[apex] Apexlink POC #2830
[apex] Apexlink POC #2830
Conversation
|
@oowekyala, @adangel I guess with Multifile rules we cannot use the XML based rule testing of PMD anymore. Or are there examples for tests that require multiple files in other languages? |
There was a problem hiding this comment.
This looks good!
A couple of changes can be made when #2518 is implemented:
- The new CLI option should be converted to a language property
- The ApexMultifileAnalysis class should be part of the language state
Other than that I have very little to nitpick on. Thanks for the good work!
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/design/AvoidUnusedMethodRule.java
Outdated
Show resolved
Hide resolved
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/design/AvoidUnusedMethodRule.java
Outdated
Show resolved
Hide resolved
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/design/AvoidUnusedMethodRule.java
Outdated
Show resolved
Hide resolved
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/multifile/ApexMultifileAnalysis.java
Outdated
Show resolved
Hide resolved
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/design/AvoidUnusedMethodRule.java
Outdated
Show resolved
Hide resolved
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/multifile/ApexMultifileAnalysis.java
Show resolved
Hide resolved
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/ast/ApexRootNode.java
Outdated
Show resolved
Hide resolved
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/design/AvoidUnusedMethodRule.java
Outdated
Show resolved
Hide resolved
| @@ -75,6 +75,10 @@ | |||
| description = "Specifies the string that marks a line which PMD should ignore; default is NOPMD.") | |||
| private String suppressmarker = "NOPMD"; | |||
|
|
|||
| @Parameter(names = "-multifileanalysisdirectory", | |||
| description = "Specifies a directory that contains sources the may be used in a multi-file analysis; default is empty.") | |||
There was a problem hiding this comment.
This option is language dependent, I agree with @oowekyala that this would be a fit for language properties.
So that I understand, how this works: The directory, you specify here, contains the file "sfdx-project.json". Where does this file come from? Is it generated by an execution of ApexLink before executing PMD? Is this directory a different directory than you would specify using "-dir" (the "Root directory for sources.")? I'm unfamiliar with the structure of Apex projects.
For me, this looks like a property to enable/make use of ApexLink, rather than enabling multifileanalysis... and ApexLink happens to understand already the relationships between the files that are being analyzed (that's what we want with multifile analysis). PMD already has the knowledge where all files a located (-dir), but doesn't take advantage of this, because we analyze file by file and don't build up a global metadata structure like "sfdx-project.json". Hence my question: Who builds this file and when?
Ok, looking at e.g. https://github.com/apex-enterprise-patterns/fflib-apex-common/blob/master/sfdx-project.json this file actually just contains the path to the sources (possibly multiple paths). So, ApexLink then builds the metadata structure, when creating the Org, right?
I assume, if the paths specified by sfdx-project.json and the paths specified by "-dir" don't match, that would be a configuration error and I'm wondering, what we could do to make it easier for users to call PMD. For apex projects, that have a sfdx-project structure (https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_source_file_format.htm) we could say, that you need to specify the directory where sfdx-project.json is located via "-dir" and PMD would then add the referenced directories, as if specified manually via "-dir". In that case, we might have instead a parameter to opt-in/opt-out for that feature (apex language property: consider directories specified in sfdx-project.json).
There was a problem hiding this comment.
Ok, looking at e.g. https://github.com/apex-enterprise-patterns/fflib-apex-common/blob/master/sfdx-project.json this file actually just contains the path to the sources (possibly multiple paths). So, ApexLink then builds the metadata structure, when creating the Org, right?
Yes, it reads the directories from sfdx-project.json to work out what to include in the analysis. The handling of this used to be built into ApexLink but I recently split into a separate library. There is a bit more to the format than being multiple directories, it's really more like multiple modules with either implicit or explicit dependencies between them. Treating them as modules matters in a multi-file analysis because there are rules around visibility and duplicates etc that you can't handle if you think of them as just the sum of a set of directories. There is also .forceignore which is similar in nature to .gitignore, if present its in the same directory as sfdx-project.json.
