Sonarqube Custom rule - sonarqube

I am trying to implement a SonarQube custom rule for Java. My requirement is to avoid certain method calls on certain instances of classes. I am able to report issue for method call but not able to check on which reference (instance of class) that method is called. Could anyone help me on this? . The Sonarqube version that I am using is 5.6.6

Related

How to access a registrationService in a CustusX plugin?

In a custom plugin in custusX i use mServices->patientModelService->getPatientLandmarks()->setLandmark to programmatically alter some landmarks. I want to perform the registration with a already present volume.
In LandmarkPatientRegistrationWidget in org.custusx.registration.method.landmark, performRegistration() calls mServices.registrationService->doPatientRegistration().
However, I'm not sure whether my approach to get hold of a registrationService instance is right.
I have so far added org_custusx_registration to the CMakeLists.txt file and added "cxRegistrationService.h" and <cxRegServices.h> as includes.
Now I can define a RegServices mRegServices and initialize it in the constructor with the mContext of the plugin.
But do I create an own registration service or do I get access to the already existing? How can I get access to the already running registration service?
Your method correctly reuses the existing running registration service.
The default setup of CustusX register a single instance (object) implementing the cx::RegistrationService interface. The cx::RegServices helper class contains a cx::RegistrationServiceProxy, which acts as a smart pointer referring the object. Service objects are only created by the plugin that implement them: Users simply get access to these objects.
The RegistrationServiceProxy implements this using a ctkServiceTracker and related classes, see for example this tutorial on OSGi, section 5.4 (in java, but the principles apply).

Asp Web Api Lifecycle issue

Im using web api 2
I have an authentication filter (implementing IAuthenticationFilter) that checks a token and sets a ClaimsPrinciple on both the Thread and the HttpContext. One such claim is the userId
I am using Windsor for Dependency Injection using the method described here.
http://blog.ploeh.dk/2012/10/03/DependencyInjectioninASP.NETWebAPIwithCastleWindsor/
This will create the object graph for my controllers and therefore new up any dependencies that the controllers have
The problem is that one of the constructors in one of the dependency's makes a call that requires the userid
And it seems that this (the constructor call) occurs before it has been set by the authentication filter
What are my options here?
When Web API needs a controller, the dependency injection is used to create it. This always happens before executing the pipeline. So you cannot access to the userid which is set later.
There are at least these solutions.
resolve the dependency when needed (i.e. use the DI container as service locator). I don't like this one
lazy initialize the dependency (I don't know if Castle Windsor can do it, but it looks like it's possible: Lazy Loading using Windsor Castle) Not so bad
change the implementacion of that component, and receive the userid as parameter, where needed, so that it's available when you want to use it. I prefer this one

