This guide will explain how to deactivate a Kiuwan rule.
Contents:
Table of Contents
How to deactivate a rule
Sometimes, and for different reasons, you need to de-activate a Kiuwan rule (see How to manage Kiuwan defects when I do not completely agree with them).
| Info |
|---|
To de-activate a rule means that Kiuwan will not execute that rule’s validation. |
The reasons can be of different nature (you are not interested in the validations the rule is performing, the rule for some reason is producing many false positives or any other reason).
This guide's purpose is to teach you how to do it.
Let’s start with some very basic concepts.
When you execute a Kiuwan analysis, Kiuwan applies a set of rules to your source code. For example, a rule can scan for SQL-Injections vulnerabilities, others might be searching for path-traversal issues, etc.
| Info |
|---|
Any application you analyze is scanned by a set of rules. The concrete set of rules being applied to your analysis is called a Model. |
Kiuwan’s ruleset contains more than 3000 rules, but not all of them are by default activated.
| Info |
|---|
The default set of activated rules (in other words, the default model) is called CQM. |
Saying that CQM is the default model means that any application you create is, by default, scanned applying the active rules contained within CQM.
Every application is associated with a specific model. If you don’t make any configuration, every new application will be associated with CQM, and therefore the rules to be applied will be those active in CQM.
You can, of course, create your own “custom models" and associate different models to different applications.
SeeStep 1: see which model you are using for your application
You can either use CQM or a custom model.
If you are using Kiuwan Local Analyzer GUI, click Advanced to see which model you are using.
A window will be displayed like this:
If the Analysis model field value is Automatic, CQM is used by default.
If you are using any other model, another name will be displayed.
Another way to know the model is through the Kiuwan website. Go to Application Management, find your application and select Model from the drop-down menu on the right.
A window will open with the Model associated with your application:
The model is CQM
| Info |
|---|
CQM is the default Kiuwan model, and it’s read-only. You can use it but you cannot modify it. |
If you are using CQM and you want to modify it (for example, deactivating a rule), you must follow the next steps:
Create your own custom model (most probably as a copy of CQM)
Find the rule and deactivate it
Publish your model
Associate your application to your custom model and run again the analysis
1. Create your initial custom model
To create your custom model please follow instructions detailed at https://www.kiuwan.com/docs/display/K5/Advanced+Model+Management#AdvancedModelManagement-CreatinganewModelat Advanced Model Management#CreatinganewModel
2. Find the rule and deactivate it
Got Go to the Rules tab of your custom model and find the rule using the filters (https://www.kiuwan.com/docs/display/K5/Rules+Management#RulesManagement-Rulessection) Rules Management#Rulessection)
A Bear in mind that a rule is identified by two fields:
its Its name
for example, “Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')”
its Its rule - code
for example, OPT.JAVA.SEC_JAVA.SqlInjectionRule
So you can search the rule either by its name (or description) :
or by its rule code , although (in this case you must first enable the rule code filter (see as in the image below)
By clicking Click on the green circle you can to de-activate or activate it.
3. Publish your model
info
All the changes
you are makingmade to
yourthe model are
beingsaved in a
“Draft
” versionversion.
Those changes will not be publicly available until you Publish your model.
You can click Publish and To make the changes publicly available, click Publish and provide a version tag.
Once it’s published, any new analysis of an application associated with this model will use this latest version.
4. Associate your application to your custom model and run
againthe analysis again
Find your application in Application Management, click Model and just select the created model just being created.
Now, when you run the analysis of the application, your custom model will be used.
I’m using a custom modelThe model is custom
If you are already using a custom model, just follow steps #2 (Find the rule and deactivate it) and #3 (Publish your model) as described above.
Then, re-run your analysis.
Content by Label showLabels false max 5 spaces K5 showSpace false sort modified reverse true type page labels kb-troubleshooting-article
| Page properties | ||
|---|---|---|
| ||
|