How to scan files with non-standard file extensions

Question

How do I scan files, for example Java language files, in files that use non-standard file extensions?

Answer

A property can be set (either in fortify-sca.properties or using -D on the command line) to associate file extensions with a language. The property is:

com.fortify.sca.fileextensions.<extension> = <language>

For example, if you want the .ftl files to be scanned as Java files, use the following property:

com.fortify.sca.fileextensions.ftl  = JAVA

The <extension> is the file name extension to scan. A list of <language>’s that are recognized by Fortify is included in the default fortify-sca.properties file that can be found in the Fortify installation directory under Core/config. To scan files without extensions, please see the technical note How to scan files without file name extensions.

References

• Micro Focus Security Fortify Static Code Analyzer User Guide, Appendix I: Configuration Options