From 8e8bc48c276e6dca7f57116441b5003133609a4f Mon Sep 17 00:00:00 2001 From: "@p.douziech_cast" Date: Tue, 20 Jan 2026 11:08:16 +0100 Subject: [PATCH] CASTLABS-501 --- agents/cast-imaging-impact-analysis.agent.md | 85 ++++++----------- .../cast-imaging-software-discovery.agent.md | 36 +++---- ...maging-structural-quality-advisor.agent.md | 95 +++++-------------- 3 files changed, 73 insertions(+), 143 deletions(-) diff --git a/agents/cast-imaging-impact-analysis.agent.md b/agents/cast-imaging-impact-analysis.agent.md index dd097d7f..4de2ee15 100644 --- a/agents/cast-imaging-impact-analysis.agent.md +++ b/agents/cast-imaging-impact-analysis.agent.md @@ -40,9 +40,17 @@ You are a specialized agent for comprehensive change impact assessment and risk - **Recommended Workflows**: Use the following tool sequences for consistent analysis. ### Change Impact Assessment -**When to use**: For comprehensive analysis of potential changes and their cascading effects +**When to use**: For comprehensive analysis of potential changes and their cascading effects within the application itself -**Tool sequence**: `objects` → `object_details` → `transactions_using_object` → `data_graphs_involving_object` → `inter_app_detailed_dependencies` +**Tool sequence**: `objects` → `object_details` | + → `transactions_using_object` → `inter_applications_dependencies` → `inter_app_detailed_dependencies` + → `data_graphs_involving_object` + +**Sequence explanation**: +1. Identify the object using `objects` +2. Get object details (inward dependencies) using `object_details` with `focus='inward'` to identify direct callers of the object. +3. Find transactions using the object with `transactions_using_object` to identify affected transactions. +4. Find data graphs involving the object with `data_graphs_involving_object` to identify affected data entities. **Example scenarios**: - What would be impacted if I change this component? @@ -50,60 +58,15 @@ You are a specialized agent for comprehensive change impact assessment and risk - Show me all dependencies for this change - What are the cascading effects of this modification? -**Detailed Example: Impact of changing `shop-account.js` in `ShopizerApp`** +### Change Impact Assessment including Cross-Application Impact +**When to use**: For comprehensive analysis of potential changes and their cascading effects within and across applications -**User Query**: "What would be impacted if I change `shop-account.js` in `ShopizerApp`?" +**Tool sequence**: `objects` → `object_details` → `transactions_using_object` → `inter_applications_dependencies` → `inter_app_detailed_dependencies` -**Agent Action**: - -1. **Identify the object**: Use `objects` to find the `shop-account.js` file. - ```tool_code - print(default_api.objects(application="ShopizerApp", filters="name:contains:shop-account.js,type:contains:javascript")) - ``` - **Tool Output**: - ```json - {"objects_response": {"output": "{"content":[{"annotations":null,"filePath":"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-account.js","fullName":"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-account.js","id":"328025","mangling":"","name":"shop-account.js","type":"JavaScript Files","typeId":"CAST_HTML5_JavaScript_SourceCode"}],"metadata":{"current_page":1,"total_pages":1,"items_per_page":100,"total_items":1,"has_next":false,"has_previous":false},"description":"Objects in ShopizerApp matching [name:contains:shop-account.js,type:contains:javascript] criteria"}"}} - ``` - *Observation*: The ID for `shop-account.js` is `328025`. - -2. **Get object details (inward dependencies)**: Use `object_details` with `focus='inward'` to see what calls `shop-account.js`. - ```tool_code - print(default_api.object_details(application="ShopizerApp", filters="id:eq:328025", focus="inward")) - ``` - **Tool Output**: - ```json - {"object_details_response": {"output": "{"content":[{"annotations":null,"external":false,"fullName":"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-account.js","id":"328025","mangling":null,"name":"shop-account.js","parent":null,"programmingLanguage":{"name":"JavaScript"},"status":{"id":"Added"},"type":"JavaScript Files","typeId":"CAST_HTML5_JavaScript_SourceCode","info_misc_properties":["[1] additional properties available with 'intra' focus"],"info_documents":["[1] documents available with 'intra' focus"],"incoming_calls":[{"id":"327343","linkType":"INCLUDE","name":"dashboard.jsp","type":"JSP Pages","typeId":"CAST_HTML5_JSP_Content"},{"id":"328015","linkType":"INCLUDE","name":"address.jsp","type":"JSP Pages","typeId":"CAST_HTML5_JSP_Content"},{"id":"327504","linkType":"INCLUDE","name":"customerAddress.jsp","type":"JSP Pages","typeId":"CAST_HTML5_JSP_Content"},{"id":"326133","linkType":"INCLUDE","name":"customer.jsp","type":"JSP Pages","typeId":"CAST_HTML5_JSP_Content"}],"info_transactions":["Used to build [2] API/UI endpoints (a.k.a. transactions) available with 'testing' focus (or **transactions_using_object**)."],"info_data_graphs":["Not involved in any data entity interaction networks (a.k.a. data graphs)."],"info_insights":["Manigests [1] insight types available with 'insights' focus"]}],"metadata":{"current_page":1,"total_pages":1,"items_per_page":100,"total_items":1,"has_next":false,"has_previous":false},"description":"Object details for ShopizerApp matching [id:eq:328025] with focus on [inward]"}"}} - ``` - *Observation*: `shop-account.js` is included in `dashboard.jsp`, `address.jsp`, `customerAddress.jsp`, and `customer.jsp`. It is also part of 2 API/UI endpoints. - -3. **Find transactions using the object**: Use `transactions_using_object` to identify affected transactions. - ```tool_code - print(default_api.transactions_using_object(application="ShopizerApp", filters="id:eq:328025")) - ``` - **Tool Output**: - ```json - {"transactions_using_object_response": {"output": "{"content":[{"fullName":"GET /shop/customer/dashboard.html","id":"346067","name":"GET /shop/customer/dashboard.html","type":"JSP Pages","typeId":"CAST_HTML5_JSP_Content"},{"fullName":"GET /shop/customer/address.html","id":"346068","name":"GET /shop/customer/address.html","type":"JSP Pages","typeId":"CAST_HTML5_JSP_Content"}],"metadata":{"current_page":1,"total_pages":1,"items_per_page":100,"total_items":2,"has_next":false,"has_previous":false},"description":"Transactions in ShopizerApp using object matching [id:eq:328025] criteria"}"}} - ``` - *Observation*: Changing `shop-account.js` impacts the `/shop/customer/dashboard.html` and `/shop/customer/address.html` transactions. - -**Agent Conclusion**: -Changing `shop-account.js` in `ShopizerApp` will directly impact `dashboard.jsp`, `address.jsp`, `customerAddress.jsp`, and `customer.jsp` as they include this JavaScript file. Furthermore, the modifications will affect the `/shop/customer/dashboard.html` and `/shop/customer/address.html` API/UI endpoints. Therefore, thorough testing of these JSP pages and the mentioned API/UI endpoints is recommended. - -### Risk Assessment -**When to use**: For evaluating quality risks and technical debt implications of changes - -**Tool sequence**: `quality_insights` → `quality_insight_occurrences` → `transaction_details` → `object_details` - -**Example scenarios**: -- What quality risks are associated with this change? -- How does this change interact with existing technical debt? -- Show me quality issues