In the previous lesson, you created new C#, HTML and
JavaScript Rule Sets. In this lesson, you will edit the HTML and C#
Rule Sets to further refine the code scanning results.
-
If you are not currently logged into the Globalyzer Server, log in, and from your Home Page,
select My Rule Sets.
-
Click the html Rule Set that you created in the previous
lesson. The Customize Rule Set page appears.
-
Next, in the General Patterns Scan Rules
section, find Configure General Patterns. Click Configure. The Edit General Patterns
for html page appears. This page lets you create any regular
expression that you want to apply to a scan of your source code:
It does not have to be internationalization-related.
-
Click the New General Pattern button. The Create General
Pattern for html page displays with six fields that are used to
describe a rule: Name, Pattern, Priority, Description,
Category and Help Page for the fields, plus an Enabled checkbox,
set to true
by default.
Three fields are required: Name,
Pattern and Priority. Use the Name field to
give your pattern a brief, meaningful name. Use the Pattern
field to delineate the pattern being referenced. Use the Priority
field to set the importance of the detected issue; 0
indicates that the found issue is a string concatenation, and 1-5 (with 1 being the
highest, that is, most likely to be an internationalization issue) ranks
other issues.
You'll then be able to sort and view
the issues that Globalyzer detects in your source code based on
this priority, concentrating on the highest priority methods
first. Use the Description field to (1) enter a more
in-depth explanation of the pattern, (2) understand the reason for
its inclusion in the scan, and/or (3) describe a process to
correct the problem. The Help Page field allows you to
enter a URL to a page that would further explain the pattern
and/or the internationalization issue surrounding it. For its
default Locale-Sensitive Methods and some programming language-specific
General Patterns, Globalyzer provides help links.
-
In this section, you are going to create a new general pattern, SimpleAlias:AControl.
In the Name field, enter the following string:
SimpleAlias:AControl
In the Pattern field, enter the following string:
SimpleAlias:AControl[^>]*"[^">]+"[^>]*>
In the Priority field, enter the following number:
1
In the Description field, enter the following string:
Scan for display strings that may be passed to this
control
The page should display the following data:
This regular expression pattern will be incorporated into the
scanner's search. In this case, the .NET code you are scanning
includes a Control called
AControl.
When the control is embedded in an .aspx file, string
parameters can be passed into it for display in the web page.
Since Globalyzer's HTML scanner looks for display text between
HTML tags, it will not detect these control strings by default.
Prior to scanning your own .NET web applications, you will need
to add a similar rule to the General Patterns category for
any control in your HTML code that can be passed display-string
parameters.
The rule above tells the scanner to look for calls to this
control that are followed by string literals delineated by double
quotes. Once you have added this rule, these calls will be
detected and reported when you run a scan that includes General
Patterns results, allowing you to easily locate and handle the
display text passed into the control, as you will see in a later
lesson.
-
Click the Create button. Globalyzer will redisplay the
Edit General Patterns for html page with the newly added search
pattern. To modify an existing pattern, click on the Name
link. To remove a General Pattern from the scan, uncheck it.
-
Now we're going to edit the csharp Rule Set. Click Home,
My Rule Sets and the csharp link.
Look under Embedded String Scan Rules and click on
String Content Filters. The Edit
String Content Filters for csharp page appears. This category of rules
comes with a number of defaults. It also lets you define your own
string filters. These filters tell the scanner that when it is
searching your source for embedded strings, it can ignore any
strings that match one of these patterns.
-
Click the New String Content Filter button and enter the
following values for the fields in the Create String Content
Filter page:
Name: Number(s) followed by letter(s)
Pattern: \A[0-9]+[A-Za-z]+\Z
Description: Filters strings that contain only number(s)
followed by one or more letters.
Leave the remaining fields (Category and Help Page) empty. Enable should
be checked
This regular expression pattern detects words that begin
with numbers. The rationale for this rule is to ignore hardcoded
strings in your source code that begin with numbers, because such
strings are unlikely to be displayed to users. For instance, the
scanner would detect the string "Error", but would
ignore the string "01Error".
-
Click Create to add the filter to the String Content Filters
list. The Edit String Content Filters for csharp page now lists
the new String Content Filter Number(s) followed by letter(s).
-
Click Back to Summary, near the top left of the screen, to
return to the Customize Rule Set page.
-
Under Embedded String Scan Rules click the
String Method Filters link. The Edit String Method
Filters for csharp page displays. This category of rules is
similar to the previous, except that instead of filtering strings
that contain the listed regular expressions, it filters strings
that are passed as arguments to the listed methods,
functions or constructors.
It is important to remember that when you add a method,
function or constructor to the list, add the name only. Where it
pertains, you may add the calling static class name prior to the
method name. Be sure to escape any special characters (such as a
dot: \.) that come between the class name and the method name.
If there is an object that will always be called the same thing -
such as
myBundle
- you may place that prior to the method call, but the scanner
will only pick up instances where that specific object precedes
the method call.
Finally, do not follow the method name with a parenthesis.
The scanner automatically looks for parentheses to
determine whether a string is being passed in as an argument.
-
Click the New String Method Filter button and enter the
following values for the fields in the Create Method String
Filters page:
Name: MyGetString
Pattern: MyGetString
Description: This is an internal method that takes a
String ID as a parameter, and so string literals that are passed
as parameters to this method can be filtered from the Scan
Results.
Leave the fields Category and Help Page
empty.
Enable should
be checked
This regular expression pattern detects
MyGetString
method calls. As summarized in the Description field, the
rationale for this rule is to ignore any string literals passed
into this method because we know the method parameters are string
literals that will not be viewed publicly by users. For example,
the string literal parameters in the method call:
String myButtonLabel = MyGetString("Cancel");
would be ignored by the scanner because we know that the
word "Cancel" is not actually a label, but rather a key
to retrieve the translated label from a resource file.
-
Click the Create button in the page.
-
Click the Back to Summary link.
-
Under Embedded String Scan Rules, click the Configure
link for String Line Filters. The Edit String Line Filters
page appears. This category of rules is similar to String
Content Filters, except that it filters embedded strings that
appear on a line that contains one of these
patterns.
-
As described above, to add a new filter, you would click on the New
String Line Filter button, enter values for the Name, Pattern,
and Description fields, and click the Create button in the
Create String Line Filter page. Click the Back to Summary
link to return to the Customize Rule Set page.
In the next two lessons, you will start the Globalyzer
Workbench and prepare to scan your source code.
