Source Code 2 Cast

[Landerico Benson]

Itis possible to view object source code direct in CAST Imaging. Source code is available by right clicking objects in the Investigation view (available after a double clicking an item at Level 5) and selecting Show source code. Below is an explanation of how to configure the source code viewer.

The file is located in the protected %APPDATA% location, therefore you must open the .properties file with elevated permission (this is usually achieved by right clicking your text editor in the Windows start menu and selecting Run as administrator):

This is the JDBC url for the CAST Storage Service/PostgreSQL instance where the application source code is stored. The syntax is as follows: jdbc:postgresql://:/postgres. Multiple instances should be separated by a comma.

This entry is used to identify the host name - you can use any name, however CAST suggests using the host name or IP address as entered in datasource.url entry. Separate with a comma for multiples instances.

Save the file and ensure that you restart the CAST Imaging System - sourcecode service Windows service or the sourcecode Docker container in order for the new configuration to be taken into account.

Or if you need to define multiple CAST Storage Service/PostgreSQL instances, run the following command (adapt to your own environment). The example below shows two CAST Storage Service/PostgreSQL instances, but more than two can be added if required:

If your CAST Storage Service/PostgreSQL instances are hosted on another host machine (i.e. not hosted on the same host machine as Docker) then you will also need to run the following additional command to ensure that CAST Imaging is aware of the external host via its IP address:

Note: For JavaScript and HTML5, please send the files in a "normal" format rather than a minified or bundled format (minified files i.e. *.min.js files or bundled files containing one or a few very long lines javascript files being automatically excluded from the analysis)

When collecting application source code, ensure that you will have the .java files and not .class or .jar files for source code within the scope of the analysis. .class and .jar files are decompiled only to extract the signature.

Note: For JavaScript and HTML5, please send the files in a "normal" format rather than a minified or bundled format (minified files i.e. *.min.js files or bundled files containing one or a few very long lines JavaScript files being automatically excluded from the analysis)

This page details the source code file types required per technology to be delivered. This document is used by the CAST Administrator during Qualification and Source Code Delivery phases as detailed at this link Prepare and deliver the source code.

Send an email to all project leads or application owners, internal and outsourced, with simple instructions on how they can access the CAST Highlight portal. They download a local agent, scan their relevant code stack, and answer a few survey questions online. Simple as pie, and hundreds of project leads can complete the process simultaneously in just 10 minutes.

All project leads or app owners upload a small encrypted text file containing analysis results to the CAST Highlight portal. This includes a list of framework versions and libraries used in the code, stats about the code, but not the code itself. CAST Highlight is compliant with the highest security regulations and standards. And again, no source code is gathered by this process.

CAST Highlight uses answers to the survey to contextualize the source code-based intelligence gathered by the agent, and instantly generates intuitive heat maps, charts, and graphs to support critical planning decisions such as IT budgeting, sourcing strategies, and application portfolio rationalization. The list of open source frameworks and the CVEs associated to them forms an immediate hit list to address from a security standpoint.

CAST Highlight helps users determine the ideal sequence of applications to move to the cloud by automatically segmenting a portfolio based on multiple dimensions. Learn in this article how the Cloud Migration Wave Advisor works.

CAST Highlight automatically calculates a lifespan status on open-source software (OSS) components. This status identifies whether a component is active, possibly deprecated, or immature. See in this article how the feature works and how to leverage this new SCA insight for more informed decisions.

Containerization has become increasingly popular in modern applications, with Docker images providing a lightweight and portable way of packaging and deploying software. However, scanning source code of custom applications is not enough to guarantee the security of a containerized application. CAST Highlight has developed a new capability that allows users to scan the contents of a Docker image to identify potential risks and vulnerabilities. See how the capability works.

(Optional) By default, CAST Extend local server is configured to function in offline mode. If this is acceptable, no additional configuration is necessary. However, if you prefer to configure CAST Extend local server in online/proxy mode with a direct connection to CAST Extend, follow these steps.

Note: Choosing Proceed starts the analysis process for the source code. The progress window in the CAST Console shows each step of the analysis process, and displays a notification when the analysis is complete.

CAST Highlight is the SaaS platform to monitor software health, cloud readiness, complexity & cost of your Application Portfolio with code-level analytics. This extension to Visual Studio Team Services allows users to scan source code against hundreds of programming best practices and patterns get unprecedented software analytics and benchmarks.

CAST Highlight uses predictive patterns analysis built over time by scanning thousands of applications and billions of lines of code. By looking at the frequency of issues and potential impacts, managers can review how the factory is operating without drowning in detail. Learn more about our predictive code patterns.

CAST Highlight is a SaaS software intelligence product that delivers rapid insights across your entire application portfolio. It automatically analyzes source code of hundreds of applications in hours for Cloud Readiness, Software Composition Analysis (open source risks), Green Impact, Resiliency, and Technical Debt. Objective software insights from automated source code analysis combined with built-in qualitative surveys for business context enable more informed decision-making about application portfolios.

Our typical users are technology executives, enterprise architects, and business unit leaders that are pursuing a digital transformation strategy for their organizations. Enterprises across any industry that have custom applications targeted to migrate to Microsoft Azure will realize the value in leveraging CAST Highlight to:

Note: The code samples in this tutorial use doctest to make sure thatthey actually work. Since some code samples behave differently under Linux,Windows, or macOS, they contain doctest directives in comments.

You load libraries by accessing them as attributes of these objects. cdllloads libraries which export functions using the standard cdecl callingconvention, while windll libraries call functions using the stdcallcalling convention. oledll also uses the stdcall calling convention, andassumes the functions return a Windows HRESULT error code. The errorcode is used to automatically raise an OSError exception when thefunction call fails.

Accessing the standard C library through cdll.msvcrt will use anoutdated version of the library that may be incompatible with the onebeing used by Python. Where possible, use native Python functionality,or else import and use the msvcrt module.

On Linux, it is required to specify the filename including the extension toload a library, so attribute access can not be used to load libraries. Either theLoadLibrary() method of the dll loaders should be used,or you should load the library by creating an instance of CDLL by callingthe constructor:

Note that win32 system dlls like kernel32 and user32 often export ANSIas well as UNICODE versions of a function. The UNICODE version is exported witha W appended to the name, while the ANSI version is exported with an Aappended to the name. The win32 GetModuleHandle function, which returns amodule handle for a given module name, has the following C prototype, and amacro is used to expose one of them as GetModuleHandle depending on whetherUNICODE is defined or not:

windll does not try to select one of them by magic, you must access theversion you need by specifying GetModuleHandleA or GetModuleHandleWexplicitly, and then call it with bytes or string objects respectively.

There are, however, enough ways to crash Python with ctypes, so youshould be careful anyway. The faulthandler module can be helpful indebugging crashes (e.g. from segmentation faults produced by erroneous C librarycalls).

None, integers, bytes objects and (unicode) strings are the only nativePython objects that can directly be used as parameters in these function calls.None is passed as a C NULL pointer, bytes objects and strings are passedas pointer to the memory block that contains their data (char* orwchar_t*). Python integers are passed as the platforms default Cint type, their value is masked to fit into the C type.

Assigning a new value to instances of the pointer types c_char_p,c_wchar_p, and c_void_p changes the memory location theypoint to, not the contents of the memory block (of course not, because Pythonbytes objects are immutable):

You should be careful, however, not to pass them to functions expecting pointersto mutable memory. If you need mutable memory blocks, ctypes has acreate_string_buffer() function which creates these in various ways. Thecurrent memory block contents can be accessed (or changed) with the rawproperty; if you want to access it as NUL terminated string, use the valueproperty:

3a8082e126