The Rules Management section provides a comprehensive view of all the rules available to the current user. These rules can be categorized as:
- Kiuwan library rules: Kiuwan offers these rules. Users can customize specified properties to align with their model's requirements (more on this topic in the Customizing Rules section).
- Custom rules: Kiuwan users can install their own rules in Kiuwan. These rules can be imported from 3rd party tools or installed from Kiuwan Rule Developer (read more about it on the Rule Development page).
Access rules management
Navigate to Model Management > Rules to access the rules section.
This section shows all the rules that are available to the current user. Every section of this page is described in the following paragraphs.
Filters
The filtering options help you quickly find the rules you need. Filters can be combined, and the rule counter updates dynamically as you apply filters.
Default filters
| Name | Description |
| Active | When set to "On", filters the rules contained in the current model. When set to "Off", filters the rules that can be added to the current model. |
| Name or description | If set, it filters the rules whose name or description matches the specified pattern. All the matches found will be highlighted in the rules list. |
| Language | It filters the rules that match the selected language. |
| Characteristic | It filters by Efficiency, Maintainability, Portability, Reliability or Security |
| Vulnerability Type | It filters by the type of vulnerability (i.e. Injection, Design Error, etc.) |
| Priority | It filters the rules that match the selected priority. |
| Effort | It filters the rules that match the selected effort. |
| Normative | It filters by the the security standards normative needed (OWASP, CWE...) |
| Framework | It filters by the used framework. |
| Tag | It shows the rules that contain at least one of the specified tags. In particular, this filter is very useful for finding rules that discover vulnerabilities associated with specific CWE identifiers. |
| Only Code Security Rules | Choose whether you want to see only Code Security rules. |
| + Filters |
The drop-down menu contains additional filters:
|
Rules list
The rules list displays filtered results, with each row showing key rule details:
| Name | Description |
| Active | It displays the status of the rule in the current model. A green circle will be shown if the rule is active. |
| Name | Click on the name of a rule to access its full details window. |
| ? | Click this icon to get more details of the current rule. |
| Language | The language the rule applies to. |
| Characteristic | The CQM characteristic the rule is classified under (efficiency, maintainability, portability, reliability, and security). |
| Vulnerability type | The type of vulnerability connected to the rule. |
| Priority | The priority of the rule. The higher the priority, the more critical a defect will be. |
| Repair difficulty | The effort needed to repair a defect found by the rule. |
Quick configuration
When a model of your own is selected in the left Models panel, you can add or remove rules from the model by clicking on the circles in the Active column:
Additional options are available if the rule is active:
- Change the characteristic classification of a rule. Click the characteristic label to change the characteristic a rule is classified under.
- Change the priority of a rule. Click the priority icon to change the priority of a rule.
- Change the repair difficulty of a rule. Click the effort label to change the effort needed to repair a defect of a rule.
- Drop-down menu options:
- Restore the default configuration of a rule.
- Remove a rule from Kiuwan (only available if the rule is owned by the current user).
Changes made using the quick configuration will only be applied to the current model. To make changes to a rule that applies to all your models, you should open the rule detail window by clicking on the rule name you want to configure.
Rule details
Click theicon to show the rule details window.
This window shows the full information of the selected rule. This information is organized into different sections:
| Name | Description |
| Description | Language, name, description, and user notes of the rule |
| Tags | Labels assigned to the rule. |
| Code | The code of the rule |
| Reference | External documentation about the rule is worth reading. |
| Outgoing Relations |
Which rules are related to the current rule and which rules the current rule is related to. Please consider deactivating the rules that are:
|
| Benefits | The benefits of repairing this violation |
| Parameters | The parameters of the rule. |
| Code examples | Violation code and Fixed code = How the rule is violated and how to repair the violation. |
Configuration and customization
When accessing the rule details window of a rule that you don't own, you can:
- Add your notes for the rule.
- Change the characteristic classification of the rule.
- Change the priority of the rule.
- Change the effort of the rule. You can even set a custom effort for the rule in minutes.
- Change the rule behavior by changing the editable parameter values.
- Create, add, or remove tags to the rule.
If you own the rule, additional options will be available:
- Edit all metadata of the rule (name, description, benefits, drawbacks, remediation, configuration).
- Add or remove documentation references.
- Add or remove relations with other rules.
- Modify the rule code examples.
- Modify the rule parameter's name and description.
When editing your own rules, note that you will not be able to:
- Change the implementation class of the rule.
- Change editable parameter names.
- Change non-editable parameter names or values.
These changes are not allowed in the rule details window because they would impact your analyses –they could make the rule not executable in the Kiuwan Local Analyzer. If you need to change any of these fields, you should install the rule again using the rule installation wizard.
Saving the rule: configuration scopes
When saving a rule and a configuration change has been made –a change in the characteristic, priority, effort, or parameter value, changes may be applied differently:
- Inactive rules: Changes apply globally. This means that the changes made will affect all your models that contain the saved rule unless the rule was configured for a particular model previously.
- Active rules: Users can choose whether changes apply only to the current model or globally.
Remember, changes made in the rule list using quick configuration only apply to the current model.
Restoring configuration default values
You can always return to the previous configuration of a rule.
If you made changes in the configuration of a Kiuwan rule and click on the "Restore defaults" button:
- If the rule configuration was changed to apply globally and the rule has not been configured for the current model, Kiuwan's default configuration for the rule will be restored.
- If the rule configuration was changed to apply globally and the rule has been configured for the current model, your global default configuration for the rule will be restored.
- If the rule configuration is changed only for the current model, Kiuwan's default configuration for the rule will be restored.
Removing a rule
You can only remove those rules that belong to you. Click the "Remove" button to delete the current rule.
Note that removing a rule will not affect published versions that contain the rule. Those versions will still contain the removed rule.
Bulk edit: changing multiple rules
You can apply a change to multiple rules.
Using the bulk edit menu, you can:
- Change the active status of a group of rules. This makes adding or removing rules from the current model quick and easy.
- Change the characteristic classification of a group of rules.
- Change the priority of a group of rules.
- Change the effort needed to repair a violation of a group of rules.
- Add tags to a group of rules.
- Remove tags from a group of rules.
- Restore the default configuration of a group of rules.
- Remove a group of rules.
These actions behave the same way as their single-rule counterpart.
Once in the bulk edit window, you will be able to select those rules that you want to apply the changes.