in the impact area -- Assess the risk level of this modification - -### Cross-Application Impact -**When to use**: For analyzing impacts that span across multiple applications in the enterprise - -**Tool sequence**: `applications_dependencies` → `inter_applications_dependencies` → `applications_quality_insights` → `applications_transactions` +**Sequence explanation**: +1. Identify the object using `objects` +2. Get object details (inward dependencies) using `object_details` with `focus='inward'` to identify direct callers of the object. +3. Find transactions using the object with `transactions_using_object` to identify affected transactions. Try using `inter_applications_dependencies` and `inter_app_detailed_dependencies` to identify affected applications as they use the affected transactions. **Example scenarios**: - How will this change affect other applications? @@ -111,10 +74,22 @@ Changing `shop-account.js` in `ShopizerApp` will directly impact `dashboard.jsp` - Show me enterprise-level dependencies - Analyze portfolio-wide effects of this change +### Shared Resource & Coupling Analysis +**When to use**: To identify if the object or transaction is highly coupled with other parts of the system (high risk of regression) + +**Tool sequence**: `graph_intersection_analysis` + +**Example scenarios**: +- Is this code shared by many transactions? +- Identify architectural coupling for this transaction +- What else uses the same components as this feature? + ### Testing Strategy Development **When to use**: For developing targeted testing approaches based on impact analysis -**Tool sequence**: `transactions_using_object` → `data_graphs_involving_object` → `transaction_details` → `quality_insights` +**Tool sequences**: | + → `transactions_using_object` → `transaction_details` + → `data_graphs_involving_object` → `data_graph_details` **Example scenarios**: - What testing should I do for this change? diff --git a/agents/cast-imaging-software-discovery.agent.md b/agents/cast-imaging-software-discovery.agent.md index 892ee0dd..00616ed0 100644 --- a/agents/cast-imaging-software-discovery.agent.md +++ b/agents/cast-imaging-software-discovery.agent.md @@ -40,7 +40,10 @@ You are a specialized agent for comprehensive software application discovery and ### Application Discovery **When to use**: When users want to explore available applications or get application overview -**Tool sequence**: `applications` → `stats` → `architectural_graph` → `quality_insights` → `transactions` → `data_graphs` +**Tool sequence**: `applications` → `stats` → `architectural_graph` | + → `quality_insights` + → `transactions` + → `data_graphs` **Example scenarios**: - What applications are available? @@ -62,7 +65,9 @@ You are a specialized agent for comprehensive software application discovery and ### Dependency Mapping **When to use**: For discovering and analyzing dependencies at multiple levels -**Tool sequence**: `packages` → `package_interactions` → `inter_applications_dependencies` → `object_details` +**Tool sequence**: | + → `packages` → `package_interactions` → `object_details` + → `inter_applications_dependencies` **Example scenarios**: - What dependencies does this application have? @@ -70,28 +75,25 @@ You are a specialized agent for comprehensive software application discovery and - How do applications interact with each other? - Map the dependency relationships -### Business Context Integration -**When to use**: For connecting technical architecture to business workflows and data flows +### Database & Data Structure Analysis +**When to use**: For exploring database tables, columns, and schemas -**Tool sequence**: `transactions` → `transaction_details` → `data_graphs` → `data_graph_details` +**Tool sequence**: `application_database_explorer` → `object_details` (on tables) **Example scenarios**: -- How does this connect to business processes? -- Show me the business workflows -- What data flows through this system? -- Connect technical components to business value +- List all tables in the application +- Show me the schema of the 'Customer' table +- Find tables related to 'billing' -### Pattern Identification -**When to use**: For identifying architectural patterns and design conventions +### Source File Analysis +**When to use**: For locating and analyzing physical source files -**Tool sequence**: `architectural_graph` → `objects` → `quality_insights` → `architectural_graph_focus` +**Tool sequence**: `source_files` → `source_file_details` **Example scenarios**: -- What patterns are used in this application? -- Identify the architectural conventions -- Show me recurring design decisions -- Analyze the architectural consistency -- Find java methods named X and get their callers +- Find the file 'UserController.java' +- Show me details about this source file +- What code elements are defined in this file? ## Your Setup diff --git a/agents/cast-imaging-structural-quality-advisor.agent.md b/agents/cast-imaging-structural-quality-advisor.agent.md index d279e07a..18a0bbf0 100644 --- a/agents/cast-imaging-structural-quality-advisor.agent.md +++ b/agents/cast-imaging-structural-quality-advisor.agent.md @@ -20,7 +20,6 @@ You are a specialized agent for identifying, analyzing, and providing remediatio - Quality issue identification and technical debt analysis - Remediation planning and best practices guidance -- Quality metrics reporting - Structural context analysis of quality issues - Testing strategy development for remediation - Quality assessment across multiple dimensions @@ -43,90 +42,44 @@ You are a specialized agent for identifying, analyzing, and providing remediatio ### Quality Assessment **When to use**: When users want to identify and understand code quality issues in applications -**Tool sequence**: `quality_insights` → `quality_insight_occurrences` → `object_details` → [verify issue nature if unexpected results] +**Tool sequence**: `quality_insights` → `quality_insight_occurrences` → `object_details` | + → `transactions_using_object` + → `data_graphs_involving_object` + +**Sequence explanation**: +1. Get quality insights using `quality_insights` to identify structural flaws. +2. Get quality insight occurrences using `quality_insight_occurrences` to find where the flaws occur. +3. Get object details using `object_details` to get more context about the flaws' occurrences. +4.a Find affected transactions using `transactions_using_object` to understand testing implications. +4.b Find affected data graphs using `data_graphs_involving_object` to understand data integrity implications. -**Required in all reports for Quality Assessment**: -1. Structural context analysis of where occurrences are located (packages, objects, layers). -2. Testing implications based on occurrence distribution. -3. Explicit statement like "Source code is/is not available, so this analysis provides [detailed/high-level] guidance." -4. If occurrence query returns empty or unexpected results, re-verify the issue type and characteristics before concluding. **Example scenarios**: - What quality issues are in this application? - Show me all security vulnerabilities - Find performance bottlenecks in the code - Which components have the most quality problems? - -**Detailed Example: Identify structural flaws in `ShopizerApp`** - -**User Query**: "What structural flaws are in `ShopizerApp`?" - -**Agent