Software ResiliencyProgramming Best Practices
Production Risk
How we detect
Why you should care
JSP fragments are a portion of a JSP code passed to a tag handler so it can be invoked as many times as required. They can be considered as a template that is used by a tag handler to produce customized content. A fragment attribute is evaluated by a tag handler during tag invocation unlike a simple attribute which is evaluated by the container. One can define the value of a fragment attribute by using a .jsp attribute element.
However when JSP fragments are left incomplete, they cannot be made accessible for client browsers as it can cause readability issues and a symptom for flawed programming practices
Business Impacts
Incomplete JSP fragments are risky because they do present improper programming practice which will be greatly unappealing to potential clients.
CAST Recommendations
How we detect
This code insight shows JSP fragments that are not complete pages should not be made not accessible for client browsers.
But : it is a polemic diag, as explained here : “Some people also believe in putting them under the WEB-INF folder, so that they’re not accessible via a URL. I see no good reason to go to this extreme, since there’s no way to discover their existence from outside of the app-server. On the other hand, there’s a decided maintainability benefit to keeping refactored fragments together with their including file.”
http://www.kdgregory.com/index.php?page=jsp.refactoring
But : it is a polemic diag, as explained here : “Some people also believe in putting them under the WEB-INF folder, so that they’re not accessible via a URL. I see no good reason to go to this extreme, since there’s no way to discover their existence from outside of the app-server. On the other hand, there’s a decided maintainability benefit to keeping refactored fragments together with their including file.”
http://www.kdgregory.com/index.php?page=jsp.refactoring
About CAST and Highlight’s Code Insights
Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.
See featuresHow it works