JeSS Basics
JeSS produces an AST using the built in org.eclipse.jdt.core.dom package. The class ASTParser is used to accept the compilation unit and produce an AST. Manipulation and use of this AST requires the use of the classes in the org.eclipse.jdt.core.dom package. Visitors that are passed to this tree must be of type ASTVisitor.
The visitors used in JeSS are a sub-type of ASTVisitor. They are of type JeSSVisitor. JeSSVisitor is further sub-classed to create the individual visitors that are used to scan for the security bugs. JeSSVisitor provides three helper methods for the security scans. There is a method to report a problem, to parse a class name out of a node, and to parse a method or field name out of a node. Greater detail on this class can be found in the section JeSSVisitor.
In JeSS problems found are displayed in the ÒProblemsÓ view. These markers are a sub-type of org.eclipse.resources.problemmarker. The standard format for reporting a problem in JeSS is a general message conveying the nature of the security bug and then a specific reference associated with the particular problem.
For example a field that is missing a modifier would be reported as follows
ÒModifier missing on Field: String none.Ó
This convention should be used in all implementations of JeSSVisitor.