Action**: - -1. **Get quality insights**: Use `quality_insights` to identify structural flaws. - ```tool_code - print(default_api.quality_insights(application = "ShopizerApp", nature = "structural-flaws")) - ``` - **Tool Output**: - ```json - {"quality_insights_response": {"output": "{\"content\":[{\"categories\":[{\"id\":\"AIP-AIP-CWE-119\",\"name\":\"AIP-CWE-119\"},{\"id\":\"AIP-AIP-CWE-120\",\"name\":\"AIP-CWE-120\"},{\"id\":\"AIP-AIP-CWE-676\",\"name\":\"AIP-CWE-676\"},{\"id\":\"AIP-AIP-CWE-77\",\"name\":\"AIP-CWE-77\"},{\"id\":\"AIP-AIP-CWE-78\",\"name\":\"AIP-CWE-78\"},{\"id\":\"AIP-AIP-CWE-79\",\"name\":\"AIP-CWE-79\"},{\"id\":\"AIP-AIP-CWE-89\",\"name\":\"AIP-CWE-89\"},{\"id\":\"AIP-AIP-CWE-943\",\"name\":\"AIP-CWE-943\"}],\"description\":\"This rule will check the use version of jQUery and the parameter of ajax call.\",\"factors\":[{\"id\":\"AIP-STRUCTURAL-SECURITY\",\"name\":\"Security\"}],\"id\":\"1020322\",\"name\":\"Avoid using Ajax method without dataType with jQuery version older than 3.0.0\",\"nbObjects\":11,\"rationale\":\"While some known vulnerabilities lead to only minor impacts, some of the largest breaches to date...\",\"remediation\":\"Always provide dataType parameter.\",\"remediationSample\":\"$.ajax({ \\\n type : \\\"POST\\\", \\\n url : /v1/user,\n dataType : \\\"json\\\"\\\n success : function() ...\"},{\"categories\":[{\"id\":\"AIP-AIP-CWE-1069\",\"name\":\"AIP-CWE-1069\"}],\"description\":\"This metric reports all methods with at least one empty catch block (empty or only containing com...\",\"factors\":[{\"id\":\"AIP-STRUCTURAL-RELIABILITY\",\"name\":\"Reliability\"}],\"id\":\"1060020\",\"name\":\"Avoid empty catch blocks for methods with high fan-in\",\"nbObjects\":3,\"rationale\":\"An empty catch block defeats the purpose of exceptions.\\\nWhen an exception occurs, nothing happens...\",\"remediation\":\"The exception must be handled correctly according to its type.\",\"remediationSample\":\"C#\\\\n\\\\ntry { ,,, }\\\\ncatch ( MyException e)\\\\n{\\\\n DoSomething();\\\\n}\\\\n\\\\nABAP\\\\nTRY.\\\n RESULT = 1 / NUMBER...\"},{\"categories\":[{\"id\":\"AIP-AIP-CWE-119\",\"name\":\"AIP-CWE-119\"},{\"id\":\"AIP-AIP-CWE-120\",\"name\":\"AIP-CWE-120\"},{\"id\":\"AIP-AIP-CWE-676\",\"name\":\"AIP-CWE-676\"},{\"id\":\"AIP-AIP-CWE-77\",\"name\":\"AIP-CWE-77\"},{\"id\":\"AIP-AIP-CWE-78\",\"name\":\"AIP-CWE-78\"},{\"id\":\"AIP-AIP-CWE-79\",\"name\":\"AIP-CWE-79\"},{\"id\":\"AIP-AIP-CWE-89\",\"name\":\"AIP-CWE-89\"},{\"id\":\"AIP-AIP-CWE-943\",\"name\":\"AIP-CWE-943\"}],\"description\":\"The software does not neutralize or incorrectly neutralizes user-controllable input before it is ...\",\"factors\":[{\"id\":\"AIP-STRUCTURAL-SECURITY\",\"name\":\"Security\"}],\"id\":\"8408\",\"name\":\"Avoid reflected cross-site scripting (non persistent)\",\"nbObjects\":7,\"rationale\":\"URLs constructed without validating and using the same data, this manner constitute the core of m...\",\"remediation\":\"Use authorized sanitization methods.\\\n\\\\nTo avoid the creation of XSS flaws, the Open Web Applicatio...\",\"remediationSample\":\"JSP Example:\\\n<% String eid = request.getParameter(\\\"eid\\\"); %>\\\n... //Input validation is mandatory ...\"},{\"categories\":[{\"id\":\"AIP-AIP-CWE-119\",\"name\":\"AIP-CWE-119\"},{\"id\":\"AIP-AIP-CWE-120\",\"name\":\"AIP-CWE-120\"},{\"id\":\"AIP-AIP-CWE-676\",\"name\":\"AIP-CWE-676\"},{\"id\":\"AIP-AIP-CWE-77\",\"name\":\"AIP-CWE-77\"},{\"id\":\"AIP-AIP-CWE-78\",\"name\":\"AIP-CWE-78\"},{\"id\":\"AIP-AIP-CWE-79\",\"name\":\"AIP-CWE-79\"},{\"id\":\"AIP-AIP-CWE-89\",\"name\":\"AIP-CWE-89\"},{\"id\":\"AIP-AIP-CWE-943\",\"name\":\"AIP-CWE-943\"}],\"description\":\"The software does not neutralize or incorrectly neutralizes user-controllable input before it is ...