Embed Size (px)
Citation preview
Nodejs - 21On this page
Whats newDescriptionIn what situation should you install this extension
Express frameworkSailsjs frameworkLoopback framework
Create webservice from Express APICreate webservice from model
Koajs frameworkKnexjs frameworkNodejs MQTTNodejs Seneca Microservice
Supported Nodejs versionsFunction Point Quality and Sizing supportComparison with existing support for JavaScript in CAST AIPCAST AIP compatibilitySupported DBMS serversPrerequisitesDependencies with other extensionsDownload and installation instructionsPackaging delivering and analyzing your source code
Packaging and deliveryUsing AIP ConsoleUsing CAST Management Studio
AnalyzingUsing AIP ConsoleUsing the CAST Management Studio
Analysis warning and error messagesWhat results can you expect
ObjectsNodejs EcosystemExternal link behavior
Connector per RDBMS VendorOracle oracledb connectorMS SQL node-sqlserver and mssql connectorsPostgreSQL pg connectorMySQL my_connection connector
Connector per NoSQL VendorAzure Cosmos DBCouchDB connectorDynamoDBMarkLogic marklogic connectorMongoDB mongoose connectorMemcached
Amazon Web Services (AWS)Call to ProgramSQL Named Query Structural Rules
Known Limitations
Target audience
Users of the extension providing support for Web applicationsNodejs + Express
Whats newPlease see for more informationNodejs - 21 - Release Notes
DescriptionThis extension provides support for Nodejs Nodejs is a JavaScript runtime built on Chromes V8 JavaScript engine Nodejs uses an event-driven non-blocking IO model that makes it lightweight and efficient
Summary This document provides basic information about the extension providing support for Web applicationsNodejs + Express
In what situation should you install this extensionRegarding Front-End to Back-End connections we do support the following cross-technology stacks
iOS Front-End connected to NodejsPostgreSQL Back-end iOS Front-End connected to NodejsMSSQL Back-end
If your Web application contains source code and you want to view these object types and their links with other objects then you should install Nodejsthis extension
creates a t when an instance has been foundNodejs application objeccreates which represent entry-points of web servicesNodejs operationsNodejs operations are called from client applications using jQuery Ajax for example Supported client frameworks are
jQueryAngularJS
Express frameworkThe following declarations will create a Nodejs Get Operation
appget(login function (req res) use strict consolelog(login + requrl) consolelog(login + reqquerypseudo) var currentSession = getSessionId(req res) databuserExists(currentSession reqquerypseudo res cbLogin))
and this one will create a NodeJS Service Operation
var admin = express()
appuse(admin admin)
Hapijs frameworkCreate a server - indexjs
CAST recommends using this extension with for the best resultsHTML5 and JavaScript 200
const Hapi = require(hapi)
Create Serverconst server = new HapiServer()
Routes create a route for server
serverroute([ method GET path apidirectorsid handler apidirectorsget config tags [api] description Get one director by id notes Get one director by id validate params id Joinumber()required() cors origin [] ]
Sailsjs frameworkCreate a server appjs
Start server sailslift(rc(sails))
Routes control at configroutesjs
GET siteidSite controller Site action getSite rel RelServicesREL_ENUMGET_VIEWED_SITEPUT alert controller Alert action putAlert rel RelServicesREL_ENUMPUT_ALERT profile ProfileServicesPROFILE_ENUMOPERER
Controller actions
SiteControllerjs
selfgetSite = function (req res) var promise = SitefindOne( idSite idSite )
AlertControllerjs
selfputAlert = function (req res) var promise = AlertfindOne( alertId alertId )
Model definition
Sitejs
selfconnection = postgresqlServer
selftableName = T_SITE
selfattributes =
Alertjs
selfconnection = postgresqlServer
selftableName = T_ALERT
selfattributes =
Transaction from get operation method to database when using SQL analyzer
Loopback frameworkCreate webservice from Express API
The App extends and supports Express Middleware Webservice can be supported as API Express framework
var loopback = require(loopback)var app = loopback()
Create get methodappget( function(reqres)ressend(hello world))
applisten(3000)
Create webservice from model
Model todojs
moduleexports = function(Todo) Todostats = function(filter cb) TodoremoteMethod(stats accepts arg filter type object returns arg stats type object http path stats Todostats)
Exposing models over REST LoopBack models automatically have a standard set of httpsloopbackiodocenlb3Exposing-models-over-RESThtmlHTTP endpoints that provide REST APIs
Example todojson
name Todo base PersistedModel strict throw persisteUndefinedAsNull true trackChanges true properties id id true type string defaultFn guid title string completed type boolean default false created type number
Koajs frameworkWebservice application from Koa
var koa = require(koa) router = require(koa-router) cors = require(koa-cors) json = require(koa-json) errorHandler = require(koa-onerror) bodyParser = require(koa-body)() app = koa() routes = new router()
