This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
Peter Scheidler
Lieutenant Lieutenant
Lieutenant
‎2020-02-23 13:00
388 views

Could someone point to where the terms used in filters are defined?

Jump to solution

Could someone point to where the terms used in filters are defined in the Fortify documentation?  I can't find it.  For example, when one selects the File System Input filter in the Audit Guide Filters dialog in the Visual Studio Extension, the filter terms visible in the filter tab are:

  • If taint contains file_sytem then hide issue
  • If taint contains constfile then hide issue
  • If taint contains stream then hide issue
  • If category is File Access Race Condition then hide issue.

I can infer the meaning of file_system, stream, and file access race condition, but how is constfile defined?  Is it a file with extension .txt, or .properties or ???

For a second example, when the Code Quality filter is selected in the Audit Guide Filters dialog in the Visual Studio Extension, the filter terms visible in the filter tab are

  • If kingdom contains code quality then hide issue

However, the kingdom contains different issues including non-portable file separator.  Is there a taxonomy somewhere in the documentation that explains the hierarchy of kingdoms,  conditions and who knows what else?  I am not looking for resolution of these examples, but rather a pointer do Fortify documentation.  

Thanks in advance for any assistance.

Cordially,

Peter

PS - I would like to give kudos to people that have helped me in the past on this board, but for the life of me I can't figure out how.

 

 

0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
rhelsens
Vice Admiral Vice Admiral
Vice Admiral
‎2020-02-25 15:00

Jump to solution

Hi Peter,

Sorry I don't have the answer to the mystery of where these filter criteria are defined in the Fortify documentation, but I've seen the parameters/ranges available in Audit Workbench "create filter" drop down lists as you build a filter there.

I've attached a couple screenshots

View solution in original post

Preview file
42 KB
Preview file
44 KB
Reply
Report Inappropriate Content
2 Replies
rhelsens
Vice Admiral Vice Admiral
Vice Admiral
‎2020-02-25 15:00

Jump to solution

Hi Peter,

Sorry I don't have the answer to the mystery of where these filter criteria are defined in the Fortify documentation, but I've seen the parameters/ranges available in Audit Workbench "create filter" drop down lists as you build a filter there.

I've attached a couple screenshots

View solution in original post

Preview file
42 KB
Preview file
44 KB
Reply
Report Inappropriate Content
Peter Scheidler
Lieutenant Lieutenant
Lieutenant
‎2020-02-25 21:30

Jump to solution

Thanks for the info.  I appreciate your response.  I will ask fortify if they have the information.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.