Types of custom metadata files
Custom metadata files can be configured at 3 levels, as described in the following table. These levels are in the order of precedence. Note that the higher level takes precedence over the lower.
Level | Description |
| These XML files are located at {KLA_HOME}/conf/apps/{APPNAME}/libraries/<tech> Custom metadata in these files apply to all analyses of applications with name {APPNAME} |
| These XML files are located at {KLA_HOME}/conf/libraries/<tech> Custom metadata in these files apply to all analyses of all applications. |
| These XML files are located at {ANALYSIS_BASEDIR}/libraries/<tech> Custom metadata in these files apply only to analyses of folder {ANALYSIS_BASEDIR}. |
Exceptions to these rules are:
- C++ engine reads from same folders as C (that is, <tech> for C++ is “c”)
- Objective-C engine reads from both “objective C” and “c” folders
For details about metadata definition see: https://www.kiuwan.com/docs/display/K5/Custom+Neutralizations
Create a new metadata file
On clicking "New", the file location dialog appears as illustrated below.
Fig. 1. New file location and related details dialog
You can
- create custom metadata files in the appropriate location
- name the new file using the correct nomenclature for example,
metadata_custom_<framework-name | library_name>.xml
In this dialog … | To… |
Click any radio-button
| select a location for saving the new metadata file. |
Select this location to save the metadata file in the folder where system wide custom configuration files are stored. | |
Select this location to save the metadata file in the folder where the custom configuration files for the current application are stored. | |
Select this location to save the metadata file in the folder identified for the current application's basedir analysis. | |
Select this location to save the metadata file in any folder of your choice. | |
"Choose Folder"
|
|
Click the "Language" drop-down menu
| Select from the drop-down list to associate a programming language with the metadata file. For example, java. |
Type in the "Name" box
| Specify a filename for the metadata file. For example tags. Note:
|
Table. 1. New file location and related details – actions
Note: If no content is added, the metadata file will not be saved. See also Common options.
Add an element
Clicking "Add" in the edit dialog displays the add-element dialog as illustrated below.
Fig. 2. Specify an Element for adding to the metadata file
In this dialog … | To… |
Enter an element name | Add to the file. For example, "Library". Note that the system brings up similar definitions that already exist – for example: library database. |
Click "Add" | Add the new entry. |
Table. 2. Adding an element
Note that a new element cannot be added without prerequisite mandatory attributes. In such situations an error alert is displayed. Make sure that the mandatory attributes are added before you can save the file with the new element.
Metadata items must be predefined in an .xsd file before you can add them to the xml metadata files. This includes
- mandatory elements, attributes, examples and any checks or validations that are necessary
- “source”, “propagate”, “neutralization”, “sink” and “retaint”
Correct metadata entry errors
The metadata editor helps you by providing schema definition rule-based help in case of errors in the meta data entry.
Fig. 3. Meta data entry Error
Note that the error in the example is because the schema definition rule has been ignored during metadata entry. In this example adding the item "Library" is invalid because it needs the mandatory attributes
- "Name"
- "Technology"
Specify correct value to the mandatory attribute
Fig. 4. Correcting the error by specifying values to attributes
Note that the highlighted attributes (bold) are mandatory.
Continue to add elements to your metadata file in sync with the data definition rules and the definitions in the .xsd files and save the file.
Save the new file
Fig. 5. Save file
Fig. 6. Confirm Save – file
Other options in this dialog allow you to perform the actions described in the table below.
In this dialog … | Description… |
"Tree View" | Is the default hierarchical display of the metadata items in the file. |
"Raw XML" | Click to see the metadata in xml format. |
Type a string in the file-name text box | To search and view the number of occurrences of the specified string. This can be a token - class, method, function. |
Click < or > | To go to the previous or next occurrence of the string. |
Click Add | To add an entry |
Click "Delete" | To delete an entry |
View "Documentation" and "Examples" | To ensure that you make a well informed and correct metadata entry in the file. |
Click "undo" | To ignore the changes, you have made. See also "Common options". |
Table. 3. Other options in the file dialog
Tree view and XML view of the new file
The new file is displayed by default in the tree view as illustrated below.
Fig. 7. Default Tree view of the file
You can click "Raw XML" to see the metadata added to the file as illustrated below.
Fig. 8. XML view of the data added to the file
Add another element
Clicking "Add" in the add and edit dialog displays the add-element dialog as illustrated in Fig. 5 and Table. 9.
In this dialog … | To… |
Enter an element name | Add to the file. For example, "sink1". Note that the system brings up pre-existing elements as illustrated below. |
Click "Add" | Add the element to the file. |
Table. 4. Add element
Fig. 9. Elements available for adding to a metadata file.
In this dialog … | To… |
Click the desired row | Select the element you wish to add to the xml file. For example, "Description". |
Click "Add" | Insert it in the tree view. |
Table. 5. Selecting element for adding to the file
The tree view now appears as illustrated below.