function render(controller action)
routes start
routesget( todos render(todos all))routespost( todos bodyParser render(todos create))routesget( todosid render(todos show))routesdel( todosid render(todos delete))routespatch(todosid bodyParser render(todos update))routesdel( todos render(todos deleteAll))
appuse(require(appmiddlewaresrequest_logger)())appuse(json())appuse(cors(methods [GET PUT POST PATCH DELETE]))appuse(routesmiddleware())
errorHandler(app)
applisten(Number(processenvPORT || 9000))
Knexjs frameworkKnexjs is a batteries included SQL query builder for Postgres MSSQL MySQL MariaDB SQLite3 Oracle and Amazon Redshift designed to be flexible portable and fun to use We do not support the creation of tables for this framework Example
Define database config
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
In what situation should you install this extensionRegarding Front-End to Back-End connections we do support the following cross-technology stacks
iOS Front-End connected to NodejsPostgreSQL Back-end iOS Front-End connected to NodejsMSSQL Back-end
If your Web application contains source code and you want to view these object types and their links with other objects then you should install Nodejsthis extension
creates a t when an instance has been foundNodejs application objeccreates which represent entry-points of web servicesNodejs operationsNodejs operations are called from client applications using jQuery Ajax for example Supported client frameworks are
jQueryAngularJS
Express frameworkThe following declarations will create a Nodejs Get Operation
appget(login function (req res) use strict consolelog(login + requrl) consolelog(login + reqquerypseudo) var currentSession = getSessionId(req res) databuserExists(currentSession reqquerypseudo res cbLogin))
and this one will create a NodeJS Service Operation
var admin = express()
appuse(admin admin)
Hapijs frameworkCreate a server - indexjs
CAST recommends using this extension with for the best resultsHTML5 and JavaScript 200
const Hapi = require(hapi)
Create Serverconst server = new HapiServer()
Routes create a route for server
serverroute([ method GET path apidirectorsid handler apidirectorsget config tags [api] description Get one director by id notes Get one director by id validate params id Joinumber()required() cors origin [] ]
Sailsjs frameworkCreate a server appjs
Start server sailslift(rc(sails))
Routes control at configroutesjs
GET siteidSite controller Site action getSite rel RelServicesREL_ENUMGET_VIEWED_SITEPUT alert controller Alert action putAlert rel RelServicesREL_ENUMPUT_ALERT profile ProfileServicesPROFILE_ENUMOPERER
Controller actions
SiteControllerjs
selfgetSite = function (req res) var promise = SitefindOne( idSite idSite )
AlertControllerjs
selfputAlert = function (req res) var promise = AlertfindOne( alertId alertId )
Model definition
Sitejs
selfconnection = postgresqlServer
selftableName = T_SITE
selfattributes =
Alertjs
selfconnection = postgresqlServer
selftableName = T_ALERT
selfattributes =
Transaction from get operation method to database when using SQL analyzer
Loopback frameworkCreate webservice from Express API
The App extends and supports Express Middleware Webservice can be supported as API Express framework
var loopback = require(loopback)var app = loopback()
Create get methodappget( function(reqres)ressend(hello world))
applisten(3000)
Create webservice from model
Model todojs
moduleexports = function(Todo) Todostats = function(filter cb) TodoremoteMethod(stats accepts arg filter type object returns arg stats type object http path stats Todostats)
Exposing models over REST LoopBack models automatically have a standard set of httpsloopbackiodocenlb3Exposing-models-over-RESThtmlHTTP endpoints that provide REST APIs
Example todojson
name Todo base PersistedModel strict throw persisteUndefinedAsNull true trackChanges true properties id id true type string defaultFn guid title string completed type boolean default false created type number
Koajs frameworkWebservice application from Koa
var koa = require(koa) router = require(koa-router) cors = require(koa-cors) json = require(koa-json) errorHandler = require(koa-onerror) bodyParser = require(koa-body)() app = koa() routes = new router()
function render(controller action)
routes start
routesget( todos render(todos all))routespost( todos bodyParser render(todos create))routesget( todosid render(todos show))routesdel( todosid render(todos delete))routespatch(todosid bodyParser render(todos update))routesdel( todos render(todos deleteAll))
appuse(require(appmiddlewaresrequest_logger)())appuse(json())appuse(cors(methods [GET PUT POST PATCH DELETE]))appuse(routesmiddleware())
errorHandler(app)
applisten(Number(processenvPORT || 9000))
Knexjs frameworkKnexjs is a batteries included SQL query builder for Postgres MSSQL MySQL MariaDB SQLite3 Oracle and Amazon Redshift designed to be flexible portable and fun to use We do not support the creation of tables for this framework Example
Define database config
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
const Hapi = require(hapi)
Create Serverconst server = new HapiServer()
