Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

What is Enable signed push support in Gerrit?

This options Defaults to false.

This ensure When a client pushes with git push –signed, this ensures that the push certificate is valid and signed with a valid public key stored in the refs/meta/gpg-keys branch of All-Users.

If true, server-side signed push validation is enabled.

Config in gerrit.config – receive.enableSignedPush

Tagged : / / / / /

Sonar Support with JSP & HTML

rajeshkumar created the topic: Sonar Support with JSP & HTML

JSP/HTML land, usefull tests could be done via some regexp, ie
check if style/css are used (to avoid dirty colors/fonts hard-coded
for example).

If we want to build something pretty robust and extensible, I think we should integrate a java library which is able to transform a XHTML or badly formatted HTML document into a DOM :

htmlparser.sourceforge.net/
jtidy.sourceforge.net/
sourceforge.net/projects/nekohtml/

a complete list of available libraries is available here : java-source.net/open-source/html-parsers

With a DOM we could then imagine to implement a visitor pattern in order to let users create new rules.

Some very simple rules in order to start.

Rule 1: disallow scriptlets
Rule 2: disallow some taglibs (JSTL SQL comes to mind). Could be parametrized by Taglib URL to list all disallowed taglibs.
Rule 3: enforce JSP style (XML syntax)
Rule 4: disallow hard coded labels
Rule 5: disallow dynamic JSP includes (<jsp:include>)
Rule 6: disallow external file in page attribute of dynamic JSP include
Rule 7: disallow TLD location for URI in taglib declaration
For HTML
Rule 8: enforce <script> at the end of the body
Rule 9: disallow <style>
Rule 10: disallow non empty <script> content
Rule 11: enforce a limit on the number of called external files (js and css)

Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Tagged :