Fortify scan multiple folders. 3\tomcat\jobFiles folder $ scancentral.
-snm, --scan-node-modules: Specifies node_modules dependencies in the package. Prepend the Gradle command line with the sourceanalyzer command as follows: sourceanalyzer -b <build_id> <sca_options> gradle [<gradle_options>] <gradle tasks>. The ScanCentral page opens. However, some factors do impact the scan time for Fortify: complexity of the code base. This example shows how to use MBS to run the translation on Machine A and scan the project on Machine B: Machine A: Translation the project. 1 - Lets say I have a windows forms app, which asks for a username and password, and the name of the textbox for password is texboxPassword. Fortify Features. log "wmd/**/*. Run the Fortify. If the folder already exists, Fortify SCA cleans the folder before starting the scan. Use the ‘Start Scan’ wizard, and define scan settings beforehand. This specifies how Fortify Static Code Analyzer processes . Attempting to analyze the . Oct 29, 2018 · Fortify supports excluding files and/or folders from the scan in the translation phase. STEP 1: Go to the Installation Directory and navigate to bin folder in the Command Prompt or in Command line tool. To display signature information for the analysis: FPRUtility -information -signature -project <project> . For a full listing of fcli commands and corresponding command line options, please see the man-pages as Mar 3, 2016 · If function not found, fortify will skip the source code translation, so this part will not be scanned later. Build Servers. This includes: l Disk I/O—Fortify Static Code Analyzer is I/O intensive so the faster the hard drive, the more savings php artisan fortify:install. After a crawl has been completed, you can click Audit to assess an application’s vulnerabilities. Provide details and share your research! But avoid …. On the build servers, the files accumulate here: C:\Users\<agent account>\AppData\Local\Fortify\sca20. c. min=2G. However, after making this change, I noticed that the Fortify findings for a wmd/pack. While the above is true regarding fprs, It is possible to merge scan results. For more information, see About Upgrading Fortify Static Code Analyzer. This interme‑ diate format is used to locate security vulner‑ abilities. Fortify SCA displays the results and saves an FPR file in the folder you specified. Do not change default scan options. Net Assemblies if they are build in a Debug configuration and the . /wmd/**/*. The ScanCentral SAST page opens. properties file. Tip: On any window presented by the API Scan Wizard, you can click Settings (at the bottom of the window) to modify the default settings or to load a settings file that you previously saved. Feb 1, 2021 · Add a Variable called ReleaseId and add the Release Id from Fortify. Pros: No integration effort is required. Add all required header files using include_directory. Some of the fcli highlights: Interact with many different Fortify products with just a single command-line utility. Click Finish. BUT after a while (and this was 12 years ago so maybe it has improved) we realized it was creating too many false positives and also IMHO just didnt understand the language. Nov 19, 2015 · Fortify will pick up all the javascript . Fortify Static Code Analyzer uses a build ID to track the files that are compiled and combined as part of a build, and then later, to scan those files. gitlab-ci. The following commands illustrate the most basic way for performing a Fortify SCA scan, without utilizing any build integration. Second, Try using one -exclude parameter for every single one folder you want to exclude, for example: For example, if you have only the SonarQube Java plugin installed, the Fortify plugin can report vulnerabilities on Java files as SonarQube issues, but it cannot report vulnerabilities on JSP or XML files. May 16, 2024 · I need scan my folder with c++ files using the Fortify Static Code Analyzer. Or, you can issue more than one translate command pror to issuing the Scan command. sourceanalyzer -b buildId devenv "mysolution. Insert a fortifyclient command with appropriate references to the SSC url and the FPR file. i. STEP 2: Then type scapostinstall. bat file created at the root location of your project. However, there is no schema, and it can change between releases as-needed. $ sourceanalyzer -b cs-sample -show-files Local scan without SSC upload - Fortify_ScanCentral_Controller_21. In the ScanCentral Controller URL box, type the URL for the Controller. The required cmake command is include_directories. 