Routes create a route for server
serverroute([ method GET path apidirectorsid handler apidirectorsget config tags [api] description Get one director by id notes Get one director by id validate params id Joinumber()required() cors origin [] ]
Sailsjs frameworkCreate a server appjs
Start server sailslift(rc(sails))
Routes control at configroutesjs
GET siteidSite controller Site action getSite rel RelServicesREL_ENUMGET_VIEWED_SITEPUT alert controller Alert action putAlert rel RelServicesREL_ENUMPUT_ALERT profile ProfileServicesPROFILE_ENUMOPERER
Controller actions
SiteControllerjs
selfgetSite = function (req res) var promise = SitefindOne( idSite idSite )
AlertControllerjs
selfputAlert = function (req res) var promise = AlertfindOne( alertId alertId )
Model definition
Sitejs
selfconnection = postgresqlServer
selftableName = T_SITE
selfattributes =
Alertjs
selfconnection = postgresqlServer
selftableName = T_ALERT
selfattributes =
Transaction from get operation method to database when using SQL analyzer
Loopback frameworkCreate webservice from Express API
The App extends and supports Express Middleware Webservice can be supported as API Express framework
var loopback = require(loopback)var app = loopback()
Create get methodappget( function(reqres)ressend(hello world))
applisten(3000)
Create webservice from model
Model todojs
moduleexports = function(Todo) Todostats = function(filter cb) TodoremoteMethod(stats accepts arg filter type object returns arg stats type object http path stats Todostats)
Exposing models over REST LoopBack models automatically have a standard set of httpsloopbackiodocenlb3Exposing-models-over-RESThtmlHTTP endpoints that provide REST APIs
Example todojson
name Todo base PersistedModel strict throw persisteUndefinedAsNull true trackChanges true properties id id true type string defaultFn guid title string completed type boolean default false created type number
Koajs frameworkWebservice application from Koa
var koa = require(koa) router = require(koa-router) cors = require(koa-cors) json = require(koa-json) errorHandler = require(koa-onerror) bodyParser = require(koa-body)() app = koa() routes = new router()
function render(controller action)
routes start
routesget( todos render(todos all))routespost( todos bodyParser render(todos create))routesget( todosid render(todos show))routesdel( todosid render(todos delete))routespatch(todosid bodyParser render(todos update))routesdel( todos render(todos deleteAll))
appuse(require(appmiddlewaresrequest_logger)())appuse(json())appuse(cors(methods [GET PUT POST PATCH DELETE]))appuse(routesmiddleware())
errorHandler(app)
applisten(Number(processenvPORT || 9000))
Knexjs frameworkKnexjs is a batteries included SQL query builder for Postgres MSSQL MySQL MariaDB SQLite3 Oracle and Amazon Redshift designed to be flexible portable and fun to use We do not support the creation of tables for this framework Example
Define database config
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Routes control at configroutesjs
GET siteidSite controller Site action getSite rel RelServicesREL_ENUMGET_VIEWED_SITEPUT alert controller Alert action putAlert rel RelServicesREL_ENUMPUT_ALERT profile ProfileServicesPROFILE_ENUMOPERER
Controller actions
SiteControllerjs
selfgetSite = function (req res) var promise = SitefindOne( idSite idSite )
AlertControllerjs
selfputAlert = function (req res) var promise = AlertfindOne( alertId alertId )
Model definition
Sitejs
selfconnection = postgresqlServer
selftableName = T_SITE
selfattributes =
Alertjs
selfconnection = postgresqlServer
selftableName = T_ALERT
selfattributes =
Transaction from get operation method to database when using SQL analyzer
Loopback frameworkCreate webservice from Express API
The App extends and supports Express Middleware Webservice can be supported as API Express framework
var loopback = require(loopback)var app = loopback()
Create get methodappget( function(reqres)ressend(hello world))
applisten(3000)
Create webservice from model
Model todojs
moduleexports = function(Todo) Todostats = function(filter cb) TodoremoteMethod(stats accepts arg filter type object returns arg stats type object http path stats Todostats)
Exposing models over REST LoopBack models automatically have a standard set of httpsloopbackiodocenlb3Exposing-models-over-RESThtmlHTTP endpoints that provide REST APIs
Example todojson
name Todo base PersistedModel strict throw persisteUndefinedAsNull true trackChanges true properties id id true type string defaultFn guid title string completed type boolean default false created type number
Koajs frameworkWebservice application from Koa
var koa = require(koa) router = require(koa-router) cors = require(koa-cors) json = require(koa-json) errorHandler = require(koa-onerror) bodyParser = require(koa-body)() app = koa() routes = new router()
function render(controller action)
routes start
routesget( todos render(todos all))routespost( todos bodyParser render(todos create))routesget( todosid render(todos show))routesdel( todosid render(todos delete))routespatch(todosid bodyParser render(todos update))routesdel( todos render(todos deleteAll))
