On this page:
Target audience:
Users of the extension providing HTML5/JavaScript support for Web applications.
Summary: This document provides basic information about the extension providing HTML5/JavaScript support for Web applications.
What's new in 1.9.0?
- Bugs resolution, including support of new expressions in lists.
- Better resolution with jsp files.
- Support of jsp pager taglib.
- Support of struts-jquery-grid-tags taglib.
- Resources found in <form> tags have GET as default type (not POST).
- Files filtering enhancement (skipped files are no more sent to other extensions).
- Issue fixed for the rule "Avoid JavaScript to block page loading"
- Issue fixed for the rule "Avoid using unsecured cookies"
- Issue fixed for the rule "Avoid creating cookie without setting httpOnly option"
- New rules:
- 1020098 Avoid creating cookie with overly broad path (Javascript)
- 1020100 Avoid creating cookie with overly broad domain (Javascript)
What's new in 1.9.1?
- Bugs resolution, mainly for other web extensions (angularjs and jquery).
What's new in 1.9.2?
Bug resolution : GUIDs/fullnames correction for objects inside javascript sections inside html files when several sections in one file.
<script>
function f1() { }
</script>
<script>
function f2() { }
</script>
To resolve this issue, an "upgrade" process is included in this release to transform the guids. In the above example, CAST_HTML5_JavaScript_SourceCode_Fragment_2.f2 will become CAST_HTML5_JavaScript_SourceCode_Fragment.f2.
Following the first analysis after upgrade to this extension, the following warning may be present at the end of analysis:
UNIVERSAL_CACHE : DUPLICATED OBJECTS NAME REMOVED: 144955 D:\Deploy\app\package\anchor.html/CAST_HTML5_JavaScript_SourceCode_Fragment.f1
This is expected behaviour, it is present if you have functions with same name in several sections of the same html file. In this case, the migration will produce two guids which will be the same: CAST_HTML5_JavaScript_SourceCode_Fragment.f1 for example, and the reanalysis will produce: CAST_HTML5_JavaScript_SourceCode_Fragment.f2 and CAST_HTML5_JavaScript_SourceCode_Fragment.f2_2.
Description
In what situation should you install this extension?
The analyzer could be used if your application is a Web Application, has HTML/Javascript/CSS files and/or contains HTML/Javascript fragments embedded into JEE and .NET files (for example).
The analyzer provides the following features:
- Automated Function Point counting.
- Checksum, number of code lines, number of comment lines, comments are present.
- Local and global resolution is done when function is called directly through its name (inference engine resolution is not available).
- For global resolution, caller is searched in all .js files. If only one callee is found, a link is created. If several callees are found, the analyzer watches inclusions in html files to see if it can filter the callee. If nothing is found in html files to filter, links are created to all possible callees.
Files analyzed
| Icon(s) | File | Extension | Note |
|---|---|---|---|
| HTML | *.html, *.htm, *.xhtml |
|
 | Javascript | *.js, *.jsx | Supports:
See also JavaScript below for more information. |
| Cascading Style Sheet | *.css | Supports CSS 1 - 3. |
| Java Server Page | *.jsp, *.jspx | Supports JSP 1.1 - 2.3. See JSP below for more information. |
| Active Server Page | *.asp, *.aspx | See (Classic) ASP below for more information. |
| HTML Components | *.htc | HTC files contain html, javascript fragments that will be parsed. Created objects will be linked to the HTC file. |
| ASP.NET MVC Razor | *.cshtml | See ASP.NET MVC Razor below for more information. |
Note that you may find that the number of files delivered is more than then number of files reported after analysis. This is due to the following:
- by default some files are automatically excluded from the analysis, typically third-party frameworks which are not required. Please see the filters.json file located at the root of the extension folder for a complete list of default exclusions.
- some files that have been included in the analysis may not be saved in the CAST Analysis Service schema because they do not contain any useful information, i.e. they do not contain any technical sections such as functions which would lead to the creation of a specific object.
