问题
We have applications that use the Spring framework's NamedParameterJdbcTemplate to execute various JDBC statements. Most of the methods in this class are overloaded. For example, one version of update() accepts a Map, where the keys are bind variable names, values are variable substitutions. Another version accepts a SqlParameterSource, which allows column type information to be supplied as well. I would like to write a rule that flags use of the Map version, because supplying type information is important for Oracle DBs if one wants to avoid problems under heavy load.
Some of the code I need to check is written like this:
---- class 1 ----
public abstract class BaseDao {
@Autowired
NamedParameterJdbcTemplate namedParamJdbcTemplate;
...
}
---- class 2 ----
public class ThingDao extends BaseDao {
public int updateTheThing(final Integer thingId, final Integer someVal) {
final Map<String, Object> sqlParameters = new HashMap<String, Object>();
sqlParameters.put(":thingIdVar", thingId);
sqlParameters.put(":otherVar", someVal);
final String query =
"UPDATE THINGTABLE SET SOME_FIELD=:otherVar WHERE THING_ID=:thingIdVar";
return namedParamJdbcTemplate.update(query, sqlParameters);
}
The code in class 2 should cause a violation as it uses a Map, not a SqlParameterSource.
Checking for update(...) methods will likely result in false positives as that's a fairly common method name. I only care about the ones in the specific Spring class.
Note that the namedParamJdbcTemplate object is declared in a base class, it is not in the class with the violation. Also note, it could be called "namedParameterJdbcTemplate" or "template" or anything else the developer wants.
Now, my questions.
- Is it possible to use PMD to detect violations like this? Or do I need FindBugs since it analyzes bytecode?
- If possible with PMD, is it possible using XPath rules or only Java?
- Can someone please point me at an example of how I would do something like this, preferably with PMD? Findbugs or SonarQube would be okay too?
I have read the documentation, particularly the section on rules that analyze more than the class. I'm not quite sure if the RuleContext helps with what I want to do, or how.
回答1:
You want to write a custom check to raise an issue on a call to a certain method.
As you point it out, you cannot rely on the variable name, so you have to get the types of the object on which you are making the method call which is another level of analysis. With PMD you would be able to get a call to method named like you want to detect and its number of parameters. But that is not precise enough if you think about method overloading for instance. So you actually have to refer to some type information to be 100% sure.
So:
You could but you rule would end up to be very unprecise (but that can be satisfying in some context). Best way would preferably to go with findbugs...
I think you can use both.
can't really answer for PMD but you can write your own rule using sonarqube rule engine : http://docs.codehaus.org/display/SONAR/Extending+Coding+Rules
This is a feature we actually want to deliver in sonarqube java plugin to be able to access semantic information (types and signification of name) in order to write your own rules using this data.
来源:https://stackoverflow.com/questions/25515294/use-pmd-to-check-someobject-methodcall-when-someobject-exists-in-base-class