appuse(require(appmiddlewaresrequest_logger)())appuse(json())appuse(cors(methods [GET PUT POST PATCH DELETE]))appuse(routesmiddleware())
errorHandler(app)
applisten(Number(processenvPORT || 9000))
Knexjs frameworkKnexjs is a batteries included SQL query builder for Postgres MSSQL MySQL MariaDB SQLite3 Oracle and Amazon Redshift designed to be flexible portable and fun to use We do not support the creation of tables for this framework Example
Define database config
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Sitejs
selfconnection = postgresqlServer
selftableName = T_SITE
selfattributes =
Alertjs
selfconnection = postgresqlServer
selftableName = T_ALERT
selfattributes =
Transaction from get operation method to database when using SQL analyzer
Loopback frameworkCreate webservice from Express API
The App extends and supports Express Middleware Webservice can be supported as API Express framework
var loopback = require(loopback)var app = loopback()
Create get methodappget( function(reqres)ressend(hello world))
applisten(3000)
Create webservice from model
Model todojs
moduleexports = function(Todo) Todostats = function(filter cb) TodoremoteMethod(stats accepts arg filter type object returns arg stats type object http path stats Todostats)
Exposing models over REST LoopBack models automatically have a standard set of httpsloopbackiodocenlb3Exposing-models-over-RESThtmlHTTP endpoints that provide REST APIs
Example todojson
name Todo base PersistedModel strict throw persisteUndefinedAsNull true trackChanges true properties id id true type string defaultFn guid title string completed type boolean default false created type number
Koajs frameworkWebservice application from Koa
var koa = require(koa) router = require(koa-router) cors = require(koa-cors) json = require(koa-json) errorHandler = require(koa-onerror) bodyParser = require(koa-body)() app = koa() routes = new router()
function render(controller action)
routes start
routesget( todos render(todos all))routespost( todos bodyParser render(todos create))routesget( todosid render(todos show))routesdel( todosid render(todos delete))routespatch(todosid bodyParser render(todos update))routesdel( todos render(todos deleteAll))
appuse(require(appmiddlewaresrequest_logger)())appuse(json())appuse(cors(methods [GET PUT POST PATCH DELETE]))appuse(routesmiddleware())
errorHandler(app)
applisten(Number(processenvPORT || 9000))
Knexjs frameworkKnexjs is a batteries included SQL query builder for Postgres MSSQL MySQL MariaDB SQLite3 Oracle and Amazon Redshift designed to be flexible portable and fun to use We do not support the creation of tables for this framework Example
Define database config
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
moduleexports = function(Todo) Todostats = function(filter cb) TodoremoteMethod(stats accepts arg filter type object returns arg stats type object http path stats Todostats)
Exposing models over REST LoopBack models automatically have a standard set of httpsloopbackiodocenlb3Exposing-models-over-RESThtmlHTTP endpoints that provide REST APIs
Example todojson
name Todo base PersistedModel strict throw persisteUndefinedAsNull true trackChanges true properties id id true type string defaultFn guid title string completed type boolean default false created type number
Koajs frameworkWebservice application from Koa
var koa = require(koa) router = require(koa-router) cors = require(koa-cors) json = require(koa-json) errorHandler = require(koa-onerror) bodyParser = require(koa-body)() app = koa() routes = new router()
function render(controller action)
routes start
routesget( todos render(todos all))routespost( todos bodyParser render(todos create))routesget( todosid render(todos show))routesdel( todosid render(todos delete))routespatch(todosid bodyParser render(todos update))routesdel( todos render(todos deleteAll))
appuse(require(appmiddlewaresrequest_logger)())appuse(json())appuse(cors(methods [GET PUT POST PATCH DELETE]))appuse(routesmiddleware())
errorHandler(app)
applisten(Number(processenvPORT || 9000))
Knexjs frameworkKnexjs is a batteries included SQL query builder for Postgres MSSQL MySQL MariaDB SQLite3 Oracle and Amazon Redshift designed to be flexible portable and fun to use We do not support the creation of tables for this framework Example
Define database config
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Koajs frameworkWebservice application from Koa
var koa = require(koa) router = require(koa-router) cors = require(koa-cors) json = require(koa-json) errorHandler = require(koa-onerror) bodyParser = require(koa-body)() app = koa() routes = new router()
function render(controller action)
routes start
routesget( todos render(todos all))routespost( todos bodyParser render(todos create))routesget( todosid render(todos show))routesdel( todosid render(todos delete))routespatch(todosid bodyParser render(todos update))routesdel( todos render(todos deleteAll))
appuse(require(appmiddlewaresrequest_logger)())appuse(json())appuse(cors(methods [GET PUT POST PATCH DELETE]))appuse(routesmiddleware())
errorHandler(app)
applisten(Number(processenvPORT || 9000))
