Request for inclusion of VisibleForTesting plugin
166 views
Skip to first unread message
Frank Jakop
Jan 4, 2016, 9:15:34 AM1/4/16
to SonarQube
Hello,
we developed a new SQ plugin for Java which contains rules for detecting illegal access and illegal use of @VisibleForTesting from the guava-library. The main 2 aspects were finding production code, whih uses methods & fields annotated with @VisibleForTesting and finding erroneously annotated test code, e.g. public methods.
Homepage is https://github.com/arxes-tolina/sonar-plugins/
The binaries can be found here: https://github.com/arxes-tolina/sonar-plugins/releases/download/0.0.2/sonar-vft-plugin-0.0.2.jar
Tested with SQ 5.1.2 & 5.2
Please let me know if anything is amiss and be gentle, since these are our first footsteps into the OSS world.
Best Regards
Frank
G. Ann Campbell
Jan 5, 2016, 11:55:09 AM1/5/16
to SonarQube
Hi Frank,
First, I've added your plugin to the wiki: http://docs.sonarqube.org/display/PLUG/Other+Plugins
It's not clear from your github README.md what the name of the plugin is - I had to check the pom file, so you might want to clarify that.
As to the plugin itself, you might want to add some <code/> tags where appropriate in the rule descriptions. You also probably want to add technical debt definitions for the rules.
Beyond that, I'm not familiar with the @VisibleForTesting annotation, so I'm not sure if I did it right, but I wasn't able to raise any issues with the plugin.
in
public class Dummy {
@VisibleForTesting
void blah(){
}
@VisibleForTesting
protected void bleh(){
}
@VisibleForTesting
public void bloh(){
}
}
I really expected to get a MisuseOfVisibleForTesting issue on at least one of those methods.
And then in
public class Grandchild extends AbstractChild {
public void doNothing(){
Dummy d = new Dummy();
d.blah();
}
}
I expected to see an UnexpectedAccessToVisibleForTesting issue, but didn't get one.
Ann
Frank Jakop
Jan 11, 2016, 11:03:01 AM1/11/16
to SonarQube
Hello Ann,
thanks for the reply, I will provide a demo maven java project tomorrow.
Frank
Frank Jakop
Jan 12, 2016, 2:59:26 AM1/12/16
to SonarQube
I've attached a sample maven project. If you activate both rules in a quality profile an run sonar analysis you should get 24 issues.
There should be 12 times a "misuse" issue and 12 times "unexpected access" issue.
As of technical debt: I'm not happy with this metric at all, because imo it's normally hard to impossible as a rule author to consider the impact on the analysed code. So fixing a misuse of @VisibleForTesting
may be removing the annotation and setting the member/method to private in the best case, which would infer a technical debt of about 5 minutes. The worse woud be a reliance on the visibility of this member/method in production code which would result in a larger refactoring for issue resolution.
may be removing the annotation and setting the member/method to private in the best case, which would infer a technical debt of about 5 minutes. The worse woud be a reliance on the visibility of this member/method in production code which would result in a larger refactoring for issue resolution.
So I could add some technical debt, if you like, but I'm not convinced of its meaning.
With <code/> tags you mean the java code examples for (non-)compliant code in the descriptions?
Regarding the README.md: Do you have any examples of a "well-formed" README in other plugins? I have to gain knowledge and best practice on which information should be presented where.
Thanks in advance
Frank
Frank Jakop
Jan 12, 2016, 3:42:45 AM1/12/16
to SonarQube
As for the descriptions of the individual checks I noticed that it's possible to put the description into a separate html file, as e.g. with sonar-java/java-checks/src/main/resources/org/sonar/l10n/java/rules/squid/S2293.html used in sonar-java/java-checks/src/main/java/org/sonar/java/checks/DiamondOperatorCheck.java
Is there any documentation about which convention to follow to use a separate html description file?
G. Ann Campbell
Jan 12, 2016, 3:16:33 PM1/12/16
to Frank Jakop, SonarQube
Thanks for the example, Frank. Now I know why mine didn't work. I imported org.assertj.core.util.VisibleForTesting not com.google.common.annotations.VisibleForTesting.
Regarding technical debt, I understand your view.
Regarding code tags, I meant that you might want to use them to set off special words in your description. I.e. instead of this:
You must use @VisibleForTesting annotation only at package-private methods or package-private fields.
this
You must use @VisibleForTesting annotation only at package-private methods or package-private fields.
Regarding README.md, you might take a look at https://github.com/iwarapter/sonar-puppet, or https://github.com/QualInsight/qualinsight-plugins-sonarqube-smell.
Ann
On Tue, Jan 12, 2016 at 3:42 AM, Frank Jakop <frank...@gmail.com> wrote:
As for the descriptions of the individual checks I noticed that it's possible to put the description into a separate html file, as e.g. with sonar-java/java-checks/src/main/resources/org/sonar/l10n/java/rules/squid/S2293.html used in sonar-java/java-checks/src/main/java/org/sonar/java/checks/DiamondOperatorCheck.javaIs there any documentation about which convention to follow to use a separate html description file?
--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/Y5VJxYAUBWo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/86921cd2-fca9-4367-b926-30049d96dd72%40googlegroups.com.
Frank Jakop
Jan 13, 2016, 10:39:20 AM1/13/16
to SonarQube
Hi Ann,
I've incorporated the changes in README.md and rule description. Nevertheless it would be fine if someone could give me a hint how to use html description files, since adding much text in the @Rule's description parameter is not handy and hard to read.
Is there anything else to do before I do the next release?
Cheers
Frank
G. Ann Campbell
Jan 15, 2016, 12:37:39 PM1/15/16
to Frank Jakop, SonarQube
I don't feel competent to answer this @Frank. Try opening a new, dedicated thread.
--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/Y5VJxYAUBWo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/0383d1f2-23a7-4e28-9111-cbfbac7e6f4a%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages