I'm using HP Fortify SCA version 4.40. After scanning a Java project, Fortify reports one scan warning:
The following references to java functions could not be resolved. These functions may be part of classes that could not be found, or there may be a type error at the call site of the given function relative to the function declaration. Please ensure the java source code can be compiled by a java compiler.
~instance~for~static~field~
I understand that to resolve this type of warning, I need to update the sourceanalyzer classpath to point to the jar that contains the missing referenced function. However in the above, "~instance~for~static~field~" doesn't give me any information on where to find the missing reference. Given the size of the codebase I'm working with, I can't manually dig into each and every class looking for a possible missing reference that fits the above vague description.
Does anyone have any insight into this type of vague warning? Is there a reason why no further details are provided? Any suggestions for getting more details about where this missing reference actually is located?
Aucun commentaire:
Enregistrer un commentaire