The sfdx-project.json also contains a namespace for the project. It's critical this is available for multi-file work as it enables the analysis to understand package boundaries. For single file analysis I would imagine a few rules might find it also handy if it could be made available.
I assume, if the paths specified by sfdx-project.json and the paths specified by "-dir" don't match, that would be a configuration error and I'm wondering, what we could do to make it easier for users to call PMD. For apex projects, that have a sfdx-project structure (https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_source_file_format.htm) we could say, that you need to specify the directory where sfdx-project.json is located via "-dir" and PMD would then add the referenced directories, as if specified manually via "-dir". In that case, we might have instead a parameter to opt-in/opt-out for that feature (apex language property: consider directories specified in sfdx-project.json).
Having "-dir" understand sfdx-project.json makes sense to me as a general approach but likely you want to delegate resolving "-dir" to a set of class files for analysis to a Salesforce specific handler that works alongside the existing handling.
The library I have for this might be a bit overweight for what PMD needs as ApexLink is interested in other project files and they can have some quite unusual handling behaviours. The part I have that is probably most valuable to PMD is the forceignore handling which should be straight forward to port to Java from its current Scala implementation if that made sense.
This comment was marked as off-topic.
This comment was marked as off-topic.
I didn't look at testing as part of this work but thought I should mention that I approached this using virtual file system support, the FileSystemHelper.run sets this up. You do get some issues around conversions between Paths & Strings but mostly it works well for me. |
# Conflicts: # pmd-apex/pom.xml # pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/ApexParser.java # pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/ast/ApexParser.java # pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/ast/ApexRootNode.java # pmd-core/src/main/java/net/sourceforge/pmd/ant/internal/PMDTaskImpl.java # pmd-core/src/main/java/net/sourceforge/pmd/lang/ParserOptions.java # pom.xml
Generated by 🚫 Danger |
There was a problem hiding this comment.
This looks pretty ready for now. I think, the only part we should add, is a rule test for the new rule AvoidUnusedMethod - otherwise we'll never notice, when it doesn't work anymore.
There are of course some parts to be improved, e.g. the language properties. But that could evolve later.
Wdyt @oowekyala ?
|
@rmohan20 and @jbartolotta-sfdc I want to point your attention to this. The addition of ApexLinnk will bring PMD closer to Multifile Analysis and give us a chance to remove a huge source of false positives in other rules. All the existing rules currently report security issues because a Check is delegated to another method or class. Does it make sense that your team looks closer into this and maybe join forces? |
pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/multifile/ApexMultifileAnalysis.java
Outdated
Show resolved
Hide resolved
@rsoesemann Thanks for pointing this out, this looks like a good addition for multi file analysis. We are currently investigating Dataflow analysis for Apex. We will circle back when we have more information on our planned roadmap and see how this might all fit together. FYI @rmohan20 |
|
I have moved the apexlink version to latest, there was a bugfix in the caching that could impact the output. |
|
Thanks for all the help getting my rough POC merged. Looking forward to see where we can take this next. |
Describe the PR
This is a POC for using apexlink to provide unused method analysis.
To control the global analysis I have added the flag -multifileanalysisdirectory which should be set to the root directory of the Salesforce metadata, where sfdx-project.json resides. The POC code will fail on non-SFDX projects currently but could be fixed to handle them.
If the flag is set then the apexlink analysis runs when the first class file is parsed. On large projects this analysis can take some time so this isn't a good place for it but was OK for a quick POC.
I have added an AvoidUnusedMethodRule as an example, this peeks into the 'Issues' reported by the apexlink analysis and adds a violation if there is a match. The handling here could be made more efficient, it iterates all Issues for the class on each method, but again this was sufficient to prove the approach was viable.
I have put a few extra comments in ApexMultifileAnalysis.java that will hopefully help with understanding what is happening.
Related issues