Your most unhappy customers are your greatest source of learning.

Know about java code coverage plugins : sonar

The default Java code coverage engine for unit tests to be used must be defined in
Settings > Configuration > General Settings > Java > Code coverage plugin property.
By default the Java code coverage engine with come up with sonar is JaCoCo but Cobertura, Emma or Clover can also be used.

JaCoCo

JaCoCo is an open source and robust Java code coverage tool.
For more information, see: Comparison of Emma, Clover, Cobertura and JaCoCo.
Known limitations:
  • Some libraries complain on classes, which were instrumented by JaCoCo, so exclusions must be set:
    • Javassist (e.g. when Hibernate used) - "*_javassist_*"
    • Drools - "org.drools.*"
  • Exact number of line hits not available, because JaCoCo reports only status of line (no code, not covered, partly covered, fully covered) - see JaCoCo Coverage Counters.

Cobertura

The Sonar Cobertura plugin is based on the cobertura-maven-plugin and so can only be used to compute code coverage information on Maven projects.
This plugin has only one parameter to define the maximum amount of memory used by the java process in charge to extract all code coverage information from the Cobertura report:






No relationship between generic parameter and method argument

Hi All,

If you are usinf findbugs to check code quality,
you may see violations like "No relationship between generic parameter and method argument".

Since Map.get() is not fully generic, we often find cases where a developer passed a different type of object (and hence bugs). Frequency of such cases went up when we started using artifacts/services from other teams. What are the reasons why Map.get(Object key) is not (fully) generic explains why get() is not fully generic.




Here's a helper method that provides checked access:

public static <K, V> V safeGet(Map<? super K, ? extends V> map, K key) {
    return map.get(key);
}
 
Sample Usage:
Map<List<String>, Date> map = new HashMap<List<String>, Date>();
// this compiles:
Date date = safeGet(map, Arrays.asList(""));
// this doesn't
Date date2 = safeGet(map, "foo");

jacoco code coverage with Ant - Sonar

Here is the detail for how to setup code coverage using jacoco plugin which is OOB come out with SONAR :

  1. Write sample java project called ant-jacoco-codecoverage
  2.  Project folder structure would be given as below snapshot:
  3. Under the target folder you may have to create classes & reports folders where reports folder will have one more folder called junit
  4. Write sample Java class One.java in src folder you can copy paste below code  :
    1. public class One {
        String message = "foo";
        public String foo() {
          return message;
        }
        public void uncoveredMethod() {
          System.out.println(foo());
        }
      }

What is LCOM4 ?

Hi Everybody,

If you want to know about the LCOM4(Lack of Cohesion of Methods) which sonar having , please see below example:

Cohesion is the degree to which the methods of a single class are tight together. When two methods in a class do not use a common attribute or a common method, it means that they share nothing and should probably not belong to the same class to respect the Single Responsibility Principle. In other words you can split your class into several new classes to gain modularity at class level.

LCOM4 lack of cohesion example

  • LCOM4=1 indicates a cohesive class, which is the "good" class.
  • LCOM4>=2 indicates a problem. The class should be split into so many smaller classes.
  • LCOM4=0 happens when there are no methods in a class. This is also a "bad" class.
There is not any magic here, only common sense. Let’s take a simple example with class Driver. This class has two fields : Car and Brain, and five methods : drive(), goTo(), stop(), getAngry() and drinkCoffee(). Here is the dependency graph between those components. There are three blocks of related components, so LCOM4 = 3, so the class seems to have three different responsibilities and breaks the Single Responsibility Principle.


Hope this will helpful to you to understand the LCOM4 concept which can be used for any programming language.

Malicious code vulnerability - May expose internal representation by returning reference to mutable object

Hi Everyone,

Normally this kind of violations comes when you are using mutable object in getter settter.

Ideally you should not direct return mutable object, instead you can return clone of that mutable object.

If you see this violation in your code , you can use below code for your mutable object :

If you are using Date :

public class DateTest {
    private Date date;

    public DateTest() {

    }

    public Date getDate() {
        return (Date) date.clone();
    }

    public void setDate(Date date) {
        this.date = (Date) date.clone();
    }      
}


If you are using Array:

public String[] getChkBox() {

return (String[])chkBox.clone();

}

Switchoff plugin for sonar

Guys

Have you ever been tried to use switch off plugin of sonar ?

This plugin is really helpful when you switch-off any specific violation from the specific line or specific files.
I really liked this plugin.

See below details to get it installed :

LDAP integration with Sonar

If you want to integrate LDAP directory server with sonar, you can follow below steps.
Its very easy and useful for sonar security:


1) First start your Sonar and login with admin credentials.
2) Go Configuration >> Update Center and click on Available plugins and install LDAP plugin
3) Now stop your sonar server
4) open sonar.properties file and append below code
sonar.authenticator.class: org.sonar.plugins.ldap.LdapAuthenticator
sonar.authenticator.createUsers: true
ldap.url:ldap://ldap.xyz.com:389
ldap.baseDn:ou=People,ou=google,dc=google,dc=com
ldap.bindDn:CN=manager,DC=google,DC=com
ldap.bindPassword:abc123
ldap.loginAttribute: mail

5)Now start sonar server again and check sonar server log if any error comes.


Enjoy !!!!!

Best,
Jignesh

Jenkins master - slave configuration

If you are new with Jenkins and want to know how to configure slave server with Jenkins master ,
Here are the steps to follow to configure slave server(Linux,Windows and JNLP):


Sonar Integration with Jenkins

Stay tuned for more information !!!!!

LDAP integration with Jenkins

If you want to integrate LDAP plugin with Jenkins and make your jenkins application LDAP secure,
You can follow below steps to configure LDAP with Jenkins :

1) Go To Manage Jenkins >> Configure System
2) Configure LDAP related stuff as show below

Build Maven project with Jenkins

Hi Everyone,

Here are the steps to configure maven based project in Jenkins.
Hope this will be useful to make build automation with maven based project

1) Install Jenkins in local machine as per the steps given in last blog post.

2) Go to Manage Jenkins>> Configure System
3) Set Maven path as show in below screenshot

Setup Jenkins in local machine


Steps to install jenkins in local machine

  1. Install apache tomcat server
  2. Download latest jenkins war file from http://jenkins-ci.org/
  3. Deploy jenkins.war file in tomcat webapps folder
  4. Once jenkins.war deployed successfully, start the tomcat server
  5. Open http://localhost:8080/jenkins in browser once server starts properly
  6. Now configure JDK and ANT which can be used to build the project.
    For that you have to click on manage Jenkins >> Configure System

hudson.util.IOException2 error in jenkins build

If you found below error when you build project from jenkins then you can remove <your project>.log  file from
/opt/jenkins/workspace location

Hudson SVN authentication failed

The Hudson was building all projects without any issues since it was installed. All of a sudden yesterday my inbox was filled with failure reports, Hudson was not able to build any of the projects. Logs were having stacktrace like mentioned below-

Welcome

You will find all the infomation related to sonar and jenkins

Most Reading

 

Like Me & Share

Buy Websites PRchecker.info

Members

Ranks