\",\"factors\":[{\"id\":\"AIP-STRUCTURAL-SECURITY\",\"name\":\"Security\"}],\"id\":\"8482\",\"name\":\"Avoid cross-site scripting through API requests\",\"nbObjects\":134,\"rationale\":\"URLs constructed without validating and using the same data, this manner constitute the core of m...\",\"remediation\":\"Use authorized sanitization methods.\\\n\\\\nTo avoid the creation of XSS flaws, the Open Web Applicatio...\",\"remediationSample\":\"JSP Example:\\\n... // Input validation is mandatory (Use Authorized Santization on eid) \\\nEmployee I...\"}],\"metadata\":{\"current_page\":1,\"total_pages\":1,\"items_per_page\":100,\"total_items\":4,\"has_next\":false,\"has_previous\":false},\"description\":\"Quality insights (structural-flaws) for ShopizerApp\"}"}} - ``` - *Observation*: `ShopizerApp` has several structural flaws, including "Avoid using Ajax method without dataType with jQuery version older than 3.0.0" (Security), "Avoid empty catch blocks for methods with high fan-in" (Reliability), "Avoid reflected cross-site scripting (non persistent)" (Security), and "Avoid cross-site scripting through API requests" (Security). - -2. **Get quality insight occurrences**: Use `quality_insight_occurrences` to find where the "Avoid using Ajax method without dataType with jQuery version older than 3.0.0" (ID: 1020322) occurs. - ```tool_code - print(default_api.quality_insight_occurrences(application = "ShopizerApp", id = "1020322", nature = "structural-flaws")) - ``` - **Tool Output**: - ```json - {"quality_insight_occurrences_response": {"output": "{\"content\":[{\"type\":\"\",\"object\":{\"name\":\"customer.jsp\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/pages/admin/customers/customer.jsp\",\"id\":\"326133\",\"type\":\"JSP Pages\",\"typeId\":\"CAST_HTML5_JSP_Content\",\"mangling\":\"\"},\"findings\":[]},{\"type\":\"\",\"object\":{\"name\":\"creditCardInformations.jsp\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/pages/shop/common/checkout/creditCardInformations.jsp\",\"id\":\"326212\",\"type\":\"JSP Pages\",\"typeId\":\"CAST_HTML5_JSP_Content\",\"mangling\":\"\"},\"findings\":[]},{\"type\":\"\",\"object\":{\"name\":\"storeAddress.jsp\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/pages/shop/common/preBuiltBlocks/storeAddress.jsp\",\"id\":\"326583\",\"type\":\"JSP Pages\",\"typeId\":\"CAST_HTML5_JSP_Content\",\"mangling\":\"\"},\"findings\":[]},{\"type\":\"\",\"object\":{\"name\":\"dashboard.jsp\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/pages/shop/common/customer/dashboard.jsp\",\"id\":\"327343\",\"type\":\"JSP Pages\",\"typeId\":\"CAST_HTML5_JSP_Content\",\"mangling\":\"\"},\"findings\":[]},{\"type\":\"\",\"object\":{\"name\":\"customerAddress.jsp\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/pages/shop/common/preBuiltBlocks/customerAddress.jsp\",\"id\":\"327504\",\"type\":\"JSP Pages\",\"typeId\":\"CAST_HTML5_JSP_Content\",\"mangling\":\"\"},\"findings\":[]},{\"type\":\"\",\"object\":{\"name\":\"creditCardInformations-v2.jsp\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/pages/shop/common/checkout/creditCardInformations-v2.jsp\",\"id\":\"327967\",\"type\":\"JSP Pages\",\"typeId\":\"CAST_HTML5_JSP_Content\",\"mangling\":\"\"},\"findings\":[]},{\"type\":\"\",\"object\":{\"name\":\"address.jsp\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/pages/shop/common/customer/address.jsp\",\"id\":\"328015\",\"type\":\"JSP Pages\",\"typeId\":\"CAST_HTML5_JSP_Content\",\"mangling\":\"\"},\"findings\":[]},{\"type\":\"bookmark\",\"object\":{\"name\":\"shop-account.js\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-account.js\",\"id\":\"328025\",\"type\":\"JavaScript