Fig. 10. Adding the selected element
In this dialog … | To… |
Mark the newly added Element | View its status. It must be free from schematic error. |
Add values to the attributes | Type appropriate entries in the "Value" fields to ensure that the entries are error free. |
Click "Save" | Save the changes made. Note: you can click "Undo" to ignore all the changes. |
Table. 6. Adding an element
Copy element
Elements can also be copied from default/read-only files and pasted to custom metadata files.
Step1. Open the source file and copy as described in the table below.
Fig. 11. Copying element
In this dialog … | To… |
Right-click on the item you wish to copy | View the copy/paste options. |
Click "Copy" | Copy the selected item. |
Table. 7. Copy element
Step 2. Open the target file and paste as described below.
Fig. 12. Paste into the target file
Fig. 13. Target file (left) with the copied element
Edit a metadata file
Custom metadata files can be edited by
- adding new items
- editing/correcting existing items
Edited custom metadata files are saved in XML format in the selected location/path.
You can
- Filter files by language/framework,
- Open default metadata files to view (read only) and other available metadata files to both view and edit them.
On clicking "Edit", in the "Customize Metadata tab" the dialog appears as illustrated below.
Fig. 14. Specify file and related details for viewing/editing dialog
In this dialog … | To… |
Click a radio-button | set the location of files to be edited/viewed. |
| "Kiuwan Local analyser default configuration (read only)" to view the content of files in this location and use that for purposes of analysis. |
"Systemwide Custom configuration" to view and edit the related files. | |
"Custom configuration for current application" to view and edit the related files, in this location | |
"Current application basedir analysis" to view and edit the related files in this location. | |
"Other" to view and edit metadata files in any folder of your choice. | |
Click "Choose Folder" | Specify a folder for the metadata file.
|
Click the "Language" drop-down menu | filter files by language/framework. Select from the drop-down list for the programming language associated with the metadata file. |
Table. 8. Edit file and related details options
Metadata items predefined in an .xsd file for adding to metadata files include:
- mandatory elements, attributes, examples and any checks or validations that are necessary
- “source”, “propagate”, “neutralization”, “sink” and “retaint”
Edit the error in the file
Fig. 15. Error in the metadata file
Errors in metadata added to files are flagged by the popup message as well as the alert icon.
In this dialog … | Indicates … |
The alert in the topmost node of the tree | that it contains an error. |
The highlighted text in the Attribute:Value table | that the attribute "name" has not been set with a value. |
Table. 9. Alerts – data errors
Fig. 16. Corrected data
Save the edited file.
You can continue to:
- Add elements - see "Add another element".
- Copy and paste elements - see "Copy element".
Other options in the "Edit File" dialog work in the same as in the "New File" dialog.
See "Other options in the file dialog". See also Common options.
Manage collisions in metadata files
Working with multiple schema descriptor files where many of the types are common to the predefined XSD files, can lead to multiple namespace collisions. Such instances are displayed instantly while working with the metadata files.
Fig. 17. Collisions in the Tree view of the metadata tokens in the file selected for edit.
In this dialog … | Description… |
| Multiple occurrences of a custom element/item over a default or another custom element can lead to a collision of metadata. Such an instance is indicated by an alert icon - See also Graphic indicators. |
Click the node | To view details about the override for the selected collision. The dialog appears as illustrated in the following page. |
Table. 10. Metadata Collisions
Fig. 18. Override indicated for the selected collision dialog
In this dialog … | To… |
Click the override item in the "Collisions" tab | Mark the item.
|
Click "Open" | View how the override is managed by over-writing the conflicting definition, as illustrated in the following page. |
Table. 11. Override indicated for the selected collision
Fig. 19. View the over-writing details for the collision
In this dialog … | To… |
Click the file name in the "Collisions" panel | Mark the item.
|
Click "Open" | View the definitions in the xml file and their status. |
Table. 12. Overwriting details
Search
This feature update facilitates search at multiple levels to locate specific data (strings), errors and overrides:
- In the Main menu
- In the search output dialog
- In the file view dialog
Fig. 20. Search option – in the main dialog
Fig. 21. Tree view of the files containing the search string
In these views … | To… |
Type a search text in the "Search" box in the main dialog | Get the entire tree-view of files that have one or more instances of the specified text. Note that the nodes in the tree represent a language associated with the metadata files. This makes it a viewer-friendly organization of the search data. |
Type a search text in the "Search for" box and Click "Search" | Get the entire tree-view of files that have one or more instances of the specified text. |
Table. 13. Search options
Fig. 22. Options to navigate the search output tree-view - up/down or left/right
In this dialog … | To… |
Click > Click < |
navigate to the next item navigate to the previous item |
Use the up and down keys" | navigate to the next or previous item |
Table. 14. Search options
If the search output contains only one occurrence of a specific data, that file is displayed in the search dialog and you can open that file directly for editing, as illustrated in the following page.
Fig. 23. Single instance of a search data
Once elements are added to files, edited, and saved, click "Analyze" in the KLA main dialog
see Fig. 1, to get the collisions and correct the attributes/values remove duplicates, get a list of code-vulnerabilities and debug as you find appropriate.