Tutorial: Performing impact analysis of GenAppC, a demo project
Wazi Analyze provides GenAppC as a demo project that you can easily scan to view its analysis results. Learn how to get started with GenAppC and perform the analysis of the GenAppC scanned results.
GenAppC is a COBOL application that is taken from General Insurance Application
(GenApp). GenApp is an IBM® sample application for IBM
CICS® Transaction Server that simulates transactions that are
made by an insurance company to create and manage its customer and insurance policies. For more
information, see General Insurance Application.
Prerequisites
- Make sure that you have Docker installed and set up. For more information, see Prerequisite: Setting up Docker or Podman to deploy the Wazi Analyze container.
- Obtain the repository of the Wazi Analyze image.
- You are deploying the Wazi Analyze container from a Wazi Analyze image.
- You are using Docker Desktop for Windows or Mac.
Procedures
- Run CMD to open a command prompt window or open Mac terminal from your machine.
- Run the following command to load Wazi Analyze image into
Docker.
Replacedocker load --input <wazi-analyze-archive-file-name.tar.gz>
<wazi-analyze-archive-file-name.tar.gz>
with the name of Wazi Analyze archive file that you obtained.Note: You need to place the Wazi Analyze archive file into the same directory that you install Docker. - Go to Docker Desktop and select Images on the left
menu. You can see that the image is loaded into Docker.
- Start a Wazi Analyze container by running the following
command.
docker run -it -p 5000:5000 -p 8000:8000 -p 4680:4680 --name WA1 ibmcom/wazianalyze:<build-id>
- Go to Docker Desktop and select Containers/Apps on
the left menu. You can see that the Wazi Analyze container named WA1 is running on port 4680.
- Scan GenAppC, the demo project by running the following command on the
terminal:
wa-scan.sh GenAppC
- On the terminal, run the following command to start Wazi Analyze
servers.
When servers are started up, you will see the following messages.wa-startup.sh
- When the terminal prompts for your password input, enter wa1234.
- Launch your browser and navigate to https://localhost:5000/login.
Note: Wazi Analyze uses
https
protocol to communicate between browser and servers. Out of the box, a self-signed certificate is provided. You need to accept the risk of the unknown certificate and proceed. On your production environment, you should consider generating your verified certificate. For more information, see Security considerations. - Optional: For the Firefox browser, open another tab and navigate to https://localhost:4680/ and accept the risk of the unknown certificate on this port as well.
- On the "Log in" dialog that is displayed, enter wa1234 in the
Password field.
- Select the Workspaces menu on the header
area, which takes you to the Workspaces page. You will see all the workspaces available in the
system.
Only GenAppC project is available in the system for demonstration use. You will see the scan information, such as the last scanned date and missing artifact data. The scan results indicate that there is no artifact missing but there are 4 entry points out of 26 entry points that Wazi Analyze cannot find from the source files being scanned, which helps you understand the completeness of the source files, discover what are missing, and be able to fix the issues.
- Select the Action Menu icon ( ) at the end
of GenAppC row and select the View missing artifacts report
button.
The missing artifacts report for GenAppC workspace is displayed. You can see the scan details on the right pane, such as scanned date, number of programs, files, and jobs that are scanned. The missing entry points are listed below. For example, you can see that
AAAAAAAA
is mentioned in LGICUS01.cbl at lines 000173 – 000175. It is invoked by LGICUS01 program. - Select the Action Menu icon ( ) at the end of
AAAAAAAA row and select Preview source content to view the source
code.
The statement that invoked AAAAAAAA is highlighted, which helps you easily identify if the missing entry point is needed for the analysis. In this tutorial, you will know that the entry point is not being used for the application and it is not part of the analysis. So you will take no action and continue to perform the analysis.
- Click Ok to close the dialog.
- Click < Back to go back to the Workspace page and select GenAppC workspace to start viewing the analysis.
- Type LGI on the Search box
to search for a program that you want to view the program call references.
- Type LGI*01 on the Search
box.
You can use a wildcard symbol to search. '
*
' is replaced by any one or more characters. The results show programs that start withLGI
and end with 01.You can also use
?
in the search string.?
is replaced by any one character. - Open the Artifact type drop-down list. You can see that 54 files and 34 programs match the search criteria.
- Select Programs (34) to filter out other artifact types and narrow down to the results of program type.
- Select LGICDB01 from the list. A program call
graph appears.
- Select the Action Menu icon ( ) on the top
right of LGICDB01 node, and then select View
properties to display the Properties pane that shows detailed information for the
LGICDB01 program. You can see the information such as type, source type,
incoming references, and outgoing references with the type of references and all included files.
ProgramCall
from program LGICUS01 and one outgoing reference of typeProgramCall
to program LGSTSQ. It also includes seven copybook files. - Click the + icon next to the
Depth field to increase the number of relationship depth to
2. An additional node is displayed on the graph.
- Hover over the relationship line between LGICDB01 and
LGSTSQ to see the type of the relationship.
- Select the Action Menu icon ( ) on the top
right of LGICDB01 node and select View source file references to
display the relationship between source files of selected node.
- Select the Action Menu icon ( ) on the top
right of LGICDB01.CBL node and select Preview source content to
display the content within the selected node. A dialog that shows the content within the source file
is displayed. Click Show more in the dialog to see the entire content.
- Click the Ok button to close the dialog.
- Select the LGPOLICY.CPY node on the LGICDB01.CBL source
file references graph to open the Properties pane of LGPOLICY.CPY.
- Click the Close (X) icon on the Properties pane to close it.
- Select the Action Menu icon ( ) on the upper
right of the LGPOLICY.CPY node and select View source file references.
- Select the Table view icon ( ) on the upper right header to change the graph view to table view. The same
information is displayed in table format.
- Select the Filter icon () to select the artifact type to display in the table.
- Select the History icon ( ) to see the graph that you previously viewed.
- Select LGICDB01 (depth = 2) view from the list of history views to view LGICDB01 program call references.
- Click the Close (X) icon on the History pane to
close it.You can now see the LGICDB01 program call references in table format.
-
Select the Graph view icon () on the top right header to change the table view to graph view.
- Select the Export icon () to export the graph that is displayed.
- Select PDF from the Export
format field and keep the File name field as default.
- Click Export to export the graph view as a PDF file.
- Open the PDF on your browser. Note: The behavior for handling a file download could be different based on the browser type and settings. For example, if you use Firefox, you might see a dialog box that you can select Open with Firefox to open the file or Save File to save the file to your local machine.PDF file opens in a new window.
.dat
file) and observe the
changes to the analysis results.