21. The data flow analyzer uses global, inter Obtain lists of issues (including some basic information). yml file, for translating the files with the sourceanalyzer, here is the script: - script: |. pkb or other oracle files. This still scanned all of the files. sln solution contains a lot of test projects I have a lot of findings in test code which I’m not interested in. 11. Next, you should migrate your database: May 1, 2019 · Screen 2 of the Scan Wizard — Review Source Files. Optionally, enter a name for the scan in the Scan Name box. For best performance, specify only the . Select “ <Fortify Install Dir>\Samples\basic\eightball ” as project root. For example: com. Resolution. You still want to specify the 3rd party dll's, those get specified in the -libdirs option. I also tried. 3. It should be sufficient to add the folders the header files are in. Is it possible ? Thanks and Regards, Saurav You can put in more than a single File Specifier in your command. Consider scanning the code into multiple FPR files, if appropriate. 1. Run cmake by changing CC and CXX variables: CC="sourceanalyzer -b project_ID gcc" CXX="sourceanalyzer -b project_ID g++" cmake . I want to generate a report that has all the instances of where the issues are found. Crawl and Audit: Map the site's hierarchical data Go to Fortify on Demand. Venu Kumar. The internal workings of the Scan Engine is proprietary information and the detailed changes are Oct 22, 2015 · I have a Fortify FPR scan file that I open in AWB. set -euo pipefail. pdb files are present. dll. In the Fortify Static Code Analyzer translation phase, specify the Java bytecode files that you want to translate. Translate all source files with a known file extension located in the src directory tree. We are currently on SCA version 17. Oct 8, 2020 · An overview of Fortify Static Code Analyzer (SCA), including the code scanning process, and then a demo of Scanning on The Command Line or a Script. When I generate a report it generates the report with the issues by type and their count and below the type I also get names and code snippets of some files where the issue was found. 0. You can even scan WAR file with: com. The Fortify service provider registers the actions that Fortify published and instructs Fortify to use them when their respective tasks are executed by Fortify. I am hoping I can skip whole directories Fortify Static Code Analyzer by OpenTextTM uses multiple algorithms and an expansive knowledge base of secure coding rules to analyze an application’s source code for exploitable vulnerabilities. It usually takes about 15 minutes to scan all of the folders but when I set this it ran 30 Minutes or more and no visible signs of succeeding. On the machine where the LIM is installed: Open Windows Service Manager: Start > All Programs > Administrative Tools > Services. This array defines which backend routes / features Fortify will expose by default. In the Scan Name box, enter a name or brief description of the scan. In the right panel, click the Advanced Options tab. When we go to run the scan wizard, it Oct 6, 2022 · sourceanalyzer -b pants -debug -verbose -logfile scan. 2. Increase Memory Allocation: Adjust the memory settings by modifying the sca. First, instead of -Dfortify. Optimize Analysis: Use the -Xmx flag to allocate more memory to the Java process running the analysis: sourceanalyzer -Xmx4G -b build_id -scan. 30), I created a new scan project in AWB, but just found 4 files (3 xml and one java file), then I created a script with scan wizard, and again it found 4 files, not the rest 20 jar files, if somebody could say what I'm doing wrong. class file packed into a WAR could not find the . The command below doesn't exclude all the files within the sub-directories. Apr 22, 2015 · I have multiple projects bound by a single parent pom. I am using Fortify 16. After the scan completes, the Audit Workbench should look like the following screen snapshot. com. I think at the high level, you or Fortify Professional Services would want to: 1. Java: Specify the classpath, source version, sourcepath, source files, build tool options, source files (this can be a build file), and any other additional files to include in the scan. 8 and above is supported. Asking for help, clarification, or responding to other answers. Sep 9, 2020 · Manually Initiated Scans: From the Fortify on Demand (FoD) browser interface, upload the ‘payload’ (source code and dependencies that are packaged into a zip file). . I tried to use -exclude in command but it still scans those test files. We all have our project code setup in different root directories e. Fortify Scan Stage Building the Image Jan 8, 2019 · Is there a way that we can run the HP fortify (SSC) scan on multiple branches without merging the issues and generate reports separately? When we run the scan on Branch A (having issues 10), later run the scan on branch B (having issues 100); the next run in the branch A creating issues count as 110. 