Introduction
While functional testing finds problems by simulating how click paths would operate in a browser, static analysis finds problems by inspecting pages’ source code. Static analysis is just like a code review or code inspection. It reads and analyzes your source files, then it lets you know if it finds any coding errors that could cause functionality or presentation problems. It also pinpoints broken links and other navigational problems it finds. In addition, it can alert you to code that might not work correctly when people with disabilities try to use your site with adaptive devices, such as machines that read screen content out loud or convert content into Braille. Furthermore, static analysis can verify that custom design and content requirements, such as corporate branding, are met.
SOAtest facilitates static analysis by automating complex analyses that would otherwise take days. Static analysis can be customized to involve tools that help expose and prevent problems such as:
- Coding constructs that make code more error-prone and difficult to update.
- Navigational problems such as broken links, actions that invoke designated error pages, anchor problems, non-clickable links, and so forth.
- HTML, CSS, JavaScript, and VBScript coding problems that affect presentation, execution, dynamic content, performance, transformation, display in non-traditional browsers, and so forth.
- XML problems that affect transformations and data retrieval.
- Code and content that violates Web accessibility guidelines.
- Content that contains misspellings and typos.
- Code that violates application-specific requirements and business rules.
- Code that violates project-specific, organization-specific branding, design, or content guidelines.
The following exercises will demonstrate how to use SOAtest's Static Analysis feature to create a project, load an initial site into that project, and then quickly and easily analyze that project's files for any coding errors. We will not use the projects created from the previous exercises.
Performing Static Analysis
To perform static analysis, complete the following:
- Right-click the project from the previous exercises and choose Add New > Test (.tst) File.
- Enter a name for the file (for example,
Web Static Analysis
) and click Next. - Choose Web > Scanweb application and click Next.
- Complete the Scan HTTP/FTP/Local Resources page as follows:
- Enter
localhost:8080/parabank
in the Start URL field. SOAtest will add this URL to the Allowable/Restricted URLs table. - Enable Limit loading depth and enter
3
in the field to the immediate right. This depth setting determines the number of clicks (links) deep to load the site. For example, a loading depth of 3 tells SOAtest to load only pages that can be reached in two clicks from the start URL (Note: redirect is also considered to be 1 depth). - In the Form Options section at the bottom of the panel, set the options as follows:
- Scan Forms With Default Inputs: Disabled
- Fill Active Inputs Manually: Enabled
Click Finish.
A new .tst file and a test suite with one test will be added to the Test Case Explorer.
- Enter
- Right-click the Test 1: Scanning Tool node and choose Test Configurations.
- In the Test Configuration dialog that appears, choose User-defined in the left panel and click New under the panel.
- In the new configuration panel that appears to the right, change the Name field to
ScanTesting Configuration
. - Click the Static tab and enable Enable Static Analysis.
- In the list of rules below in the same tab, enable the following options:
- Accessibility - WCAG 2.2 [ACC-WCAG2]
- Browser Compatibility [BC]
- Coding Convention [CC]
- Check Links [CLINK]
- Click Apply to save the configuration, then click Close.
- Click the scan testing test suite in the Test Case Explorer.
- Go to Run Tests > Test Using > User-Defined > ScanTesting Configuration.
While scanning the specified site, SOAtest will open a Form dialog box each time it loads a form that allows user input. In this example, a Form input dialog box will open for the form1 form. - Complete the Form:Form1 dialog as follows:
- Select Fixed from the Text: "username" dropdown, then enter
john
in the corresponding text field. - Select Fixed from the Password: "password" dropdown, then enter
demo
in the corresponding text field. This tells SOAtest how to populate this particular form's input elements. - Click Add.
SOAtest will then reopen the same form dialog box so you can enter additional inputs if desired. - Click Skip All to indicate that you do not want to enter any more inputs for forms in this site.
- Select Fixed from the Text: "username" dropdown, then enter
When SOAtest is finished performing static analysis, static analysis violations are shown in the Quality Tasks view. To facilitate review of these results:
- Open the dropdown menu on the top right of the Quality Tasks view.
- Choose Show > SOAtest Static Analysis for Functional Tests Layout.
Additional Options
You can customize static analysis tests by:
- Enabling or disabling static analysis rules.
- Customizing the parameters of the various rules applied during static analysis.
- Designing rules that verify compliance with unique team or project requirements, then configuring SOAtest to apply those rules during static analysis.
- Configuring SOAtest to suppress error messages that are not relevant to your project.