Knexjs frameworkKnexjs is a batteries included SQL query builder for Postgres MSSQL MySQL MariaDB SQLite3 Oracle and Amazon Redshift designed to be flexible portable and fun to use We do not support the creation of tables for this framework Example
Define database config
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
var koa = require(koa) router = require(koa-router) cors = require(koa-cors) json = require(koa-json) errorHandler = require(koa-onerror) bodyParser = require(koa-body)() app = koa() routes = new router()
function render(controller action)
routes start
routesget( todos render(todos all))routespost( todos bodyParser render(todos create))routesget( todosid render(todos show))routesdel( todosid render(todos delete))routespatch(todosid bodyParser render(todos update))routesdel( todos render(todos deleteAll))
appuse(require(appmiddlewaresrequest_logger)())appuse(json())appuse(cors(methods [GET PUT POST PATCH DELETE]))appuse(routesmiddleware())
errorHandler(app)
applisten(Number(processenvPORT || 9000))
Knexjs frameworkKnexjs is a batteries included SQL query builder for Postgres MSSQL MySQL MariaDB SQLite3 Oracle and Amazon Redshift designed to be flexible portable and fun to use We do not support the creation of tables for this framework Example
Define database config
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
const Config = require(config)
moduleexports = client postgresql connection ConfigDATABASE_URL || database ConfigDB_NAME host ConfigDB_HOST username ConfigDB_USER password ConfigDB_PASSWORD
Create bookshelf from Knex and Bookshelf
const DatabaseConfig = require(db)
const Bookshelf = require(bookshelf)const Knex = require(knex)(DatabaseConfig)
moduleexports = Bookshelf(Knex)
Add model for bookshelf
const Bookshelf = require(utilbookshelf)
const Config = require(config)
moduleexports = BookshelfModelextend( tableName todos url function () return `$ConfigDOMAIN$thisget(id)` serialize function () return id thisget(id) title thisget(title) url thisurl() completed thisget(completed) order thisget(order) object todo )
Define method for model
const Todo = require(modelstodo)
exportsdeleteAll = () =gt hack to get around Bookshelfs lacking destroyAll return new Todo()where(id = 0)destroy() then(() =gt [])
Access model from webservice method
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
exportsregister = (server options next) =gt
serverroute([ method DELETE path config handler (request reply) =gt reply(ControllerdeleteAll()) ])
If table isnt found from external an unknown database table will be created
Nodejs MQTTControllerjs defines a publisher with a messager
function openGarageDoor () can only open door if were connected to mqtt and door isnt already open if (connected ampamp garageState == open) Ask the door to open clientpublish(garageopen true)
function closeGarageDoor () can only close door if were connected to mqtt and door isnt already closed if (connected ampamp garageState == closed) Ask the door to close clientpublish(garageclose true)
garagejs defines a subscriber as
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
clienton(connect () =gt clientsubscribe(garageopen) clientsubscribe(garageclose)
Inform controllers that garage is connected clientpublish(garageconnected true) sendStateUpdate())
clienton(message (topic message) =gt consolelog(received message s s topic message) switch (topic) case garageopen return handleOpenRequest(message) case garageclose return handleCloseRequest(message) )
Nodejs Seneca MicroserviceCreate a service
web-appjs
var seneca = require(seneca)()
seneca use(user) use(auth) use(libapijs) client(port10202pinroleoffercmd) client(port10201pinroleusercmd)
var app = express()
appuse( bodyParserjson() )appuse( senecaexport(web) )appuse( expressstatic(public) )
applisten(3000)
offer-service
require(seneca)() use(liboffer) listen(10202) ready(function() thisact(roleoffercmdprovideconsolelog) )
Define the apijs
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
moduleexports = function( options ) var seneca = thisvar plugin = api
senecaadd( roleplugin endoffer end_offer)
function end_offer( args done ) var user = argsreq$senecauser ||
thisact(roleoffercmdprovidenickusernickdone)
senecaact(roleweb useprefixapipinrolepluginendmapoffer GETtrue )
return nameplugin
offerjs
moduleexports = function( options ) var seneca = this var plugin = offer
senecaadd( roleplugin cmdprovide cmd_provide)
function cmd_provide( args done ) if( argsnick ) return done(nullproductApple)
return done(nullproductOrange)
return nameplugin
When a service sends an action (senecaact())
It may be to create a webservice with - see roleweb httpsgithubcomsenecajsseneca-webblobmasterdocsproviding-routesmdAn action to call the senecaadd
Click to enlarge
Webservice RestAPI
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
senecaact(rolewebuse prefixproduct pinroleapiproduct startware verify_token map star GETtrue aliasidstar handle_star PUTtrue DELETEtrue POSTtrue aliasidstar
Click to enlarge
Supported Nodejs versions
Version Support Comment
v0x No longer supported
v4x LTS
v5x Based on Javascript ES6
v6x Based on Javascript ES6
v7x Based on Javascript ES6
v8x
v9x
