SlideShare a Scribd company logo

Static Code Analysis

Annyce Davis, profile picture
Annyce Davis

The document discusses static code analysis tools such as Checkstyle, Findbugs, PMD, and Lint, which help identify issues in Java code without executing it. It includes examples of how to implement these tools in Gradle, highlighting their purposes such as checking for code quality, programming flaws, and structural issues. Additionally, the document provides resources for further reading and understanding of clean coding practices and tools.

Software
1 of 53
Downloaded 98 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
Static Code Analysis
Static Code Analysis
@brwngrldev +AnnyceDavis “I’ll be learning something new on my deathbed.”
Checking your program for errors without executing it What is it? @brwngrldev
Testing What it’s not @brwngrldev
1 / 7 - 10 @brwngrldev
Static Code Analysis
1 / 10 @brwngrldev 1000
The tools… Checkstyle 1 FindBugs 2 PMD 3 Lint 4 @brwngrldev
@brwngrldev Lint Checkstyle FindBugs PMD
Checkstyle “… a development tool to help programmers write Java code that adheres to a coding standard.”
Source Files config.xml Checkstyle Tool Modules Design Formatting Code Complexity
apply plugin: ‘checkstyle’ task checkstyle(type: Checkstyle) {
 description 'Checks if the code passes quality standards'
 group 'verification'
 
 configFile file(‘checkstyle.xml') …
 }
<module name=“MethodLength"> <property name="max" value=“60"/> </module> 
 <module name=“LineLength"> <property name="max" value=“120"/> </module>
 
 <module name=“CyclomaticComplexity"> <property name="max" value=“8"/> </module> … playerControlConfig.setShowClosedCaptionsButton(a.getBo

 <module name=“CyclomaticComplexity"> <property name="max" value=“8"/> </module>
Example
public void overlyComplexMethod(Video video) { if (video != null && video.getStreamUrl() != null) { switch (video.getCategory()) { case "CAT1" : playVideo(video); if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.largeImage.png"); } updateMetadata(video); break; case "CAT2" : if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.smallImage.png");
… warning: Cyclomatic Complexity is 9
public void overlyComplexMethod(Video video) { if (video != null && video.getStreamUrl() != null) { updateVideoBasedOnCategory(video); } } private void updateVideoBasedOnCategory(Video video) { switch (video.getCategory()) { case "CAT1" : playVideo(video); if (video.getLargeImageUrl() == null) { video.setLargeImageUrl("http://www.largeImage.png"); } updateMetadata(video); break; 7
switch (video.getCategory()) { case "CAT1" : playVideo(video); updateMetaDataAndUrl(video, "http://www.largeImage.png"); break; … 4 @brwngrldev
Review… • Formatting • Code Complexity • Refactor Gradually @brwngrldev Checkstyle 1
FindBugs
But this… “…inspect Java bytecode for occurrences of bug patterns”
apply plugin: ‘findbugs’ task findbugs(type: FindBugs) { description 'Run findbugs' group 'verification' effort 'max' excludeFilter file('findbugs-exclude.xml') …
 }
<FindBugsFilter>
 <Match>
 <Class name="~.*R$.*"/>
 </Match> <Match>
 <Bug pattern="HE_EQUALS_NO_HASHCODE"/>
 </Match> …
 </FindBugsFilter>
Example
gradle findbugs
Static Code Analysis
Static Code Analysis
Review… • Bug Patterns • Not Always Right • Use the Filters FindBugs 2 @brwngrldev
Static Code Analysis
PMD “…finds common programming flaws like unused variables, empty catch blocks…”
apply plugin: ‘pmd’ task pmd(type: Pmd) { description 'Run pmd' group 'verification' ruleSetFiles = files("./qa-checks/pmd-ruleset.xml") …
 }
<ruleset>
 <rule ref="rulesets/java/braces.xml" />
 <rule ref="rulesets/java/strings.xml" />
 <rule ref="rulesets/java/basic.xml" /> …
 </ruleset>
Braces Ruleset
Example
gradle pmd
Find out why
Fix it…
Review… • Possible Bugs • Wasteful Usage • Duplicate Code @brwngrldev PMD 3
Ewww!!!
“…checks for structural code problems that could affect the quality and performance of your application.” Lint
Lintian JSLintAndroid Lint Splint PC-Lint PyLint cpplint
Example
Android Lint <lint>
 <issue id="IconColors" severity="ignore" /> 
 <issue id="IconMissingDensityFolder" severity="ignore" /> 
 <issue id="UnusedResources">
 <ignore path="**/config.xml" />
 </issue> …
 </lint>
Static Code Analysis
Static Code Analysis
Continous Integration
Review • Structural Issues • Exclude Checks • Continuous Integration Lint 4 @brwngrldev
Summary PMD Checkstyle FindBugs Lint @brwngrldev
Resources • Clean Code - http://amzn.to/1DJybxH • Effective Java - http://amzn.to/1Ku8Xel • Google Code Style - http://goo.gl/8Pf6J3 • QA Checks - http://git.io/vCMwc • Conquering Cyclomatic Complexity - http://goo.gl/lRoPXN • Using Android Lint - http://goo.gl/Zl2BPx • Static Code Analysis Tools - https://goo.gl/0Hczxn @brwngrldev
Photo Credits • Slide 7 - https://www.flickr.com/photos/orinrobertjohn/13068719 • Slide 20 - https://www.flickr.com/photos/oakleyoriginals/2750185692 • Slide 41 - https://commons.wikimedia.org/wiki/File:Navel_lint_ball.jpg • Slide 50 - https://pixabay.com/en/thumb-success-successful-fan- faust-328420/ @brwngrldev
Thanks! @brwngrldev +AnnyceDavis www.adavis.info

