当基类中存在someObject时，使用PMD检查someObject.methodCall [英] Use PMD to check someObject.methodCall when someObject exists in base class

问题描述

我们有使用Spring框架的 NamedParameterJdbcTemplate 来执行各种JDBC语句.此类中的大多数方法都已重载.例如，一个版本的update()接受一个Map，其中的键是绑定变量名称，值是变量替换.另一个版本接受SqlParameterSource，它也允许提供列类型信息.我想写一个规则来标记使用Map版本，因为提供了类型信息

We have applications that use the Spring framework's NamedParameterJdbcTemplate to execute various JDBC statements. Most of the methods in this class are overloaded. For example, one version of update() accepts a Map, where the keys are bind variable names, values are variable substitutions. Another version accepts a SqlParameterSource, which allows column type information to be supplied as well. I would like to write a rule that flags use of the Map version, because supplying type information is important for Oracle DBs if one wants to avoid problems under heavy load.

我需要检查的一些代码是这样写的:

Some of the code I need to check is written like this:

----第1类----

---- class 1 ----

public abstract class BaseDao {
  @Autowired
  NamedParameterJdbcTemplate namedParamJdbcTemplate;
  ...
}

----第2类----

---- class 2 ----

public class ThingDao extends BaseDao {
  public int updateTheThing(final Integer thingId, final Integer someVal) {
    final Map<String, Object> sqlParameters = new HashMap<String, Object>();
    sqlParameters.put(":thingIdVar", thingId);
    sqlParameters.put(":otherVar", someVal);

    final String query =
            "UPDATE THINGTABLE SET SOME_FIELD=:otherVar WHERE THING_ID=:thingIdVar";
    return namedParamJdbcTemplate.update(query, sqlParameters);
  }

由于使用Map而不是SqlParameterSource，所以类2中的代码应引起违规.

The code in class 2 should cause a violation as it uses a Map, not a SqlParameterSource.

检查update(...)方法可能会导致误报，因为这是一个相当常见的方法名称.我只关心特定的Spring类中的那些.

Checking for update(...) methods will likely result in false positives as that's a fairly common method name. I only care about the ones in the specific Spring class.

请注意，namedParamJdbcTemplate对象是在基类中声明的，而不是在具有冲突的类中声明的.还请注意，它可以称为"namedParameterJdbcTemplate"或"template"，也可以称为开发人员想要的其他任何名称.

Note that the namedParamJdbcTemplate object is declared in a base class, it is not in the class with the violation. Also note, it could be called "namedParameterJdbcTemplate" or "template" or anything else the developer wants.

现在，我的问题.

1. 是否可以使用PMD这样检测违规?还是我需要FindBugs，因为它可以分析字节码?
2. 如果可以使用PMD，是否可以使用XPath规则或仅使用Java?
3. 有人可以给我指出一个示例，说明我该如何做这样的事情，最好是使用PMD吗? Findbugs或SonarQube也可以吗?

我已经阅读了文档，尤其是关于规则的部分比班级分析更多.我不确定RuleContext是否对我想做的事情或如何做有所帮助.

I have read the documentation, particularly the section on rules that analyze more than the class. I'm not quite sure if the RuleContext helps with what I want to do, or how.

推荐答案

您要编写自定义检查以在调用特定方法时引发问题.

You want to write a custom check to raise an issue on a call to a certain method.

正如您指出的那样，您不能依赖变量名，因此必须获取进行方法调用的对象的类型，这是另一层次的分析. 使用PMD，您将能够调用名为您想要检测的方法及其参数数量的方法.但是，如果考虑例如方法重载，那还不够精确.因此，您实际上必须引用一些类型信息以确保100％正确.

As you point it out, you cannot rely on the variable name, so you have to get the types of the object on which you are making the method call which is another level of analysis. With PMD you would be able to get a call to method named like you want to detect and its number of parameters. But that is not precise enough if you think about method overloading for instance. So you actually have to refer to some type information to be 100% sure.

所以:

1. 您可以，但是您的规则最终将是非常不精确的(但是在某些情况下这可能会令人满意).最好的方法最好是与findbugs一起使用...

1. You could but you rule would end up to be very unprecise (but that can be satisfying in some context). Best way would preferably to go with findbugs...

我认为您可以同时使用.

I think you can use both.

不能真正回答PMD，但是您可以使用sonarqube规则引擎编写自己的规则: http://docs.codehaus.org/display/SONAR/Extending+Coding+Rules

can't really answer for PMD but you can write your own rule using sonarqube rule engine : http://docs.codehaus.org/display/SONAR/Extending+Coding+Rules

我们实际上是希望在sonarqube java插件中提供此功能，以便能够访问语义信息(名称的类型和名称)，以便使用此数据编写自己的规则.

This is a feature we actually want to deliver in sonarqube java plugin to be able to access semantic information (types and signification of name) in order to write your own rules using this data.

这篇关于当基类中存在someObject时，使用PMD检查someObject.methodCall的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！