Welcome to SAP Extractor for Kiuwan (SAPEX)

How it works

When SAPEX components (programs, function modules, support classes, OS commands) are installed on the target SAP system, the user may perform the following operations:

• Extract source code 
  • Either by running a program within SAP server (ZKW_SAPEX_CODE) , or remotely (using the sapexCode.xml script), extracted code can be analyzed with Kiuwan Local Analyzer. 
  • The code elements to extract could be based on transport requests / tasks, packages, and the type and name of the element (programs, function modules, classes, web dynpro components, etc.)

• Extract system information ("metadata")
  • Metadata are used by Kiuwan rules to search for defects and vulnerabilities
  • For example, to ensure that authorization is performed properly, information about authorization objects and authorization groups (extracted from TOBJ and TDDAT tables) is used by many security checks in Kiuwan. 
  • Metadata extraction could be performed either by running a program within SAP Server (ZKW_SAPEX_METADATA) , or remotely (using the sapexMetadata.xml script).

• Perform analysis on extracted source code

  • Within a SAP system with Kiuwan Local Analyzer deployed, by running the ZKW_ANALYSIS program. It offers the possibility for extracting source code before analysis.

• Add automated audits before releasing changes

  • SAP's Change and Transport System (CTS) may register an implementation for the CTS_REQUEST_CHECK 'classic' BAdI. 

  • Source code extraction, analysis and evaluation of audit checkpoints may be performed before accepting (or rejecting) the release of a change request / task, according to organizational quality and security standards.

Introduction