Re: [Codenarc-developer] (no subject)
Brought to you by:
chrismair
Menu
▾
▴
Re: [Codenarc-developer] (no subject)
|
From: Brian S. <bri...@ta...> - 2014-01-30 21:08:32
|
As it turns out, CodeNarc can't detect the Grails interfaces so I ended up reverting to the basic property and variable name checks. It's not ideal, but I don't see another way at this point. I ran it through our production code base and it seems solid (no false positives and a good number of hits). It's possible that's just due to our devs sticking to convention and our codebase. I'm not sure what your bar for fragility is but here's the test (caveat: I started learning groovy 2 weeks ago): https://github.com/soby/CodeNarc/blob/master/src/main/groovy/org/codenarc/rule/security/MassAssignmentRule.groovy On Wed, Jan 29, 2014 at 4:15 PM, Chris Mair <chr...@ea...> wrote: > Re: running custom rules from the Grails *CodeNarc* plugin, unfortunately: > > > > http://grails.org/plugin/codenarc > > > > *Note that your custom ruleset cannot refer to a custom rule defined > within the Grails application. This is due to a Grails classpath issue, > discussed here > <http://grails.1312388.n4.nabble.com/Can-a-plugin-use-an-application-level-class-td3330014.html>.* > > > > It sounds like you could put the rule into another plugin or maybe a jar? > I know, not cool... L > > > > *From:* Brian Soby [mailto:bri...@ta...] > *Sent:* Wednesday, January 29, 2014 6:27 PM > *To:* Artur Gajowy > *Cc:* cod...@li... > *Subject:* Re: [Codenarc-developer] (no subject) > > > > Hi Artur, > > > > Changing the phase worked with my test case to detect the interface once I > started using AstUtil.classNodeImplementsType for the check. The > outstanding question I had was whether I could skip doing the grails import > of org.codehaus.groovy.grails.commons.GrailsDomainClass by declaring a > simple GrailsDomainClass interface in the rule and checking for that. It > looks like some of the checks done by AstUtil.classNodeImplementsType may > match on simple class name while omitting the package name, which > presumably would work. > > > > The other problem I ran into was how to run my custom CodeNarc rules in > the grails codenarc plugin. Any ideas here? I see comments saying it's not > trivially done. > > > > Thanks > > -Brian Soby > > > > On Wed, Jan 29, 2014 at 2:06 PM, Artur Gajowy <art...@gm...> > wrote: > > Did you change your rule's compilerPhase to SEMANTIC_ANALYSIS or greater? > It should detect the GrailsDomainClass interface in your test, however I'm > not sure if it would detect the implicit interface implementation done by > Grails. > > > > Be aware of the limitations: > > http://codenarc.sourceforge.net/codenarc-enhanced-classpath-rules.html > > https://github.com/CodeNarc/CodeNarc/pull/27 > > https://github.com/CodeNarc/CodeNarc/issues/29 > > > > If, however, you're ok with running CodeNarc as a test in your project, > the classpath problems won't affect you. On the other hand - CodeNarc users > running it without Grails classes on classpath won't be able to benefit > from the rule. > > > > If you decide to implement the rule - make sure you get the > GrailsDomainClass interface's package right and test it on a real project :) > > > > Best regards, > > Artur Gajowy > > > > On 29 January 2014 19:21, Brian Soby <bri...@ta...> wrote: > > Hi all, > > > > I'm working on a mass assignment rule ( > http://sourceforge.net/p/codenarc/feature-requests/392/) and I can't seem > to get type or interface based detection to work. Here's my test code: > > > > public interface GrailsDomainClass {} > > class Person implements GrailsDomainClass { > > String name > > Boolean isAdmin > > } > > params = [name: 'John', isAdmin: true] > > def person = new Person(params) > > > > Ideally, I'd 1) visit the Person constructor 2) Check that it implements > GrailsDomainClass 3) and check that the parameter implements java.util.Map. > Unfortunately, getInterfaces()/getAllInterfaces() seems to always return an > empty set. I've resorted to checking for a variable named "params" but that > seems too fragile. Is there anything I can do to have more robust type and > interface information available? > > > > Thanks > > -Brian Soby > > > > > > > > > ------------------------------------------------------------------------------ > WatchGuard Dimension instantly turns raw network data into actionable > security intelligence. It gives you real-time visual feedback on key > security issues and trends. Skip the complicated setup - simply import > a virtual appliance and go from zero to informed in seconds. > > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk > _______________________________________________ > Codenarc-developer mailing list > Cod...@li... > https://lists.sourceforge.net/lists/listinfo/codenarc-developer > > > > > |
