Sonar Code Quality Testing Essentials
()
About this ebook
Related to Sonar Code Quality Testing Essentials
Related ebooks
Learning Continuous Integration with Jenkins Rating: 0 out of 5 stars0 ratingsModernizing Legacy Applications in PHP Rating: 0 out of 5 stars0 ratingsPerformance Testing with JMeter 2.9 Rating: 0 out of 5 stars0 ratingsHeroku Cloud Application Development Rating: 0 out of 5 stars0 ratingsJavaScript for .NET Developers Rating: 0 out of 5 stars0 ratingsJavaScript at Scale Rating: 0 out of 5 stars0 ratingsSoftware architecture A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMastering Cloud-Native Microservices: Designing and implementing Cloud-Native Microservices for Next-Gen Apps (English Edition) Rating: 0 out of 5 stars0 ratingsSpring 2.5 Aspect Oriented Programming Rating: 0 out of 5 stars0 ratingsDeveloping Web Services with Java APIs for XML Using WSDP Rating: 0 out of 5 stars0 ratingsGradle Effective Implementation Guide Rating: 3 out of 5 stars3/5Spring Security 3.x Cookbook Rating: 0 out of 5 stars0 ratingsJava Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsMastering Hibernate Rating: 0 out of 5 stars0 ratingsJava with TDD from the Beginning Rating: 0 out of 5 stars0 ratingsRestful Java Web Services Interview Questions You'll Most Likely Be Asked: Job Interview Questions Series Rating: 0 out of 5 stars0 ratingsAngular Essentials: The Essential Guide to Learn Angular Rating: 0 out of 5 stars0 ratingsRestlet in Action: Developing RESTful web APIs in Java Rating: 0 out of 5 stars0 ratingsRabbitMQ Essentials Rating: 0 out of 5 stars0 ratingsJava 9 with JShell Rating: 0 out of 5 stars0 ratingsLearning Reactive Programming with Java 8 Rating: 0 out of 5 stars0 ratingsApache Karaf Cookbook Rating: 0 out of 5 stars0 ratingsSoftware Architecture Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsChef Infrastructure Automation Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsChaos Engineering A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsApache Cordova in Action Rating: 0 out of 5 stars0 ratingsSelenium Testing Tools Interview Questions You'll Most Likely Be Asked: Job Interview Questions Series Rating: 0 out of 5 stars0 ratings
Computers For You
Standard Deviations: Flawed Assumptions, Tortured Data, and Other Ways to Lie with Statistics Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Rating: 4 out of 5 stars4/5Master Builder Roblox: The Essential Guide Rating: 4 out of 5 stars4/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsElon Musk Rating: 4 out of 5 stars4/5CompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsSQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Ultimate Guide to Mastering Command Blocks!: Minecraft Keys to Unlocking Secret Commands Rating: 5 out of 5 stars5/5The Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsMastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5Learning the Chess Openings Rating: 5 out of 5 stars5/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Alan Turing: The Enigma: The Book That Inspired the Film The Imitation Game - Updated Edition Rating: 4 out of 5 stars4/5User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Rating: 4 out of 5 stars4/5Storytelling with Data: Let's Practice! Rating: 4 out of 5 stars4/5CompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Deep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5AP® Computer Science Principles Crash Course Rating: 0 out of 5 stars0 ratingsGarageBand Basics: The Complete Guide to GarageBand: Music Rating: 0 out of 5 stars0 ratingsDark Aeon: Transhumanism and the War Against Humanity Rating: 5 out of 5 stars5/5The Professional Voiceover Handbook: Voiceover training, #1 Rating: 5 out of 5 stars5/5
Reviews for Sonar Code Quality Testing Essentials
0 ratings0 reviews
Book preview
Sonar Code Quality Testing Essentials - Charalampos S. Arapidis
Table of Contents
Sonar Code Quality Testing Essentials
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. An Overview of Sonar
What is Sonar
How it works
What makes Sonar different
Sonar in the lifecycle
Features of Sonar
Overview of all projects
Coding rules
Standard software metrics
Unit tests
Drill down to source code
Time Machine
Maven ready
User friendly
