Unified Language User Guides
iCR User Guide 5.0
iCR User Guide 5.0
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Cloud Access Using OAuth
      • Authenticating GitHub Cloud Access Using PAT
      • Authenticating GitHub Enterprise Access Using OAuth
      • Authenticating GitHub Enterprise Access Using PAT
      • Authenticating GitLab Cloud Access Using OAuth
      • Authenticating GitLab Cloud Access Using PAT
      • Authenticating GitLab Enterprise Access Using OAuth
      • Authenticating GitLab Enterprise Access Using PAT
      • Authenticating Bitbucket Cloud Access using OAuth
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • Updating your User Information
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
        • Filter by Severity
        • Filter by Category
        • Filter by CWE
        • Filter by OWASP
        • Filter by Directory
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Comparing Analyses
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Integrating iCR Into Your CI/CD Workflows
      • Jenkins Workflow
        • Installing the plugin
        • Configuring the plugin
          • Creating a Personal Access Token
          • Copying Your Repository's URL
        • Viewing the Results
      • GitHub Actions Workflow
        • GitHub Actions Overview
        • Preparing the GitHub Workflow
          • Environment Variables
          • User Supplied Secrets
          • Setting the User Defined Secrets Values
        • Executing the Workflow
      • GitLab CI/CD Workflow
        • GitLab CI/CD OverView
        • Configuring the GitLab Script variables
          • Environment Variables
          • User Supplied Variables
          • Creating a Personal Access Token
          • Setting the User Defined Variable Values
        • Executing the Workflow
      • Multiple Workflows
    • Appendix – Language Specific Fixer Lists
    • Appendix - Sample Bug Listing
    • Appendix - Getting a BitBucket App Password for JENKINS
Powered by GitBook
On this page
  1. Table of contents
  2. Reviewing your results

Reviewing a fix

PreviousFilter by DirectoryNextAccepting a fix

Last updated 3 months ago

Once you have filtered for the set of fixes for review, you may begin processing them. That typically begins with clicking on the Unresolved tab to see what fixes need to be reviewed. In our example, we will be looking at a set of fixes within the Object Visibility category in our sample Java project, Thunder. We are using a Java example here to demonstrate the atomic correction capability within iCR. Other languages may have similar kinds of behavior.

There were 86 fixes identified as within the Object Visibility category. To show how to process a fix, we will look at Fix OV-L-19.

In this example, it has detected an encapsulation problem where a variable that should be declared private to the class was declared as public. To learn more about this issue, you can click on the link CERT Secure coding standard OBJ01-J to learn more about encapsulation problems.

To correct this Encapsulation Problem, the variable is made private and a pair of accessor methods to set and get the value is created. Any other files that reference the variable are updated to use the accessor methods instead of modifying the variable directly. As a result, the summary of the fix shows that there are offered changes to a total of 5 files.

Since there were 5 files affected, there are 5 Diff: tabs shown where each tab corresponds to the changes suggested for each affected file. In this example, Diff: 5 is selected and displayed. This is the diff for the file containing the improperly declared public variable.

The lines that were changed are identified by the red highlighted statements. In this example, that is Line 8. The text below shows the corrected code with green highlights. The class variable String hostServer was declared public but should be private. The iCR generated code corrects the issue by making the variable private, shown as the replacement for line 8. In addition, the accessor methods getHostServer and setHostServer are added to allow controlled access to the now private variable as shown in added lines 58 through 65.

You can scroll through the original source file independently of the diff window.

Once you are satisfied with reviewing a particular correction, you can select other Diff: tabs to review all the suggested changes for this fix.

To view other fixes, scroll through the list of fixes or select new filters.

To see the diffs for all of the 5 files, click on the Show Diff icon. Doing that reveals an expanded display.

If you want to browse the original source file associated with this fix, you can click on the Show Source icon. A scrollable window will appear below the diff window with tabs for each of the files that have a diff for this fix. You can click on any tab to browse the source for any of the affected files. In this case Source of Diff: 5.