0. To display the issues you want to audit: Upload scan results for the application version you want to audit. Jul 6, 2012 · Unfortunately, without specific details on your scan setup and Fortify version, it's difficult to say specifically what's causing the long scan time. Hello! Any help appreciated trying to solve this problem I'm trying to scan a project that include jar files (SCA 4. For a list of other such plugins, see the Pipeline Steps Reference page. In the Advanced Analysis Options section, select the Merge with previous Nov 28, 2013 · How to suppress false positives in Fortify. Jan 28, 2015 · In the report section's additional properties, set the filter for the issues to [issue age]:new. Assembly. The command you specified looks like it is missing the section were you specify the files to actually scan. g I have project code at C:\work\development\, few of my colleagues have something like C:\Development\mainCodeLine\ etc etc. class file, as if the analyzer expected the WAR file was a directory. bat -sscurl <ssc_url> -ssctoken <ScanCentralCtrlToken> start -upload -versionid 10 -b May 16, 2018 · Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question. For multiple scan arguments, use multiple -sargs options. ). For the same, Follow the Following Steps. 2. Fortify marks this as a password in comment OptimizingFPR Files 149 FilterFiles 149 ExcludingIssuesfromtheFPR withFilterSets 150 ExcludingSourceCodefromtheFPR 150 ReducingtheFPR FileSize 151 OpeningLargeFPR Files 152 MonitoringLongRunningScans 153 UsingtheSCAStateUtility 154 UsingJMXTools 154 UsingJConsole 154 UsingJavaVisualVM 154 Chapter20:Troubleshooting 156 ExitCodes 156 MemoryTuning Mar 29, 2022 · Fortify on Demand takes customer application source code, runs the scan, then (as a value added service) passes these raw scan results to a team of expert auditors who are subject matter experts. go". It can accept pre-compiled . Command2 -> b) This command will only scan . Each analyzer finds different types of vulnerabilities. Thanks a lot for your help. fpr file with the newly scanned . Data Flow This analyzer detects potential vulnerabilities that involve tainted data (user-controlled input) put to potentially dangerous use. Oct 4, 2014 · If you are doing this all from the command line, then this is how you would do it: sourceanalyzer -b project -vsversion 10. 1\build. However, for large and complex applications, Fortify Static Code Analyzer requires more capable hardware. NET: In the Projects for Fortify SCA analysis box, type the relative path to the solution or project file name. fpr -f <output> . e. Click SSO Login to log in to FOD. The fortify configuration file contains a features configuration array. To minimize theses risks, scan a non-production version of the target website if possible. class files are translated: Apr 5, 2016 · Go to your build directory and perform make clean or remove all contents including the Makefile. You can also compare the LOC with another FPR. exclude, use just -exclude. sourceanalyzer -b project -scan -f MyResults. Open the AUDIT view for the application version. properties file and added a couple lines within the com. fileextensions section (see below) and saved. -extdir: put all directories/files you don't want to be scanned here. Click Scan. SHIP-HATS 2. fileextensions. Use a database query against the ARTIFACT table to determine which artifact ids you need to download 2. jar or . To enable the Eclipse Plugin to merge the results of the next scan you run with results from the previous scan: Select Fortify > Options. For the most part, the combination of Fortify and Burp seem to capture all findings and typically Web Inspect finds random finds that are also typically false positives but all unrelated. Obtain the list of analyzed files and the number of lines of code (LOC) for each file. Fortify. Once you Installed Fortify, you need to prepare your Fortify to start using the Fortify Static Code Analyzer. Specify if you want to migrate from a previous installation of Fortify Static Code Analyzer on your system. sourceanalyzer -b MyProject -clean sourceanalyzer -b MyProject msbuild /t:rebuild Sample. cpp" | while read -r file; do. You can deselect directories such as node_modules unless you want to scan all your On the Fortify WebInspect Start Page, click Start an API Scan. By default, it will have all directories selected. We have gone into the fortify-sca. sourceanalyzer -b buildId -scan -f "mysolution. ) answered Apr 21, 2017 at 19:53. fpr" -format fpr. Clean the EightBall build model. Plus, centralized software security management helps developers resolve issues in less time. fpr file so that all audits and comments get reflected even in the new file. sca. The previous successful upload to the SSC was from the desktop Audit Work Bench with a Scan Engine version of 6. You will get a poor scan quality but FPR looks good (low issue reported). In the following example, the . Related. exclude. fpr. How are you executing the scan, by sending the scan job to the