v10x
v11x
Function Point Quality and Sizing supportThis extension provides the following support
Function Points (transactions) a green tick indicates that OMG Function Point counting and Transaction Risk Index are supportedQuality and Sizing a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Function Points(transactions)
Quality and Sizing
Comparison with existing support for JavaScript in CAST AIPCAST AIP has provided support for analyzing JavaScript via its (provided out of box in CAST AIP) for some time now The JEE and NET analyzers HTML
(on which the extension depends) also provides support for JavaScript but with a focus on web applications CAST 5JavaScript extension Nodejshighly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application however you should take note of the following
You should ensure that you configure the extension to NOT analyze the back end web client part of a NET or JEE applicationYou should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5JavaScript that communicates with the back end web client part of a NET or JEE applicationIf the back end web client part of a NET or JEE application is analyzed with the Nodejs extension and with the native NETJEE analyzers then your results will reflect this - there will be duplicate objects and links (ie from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data
Note that in CAST AIP 83x support for analyzing JavaScript has been withdrawn from the JEE and NET analyzers
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
CAST AIP compatibilityThis extension is compatible with
CAST AIP release Supported
83x
82x
81x
80x
734 and all higher 73x releases
Supported DBMS servers
DBMS Supported
CSS
Oracle
Microsoft SQL Server
Prerequisites
An installation of any compatible release of CAST AIP (see table above)
Dependencies with other extensionsSome CAST extensions require the presence of other CAST extensions in order to function correctly The extension requires that the following Nodejsother CAST extensions are also installed
HTML5JavaScriptWeb services linker service (internal technical extension)
Download and installation instructionsPlease see
Download an extensionInstall an extension
Packaging delivering and analyzing your source codeOnce the extension is downloaded and installed you can nowpackage your source code and run an analysis The process of packaging delivering and analyzing your source code is described below
Packaging and delivery
Note that when using the to download the extension and the interface in CAST Extension Downloader Manage Extensions CAST Server to install the extension any dependent extensions are downloaded and installed for you You do not need to do Manager automatically
anything
The latest of this extension can be seen when downloading it from the CAST Extend serverrelease status
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Using AIP Console
Advanced onboarding - add a new version and deliver source codeAdvanced onboarding - validate and accept the version
Using CAST Management Studio
create a new Versioncreate a new for your Nodejs source code using the optionPackage Files on your file system
Define the of your Application source coderoot folder
Run the Package actionBefore delivering the source code check the packaging results
Note that the extension does not contain any CAST Delivery Manager Tool therefore no jQuery jQuery discoverers or extractorsprojects will be detected However the extension will be automatically installed Web Files Discoverer (it is a shipped extension which
and will automatically detect projects as if specific files are delivered therefore ensuring that means it is delivered with AIP Core) HTML5 A are created for your source codenalysis Units
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
the CAST Delivery Manager Tool will find any projects related to the Nodejs application source code - this is thenot exp However if your related source code is part of a larger application (for example a JEE ected behaviour Nodejs
application) then other projects may be found during the package action (click to enlarge)
With the Web Files Discoverer
If you are using the Web Files Discoverer the following will occur
the CAST Delivery Manager Tool will (see for more automatically detect HTML5 file projects Web Files Discoverertechnical information about how the discoverer works) related to the Nodejs application source code In addition if your Nodejs related source code is part of a larger application (for example a JEE application) then other projects may also be found during the package action (click to enlarge)
Deliver the Version
Analyzing
Using AIP Console
AIP Console exposes the technology configuration options once a version has been or an Click acceptedimported analysis has been run Univers in the gt tab to display the available options for your Nodejs source codeal Technology (3) Config (1) Analysis (2)
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Then choose the relevant to view the configurationAnalysis Unit (1)
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Using the CAST Management Studio
