Rules can be created in the Pattern Rule Library view,
the Properties view for a project or application, or in a scan configuration.
Before you begin
Note: You must have Manage
Patterns permission
to be able to create pattern rules or rule sets - or to modify and
remove custom rules and rule sets.
Rules
are created in the New Rule dialog box:
- To open this dialog box in the Pattern Rule Library view, click New
Rule.
- In a scan configuration, select the Pattern Analysis tab and then
select the Pattern analysis check box. In the
Pattern Rules section of the tab, click Add to
open the Add Pattern Rules dialog box. In this dialog box, click Create
new rule to open the New Rule dialog box.
- To open this dialog box from the Properties view for a selected
application or project, select the Rules and Rule Sets tab
of the Properties view, click Add or right
click inside the Rules section and select Add.
Click New Rule in the Choose Rule dialog box.
Procedure
- In the New Rule dialog box, Name the
rule.
- Optional: Add a Description for
the rule.
- Add the Criteria.
Click Add and type the regular expression for
each rule.
- Identify the file type, such as *.java or *.xml.
You can type any file type with or without wildcard characters.
- Optional: Select the Severity:
- Optional: Select the Classification:
- Definitive
- Suspect
- Scan Coverage
- Optional: Select the vulnerability
type to search for in the scan. (For more details about vulnerability
types, see the AppScan Source Security Knowledgebase)
- Optional: Select the criteria
syntax:
- Optional: Identify if the results
returned include All pattern matches or Each
file in which no matches are found. When no matches are
found, the pattern is an absence rule.
- Optional: Select the Case-Sensitive check
box if the pattern match should be case-sensitive.
- Optional: Select the Multi-Line check
box if the rule should match a pattern that spans across multiple
lines.
- Click OK to verify that
the regular expressions in the rule are valid. The rule is then added
to the pattern rule library.