This guide explains the Kiuwan Rules page into detail.
Contents:
This section shows all the available rules for the current user. These rules can be:
Go to Model Management > Rules to access the rules section.
This section shows all the available rules for the current user. Every section of this page is described in the following paragraphs.
This is the first part of the section and it allows you to filter the rules to show.
The default filters are:
Name | Description |
---|---|
Active | When set to "On", filters the rules contained in the current model. When set to "Off", filters the rules that can be added to the current model. |
Name or description | If set, it filters the rules whose name or description match the specified pattern. All the matches found will be highlighted in the rules list. |
Language | It filters the rules that match the selected language. |
Characteristic | It filters by Efficiency, Maintainability, Portability, Reliability or Security |
Vulnerability Type | It filters by the type of vulnerability (i.e. Injection, Design Error, etc.) |
Priority | It filters the rules that match the selected priority. |
Effort | It filters the rules that match the selected effort. |
Normative | It filters by the the security standards normative needed (OWASP, CWE...) |
Framework | It filters by the used framework. |
Tag | It shows the rules that contain at least one of the specified tags. In particular, this filter is very useful to find rules that discover vulnerabilities associated with specific CWE identifiers. |
Only Code Security rules | Choose whether you want to see only Code Security rules. |
+ Filters | The drop-down menu contains additional filters:
|
These filters can be combined with each other. When activating more than one filter, only rules that match both filters will be shown.
Each time the filter is changed, the rule counter under the filter section will be updated according to the specified filter.
This is the part of the screen where the rules are shown.
Each row in the table shows:
Name | Description |
---|---|
Active | It displays the status of the rule in the current model. A green circle will be shown if the rule is active. |
Name | Click on the name of a rule to access its full details window. |
? | Click this icon to get more details of the current rule. |
Language | The language the rule applies to. |
Characteristic | The CQM characteristic the rule is classified under (efficiency, maintainability, portability, reliability, security). |
Vulnerability type | The type of vulnerability connected to the rule. |
Priority | The priority of the rule. The higher the priority, the more critical a defect found will be. |
Repair difficulty | The effort needed to repair a defect found by the rule. |
When a model of your own is selected in the left Models panel, you can add or remove rules from the model by clicking on the circles in the Active column:
Additional options are available if the rule is active:
Changes made will NOT affect your analyses until the model is published. Changes made using the quick configuration will only be applied to the current model. To make changes to a rule that apply to all your models you should open the rule detail window by clicking on the rule name you want to configure. |
Click the icon to show the rule details window.
This window shows the full information of the selected rule. This information is organized in different sections:
Name | Description |
---|---|
Description | Language, name, description and user notes of the rule |
Tags | Labels assigned to the rule. |
Code | The code of the rule |
Reference | External documentation about the rule that is worth reading. |
Outgoing Relations | Which rules are related to the current rule and which rules the current rule is related to. Please consider deactivating rules that are:
|
Benefits | The benefits of repairing this violation |
Parameters | The parameters of the rule. |
Code examples | Violation code and Fixed code = How the rule is violated and how to repair the violation. |
When accessing the rule details window of a rule that you don't own, you can:
If you own the rule, additional options will be available:
When editing your own rules, note that you will not be able to:
These changes are not allowed in the rule details window because they would impact your own analyses –they could make the rule not executable in the Kiuwan Local Analyzer–. If you need to change any of these fields, you should install the rule again using the rule installation wizard.
When saving a rule and a configuration change has been made –a change in the characteristic, priority, effort or a parameter value–, changes may be applied differently:
Remember, changes made in the rule list using quick configuration only apply to the current model.
You can always return to the previous configuration of a rule.
If you made changes in the configuration of a Kiuwan rule and click on the "Restore defaults" button:
You can only remove those rules that belong to you. Click the "Remove" button to delete the current rule.
Note that removing a rule will not affect published versions that contain the rule. Those versions will still contain the removed rule.
You can apply a change to multiple rules.
Using the bulk edit menu you can:
These actions behave the same way as their single rule counterpart.
Once in the bulk edit window, you will be able to select those rules that you want to apply the changes to:
Filters are a very nice feature when changing multiple rules. Make the first search using filters and then access the Bulk Change window. Once you have a narrowed list of rules it is easier to select just those you want to apply the changes to. |