Create a knowledge base file
Before you create a knowledge base file, you need to decide if you're going to create one .jkb per class (which is the approach used in the tutorials and examples in this guide) or whether you want to create one .jkb for validation or security, etc.
You can also use a multi-sectional .jkb for a whole project in a multi-sectional knowledge base file. For more information, see 'Using multi-sectional knowledge bases' below.
To manually create (or edit) a knowledge base file:
- Create a new text file with the extension .jkb.
- Using the editor of your choice, add the method signatures you need to identify to the checker and then add annotations as described in Knowledge base annotations to indicate to the checker how each is to be handled. Each annotation is one line of the file.
Using multi-sectional knowledge bases
You can specify only one package declaration for a Java source file, and you cannot override imports after the imports block is finished. This works well for highly modular Java source code, but it does not fit well the purposes of the knowledge base, where sometimes you want to specify the knowledge base for a whole project or library.
You can use more than one package declaration in a .jkb file. These package declarations split the .jkb file into multiple sections with independent package and import declarations.
Example
package java.util;
import java.util.*;
interface Entry<K,V> {
@Source("return") K getKey();
}
package java.io; // Here starts another section
import java.net.URI;
import java.net.URL;
public class File {
@Source("return") int getPrefixLength();
}
import javax.swing.*; // Here starts another section
class About
@Source("return") JFrame getFrame();
}
To describe classes which are not in any package, use "package;" as shown here:
@BindAll("ERROR")
class AKB {
void a(@Sink String s);
}
package java.lang;
public class String {
@Source("return") java.lang.String trim();
}
package;
class BKB {
void b(@Sink String s);
}