Tutorial: Performing impact analysis of GenAppC, a demo project

Wazi Analyze provides GenAppC as a demo project that you can easily scan to view its analysis results. Learn how to get started with GenAppC and perform the analysis of the GenAppC scanned results.

GenAppC is a COBOL application that is taken from General Insurance Application (GenApp). GenApp is an IBM® sample application for IBM CICS® Transaction Server that simulates transactions that are made by an insurance company to create and manage its customer and insurance policies. For more information, see General Insurance Application.

Prerequisites

  1. Make sure that you have Docker installed and set up. For more information, see Prerequisite: Setting up Docker or Podman to deploy the Wazi Analyze container.
  2. Obtain the repository of the Wazi Analyze image.
Notes: The steps below are based on the following assumptions.
  1. You are deploying the Wazi Analyze container from a Wazi Analyze image.
  2. You are using Docker Desktop for Windows or Mac.
If you are deploying Wazi Analyze from Docker registry or using a Linux® machine, see Deploying the Wazi Analyze container with Docker.

Procedures

To perform the impact analysis of GenAppC, complete the following steps:
  1. Run CMD to open a command prompt window or open Mac terminal from your machine.
  2. Run the following command to load Wazi Analyze image into Docker.
    docker load --input <wazi-analyze-archive-file-name.tar.gz>
    Replace <wazi-analyze-archive-file-name.tar.gz> with the name of Wazi Analyze archive file that you obtained.
    Note: You need to place the Wazi Analyze archive file into the same directory that you install Docker.
  3. Go to Docker Desktop and select Images on the left menu. You can see that the image is loaded into Docker.
    Figure shows the image list on the Docker Desktop.
  4. Start a Wazi Analyze container by running the following command.
    docker run -it -p 5000:5000 -p 8000:8000 -p 4680:4680 --name WA1 ibmcom/wazianalyze:<build-id>
  5. Go to Docker Desktop and select Containers/Apps on the left menu. You can see that the Wazi Analyze container named WA1 is running on port 4680.
    Figure shows the Wazi Analyze container named WA.
    Wazi Analyze reserves port 5000 for the web interface and port 4680 for the WA APIs server.
  6. Scan GenAppC, the demo project by running the following command on the terminal:
    wa-scan.sh GenAppC
  7. On the terminal, run the following command to start Wazi Analyze servers.
    wa-startup.sh
    When servers are started up, you will see the following messages.
    Figure shows the message that is showed after the Wazi Analyze servers are started.
  8. When the terminal prompts for your password input, enter wa1234.
    Figure shows the command lines after you enter a password.
  9. Launch your browser and navigate to https://localhost:5000/login.
    Note: Wazi Analyze uses https protocol to communicate between browser and servers. Out of the box, a self-signed certificate is provided. You need to accept the risk of the unknown certificate and proceed. On your production environment, you should consider generating your verified certificate. For more information, see Security considerations.
  10. Optional: For the Firefox browser, open another tab and navigate to https://localhost:4680/ and accept the risk of the unknown certificate on this port as well.
  11. On the "Log in" dialog that is displayed, enter wa1234 in the Password field.
    Figure shows the Log in dialog of Wazi Analyze and the dialog box to request a password.
    Figure shows the Log in dialog of Wazi Analyze after you enter a password.
    IBM Wazi Analyze page is displayed with GenAppC, a demo project.
  12. Select the Workspaces menu on the header area, which takes you to the Workspaces page. You will see all the workspaces available in the system.
    Figure shows the Workspace menu.

    Only GenAppC project is available in the system for demonstration use. You will see the scan information, such as the last scanned date and missing artifact data. The scan results indicate that there is no artifact missing but there are 4 entry points out of 26 entry points that Wazi Analyze cannot find from the source files being scanned, which helps you understand the completeness of the source files, discover what are missing, and be able to fix the issues.

  13. Select the Action Menu icon ( menu_icon) at the end of GenAppC row and select the View missing artifacts report button.
    Figure shows the View missing artifacts report button.

    The missing artifacts report for GenAppC workspace is displayed. You can see the scan details on the right pane, such as scanned date, number of programs, files, and jobs that are scanned. The missing entry points are listed below. For example, you can see that AAAAAAAA is mentioned in LGICUS01.cbl at lines 000173 – 000175. It is invoked by LGICUS01 program.

    Figure shows the missing artifacts report.
  14. Select the Action Menu icon ( menu_icon) at the end of AAAAAAAA row and select Preview source content to view the source code.
    Figure shows the source code view.

    The statement that invoked AAAAAAAA is highlighted, which helps you easily identify if the missing entry point is needed for the analysis. In this tutorial, you will know that the entry point is not being used for the application and it is not part of the analysis. So you will take no action and continue to perform the analysis.

