My company has implemented a policy that all routes must have constraints, and I was wondering if anyone knows of a custom rule for FxCop (1.36) that will check the routes and flag any without constraints, or if it's even possible to do with FxCop.
I am unaware of any custom FxCop rules that check for route constraints. However, it's quite feasible to create such a rule if you only wish to check routes configured directly in code (as opposed to loaded from some other source like a config file). If you're unable or unwilling to tackle this yourself, you might want to try requesting the rule at http://fxcopaspnetsecurity.codeplex.com/.
Related
Using SonarQube 6.0, it seems that you are unable to add parameters to rules unless they are custom. Some rules that come with plugins allow parameters, however there seems to be no way to provide these. Also, it appears that you cannot copy a rule to make it custom and add parameters that way.
One such rule:
https://github.com/SonarSource/sonar-javascript/blob/master/javascript-checks/src/main/java/org/sonar/javascript/checks/UntrustedContentCheck.java
Any way to achieve this via the API?
Thanks
I have made Business Rule for CRM and activated it, but it doesn't perform any action it should. It is activated, by the way.
I have checked the conditions multiple times and the look fine. I have also made JS Web Resource with the same conditions and it works.
The entity I am working with is custom entity(not activity). Is there anything I should enable on my entity to enable business rule, something like: Business Process Flows, Activities, Connections etc. or should I look for problem solver somewhere else?
When Business Rules have issues, they simply don't run (no errors, no nothing).
Make sure the scope of the Business Rule is correct (if you're not sure, pick the all forms option and safely forget about it).
Also, all the fields appearing in the business rule must be placed in the form body, if even only one is missing then the rule will not run. They can be locked and/or invisible if that's an issue.
Business rules that will be applied to Main and Quick Create forms, and to an entity, in the Web application and Microsoft Dynamics CRM for tablets. It is applied to the Main and Quick forms in the Outlook client in online and offline modes. (https://technet.microsoft.com/en-us/library/dn531086.aspx)
If all is good and the rule still doesn't run, clear it out then test it after each single change you make.
I would like to add a Sonar rule to forbid use of URL GET parameters.
I mean I only want to allow POST parameters in my application forms.
Can you help me to write this rule ?
Since the Web plugin doesn't support custom rules, you'll need to either write your own supplementary plugin (i.e. use the Web plugin plus the one providing your custom rule(s)) or submit a pull request to add your rule directly to the plugin. In either of those cases, you should probably look to the SonarQube Google Group for further discussion/guidance.
You didn't specify the language you want to analyse, but depending on which one you're using you can use XPath to analyse the syntax tree. If XPath isn't supported for your language you'll really have to write your own custom plugin like said in the other answer.
See here for each language support:
SonarDocs - Writing Custom Rules
If you do need to write a custom plugin, I can only recommend you to take a look at the existing code, starting with java.custom-rules
Is there an easy way to dump all routes for a .NET MVC application? I'm thinking something similiar to how rail's rake routes works.
http://archives.ryandaigle.com/articles/2007/7/2/what-s-new-in-edge-rails-use-rake-to-list-your-routes
Its actually pretty difficult to do a reliable one depending on your use case because routes are usually very dynamic. Attribute-based routing would make the task much easier but I will assume you are not using that. I have found this article which uses reflection, but I have not tried it myself. Also, its a simplistic approach, which won't cover many edge cases.
There are tools such as Glimpse that allow you to view most of your routes and debug them (including AJAX!) but even that will have trouble with routes that don't follow the conventions in the RouteConfig, or that have context masks which make them route via other controllers, etc. To my knowledge they don't have an API for analyzing or
I'd like to know if there is a way to find defunct action methods on controllers. I have R# and ran analysis, but it didn't seem to check if the asp code called an action. Is there anything that does?
Implement a global action filter that records the action name in a persistent store somewhere. This way you can track which actions do get executed and figure out what's missing from possible actions. It's a bit tedious but may work for your purposes.
No, a tool what not know what actions are required, as they are invoked by the routing configuration. I suppose you could write a tool which could check which actions are accessible given the current routing configuration, but then it wouldn't be able to know if those methods wouldn't potentially be used by other code, as they are marked as public.