Tencent Cloud Code Analysis

Enhanced Analysis Module Deployment

In addition to integrating well-known analysis tools in the industry, TCA also has its own independently developed tools, which serve as the enhanced analysis module of TCA.

The TCA enhanced analysis module requires users to additionally deploy the License authentication microservice and apply for a License by email.

TIP

1. License application is completely free! 2. Enterprises or universities are given priority in applying for a License.

Concepts

  • Independent tools: Code analysis tools independently developed by TCA;
  • CLS(Common License Server): The License authentication microservice for TCA independent tools.

Module Features

  • Supports Objective-C/C++ code specification check;
  • Supports analysis of project dependency components;
  • Supports analysis of whether dependency components have vulnerabilities and other issues;
  • Supports Java/Kotlin API and function call chain analysis;
  • Supports code safety, null pointer check, memory leak, and other rules.

Continuously updating...

TCA official website version enhanced capability application

If users usually use TCA official website version public serviceopen in new window and want to experience the analysis capabilities of the enhanced analysis module on the official website version, they can follow this help documentopen in new window to apply for configuration.

TCA Private Deployment Enhanced Capability Application

If you are using TCA in an enterprise intranet environment and want to experience the enhanced analysis module capabilities of TCA on the intranet, you can apply as follows.

Preparation

  • A dedicated machine for the CLS microservice, the CLS microservice needs to be bound to this machine

WARNING

Note: The CLS directory cannot be deleted at will

Steps

  1. Execute the following command in the server/cls directory of the TCA source code to obtain the Server ID and Client License

WARNING

Note: The command needs to be executed in the CLS directory

# If the cls binary is not found in this directory, you can execute the following command to synchronize.
$ bash ./scripts/base/install_bin.sh
$ cd server/cls
$ ./cls server
2022-04-13 18:35:29.356510559 +0800 CST [INFO] Version: 20220328.1
2022-04-13 18:35:29.44083463 +0800 CST [INFO] The client license is:
xxx
2022-04-13 18:35:29.454552966 +0800 CST [INFO] License Server ID: xxx
  • Server ID: Machine code, used to apply for License authorization from the TCA team
  • Client License: Provided to the TCA Client to facilitate tool authentication (important, it is recommended to back up)
  1. Configure the CLS microservice information in the config.ini of the TCA Client directory, for example
[LICENSE_CONFIG]
; [optional] Fill in when using independent tools, no need by default
; Domain name and port of the License service
URL=http://<IP or domain name>:<port>
BASE_PATH=
LICENSE=<Client License>

WARNING

Note: The URL corresponding value does not need to follow the slash / at the end.

WARNING

Different deployment methods can modify the config.ini configuration according to the following methods:

  • Source code deployment:
    • Modify the client/config.ini in the source code directory
    • Restart the client: ./quick_install.sh local start client
  • Docker deployment:
    • Method 1: Modify the .docker_temp/configs/client/config.ini in the source code directory and restart the tca-services container
    • Method 2: Enter the tca-service container, modify /CodeAnalysis/client/config.ini, and exit and restart the tca-services container
    • Restart the container method: docker restart tca-service
  • Docker-Compose deployment:
    • Modify the client/config.ini in the source code directory and restart the client container
    • Restart the container method: docker-compose restart client
  1. Apply for a License by email to the TCA team
  • Recipient email:
v_cocohwang@tencent.com
v_xiohuang@tencent.com
yalechen@tencent.com
tommyzhang@tencent.com
  • The application email format is as follows:

Subject: TCA Independent Tool License Application

Content:

Applicant's Namexxx
Name of the Organization the Applicant Belongs toxxx
Type of Organization the Applicant Belongs toOptional: Company/School/Individual
Applicant's Emailxxx
Applicant's Mobile Numberxxx
Is it Privately DeployedYes
First Registered Machine Codexxx
Purpose of Experience Applicationxxx
Client Licensexxx
  • First Registered Machine Code: The Server ID output in step one
  • Client License: The Client License output in step one
  1. After receiving the reply email from the TCA team, fill in the License in the config.yaml file in the CLS directory

WARNING

Note: Follow the yaml format, for example:

  • In key-value pairs, there is a blank character after the colon :, for example key: value.
  1. Execute the following command to start CLS
./cls server -d
  1. Verify that the CLS process starts normally
# Find if there is a CLS process
ps aux|grep cls

WARNING

Note: If the above command does not find the CLS process, it means that CLS did not start normally.
Please try to change the port in the config.yaml file to another port, such as 8080, the default is port 80, and then re-execute the command in step 5.

  1. Start the TCA analysis task Check the independent tool-related rule package in the analysis plan on the TCA platform, such as the dependency component analysis rule package, and then start an analysis task. If it runs normally, it means the setting takes effect.

CLS Operation and Maintenance

Automatic Restart

# Find the CLS process ID
ps aux|grep cls
# Restart the microservice
kill -USR2 <pid>

Network Exception

If the above deployment steps have been completed, but the enhanced function still encounters the License check failed! Please check the license. License Server is not available! exception. You can troubleshoot as follows:

  • Enter the task page, click on the abnormal tool, and download the execution log of the tool. If the following logs appear in the log, it means that the network access to CLS is abnormal;
method(head) call fails on error: <urlopen error [Errno 111] Connection refused>
  • Continue to verify. If it is Docker or Docker-Compose deployment method, enter the TCA Client container. If it is a source code deployment, go to the TCA Client machine. Execute the following command to confirm whether the network is accessible:
ping <CLS IP or domain name filled in config.ini>
telnet <CLS IP or domain name filled in config.ini> <corresponding port>
  • If the network is not accessible, please check:
    • Whether the firewall has opened the corresponding port;
    • Whether the corresponding domain name of CLS is set in the host;
    • Whether the IP setting is wrong.
Case Sharing

Background: Xiao Ming deployed TCA in Docker mode and deployed the CLS service on the same host. Then he set the IP in the URL in config.ini to 127.0.0.1, restarted and started the enhanced function task and encountered the above network disconnection exception.
Reason: The reason is that the 127.0.0.1 at this time points to the TCA Client container itself, not the CLS service deployed on the host.
Solution: Change 127.0.0.1 to the host's own IP.

CLS Update

  1. Use the following command to find the cls process and kill the process
# Find the CLS process ID
ps aux|grep cls
# Restart the microservice
kill -9 <pid>
  1. Download the latest version of cls and replace the cls binary file in it

WARNING

Note: You cannot delete the original cls directory, you only need to replace the cls binary file in it.

  1. Use the following command to restart the cls service
./cls server -d