Unified components
Security measures
Extensible plugin system
Covering software quality on Seven Axes
How Sonar manages quality
Architecture of Sonar
Source code analyzers
Squid
Checkstyle
PMD
FindBugs
Cobertura and Clover
The Sonar community and ecosystem
The SonarSource company
Awards and conferences
Sonar license
Summary
2. Installing Sonar
Prerequisites for Sonar
Checking your Java installation
Installing Maven on Linux
Installing Maven on Windows
Installing MySQL on Linux
Installing MySQL on Windows
Downloading Sonar
Installing the Sonar web server
Sonar server basic configuration
Configuring MySQL
Creating the database
Setting up Sonar with MySQL
Starting Sonar as a service
Run as a service on Linux
Run as a service on Windows
Logging in to Sonar for the first time
Securing your Sonar instance
Sonar authentication and sources visibility
Creating users and groups
Managing project roles
Backing up your data
Sonar instance configuration backup
Filesystem backup
Backing up the MySQL sonar database
Extending Sonar with plugins
Installing the Useless Code Tracker plugin
Upgrading Sonar from the Update Center section
Checking compatibility of plugins
Upgrading to latest Sonar version
Summary
3. Analyzing your First Project
Using a Java runner
Configuring the runner
Setting up a Sonar server for remote connections
Configuring the project
Analysis with the Sonar Maven plugin
Installing Maven
Configuring the Sonar Maven plugin
Performing the analysis
Analysis with Ant
Installing Ant
Configuring and running Sonar analysis task
Browsing the Sonar web interface
The treemap gadget
Filtering your projects
The What Coverage?
filter
Sonar components—an overview
Dashboard
Components
Violations drilldown
Time Machine
Clouds
Design
Hotspots
Libraries
Anatomy of the dashboard
Layout and widget arrangement
Eliminating your first violations
Unused modifier violation
Modified Order violation
Correctness - Repeated conditional tests
Creating your first analysis event
Getting visual feedback
Summary
4. Following Coding Standards
A brief overview of coding standards and conventions
Java standards
Sonar profiles, rules, and violations
The Rules Compliance Index
Managing quality profiles
Creating a profile
Associating projects to profiles
Managing rules
Adding a rule
Configuring a rule
Regular expressions
Boolean expressions
Token and value-based rules
Backing up and restoring profiles
Creating a coding standards profile
Selecting the rules
Naming conventions and declarations rules
Declaration order
Abstract class name
Variable, parameter, and method names
Multiple variable declarations
Local home naming
Variable lengths
Naming - Avoid field name matching method name
Naming - Suspicious equals method name
Standards rules
Unused imports
Unnecessary final modifier
Unused modifier
Magic number
Final class
Missing constructor
Abstract class without any methods
Code layout and indentation
Avoid inline conditionals
Left Curly
Paren Pad
Trailing comment
Multiple String literals
The for loops must use braces
Inspecting violations with the Radiator component
Installing the Radiator plugin
Watch the quality improving
Configuring the Timeline widget
Summary
5. Managing Measures and Getting Feedback
Reviewing code
Sonar manual reviews
Assigning reviews
Browsing reviews
Configuring notifications
Defining metric thresholds and alerts
The Build Breaker
Sonar manual measures
Creating the Story Points measure
Managing manual measures
Quality reporting on your project
Installing the PDF report plugin
Getting the project report
Customizing the report
Getting visual feedback
Timeline plugin
Motion Chart plugin
Bubble chart
Bar chart
Summary
6. Hunting Potential Bugs
Potential bugs violations
Dodgy code rules
Use notifyAll instead of notify
StringBuffer instantiation with char
Use StringBuffer for String appends
Constructor calls overridable method
Close Resource
Ambiguous invocation of either an inherited or outer method
Consider returning a zero length array rather than null
Method ignores return value
Method does not release lock on all paths
Null pointer dereference
Suspicious reference comparison
Misplaced null check
Impossible cast
Program flow rules
Do not throw exception in finally
Finalize does not call Super Finalize
