Page tree
Skip to end of metadata
Go to start of metadata

On this page:

Target audience:

CAST Administrators

Summary: this page provides detailed information about CAST's support for the Web technologies.

Detailed technology support

Language VersionSupported

JavaScript 1.2 - 1.5

(tick)
JScript 1.0 - 5.6(tick)
Up to VBScript 5.5(tick)
HTML 2.0 - 4.0.1(tick)
ASP(tick)

Note that there is no dedicated "Web technologies" analyzer. Instead the technologies listed above are analyzed with the ASP, J2EE .NET analyzers where appropriate.

Required third-party software

To successfully deliver and analyze Web technologies, the following third-party software is required:

Install on workstation running the DMT (for extraction)
Install on workstation running CMS (for analysis)

Nothing required

Note that the CAST Delivery Manager Tool simply requires the location of the Web files for extraction and packaging.
Nothing required

Web technologies objects and links

Objects

ASP objects

IconObject name

Analysis

Subset

Application

Collection

Collection Item, Instance, Property, Variable

Method, Sub

Object

Property

Com Objects Folder

Constant

Folder, URL Folder, URL Group Folder

External URL Application Folder

File

Class

Event

Function

Property Get, Property Let, Property Put, Property Set

Method Group, Other Group

Global Variables Folder

Object

Site

Virtual Directory

Client side files

The following client side files types where present in a project will be displayed using the standard icon used in Windows:

  • Image files (.gif, .jpg etc.)
  • ASP files (.asp, .asa etc.)
  • HTML files (.htm, .html, .htc etc.)
  • Script files (.js, .vbs etc.)
Link typeWhen is this link type created?
USETypLib
<!--METADATA TYPE = "TypeLib" FILE = "TypLibFileName" -->
Applet
<APPLET CODE = "AppletCode" CODEBASE = "AppletCodeBase" >
ActiveX through a variable
x = new ActiveXObject("A.B")
function f()
{
x.Method()

Use link between f and A.B

Dynamic data source
<OBJECT id = id_obj classid = "clsid:Sample"></OBJECT>
<A DATASRC=#id_obj datafld = "url" id=id_a>

Use link between id_a and id_obj

Database object
<SCRIPT>
ExecuteSQL("select * from authors")
</SCRIPT>
MAP
<img src="images/cover.jpg" border=0 usemap="#covermap" ismap id=id_img>
<map name="covermap">
<area shape=rect href="whatis.htm" coords="0,0,315,198">
<area shape=rect href="signup.asp" coords="0,198,230,296">
<area shape=rect href="holdings.asp" coords="229,195,449,296">
<area shape=rect href="question.htm" coords="314,0,449,196">
</map>
MENTIONIndicates the area in which the ActiveX is mentioned
function f()
{
return CreateObject("A.B")
}

Mention link between f and A.B

Indicates the area in which the class name is mentioned
function f()
{
return new g()
}

Mention link between f and g

INCLUDEIndicates the inclusion of a file
<SCRIPT LANGUAGE = "JavaScript" SRC = "inc.js">
</SCRIPT>
CALLIndicates a call to a file
<A HREF = "called_file.htm" ></A>
<SCRIPT LANGUAGE = JavaScript>
window.open("called_file.htm")
</SCRIPT>
Indicates a function call
<SCRIPT>
function f()
{
return 1;
}
function g()
{
return f()
}
</SCRIPT>

Call link between g and f

ACCESSIndicates a access type link enters a property of an HTC component together with the associated PUT or GET function.
<PUBLIC:PROPERTY NAME="xmlData"
ID="xmlDataID" GET="getxmlData" PUT="putxmlData"/>

ACCESS link betwee xmlData and the getxmlData and putxmlData functions.

ACCESS and
READ
Read only access to a file
<!--#FLASTMODE FILE = "accessed_file.htm">
Read only access to a variable
<SCRIPT>
function f()
{
y=x
}
</SCRIPT>

Read only access between f and x

ACCESS and
WRITE
Read and write access to a variable
<SCRIPT>
function f()
{
y=x
}
</SCRIPT>

Read and write access between f and y

ACCESS and PAGE_FORWARDIndicates a redirection. Only available for analyzed IIS applications.-
REFERIndicates that a variable refers to another variable
<SCRIPT>
x = new ActiveXObject("A.B")
Application("y")=x
</SCRIPT>

Refer link between Application("y") and x

RELY ON and INSTANCE OFIndicates that a variable is an instance of a class
<SCRIPT>
x=new ActiveXObject("A.B")
</SCRIPT>

INSTANCE_OF link between x and A.B

GO THROUGHIndicates the error file(s) used. Only available for analyzed IIS applications.-

Technology support notes

This section provides more detail about the support for specific Web technologies and the way in which CAST handles the

Jscript 3.0 - 5.6

  • Precompilation is not supported.
  • Jscript classes are represented as Jscript methods and there are no calling links between Jscript class members.

XHTML 1.x

  • Unexpected syntax error: unescaped script content.

