Notice

The CxSAST runtime assumes such a database exists. It is never created during a scan.

Checkmarx provides a docker file ready to run the macro database building tool.

docker pull checkmarx/cppmacrodbmaker
docker run -v ${PWD}\<YourLocalFolder>:/app/RepoFiles checkmarx/cppmacrodbmaker
  • -v specifies the volume where the database will be created. Maps to /app/RepoFiles path in the container.

  • The database cppMacroDBProto.proto is produced in the volume with the names and definitions of all the macros present in the repository files.

  • A repository.txt file can be added to the volume with extra sources to scan for lib-defined macros.

Warning

When running the container, note any errors that are displayed on the console related to libraries where the tool failed to gather the macros.

Once the file is created, move it to <CheckmarxPath>\Checkmarx Audit\MacrosDatabase\CPP and <CheckmarxPath>\Checkmarx Engine Service\Engine Server\MacrosDatabase\CPP by simply replacing the original file in that folder.

FAQ

Q: Is the CppDefaultMacros.json configuration file needed?

A: No. It is still considered in case it exists at the root of the project. The file is useful if want to add some extra information that is neither in the macro database nor in the build files.

Q: Are the build files processing ON by default?

A: Yes!

Q: If the customer runs the docker tool with a new repository.txt file, will the macros on the original database be erased?

A: No. The docker tool will generate a new database that contains the original macros along with the ones extracted from the source code pointed to by the URLs in respository.txt.

Q: Does the docker tool replace the original database?

A: No. The docker tool will generate a new database that needs to be copied to the correct places:

  • <CheckmarxPath>\Checkmarx Audit\MacrosDatabase\CPP and

  • <CheckmarxPath>\Checkmarx Engine Service\Engine Server\MacrosDatabase\CPP.