Sonar Plugins

SONAR : JSP & HTML Analysis

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: WEB-0.1
  • Component/s: Web
  • Labels:
    None
  • Environment:
    REDHAT ES4, Tomcat6 or Glassfish v2.1
  • Number of attachments :
    0

Description

I have studied SONAR for my company and we have some features that can be well for a next version :

  • Add JSP analysis to source code analysis (it can be great to have reports on JSP source code).
  • Add deep code analysis for performance purposes (example : variable declaration in a for/while/loop).

With this kinds of features, Sonar could be a great concurent to CAST for JAVA projects even if there are some aspects non managed (transactions/connexions well closed...). The very big advantage of SONAR over CAST is the code viewer.

Another request to not create another issue : can you externalize the sonar JDBC configuration in a datasource ?

Thanks.

Manuel KRUPA

Issue Links

is duplicated by

Improvement - An improvement or enhancement to an existing feature or task. SONAR-930 analyse code source JSP by SONAR

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Freddy Mallet added a comment -

Hi Manuel, it could be very useful if you can provide a list of checks that could be done on JSP source files.

PMD rule AvoidInstantiatingObjectsInLoops to identify variable declarations inside a for/while loop

PMD rule CloseResource to be sure that all transactions/connextions are well closed

Show
Freddy Mallet added a comment - Hi Manuel, it could be very useful if you can provide a list of checks that could be done on JSP source files. PMD rule AvoidInstantiatingObjectsInLoops to identify variable declarations inside a for/while loop PMD rule CloseResource to be sure that all transactions/connextions are well closed
Hide
Permalink
Henri Gomez added a comment -

PMD require strong XHTML isn't it ?

Checkstyle supporting regex for example, could be a better choice, ie check if style / css are correctly used instead of hardcoded colors/fonts.
Conformity check

Show
Henri Gomez added a comment - PMD require strong XHTML isn't it ? Checkstyle supporting regex for example, could be a better choice, ie check if style / css are correctly used instead of hardcoded colors/fonts. Conformity check
Hide
Permalink
Freddy Mallet added a comment -

If we want to build something pretty robust and extensible, I think we should integrate a java library which is able to transform a XHTML or badly formatted HTML document into a DOM :

http://htmlparser.sourceforge.net/
http://jtidy.sourceforge.net/
http://sourceforge.net/projects/nekohtml/
...
a complete list of available libraries is available here : http://java-source.net/open-source/html-parsers

With a DOM we could then imagine to implement a visitor pattern in order to let users create new rules.

Show
Freddy Mallet added a comment - If we want to build something pretty robust and extensible, I think we should integrate a java library which is able to transform a XHTML or badly formatted HTML document into a DOM : http://htmlparser.sourceforge.net/ http://jtidy.sourceforge.net/ http://sourceforge.net/projects/nekohtml/ ... a complete list of available libraries is available here : http://java-source.net/open-source/html-parsers With a DOM we could then imagine to implement a visitor pattern in order to let users create new rules.
Hide
Permalink
Nicolas Frankel added a comment - - edited

Hi,

Some very simple rules in order to start.

Rule 1: disallow scriptlets
Rule 2: disallow some taglibs (JSTL SQL comes to mind). Could be parametrized by Taglib URL to list all disallowed taglibs.
Rule 3: enforce JSP style (XML syntax)
Rule 4: disallow hard coded labels
Rule 5: disallow dynamic JSP includes (<jsp:include>)
Rule 6: disallow external file in page attribute of dynamic JSP include
Rule 7: disallow TLD location for URI in taglib declaration

For HTML
Rule 8: enforce <script> at the end of the body
Rule 9: disallow <style>
Rule 10: disallow non empty <script> content
Rule 11: enforce a limit on the number of called external files (js and css)

Nicolas

Show
Nicolas Frankel added a comment - - edited Hi, Some very simple rules in order to start. Rule 1: disallow scriptlets Rule 2: disallow some taglibs (JSTL SQL comes to mind). Could be parametrized by Taglib URL to list all disallowed taglibs. Rule 3: enforce JSP style (XML syntax) Rule 4: disallow hard coded labels Rule 5: disallow dynamic JSP includes (<jsp:include>) Rule 6: disallow external file in page attribute of dynamic JSP include Rule 7: disallow TLD location for URI in taglib declaration For HTML Rule 8: enforce <script> at the end of the body Rule 9: disallow <style> Rule 10: disallow non empty <script> content Rule 11: enforce a limit on the number of called external files (js and css) Nicolas
Hide
Permalink
Jacob Robertson added a comment -

My need is simply to let PMD perform the checks on JSP that it already has built in. basic-jsp.xml already lists all these checks. They are included in pmd-4.2.5 which is part of the Sonar Install. However, I cannot seem to get these rules to be picked up by Sonar. I exported the pmd rules from one quality profile, and then added this line <rule ref="rulesets/basic-jsp.xml/NoScriptlets"><priority>3</priority></rule> and then created a new profile off of that pmd. The quality profile created correctly, but it seems like it simply skips basic-jsp rules. While searching on google and the sonar wiki, I ran across this open ticket as the only place that seems to address my question. But it doesn't seem to make sense. PMD can already do this, so what is the issue?

Show
Jacob Robertson added a comment - My need is simply to let PMD perform the checks on JSP that it already has built in. basic-jsp.xml already lists all these checks. They are included in pmd-4.2.5 which is part of the Sonar Install. However, I cannot seem to get these rules to be picked up by Sonar. I exported the pmd rules from one quality profile, and then added this line <rule ref="rulesets/basic-jsp.xml/NoScriptlets"><priority>3</priority></rule> and then created a new profile off of that pmd. The quality profile created correctly, but it seems like it simply skips basic-jsp rules. While searching on google and the sonar wiki, I ran across this open ticket as the only place that seems to address my question. But it doesn't seem to make sense. PMD can already do this, so what is the issue?
Hide
Permalink
Freddy Mallet added a comment -

Hi Jacob, PMD can't work on files that are not strictly XML-Compliant which is really too restrictive.

Show
Freddy Mallet added a comment - Hi Jacob, PMD can't work on files that are not strictly XML-Compliant which is really too restrictive.
Hide
Permalink
Matthijs Galesloot added a comment -

Fixed with alpha release 1 of webplugin

Show
Matthijs Galesloot added a comment - Fixed with alpha release 1 of webplugin

People

  • Assignee:
    Matthijs Galesloot
    Reporter:
    Manuel KRUPA
Vote (9)
Watch (10)

Dates

  • Created:
    Updated:
    Resolved: