Re: [Codenarc-developer] A M.Sc. thesis on CodeNarc (in progress) - any suggestions?
Brought to you by:
chrismair
From: Artur G. <art...@gm...> - 2013-03-18 20:59:00
|
Hamlet, I believe you wanted this on the mailing list as well :) On 18 March 2013 09:38, Hamlet D'Arcy <ham...@gm...> wrote: > One of the features of Groovy 2.0 is the static typing option. Supposedly, > the static types of variables, parameters, and fields are now somewhere in > the AST. I don't know for sure how reliable the data is, but my expectation > is that if we find a bug or missing type information that the Groovy team > would consider it a defect and fix the issue. So it is sort of a safe > feature to use. > > Someone correct me if I am wrong, but I believe that CodeNarc is not > currently using this data during analysis. I recommend working on using > this new type information to drive rules. Thanks for the idea! I guess, however, that this would demand migrating CodeNarc to groovy 2.0 or later? Will CodeNarc-dependent libs be ok with that? > You will have to look through other products' rulesets and just pick out > some rules that require advanced type information. For example, there might > be a rule named "don't do X on a File object". In the past we never knew if > a parameter or variable was really a File so we could not write the rule. > But with Groovy 2.0 we do know. A real example, is don't call > File.getText() within a loop because it would read the entire contents of a > file into a String on every iteration. Here are some rulesets from other > products: > > * http://www.hpenterprisesecurity.com/vulncat/en/vulncat/index.html > * > http://www.klocwork.com/products/documentation/current/Java_checker_reference > * > https://www.securecoding.cert.org/confluence/display/java/The+CERT+Oracle+Secure+Coding+Standard+for+Java > * http://pmd.sourceforge.net/pmd-5.0.2/rules/index.html > * http://findbugs.sourceforge.net/bugDescriptions.html > > Good luck! > Thanks! What do you think about the stats collection idea? Do you have any info on adoption of new versions of CodeNarc? Best regards, Artur Gajowy |