This guide explains the Kiuwan Rules page into detail. 

Contents

Introduction to rules management

This section shows all the available rules for the current user. These rules can be:

  1. Kiuwan library rules: Those rules offered by Kiuwan. Users can customize some of their properties to match their model's needs (more on this topic in the Customizing Rules section).
  2. Custom rules: Kiuwan users can install their own rules in Kiuwan. These rules can be imported from 3rd party tools or installed from Kiuwan Rule Developer (read more about it on the Rule Development page).

Rules management page

Go to Model Management > Rules to access the rules section. 

This section shows all the available rules for the current user. Every section of this page is described in the following paragraphs. 

Filters

This is the first part of the section and it allows you to filter the rules to show.

The default filters are:

NameDescription
ActiveWhen set to "On", filters the rules contained in the current model. When set to "Off", filters the rules that can be added to the current model.
Name or descriptionIf set, it filters the rules whose name or description match the specified pattern. All the matches found will be highlighted in the rules list. 
LanguageIt filters the rules that match the selected language.
Characteristic

It filters by Efficiency, Maintainability, Portability, Reliability or Security

Vulnerability TypeIt filters by the type of vulnerability (i.e. Injection, Design Error, etc.)
PriorityIt filters the rules that match the selected priority.
EffortIt filters the rules that match the selected effort.
NormativeIt filters by the the security standards normative needed (OWASP, CWE...)
FrameworkIt filters by the used framework.
Tag It shows the rules that contain at least one of the specified tags. In particular, this filter is very useful to find rules that discover vulnerabilities associated with specific CWE identifiers.
Only Code Security rulesChoose whether you want to see only Code Security rules.
+ Filters

The drop-down menu contains additional filters:

  • Rule code. It filters the rules whose code matches the specified pattern.
  • Engine. It filters the rules whose execution engine matches the specified engine.
  • Owner. It filters the rules owned by the specified user (the current logged user or Kiuwan).
  • Kiuwan engine version. It filters the rules that have been upgraded in the selected Kiuwan engine version.
  • Default configuration. It filters the rules that have the default configuration.
  • Obsolete rules. Select whether you want to see obsolete rules or not.

These filters can be combined with each other. When activating more than one filter, only rules that match both filters will be shown.
Each time the filter is changed, the rule counter under the filter section will be updated according to the specified filter. 

Rules list

This is the part of the screen where the rules are shown.

Each row in the table shows:

NameDescription
Active

It displays the status of the rule in the current model. A green circle will be shown if the rule is active.

NameClick on the name of a rule to access its full details window.
?

Click this icon to get more details of the current rule.

Language

The language the rule applies to.

Characteristic

The CQM characteristic the rule is classified under (efficiency, maintainability, portability, reliability, security).

Vulnerability typeThe type of vulnerability connected to the rule.
Priority

The priority of the rule. The higher the priority, the more critical a defect found will be.

Repair difficulty

The effort needed to repair a defect found by the rule.

Quick configuration

When a model of your own is selected in the left Models panel, you can add or remove rules from the model by clicking on the circles in the Active column:

Additional options are available if the rule is active:

  • Change the characteristic classification of a rule. Click the characteristic label to change the characteristic a rule is classified under.
  • Change the priority of a rule. Click the priority icon to change the priority of a rule.
  • Change the repair difficulty of a rule. Click the effort label to change the effort needed to repair a defect of a rule.
  • Drop-down menu options:
    • Restore the default configuration of a rule.
    • Remove a rule from kiuwan (only available if the rule is owned by the current user).

Changes made will NOT affect your analyses until the model is published.

Changes made using the quick configuration will only be applied to the current model. To make changes to a rule that apply to all your models you should open the rule detail window by clicking on the rule name you want to configure.

