XSSDetect Add-In for Visual Studio 2005
Sample Usage
1. Launch Visual Studio
2. Open a solution containing at least on C#, J# or VB.NET project
3. Build the solution
4. Click on Tools | XSSDetect Code Analysis, the Summary View dockable tool window activates
5. Verify/edit the current settings (click on General Settings, Rules or Target Assemblies on the toolbar of the Summary View)
6. Start the code analysis (use the Analyze button on the toolbar)
7. After the analysis is complete, the Summary View tool window shows the results, and the output window shows information and error messages
8. Double click on a result item in the Summary View to activate the Detail View
9. In the Detail View, double click on a dataflow item to display the corresponding source line
10. Use the "Previous" and "Next" buttons in the Detail View to display other result items
Default Settings
If a solution is currently open, the default settings are specific to the open solution and are setup as follows:
· Report output file = <SolutionDirectory>\XSSDetectReport.xml
· Report stylesheet = <InstallationDirectory>\Config\report.xsl
· Rules directory = <InstallationDirectory>\Rules
· All rules are enabled
· All assemblies generated by the solution are included in the analysis
<SolutionDirectory> is the directory where the .SLN file is located
<InstallationDirectory> is the directory where the add-in assemblies have been copied during installation
When the solution is closed, any changes to the default settings (such as disabled rules, or excluded target assemblies) are persisted in the solution file.
If no solution is open, the default settings are as follows:
· Report output file = %APPDATA%\XSSDetect\XSSDetectReport.xml
· Report stylesheet = <InstallationDirectory>\Config\report.xsl
· Rules directory = <InstallationDirectory>\Rules
· All rules are enabled
· No target assemblies
Currently the default settings with no solution open are not saved to persistent storage and are re-initialized when a new instance of Visual Studio starts.