More Related Content

PPTX
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
PPTX
Typescript ppt
akhilsreyas
 
PPT
Testing concepts ppt
Rathna Priya
 
PPTX
Secure coding practices
Mohammed Danish Amber
 
PPTX
Angularjs PPT
Amit Baghel
 
PDF
TypeScript - An Introduction
NexThoughts Technologies
 
PDF
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
PDF
DevSecOps What Why and How
NotSoSecure Global Services
 
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
Typescript ppt
akhilsreyas
 
Testing concepts ppt
Rathna Priya
 
Secure coding practices
Mohammed Danish Amber
 
Angularjs PPT
Amit Baghel
 
TypeScript - An Introduction
NexThoughts Technologies
 
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
DevSecOps What Why and How
NotSoSecure Global Services
 

What's hot (20)

PPTX
Software Testing or Quality Assurance
Trimantra Software Solutions
 
PPS
JUnit Presentation
priya_trivedi
 
ODP
Secure coding in C#
Siddharth Bezalwar
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
PDF
Introduction to CICD
Knoldus Inc.
 
PPTX
TypeScript Overview
Aniruddha Chakrabarti
 
PDF
Secure coding presentation Oct 3 2020
Moataz Kamel
 
PPTX
Basic Dynamic Analysis of Malware
Natraj G
 
PDF
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
PDF
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
PPTX
Pentesting ReST API
Nutan Kumar Panda
 
ODP
OWASP Secure Coding
bilcorry
 
PPTX
How To Improve Quality With Static Code Analysis
Perforce
 
PDF
Web Application Security and Awareness
Abdul Rahman Sherzad
 
PPTX
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPT
Continuous integration
amscanne
 
PPTX
Automation - web testing with selenium
Tzirla Rozental
 
PPTX
Software testing & Quality Assurance
Webtech Learning
 
PPTX
DevOps introduction
Mettje Heegstra
 
PPTX
Security Testing.pptx
osandadeshan
 
Software Testing or Quality Assurance
Trimantra Software Solutions
 
JUnit Presentation
priya_trivedi
 
Secure coding in C#
Siddharth Bezalwar
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Introduction to CICD
Knoldus Inc.
 
TypeScript Overview
Aniruddha Chakrabarti
 
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Basic Dynamic Analysis of Malware
Natraj G
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
Pentesting ReST API
Nutan Kumar Panda
 
OWASP Secure Coding
bilcorry
 
How To Improve Quality With Static Code Analysis
Perforce
 
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Continuous integration
amscanne
 
Automation - web testing with selenium
Tzirla Rozental
 
Software testing & Quality Assurance
Webtech Learning
 
DevOps introduction
Mettje Heegstra
 
Security Testing.pptx
osandadeshan
 
Ad

Similar to Static Code Analysis (20)

PDF
Infinum Android Talks #14 - How (not) to get f***** by checkstyle, pdm, findb...
Infinum
 