(Classic) ASPTechnology support notes
Although CAST AIP handles classic ASP (Active Server Pages) applications "out of the box" with the ASP analyzer, the HTML5 and JavaScript extension is also capable of analyzing classic ASP applications. Below is a comparison of the analysis of the same classic ASP application with results from the HTML5 and JavaScript extension on the left and results with the ASP analyzer embedded in CAST AIP on the right:
Some additional links are provided in certain situations:
But less information in other situations:
ASP.NET MVC Razor
Summary: This document provides basic information about the how the .NET technology ASP.NET MVC Razor is supported.
Introduction
Features
- Creates objects specific to Razor corresponding to requests to the .NET server, as services, embedded in .cshtml files.
- Creates objects specific to ASP.NET corresponding to operations which are methods of controllers in the .NET server, embedded in .cs files. This part of the extension is launched by the .NET analyzer.
- Creates call links between these two kinds of objects through the Web Services Linker. These two kinds of objects are identified by a URL, in order to be compatible with the Web Services Linker.
Server part (without specific routing)
The following objects are created:
 | ASP.NET Any Operation |
 | ASP.NET Get Operation HTML5 Razor Get service |
 | ASP.NET Put Operation |
 | ASP.NET Post Operation HTML5 Razor Post service |
 | ASP.NET Delete Operation |
URL creation
URLs are created as follows:
"Course/Edit" for the Edit method of this CourseController class. This is an operation which may correspond to any type of request from the client, then a CAST_AspDotNet_AnyOperation is created:
public class CourseController : Controller
{
public ActionResult Edit(int? id)
{
}
}
"Course/Edit" for the Edit method of this CourseController class, first Edit corresponds to a POST operation, then a CAST_AspDotNet_PostOperation is created. The second Edit corresponds to any of the other operation types,and depending on this a CAST_AspDotNet_GetOperation object, CAST_AspDotNet_PutOperation object or CAST_AspDotNet_DeleteOperation are created:
public class CourseController : Controller
{
[HttpPost]
public ActionResult Edit(int? id)
{
}
public ActionResult Edit(other params)
{
}
}
"Course/Edit" for the Edit method of this CourseController class, this is a POST operation:
public class CourseController : Controller
{
[HttpPost, ActionName("Edit")]
public ActionResult EditPost(int? id)
{
}
}
In this case, the url is "CourseEdit", and not "CourseEditPost" because of the attribute "ActionName" presence, which contains an alias (click to enlarge):
Server part (with specific routing)
This section is the same as the previous one (Server part (without specific routing)), except that URLs are modified depending on a specific config routing. Specific routings are present in the following files:
App_Start/RouteConfig.cs files:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;
namespace ContosoUniversity
{
public class RouteConfig
{
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
);
}
}
}
using System.Web.Mvc;
namespace XL.XLI.ScoringWebAppTool.WebUI.Areas.DesignProfessional
{
public class DesignProfessionalAreaRegistration : AreaRegistration
{
public override string AreaName
{
get { return "DesignProfessional"; }
}
/* Order is important, as the engine uses fall-through matching logic. */
public override void RegisterArea(AreaRegistrationContext context)
{
context.MapRoute
(
"DesignProfessional_Default2",
"DesignProfessional/{controller}/{action}/{id}",
new
{
controller = "PreRenewal",
action = "Index",
id = UrlParameter.Optional
}
);
context.MapRoute
(
"DesignProfessional_Default",
"DesignProfessional/PreRenewal",
new
{
controller = "PreRenewal",
action = "Index",
id = UrlParameter.Optional
}
);
}
}
}
Razor Client part
Creates object specific to Razor corresponding to requests to the NET server, as services, embedded in .cshtml files. The following objects are created:
| HTML5 Razor Get service |
| HTML5 Razor Post service |
Code examples
Html.ActionLink call
This code in a .cshtml file located in a directory named "Course" will create an object of type CAST_HTML5_Razor_GetService whose URL is "Course/Delete/{}". The presence of "{}" is due to the presence of a parameter of type "new {}" containing a word equals to "id" or ending with "id":
@Html.ActionLink("Delete", "Delete", new { id = item.CourseID })
Url.Action call
This code in a .cshtml file located in a directory named "Student" will create an object of type CAST_HTML5_Razor_GetService whose URL is "Student/Index":
@Html.PagedListPager(Model, page => Url.Action("Index",
new { page, sortOrder = ViewBag.CurrentSort, currentFilter = ViewBag.CurrentFilter }))
Html.ActionLinkWithAccess call
This code in a .cshtml file located in a directory named "StaffIncreaseProfilePeriod" will create an object of type CAST_HTML5_Razor_GetService whose URL is "StaffIncreaseProfilePeriod/Create":
<li>@Html.ActionLinkWithAccess(__("Add increase profile"), "Create", null, new { @class = "btn popupLink", data_popupsize = "big" })</li>
Html.Action call
This code in a .cshtml file located in a directory named "Account" will create an object of type CAST_HTML5_Razor_GetService whose URL is "Account/ExternalLoginsList".
