c# - HP Fortify - Dead Code stored in Asp.net Temp Files -
is there possible fix dead code identified fortify when scanning asp.net mvc 3 project? code identified "dead' in generated files, stored in asp.net temp files folder. have 173 of these findings showing in our scan results. using version 6.10 of hp fortify scanner, latest rulepacks.
i came across article mitigates fortify dead code in mvc. appearantly, out of box fortify scans the mvc website if standard asp.net application.
modify fortify properties file
open {fortify_install_dir}\core\config\fortify.properties , uncomment following:
com.fortify.vs.skipaspprecompilation=true , also, set following property false (default value true).
com.fortify.vs.requireaspprecompilation=false build project
build project normal in visual studio
copy build artifacts
copy build artifacts /bin directory @ root of project following location -
c:\windows\microsoft.net\framework{frameworkverion}\temporary asp.net files{yourprojectname} project named “yourproject.web” build against .net 4 or 4.5, path this-
c:\windows\microsoft.net\framework\v4.0.30319\temporary asp.net files\yourproject.web run scan
see full article charles king here:
http://charlesbking.com/programming/2015/01/23/run-fortify-on-asp-mvc.html
Comments
Post a Comment