Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

On this page:

Table of Contents
maxLevel2

...

com.castsoftware.automaticlinksvalidator

What's new ?

Please see Automatic Links Validator - 1.0 - Release Notes for more information.

Description

At the core of CAST AIP transaction discovery algorithm is the understanding of the links between objects discovered during the source code analysis of the target application. For cross-technology links, External Links will identify and record a link between two objects whose validity cannot be precisely determined. These links are tagged as "dynamic" (see Advanced onboarding - validate Validate Dynamic Links for more information. This extension provides automatic validation of these dynamic links.

...

  • if θ > 0, the link is validated as true
  • if θ < 0, the link is rejected as false
  • if θ = 0, the link is skipped (generally this means that none of the heuristics can be applied to this link and in this case, you will need to review the links manually as explained in Advanced onboarding - validate Dynamic Links Validate Dynamic Links.
Info

Note that:

  • only links that have not yet been manually reviewed or reviewed by this extension in a previous analysis will be pass through the validation process.
  • links with several bookmarks are handled by the extension, the rule is: if at least one bookmark is validated, then the entire link is validated.
  • the status of the link in the Analysis Service schema is modified following the validation process.

...

This Microsoft Excel report is stored in the LISA folder (Large Intermediate Storage Area) which is usually set to %PROGRAMDATA%\CAST\CAST\CASTMS\LISA:

Image Added

Console 1.x

When using Console 1.x, the report can be accessed directly in Application - Legacy Overview:

Click to enlarge

Image Added

CAST Management Studio

The report is available in the CAST Management Studio (CAST AIP ≥ 8.3.x) in the Execute tab after performing an analysis:

...

Info
When using the extension with CAST AIP ≤ 8.2.x, links will be automatically validated and an Excel report is generated in the LISA folder however, there is no specific user interface available to access the report directly from the CAST Management Studio.

AIP Console

When using AIP Console, the report can be accessed directly in the Application Overview panel:

Click to enlarge

Image Removed

What results can you expect?

...

What results can you expect?

The vast majority of the dynamic links in the Analysis Service schema will be reviewed and either validated as true or rejected as false Below is an example of a view in CAST Enlighten, first without the extension and then with the extension. We see that three dynamic links have been (correctly) rejected as false:

Results without extension

Image Modified

Below is the code of the first 'getInstance' method: we can see that the reference is in a throw exception, so the link is not valid and needs to be rejected as false:

...

Results with extension - the false links have been rejected:

Image Modified

Report contents

...

  • Automatic DLM: This sheet shows all the link information, corresponding actions and descriptions of the heuristics used
  • Remaining links: This sheet shows the links which haven't been successfully validated or rejected and in this case, you will need to review the links manually as explained in Advanced onboarding - validate Validate Dynamic Links.
  • Summary: This sheet show numbers summarizing the results of the process
    1. Number of dynamic links
    2. Number of links handled by the extension
    3. Number of links validated, ignored or skipped
    4. Rates of handling, validating, ignoring or skipping links
  • Conflicting links: Links assessed with conflicts. The links have been checked with clear results but with both validating and ignoring rules. These links will need to be reviewed manually as explained in Advanced onboarding - validate in Validate Dynamic Links as  as they are more likely to have an incorrect assessment

...

AIP Core compatibility 

This extension is compatible with:

CAST AIP Core release

Supported

≥ 8.0.0(tick)

Download and installation instructions

Please see:

The latest release status of this extension can be seen when downloading it from the CAST Extend server.

Info

Note that when using AIP Console, this extension is automatically installed when:

see Standard add a new Version - deliver code - generate snapshot.

How does it work?

Mechanics of the validation process

  1. The extension checks the dynamic link against a series of heuristics
  2. Each heuristic gives a score (positive or negative) to each dynamic link
  3. All scores are added up to give a final score = θ.
  4. The decision to validate as true, reject as false or skip the links is based on the value of θ:
    • if θ > 0, the link is validated as true
    • if θ < 0, the link is rejected as false
    • if θ = 0, the link is skipped (generally this means that none of the heuristics can be applied to this link and in this case, you will need to review the links manually as explained in Advanced onboarding - validate Validate Dynamic Links)
  5. In CAST AIP Core ≥ 8.3.x a Microsoft Excel report is generated and stored in the LISA folder (Large Intermediate Storage Area) containing information about the status of each link after validation

...