@Html.Action("ExternalLoginsList", new { ReturnUrl = ViewBag.ReturnUrl })
Ajax.ActionLink call
This code in a .cshtml file located in a directory named "NotificationMessenger" will create an object of type CAST_HTML5_Razor_PostService whose URL is "NotificationMessenger/Delete/{}".
@Ajax.ActionLink("x", "Delete", "NotificationMessenger", new { notific.Id }, new AjaxOptions() { HttpMethod = "POST", OnComplete = "DismissNotification" }, new { @class = "notification-close" })
Html.RenderAction call
This code in a .cshtml file located in a directory named "Holidays" will create an object of type CAST_HTML5_Razor_PostService whose url is "Holidays/ColorsLegend".
@{ Html.RenderAction("ColorsLegend"); }
Html.BeginForm call
This code in a .cshtml file will create an object of type CAST_HTML5_Razor_PostService whose url is "Student/Index".
@using (Html.BeginForm("Index", "Student", FormMethod.Get))
{
<p>
Find by name: @Html.TextBox("SearchString", ViewBag.CurrentFilter as string)
<input type="submit" value="Search" />
</p>
}
Ajax.BeginForm call
This code in a .cshtml file will create an object of type CAST_HTML5_Razor_PostService whose url is "Missions/SynthesisAjaxHandler/{}".
@using (Ajax.BeginForm(
"SynthesisAjaxHandler", //actionName
"Missions", //controllerName
new { //routeValues
missionId = Model.Mission.Id,
dayId = Model.MissionDayId,
method="GET"
},
new AjaxOptions { //Ajax setup
UpdateTargetId = "synthesisLinesDiv",
HttpMethod = "GET",
InsertionMode = InsertionMode.Replace,
},
new { //htmlAttributes
Id = "form-selectSynthesis",
//method="get"
}
))
JavaScript
JSP
CAST recommends using the HTML5 and JavaScript extension to analyze classic JSP applications (JSP versions 1.1 - 2.3) - this is because the JEE Analyzer is not capable of analyzing the JavaScript elements of the JSP application. Below is a screenshot of the analysis of a classic JSP application using the HTML5/JavaScript extension - click to enlarge:
Transaction configuration information
HTML5 source code: it represents the whole HTML file content.
- Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
- Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
| Function Points (transactions) | Quality and Sizing | Security |
|---|---|---|
 | | |
CAST AIP release | Supported |
|---|---|
| 8.3.x | |
| 8.2.x | |
| 8.1.x | |
| 8.0.x | |
| 7.3.4 and all higher 7.3.x releases | |
Supported DBMS servers
This extension is compatible with the following DBMS servers:
| CAST AIP release | CSS | Oracle | Microsoft |
|---|---|---|---|
| All supported releases | | |  |
Prerequisites
| An installation of any compatible release of CAST AIP (see table above) |
Download and installation instructions
Please see:
The latest release status of this extension can be seen when downloading it from the CAST Extend server.
Packaging, delivering and analyzing your source code
Once the extension is downloaded and installed, you can nowpackage your source code and run an analysis. The process of packaging, delivering and analyzing your source code is described below:
Packaging and delivery
Note that the HTML5/JavaScript extension does not contain any discoverers or extractors, however, the Web Files Discoverer extension will be automatically installed (it is a "shipped" extension which means it is delivered with AIP Core) and will automatically detect projects as HTML5 if specific files are delivered, therefore ensuring that Analysis Units are created for your source code.