Avoid calling finalize
Avoid catching NPE
Method ignores exceptional return value
Switch statement found where default case is missing
Missing break in switch
Avoid catching Throwable
Security rules
Class exposes synchronization and semaphores in its public interface
Method returns internal array
Hardcoded constant database password
Installing the Violation Density plugin
Integrating Sonar to Eclipse
Installing the Sonar Eclipse plugin
Linking an Eclipse project to Sonar server
Using the Sonar perspective
Summary
7. Refining Your Documentation
Writing effective documentation
Comments structure
Javadoc block comment
Javadoc line comment
Javadoc common tags
Documentation metrics definitions
Comment lines
Commented-out Lines of Code
Density of Comment Lines
Density of Public Documented API
Monitoring documentation levels
Statements
Overview of Sonar documentation violations
Javadoc rules
Undocumented API
Javadoc Method
Javadoc Package
Javadoc Style
Javadoc Type
Javadoc Variable
Inline Comments Rules
Uncommented Empty Constructor
Uncommented Empty Method
Uncommented Main
Locating undocumented code
Creating the documentation filter
Generating documentation automatically
Installing Graphviz
Installing Doxygen
Using the Sonar Documentation plugin
Summary
8. Working with Duplicated Code
Code duplication
Don't Repeat Yourself (DRY)
Sonar code duplication metrics
Creating Duplicated Code Alert
Locating duplicated code with Sonar
Cross-project duplication detection
Using the Radiator component to detect duplication
The Useless Code Tracker plugin
Tracking duplicated lines
Tracking dead code
Installing the Useless Code plugin
Using extraction and inheritance to attack duplication
The Extract Method refactoring pattern
Refactoring with inheritance
Summary
9. Analyzing Complexity and Design
Measuring software complexity
The Cyclomatic Complexity metric
Cohesion and coupling
Afferent coupling
Efferent coupling
Sonar Code Complexity metrics
Boolean Expression Complexity
Class Data Abstraction Coupling
Class Fan Out Complexity
Cyclomatic Complexity
JavaNCSS
Nested For Depth
Simplify Boolean Return
Too many methods
Too many fields
Avoid too complex class
Avoid too deep inheritance tree
The Response for Class metric
Lack of Cohesion in Methods and the LCOM4 metric
Exceptions to the LCOM4 metric
Locating and eliminating dependencies
Using the Sonar design matrix
Summary
10. Code Coverage and Testing
Measuring code coverage
Code coverage tools
Selecting a code coverage tool for Sonar
Cobertura
JaCoCo
Clover Sonar plugin
Emma Sonar plugin
Code coverage analysis
Statement coverage
Branch/decision coverage
Condition coverage
Path coverage
Assessing the impact of your tests
Uncovered lines
Uncovered branches
Using the coverage tag cloud component
Quick wins mode
Top risk mode
Where to start testing
The Top risk approach
jUnit Quickstart
Writing a simple unit test
Reviewing test results in Sonar
Summary
11. Integrating Sonar
The Continuous Inspection paradigm
Continuous integration servers
Installing Subversion
Ubuntu/Debian Subversion installation
Red Hat Subversion installation
Installing Subversion on other Linux distributions
Windows Subversion installation
Setting up a Subversion server
Creating a Subversion repository
Subversion security and authorization
Importing a project into Subversion
Installing the Jenkins CI server
Ubuntu/Debian Jenkins installation
Redhat/Fedora/CentOS Jenkins installation
Windows Jenkins installation
Configuring Jenkins
JDK configuration
Maven configuration
Repository configuration
E-mail server configuration
Securing Jenkins
Creating a build job
Cron expression and scheduling
Installing the Sonar plugin
Building and monitoring your project
Summary
A. Sonar Metrics Index
Sonar metrics
Complexity metrics
Design metrics
Documentation metrics
Duplication metrics
General metrics
Code Coverage and Unit Test metrics
Rules Compliance metrics
Size metrics
Management metrics
Index
Sonar Code Quality Testing Essentials
Sonar Code Quality Testing Essentials
Copyright © 2012 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: August 2012
Production Reference: 1190812
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-84951-786-7
www.packtpub.com
