SonarQube is a tool use for code quality inspection, it is based on plugins. Sonar has built-in web reporting tool which shows analysis results on web page via different charts and UI controls.
My understanding is that: "Sonar provides different plugins for it's different functionalities, for example sonar-php is a plugin that can be used for analyzing php code, once the code is analyzed it represent the results on web page by mentioning different stats and graphs/charts."
If the above understanding is correct, I assumed Sonar use some kind of web reporting plugin to show all cool graphs and controls to display analysis results that is independent of data source and only responsible of presenting the provided data.
Now, my question is , Suppose I do have some data source , Is it possible to customize and use only that web reporting tool of Sonar to display results on web page ? or it's not possible and I have wrong assumption?
SonarQube is a code quality management tool. There is no specific web reporting tool to display whatever data you want.
If you want to analyze code, you can create a plugin to inject issues on specific part of the code for example. You may be interested by the documentation « Developing a Plugin »
Related
VS2013 update 5, MVC5 using Areas
I have a stand-alone function programmed for a website. The functionality is a specific user interface to collect survey responses in a particular way. It has several controllers, a model and a group of views. The functionality is completely contained in an Area of the project, except for the Shared _Layout file that provides the main menu for consistency.
'Is it possible for me to' / 'how do I' compile this Area into a single or set of .dll file(s) that I could then add conveniently to other websites? I'm assuming creating something for transfer/download is very standard functionality. For example, I used Elmah.MVC for this site. What I want to do is pretty much create a package that can be downloaded in a similar way to how we integrate Elmah.MVC into a site. (Be certain I'm not talking about creating error logging software, I'm only using Elmah.MVC as an example of software that is easily integrated into other website applications.)
I've never compiled any website functionality into a .dll(s) for use elsewhere and would appreciate either some specific guidance, or perhaps what would be easier is to provide a link with a good step by step tutorial or explanation for how to do this. Most of what I've found on the web describes bits and pieces of doing this, but it's not enough for me to feel confident with it.
It seems to me there are a lot of 'moving parts' to taking a particular piece of an MVC application and turning it into something that is easily added to other projects.
A particular issue I don't quite grasp is the difference in downloaded packages between getting code and getting just the .dll(s). For instance, when I download an MVC5 site, I get controllers, models and views, but when I download Elmah I get a .dll and no code files. Also, I do understand the concept of transforms, but I'm just struggling right now with even getting from my programmed application into a 'package' regardless of the transforms that make it easy to integrate into another website.
These are just some of my questions I have about how to perform this particular process in developing deliverable and/or shareable software.
What you are looking to do is create a portable MVC Area project. A Portable Area is a set of reusable multi page functionality can be dropped into an application to provide rich functionality without having to custom build functionality that is literally the same in every application. An MVC Portable Area is really just a dll that contains the views, controllers, scripts, etc… needed to use in a website that is either a Web Forms website or an MVC website. A developer can use them for a reusable widget or a complete engine. I have actually used them for both. Here is a link with some basic info to get started. http://elegantcode.com/2012/04/06/mvc-portable-areas/
I am working on a web app which uses JSF. I would like to know that What are best practices and available tools for performing a load test on it.
Application is hosted on glassfish server 3.1.2.2
Depends somewhat on the site you want to test. At work we have a complex RIA, and to test it we have to reproduce user interaction. We use jMeter for this.
It's kind of messy to set up (look at the guides they have) but once this is done it's very flexible and allows you to configure and tweak many things. I particularly like its "proxy" feature where you can proxy your app through jMeter and it records everything so you can play it back later on. Note that for JSF you have to do some tricks with the ViewStateId, so google a "jmeter JSF" guide for how to set this up.
In a previous project I have used RadView WebLOAD to test a JSF site, it enable recording the user scenario and handles correlating the dynamic values.
I want to generate a basic report from testing, I would like the testing to cover the OWASP top 10. I have looked at OWASP ZAP reporting but this just highlights any issues as opposed to saying XY and Z were tested for with no evidence of them occurring along with detailing the issues found.
This is not a question on how to test a web-application. The question is: Are there any tools that will generate reports specifying what was tested for along with vulnerabilities?
You can see what ZAP is testing for by selecting Analyse... / Scan Policy
We're also starting to document the rules under here https://code.google.com/p/zap-extensions/wiki/V2Extensions (look at the items under the tree on the left).
Note that no tool will be able to automatically test for all of the OWASP Top ten - you will really need to perform manual testing as well.
The ZAP reporting does need to be improved, and I'd like it to include a list of what was tested as well as what was found. ZAP is a community project - fancy working on this? ;)
Simon (ZAP project lead)
I am writing a Java web app which I would like to allow users to execute basic PDF reports. Normally I would use Jasper Reports for this. However this time I would like the users to be able to edit there own reports in iReport and upload them. Which should be straight forward enough.
That got me thinking, Jasper lets you effectively write code in the reports which gets executed when the report is generated. Is it possible to write a report which has full access to the Java API and therefore my web app. I don't want users being able to kill tomcat or worse still use the DAO api I have built to read other users data.
Does any one know if this is actually possible and if so can you sandbox it somehow. May be I could filter the reports XML before its complied some how?
Also does anyone know if the same applies to other open source reporting tools such as BIRT?
I'm releasing a web service [1] to allow developers to generate PDF using templates drawn on i-report,
So I had to solve the same problem, my first try was to use the Java Security Engine API, but it was too complex with a lot of required permissions.
So while I was searching how Heroku isolates each web app, I discovered the Linux Containers (LXC) [2], so i decided to isolate each "developer sandbox" in a lxc container.
It don't prevent users to shutdown the "sandboxed server", but if they do, they will power off only its own sandbox, other users sandbox won't be affected.
[1] http://reports.simpleservic.es/landing
[2] http://en.wikipedia.org/wiki/LXC
Have a look at the java-sandbox [1] which we use in our BI solution Reportserver [2]. I am currently preparing a blog-post which will explain how to run jasperreports in a sandboxed environment.
As for Birt, the very same applies there too. Here user's cannot directly write java code, but they can use Rhino which in the end has the same effect.
[1] http://blog.datenwerke.net/p/the-java-sandbox.html
[2] http://reportserver.datenwerke.net
I am working on a static analysis for detecting security vulnerabilities in web applications, and I am looking for some web applications to run my analysis on.
More specifically I am right now looking for open-source web applications that use the Struts2 framework, but I have a hard time finding such applications.
Does anyone know of some more or less complete and open-source web applications written using Struts2 (or possibly just plain JSP)?
The very complete and stable Struts2 application i use for log file analysis is KonaKart. The advantage is that you can set it up on your server, including demo data and configure it and use it as you wish.
In terms of openness:
"Only the customizable parts of KonaKart are open source. These include the Struts action classes and
forms, the JSPs, the payment modules, order total modules, shipping modules and the GWT One Page
Checkout code. They are shipped under the GNU Lesser General Public License."
If you need 100% open source it is not for you.
Projects Using WebWork or Struts2
https://cwiki.apache.org/S2WIKI/projects-using-webwork-or-struts2.html
Others
http://api.cnn.com/
http://www.allhomes.com.au/
Check these tutorials. there downloads are available. link1, link2