String Concatenation PatternsString Concatenation Patterns are for HTML rule sets only. For HTML, embedded strings are strings found between matching tags. These strings can be a combination of text, variables (in .vm files), externalized strings, and server-side code. Globalyzer now determines when an HTML string contains a combination, and will mark the issue as a Concatenation.
If the string is determined to be a concatenation and contains text to externalize, the issue is Active with priority C. String Concatenation Patterns are used specifically for concatenations found that are Filtered. The rules will be applied against this set of issues, and if there's a match, the originally Filtered issue will be marked Active with priority C. This enables finding concatenations in HTML strings that have already been externalized in parts, rather than as a whole. The Edit String Concatenation Patterns list for an HTML Rule Set is shown below.
The Inherited column lists the name of the Rule Set that defined the string concatenation pattern. A value of 'No' indicates that the pattern is local to the Rule Set. Local patterns can be modified and/or deleted. Inherited patterns can be overridden. To disable a local string concatenation pattern, uncheck the box. To create a new pattern, select the New String Concatenation Pattern link at the top of the page. This displays the Create String Concatenation Pattern form, shown below.
The page contains six fields used to describe a rule: Name, Pattern, Priority, Description, Help Page, and Enabled. Use the Name field to give your pattern a brief, meaningful name. The Pattern field must contain a valid Regular Expression. For more information on Regular Expression syntax, click here. The Priority field should default to 0 and be left at 0 to indicate a concatenation. Use the Description field to (1) enter a more indepth explanation of the pattern, (2) understand the reason for its inclusion in the scan, and/or (3) describe a process to correct the problem. The Help Page field is where you can provide a URL link for the pattern. This link may either help explain why this pattern is important, or it may explain how to correct the issue found. Use the Category field to set a category that can be enabled or disabled in bulk for a ruleset. The Enabled field determines whether the pattern is processed by Globalyzer (checked) or ignored by Globalyzer for now (unchecked). Once you've provided the string concatenation pattern information, click the Create button. The Edit String Concatenation Patterns list redisplays, showing your changes. If a string concatenation pattern is local to the Rule Set, it can be modified and/or deleted. Click on its name hyperlink from the Edit String Concatenation Patterns list. This displays the Edit String Concatenation Pattern page, shown below. All fields are modifiable. Press Update to save any changes. Press Delete to delete the string concatenation pattern. After updating or deleting, the Edit String Concatenation Patterns list redisplays, showing your changes.
If a string concatenation pattern is inherited, it can be overridden. Maybe you want to disable the inherited pattern in your Rule Set. Click on its name hyperlink from the Edit String Concatenation Patterns list. This displays the Override String Concatenation Pattern page, shown below. All fields are modifiable, but if you change the pattern field, you will end up creating an entirely new string concatenation pattern, rather than overriding the inherited one. Press Create to create the override string concatenation pattern. After creating, the Edit String Concatenation Patterns list redisplays, showing your local string concatenation pattern.
To return to the Customize Rule Set page, select the Back to Summary link. |
Configuring Rule Sets