From fd0678e27137a4d0703addd08a17f0c46f307121 Mon Sep 17 00:00:00 2001 From: xfiderek Date: Tue, 23 Apr 2024 18:52:00 +0200 Subject: [PATCH 1/3] Add path to IKOS binaries to PATH variable in Earthfile (#138). --- spaceros/Earthfile | 1 + 1 file changed, 1 insertion(+) diff --git a/spaceros/Earthfile b/spaceros/Earthfile index d775062..fc84e30 100644 --- a/spaceros/Earthfile +++ b/spaceros/Earthfile @@ -178,6 +178,7 @@ rosdep: .. RUN make RUN sudo make install + ENV PATH="/opt/ikos/bin/:$PATH" WORKDIR $SPACEROS_DIR RUN sudo rm -rf ikos/ From d5f34261123cecf369340a66b3f1cf23beaeadde Mon Sep 17 00:00:00 2001 From: xfiderek Date: Tue, 23 Apr 2024 18:54:02 +0200 Subject: [PATCH 2/3] Add IKOS_SCAN_NOTIFIER_FILES to entrypoint.sh (#138). Add environment variable to entrypoint of spaceros image. This variable is required for ikos-scan to execute and generate .ikosbin files without having to run the ikos-scan server. --- spaceros/entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/spaceros/entrypoint.sh b/spaceros/entrypoint.sh index 4349ddb..93ea40f 100755 --- a/spaceros/entrypoint.sh +++ b/spaceros/entrypoint.sh @@ -3,4 +3,5 @@ set -e # Setup the Space ROS environment source "${SPACEROS_DIR}/install/setup.bash" +export IKOS_SCAN_NOTIFIER_FILES="" # make ikos create .ikosbin files for compiled packages exec "$@" From 86fbcd4f3713491c3c36e8856487c921db39718d Mon Sep 17 00:00:00 2001 From: xfiderek Date: Tue, 23 Apr 2024 18:55:54 +0200 Subject: [PATCH 3/3] Update instructions on running ikos-scan in README (#138). The current instructions specify how to re-run all tests, which takes substantial time. This change explains how to run ikos-scan specifically, which should be faster than running all tests. --- spaceros/README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/spaceros/README.md b/spaceros/README.md index 0aa91dc..109d132 100644 --- a/spaceros/README.md +++ b/spaceros/README.md @@ -215,19 +215,19 @@ spaceros-user@d10d85c68f0e:~/spaceros$ CC="ikos-scan-cc" CXX="ikos-scan-c++" LD= ## Generating IKOS Results -To generate JUnit XML files for all of the binaries resulting from the build command in the previous step, you can use **colcon test**, as follows: +To generate JUnit XML/SARIF files for all of the binaries resulting from the build command in the previous step, you can use **colcon test**, as follows: ``` -spaceros-user@d10d85c68f0e:~/spaceros$ colcon test --build-base build_ikos --install-base install_ikos +spaceros-user@d10d85c68f0e:~/spaceros$ colcon test --build-base build_ikos --install-base install_ikos --ctest-args -L "ikos" ``` To generate a JUnit XML file for a specific package only, you can add the *--packages-select* option, as follows: ``` -spaceros-user@d10d85c68f0e:~/spaceros$ colcon test --build-base build_ikos --install-base install_ikos --packages-select rcpputils +spaceros-user@d10d85c68f0e:~/spaceros$ colcon test --build-base build_ikos --install-base install_ikos --ctest-args -L "ikos" --packages-select rcpputils ``` -The `colcon test` command runs various tests, including IKOS report generation, which reads the IKOS database generated in the previous analysis step and generates a JUnit XML report file. +The `colcon test` command with the `-L "ikos"` flag runs IKOS report generation, which reads the IKOS database generated in the previous analysis step and generates a JUnit XML report file. After running `colcon test`, you can view the JUnit XML files. For example, to view the JUnit XML file for IKOS scan of the rcpputils binaries you can use the following command: @@ -235,6 +235,11 @@ For example, to view the JUnit XML file for IKOS scan of the rcpputils binaries spaceros-user@d10d85c68f0e:~/spaceros$ more build_ikos/rcpputils/test_results/rcpputils/ikos.xunit.xml ``` +SARIF files are also available in the same path: +``` +spaceros-user@d10d85c68f0e:~/spaceros$ more build_ikos/rcpputils/test_results/rcpputils/ikos.sarif +``` + ## Saving build artifacts locally `./build.sh` script executes the Earthly `build` task defined in `Earthfile`, which copies specified artifacts from the container to the host. Additional tasks defined in the Earthfile enable the preservation of intermediate artifacts generated during the build process.