server or running the scan locally on the build server? We are sending the scan from TFS to the Fortify server where it then scans on results from TFS's build. CandC++ CodeTranslationPrerequisites 67 CandC++Command-LineSyntax 67 ScanningPre-processedCandC++Code 68 C/C++PrecompiledHeaderFiles 68 Chapter8 The system requirements are documented in the Micro Focus Fortify Software System Requirements document. Equivalent Property Name: com. heap. WorkingDirectory=C:\Fortify\Work -Dcom. These auditors identify and prioritize the noteworthy findings while removing the noise from the results. Sep 17, 2015 · If you look in the Appendix F: Maven Integration section of the SCA User Guide, under Excluding Files from the Scan heading, it shows you how to exclude files. 20 and looking to scan a few file types that are not standard extensions. Select one of the following scan modes: Crawl Only: Completely map a site's hierarchical data structure. go file are gone in the Fortify UI. Migrating from a previous Fortify Static Code Analyzer installation preserves Fortify Static Code Analyzer artifact files. answered Feb 16, 2015 at 19:23. Aug 19, 2014 · Inside of the folder specified by those paths, the pattern is: sca\build\. Command2 -> a) here i am able to scan . Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page. yml: In the Test phase, add your sourceanalyzer command with the appropriate switches and GitLab CI variables as appropriate. Application Type Description. Please help me to find a command which can scan all different oracle extension files at Aug 3, 2021 · Meaning the scans must be performed on the same source code, same fortify settings, and same security content. This command will publish Fortify's actions to your app/Actions directory, which will be created if it does not exist. May 5, 2021 · We want to run Fortify SCA at the time of automated deployment but exclude all the test projects from scanning. dll projectPath\Additional. ProjectRoot=C:\Fortify\Work The path to the working files would then be: C:\Fortify\Work\sca<version>\build\MyBuild\ Jun 25, 2019 · Currently, the code base has the Fortify SCA scan, Burp Suite scan and then Web Inspect. SourcesDirectory)/sdk -name "*. -exclude "Test\C". 0005 in a maven build, the scan ran but failed to upload to the Fortify Software Security Center (SSC). However I would like to know how we can exclude a file OpenText Community for Micro Focus products Scanning files with non-standard file extensions. max=4G. FPR ("Fortify Project Results file"). Mar 5, 2024 · The fcli utility can be used to interact with various Fortify products, like Fortify on Demand (FoD), Software Security Center (SSC), ScanCentral SAST and ScanCentral DAST. Run the custom webservice calls to download the specified artifacts. Mar 3, 2015 · This is not really correct. Large, complex code bases definitely take a while longer to translate and analyze than trivial code To process code, Fortify SCA works much like a compiler—which reads source code files and converts them to an intermediate structure enhanced for security analysis. It is important to have all dependency jars in place. dlls here is my translate command: sourceanalyzer -b test -Xmx8G -vsversion 14. Depending on your use case, you might be better off using one of the CLI utilities included with SCA (FPRUtility, FPR Merge Apr 20, 2017 · To scan the whole codebase together, first translate one set of files, then translate the other set of files (using the same exact build ID), and then do the scan step (same build ID), and it'll scan all of the code together. HP Fortify SCA has 6 analyzers: data flow, control flow, semantic, structural, configuration, and buffer. sourceanalyzer -b build_id -scan result. class and . /**/*. To enable the polling of ScanCentral Controller to retrieve scan request status, select the Enable ScanCentral check box. Table of Contents. Run make and fortify should be translating files while compilers do their job. Jan 7, 2020 · There could also be different settings between the to installs to cause the difference as well (filters, templates, etc. 3. js files; one caveat is that only Javascript 1. pls files. Run the purge command to delete the data you have downloaded. For instructions, see Uploading Scan Artifacts. fortify. It tells you to use a separate file for properties and to set com. class files that require scanning. You cannot merge fprs from different source codes. This technique analyzes every feasible path that execution and data can follow to identify and remediate vulnerabilities. UPDATE. Preface ContactingMicroFocusFortifyCustomerSupport VisittheSupportwebsiteto: l Managelicensesandentitlements l Createandmanagetechnicalassistancerequests l -sargs, --scan-args: Fortify Static Code Analyzer scan arguments (repeatable) Takes a single string argument. Save the template. The last stage submits the Fortify SCA results alongside the other SonarQube scan results. 