Creating custom rules
In the Custom Rules view, you can open the Custom Rules Wizard, a tool that guides you through the creation of custom database records. Once you create custom rules, you view them in the Custom Rules view. The table displays the signature, language, and the purpose.
Project-specific validation and encoding routines only appear in the Custom Rules view if the project to which the rules apply exists in an application under All Applications in the Explorer view.
- Signature: The signature is the fully-qualified
function name. For example, the Java™ signature
includes arguments and return types, such as
com.test.vulnerable.VulnClass.vulnerable(java.lang.string;int):int.
- Language: C/C++, Java™, Visual Basic, Classic ASP, or .NET
- Purpose: The custom record type or types
on the given method, such as a
Validation.EncodingRequired
routine, sink, or source.
Tip: If you are refining your assessment of a code base
by scanning iteratively and adding custom rules, and then re-scanning
without changing the source code, you can dramatically reduce scan
time by setting the project properties to use a vulnerability analysis
cache. To do this, select the Enable Vulnerability Analysis
cache check box in the project properties. To learn how
to set project properties, see the instructions for using the Selected project Overview tab.