Implement Ballerina Scan Tool for Static Code Analysis #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
| @@ -0,0 +1,2 @@ | |||
| # Ensure all Java files use LF. | |||
| *.java eol=lf | |||
There was a problem hiding this comment.
Suggested change
| *.java eol=lf | |
| *.java eol=lf | |
| packageUser: ${{ github.actor }} | ||
| packagePAT: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| ./gradlew build |
There was a problem hiding this comment.
Suggested change
| ./gradlew build | |
| ./gradlew build | |
| .vscode/ | ||
|
|
||
| ### Mac OS ### | ||
| .DS_Store |
There was a problem hiding this comment.
Suggested change
| .DS_Store | |
| .DS_Store | |
| 4. Run analysis and generate an analysis report. | ||
| ```bash | ||
| bal scan --scan-report | ||
| ``` |
There was a problem hiding this comment.
We can remove this extra line
poorna2152
reviewed
Mar 4, 2024
| } | ||
|
|
||
| public int getStartLine() { | ||
|
|
| message, | ||
| issueType, | ||
| type, | ||
| moduleName + "/" + documentName, |
There was a problem hiding this comment.
File separator is depend on the OS. So it is better to not hardcode it.
| throw new RuntimeException(e); | ||
| } | ||
|
|
||
| return target; |
There was a problem hiding this comment.
You can remove the target variable and return in each scenario separately.
| @@ -0,0 +1,13 @@ | |||
| # Scan tool properties | |||
| scanToolVersion=1.0.0 | |||
poorna2152
reviewed
Mar 4, 2024
| return allIssues; | ||
| } | ||
|
|
||
| public void analyzeDocument(Project currentProject, |
There was a problem hiding this comment.
Not sure whether this is the expected formatting for parameters in the Java function definitions. Can you check
keizer619
reviewed
Mar 4, 2024
| @@ -0,0 +1,2 @@ | |||
| rootProject.name = 'static-code-analysis-tool' | |||
| include 'ScanCommand' | |||
There was a problem hiding this comment.
Suggested change
| include 'ScanCommand' | |
| include 'ScanCommand' | |
keizer619
reviewed
Mar 4, 2024
| import ballerina/io; | ||
| public function main() { | ||
| io:println("Ballerina Scan tool"); | ||
| } |
|
Since this PR is too large, will be breaking it down to smaller parts and send them |
Xenowa
referenced
this pull request
in Xenowa/static-code-analysis-tool
Mar 4, 2024
Xenowa
referenced
this pull request
in Xenowa/static-code-analysis-tool
Mar 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
The purpose of this PR is to develop a Ballerina tool that performs static code analysis for Ballerina projects for identifying potential bugs, security vulnerabilities, and style violations and report analysis issues to static code analysis platforms like SonarQube.
Fixes #42256
Goals
Approach
The initial release introduces the
bal scancommand. Current implementation uses the project API to retrieve syntax trees of all Ballerina files in a project for performing core analysis and generating an analysis report. However the generated report will have no issues as core rules are not implemented yet. As core analysis rules are reviewed and implemented, the scan tool will progressively gain the ability to identify and report potential issues and further features will be added iteratively as outlined in task #42260Check List