Comments (23)
Don't know what's an MMF, but sounds good.
Please keep in mind it's nowadays not only about JavaScript but TypeScript, too. I suggest to respect the lang
-attribute:
The content of <script lang="ts">...</script>
or <script lang="typescript">...</script>
should be delegated to the TypeScript-scanner.
from sonarjs.
@fmallet I think that analyzing the code snippets within any html file is anyway a good first step. This way we also bring value beyond polymer and it's similar to the work needed to support Vue.js
from sonarjs.
@exhuma unfortunately yet no news on this feature. It's not a simple one as it's "breaks" our current approach: one file - one script.
from sonarjs.
In case someone else comes across this before the support is integrated in SonarJS, I've written a small Python script to extract <script>
tags into .js
files. This can be run before running sonar-scanner so it will find .js
files. Note that this requires the package beautifulsoup4
to work. It should be fairly self-explanatory and should also be easy to adapt it to your needs. This current version expects exactly one <script>
tag. If you have more it will definitely need to be modified.
For those that don't know Python well: It is possible to create a "virtual environment" containing a separate Python interpreter with isolated packages/dependencies, so it is possible to use this without installing beautifulsoup
as root. To do this, use one of the following commands:
pyvenv /path/to/isolated/environment
python -m venv /path/to/isolated/environment # if the previous does not work or does not exist
Then you can run:
/path/to/isolated/environment/bin/pip install beautifulsoup4
This installs the dependency to beautifulsoup
into that environment. To run the script below, run:
/path/to/isolated/environment/bin/python extract.py --help
Here is the script:
'''
This module defines a main entry point which will recursively walk over all
HTML files in a folder and extract the first <script> tag it finds. This script
tag will be saved as a new ".js" file which sits right along-side the original
HTML file.
The script's main purpose is to make JavaScript code available to SonarQube
which currently cannot read <script> tags in HTML files.
'''
import logging
from argparse import ArgumentParser
from os import walk
from os.path import join, abspath
from bs4 import BeautifulSoup
LOG = logging.getLogger(__name__)
def extract_js(filename):
'''
Extract the first script tag from *filename* and save it to <filename>.js
'''
with open(filename) as fptr:
html_doc = fptr.read()
soup = BeautifulSoup(html_doc, 'html.parser')
script = soup.script
if not script or not script.string or not script.string.strip():
LOG.debug('Skipping %r: Empty or no <script> tag in', filename)
return
outfile = filename + '.js'
with open(outfile, 'w') as fptr:
print(script.string, file=fptr)
LOG.info('Written %r.', abspath(outfile))
def main(root):
'''
Recursively walk over *root* and extract JS code.
'''
LOG.info('Extracting <script> tags from HTML files in %r', abspath(root))
for root, dirs, files in walk(root):
for basename in files:
filename = join(root, basename)
if not basename.endswith('.html'):
LOG.debug('Skipping %r: Not a HTML file!', filename)
continue
extract_js(filename)
def parse_args():
'''
Parse CLI arguments
'''
parser = ArgumentParser()
parser.add_argument(
'root_path',
help='The root-path which is used to find input files.')
return parser.parse_args()
if __name__ == '__main__':
logging.basicConfig(level=logging.INFO)
args = parse_args()
main(args.root_path)
from sonarjs.
Closing this ticket as feature is tracked by MMF
from sonarjs.
Direct link: https://jira.sonarsource.com/browse/MMF-2427
from sonarjs.
By supporting Polyme @FridaCai, do you mean supporting the analysis of JavaScript code snippets part of any HTML files or are you thinking about anything really specific to the Polymer framework ? Thanks
from sonarjs.
Agreed @inverno and that's also my feeling, I would just like to make sure that @FridaCai was not thinking about anything else.
from sonarjs.
Reaction to parsing contents of random <script>
tags in random files: +10
from sonarjs.
