Overview

CAST Extension SDK allow to develop plugins that are launched during the analysis process. It is a set of tools made to help producing more analysis data (objects, links, properties).

Some notable features :

  • execute any executable during an analysis job, for example third party analyzers
  • inject objects, links, property or rule violations into the analysis service
  • handle new frameworks
  • parse any type of files
  • do whatever one can program

The SDK is based on

  • Python 3.4 as scripting language (provided inside the CAIP install)
  • eclipse as IDE

The IDE features :

  • unit test for the writen plugins
  • debuggability of the plugins

What is a Plugin ?

A plugin is a folder that can contain :

  • some python code that will be executed during the analysis
  • additional metamodel files to represent new types of objects, new properties
  • quality rule definitions that will be added to the quality rule model

Once deployed and activated its code will be called at some predefined extension points.

The general idea behind those extension points is that plugins are called back at some key points of the analysis, and they are given the chance to do something at those points.

Plugins’ extensions are called :

  • at the very start of analysis (for CAIP version above 8.3.0)
  • for each J2EE, DotNet, UA execution unit :
    • at the very beginning of the analysis
    • for each class, member in a recursive tree walk
    • for each analyzed file
    • ...
  • at the end of the application after all analysers jobs have run
  • at the end of the snapshot (for CAIP version above 8.3.0)
_images/extension_points_sequence.png

Extension point sequence example.

Those extension points may differ between technologies/analyzers but the mere principle will remain the same.

Those extension points generally have a context parameter. For example when starting the analysis of a file, the extension point receives the cast.analysers.File object that represent the file according to CAIP, and giving access to path.

Choosing between analysis level and application level

You can combine inside the same plugin those two levels, and it will be generally the case.

Here are the element for choosing when to use each mechanism:

  • at analyzer level you will :
    • create new objects
    • create local links. By local we mean that those links can be created by just reading one source code file
  • at application level you will :
    • create global links. A link is global is it is :
      • inter technology
      • intra technology but inter projects/analysis unit
    • decorate objects that you cannot decorate at analyzer level
    • generate analysis results reports

When you have the choice between the two levels, you probably need to prefer analyzer level for performances consideration.