01 as well. When I scan . BuildID-disable-language: Specifies a colon-separated list of languages to exclude from the translation phase. My recommendation is the following: Add all *. jar files. Machine A: Generate a mobile build session called sample. sln. 12041: The Python frontend was unable to resolve import of the following optional modules [] Try configuring the -python-path argument as suggested by Fortify. Click Save and run your pipeline, you should see the following in the output. the root-folder where the project-code resides differs. Click “Run Scan” on “Audit Guide Wizard…”. 0 Subscription Administrators and Users can use this documentation to learn about SHIP-HATS, onboard to SHIP-HATS, use SHIP-HATS Portal and tools integrated with SHIP-HATS, and get technical support. sourceanalyzer -b build_id gcc -c test. sourceanalyzer -b EightBall -clean. If your code base is large or the scan is in the Queued state for a long time, the scan may take longer than the maximum 60 minutes Azure DevOps allows a task to run. Jul 10, 2019 · The total amount of files in all of these folders is roughly 600 files. How can I exclude the test projects? I’ve tried the –exclude switch with no luck. I found Fortify to be good compare to the initial tool we had to use for C/C++. The analysis engine, which consists of multiple specialized analyzers, uses secure -sargs, --scan-args: Fortify Static Code Analyzer scan arguments (repeatable) Takes a single string argument. Fortify SCA outputs the results to a subfolder, specify a name for the folder for the output. Notes. In the left panel of the “Options” dialog box, select Default Project Settings. go" If it doesn't, change to the wmd directory May 3, 2024 · I recently changed my Fortify scan command from sourceanalyzer -b 11809 ". It is very difficult to write exclude option for each and every levels of the folder structures. In the left panel, select Configuration, and then select ScanCentral SAST. CAVEATS. txt. I would instead try to just use a semicolon to separate your two exclude patterns. I tried, first of all, to include a script in my . But only do this if it really is one application. I have two questions regarding Fortify. -exclude "Test\B". scanf. Command3: sourceanalyzer -b test -scan -verbose -f Results. This can be the quickest approach if you have acces to all of the Apr 29, 2018 · 1. After a scan, you may find that your default website language has been changed to Farsi, test files have been uploaded, the new blog color theme has been set to ‘Early 80s Disco’, or 13 new users have been added – complete with nonsense test Posts. These files are used as input for the next stage, which converts the CSV file into a JSON format required by SonarQube. reason: Between multiple FPR file created during scan , we see different file counts. pls files but not . In the left panel, select Configuration, and then select ScanCentral. If the service is not running, try to start the service. In addition, the FortifyServiceProvider, configuration file, and all necessary database migrations will be published. echo "Translating C++ files". In your scan configuration, make sure to scan to the same FPR every time per project, so Apr 20, 2015 · When we ran the Static Code Analyzer (SCA) version 6. Do not change default Java version. This means the report will show ONLY issues in your FPR that were not present in the previous scan, and were introduced in the latest scan. Any ideas? Oct 18, 2019 · Second, Fortify SCA scans the source code, generating an FPR and CSV report. mbs. sourceanalyzer -b EightBall src/**/*. 11, I tried the same on fortify 19. Check the service status. So in the designer file, you have the following, generated by the designer. At its rawest form, the FPR file is simply XML data zipped up and renamed to *. You can also specify these at runtime: sourceanalyzer -b MyBuild -Dcom. For example a VS2012 project (typical VS folder structure): Apr 26, 2017 · Typically when running a fortify scan I use these three different commands via command line: sourceanalyzer -b buildId-clean. So need to check what files are missing between these scans. bat –url start -b cs-sample –scan Local scan with SSC upload scancentral. The following plugin provides functionality available through Pipeline-compatible steps. To selectively display the issues you Jun 12, 2014 · Fortify SCA Exclude Multiple Files. OpenText™ Fortify™ Static Code Analyzer pinpoints the root cause of security vulnerabilities in the source code, prioritizes the most serious issues, and provides detailed guidance on how to fix them. For example: Feb 18, 2020 · Setup of . Oct 13, 2016 · I want to merge an audited fortify . I found that if I run clean after the Scan Central upload (via the Azure DevOps plugin) that most of