diff --git a/.gitignore b/.gitignore index a7d27fb6c3..edd8062e07 100644 --- a/.gitignore +++ b/.gitignore @@ -41,4 +41,4 @@ maka-vlc/ /fastlane/report.xml /fastlane/README.md -findbugs-report +reports \ No newline at end of file diff --git a/app/build.gradle b/app/build.gradle index 7f35ca1db0..7e1e325dd0 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -3,7 +3,8 @@ apply plugin: 'kotlin-android' apply plugin: 'kotlin-kapt' apply plugin: 'kotlin-android-extensions' apply from: '../code_quality_tools/jacoco.gradle' -apply from: '../code_quality_tools/quality.gradle' +apply from: '../code_quality_tools/findbugs.gradle' +apply from: '../code_quality_tools/checkstyle.gradle' def globalConf = rootProject.ext android { diff --git a/code_quality_tools/checkstyle-noframes-sorted.xsl b/code_quality_tools/checkstyle-noframes-sorted.xsl new file mode 100644 index 0000000000..6b884f19ce --- /dev/null +++ b/code_quality_tools/checkstyle-noframes-sorted.xsl @@ -0,0 +1,177 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +

CheckStyle Audit

Designed for use with CheckStyle and Ant.
+
+ + + +
+ + + +
+ + + + +
+ + + + + + + + + +

Files

+ + + + + + + + + + + + + + + +
NameErrors
+ + + + + +

File

+ + + + + + + + + + + + + + +
Error DescriptionLine
+ Back to top + + + + +

Summary

+ + + + + + + + + + + + +
FilesErrors
+ + + + + a + b + + + \ No newline at end of file diff --git a/code_quality_tools/checkstyle.gradle b/code_quality_tools/checkstyle.gradle new file mode 100644 index 0000000000..ec234850a0 --- /dev/null +++ b/code_quality_tools/checkstyle.gradle @@ -0,0 +1,22 @@ +apply plugin: 'checkstyle' + +checkstyle { + configFile file("${project.rootDir}/code_quality_tools/checkstyle.xml") + ignoreFailures false + showViolations true + configProperties = [ + 'checkstyle.cache.file': file('${project.rootDir}/reports/checkstyle/checkstyle.cache'), + ] +} + +task checkstyle(type: Checkstyle) { + source 'src/main', 'src/release' + include '**/*.java' + exclude '**/gen/**' + exclude '**/R.java' + exclude '**/BuildConfig.java' + reports { + html.destination "${project.rootDir}/reports/checkstyle/main.html" + } + classpath = files() +} \ No newline at end of file diff --git a/code_quality_tools/checkstyle.xml b/code_quality_tools/checkstyle.xml new file mode 100644 index 0000000000..9611c3032a --- /dev/null +++ b/code_quality_tools/checkstyle.xml @@ -0,0 +1,128 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/code_quality_tools/quality.gradle b/code_quality_tools/findbugs.gradle similarity index 78% rename from code_quality_tools/quality.gradle rename to code_quality_tools/findbugs.gradle index f47e5b5127..be85d50d15 100644 --- a/code_quality_tools/quality.gradle +++ b/code_quality_tools/findbugs.gradle @@ -10,11 +10,11 @@ task findbugs(type: FindBugs) { html.enabled = true xml.enabled = false html { - destination "${project.rootDir}/findbugs-report/findbugs-output.html" + destination "${project.rootDir}/reports/findbugs-output.html" } } - classes = files("${project.projectDir}/build/intermediates/classes") + classes = files("${project.rootDir}/build/intermediates/classes") source = fileTree('src/main/java') // If somebody has an idea how to make this work with support libraries -> open a PR please. diff --git a/reports/findbugs-output.html b/reports/findbugs-output.html new file mode 100644 index 0000000000..a24de9e2b2 --- /dev/null +++ b/reports/findbugs-output.html @@ -0,0 +1,586 @@ + + + +FindBugs Report + + + + +

+FindBugs Report

+

Project Information

+

Project: +

+

FindBugs version: 3.0.1

+

Code analyzed:

+ +

+
+
+

+

Metrics

+

73205 lines of code analyzed, + in 2256 classes, + in 143 packages.

+ + + + + + + + + + + + + + + + + + + + +
MetricTotalDensity*
High Priority Warnings220.30
Medium Priority Warnings +0.00
+Total Warnings + +22 + +0.30 +
+

+(* Defects per Thousand lines of non-commenting source statements) +

+

+
+
+

+

Contents

+ +

Summary

+ + + + + + + + + + + + + + + + + + + + + + + + + +
Warning TypeNumber
+Correctness Warnings +12
+Internationalization Warnings +2
+Malicious code vulnerability Warnings +1
+Dodgy code Warnings +7
+Total + +22 +
+

Warnings

+

Click on a warning row to see full context information.

+

+Correctness Warnings +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CodeWarning
+MF +Field SectionsFragment.localProgressManager masks field in superclass org.stepic.droid.base.FragmentBase
+ + +
+MF +Field SectionsFragment.shareHelper masks field in superclass org.stepic.droid.base.FragmentBase
+ + +
+NP +Null passed for non-null parameter of org.stepic.droid.util.StepikLogicHelper.getPathForCourseOrEmpty(Course, Config) in org.stepic.droid.ui.fragments.SectionsFragment.resolveJoinCourseView()
+ + +
+RCN +Nullcheck of CancelLoadingService.databaseFacade at line 59 of value previously dereferenced in org.stepic.droid.services.CancelLoadingService.cancelStepVideo(long)
+ + +
+RCN +Nullcheck of DeleteService.databaseFacade at line 115 of value previously dereferenced in org.stepic.droid.services.DeleteService.removeFromDisk(long)
+ + +
+RCN +Nullcheck of DeleteService.databaseFacade at line 87 of value previously dereferenced in org.stepic.droid.services.DeleteService.removeFromDisk(Step)
+ + +
+RCN +Nullcheck of UpdateWithApkService.userPrefs at line 46 of value previously dereferenced in org.stepic.droid.services.UpdateWithApkService.updateFromRemoteApk(String)
+ + +
+RCN +Nullcheck of CommentsFragment.commentManager at line 521 of value previously dereferenced in org.stepic.droid.ui.fragments.CommentsFragment.onCommentsLoaded()
+ + +
+RCN +Nullcheck of CommentsFragment.commentManager at line 497 of value previously dereferenced in org.stepic.droid.ui.fragments.CommentsFragment.onEmptyComments(DiscussionProxy)
+ + +
+RCN +Nullcheck of CommentsFragment.commentManager at line 307 of value previously dereferenced in org.stepic.droid.ui.fragments.CommentsFragment.openUserProfile(int)
+ + +
+RCN +Nullcheck of id at line 112 of value previously dereferenced in org.stepic.droid.util.HtmlHelperTest.predictCourseIdByHtml(long, String)
+ + +
+RCN +Nullcheck of authenticationStepicResponse at line 178 of value previously dereferenced in org.stepic.droid.web.ApiImpl$1.intercept(Interceptor$Chain)
+ + +
+

+Internationalization Warnings +

+ + + + + + + + + + + + + + + + + + + +
CodeWarning
+Dm +Found reliance on default encoding in org.stepic.droid.configuration.ConfigImpl$ConfigFactory.create(): new java.io.InputStreamReader(InputStream)
+ + +
+Dm +Found reliance on default encoding in org.stepic.droid.util.AndroidDevices.getStorageDirectories(): new java.io.FileReader(String)
+ + +
+

+Malicious code vulnerability Warnings +

+ + + + + + + + + + + + +
CodeWarning
+MS +org.stepic.droid.ui.fragments.SectionsFragment.joinFlag isn't final but should be
+ + +
+

+Dodgy code Warnings +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CodeWarning
+RCN +Redundant nullcheck of org.stepic.droid.base.FragmentBase.unbinder, which is known to be non-null in org.stepic.droid.base.FragmentBase.onDestroyView()
+ + +
+RCN +Redundant nullcheck of org.stepic.droid.core.DefaultFilterImpl.isNeedRussian, which is known to be non-null in org.stepic.droid.core.DefaultFilterImpl.isNeedRussian()
+ + +
+RCN +Redundant nullcheck of org.stepic.droid.core.presenters.CertificatePresenter.certificateViewItemList, which is known to be non-null in org.stepic.droid.core.presenters.CertificatePresenter.showCertificates(boolean)
+ + +
+RCN +Redundant nullcheck of org.stepic.droid.core.presenters.LessonPresenter.lesson, which is known to be non-null in org.stepic.droid.core.presenters.LessonPresenter.initUnitLessonWithIds(long, long)
+ + +
+RCN +Redundant nullcheck of nextUnitId, which is known to be non-null in org.stepic.droid.core.presenters.RouteStepPresenter$clickLessonBase$1.run()
+ + +
+RCN +Redundant nullcheck of org.stepic.droid.ui.dialogs.TimeIntervalPickerDialogFragment.picker, which is known to be non-null in org.stepic.droid.ui.dialogs.TimeIntervalPickerDialogFragment.onCreateDialog(Bundle)
+ + +
+RCN +Redundant nullcheck of org.stepic.droid.ui.fragments.VideoExoFragment.player, which is known to be non-null in org.stepic.droid.ui.fragments.VideoExoFragment.onInternetEnabled()
+ + +
+

+Details +

+

+DM_DEFAULT_ENCODING: Reliance on default encoding +

+ +

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

+ + +

+MF_CLASS_MASKS_FIELD: Class defines field that masks a superclass field +

+ +

This class defines a field with the same name as a visible +instance field in a superclass. This is confusing, and +may indicate an error if methods update or access one of +the fields when they wanted the other.

+ + +

+MS_SHOULD_BE_FINAL: Field isn't final but should be +

+ +

+This static field public but not final, and +could be changed by malicious code or + by accident from another package. + The field could be made final to avoid + this vulnerability.

+ + +

+NP_NULL_PARAM_DEREF: Method call passes null for non-null parameter +

+ +

+ This method call passes a null value for a non-null method parameter. + Either the parameter is annotated as a parameter that should + always be non-null, or analysis has shown that it will always be + dereferenced. +

+ + +

+RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE: Nullcheck of value previously dereferenced +

+ +

A value is checked here to see whether it is null, but this value can't +be null because it was previously dereferenced and if it were null a null pointer +exception would have occurred at the earlier dereference. +Essentially, this code and the previous dereference +disagree as to whether this value is allowed to be null. Either the check is redundant +or the previous dereference is erroneous.

+ + +

+RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE: Redundant nullcheck of value known to be non-null +

+ +

This method contains a redundant check of a known non-null value against +the constant null.

+ + +