Download Fortify SCA User Guide

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
Transcript 
Translating J2EE Applications
Translating J2EE applications involves processing Java source files, J2EE components such as JSP files, deployment descriptors such as web.xml, and configuration files such as struts-config.xml.
The steps include:
1. Translating the Java files.
Refer to the samples earlier in this chapter.
2. Translating the JSP files.
Refer to the sample below.
3. Processing the configuration files.
An example is:
sourceanalyzer -b my_buildid "mydirectory/myfile.xml"
Working with JSP Projects
To translate JSP files, Fortify SCA requires that the JSP files are in a standard Web Application Archive (WAR) layout. If your source directory is already organized in a WAR layout, you can translate JSP files directly from the source directory. If this is not the case, you may need to deploy your application and translate the JSP files from the deployment directory.
If your JSP files use any tag libraries, such as JSTL, ensure that the libraries’ jar files are in the WEB-INF/lib directory. Otherwise, the JSP compiler will not resolve the tag libraries and could produce incorrect results.
By default, Fortify SCA uses a version of the Jasper JSP compiler to compile JSP files into Java files during the translation phase. However, if your web application is developed specifically for an application server, you must use the JSP compiler for that application server when performing the translation.
To support this, Fortify SCA provides the following command line options:
•
-appserver supported values: weblogic/websphere
•
-appserver-home
For Weblogic, the path to the directory containing the server/lib directory
For WebSphere, the path to the directory containing the bin/JspBatchCompiler script
•
-appserver-version supported values:
Weblogic versions 7, 8, 9, and 10
WebSphere version 6
If you are using an application server that is not listed, use the default internal Fortify JSP compiler. For example:
sourceanalyzer -b my_buildid -cp "WEB-INF/lib/*.jar" "WEB-INF/**/*.jsp"
XML Configuration Files
Fortify SCA uses the web.xml configuration file during the project scan for the following information: •
servlet tags
•
servlet‐mapping tags
•
filter tags
•
filter‐mapping tags
•
error‐page tags
Fortify SCA User Guide
8
Related documents
MeteoCAL Tools User`s Manual: Draft 0.9
MeteoCAL Tools User`s Manual: Draft 0.9
ControlTower™ - SIE Computing Solutions
ControlTower™ - SIE Computing Solutions
CECHYA-0087
CECHYA-0087
Manual for CYPRUS (V1.0) (ATOM Dual Core Model)
Manual for CYPRUS (V1.0) (ATOM Dual Core Model)
CYPRUS - Drivers
CYPRUS - Drivers
OSELAS.Support OSELAS.Training OSELAS
OSELAS.Support OSELAS.Training OSELAS
Security Practices Guide
Security Practices Guide
How to become a PTXdist Guru
How to become a PTXdist Guru
SEVENTH FRAMEWORK PROGRAMME THEME 3 Information and
SEVENTH FRAMEWORK PROGRAMME THEME 3 Information and
® V2.300 Upgrade for the 4000 series User Manual
® V2.300 Upgrade for the 4000 series User Manual
MANUEL D`INSTRUCTIONS
MANUEL D`INSTRUCTIONS
Accessing PSQL with J2EE White Paper
Accessing PSQL with J2EE White Paper