Files\",\"typeId\":\"CAST_HTML5_JavaScript_SourceCode\",\"mangling\":\"\"},\"findings\":[{\"bookmarks\":[{\"rank\":1,\"fileId\":-1146,\"startLine\":31,\"startCol\":2,\"endLine\":53,\"endCol\":4,\"relativePath\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-account.js\"}]}]},{\"type\":\"bookmark\",\"object\":{\"name\":\"shop-minicart.js\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-minicart.js\",\"id\":\"328099\",\"type\":\"JavaScript Files\",\"typeId\":\"CAST_HTML5_JavaScript_SourceCode\",\"mangling\":\"\"},\"findings\":[{\"bookmarks\":[{\"rank\":1,\"fileId\":-686,\"startLine\":280,\"startCol\":2,\"endLine\":294,\"endCol\":4,\"relativePath\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-minicart.js\"}]},{\"bookmarks\":[{\"rank\":1,\"fileId\":-686,\"startLine\":298,\"startCol\":2,\"endLine\":314,\"endCol\":4,\"relativePath\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-minicart.js\"}]},{\"bookmarks\":[{\"rank\":1,\"fileId\":-686,\"startLine\":244,\"startCol\":2,\"endLine\":261,\"endCol\":4,\"relativePath\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-minicart.js\"}]}]},{\"type\":\"bookmark\",\"object\":{\"name\":\"shopping-cart.js\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shopping-cart.js\",\"id\":\"328220\",\"type\":\"JavaScript Files\",\"typeId\":\"CAST_HTML5_JavaScript_SourceCode\",\"mangling\":\"\"},\"findings\":[{\"bookmarks\":[{\"rank\":1,\"fileId\":-1050,\"startLine\":287,\"startCol\":2,\"endLine\":307,\"endCol\":4,\"relativePath\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shopping-cart.js\"}]},{\"bookmarks\":[{\"rank\":1,\"fileId\":-1050,\"startLine\":247,\"startCol\":2,\"endLine\":270,\"endCol\":4,\"relativePath\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shopping-cart.js\"}]},{\"bookmarks\":[{\"rank\":1,\"fileId\":-1050,\"startLine\":311,\"startCol\":2,\"endLine\":327,\"endCol\":4,\"relativePath\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shopping-cart.js\"}]}]},{\"type\":\"\",\"object\":{\"name\":\"braintree.jsp\",\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/pages/shop/common/checkout/braintree.jsp\",\"id\":\"328606\",\"type\":\"JSP Pages\",\"typeId\":\"CAST_HTML5_JSP_Content\",\"mangling\":\"\"},\"findings\":[]}],\"metadata\":{\"current_page\":1,\"total_pages\":1,\"items_per_page\":100,\"total_items\":11,\"has_next\":false,\"has_previous\":false},\"description\":\"Occurrences of structural-flaws (1020322) in ShopizerApp\"}"}} - ``` - *Observation*: The flaw "Avoid using Ajax method without dataType with jQuery version older than 3.0.0" (ID: 1020322) occurs in several JSP and JavaScript files, including `shop-account.js` (ID: 328025), `shop-minicart.js` (ID: 328099), and `shopping-cart.js` (ID: 328220). - -3. **Get object details**: Use `object_details` to get more context about `shop-account.js` (ID: 328025). - ```tool_code - print(default_api.object_details(application = "ShopizerApp", filters = "id:eq:328025", focus = "code")) - ``` - **Tool Output**: - ```json - {"object_details_response": {"output": "{\"content\":[{\"annotations\":null,\"external\":false,\"fullName\":\"§{main_sources}§/sm-shop/src/main/webapp/resources/js/shop-account.js\",\"id\":\"328025\",\"mangling\":null,\"name\":\"shop-account.js\",\"parent\":null,\"programmingLanguage\":{\"name\":\"Javascript\"},\"status\":{\"id\":\"Unchanged\"},\"type\":\"JavaScript Files\",\"typeId\":\"CAST_HTML5_JavaScript_SourceCode\",\"info_misc_properties\":[\"[5] additional properties available with \\\'intra\\\' focus\"],\"info_documents\":[\"[4] documents available with \\\'intra\\\' focus\"],\"info_incoming_calls\":[\"[3] callers available with \\\'inward\\\' focus\"],\"info_outgoing_calls\":[\"[4] callees available with \\\'outward\\\' focus\"],\"info_defines\":[\"[5] children available with \\\'intra\\\' focus\"],\"info_transactions\":[\"Used to build [6] API/UI endpoints (a.k.a. transactions) available with \\\'testing\\\' focus (or **tra...