Details

    • Number of attachments :
      0

      Description

      I have studied SONAR for my company and we have some features that can be well for a next version :

      • Add JSP analysis to source code analysis (it can be great to have reports on JSP source code).
      • Add deep code analysis for performance purposes (example : variable declaration in a for/while/loop).

      With this kinds of features, Sonar could be a great concurent to CAST for JAVA projects even if there are some aspects non managed (transactions/connexions well closed...). The very big advantage of SONAR over CAST is the code viewer.

      Another request to not create another issue : can you externalize the sonar JDBC configuration in a datasource ?

      Thanks.

      Manuel KRUPA

        Issue Links

          Activity

          Hide
          Freddy Mallet added a comment -

          Hi Manuel, it could be very useful if you can provide a list of checks that could be done on JSP source files.

          PMD rule AvoidInstantiatingObjectsInLoops to identify variable declarations inside a for/while loop

          PMD rule CloseResource to be sure that all transactions/connextions are well closed

          Show
          Freddy Mallet added a comment - Hi Manuel, it could be very useful if you can provide a list of checks that could be done on JSP source files. PMD rule AvoidInstantiatingObjectsInLoops to identify variable declarations inside a for/while loop PMD rule CloseResource to be sure that all transactions/connextions are well closed
          Hide
          Henri Gomez added a comment -

          PMD require strong XHTML isn't it ?

          Checkstyle supporting regex for example, could be a better choice, ie check if style / css are correctly used instead of hardcoded colors/fonts.
          Conformity check

          Show
          Henri Gomez added a comment - PMD require strong XHTML isn't it ? Checkstyle supporting regex for example, could be a better choice, ie check if style / css are correctly used instead of hardcoded colors/fonts. Conformity check
          Hide
          Freddy Mallet added a comment -

          If we want to build something pretty robust and extensible, I think we should integrate a java library which is able to transform a XHTML or badly formatted HTML document into a DOM :

          http://htmlparser.sourceforge.net/
          http://jtidy.sourceforge.net/
          http://sourceforge.net/projects/nekohtml/
          ...
          a complete list of available libraries is available here : http://java-source.net/open-source/html-parsers

          With a DOM we could then imagine to implement a visitor pattern in order to let users create new rules.

          Show
          Freddy Mallet added a comment - If we want to build something pretty robust and extensible, I think we should integrate a java library which is able to transform a XHTML or badly formatted HTML document into a DOM : http://htmlparser.sourceforge.net/ http://jtidy.sourceforge.net/ http://sourceforge.net/projects/nekohtml/ ... a complete list of available libraries is available here : http://java-source.net/open-source/html-parsers With a DOM we could then imagine to implement a visitor pattern in order to let users create new rules.
          Hide
          Nicolas Frankel added a comment - - edited

          Hi,

          Some very simple rules in order to start.

          Rule 1: disallow scriptlets
          Rule 2: disallow some taglibs (JSTL SQL comes to mind). Could be parametrized by Taglib URL to list all disallowed taglibs.
          Rule 3: enforce JSP style (XML syntax)
          Rule 4: disallow hard coded labels
          Rule 5: disallow dynamic JSP includes (<jsp:include>)
          Rule 6: disallow external file in page attribute of dynamic JSP include
          Rule 7: disallow TLD location for URI in taglib declaration

          For HTML
          Rule 8: enforce <script> at the end of the body
          Rule 9: disallow <style>
          Rule 10: disallow non empty <script> content
          Rule 11: enforce a limit on the number of called external files (js and css)

          Nicolas

          Show
          Nicolas Frankel added a comment - - edited Hi, Some very simple rules in order to start. Rule 1: disallow scriptlets Rule 2: disallow some taglibs (JSTL SQL comes to mind). Could be parametrized by Taglib URL to list all disallowed taglibs. Rule 3: enforce JSP style (XML syntax) Rule 4: disallow hard coded labels Rule 5: disallow dynamic JSP includes (<jsp:include>) Rule 6: disallow external file in page attribute of dynamic JSP include Rule 7: disallow TLD location for URI in taglib declaration For HTML Rule 8: enforce <script> at the end of the body Rule 9: disallow <style> Rule 10: disallow non empty <script> content Rule 11: enforce a limit on the number of called external files (js and css) Nicolas
          Hide
          Jacob Robertson added a comment -

          My need is simply to let PMD perform the checks on JSP that it already has built in. basic-jsp.xml already lists all these checks. They are included in pmd-4.2.5 which is part of the Sonar Install. However, I cannot seem to get these rules to be picked up by Sonar. I exported the pmd rules from one quality profile, and then added this line <rule ref="rulesets/basic-jsp.xml/NoScriptlets"><priority>3</priority></rule> and then created a new profile off of that pmd. The quality profile created correctly, but it seems like it simply skips basic-jsp rules. While searching on google and the sonar wiki, I ran across this open ticket as the only place that seems to address my question. But it doesn't seem to make sense. PMD can already do this, so what is the issue?

          Show
          Jacob Robertson added a comment - My need is simply to let PMD perform the checks on JSP that it already has built in. basic-jsp.xml already lists all these checks. They are included in pmd-4.2.5 which is part of the Sonar Install. However, I cannot seem to get these rules to be picked up by Sonar. I exported the pmd rules from one quality profile, and then added this line <rule ref="rulesets/basic-jsp.xml/NoScriptlets"><priority>3</priority></rule> and then created a new profile off of that pmd. The quality profile created correctly, but it seems like it simply skips basic-jsp rules. While searching on google and the sonar wiki, I ran across this open ticket as the only place that seems to address my question. But it doesn't seem to make sense. PMD can already do this, so what is the issue?
          Hide
          Freddy Mallet added a comment -

          Hi Jacob, PMD can't work on files that are not strictly XML-Compliant which is really too restrictive.

          Show
          Freddy Mallet added a comment - Hi Jacob, PMD can't work on files that are not strictly XML-Compliant which is really too restrictive.
          Hide
          Matthijs Galesloot added a comment -

          Fixed with alpha release 1 of webplugin

          Show
          Matthijs Galesloot added a comment - Fixed with alpha release 1 of webplugin

            People

            • Assignee:
              Matthijs Galesloot
              Reporter:
              Manuel KRUPA
            • Votes:
              9 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: