Skip to content

Commit

Permalink
Merge pull request #1 from cnumr/main
Browse files Browse the repository at this point in the history
sync
  • Loading branch information
Silicoman authored Nov 19, 2022
2 parents ccce1c2 + 4d3b63e commit c3433d5
Show file tree
Hide file tree
Showing 250 changed files with 7,226 additions and 721 deletions.
12 changes: 9 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@ name: Build
on:
push:
branches:
- master
- sonarcloud
- main
pull_request:
types: [opened, synchronize, reopened]
jobs:
Expand All @@ -30,8 +29,15 @@ jobs:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
- name: Prepare CodeNarc dependency
working-directory: ./src
run: |
./prepare-codenarc
- name: Build and analyze
working-directory: ./src
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -f ./src/pom.xml -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=cnumr_ecoCode -Dsonar.sources=./src
run: mvn -e -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=cnumr_ecoCode -Dsonar.exclusions=**/src/codenarc-converter/**,**/*.groovy,**/src/android-plugin/src/test/**,**/*.dummy
11 changes: 10 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Markdown
README.md.tmp.html

# Maven
target/
pom.xml.tag
pom.xml.releaseBackup
Expand All @@ -12,9 +14,16 @@ buildNumber.properties
# https://github.com/takari/maven-wrapper#usage-without-binary-jar
.mvn/wrapper/maven-wrapper.jar

# Gradle
.gradle/

# Eclipse m2e generated files
# Eclipse Core
.project
.idea
# JDT-specific (Eclipse Java Development Tools)
.classpath
**/.settings
.settings/

# IntelliJ IDEA settings
.idea
674 changes: 674 additions & 0 deletions COPYING

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

---

*ecoCode* is a collective project aiming at the reduction the environmental footprint of software at the code level. The goal of the project is to provide a list of static code analyzers to highlight code structures that may have a negative ecological impact: energy and resources over-consumption, "fatware", shortening terminals' lifespan, etc.
*ecoCode* is a collective project aiming to reduce environmental footprint of software at the code level. The goal of the project is to provide a list of static code analyzers to highlight code structures that may have a negative ecological impact: energy and resources over-consumption, "fatware", shortening terminals' lifespan, etc.

ecoCode is based on evolving catalogs of [good practices](docs/rules), for various technologies. A SonarQube plugin then implement these catalogs as rules for scanning your projects.

Expand Down Expand Up @@ -37,7 +37,7 @@ We are listening to you to make the project progress collectively, and maybe wit

WE NEED YOU !

Here the starter-pack : https://github.com/cnumr/ecoCode/blob/start-pack/hackathon/starter-pack.md
Here the [starter-pack](./hackathon/starter-pack.md)

## 🤓 Main contributors

Expand Down
3 changes: 2 additions & 1 deletion docs/rules/web-matrix.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,5 @@ Here is the list of rules already available in ecoCode project code.
| Use the $i++ variable during an iteration ||| | | | |
| Calling a function in the declaration of a for loop ||| || | |
| Perform an SQL query inside a loop ||| | | | |
| Write SELECT * FROM ||| || | |
| Write SELECT * FROM ||| || | |
| Calling a Spring repository inside a loop || 🚫 | 🚫 | 🚫 | 🚫 | 🚫 |
5 changes: 4 additions & 1 deletion hackathon/starter-pack.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,11 @@ https://olegoaer.perso.univ-pau.fr/android-energy-smells/
### Prerequesites

You will need to install Docker : https://docs.docker.com/get-docker/

Docker-compose 3.9 : https://docs.docker.com/compose/install/
Java >=8 for Sonarqube plugin Development : https://www.java.com/fr/download/manual.jsp

Java >=11 for Sonarqube plugin Development : https://www.java.com/fr/download/manual.jsp

Maven 3 for Sonarqube plugin Development : https://maven.apache.org/download.cgi

Additionnaly, install Git : https://git-scm.com/book/en/v2/Getting-Started-Installing-Git
Expand Down
4 changes: 1 addition & 3 deletions hackathon/work-packages.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,12 +68,10 @@ The set of rules comes from the detailed [Energy Smells catalog](https://olegoae
| ESOB009 | Day Night Mode | File System, Xml |
| ESOB014 | High Frame Rate | Java |
| EBAT001 | Service@Boot-time | Java, Xml |
| EREL003 | Supported Version Range | Xml, Gradle |
| EREL004 | Same dependencies | Gradle |
| EREL005 | Duplicate dependencies | Gradle |
| EREL006 | Fat app | Gradle |
| EREL007 | Clear cache | Java |
| EREL008 | Concert to WebP | File System |
| EREL008 | Convert to WebP | File System |
| EREL009 | Shrink Resources | Gradle |
| EREL010 | Disable Obfuscation | Gradle |

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
<p>Do not execute an SQL request in a loop</p>
<h2>Noncompliant Code Example</h2>
<pre>

def foo():
...
baseQuery= "SELECT name FROM users where id = "
for i in range(0,20):
query=query + str(i)
cursor.execute(query) #Noncompliant
for row in cursor:
print(row)
...
cursor.close()
-----------------------------------------------------------
def foo():
...
baseQuery= "SELECT name FROM users where id = "
data = [ i for i in range(0,20) ]
cursor.executemany(baseQuery,data)
for row in cursor:
print(row)
...
cursor.close()

</pre>


<h2>Compliant Solution</h2>
<pre>

def foo() {
...
query = "SELECT name FROM users where id in (0 "
for i in range(0,20):
query = query +","+str(i)
query+=")"
cursor.execute(query) #compliant

# iterate through the resultset
for row in cursor:
print(row)

cursor.close();
...
}

</pre>
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"title": "Avoid SQL request in loop",
"type": "CODE_SMELL",

"status": "ready",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "10min"
},
"tags": [
"eco-conception"
],
"defaultSeverity": "Minor"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
package fr.cnumr.python.checks;

import org.junit.Test;
import org.sonar.python.checks.utils.PythonCheckVerifier;

public class AvoidSQLRequestInLoopCheckTest {

@Test
public void test() {
PythonCheckVerifier.verify("src/test/resources/checks/AvoidSQLRequestInLoopCheck.py", new AvoidSQLRequestInLoopCheckTest());
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
import mysql.connector


class AvoidSQLRequestInLoopCheck:
def testWithNoLoop(self):
try :
db = mysql.connector.connect(option_files='my.conf', use_pure=True)
cursor=db.cursor()
query = "SELECT * FROM users"
cursor.execute(query)
with row in cursor:
print(row.id)
cursor.close()
db.close()
except :
print("Got an exception")
db.close()

def testWithForLoop():
try:
db = mysql.connector.connect(option_files='my.conf', use_pure=True)
query = "SELECT * FROM users where id = "
for i in range(0,20):
cursor=db.cursor()
query+=str(i)
cursor.execute(query) #Noncompliant
with row in cursor:
print(row.name)
cursor.close()
except :
print("Got an exception")
db.close()

def testWithWhileLoop():
try:
db = mysql.connector.connect(option_files='my.conf', use_pure=True)
query = "SELECT * FROM users where id = "
i = 0
while i<20:

cursor=db.cursor()
query+=str(i)
cursor.execute(query) #Noncompliant
with row in cursor:
print(row.name)
cursor.close()
i+=1
except :
print("Got an exception")
db.close()

def testWithExecuteMany():
try:
db =db = mysql.connector.connect(option_files='my.conf', use_pure=True)
query = "SELECT * FROM users where id = %d"
cursor=db.cursor()
data = [i for i in range(20)]
cursor.executemany(query,data)
with row in cursor:
print(row.name)
cursor.close()
except:
print("Got an exception")
db.close()
5 changes: 3 additions & 2 deletions src/.gitignore
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
!.gitignore
.*
node_modules
yarn.lock
target/
node/
.idea
.DS_Store
*.iml
/lib/*.jar
bin
35 changes: 24 additions & 11 deletions src/INSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@ You will find more information about the plugins’ architecture in their folder

### Prerequisites

- Java >= 8
- Java >= 11
- Mvn 3


### Preliminary steps
### Preliminary steps (only Android)

The Android plugin uses [CodeNarc](https://codenarc.org/) to scan the gradle files of Android projects. To have more information about CodeNarc: [CodeNarc](/codenarc-converter/CodeNarc/README.md).

Expand All @@ -42,11 +42,7 @@ CodeNarc must be built separately. Please see the following steps:
Build CodeNarc (Gradle 6.9.2, Java 11), then add this custom-built CodeNarc to Maven dependencies:

```sh
cd codenarc-converter/CodeNarc
./gradlew build -x test
cd ..
mvn initialize
cd ..
./prepare-codenarc
```


Expand All @@ -56,10 +52,12 @@ You can build the project code by running the following command in the `src` dir
Maven will download the required dependencies.

```sh
mvn clean install
./build.sh

# execute `mvn clean install`
```

Each plugin is generated in its own `src/<plugin>/target` directory, but they are also copied to the `src/lib` directory.
Each plugin is generated in its own `<plugin>/target` directory, but they are also copied to the `lib` directory.



Expand All @@ -75,7 +73,9 @@ You must have built the plugins (see the steps above).
Run the SonarQube + PostgreSQL stack:

```sh
docker-compose up --build -d
./init_reinit.sh

# execute `docker-compose up --build -d`
```

Check if the containers are up:
Expand Down Expand Up @@ -138,7 +138,20 @@ Install dependencies from the root directory:
mvn clean install
```

.jar files (one per plugin) will be moved in `src/lib` repository after build.
.jar files (one per plugin) will be moved in `lib` repository after build.

## Howto start or stop service (already installed)

Once you did the installation a first time (and then you did custom configuration like quality gates, quality profiles, ...),
if you only want to start (or stop properly) existing services :

```sh
./start.sh
# execute `docker-compose start`

./stop.sh
# execute `docker-compose stop`
```

## Links

Expand Down
14 changes: 14 additions & 0 deletions src/android-plugin/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ Tests are located under:
Build CodeNarc (gradle 6.9.2, Java 11):

```sh
cd /codenarc-converter/CodeNarc
./gradlew build -x test
```

Expand Down Expand Up @@ -119,3 +120,16 @@ For XML rules:
## License

Licensed under the [GNU Lesser General Public License, Version 3.0](https://www.gnu.org/licenses/lgpl.txt)

## How to cite this work?

If you use ecoCode in an academic work we would be really glad if you cite our seminal paper using the following bibtex (to appear):
```
@inproceedings{DBLP:conf/ase/LeGoaer2022,
author = {Olivier Le Goaer and Julien Hertout},
title = {ecoCode: a SonarQube Plugin to Remove Energy Smells from Android Projects},
booktitle = {{ACM/IEEE} International Conference on Automated Software Engineering,
{ASE} '22, Michigan, USA - October 10 - 14, 2022},
year = {2022}
}
```
Loading

0 comments on commit c3433d5

Please sign in to comment.