Rule Security Analyzer tool
The Rule Security Analyzer tool identifies potential security risks in your applications that may introduce vulnerabilities to attacks such as cross-site scripting (XSS) or SQL injection.
Such vulnerabilities can typically arise only in non-autogenerated rules such as stream rules (HTML, JSP, XML, or CSS) and custom Java or SQL statements.
The Rule Security Analyzer searches for vulnerabilities in code by searching for matches to regular expressions (regex) defined in Rule Analyzer Regular Expressions rules. Several Rule Analyzer Regular Expression rules are provided as examples for finding common vulnerabilities. You may also create your Rule Analyzer Regular Expression rules to search for other patterns.
The most effective search for vulnerabilities is to rerun the Rule Analyzer several times, each time matching against a different Regular Expressions rule.
Running the Rule Security Analyzer before locking a ruleset is recommended as it allows you to identify and correct issues in rules before they are locked. The Rule Security Analyzer takes a couple of minutes to run through the different regular expressions.