Creating Java Classes for business logic without depending on a FacesContext

Ok, apologises for the title but I don't know how to word this.
Basically I've come across sessionCloning via the XPagesToolkit and XPageAgents, which I assume is implementing using a technique described here http://www.wissel.net/blog/d6plinks/SHWL-99U64Q
I initially used it to run existing java code which was triggered by an xpage but could take a while to run. Trouble is most of the existing code I have in one way or another relies on a FacesContext, either in order to get access to common beans for settings or just for basic logging. This then causes an error when triggered via an XPagesAgent as I assume there's no facescontext. I don't really want to end up duplicating code and creating different versions of the business logic.
So I guess I have 2 questions..
1) To refer to beans from java code I can use a Factory method as described here instead of directly going via the variableResolver...
http://www.wissel.net/blog/d6plinks/SHWL-98U9EK, however I don't get how to create a bean object manually and still pick up the custom properties which may have been set in the faces config. Is there a way to read those somehow? e.g. if you were to create a dBar object manually how would you pickup the logdb path from the faces-config?
2) How do people 'do' logging in a way which will always work regardless of context? I gather most people now use the debugToolbar or the XPagesOpenLogger but both of those appear to be dependant on a facescontext. I don't want to stop using them but will have to in order to make my java code compatible outside of an xpage. At the moment most methods have some kind of try/catch with a call to dBar.error(e). Perhaps the answer is to create an interface which connects the dBarToolbar and the original prexpages openlogger java class then get access to the log object via a factory which would return either the dbbar instance or openlogger depending on whether or not a faces context exists. Or do people throw errors in lower level methods and just let the higher level calling functions handle and log them?
Thanks!
Solution
Using the steer towards dependency injection I've ended up hacking the dBar a bit to make it work both ways.
My business beans all still contain this at the top for easy logging
private final static DebugToolbar log = DebugToolbar.get();
but have hacked it a bit to make the dBar also act as a Singleton...
private static DebugToolbar instance;
// retrieve an instance of this toolbar class
public static DebugToolbar get() {
if (null == instance) {
return (DebugToolbar) resolveVariable(BEAN_NAME);
} else {
return instance;
}
}
public static void setInstance(Session session, Database database) {
instance = new DebugToolbar(session, database);
}
public static void clearInstance() {
instance = null;
}
Then I can continue to use it as before form an Xpage, but when running an XPagesAgent I can call this at the start to pass the required references, allowing the business beans to still 'work' as before with the same logging.
DebugToolbar.setInstance(session, database);
and this at the end of the XPagesAgent
DebugToolbar.clearInstance();
which I don't know if it's necessary or not but am presuming they'd be errors if the singleton lasts longer than the agent, which i understand it would do
plus obviously some tweaks to the dBar code itself to skip anything associated with the FacesContext if it's not available.
This may well be a horrendous anti-pattern but it appears to work.. :)
Short answer: declutter and dependency inject.
Long answer:
Try to look at the MVC pattern. Limit the beans that interact directly with the XPage through EL to a facade pattern. Call your business beans from there and hand over either Java objects or Notes objects like views, documents or sessions etc.
This is absolutely necessary when you want to pack your business beans into a (junit) test harness. So instead of:
BusinessBean.makeInvoices();
you would have:
BusinessBean.makeInvoices(session, NotesView, OutputStream);
The later function can be called from an XPage, an agent or a standalone Java program ( think JUnit, Jenkins). So instead of figuring out the dependencies inside your bean, you provide them in the call.
This is also called separation of concerns. Your bean does its thing without bothering about the surrounding.
Hope that helps
As mr stwissel said dependency injection is the way to go here.
But with logging I prefer to go Log4j way and avoid passing logger through params.
By Log4j way I mean getting refrence to logger object through static factory method (like Logger.getLogger('some.class')) and leave the configuration loading to log4j framework.
Unfortunatelly I don't know if OpenLog logger can be configured in such a way, that it will automatically read settings from given configuration file (faces-config or other).
You can always write custom appender for log4j that will route logs to OpenLogger (this should be quite easy)
From experience of developing the logging for OpenNTF Domino API, the biggest issue is Java security exceptions. That includes defining different loggers and logging levels, and also loading a different configuration on the fly. You can handle most of that by using a plugin, but I'm not sure if you want to go that far.
Log4J is a standard Java logging mechanism, but that also hits security options. I think the custom appender for log4j would hit the same security exceptions, unless it's in a plugin. Someone suggested an anonymous logger might work, but I haven't tried that.
OpenNTF Domino API has a variety of logging options in the core plugin rather than the Xsp plugin. BaseOpenLogItem is a core implementation of IOpenLogItem, without any dependencies on facesContext. There is also a logger to log to a file in IBM_TECHNICAL_SUPPORT. DominoUtils.handleException(Throwable) or (Throwable,String) will do that logging. The challenge is identifying what code is triggering the exception.

How to add “Using ” statement at runtime using IWizard

at compile time we have
using MyNamespace;
This works till now but recently the requirement got change and it needs to handle at run time based on the application type selected by the user.
So, How can I add the "Using" namespace statement using c# code in the IWizard?
I know how to add the reference at run time ass under
var appProject = project.Object as VSProject;
appProject.References.Add(Mydll);
What I want is that at runtime
using System.IO;
using MyNamespace-> should come at runtime based on the application selected
Thanks
I just hit a similar issue and while it is not exactly changing the namespace at run time it does all you to get objects etc from a different namespace at run time. If you want to be changing namespaces chances are you have classes with the same names and interfaces but different implementations otherwise your code would need to be changed. What you need to do if make a new lib and namespace that just contains the interfaces for all the classes you want to use. You then make the classes in the different namespaces inherit these interfaces so you can code your class to just use the interface not the particular implementation. Then to select the implementation to use at run time you use "Dependancy Injection" to choose the correct implementation to insert via config file or let some other part of your application configure the injection. Dependancy Injection can be a little hard to get started with but once you get your head around it, it will make your life a lot easier. Ninject is a nice easy dependancy injection framework to start with.

Sonarqube - CustomPlugin - Calling Webservice

I am working with a custom SonarQube(6.7) plugin.
It falls under #scanner/code analyzer. The plugin implements PostJob class/hook.
This plugin checks runs sonar analysis on a branch and can use you used to approve and reject the PR based on the analysis. I want to filter out the issues which are code smells before deciding.
I want to get all the rules with their type(CodeSmell/Bug/Vulnerability) in the plugin.
I was able to inject Rules class and get all the rules but was unable to get the type.
The only other option I can think of is to somehow call the web api of SonarCube from inside the plugin and get the json response from
sonarUrl/api/rules/search?languages=java&types=CODE_SMELL
Is there a better way to do it?

Resources