Custom Filter base on vulnerabilities

Hello people,

Is there a certain way for us to create custom filters based on a set of vulnerabilities? For example if I do an analysis on a source code, I would just like to use this filter to show the items below;

Buffer overflows

Injection vulnerability flaws (e.g. SQL injection, command injection etc.)

Improper error / exception handling

Can this be done on SCA 4.40 and SSC 16.10?

Thanks!

  • Yes.

    (A)

    If you wish to only show some of the results, but keep the rest of the findings available:  I believe the Audit Workbench tool's Functions feature would be of interest to you.  See Chapter 6 of the 16.10 Audit Workbench User Guide.  This details the use of the Functions view to display only those Issues desired, but also how to define your own Custom Rules for the Functions view.

    (B)

    If you wish to drop findings from the scan before displaying its results:  I believe you are seeking the Filter Files feature detailed in the SCA 16.10 User Guide, Appendix C.

    ===============

    You can create a file to filter out particular vulnerability instances, rules, and vulnerability categories when you

    run the sourceanalyzer command. You specify the file using the -filter analysis option.

    *** Note: HPE recommends that you only use this feature if you are an advanced user, and that you do not

    use this feature during standard audits, because auditors should be able to see and evaluate all issues

    SCA finds.

    A filter file is a text file that you can create with any text editor. The file functions as a blacklist, where only the

    filter items you do not want are specified. Each filter item is on a separate line in the filter file. You can enter

    the following filter types:

    • Category
    • Instance ID
    • Rule ID

    The filters are applied at different times in the analysis process, according to the type of filter. Category and

    rule ID filters are applied during the initialization phase

    ===============

    There is a sample in the same document that details this further, but the typical finished command with the {-filter} option would look like this.

              sourceanalyzer -b eightball -scan -filter test_filter.txt

  • Hello, The filter file only remove the vulnerability or not, but, if I need to move for another folder the vulnerability, How can i do that using the same file?