PMD
comes prepackaged with a number of rules, but this
tool’s real strength is the ease with which you can
create custom rules. The prepackaged
rulesets
deal primarily with software quality
issues and include the following categories:
The next section builds an example rule to identify code symptomatic
of SQL injection vulnerabilities. Although the focus is PMD, the
important point is that any
static analysis tool that supports
custom rule creation can be extended in a similar way. The tester can
leverage the existing analysis engine and rules of a particular tool
and simply extend the rule base to incorporate web application code
signatures. Ideally, you can add to the rule base (i.e., symptom code
database) any code that causes application security issues by
describing it in the tool’s rule definition syntax.
A PMD ruleset is a XML file that consists of one or more
rule elements. Each rule element consists of
attributes and child elements, such as the following:
Name
Message
Class
Description
Priority
Example
The Class
attribute points to the implementation
of the rule logic, which can be written as a Java class file or as an
XPath
expression. A discussion of
xpath
is outside the scopt of this chapter, but
plenty of good xpath
resources are available on the internet. The other elements and attributes are informational ...