Slide 1
Most trusted JOB oriented professional program
DevOps Certified Professional (DCP)

Take your first step into the world of DevOps with this course, which will help you to learn about the methodologies and tools used to develop, deploy, and operate high-quality software.

Slide 2
DevOps to DevSecOps – Learn the evolution
DevSecOps Certified Professional (DSOCP)

Learn to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Slide 2
Get certified in the new tech skill to rule the industry
Site Reliability Engineering (SRE) Certified Professional

A method of measuring and achieving reliability through engineering and operations work – developed by Google to manage services.

Slide 2
Master the art of DevOps
Master in DevOps Engineering (MDE)

Get enrolled for the most advanced and only course in the WORLD which can make you an expert and proficient Architect in DevOps, DevSecOps and Site Reliability Engineering (SRE) principles together.

Slide 2
Gain expertise and certified yourself
Azure DevOps Solutions Expert

Learn about the DevOps services available on Azure and how you can use them to make your workflow more efficient.

Slide 3
Learn and get certified
AWS Certified DevOps Professional

Learn about the DevOps services offered by AWS and how you can use them to make your workflow more efficient.

previous arrow
next arrow

Sonar Support with JSP & HTML

JSP/HTML land, usefull tests could be done via some regexp, ie check if style/css are used (to avoid dirty colors/fonts hard-coded for example).

If we want to build something pretty robust and extensible, I think we should integrate a java library which is able to transform a XHTML or badly formatted HTML document into a DOM :

http://htmlparser.sourceforge.net/
http://jtidy.sourceforge.net/
http://sourceforge.net/projects/nekohtml/

a complete list of available libraries is available here : http://java-source.net/open-source/html-parsers

With a DOM we could then imagine to implement a visitor pattern in order to let users create new rules.

Some very simple rules in order to start.
Rule 1: disallow scriptlets
Rule 2: disallow some taglibs (JSTL SQL comes to mind). Could be parametrized by Taglib URL to list all disallowed taglibs.
Rule 3: enforce JSP style (XML syntax)
Rule 4: disallow hard coded labels
Rule 5: disallow dynamic JSP includes (<jsp:include>)
Rule 6: disallow external file in page attribute of dynamic JSP include
Rule 7: disallow TLD location for URI in taglib declaration
For HTML
Rule 8: enforce <script> at the end of the body
Rule 9: disallow <style>
Rule 10: disallow non empty <script> content
Rule 11: enforce a limit on the number of called external files (js and css)

Mantosh Singh
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x