From 09d4f069e48a0b4ab7359bbcc3b299d222721230 Mon Sep 17 00:00:00 2001
From: vempo <vitaliy.emporopulo@amdocs.com>
Date: Tue, 29 Aug 2017 18:15:04 +0300
Subject: Set up static analysis for on-boarding

Configured PMD Maven plugin in the onboarding pom.xml, with a custom ruleset.
Currently disabled by default, can be ran on demand.

Change-Id: I0e7ba1aeb1aefcea86fc2534ebc62343057f7c34
Issue-ID: SDC-246
Signed-off-by: vempo <vitaliy.emporopulo@amdocs.com>
---
 .../src/main/resources/build-pmd-ruleset.xml       | 42 ++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 build-tools/src/main/resources/build-pmd-ruleset.xml

(limited to 'build-tools/src/main')

diff --git a/build-tools/src/main/resources/build-pmd-ruleset.xml b/build-tools/src/main/resources/build-pmd-ruleset.xml
new file mode 100644
index 0000000000..dd8984a970
--- /dev/null
+++ b/build-tools/src/main/resources/build-pmd-ruleset.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<ruleset name="SDC Essential Rule-set"
+         xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd http://pmd.sourceforge.net/ruleset/2.0.0 ">
+
+    <description>
+        Essential rules according to SonarQube. Note that it is impossible to make PMD rules exactly match the
+        SonarQube ones, but they will probably catch about 90% of violations before they get into the source control.
+        The advantage is that PMD can be ran locally on any development setup and does not require a license.
+    </description>
+
+    <!--
+        All available Java rule-sets: https://pmd.github.io/pmd-5.6.1/pmd-java/rules/index.html
+    -->
+
+    <!-- Blocker severity in SonarQube -->
+    <rule ref="rulesets/java/strictexception.xml/AvoidCatchingThrowable"/>
+    <rule ref="rulesets/java/empty.xml/EmptyCatchBlock">
+        <properties>
+            <property name="allowCommentedBlocks" value="true"/>
+        </properties>
+    </rule>
+
+    <!-- THERE IS NO GOOD RULE TO CATCH NULL DEREFERENCING IN PMD -->
+    <rule ref="rulesets/java/basic.xml/MisplacedNullCheck"/>
+    <rule ref="rulesets/java/basic.xml/BrokenNullCheck"/>
+
+
+    <rule ref="rulesets/java/design.xml/CloseResource">
+        <properties>
+            <property name="types"
+                      value="java.sql.Connection,java.sql.Statement,java.sql.ResultSet,java.io.OutputStream,java.net.URLConnection,java.io.InputStream,java.io.FileInputStream,java.io.FileOutputStream,java.util.zip.ZipOutputStream,java.util.zip.ZipInputStream,java.util.jar.JarInputStream,java.util.jar.JarOutputStream,java.io.BufferedReader,java.io.BufferedWriter"/>
+        </properties>
+    </rule>
+    <rule ref="rulesets/java/basic.xml/OverrideBothEqualsAndHashcode"/>
+
+    <!--
+        Critical severity in SonarQube. Should be empty until all Critical have been fixed.
+    -->
+
+</ruleset>
\ No newline at end of file
-- 
cgit 1.2.3-korg