  15. Click Ok to close the dialog.
  16. Click < Back to go back to the Workspace page and select GenAppC workspace to start viewing the analysis.
  17. Type LGI on the Search box to search for a program that you want to view the program call references.
    Figure shows the Search box.
  18. Type LGI*01 on the Search box.

    You can use a wildcard symbol to search. '*' is replaced by any one or more characters. The results show programs that start with LGI and end with 01.

    You can also use ? in the search string. ? is replaced by any one character.

    Figure shows the search result of "LGI*01".
  19. Open the Artifact type drop-down list. You can see that 54 files and 34 programs match the search criteria.
    Figure shows the Artifact type list.
  20. Select Programs (34) to filter out other artifact types and narrow down to the results of program type.
  21. Select LGICDB01 from the list. A program call graph appears.
    Figure shows the call graph of LGICDB01 program.
  22. Select the Action Menu icon ( menu_icon) on the top right of LGICDB01 node, and then select View properties to display the Properties pane that shows detailed information for the LGICDB01 program. You can see the information such as type, source type, incoming references, and outgoing references with the type of references and all included files.
    Figure shows the Properties pane for program LGICDB01.
    You can see that LGICDB01 is a COBOL program. LGICDB01 has one incoming reference of type ProgramCall from program LGICUS01 and one outgoing reference of type ProgramCall to program LGSTSQ. It also includes seven copybook files.
  23. Click the + icon next to the Depth field to increase the number of relationship depth to 2. An additional node is displayed on the graph.
    Figure shows the Depth field.
    You will notice that LGTESTC1 as an additional node is calling LGICUS01.
  24. Hover over the relationship line between LGICDB01 and LGSTSQ to see the type of the relationship.
    Figure shows the relationship line between LGICDB01 and LGSTSQ.
  25. Select the Action Menu icon ( menu_icon) on the top right of LGICDB01 node and select View source file references to display the relationship between source files of selected node.
    Figure shows the View source file references menu.
    Source file references are displayed. You can see that LGICDB01.CBL refers to the following seven copybook files.
    Figure shows copybook files of LGICDB01.CBL.
  26. Select the Action Menu icon ( menu_icon) on the top right of LGICDB01.CBL node and select Preview source content to display the content within the selected node. A dialog that shows the content within the source file is displayed. Click Show more in the dialog to see the entire content.
    Figure shows the content within the source file in a dialog.
  27. Click the Ok button to close the dialog.
  28. Select the LGPOLICY.CPY node on the LGICDB01.CBL source file references graph to open the Properties pane of LGPOLICY.CPY.
    Figure shows the Properties pane of LGPOLICY.CPY.
    You can see that only one file is included by LGPOLICY.CPY.
  29. Click the Close (X) icon on the Properties pane to close it.
  30. Select the Action Menu icon ( menu_icon) on the upper right of the LGPOLICY.CPY node and select View source file references.
    Figure shows the COBOL file LGPOLICY.CPY.
    Source file references of LGPOLICY.CPY are displayed. Now you can see all the files that refer to LGPOLICY.CPY.
    Figure shows all the files that refer to LGPOLICY.CPY.
  31. Select the Table view icon ( Figure shows the Table view icon.) on the upper right header to change the graph view to table view. The same information is displayed in table format.
    Figure shows the table view.
  32. Select the Filter icon (Figure shows the Filter icon.) to select the artifact type to display in the table.
  33. Select the History icon (Figure shows the History icon. ) to see the graph that you previously viewed.
  34. Select LGICDB01 (depth = 2) view from the list of history views to view LGICDB01 program call references.
    Figure shows the History view.
  35. Click the Close (X) icon on the History pane to close it.
    You can now see the LGICDB01 program call references in table format.
    Figure shows the Table view.

  36. Select the Graph view icon (Figure shows the Graph view icon.) on the top right header to change the table view to graph view.

  37. Select the Export icon (Figure shows the Export icon.) to export the graph that is displayed.
  38. Select PDF from the Export format field and keep the File name field as default.
    Figure shows the Export graph view to file dialog box.
  39. Click Export to export the graph view as a PDF file.
  40. Open the PDF on your browser.
    Note: The behavior for handling a file download could be different based on the browser type and settings. For example, if you use Firefox, you might see a dialog box that you can select Open with Firefox to open the file or Save File to save the file to your local machine.
    Figure shows the options that you can choose what to do with the PDF file.
    PDF file opens in a new window.
    Figure shows the JSON file that is opened in your Firefox.
You have explored how to deploy the Wazi Analyze container on Docker and view impact analysis of GenAppC through the web interface. Next, you can proceed with another tutorial to learn how to change one scan option in the configuration file (.dat file) and observe the changes to the analysis results.