Using CAST Console
Using CAST Management Studio
- create a new Version
- create a new Package for your HTML5/JavaScript source code using the Files on your file system option:
- Define the root folder of your Application source code:
- Run the Package action
- Before delivering the source code, check the packaging results:
| Without the Web Files Discover | If you are not using the Web Files Discoverer, the following will occur:
|
|---|---|
| With the Web Files Discoverer | If you are using the Web Files Discoverer, the following will occur:
|
- Deliver the Version
Analyzing
Using CAST Console
AIP Console exposes the technology configuration options once a version has been accepted/imported, or an analysis has been run. Click Universal Technology (3) in the Config (1) > Analysis (2) tab to display the available options for your HTML5 source code:
Then choose the relevant Analysis Unit (1) to view the configuration:
Using the CAST Management Studio
- Accept and deploy the Version in the CAST Management Studio.
| Without the Web Files Discover | If you are not using the Web Files Discoverer, the following will occur:
Do not add a dependency from this Analysis Unit to another client Analysis Unit.
|
|---|---|
| With the Web Files Discoverer | If you are using the Web Files Discoverer, the following will occur:
Do not add a dependency from this Analysis Unit to another client Analysis Unit.
|
Using the filters.json file
The HTML5 and JavaScript extension is provided with a file called filters.json at the root of the extension folder. This file lists all items that will be ignored during an analysis. The file is pre-populated with items, but it is also possible to modify the file manually and add your own custom filters. See HTML5 and JavaScript - using the filters.json file.
Analysis warning and error messages
The following warnings and error messages may be displayed in the analysis log:
End of comment and File skipped messages for .js files
You may find that the analysis log contains the following messages for .js files:
Warning MODULMSG ; Job execution end of comment '\*\/' not found 0 ; 0 0 0 [Module name] 0 0 Warning MODULMSG ; Job execution File skipped : K:\CAST\Ref\auto-refi2-staticresources\testing\inflow.js
These messages occur when the underlying Universal Analyzer raises a warning whenever it encounters what it considers a syntax error. The "End of comment" message is logged and then a following message is logged stating that the file has been "skipped". These warnings should be ignored as they have no impact: the HTML5/JavaScript extension will analyze the file and raise the following message in the analysis log:
Information MODULMSG ; Job execution [com.castsoftware.html5] Light parsing of file K:\CAST\CASTMS\Deploy\Test_source\Ref\auto-refi2-staticresources\testing\inflow.js
What results can you expect?
Once the analysis/snapshot generation has completed, you can view the results in the normal manner:
CAST Enlighten
Javascript ECMA6 Classes and Constructors example
CAST Management Studio analysis content
Objects
The following objects are displayed in CAST Enlighten:
| Icon | Description |
|---|---|
| JavaScript file |
| HTML5 Source Code |
| HTML5 Source Code Fragment |
| HTML5 ASP Content |
| HTML5 ASPX Content |
| HTML5 CSHTML Content |
| HTML5 CSS Source Code |
 | HTML5 CSS Source Code Fragment |
| HTML5 HTC Content |
| HTML5 JavaScript Source Code |
| HTML5 JSX source code |
 | HTML5 JavaScript Source Code Fragment |
| HTML5 JavaScript Function |
| HTML5 Javascript Method |
| HTML5 Javascript Class |
| HTML5 Javascript Class Constructor |
| HTML5 Web Socket Service ASP.NET Any Operation |
| HTML5 Get XMLHttpRequest Service HTML5 Get HttpRequest Service ASP.NET Get Operation HTML5 Razor Get service |
| HTML5 Update XMLHttpRequest Service HTML5 Update HttpRequest Service ASP.NET Put Operation |
| HTML5 Post XMLHttpRequest Service HTML5 Post HttpRequest Service ASP.NET Post Operation HTML5 Razor Post service |
| HTML5 Delete XMLHttpRequest Service HTML5 Delete HttpRequest Service ASP.NET Delete Operation |
Rules
The following rules are shipped with this extension:
Known Limitations
- Creation and detection of object using "prototype" is not supported.
- When HTML5/JavaScript source code is used as the "source" or "destination" in a Reference Pattern (configured in the CAST Management Studio) it will be ignored when the analysis is run - this is due to a limitation in the way the analyzer functions. However, when testing the Reference Pattern using the test option in the CAST Management Studio, the pattern will appear to match.
