File parsing or Syntax errors
Question
How do I resolve file parsing or syntax errors reported by the Fortify scan?
Answer
Parsing and syntax errors are due to either syntactic errors in the identified file or bugs in Fortify’s parser. Assuming the code compiles using a standard parser, then this means it is likely an issue with Fortify. If it is an issue with Fortify then the specific parser errors will not be counted against passing the code review validation process. Errors that are the result of known Fortify issues are identified as such on the Troubleshooting Fortify errors technical note.
Follow these steps to resolve other parsing errors:
- Generate a log file with the debug flag turned on during the scan. Debug logs may include additional information for resolving the parsing error. See the following technical note for details on generating log files: How to create a Fortify log file
- Review the log file for information related to the parsing error. If this provides the information necessary to resolve the error, then fix the issue and rescan.
- If the log file does not indicate how to resolve the problem, it is likely a Fortify parsing bug. Please ensure the following items are included in future code review submissions, and they will be taken into consideration during the review:
- The debug log files
- The command options used during the translation phase of the Fortify scan
- A readme file explaining the steps taken to try to resolve the errors
Errors that cannot be resolved will not be counted against passing the review.
Additional Notes
- Please note that this method of resolving errors reported by Fortify only applies to parsing and syntax errors. Other errors must either be resolved or confirmed to be issues in the Fortify software.