Request for inclusion of VisibleForTesting plugin

[Frank Jakop]

Hello,

we developed a new SQ plugin for Java which contains rules for detecting illegal access and illegal use of @VisibleForTesting from the guava-library. The main 2 aspects were finding production code, whih uses methods & fields annotated with @VisibleForTesting and finding erroneously annotated test code, e.g. public methods.

Homepage is https://github.com/arxes-tolina/sonar-plugins/

The binaries can be found here: https://github.com/arxes-tolina/sonar-plugins/releases/download/0.0.2/sonar-vft-plugin-0.0.2.jar

Tested with SQ 5.1.2 & 5.2

Please let me know if anything is amiss and be gentle, since these are our first footsteps into the OSS world.

Best Regards

Frank

[G. Ann Campbell]

Hi Frank,

First, I've added your plugin to the wiki: http://docs.sonarqube.org/display/PLUG/Other+Plugins

It's not clear from your github README.md what the name of the plugin is - I had to check the pom file, so you might want to clarify that.

As to the plugin itself, you might want to add some <code/> tags where appropriate in the rule descriptions. You also probably want to add technical debt definitions for the rules.

Beyond that, I'm not familiar with the @VisibleForTesting annotation, so I'm not sure if I did it right, but I wasn't able to raise any issues with the plugin.

in 

public class Dummy {

@VisibleForTesting
void blah(){

}

@VisibleForTesting
protected void bleh(){

}

@VisibleForTesting
public void bloh(){

}

}

I really expected to get a MisuseOfVisibleForTesting issue on at least one of those methods.

And then in 

public class Grandchild extends AbstractChild {

  public void doNothing(){
    Dummy d = new Dummy();
    d.blah();
  }
}

I expected to see an UnexpectedAccessToVisibleForTesting issue, but didn't get one.

Ann

[Frank Jakop]

Hello Ann,

thanks for the reply, I will provide a demo maven java project tomorrow.

Frank

[Frank Jakop]

I've attached a sample maven project. If you activate both rules in a quality profile an run sonar analysis you should get 24 issues. 

There should be 12 times a "misuse" issue and 12 times "unexpected access" issue.

As of technical debt: I'm not happy with this metric at all, because imo it's normally hard to impossible as a rule author to consider the impact on the analysed code. So fixing a misuse of @VisibleForTesting
may be removing the annotation and setting the member/method to private in the best case, which would infer a technical debt of about 5 minutes. The worse woud be a reliance on the visibility of this member/method in production code which would result in a larger refactoring for issue resolution.

So I could add some technical debt, if you like, but I'm not convinced of its meaning.

With <code/> tags you mean the java code examples for (non-)compliant code in the descriptions?

Regarding the README.md: Do you have any examples of a "well-formed" README in other plugins? I have to gain knowledge and best practice on which information should be presented where.

Thanks in advance

Frank

[Frank Jakop]

As for the descriptions of the individual checks I noticed that it's possible to put the description into a separate html file, as e.g. with sonar-java/java-checks/src/main/resources/org/sonar/l10n/java/rules/squid/S2293.html used in sonar-java/java-checks/src/main/java/org/sonar/java/checks/DiamondOperatorCheck.java

Is there any documentation about which convention to follow to use a separate html description file?

[G. Ann Campbell]

Thanks for the example, Frank. Now I know why mine didn't work. I imported org.assertj.core.util.VisibleForTesting not com.google.common.annotations.VisibleForTesting.

Regarding technical debt, I understand your view.

Regarding code tags, I meant that you might want to use them to set off special words in your description. I.e. instead of this:

You must use @VisibleForTesting annotation only at package-private methods or package-private fields.

this

You must use @VisibleForTesting annotation only at package-private methods or package-private fields.

Regarding README.md, you might take a look at https://github.com/iwarapter/sonar-puppet, or https://github.com/QualInsight/qualinsight-plugins-sonarqube-smell.

Ann

---

G. Ann CAMPBELL | SonarSource

Product Owner

http://sonarsource.com

On Tue, Jan 12, 2016 at 3:42 AM, Frank Jakop <frank...@gmail.com> wrote:

As for the descriptions of the individual checks I noticed that it's possible to put the description into a separate html file, as e.g. with sonar-java/java-checks/src/main/resources/org/sonar/l10n/java/rules/squid/S2293.html used in sonar-java/java-checks/src/main/java/org/sonar/java/checks/DiamondOperatorCheck.java

Is there any documentation about which convention to follow to use a separate html description file?

--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/Y5VJxYAUBWo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/86921cd2-fca9-4367-b926-30049d96dd72%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Frank Jakop]

Hi Ann,

I've incorporated the changes in README.md and rule description. Nevertheless it would be fine if someone could give me a hint how to use html description files, since adding much text in the @Rule's description parameter is not handy and hard to read.

Is there anything else to do before I do the next release?

Cheers

Frank

[G. Ann Campbell]

I don't feel competent to answer this @Frank. Try opening a new, dedicated thread.

---

G. Ann CAMPBELL | SonarSource

Product Owner

http://sonarsource.com

--

You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/Y5VJxYAUBWo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/0383d1f2-23a7-4e28-9111-cbfbac7e6f4a%40googlegroups.com.