@inverno and @ganncamp, does that mean that this issue title should be updated to something like "Analyze JS code located between <script></script> tags in any HTML files/templates" ?
from sonarjs.
IMO, @fmallet it should be "...in any file".
from sonarjs.
from sonarjs.
@inverno @ganncamp what are the examples of js code inside <script>
but file not being html?
from sonarjs.
@vilchik-elena, we're thinking about JSP, JSF, PHP, ... pages
from sonarjs.
What he said ^
from sonarjs.
Also, less frequent, but : js embedded in XML
from sonarjs.
As mentioned this question, I installed the SonarJS plugin in SonarQube, but the scanned result is
ERROR: Unable to parse file: /data/jenkins/workspace/develop/vueportal/lib/components/picker/src/picker-slot.vue
ERROR: Parse error at line 111 column 1:
101: overflow: visible
102: }
103:
104: .picker-3d .picker-item {
105: transform-origin: center center;
106: backface-visibility: hidden;
107: transition-timing-function: ease-out
108: }
109: </style>
110:
111: <script type="text/babel">
^
112: import draggable from './draggable'
113: import translateUtil from './translate'
114: import { once, addClass, removeClass } from './dom'
115: import emitter from './emitter'
116: import Vue from 'vue'
117: if (!Vue.prototype.$isServer) {
118: require('raf.js')
119: }
120:
121: var rotateElement = function (element, angle) {....}
So, what's the matter ?
from sonarjs.
@ilawrencewu Answered in issue #843 you've created. Next time please post your problem once.
from sonarjs.
@vilchik-elena sure, thanks
from sonarjs.
Is there any update on this? I just wanted to scan a Polymer project only to realise that it skips the code almost completely. We have around 30 Polymer projects and I would really like to get a feel for the technical debt in those. sonar-qube would provide a really helpful tool for this.
I can see that this issue was removed from the 4.1 milestone recently which is kind of a bummer. I was waiting for this to hit.
Why was it removed?
from sonarjs.
I understand. Thanks for the clarification. I'll keep an eye on this thread 😉
from sonarjs.
@inverno @ganncamp what are the examples of js code inside
<script>
but file not being html?
And .svelte
for @sveltejs files.
from sonarjs.
FYI we have started drafting this MMF, but nothing planned
from sonarjs.
Related Issues (20)
- update all (easy) dependencies and evaluate upgrading hard ones
- Create artifact which embeds Node.JS for Alpine Linux HOT 1
- FP S6827: Thymeleaf `th:text` attribute is not recognized as a content HOT 1
- Do not count LOCs for CSS files indexed as test files
- Exclude assignment expressions to `require()` from copy-paste detection HOT 1
- javascript/S6654.html is missing `Of` in references to prototype getter/setter methods of Object
- Fix FP S6754 (`hook-use-state`): Ignore state variables without a setter
- Fix FP S2699 (`assertions-in-tests`): Add support for `supertest` HOT 1
- Fix FP S6747 (`no-unknown-property`): Don't raise for `css` attribute HOT 1
- Fix FP S6747 (`no-unknown-property`): Don't raise for allowed attributes HOT 1
- Fix FP S6747 (`no-unknown-property`): Don't raise issues from `eslint-plugin-react/no-unknown-property` when react is not used HOT 1
- Embedded Node.js runtime: detect the host architecture correctly in MacOS JRE Intel virtualization HOT 1
- Fix FP S6754 (`hook-use-state`): Add exception when using `useState` for components HOT 1
- Embedded Node.js: when `sonar.nodejs.forceHost` is set, do not deploy the runtime HOT 1
- Remove usage of deprecated logging APIs
- JS-18 S6819 False Positive when using SAP UI5 React components HOT 1
- Use 18.17.0 as minimum version for Node.JS
- Ignore runtime errors when saving cpd tokens
- Incorrect S6757 Error for Class Components HOT 8
- We should skip the whole file when we fail to save CPD token
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sonarjs.