Rule details

Click the (question)  icon to show the rule details window.
This window shows the full information of the selected rule. This information is organized in different sections:

NameDescription
DescriptionLanguage, name, description and user notes of the rule
TagsLabels assigned to the rule.
CodeThe code of the rule
ReferenceExternal documentation about the rule that is worth reading.
Outgoing Relations

Which rules are related to the current rule and which rules the current rule is related to.

Please consider deactivating rules that are:

  • Deprecated: deprecated rules should be avoided in favor of the rules that deprecates them. Deprecated rules will not be maintained in newer versions of the Kiuwan engine. 
  • Generalized: some rules may be too specialized in certain situations. If Kiuwan provides a more general rule please consider activating the generalized rule, as it has a wider scope and may detect more defects/vulnerabilities. 
  • Incompatible: a rule R1 is incompatible with a rule R2 in any of these situations: R1 causes similar violations to R2 or R1 looks for disagreeing defects/vulnerabilities with R2.  You should decide which rule suits better your needs.
BenefitsThe benefits of repairing this violation
ParametersThe parameters of the rule.
Code examplesViolation code and Fixed code = How the rule is violated and how to repair the violation.

Configuration and customization

When accessing the rule details window of a rule that you don't own, you can:

  • Add your own notes for the rule.
  • Change the characteristic classification of the rule.
  • Change the priority of the rule.
  • Change the effort of the rule. You can even set a custom effort for the rule in minutes.
  • Change the rule behavior by changing the editable parameter values.
  • Create, add or remove tags to the rule.

If you own the rule, additional options will be available:

  • Edit all metadata of the rule (name, description, benefits, drawbacks, remediation, configuration).
  • Add or remove documentation references.
  • Add or remove relations with other rules.
  • Modify the rule code examples.
  • Modify the rule parameter's name and description.

When editing your own rules, note that you will not be able to:

  • Change the implementation class of the rule.
  • Change editable parameter names.
  • Change non editable parameter names or values.

These changes are not allowed in the rule details window because they would impact your own analyses –they could make the rule not executable in the Kiuwan Local Analyzer–. If you need to change any of these fields, you should install the rule again using the rule installation wizard.

Saving the rule: configuration scopes

When saving a rule and a configuration change has been made –a change in the characteristic, priority, effort or a parameter value–, changes may be applied differently:

  • If the rule is not active in the current model, the changes will apply globally. This means that the changes made will affect all your models that contain the saved rule unless the rule was configured for a particular model previously.
  • If the rule is active in the current model, you can decide if the change should affect only the current model or globally.

Remember, changes made in the rule list using quick configuration only apply to the current model.

Restoring configuration default values

You can always return to the previous configuration of a rule.
If you made changes in the configuration of a Kiuwan rule and click on the "Restore defaults" button:

  • If the rule configuration was changed to apply globally and the rule has not been configured for the current model, Kiuwan's default configuration for the rule will be restored.
  • If the rule configuration was changed to apply globally and the rule has been configured for the current model, your global default configuration for the rule will be restored.
  • If the rule configuration was changed only for the current model, Kiuwan's default configuration for the rule will be restored.

Removing a rule

You can only remove those rules that belong to you. Click the "Remove" button to delete the current rule.
Note that removing a rule will not affect published versions that contain the rule. Those versions will still contain the removed rule.

Bulk edit: changing multiple rules

You can apply a change to multiple rules.

Using the bulk edit menu you can:

  • Change the active status of a group of rules. This makes adding or removing rules from the current model quick and easy.
  • Change the characteristic classification of a group of rules.
  • Change the priority of a group of rules.
  • Change the effort needed to repair a violation of a group of rules.
  • Add tags to a group of rules.
  • Remove tags from a group of rules.
  • Restore the default configuration of a group of rules.
  • Remove a group of rules.

These actions behave the same way as their single rule counterpart.
Once in the bulk edit window, you will be able to select those rules that you want to apply the changes to:

Filters are a very nice feature when changing multiple rules. Make the first search using filters and then access the Bulk Change window. Once you have a narrowed list of rules it is easier to select just those you want to apply the changes to.