JavaScript

  • Object Literals are not supported.
  • WindChill script is not supported (<script language=windchill>). Usage of this script language can cause syntax errors during an analysis. As a consequence, no JavaScript methods are created nor links to JavaScript methods.
  • JavaScript function calls from included JSPs are not detected by the analyzer. For example:
    • jsp1.jsp includes jsp2.jsp and myscript.js
    • jsp2.jsp calls functions defined in myscript.js
    • CAST cannot detect Call links from jsp2.jsp to the js functions
  • JavaScript files delivered in minified format will not be analyzed (the analyze will skip them). A syntax error will be recorded in the analysis log file, similar to this:
2015-11-05 22:07:32.477     Warning    SYNTAX ; Body    Syntax error : [W]=function(X){V=X;I();L();l[W]=g;try{delete l[W]}catch(Y){}if(H){H.removeChild(T)}}}
  • JavaScript files delivered with the extension .javascript will be skipped by the analyzer. Only files with the extension .js will be analyzed.
  • When JavaScript is embedded inside an ASP.NET page, the JavaScript is ignored. For example, the onTabCustom function will be ignored.
<%@ Page
Language="vb" AutoEventWireup="false" Async="true" MasterPageFile="~/MasterPages/Inline.Master"
     CodeBehind="xyz.aspx.vb" Inherits="xyz" %>

<asp:Content ID="contentHeader" ContentPlaceHolderID="cphHead" runat="server">

  <script type="text/javascript">
        var iCurrentTag = 0;
         function onTabCustom(tabNo) {
  doSomething();  

        }
  </script>
 </asp:Content>

ASP

<SCRIPT> tag

Files contained within the <SCRIPT> tag without the "runat = server" attribute will be considered as containing client code only. This can cause syntax errors during the analysis if you have an ASP file contained within the <SCRIPT> tag. One possible solution is to ignore this type of coding by replacing the expression <SCRIPT src="XXX/XXX.asp" > with <SCRIPT> via the Text Replacement feature.

Source code and comment line counts

The number of lines of code (LOC) of a Web file is calculated according to the formula:

  1. #LOC in file = #lines in file - #empty lines - #comment lines
  2. When a scripting files is included for both the server side (using the tag <script runat=server> in one page) and the client side (using the tag <script> in another page), file level comments are counted twice. This affects also the #LOC of that file as it is calculated using the formula given in 1. However, the count for the class's sub-objects is correct.
  3. VBScript classes are not handled by the ASP Analyzer and therefore comments inside these classes are not seen. This affects the line count for code and comments in these files as it is calculated using the formula given in 1.
  4. Variable declarations are not handled by the ASP Analyzer. Therefore there are no comments associated with them.
  5. If a file contains two distinct comment blocks on the same line and if there is part of a statement between the two blocks, ASP Analyzer counts two comment lines instead of one. In the following example, two lines are counted:

return /* Comment 1 */ 0; /* Comment 2 */

Implicit declaration of events

Implicit declaration of events is not supported. Thus such events are not displayed and no link to the procedure is found.

Additional notes

The following section lists technical and functional aspects with regard to analysis of Web technology source code:

URI-like Strings in JavaScript Functions

Situation

  • Analyzing a web application using javascript
  • and the applicaction contains a javascript function having a "URI-like" string. E.g. "http://jira/secure/EditIssue"
  • and the URI-like string does not match a file name.
See http://tools.ietf.org/html/rfc2396 for a definition of what is considered as an URI

Symptoms

Following warning is displayed during analysis:

Cannot find file whose path is "<URI-like string>".

This warning has no impact on analysis results and can be safely ignored. Any "URI-like" string present in a javascript function is considered as a filename and an attempt is made to resolve it.

Local variables having the same name as script language methods or functions

If a local variable has the same name as a function or a method (in JavaScript, Jscript, vbscript), the analyser will create a false link from the function (or method) containingg the local variable to the function (or method) having the same name as the variable.

Example 1:

The following function will create a recursive link between the function falseLink and itself:

 

function falseLink(...){
    var falseLink = a("newElement");
    ...
    return falseLink;
}

Example 2:

The following two functions will create a link between the the function ""a and the function "falseLink":

 

function falseLink(...){
    ...
}
 
function a(...){
    var falseLink = a("newElement");
    ...
    return falseLink;
}

 

Interdependencies between client-side code and server-side code

Because of the way in which web analyzers handle server-side code (i.e. code running on the web server) and client-side code (i.e. code executed in the web browser), an analysis may fail if the web file contains both types of code. Web analyzers function as follows:

  • A page is first analyzed as server-side file and what is not recognized as server code is collected (preserving line and column numbers) in a buffer.
  • The collected code is then considered and analyzed as client-side code.

For example, the following line of code containing both Java and JavaScript causes an analysis to fail (bold text is collected as client-side code):

String Var = <% If(Test) { %> val1 <% } else {%> Val2 <% } %>

This is because the analyzer will first analyze the server-side code (in this case the Java code) and then the client-side code (in this case JavaScript). This results in the following client code being analyzed:

String Var = val1 Val2

This is syntactically incorrect. The error occurs on "Val2" and the analysis of the object containing the code fails. This limitation also applies even if server-side and client-side code appear on different lines in the same web file.

Syntax error on attribute value without opening double-quote

Web analyzers produce a syntax error when encountering an HTML attribute inside a tag where the attribute value is closed by a double-quote but has no opening double-quote like in the following example:

<table border=0">

Please note that:

  • there is no double-quote before the 0
  • this is incorrect syntax, however, it is tolerated by Internet Explorer

Restrictions on text length when using Text Replacements

When specifying regular expressions in the Text Replacement feature in the .NET, J2EE or ASP Analyzer, you must ensure that the new text has the same length as the replaced text. Otherwise, an analysis may fail. Note that the issue will occur with during the Metrics Assistant phase of the analysis, although Text Replacement is configured in the relevant .NET, J2EE or ASP Analysis Unit or at Application or Technology level.

Methods with the same name

If a web file includes directly or indirectly two js files and if several js or vbs script methods with the same name exist, a link will be drawn to all of the methods, when the methods are referenced in the code.

 

  • No labels