cau-se / code-quality-configurations Goto Github PK
View Code? Open in Web Editor NEWConfiguration files for Checkstyle, PMD and Findbugs (Spotbugs)
License: MIT License
Configuration files for Checkstyle, PMD and Findbugs (Spotbugs)
License: MIT License
After qa-eclipse-plugin's PMD version was updated, check if the PMD ruleset actually works.
The Google checkstyle configuration uses allowedAbbreviationLength = 1
for the AbbreviationAsWordInName
rule. I have a class CORSResponseFilter
that violates this rule, since the abbreviation CORS
is too long.
The rule contains a allowedAbbreviations property that can handle exceptions to this rule.
Unfortunately, Checkstyle does not does not support overriding of previously defined rules at the moment (see Checkstyle issue 2873). How should be proceed with this?
I think we should modify the Google checkstyle rules, if all contributors (at the moment only @SoerenHenning) accept the modification.
Therefore I propose to add the allowedAbbreviations
property with the default values XML,URL
to the Google checkstyle section.
It seems like the Gradle plugin does know about ${config_loc}
, which however contradicts the official documentation of the plugin. Further investigation has to be done.
Error message is (using --stacktrace
):
Execution failed for task ':checkstyleMain'.
> Unable to create Root Module: config{.../checkstyle.xml}, classpath {...}
...
* Exception is:
...
Caused by: org.xml.sax.SAXException: Property ${config_loc} has not been set
The controversial PMD rule DataflowAnomalyAnalysis contains a check for undefined references.
This check is unnecessary, since Eclipse itself will report the error and the Java compiler will eventually fail. Additionally, it has a high false positive rate. The following example would violate the rule:
for (final String role : rolesAllowed) {
if (requestContext.getSecurityContext().isUserInRole(role)) {
return;
}
}
I propose to disable the UR section of the rule as shown in this SO-post.
Gradle enables users to use a "inheritance-alike" feature for the build.gradle
file of a project. Essentially, this allows developers to provide seperated NAME.gradle
files (so-called script plugins) that contain dependencies and tasks for a single topic, e.g., quality assurance.
To apply this feature, one has to use the apply from notation.
In addition with the new (Gradle 4.8) "TextResources can now be fetched from a URI" feature, we should be able to provide a so-called script plugin file for our quality assurance.
I tested this and with a small change to the SpotBugs plugin declaration and an updated version of the Gradle Wrapper (4.8), I was able to include a script plugin file based on our build.gradle
.
Unfortunately, Gradle 4.8 is not yet supported by default in the Eclipse Buildship Plugin. We might be able to update the Buildship Plugin ourselves via http://download.eclipse.org/buildship/updates/e48/releases/ and use this overall awesome feature for quality assurance.
P.S. Checkstyle suppression are not possible to be outsourced via URL due to the Checkstyle implementation. Therefore, the checkstyle-suppression.xml
is still required per project. This is not bad, since the suppression should be project dependent.
PMD however uses an embedded exclude/include approach in the pmd.xml
file. This is a problem, since we cannot allow project dependent excludes. Is there a workaorund, such as using a further file for PMD exclude/includes?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.