Creating custom rules

In the Custom Rules view, you can open the Custom Rules Wizard, a tool that guides you through the creation of custom database records. Once you create custom rules, you view them in the Custom Rules view. The table displays the signature, language, and the purpose.

Project-specific validation and encoding routines only appear in the Custom Rules view if the project to which the rules apply exists in an application under All Applications in the Explorer view.

Signature: The signature is the fully-qualified function name. For example, the Java™ signature includes arguments and return types, such as com.test.vulnerable.VulnClass.vulnerable(java.lang.string;int):int.
Language: C/C++, Java, Visual Basic, Classic ASP, or .NET
Purpose: The custom record type or types on the given method, such as a Validation.EncodingRequired routine, sink, or source.

Tip: If you are refining your assessment of a code base by scanning iteratively and adding custom rules, and then re-scanning without changing the source code, you can dramatically reduce scan time by setting the project properties to use a vulnerability analysis cache. To do this, select the Enable Vulnerability Analysis cache check box in the project properties. To learn how to set project properties, see the instructions for using the Selected project Overview tab.