Accept and deploy the in the CAST Management StudioVersion
Without the Web Files Discover
If you are not using the the following will occurWeb Files Discoverer
No will be created automatically relating to the Nodejs source code - this is the Analysis Units expected behaviourHowever if your Nodejs related source code is part of a larger application (for example a JEE application) then other Analysis Units may be created automatically
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
In the add a new Analysis Unit specifically for your Nodejs source code selecting the Current Version tab Add new optionUniversal Analysis Unit
Edit the new Analysis Unit and configure in the Source Settings taba for the Analysis Unit nameensure you tick the option (the Nodejs extension depends on the extensHTML5JavaScript HTML5 and JavaScription - and therefore the Universal Analyzer language for the AngularJS extension is set as )HTML5JavaScriptdefine the of the deployed source code (the CAST Management Studio will locate this location Nodejsautomatically in the folder)Deployment
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Run a on the Analysis Unit before you generate a test analysis new snapshot
With the Web Files Discoverer
If you are using the the following will occurWeb Files Discoverer
HTML5 Analysis Units will be created (see for more technical information about automatically Web Files Discovererhow the discoverer works) related to the application source code In addition if your related source code Nodejs Nodejsis part of a larger application (for example a JEE application) then other Analysis Units may also be created
There is nothing further to do you can now run a on the Analysis Unit before you generate a new snapshottest analysis
Analysis warning and error messages
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Message ID
Message Type
Logged during
Impact Remediation Action
NODEJS-001
Warning Analysis An internal issue occured when parsing a statement in a file A part of a file was badly analyzed
Contact CAST Technical Support
What results can you expectOnce the analysissnapshot generation has completed you can view the results in the normal manner (for example via CAST Enlighten)
Nodejs application with MongoDB data storage exposing web services
Objects
The following specific objects are displayed in CAST Enlighten
Icon Description
Nodejs Application
Nodejs Port
Nodejs Delete Operation Service
Nodejs Get Operation Service
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Nodejs Post Operation Service
Nodejs Put Operation Service
Nodejs Service
Nodejs Express Use
Nodejs Express Controller
Nodejs Get Http Request Service
Nodejs Post Http Request Service
Nodejs Put Http Request Service
Nodejs Delete Http Request Service
Nodejs Unknown Database
Nodejs Collection
Nodejs Memcached Connection
Nodejs Memcached Value
Nodejs Call to Java Program
Nodejs Call to Generic Program
Nodejs Ecosystem
Nodejs comes with numerous libraries and frameworks bringing data acces web services calls microservices architectures This list contains all supported libraries
Library Comment Data Access Web Service
Express Nodejs application framework
Mongoose MongoDB access
Mode-mongodb-native MongoDB access
Mongo-client MongoDB access
Couchdb Couchdb access
Node-couchdb Couchdb access
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Couchdb-nano Couchdb access
Marklogic Marklogic access
my_connection MySQL access
pg PostgreSQL access
oracledb Oracle Database access
Hapi Nodejs application framework
Sails Nodejs application framework
Loopback Nodejs application framework
Koa Nodejs application framework
Knex Nodejs SQL query builder
Memcached Storage framework
AWSDynamoDB Amazon database access
AWSS3 Amazon storage service
AWSLambda Amazon routing solution
CosmosDB Microsoft Azure NoSQL Database solution
External link behavior
Behaviour is different depending on the version of CAST AIP you are using the extension with
From SQL queries are sent to the external links exactly like standard CAST AIP analyzers736From and a degraded mode takes place The Nodejs extension analyzes the FROM clause to retrieve table names then 734 before 736sends the table names only to external linksFor if no links are found via external links unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table)all versions
Connector per RDBMS Vendor
Oracle oracledb connector
Connector oracledb
var oracledb = require(oracledb)connection = oracledbgetConnection( user hr password welcome connectString localhostXE )connectionexecute( SELECT department_id department_name FROM departments WHERE department_id lt 70 function(err result) if (err) consoleerror(err) return consolelog(resultrows) )
MS SQL node-sqlserver and mssql connectors
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Connector node-sqlserver
