.NET Tutorial

Editing a Rule Set

 

In the previous lesson, you created new C#, HTML and JavaScript Rule Sets. In this lesson, you will edit the HTML and C# Rule Sets to further refine the code scanning results.


Note: This section refers to the use of regular expressions. If you are unfamiliar with regular expression syntax, you may wish to refer to a reference book on the subject. Regular expressions provide a powerful mechanism for performing string searches, and Globalyzer makes extensive use of regular expressions to perform its code scans.
  1. If you are not currently logged into the Globalyzer Server, log in, and from your Home Page, select My Rule Sets.

  2. Click the html Rule Set that you created in the previous lesson. The Customize Rule Set page appears.

  3. Next, in the General Patterns Scan Rules section, find Configure General Patterns. Click Configure. The Edit General Patterns for html page appears. This page lets you create any regular expression that you want to apply to a scan of your source code: It does not have to be internationalization-related.

  4. Click the New General Pattern button. The Create General Pattern for html page displays with six fields that are used to describe a rule: Name, Pattern, Priority, Description, Category and Help Page for the fields, plus an Enabled checkbox, set to true by default.

    Three fields are required: Name, Pattern and Priority. Use the Name field to give your pattern a brief, meaningful name. Use the Pattern field to delineate the pattern being referenced. Use the Priority field to set the importance of the detected issue; 0 indicates that the found issue is a string concatenation, and 1-5 (with 1 being the highest, that is, most likely to be an internationalization issue) ranks other issues. You'll then be able to sort and view the issues that Globalyzer detects in your source code based on this priority, concentrating on the highest priority methods first. Use the Description field to (1) enter a more in-depth explanation of the pattern, (2) understand the reason for its inclusion in the scan, and/or (3) describe a process to correct the problem. The Help Page field allows you to enter a URL to a page that would further explain the pattern and/or the internationalization issue surrounding it. For its default Locale-Sensitive Methods and some programming language-specific General Patterns, Globalyzer provides help links.

  5. In this section, you are going to create a new general pattern, SimpleAlias:AControl.

    In the Name field, enter the following string:

    SimpleAlias:AControl

    In the Pattern field, enter the following string:

    SimpleAlias:AControl[^>]*"[^">]+"[^>]*>

    In the Priority field, enter the following number:

    1

    In the Description field, enter the following string:

    Scan for display strings that may be passed to this control

    The page should display the following data:

    This regular expression pattern will be incorporated into the scanner's search. In this case, the .NET code you are scanning includes a Control called AControl. When the control is embedded in an .aspx file, string parameters can be passed into it for display in the web page. Since Globalyzer's HTML scanner looks for display text between HTML tags, it will not detect these control strings by default. Prior to scanning your own .NET web applications, you will need to add a similar rule to the General Patterns category for any control in your HTML code that can be passed display-string parameters.

    The rule above tells the scanner to look for calls to this control that are followed by string literals delineated by double quotes. Once you have added this rule, these calls will be detected and reported when you run a scan that includes General Patterns results, allowing you to easily locate and handle the display text passed into the control, as you will see in a later lesson.

  6. Click the Create button. Globalyzer will redisplay the Edit General Patterns for html page with the newly added search pattern. To modify an existing pattern, click on the Name link. To remove a General Pattern from the scan, uncheck it.

  7. Now we're going to edit the csharp Rule Set. Click Home, My Rule Sets and the csharp link.

    Look under Embedded String Scan Rules and click on String Content Filters. The Edit String Content Filters for csharp page appears. This category of rules comes with a number of defaults. It also lets you define your own string filters. These filters tell the scanner that when it is searching your source for embedded strings, it can ignore any strings that match one of these patterns.

  8. Click the New String Content Filter button and enter the following values for the fields in the Create String Content Filter page:

    Name: Number(s) followed by letter(s)
    Pattern: \A[0-9]+[A-Za-z]+\Z
    Description: Filters strings that contain only number(s) followed by one or more letters.
    Leave the remaining fields (Category and Help Page) empty. Enable should be checked

    This regular expression pattern detects words that begin with numbers. The rationale for this rule is to ignore hardcoded strings in your source code that begin with numbers, because such strings are unlikely to be displayed to users. For instance, the scanner would detect the string "Error", but would ignore the string "01Error".

  9. Click Create to add the filter to the String Content Filters list. The Edit String Content Filters for csharp page now lists the new String Content Filter Number(s) followed by letter(s).

  10. Click Back to Summary, near the top left of the screen, to return to the Customize Rule Set page.

  11. Under Embedded String Scan Rules click the String Method Filters link. The Edit String Method Filters for csharp page displays. This category of rules is similar to the previous, except that instead of filtering strings that contain the listed regular expressions, it filters strings that are passed as arguments to the listed methods, functions or constructors.

    It is important to remember that when you add a method, function or constructor to the list, add the name only. Where it pertains, you may add the calling static class name prior to the method name. Be sure to escape any special characters (such as a dot: \.) that come between the class name and the method name.

    If there is an object that will always be called the same thing - such as myBundle - you may place that prior to the method call, but the scanner will only pick up instances where that specific object precedes the method call.

    Finally, do not follow the method name with a parenthesis. The scanner automatically looks for parentheses to determine whether a string is being passed in as an argument.

  12. Click the New String Method Filter button and enter the following values for the fields in the Create Method String Filters page:

    Name: MyGetString
    Pattern: MyGetString
    Description: This is an internal method that takes a String ID as a parameter, and so string literals that are passed as parameters to this method can be filtered from the Scan Results.
    Leave the fields Category and Help Page empty.
    Enable should be checked

    This regular expression pattern detects MyGetString method calls. As summarized in the Description field, the rationale for this rule is to ignore any string literals passed into this method because we know the method parameters are string literals that will not be viewed publicly by users. For example, the string literal parameters in the method call:

    String myButtonLabel = MyGetString("Cancel");

    would be ignored by the scanner because we know that the word "Cancel" is not actually a label, but rather a key to retrieve the translated label from a resource file.

  13. Click the Create button in the page.

  14. Click the Back to Summary link.

  15. Under Embedded String Scan Rules, click the Configure link for String Line Filters. The Edit String Line Filters page appears. This category of rules is similar to String Content Filters, except that it filters embedded strings that appear on a line that contains one of these patterns.

  16. As described above, to add a new filter, you would click on the New String Line Filter button, enter values for the Name, Pattern, and Description fields, and click the Create button in the Create String Line Filter page. Click the Back to Summary link to return to the Customize Rule Set page.

In the next two lessons, you will start the Globalyzer Workbench and prepare to scan your source code.