the time these intermediate files get cleaned up, but sometimes files aren't cleaned up. go" to sourceanalyzer -b 11809 ". To enable the polling of Controller to retrieve scan request status, select the Enable ScanCentral SAST check box. Different parents of duplicate classes folder: Resolve the multiple class definitions. @excludelist. The Translated files continue to add-up and exist unti This should work: sourceanalyzer -b 11809 -debug -logfile fortify-translate. Dec 5, 2016 · To integrate Fortify Static Code Analyzer into your Gradle build, make sure that the sourceanalyzer executable is on the system PATH. 3\tomcat\jobFiles folder $ scancentral. Because the sample. com Warranty Feb 13, 2015 · Fortify supports C language as per my knowledge. The sub-directories / folders can be of many levels. Insert a wait step for some time as needed to process the results in SSC - could take long if there are a sourceanalyzer -b sample -scan -f result. LegalNotices MicroFocus TheLawn 22-30OldBathRoad Newbury,BerkshireRG141QN UK https://www. Sep 28, 2016 · 2. Mike Peters. Oct 25, 2014 · We work in a team and run Fortify software on our machines locally. 0 projectPath\Additional. If i run fortify scan on parent pom using Maven fortify plugin, fpr files for each project is generated. However, you CAN merge scan results and generate an fpr based on that. To integrate Fortify Software Security Center with ScanCentral SAST: Log in to Fortify Software Security Center as an administrator, and then, on the Fortify header, click ADMINISTRATION. If you have not yet updated your Fortify version, I In the left panel, select Configuration, and then select ScanCentral SAST. DartandFlutterCommand-LineSyntax 85 DartandFlutterCommand-LineExamples 85 Chapter13:TranslatingRubyCode 86 RubyCommand-LineSyntax 86 RubyCommand-LineOptions 86 Basic Scan Options. You can filter these lists. How to exclude target folder from Fortify scans. sln" /Rebuild Debug. Here is the example of how to build and scan: sourceanalyzer -b build_id -clean. But in short, yes Scan Engine versions can cause different results even on the same code base with the same Rulepack versions. This document describes installation and general usage of fcli. Even though its present in the folder i am searching. Select “Scan Java Project”. 0007. Now when running the second command you need devenv to complete the translation. Both plain Java and native platform binaries for Windows I am trying to run source analyzer on multiple java and c source repo. In list of the repos I want to exclude some folders which contains test cases. log -scan -f result. The table in the AUDIT view lists issues based on their assigned folders (by default, critical to low). In the ScanCentral Controller URL box, type the URL for the ScanCentral Controller. Fortify Overview. Fortify doe not NEED to compile the code so that it can perform the scan. from an FPR file I am looking for options to list out the files that got scanned by fortify. Identify the Fortify License and Infrastructure Manager Agent Service. It is not necessary to add all header files to your CMakeLists. war = ARCHIVE. – Apr 29, 2013 · Yes,undocumented but this option exist and is well-known by HP SCA experts. Verified Answer. Multiple options exist for including additional file types in the SonarQube scan, such that Fortify vulnerabilities can be reported on those The fcli utility can be used to interact with various Fortify products, like Fortify on Demand (FoD), Software Security Center (SSC), ScanCentral SAST and ScanCentral DAST. The API Scan Wizard opens. The Fortify Support log provides: The same log messages as the standard log file, but with additional details; Additional detailed messages that are not included in the standard log file; This log file is primarily helpful to Micro Focus Fortify Customer Support or the development team to troubleshoot any issues. The intent was to only scan Go files in the wmd directory of my project. find $(Build. cpp and header only files. If the scan option has a path parameter that includes a space, enclose the path with single quotes. Sep 27, 2023 · Resolution. Excluding Test Projects from Fortify Scan in Azure DevOps. Support for Multiple Fortify Static Code Analyzer Versions 68 Upgrading the ScanCentral SAST Controller 69 Upgrading ScanCentral SAST Sensors 71 Enabling and Disabling Auto-Updates of Clients and Sensors 72 Chapter 7: Fortify Static Code Analyzer Mobile Build Session Version Compatibility74 Chapter 8: Submitting Scan Requests 75 Dear Members, we are running the Fortify scans via Gitlab runners and use below command to initiate the scan. microfocus. I would like to have a single fpr file being generated for all the projects. Hello meghsarma, Thank you for contacting the Micro Focus forums. Consequently, Fortify on Demand customers . kk kv bt zu ev xl ci pt ug dg
