Live example If you want to see a live example of the capabilities of the Web plugin, you can have a look at the analysis of the Shopizer project on Nemo.

Description / Features

The plugin enables analysis of Web projects within Sonar. Currently JSP and JSF are supported. Some initial support is provided for Ruby templating (erb files). 

It is compatible with the Issues Report plugin to run pre-commit local analysis.

Installation

1. Install the Web plugin through the Update Center or download it into the SONAR_HOME/extensions/plugins directory
2. Restart the Sonar server

Usage

Run a Sonar Analysis with the Sonar Runner (Recommended Way)

To launch a Sonar analysis of your Web project, use the Sonar Runner.

A sample project is available on github that can be browsed or downloaded: /projects/languages/web/web-sonar-runner.

Run a Sonar Analysis with the other Analyzers

Maven and Ant can also be used to launch analysis on Web projects.

Advanced Properties

The following properties of the plugin are configurable:

Metrics

See Metrics documentation page.

Complexity
Complexity of the web page is measured by counting the decision tags (such as if and forEach) and boolean operators in expressions ("&&" and "||"), plus one for the body of the document. It is a measure of the minimum number possible paths to render the page.

The decision tags and the operators are configurable. For details see rules library

Duplication
Duplication is counted by comparing tokens. Duplication is reported if more than a minimum amount of tokens are replicated (in the same file or another file). The default minimum tokens is set to 70.

Comments
Comments are counted by adding the lines for server side and client side comments.

Rules

There are about 20 checks in the library. Please read the documentation of the checks on the page Web Rules Library.

The ruleset is inspired on the following standards and guidelines:

• Code Conventions for the JavaServer Pages Technology
• XHTML 1.0

A complete explanation of the available checks is given here .

Plugin Architecture

The plugin uses a simple tokenizer to parse the web pages. The tokenizer is based on the sonar-channel library. The output of the tokenizer is analyzed by a set of analyzers and checks. Expressions written in the Unified Expression Language (EL) are validated with JBoss EL.

Roadmap Ideas

• Run analysis directly from maven (without sonar)
• More support for WCAG, webrichtlijnen
• Enhanced validation of unified expressions (using JSFUnit?)
• Dependency analysis

Change Log

Release 1.2 (13 issues)
Type	Key	Summary	Priority
	SONARPLUGINS-1201	Struts tags suport: wrongly report Invalid OGNL Expression
	SONARPLUGINS-1973	Replace all the Web profiles by a single Sonar Way Profile
	SONARPLUGINS-1903	Add Greek Localization
	SONARPLUGINS-1897	Add commented-out code detection capability
	SONARPLUGINS-1890	Most violations don't have any message
	SONARPLUGINS-1889	By default, all rules are declared to have mutliple cardinality but this shouldn't be the case
	SONARPLUGINS-1888	Impossible to set property "taglibs" on IllegalTagLibsCheck rule
	SONARPLUGINS-1887	Add L10n mechanism to the Web plugin
	SONARPLUGINS-1878	Improve syntax highlighting
	SONARPLUGINS-1874	Source headers should not be counted as comments
	SONARPLUGINS-1873	Deprecate the specific "sonar.web.sourceDirectory" property in favor of the standard properties
	SONARPLUGINS-1858	Make the Sonar Web plugin compatible with Sonar 2.12+
	SONARPLUGINS-1187	Allow configuration via sonar-project.properties rather than pom.xml

Release 1.1 (6 issues)
Type	Key	Summary	Priority
	SONARPLUGINS-867	ArrayIndexOutOfBoundsException when running analysis
	SONARPLUGINS-866	Plugin does not accept absolute path as src directory
	SONARPLUGINS-853	Feature to monitor usage of escape="false" attribute on pages.
	SONARPLUGINS-1195	Code colorizing in sonar source view does not work
	SONARPLUGINS-1184	Provide API for other plugins acting on web files
	SONARPLUGINS-1088	Sonar not able to recognize the OGNL "#{true:''}"

Release 1.0.2 (1 issues)
Type	Key	Summary	Priority
	SONARPLUGINS-857	XMLProfileParser shouldn't be instantiated by plugin

Release 1.0.1 (1 issues)
Type	Key	Summary	Priority
	SONARPLUGINS-858	Sonar with web plugin fails to start on Oracle database

Release 1.0 (21 issues)
Type	Key	Summary	Priority
	SONARPLUGINS-680	Rule : Avoid Html Comment - Issue
	SONARPLUGINS-681	Rule : Enclosed Tags
	SONARPLUGINS-679	Rule : Double Quotes - Issue
	SONARPLUGINS-678	Rule : Labels Internationalization - Issue
	SONARPLUGINS-677	Rule Invalid Expression - Issue
	SONARPLUGINS-639	New web rule : Each <head> element should contain a <title> element
	SONARPLUGINS-632	Add a new Web rule to prevent use of SQL inside JSP
	SONARPLUGINS-633	New web rule to check the file length
	SONARPLUGINS-626	Multiple instances of the same check
	SONARPLUGINS-656	RequiredAttribute check
	SONARPLUGINS-704	Directory src/main/java is always checked as sourceDirectory
	SONARPLUGINS-690	Problem with invalid expression
	SONARPLUGINS-844	Analysis fails when complexity check is disabled.
	SONARPLUGINS-836	Add file complexity distribution
	SONARPLUGINS-835	Add missing directory metric
	SONARPLUGINS-833	Implement NOSONAR
	SONARPLUGINS-828	Add plugin to SonarSource radar
	SONARPLUGINS-811	Migrate to parent-7
	SONARPLUGINS-800	Code cleanup and Unit tests
	SONARPLUGINS-801	Add integration tests
	SONARPLUGINS-650	Length is misspelt in analysis data generated by sonar-web-plugin 0.1

Release 0.1 (5 issues)
Type	Key	Summary	Priority
	SONARPLUGINS-130	SONAR : JSP & HTML Analysis
	SONARPLUGINS-638	New web rule : Every image should be provided with a proper alternative text
	SONARPLUGINS-628	Create a first implementation of the CodeColorizer extension point to highlight the HTML syntax in the Sonar Code Viewer
	SONARPLUGINS-625	Configurable file extensions
	SONARPLUGINS-624	WebPlugin: Alpha Release 1