PRTADPPGM2 PRINT ADOPTED PROGRAMS 2 TAASEDE |
The Print Adopted Programs 2 command provides an analysis of one or
more programs in a library that adopt the owners profile. It
performs checking of the program and sub programs to assist in
determining if the programs are written so they may not be exploited
for non-secure functions.
PRTADPPGM2 differs from the PRTADPPGM tool in that the format is
intended more for periodic reviews of an existing application rather
than system wide checking.
PRTADPPGM2 looks for the following conditions:
- Any CL programs that use user commands
- Any programs that are called without a qualified library
- Any programs that run commands using QCMDEXC
- Any programs that are called using variable names
A typical command would be:
PRTADPPGM2 LIB(xxx)
All programs in the library would be analyzed.
Only a user with *ALLOBJ special authority can use PRTADPPGM2.
PRTADPPGM2 analyzes up to 3 sub levels of programs that may be
called. For example, assume PGMA adopts its owners authority and
calls a structure of programs such as:
PGMA
PGMA1
PGMA1A
PGMA1B
PGMA1B1
PGMA2
PGMA2A
PGMA3
PGMA3A
PGMA3A1
The printed output is indented in a similar manner to provide a good
view of the program structure. Each of the sub programs is also
checked. Sub programs are also checked to determine if they have
used the CHGPGM USEADPAUT(*NO) function so that they do not adopt the
authorities that exist in the program stack.
How the tool performs checking
------------------------------
Checking of user commands in CL programs is done using the CHK400CMD
TAA Tool. The source of the program must exist in the same location
used to create the program for this check to occur.
Sub programs are accessed using DSPPGMREF. They do not have to be in
the same library as named on the PRTADPPGM2 command. DSPPGMREF can
cause some misleading information such as if the DSPPGM command is
used or another command where a PGM parameter is named. DSPPGMREF
does not distinguish between this case and when you call the program.
When QCMDEXC is used, PRTADPPGM2 can only point out the fact rather
than determining the actual program that is called.
The intent of PRTADPPGM2 is not to provide a perfect solution, but to
avoid much of the tedious effort of checking to ensure that programs
are written in secure manner. With PRTADPPGM2, you will be able to
concentrate on smaller set of critical functions.
Command parameters *CMD
------------------
LIB The library to be checked.
PGM The program to be checked. The default is *ALL. A
single program or a generic name may be specified.
Restrictions
------------
The information is only as good as the information provided by:
** CHK400CMD TAA Tool. This tool is shipped with commands found
from i5/OS and a few Program Products. Instructions with the
tool describe how to add other commands. If a command is not
in the list, it is flagged as a user command. There are only
a few exception conditions that are missed.
** DSPPGMREF. The system command is accurate, but can produce
some excess information such as when a PGM parameter is used
on a command. The system creates the same output as if the
program had been called.
Prerequisites
-------------
The following TAA Tools must be on your system:
CHKALLOBJ Check *ALLOBJ authority
CHK400CMD Check i5/OS commands
RTVSYSVAL3 Retrieve system value 3
RTVPGMA Retrieve program attributes
SNDCOMPMSG Send completion message
SNDESCMSG Send escape message
SNDSTSMSG Send status message
Implementation
--------------
None, the tool is ready to use.
Objects used by the tool
------------------------
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
PRTADPPGM2 *CMD TAASEDE QATTCMD
TAASEDEC *PGM CLP TAASEDEC QATTCL
TAASEDEC2 *PGM CLP TAASEDEC2 QATTCL
TAASEDEC3 *PGM CLP TAASEDEC3 QATTCL
TAASEDEC4 *PGM CLP TAASEDEC4 QATTCL
TAASEDER *PGM RPG TAASEDER QATTRPG
|
Added to TAA Productivity tools May 1, 1996
