Add new coding rule to find hardcoding present in the java code.
835 views
Skip to first unread message
munle...@gmail.com
Jan 3, 2017, 3:47:48 AM1/3/17
to SonarQube
Hi,
I would like to add a new coding rule to find the hard coding present in the Java code.
munle...@gmail.com
Jan 3, 2017, 3:52:31 AM1/3/17
to SonarQube, munle...@gmail.com
Hi,I would like to add a new coding rule to find the hard coding present in the Java code.Please let me know if this contribution will be accepted.
Please find below the compliant solution and noncompliant solution for the rule.
Noncompliant Solution
String uname = "steve";
int count = 10;
private static final String tname = "mona";
static char[] ebcdicToAscii = {/* 0- */0x00, 0x01, 0x02, 0x03, ' ', 0x09, ' ', 0x7F, ' ', ' ', ' ', 0x0B}
private boolean QStateNew_screenEdit2000 = false;
private final int CHECKCOMPANY2040 = 3;
public long cnt = 10l;
public double temoCount =10d;
Compliant Solution
public static final ConstantCategory ALPHABETIC = ConstantCategory.ALPHABETIC;
public static final FieldType COMMON = FieldType.COMMON;
public static final Constant HIVALUE = ConstantHIVAL.getInstance();
for(int i=0;)
String str = null;
Nicolas Peru
Jan 3, 2017, 8:08:47 AM1/3/17
to munle...@gmail.com, SonarQube
Hi,
I am really not sure what you would want such a rule : what is the goal ? why the pattern you describe as noncompliant are "bad" ? What is the reasoning behind this ?
With the very little information you provide it is for certain we won't go for such a rule so I can only suggest you to have a look at custom rules for Java : http://docs.sonarqube.org/display/PLUG/Writing+Custom+Java+Rules+101
HTH,
Cheers,
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/3467473a-1a3a-472e-9d74-b2744dee2966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Muneera Malik
Jan 3, 2017, 10:42:42 PM1/3/17
to Nicolas Peru, SonarQube
Hi,
Thank you for the reply.
The idea behind the rule was to avoid the use of hardcoding in the java code and encourage the usage of Constants Class to store the Constants required in the programs.
The reason why coding rule was opted over custom rule was the sonar lint support available for coding rule.
If this hard-coding check rule is implemented as Custom rule can that be contributed.
Regards,
Malik Muneera
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/3467473a-1a3a-472e-9d74-b2744dee2966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Regards,
Malik Muneera
Nicolas Peru
Jan 4, 2017, 3:04:57 AM1/4/17
to Muneera Malik, SonarQube
Hi,
AFAI understand you want to raise issue on literals : String, boolean, chars, int, long, etc.
Just a note here : how would you distinguish between legitimate usecases of literals and their constant definition ?
This rule would not really make sense as a general purpose rule that's why I encourage you to go for a custom rule if you want to implement it. If you want SonarLint support for it you can always use connected mode.
HTH
Cheers,
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/3467473a-1a3a-472e-9d74-b2744dee2966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--Regards,Malik Muneera
Muneera Malik
Jan 4, 2017, 10:40:46 PM1/4/17
to Nicolas Peru, SonarQube
Hi Nicolas,
Please find my answer below
1Q)how would you distinguish between legitimate usecases of literals and their constant definition ?
Ans)I defined some Pattern like below ,and will match the variable initialization against the pattern defined.If the pattern matches then it is not marked as issue.
private static final Pattern CONSTANT_VARIABLE_PATTERN = Pattern.compile("(Constant| FieldType)",
Pattern.CASE_INSENSITIVE);
This approach is similar to existing sonar coding rule HardCodedCredentialsCheck which uses
private static final Pattern PASSWORD_VARIABLE_PATTERN = Pattern.compile("(password|passwd|pwd)", Pattern.CASE_INSENSITIVE);
2Q)SonarLint support for it you can always use connected mode.
Ans)Currently sonar lint
doesn’t analyze custom rules extended by Java in eclipse
Please suggest on how we can analyze custom rules using SonarLint on eclipse.
Regards,
Malik Muneera
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/3467473a-1a3a-472e-9d74-b2744dee2966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--Regards,Malik Muneera
--
Regards,
Malik Muneera
Julien HENRY
Jan 5, 2017, 3:58:33 AM1/5/17
to SonarQube, nicola...@sonarsource.com, munle...@gmail.com
Hi guys,
Sorry, FAQ was outdated. Custom rules are supported in last releases of SonarLint. Note that you may have to do some small changes in your custom rules (especially for Java custom rules). Look at:
https://github.com/SonarSource/sonar-custom-rules-examples/blob/master/java-custom-rules/pom.xml#L16
++
Julien
Muneera Malik
Jan 5, 2017, 4:55:11 AM1/5/17
to Julien HENRY, SonarQube, Nicolas Peru, mmal...@csc.com, rkum...@csc.com
Thank you Julien for the references provided.
I will go though them and incorporate them in Custom Rule creation
Once done can the new Hard Coding custom rule developed be contributed to Sonar Custom Rules repository.
Regards,
Malik Muneera
--
Regards,
Malik Muneera
Julien HENRY
Jan 5, 2017, 5:16:39 AM1/5/17
to Muneera Malik, SonarQube, Nicolas Peru, mmal...@csc.com, rkum...@csc.com
2017-01-05 10:55 GMT+01:00 Muneera Malik <munle...@gmail.com>:
Once done can the new Hard Coding custom rule developed be contributed to Sonar Custom Rules repository.
What do you mean? What is "Sonar Custom Rules repository" ?
Muneera Malik
Jan 5, 2017, 9:24:45 PM1/5/17
to Julien HENRY, SonarQube, Nicolas Peru, mmal...@csc.com, rkum...@csc.com
Hi,
Sonar custom rules can be found in this repository https://github.com/SonarSource/sonar-custom-rules-examples/tree/master/java-custom-rules,
I was referring to this repository
--
Regards,
Malik Muneera
Julien HENRY
Jan 6, 2017, 2:46:47 AM1/6/17
to Muneera Malik, SonarQube, Nicolas Peru, mmal...@csc.com, rkum...@csc.com
Hi Malik,
This repository is not intended to become a marketplace of custom rules that users may decide to pick. It is intended to contain one example (per language) of how to write a custom rule. This is more technical than functional. If you think your custom rule can be useful for many and you would like to share it, please create a new topic to ask if it could be added mainstream in the SonarJava analyzer.
++
Julien
Reply all
Reply to author
Forward
0 new messages