c# - HP Fortify - Dead Code stored in Asp.net Temp Files -


is there possible fix dead code identified fortify when scanning asp.net mvc 3 project? code identified "dead' in generated files, stored in asp.net temp files folder. have 173 of these findings showing in our scan results. using version 6.10 of hp fortify scanner, latest rulepacks.

i came across article mitigates fortify dead code in mvc. appearantly, out of box fortify scans the mvc website if standard asp.net application.

modify fortify properties file

open {fortify_install_dir}\core\config\fortify.properties , uncomment following:

com.fortify.vs.skipaspprecompilation=true , also, set following property false (default value true).

com.fortify.vs.requireaspprecompilation=false build project

build project normal in visual studio

copy build artifacts

copy build artifacts /bin directory @ root of project following location -

c:\windows\microsoft.net\framework{frameworkverion}\temporary asp.net files{yourprojectname} project named “yourproject.web” build against .net 4 or 4.5, path this-

c:\windows\microsoft.net\framework\v4.0.30319\temporary asp.net files\yourproject.web run scan

see full article charles king here:

http://charlesbking.com/programming/2015/01/23/run-fortify-on-asp-mvc.html


Comments

Post a Comment

Popular posts from this blog

javascript - AngularJS custom datepicker directive -

i make custom datepicker directive custom template. but have no idea how start building it... how include date data directive? i appreciate guide or give me advice work on more precisely. it might you! follow below steps html code sample: <label>birth date</label> <input type="text" ng-model="birthdate" date-options="dateoptions" custom-datepicker/> <hr/> <pre>birthdate = {{birthdate}}</pre> <script type="text/ng-template" id="custom-datepicker.html"> <div class="enhanced-datepicker"> <div class="proxied-field-wrap"> <input type="text" ui-date-format="yy-mm-dd" ng-model="ngmodel" ui-date="dateoptions"/> </div> <label> <button class="btn" type="button"><i class="icon-calendar"></i>
Read more

javascript - jQuery date picker - Disable dates after the selection from the first date picker -

<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>jquery ui datepicker - default functionality</title> <link rel="stylesheet" href="//code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css"> <script src="//code.jquery.com/jquery-1.10.2.js"></script> <script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script> <link rel="stylesheet" href="/resources/demos/style.css"> <script> $(function () { $("#datepicker1").datepicker(); }); </script> <script> $(function () { $("#datepicker2").datepicker(); }); </script> </head> <body> <p>date 1: <input type="text" id="datepicker1"></p> <p>date 2: <input type="t
Read more