APAR status
Closed as program error.
Error description
When a Visual Studio project file is read-only on the file system, all of the project properties options are read-only in AppScan Source for Security. Project properties that are stored in the GPF (ghost project file) should use the file permissions of the GPF file, not the Visual Studio project file.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** When a Visual Studio project file is read-only on the file system, all of the project properties options are read-only in AppScan Source for Security. Project properties that are stored in the GPF (ghost project file) should use the file permissions of the GPF file, not the Visual Studio project file.
Problem conclusion
Previously imported VS projects would appear as read-only in the OSA Project Properties (Overview, Exclusions, Scan Rules etc) if the VS project file (.csproj, .vcproj) was read-only. This is incorrect because the project properties information is stored in our ghost file (i.e. .csproj.gpf). The fix is to allow editing of the project properties if the .gpf file can be written to (i.e. it is not read-only on disk). In the end, an imported VS project that is read only should appear and act the same as an imported VS project that is not read-only in terms of editing and saving the Project Properties information. If the .gpf is read-only, nothing should be editable (this functionality has not changed). In addition to verifying the imported VS projects, should also verify that manual projects (.ppf) and imported Eclipse projects (.epf) act as expected - that the properties are enabled/disabled when they should be. For ppf projects, they should always be enabled if the .ppf is writeable. For imported Eclipse, the model is the same - if the .epf is read-only you should now be able to edit the project properties so long as the .epf.gpf is writable.
Temporary fix
Comments
APAR Information
APAR number
PM43064
Reported component name
AS SRC ED, SEC
Reported component ID
5724Z3500
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-07-05
Closed date
2011-11-15
Last modified date
2011-11-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AS SRC ED, SEC
Fixed component ID
5724Z3500
Applicable component levels
R800 PSN
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSS9LM","label":"IBM Security AppScan Source for Automation"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
15 November 2011