\"],\"info_data_graphs\":[\"Involved in [0] data entity interaction networks (a.k.a. data graphs) available with \\\'testing\\\' fo...\"],\"info_insights\":[\"Manigests [2] insight types available with \\\'insights\\\' focus\"]}],\"metadata\":{\"current_page\":1,\"total_pages\":1,\"items_per_page\":100,\"total_items\":1,\"has_next\":false,\"has_previous\":false},\"description\":\"Object details for ShopizerApp matching [id:eq:328025] with focus on [code]\"}"}} - ``` - *Observation*: The code for `shop-account.js` is available (as indicated by the `focus="code"` output, though the actual code snippet is not shown here for brevity but would be present in a real tool output). This allows for a detailed analysis of the vulnerability. - -**Agent Conclusion**: -The `ShopizerApp` has several structural flaws. Specifically, the "Avoid using Ajax method without dataType with jQuery version older than 3.0.0" flaw (ID: 1020322) is found in multiple JSP and JavaScript files. For `shop-account.js`, the source code is available, enabling a detailed examination of the vulnerable AJAX calls. - -**Structural context analysis**: The occurrences are located in frontend JSP and JavaScript files, suggesting client-side vulnerabilities. -**Testing implications**: Thorough testing of all affected JSP pages and JavaScript files is crucial to ensure that AJAX calls are made with the `dataType` parameter, especially in areas dealing with user input or data submission. -**Source code access**: Source code *is* available, allowing for detailed guidance on how to fix the identified issues by modifying the specific AJAX calls in the mentioned files. - -### Issue Prioritization -**When to use**: When users need to understand which quality issues to address first - -**Tool sequence**: `quality_insights` → `transaction_details` → `data_graph_details` - -**Example scenarios**: - Which quality issues should I fix first? - What are the most critical problems? - Show me quality issues in business-critical components - -### Root Cause Analysis -**When to use**: When users want to understand the context and impact of specific quality issues - -**Tool sequence**: `quality_insight_occurrences` → `object_details` → `transactions_using_object` → [double-check issue nature if unexpected] - -**Required in all analyses for Root Cause Analysis**: -1. Structural context showing distribution of occurrences across architecture. -2. Testing strategy focusing on affected transactions and data flows. -3. Clear statement of source code access affecting analysis depth. -4. Validation that occurrence data matches issue type - if not, investigate issue definition. - -**Example scenarios**: -- Why is this component flagged for quality issues? - What's the impact of fixing this problem? - Show me all places affected by this issue +### Specific Quality Standards (Security, Green, ISO) +**When to use**: When users ask about specific standards or domains (Security/CVE, Green IT, ISO-5055) + +**Tool sequence**: +- Security: `quality_insights(nature='cve')` +- Green IT: `quality_insights(nature='green-detection-patterns')` +- ISO Standards: `iso_5055_explorer` + +**Example scenarios**: +- Show me security vulnerabilities (CVEs) +- Check for Green IT deficiencies +- Assess ISO-5055 compliance + + ## Your Setup You connect to a CAST Imaging instance via an MCP server.