Cover Image by Asher Wishkerman (<a.wishkerman@mpic.de>)
Credits
Author
Charalampos S. Arapidis
Reviewers
Christopher Bartling
Efraim Kyriakidis
Kosmas Mackrogamvrakis
Lefteris Ntouanoglou
Acquisition Editor
Usha Iyer
Lead Technical Editor
Azharuddin Sheikh
Technical Editors
Prasad Dalvi
Veronica Fernandes
Manasi Poonthottam
Project Coordinator
Sai Gamare
Proofreader
Sandra Hopper
Indexer
Monica Ajmera Mehta
Graphics
Manu Joseph
Production Coordinators
Aparna Bhagat
Nilesh R. Mohite
Cover Work
Aparna Bhagat
About the Author
Charalampos S. Arapidis is a Senior Software Engineer located at Athens, Greece. He specializes in J2EE enterprise application design and implementation. His other specialties include data-mining/visualization techniques and tuning continuous integrated environments.
From a very early age, Charalampos showed particular interest in advanced Mathematics and software development and has been honored twice at the Panhellenic Mathematical Contest for providing prototype and innovative solutions. He graduated in Computer and Software Engineering from the Polytechnic School of the Aristotle University.
After graduation, he dynamically entered the enterprise field, where he helped his organization make the transition from legacy client server ERP and CRM applications to full-stack J2EE web applications, all in a streamlined and integrated development environment.
The development of the Proteus Web Document Management System for the Greek Public Sector and his solutions to Kallikratis—the largest data integration project ever conceived in the latter years of Greece's public sector—are two of his most recognizable achievements nationwide.
Charalampos currently works at Siemens Enterprise Communications as a Senior Software Applications Engineer, designing and implementing Unified Communications software at multinational level.
When not working he enjoys blogging, playing the classical guitar, and composing music, exploring new ways to translate polynomial equations to sound.
I would like to thank and express my gratitude to Lefteris Ntouanoglou for providing me with guidance and vision in the IT field especially in the last two years, and Olivier Gaudin and Fabrice Bellingard for their interest in the book. From the Packt Publishing staff, I would like to thank, in particular, Newton Sequeira, Ashwin Shetty, Sai Gamare, and Usha Iyer for supporting and guiding me through the writing process, and all the technical reviewers for their helpful suggestions. Finally, I would like to thank Kostas Vasiliou, Christos Chrysos, Vassilis Arapidis, and Evangelia Vlachantoni for their support.
About the Reviewers
Christopher Bartling has been in the IT industry since 1995. He has served in the roles of application developer, mentor, and agile coach. He also has experience in biometrics, genomics and computational biology, healthcare, insurance, and legal/regulatory domains. He also helps develop and deliver training for DevJam (http://www.devjam.com). Prior to his career in IT, he was involved in electrophysiology and biomedical research at the Mayo Clinic in Rochester Minnesota. You can find his blog at http://bartling.blogspot.com and tweets at @cbartling.
Efraim Kyriakidis is a skilled software engineer with over seven years of experience in developing and delivering software solutions for diverse customers. He's well versed in all stages of the software development lifecycle. His first acquaintance with computers and programming was a state-of-the-art Commodore 64, back in the '80s as a kid. Since then he has grown and received his Diploma in Electrotechnic Engineering from Aristotle University, Thessaloniki. Through his career, he mainly worked with Microsoft Technologies and has an interest in technologies such as Silverlight and Windows Phone. He currently works for Siemens AG in Germany as a Software Developer.
Kosmas Mackrogamvrakis was born in 1971 on the island of Crete in Greece. He moved at an early age to the capital of Greece, Athens. There he attended public school and graduated as an engineer in Automatic Electronics. Later, he continued his studies at the Technical School of Computers in Athens, but he was forced to interrupt, as he was obliged to join the army.
