Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
9049 views

Precompile picks up wrong projects.

Jump to solution

The precompile is picking up projects that are structurally under the solution main folder even though they are not part of the solution. There are no references to those projects in the solution but they are still being precompiled. The only way we have found around this is to delete the unwanted project directory from the folder structure. This is not a very elegant solution and we are researching other avenues to get around this issue but it was the quick and dirty that works. (So it will probably be there for years) Is there a way to explicitly tell the precompile to ignore a specific directory?

0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

From the Scan Wizard, within the resulting Batch file itself you will find a section that dynamically writes the necessary, temporary ARGS file with your specified exclusions.  In my test, this was a *.ARGS file, and I believe it spawned within the same folder where I ran the CLI scan.  I also happened to store the Batch file and also write the FPR to that same folder, so I do not know which one of those three controlled the ultimate location of this ARGS file.  From the Batch file, there was this directory specified, so that seems like a likely destination, the Project's specified root folder.

     set PROJECTROOT0="C:\workspace\webgoat"

Towards the end of the Batch file comes the raw text that is written to that ARGS file, such as the following sample lines.

echo Finished

:FINISHED

REM ARGS "-cp"

REM ARGS "PROJECTROOT0_MARKER\WebGoat5.0\tomca.........

...

REM ARGS "1.5"

REM ARGS -exclude "PROJECTROOT0_MARKER\WebGoat5.0\WebContent\lessons\CrossSiteScripting\CrossSiteScripting.jsp"

REM ARGS -exclude "PROJECTROOT0_MARKER\WebGoat5.0\WebContent\lessons\CrossSiteScripting\EditProfile.jsp"

REM ARGS -exclude "PR........

...


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

View solution in original post

0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

If you were using the Scan Wizard, it would offer you a GUI of the discovered directories, and you could deselect the offending folder(s) that you wish to omit from the solution.  This actually boils down to the -exclude option for the SCA CLI.

This -exclude option tends to be very precise to the file, but it can be set with wildcards.  As an example, to exclude everything in the “/test/“ directory, you might use the following details.

-exclude “**/src/main/Test/*.*” <— Excludes Files in the immediate folder only

-exclude “**/src/main/Test/**/*.*”   <— Exclude Files in the immediate folder and its sub-folders.

Here is what the Scan Wizard came up with when I toyed with one of the samples that come with SCA.  Wildcards would definitely improve this.

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\General\redirect.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\RoleBasedAccessControl\EditProfile.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\RoleBasedAccessControl\error.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\RoleBasedAccessControl\ListStaff.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\RoleBasedAccessControl\Login.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\RoleBasedAccessControl\RoleBasedAccessControl.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\RoleBasedAccessControl\SearchStaff.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\RoleBasedAccessControl\ViewProfile.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\SQLInjection\EditProfile.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\SQLInjection\error.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\SQLInjection\ListStaff.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\SQLInjection\Login.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\SQLInjection\SearchStaff.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\SQLInjection\SQLInjection.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\SQLInjection\ViewProfile.jsp"

-exclude "C:\workspace\webgoat\WebGoat5.0\WebContent\lessons\XPATHInjection\EmployeesData.xml"


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

I ran the wizard and found the listing in the bat file. That appears that it will work as long as it really does work. Any idea where it really creates the arg file? I can go searching but if someone knows ....

0 Likes
Micro Focus Expert
Micro Focus Expert

From the Scan Wizard, within the resulting Batch file itself you will find a section that dynamically writes the necessary, temporary ARGS file with your specified exclusions.  In my test, this was a *.ARGS file, and I believe it spawned within the same folder where I ran the CLI scan.  I also happened to store the Batch file and also write the FPR to that same folder, so I do not know which one of those three controlled the ultimate location of this ARGS file.  From the Batch file, there was this directory specified, so that seems like a likely destination, the Project's specified root folder.

     set PROJECTROOT0="C:\workspace\webgoat"

Towards the end of the Batch file comes the raw text that is written to that ARGS file, such as the following sample lines.

echo Finished

:FINISHED

REM ARGS "-cp"

REM ARGS "PROJECTROOT0_MARKER\WebGoat5.0\tomca.........

...

REM ARGS "1.5"

REM ARGS -exclude "PROJECTROOT0_MARKER\WebGoat5.0\WebContent\lessons\CrossSiteScripting\CrossSiteScripting.jsp"

REM ARGS -exclude "PROJECTROOT0_MARKER\WebGoat5.0\WebContent\lessons\CrossSiteScripting\EditProfile.jsp"

REM ARGS -exclude "PR........

...


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

View solution in original post

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Sorry, yep, missed that in the file where it writes out the arg file. That does what I want it to. Thanks.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.