WRAPPER object.
HeuristicRationale

Ignore throws exception

String in a 'throw' exception is always a message to be interpreted by a human, so the link is invalid.

Skip reference finder

Reference finder link, the extension will skip them and not process any heuristic on it.

Ignore message logging 

Log messages are to be interpreted by human, so the link is invalid.

Ignore SQL parameter 

SQL parameter are not valid link.

Ignore WPF property changed 

Reference is RaisePropertyChanged(\"ObjectName\"), this is a classic WPF construct, so an invalid link.

Validate or ignore when the Reference is a path 

Validate a reference which is valid path file and the callee object is a file.

Validate call to program 

Validate call to a program.
_

Validate or ignore link to properties element   

Validate or ignore link to JSP property

Validate or ignore SQL query 

Validate correct SQL query syntax

Validate C# call procedure 

Known functions call to database procedure.

Validate link to Spring bean 

Validate link to spring bean.
_

Ignore link JSP servlet mapping 

Ignore link to JSP servlet mapping.

Ignore link from properties element to properties element 

Ignore link from JSP property to JSP property.

Ignore properties element when it's a message logging 

Ignore link when caller is a  JSP_PROPERTY_MAPPING and its name contains a log marker

Ignore link to natural language 

Ignore link when the reference is in a string of natural language.

Ignore link to directory 

Ignore link to a directory (a directory is not an end point neither can it calls a link).

Ignore link to a column of a table 

Ignore link to a column table (the link should be to a table).
Ignore link to synonymIgnore link to a synonym (the link should be to a table).
Ignore link to a wrong type of calleeIgnore link to a wrong type of callee.

Validate .NET DataTable links 

Validate link using method from ADO .Net DataTable.

Ignore link when the caller is a sourceFile 

Ignore link when caller is a  sourceFile and the callee is not a sourceFile.

Ignore link on database index 

Ignore link when callee is an index of a database.

Validate .NET ObjectContext methods 

Validate link using method from .Net ObjectContext.

Validate link to JPA Persistence XML 

Validate link to JPA Persistence XML file.
Ignore link from JSP file to tableIgnore link from JSP file to table with callee in a tag.
Validate link to SEARCHSTRINGValidate link to a REFIND_SEARCHSTRING callee.
Validate link to a java appletValidate link to a java applet._
Validate link from .NET object to ENTITY_WRAPPER objectValidate link from .NET object to ENTITY_
Ignore invalid Struts or Spring linksIgnore Struts or Spring links with wrong type of callee (it's a common DLM rule).
 Validate or Ignore link from Java field to JPAValidate link with "JV_FIELD" caller and "JPA_NAMED_QUERY" callee
when the field is strictly equal to jpa_entity.jpa_named_query.
Ignore link with "JV_FIELD" caller and "JPA_ENTITY" callee when
the field is strictly equal to jpa_entity.jpa_named_query.
Ignore link from toString methodsIgnore link from toString methods._
Validate or Ignore link to JspForwardIgnore link to callee of type JSP_FORWARD unless a part of the fullname is found in the source.

Ignore link from wrong method or function

Some standard methods or functions can't be used to call an object (typically manipulation of string, etc.)

Ignore link to wrong type of callee object from another technology

Some object type can't be called from "outside" their technology
Ignore link with pattern callee_name.XXX or callee_nameXXX in code_

Ignore link

with pattern callee_name.XXX or callee_nameXXX in code

when caller is an exception handler

_

Ignore link when caller is exception constructor

_

As mentioned already, each heuristic rule computes a score for each link which can be positive or negative. A positive score will weight in favor of validating the link and a negative score in favor of rejecting it. A conflicting exists when a link obtains positive and negative scores regardless of the value of the final score. These links are worth mentioning because they are the ones where there is the highest risk of an incorrect assessment.

...