In the army he served as a Sergeant in the artillery section and trained in computer-guided canon targeting, based on his previous knowledge of computer technology.
Even before high school, he was highly interested in computer science, and he managed to learn Basic, Pascal, and Assembly language.
After his army obligations, he was employed by Athens News Agency, where he worked as a technician and desktop-publishing employee. There he was trained by Unibrain, in Ventura Publishing software, Photoshop, and Corel Draw. In parallel, he installed a Fax distribution network with Canada, for redistribution of a FAX newspaper.
After three years he moved to Hellenic Scientific S.A., as a technician. There he managed to get trained and show his natural talent in computer engineering. He was trained on the job and successfully undertook all the responsibilities of a Senior Systems Engineer after six years, and learned and used the following operating systems and software and services: Microsoft Windows 98/2000/XP/Vista, Microsoft Windows Server NT/2000/2003, Novel, Unix/Xenix, Mac OS/X, Linux, AIX, AS/400; Networks including WAN/LAN Protocols, TCP/IP, DNS, FTP, HTTP, IMAP/POP3, SMTP, VPN; E-mail systems Sendmail, Microsoft Exchange, Postfix, and clients such as Outlook, Mozilla Thunderbird, Kmail, and Evolution. He specialized in the hardware of IBM, HP, Dell, Fujitsu Servers, Desktops, and Notebooks.
He got certifications on Exchange Server from Microsoft, AIX from IBM, Tivoli IT Director from IBM, and AS/400 from IBM.
After seven years, and due to market needs and degradation of the company's share in the market, he moved to freelancing.
As a freelancer, he supported a large number of small-to medium-sized companies, as systems engineer, consultant, and technician.
Some of the companies that he was supporting included Rothmans, Adidas, Kraft Hellas, Vivechrom (Akzo), Public Sector (ministries and prefectures), Pan Systems.
After seven years of freelancing, he was asked by Siemens to undertake the position of Systems Engineer for the public sector and later Project Manager.
After three years in Siemens, the public sector IT support stopped in Greece, and he left the company.
Lately, and right after Siemens, he undertook the position of IT Services Manager for southeast Europe in Adidas.
Lefteris Ntouanoglou is a co-founder and the CEO of Schoox Inc, a Delaware company based in Austin, Texas, which developed schooX—a Social Academy for Self-learners (www.schoox.com). He has extensive administrative and management experience in the software sector. Prior to Schoox Inc, he joined a European startup company, OTS SA, which developed administrative and financial software for the Public Sector. He served the company from a various number of managerial positions and as the COO of the company he built one of the largest software companies in Greece.
During his PhD, he developed computer algorithms for fast computation of holographic patterns and graduated with Honor. In 1998, he was praised with the Award of Innovation from the Association of Holographic Techniques in Germany for inventing and implementing an innovative anticounterfeiting system based on a coded Holographic Label and a Web Application.
He is a highly skilled engineer and a visionary entrepreneur. Creativity and innovative thinking is part of his personality. Implementing new ideas and turning them into successful business by building and motivating strong and result-oriented teams is one of his strengths.
He was born and grew up in Germany and speaks fluent Greek, German, and English.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Fully searchable across every book published by Packt
Copy and paste, print and bookmark content
On demand and accessible via web browser
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
To my parents, Simeon Arapidis and Ioanna Tsonona
Preface
Developers continuously strive to achieve higher levels of source code quality. It is the holy grail in the software development industry. Sonar is an all-out platform confronting quality from numerous aspects as it covers quality on seven axes, provides an abundance of hunting tools to pinpoint code defects, and continuously generates quality reports following the continuous inspection paradigm in an integrated environment. It offers a complete and cost-effective quality management solution, an invaluable tool for every business.
Sonar is an open source platform used by development teams to manage source code quality. Sonar has been developed with this main objective in mind: make code quality management accessible to everyone with minimal effort. As such, Sonar provides code analyzers, reporting tools, manual reviews, defect-hunting modules, and