PDF
Achieving quality with tools case study
EosSoftware
 
PPT
Static Analysis
alice yang
 
PPTX
Java Code Quality Tools
Orest Ivasiv
 
PPTX
Static code analysis: what? how? why?
Andrey Karpov
 
PPTX
FaultHunter workshop (SourceMeter for SonarQube plugin module)
FrontEndART
 
PPSX
Coding standard
FAROOK Samath
 
PPTX
Does static analysis need machine learning?
Andrey Karpov
 
PDF
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Ganesh Samarthyam
 
PPTX
Static analysis: Around Java in 60 minutes
Andrey Karpov
 
PDF
Code analyzer: FindBugs and PMD
Kan-Han (John) Lu
 
PPT
Introduction to automated quality assurance
Philip Johnson
 
PDF
Jdj Foss Java Tools
Ganesh Samarthyam
 
PDF
Mining Fix Patterns for FindBugs Violations
Dongsun Kim
 
PDF
Infinum Android Talks #04 - Android Lint
Denis_infinum
 
PDF
Infinum Android Talks #04 - Android Lint
Infinum
 
PPTX
Static Code Analysis: Keeping the Cost of Bug Fixing Down
Andrey Karpov
 
PPTX
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
Andrey Karpov
 
PPTX
PVS-Studio and static code analysis technique
Andrey Karpov
 
PDF
Machine Learning in Static Analysis of Program Source Code
Andrey Karpov
 
Infinum Android Talks #14 - How (not) to get f***** by checkstyle, pdm, findb...
Infinum
 
Achieving quality with tools case study
EosSoftware
 
Static Analysis
alice yang
 
Java Code Quality Tools
Orest Ivasiv
 
Static code analysis: what? how? why?
Andrey Karpov
 
FaultHunter workshop (SourceMeter for SonarQube plugin module)
FrontEndART
 
Coding standard
FAROOK Samath
 
Does static analysis need machine learning?
Andrey Karpov
 
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Ganesh Samarthyam
 
Static analysis: Around Java in 60 minutes
Andrey Karpov
 
Code analyzer: FindBugs and PMD
Kan-Han (John) Lu
 
Introduction to automated quality assurance
Philip Johnson
 
Jdj Foss Java Tools
Ganesh Samarthyam
 
Mining Fix Patterns for FindBugs Violations
Dongsun Kim
 
Infinum Android Talks #04 - Android Lint
Denis_infinum
 
Infinum Android Talks #04 - Android Lint
Infinum
 
Static Code Analysis: Keeping the Cost of Bug Fixing Down
Andrey Karpov
 
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
Andrey Karpov
 
PVS-Studio and static code analysis technique
Andrey Karpov
 
Machine Learning in Static Analysis of Program Source Code
Andrey Karpov
 
Ad

More from Annyce Davis (18)

PDF
Getting a Grip on GraphQL
Annyce Davis
 
PDF
RxJava In Baby Steps
Annyce Davis
 
PDF
No internet? No Problem!
Annyce Davis
 
PDF
First Do No Harm - 360|AnDev
Annyce Davis
 
PDF
First Do No Harm - Droidcon Boston
Annyce Davis
 
PDF
Creating Gradle Plugins - Oredev
Annyce Davis
 
PDF
Developing Apps for Emerging Markets
Annyce Davis
 
PDF
Develop Maintainable Apps - edUiConf
Annyce Davis
 
PDF
Creating Gradle Plugins - GR8Conf US
Annyce Davis
 
PDF
From Grails to Android: A Simple Journey
Annyce Davis
 
PDF
Google I/O 2016 Recap
Annyce Davis
 
PDF
Say It With Video
Annyce Davis
 
PDF
Screen Robots: UI Tests in Espresso
Annyce Davis
 
PDF
Creating Gradle Plugins
Annyce Davis
 
PDF
Develop Maintainable Apps
Annyce Davis
 
PDF
Android Testing, Why So Hard?!
Annyce Davis
 
PDF
Measuring Audience Engagement through Analytics
Annyce Davis
 
PDF
DC Media Innovations Kick-Off Meetup
Annyce Davis
 
Getting a Grip on GraphQL
Annyce Davis
 
RxJava In Baby Steps
Annyce Davis
 
No internet? No Problem!
Annyce Davis
 
First Do No Harm - 360|AnDev
Annyce Davis
 
First Do No Harm - Droidcon Boston
Annyce Davis
 
Creating Gradle Plugins - Oredev
Annyce Davis
 
Developing Apps for Emerging Markets
Annyce Davis
 
Develop Maintainable Apps - edUiConf
Annyce Davis
 
Creating Gradle Plugins - GR8Conf US
Annyce Davis
 
From Grails to Android: A Simple Journey
Annyce Davis
 
Google I/O 2016 Recap
Annyce Davis
 
Say It With Video
Annyce Davis
 
Screen Robots: UI Tests in Espresso
Annyce Davis
 
Creating Gradle Plugins
Annyce Davis
 
Develop Maintainable Apps
Annyce Davis
 
Android Testing, Why So Hard?!
Annyce Davis
 
Measuring Audience Engagement through Analytics
Annyce Davis
 
DC Media Innovations Kick-Off Meetup
Annyce Davis
 

Recently uploaded (20)

PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
AI in Product Development-omnex systems
omnex systems
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Introduction to Artificial Intelligence
lohedi9363
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Introduction Database Management System for Course Database
ReinertYosua
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
AI in Product Development-omnex systems
omnex systems
 

Static Code Analysis