7

I am using cppcheck for static analysis of C Code, but cannot seem to get an XML. I require the XML File to be consumed by Jenkins

Here is what i have tried so far:

runcppcheck.sh

#!/bin/sh
cd obj/msc
cppcheck --enable=all -I. -I. -I. -I. -I. -I. -I. -I. -I. -I. -I. /usr/include/ -I. obj/fap/ \
-DSUNOS -DSS -DSS_MT -DANSI -D_GNU_SOURCE -DSS_LINUX -D_REENTRANT -D__EXTENSIONS__ -DSUNOS -DCNS_PH1 -DDBG_TIMESTAMP -DLX_PRNT_TIMESTAMP \
-DDEBUGP -DLX -DLCLXT -DLXT_V1 -DLCLXUILXT -DLCXULILXT -DXU  -DLX -DLCLLX  -DSM -DLWLCLLX -DLCLXMILLX -DLCSMLXMILLX -DHR -DLX -DLCHRT \
-DLCHRUIHRT -DLCHRLIHIT -DLCLXLIHRT -DXU -DLCXULIHRT  -DLX -DLX_RTP -DLX_FASTRC -DCMINET_BSDCOMPAT -DSS_TICKS_SEC=100 -DCMFILE_REORG_1 \
-DCM_INET2 -D_GNU_SOURCE -DCMFILE_REORG_2 -DSSINT2 -DCMKV2 -DHI_MULTI_THREADED -DxCM_PASN_DBG -DxCCPU_DEBUG -DxRNC_OUTPUT_CONSOLE \
-DxCCPU_DEBUG_TRACE -DCCPU_DEBUG1 -DSS_PERF -DNO_ERRCLS -DNOERRCHK -DSS_M_PROTO_REGION -DxCCPU_DEBUG_TRACE1 -DxCCPU_DEBUG_TRACE2 \
-DCCPU_MEAS_CPU -DSTD_CCPU_IU -UMULTIPLE_CN_SUPPORT -DLONG_MSG -DTEST_CNS -UDCM_RTP_SESSID_ARRAY -DHR *.c *.h --xml ../../cppcheck-result.xml

i DO GET the XML on stdout, but just NOT in a file

kamal
  • 9,637
  • 30
  • 101
  • 168

3 Answers3

12

I am a Cppcheck developer.

You need to pipe the report to the file.

cppcheck file1.c --xml 2> cppcheck-result.xml

A small hint about your command line, in most cases it's better to use . instead of *.c *.h.

Daniel Marjamäki
  • 2,907
  • 15
  • 16
  • i used "cppcheck file1.c --xml 2>&1 | tee test2.xml" any comments – kamal May 16 '12 at 13:28
  • 1
    Hmmm. For some reason, I couldn't get this to work (under Windows 7, if that matters). When piping it out to an .xml file as shown above, the output file will only contain information about which files are being processed and the progress, not the xml output (which I do see, but only in the console window). – leifericf Jul 05 '12 at 20:31
  • Per the [manual, Chapter 4](http://cppcheck.sourceforge.net/manual.pdf), you should prefer the new XML standard `--xml-version=2`, not `--xml`. – phoenix Nov 16 '15 at 00:40
  • @Leif you probably fixed it or don't care by now but you need to pipe with `cppcheck ... 2>my.xml` not `cppcheck ... > my.xml` – Pierre.Sassoulas Jul 26 '17 at 08:32
  • @Pierre.Sassoulas Thanks - It might be useful to someone else coming here, but I don't remember what I was trying to do when back then. – leifericf Aug 11 '17 at 17:57
4

Actually, here is the command to get the proper xml output.

cppcheck --xml --xml-version=2 --enable=all <path1> <path2> 2>samplecppcheck.xml
fracz
  • 20,536
  • 18
  • 103
  • 149
HemaLatha
  • 41
  • 1
  • Per the [manual](http://cppcheck.sourceforge.net/manual.pdf), you don't need the `--xml`, just `--xml-version=2`. – phoenix Nov 16 '15 at 00:38
0

That 2> part is obviously shell syntax, and is only meant to work from the context of a shell interpreter. So what to do when NOT running from a shell, just a plain “command with arguments” type of interface (like env, xargs, docker run and such)?

It should be needless to say that the obvious workaround, wrapping the whole thing in sh -c, is a horrible antipattern: Quoting and escaping is hard to do correctly, most programmers won't even try, resulting in brittle code and a potential security hole. That would be an unreasonable complication for specifying an output file, and a clear sign that you're doing something wrong.

A wrapper script lets you solve the problem the right way

#!/bin/sh
exec "$@" 2> result.xml

… but that would be a file, and that may be a complication in itself. Luckily, that script can be written in an inline form like this:

sh -c 'exec "$0" "$@" 2> result.xml' cppcheck …

This is now in the form of a plain argument list, and therefore works in all shells, as well as non-shells like docker run.

user2394284
  • 5,520
  • 4
  • 32
  • 38