On this page:
What's new ?
Please see Automatic Links Validator - 1.0 - Release Notes for more information.
At the core of CAST AIP transaction discovery algorithm is the understanding of the links between objects discovered during the source code analysis of the target application. For cross-technology links, External Links will identify and record a link between two objects whose validity cannot be precisely determined. These links are tagged as "dynamic" (see Advanced onboarding - validate Validate Dynamic Links for more information. This extension provides automatic validation of these dynamic links.
This Microsoft Excel report is stored in the LISA folder (Large Intermediate Storage Area) which is usually set to %PROGRAMDATA%\CAST\CAST\CASTMS\LISA:
When using Console 1.x, the report can be accessed directly in Application - Legacy Overview:
Click to enlarge
CAST Management Studio
The report is available in the CAST Management Studio (CAST AIP ≥ 8.3.x) in the Execute tab after performing an analysis:
|When using the extension with CAST AIP ≤ 8.2.x, links will be automatically validated and an Excel report is generated in the LISA folder however, there is no specific user interface available to access the report directly from the CAST Management Studio.|
When using AIP Console, the report can be accessed directly in the Application Overview panel:
Click to enlarge
What results can you expect?
What results can you expect?
Below is an example of a view in CAST Enlighten, first without the extension and then with the extension. We see that three dynamic links have been (correctly) rejected as false:
Results without extension
Below is the code of the first 'getInstance' method: we can see that the reference is in a throw exception, so the link is not valid and needs to be rejected as false:
Results with extension - the false links have been rejected:
- Automatic DLM: This sheet shows all the link information, corresponding actions and descriptions of the heuristics used
- Remaining links: This sheet shows the links which haven't been successfully validated or rejected
- Summary: This sheet show numbers summarizing the results of the process
- Number of dynamic links
- Number of links handled by the extension
- Number of links validated, ignored or skipped
- Rates of handling, validating, ignoring or skipping links
- Conflicting links: Links assessed with conflicts. The links have been checked with clear results but with both validating and ignoring rules. These links as as they are more likely to have an incorrect assessment
AIP Core compatibility
CAST AIP Core release
Download and installation instructions
The latest release status of this extension can be seen when downloading it from the CAST Extend server.
Note that when using AIP Console, this extension is automatically installed when:
Mechanics of the validation process
- The extension checks the dynamic link against a series of heuristics
- Each heuristic gives a score (positive or negative) to each dynamic link
- All scores are added up to give a final score = θ.
- The decision to validate as true, reject as false or skip the links is based on the value of θ:
Ignore throws exception
|String in a 'throw' exception is always a message to be interpreted by a human, so the link is invalid.|
Skip reference finder
|Reference finder link, the extension will skip them and not process any heuristic on it.|
Ignore message logging
|Log messages are to be interpreted by human, so the link is invalid.|
Ignore SQL parameter
|SQL parameter are not valid link.|
Ignore WPF property changed
|Reference is RaisePropertyChanged(\"ObjectName\"), this is a classic WPF construct, so an invalid link.|
Validate or ignore when the Reference is a path
|Validate a reference which is valid path file and the callee object is a file.|
Validate call to programValidate call to a program.
Validate or ignore link to properties element
|Validate or ignore link to JSP property|
Validate or ignore SQL query
|Validate correct SQL query syntax|
Validate C# call procedure
|Known functions call to database procedure.|
Validate link to Spring beanValidate link to spring bean.
Ignore link JSP servlet mapping
|Ignore link to JSP servlet mapping.|
Ignore link from properties element to properties element
|Ignore link from JSP property to JSP property.|
Ignore properties element when it's a message logging
|Ignore link when caller is a JSP_PROPERTY_MAPPING and its name contains a log marker|
Ignore link to natural language
|Ignore link when the reference is in a string of natural language.|
Ignore link to directory
|Ignore link to a directory (a directory is not an end point neither can it calls a link).|
Ignore link to a column of a table
|Ignore link to a column table (the link should be to a table).|
|Ignore link to synonym||Ignore link to a synonym (the link should be to a table).|
|Ignore link to a wrong type of callee||Ignore link to a wrong type of callee.|
Validate .NET DataTable links
|Validate link using method from ADO .Net DataTable.|
Ignore link when the caller is a sourceFile
|Ignore link when caller is a sourceFile and the callee is not a sourceFile.|
Ignore link on database index
|Ignore link when callee is an index of a database.|
Validate .NET ObjectContext methods
|Validate link using method from .Net ObjectContext.|
Validate link to JPA Persistence XML
|Validate link to JPA Persistence XML file.|
|with callee in a tag.|
|Validate link to SEARCHSTRING|
|Validate link from .NET object to ENTITY||_WRAPPER object.|
|Ignore invalid Struts or Spring links||Ignore Struts or Spring links with wrong type of callee (it's a common DLM rule).|
|Validate or Ignore link from Java field to JPA||Validate link with "JV_FIELD" caller and "JPA_NAMED_QUERY" callee|
when the field is strictly equal to jpa_entity.jpa_named_query.
Ignore link with "JV_FIELD" caller and "JPA_ENTITY" callee when
the field is strictly equal to jpa_entity.jpa_named_query.
|Ignore link from toString methodsIgnore link from toString methods.||_|
|Validate or Ignore link to JspForward||Ignore link to callee of type JSP_FORWARD unless a part of the fullname is found in the source.|
Ignore link from wrong method or function
|Some standard methods or functions can't be used to call an object (typically manipulation of string, etc.)|
Ignore link to wrong type of callee object from another technology
|Ignore link with pattern callee_name.XXX or callee_nameXXX in code||_|
Ignore linkwith pattern callee_name.XXX or callee_nameXXX in code
when caller is an exception handler
Ignore link when caller is exception constructor
As mentioned already, each heuristic rule computes a score for each link which can be positive or negative. A positive score will weight in favor of validating the link and a negative score in favor of rejecting it. A conflicting exists when a link obtains positive and negative scores regardless of the value of the final score. These links are worth mentioning because they are the ones where there is the highest risk of an incorrect assessment.