Overview

One of the strong points of beSOURCE is its ability to allow you to control what action you are taking for each of the Violations (defects) that it detects.


Example

Start a beSOURCE analysis of the source code. It reported the following violations:

Select any violation to view more details.


In this example, the source is not properly handling the errors that may return because of incorrect parameters being passed to calloc/malloc. Double-click the violation to display the vulnerable code.


This point of code has several issues: one or more of these could be an acceptable risk, a violation you intend to fix, a violation that cannot be triggered, etc.


Select [Critical][SP] Detect and handle errors. Line: 80 to display additional information on the violation, if needed.


After reviewing the information, you can change the Violation Status by right-clicking on the violation line, and selecting Modify the Violation Status.


In the Violation Status box, select one of the following actions:

  1. Defect - Accept this violation as a defect.
  2. Not Defect - The violation is a not-reachable defect or a defect that is a false positive.
  3. Ignorable - The violation can be ignored because it does not constitute as a defect (for example, the code only appears to be vulnerable).
  4. Cleared - You acknowledge this defect and took action to remediate/resolve it. Subsequent analysis reaffirms or disapproves this status.
  5. Not Reviewed - Adds a placeholder on the defect, stating it has not been examined to determine its ultimate status.


Viewing Not Defect/Ignored Defects

To view defects that you have marked as "Not Defect" or "Ignored," select the item the View Excluded Itemsbutton. 


The List of Rule Violations window will now focus on ignored items.