var sql = require(node-sqlserver)var connStr = Driver=SQL Server Native Client 110Server=myySqlDb1433Database=DBUID=HenryPWD=catvar query = SELECT FROM GAData WHERE TestID = 17sqlopen(connStr function(errconn) if(err) return consoleerror(Could not connect to sql err) connqueryRaw(SELECT TOP 10 FirstName LastName FROM authors function (err results) if (err) consolelog(Error running query) return for (var i = 0 i lt resultsrowslength i++) consolelog(FirstName + resultsrows[i][0] + LastName + resultsrows[i][1]) ))var match = crombiesqlquery(conn_str SELECT FirstName LastName FROM titles WHERE LastName LIKE [match] function (err results) for (var i = 0 i lt resultslength i++) consolelog(FirstName + results[i]FirstName + LastName + results[i]LastName) )
Connector mssql
var sql = require(mssql)var config = user password server localhost You can use localhostinstance to connect to named instance database options encrypt true Use this if youre on Windows Azure var connection = new sqlConnection(config function(err) error checks Query var request = new sqlRequest(connection) or var request = connectionrequest() requestquery(select from authors function(err recordset) error checks consoledir(recordset) ) Stored Procedure var request = new sqlRequest(connection) requestinput(input_parameter sqlInt 10) requestoutput(output_parameter sqlVarChar(50)) requestexecute(procedure_name function(err recordsets returnValue) error checks consoledir(recordsets) ) )
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
PostgreSQL pg connector
Connector pg
var pg = require(pg)var conString = pgoperatorCastAIPlocalhost2280postgresvar client = new pgClient(conString)clientconnect()var querySchemas = clientquery(select nspname from pg_catalogpg_namespace)querySchemason(row function (row result) use strict resultaddRow(row))querySchemason(end function (result) use strict consolelog(resultrows) clientend())
MySQL my_connection connector
Connector my_connection
var connection = require(my_connection)connectionquery(my_url function result_getCatLogDetails(getCatLogDetails_err getCatLogDetails_rows getCatLogDetails_fields) if (getCatLogDetails_err) logContent += |ERROR+ logContent += getCatLogDetails_errmessage+ utilslogAppDetails(logContent) deferredreject(new Error(getCatLogDetails_err)) else deferredresolve(getCatLogDetails_rows) )
Connector per NoSQL Vendor
Even if we dont have NoSQL server side representation we will create a client side representation based on the API access Nodejs analyzer will create links from Javascript functions to NoSQL Database or Tables equivalents
Azure Cosmos DB
See Azure Cosmos DB support for Nodejs source code
CouchDB connector
See CouchDB support for Nodejs source code
DynamoDB
See DynamoDB support for Nodejs source code
MarkLogic marklogic connector
See MarkLogic support for Nodejs source code
MongoDB mongoose connector
See MongoDB support for Nodejs source code
Memcached
See Memcached support for Nodejs source code
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Amazon Web Services (AWS)
See Amazon Web Services - AWS
Call to Program
NodeJS extension now supports call to external programs using the modulechild-process
These declaration create a call to a java programJAR file
const exec = require(child_process)exec
exec(java -cp comcastsoftwareArchive -jar jarFilejar (e stdout stderr) =gt if (e instanceof Error) consoleerror(e) throw e
consolelog(stdout stdout) consolelog(stderr stderr))
const cp = require(child_process)const class_name = comcastsoftwareFoo
function call_foo(req resp) const args = [ -cp bin class_name ] const proc = cpspawn(java args)
The function is not handled as its only purpose is to fork nodejs programsfork()
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
These declarations creates a call to a Python Program
const execFile = require(child_process)execFileconst python_file = apppy
const child = execFile(python [python_file] (error stdout stderr) =gt
if (error) consoleerror(stderr stderr) throw error consolelog(stdout stdout))
SQL Named Query
When executing an sql query directly a object will be createdCAST SQL NamedQuery
var oracledb = require(oracledb)
connection = oracledbgetConnection( user hr password welcome connectString localhostXE )
oracledbgetConnection( user hr password welcome connectString localhostXE function(err connection) if (err) consoleerror(err) return connectionexecute( SELECT department_id department_name + FROM titles + WHERE department_id lt 70 + ORDER BY department_id function(err result) if (err) consoleerror(err) return consolelog(resultrows) ) )
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
Structural Rules
The following structural rules are provided
211-funcrel httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||211-funcrel
210-beta1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-beta1
210-alpha3 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha3
210-alpha2 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha2
210-alpha1 httpstechnologiescastsoftwarecomrulessec=srs_nodejsampref=||210-alpha1
Known LimitationsIn this section we list the most significant functional limitations that may affect the analysis of applications using Nodejs
With regard to external links degraded mode only statements with a FROM clause are correctly handledNodeJS objects are only supported for ES5 standardAnalysis of AWS Lambda function needs have access to the serverlessyml file mapping routes and handlers together
