String Variable PatternsUsing String Variable Patterns, you can save strings that would normally get filtered out by the various string filters you are using. For example, normally strings where the first word starts with a special character such as @ are filtered out. However, if this special character string is assigned to a variable named DisplayStringToUser, then the string should still be caught. By adding DisplayStringToUser to the String Variable Patterns category of your Rule Set, you'll make sure this string will still be in the Scan Results after a scan. The Edit String Variable Patterns list for an XML Rule Set is shown below.
The Inherited column lists the name of the Rule Set that defined the string variable pattern. A value of 'No' indicates that the pattern is local to the Rule Set. Local patterns can be modified and/or deleted. Inherited patterns can be overridden. To disable a local string variable pattern, uncheck the box. To create a new pattern, select the New String Variable Pattern link at the top of the page. This displays the Create String Variable Pattern form, shown below.
The page contains six fields used to describe a rule: Name, Pattern, Priority, Description, Help Page, and Enabled. Use the Name field to give your pattern a brief, meaningful name. The Pattern field must contain a valid Regular Expression. For more information on Regular Expression syntax, click here. The Priority field is used to rank the detected issue. Priorities range between 0 and 5. Assign priority 0 to indicate a string concatenation. Otherwise, assign priority 1 to 5, with 1 being the most likely to be an issue. Note that the string concatenation priority 0 will display as a 'C' in the Globalyzer Workbench. Use the Description field to (1) enter a more indepth explanation of the pattern, (2) understand the reason for its inclusion in the scan, and/or (3) describe a process to correct the problem. The Help Page field is where you can provide a URL link for the pattern. This link may either help explain why this pattern is important, or it may explain how to correct the issue found. Use the Category field to set a category that can be enabled or disabled in bulk for a ruleset. The Enabled field determines whether the pattern is processed by Globalyzer (checked) or ignored by Globalyzer for now (unchecked). Once you've provided the string variable pattern information, click the Create button. The Edit String Variable Patterns list redisplays, showing your changes. If a string variable pattern is local to the Rule Set, it can be modified and/or deleted. Click on its name hyperlink from the Edit String Variable Patterns list. This displays the Edit String Variable Pattern page, shown below. All fields are modifiable. Press Update to save any changes. Press Delete to delete the string variable pattern. After updating or deleting, the Edit String Variable Patterns list redisplays, showing your changes.
If a string variable pattern is inherited, it can be overridden. Maybe you want to disable the inherited pattern in your Rule Set. Click on its name hyperlink from the Edit String Variable Patterns list. This displays the Override String Variable Pattern page, shown below. All fields are modifiable, but if you change the pattern field, you will end up creating an entirely new string variable pattern, rather than overriding the inherited one. Press Create to create the override string variable pattern. After creating, the Edit String Variable Patterns list redisplays, showing your local string variable pattern.
To return to the Customize Rule Set page, select the Back to Summary link. |
Configuring Rule Sets