Click here to load reader
Sep 12, 2014
AgendaSonar with Flex pluginFlexPMDWhat is FlexPMDHow does it workFlexPMD pluginConfigurationSupported workflowsFlexCPD integrationFlexPMD Ruleset Creator SwfScan from HP FlexCover ItDepends FlexFormatting
Sonar with Flex Plugin Sonar is a tool for code quality analysis. It helps improving software quality using static analysis tools. It targets Java code, but there are plugins for Flex, C, PHP, .Net and other languages. The Flex plug-in specifically uses FlexPMD, FlexMetrics, FlexCPD and FlexMojos.
Sonars ResultsMotion Chart
What is FlexPMDFlexPMD is a tool that helps to improve code quality by auditing any AS3/Flex source directory and detecting common bad practices.http://opensource.adobe.com/wiki/display/flexpmd/FlexPMD
FlexPMD can detect:
Coding standards violationsCode duplicationUnused code (functions, variables, constants, etc.)Over-complex code (nested loops, too many conditionals, etc.)Over-long code (classes, methods, etc.)Unhandled exceptionsIncorrect use of the Flex component lifecycle (commitProperties, etc.)
How to invokeFlexPMD can currently be invoked from:
The command lineMavenAntAutomator on Mac OS XEclipseFlexBuilder TextMate on Mac OS XFlashDevelop
How does it workFlexPMD is delivered with a set of standard rules for Flex/AS development. Each source file that is processed is checked against every rule. Currently, FlexPMD produces a XML report by default, plus an HTML report when invoked by the Maven site plugin.
FlexPMD PluginThe FlexPMD Plugin is a plugin to streamline the development process in regards to FlexPMD violations
It analyses the code and marks the violations inline in the code so that developers can see them as they develop
It allows easy navigation between the list of violations and the associated code
Configure FlexPMD pluginDownload FlexPMD command line tools (http://opensource.adobe.com/wiki/display/flexpmd/Downloads )
FlexPMD command line. This is a mandatory field. You have to select the flex-pmd-command-line.jar from your hard drive.FlexPMD custom ruleset. You can leave this field empty, if so a default ruleset will be used.FlexCPD command line. You have to select the flex-pmd-cpd-command-line.jar you wish from your hard drive.
Supported workflows Code review workflowCode review workflow: As a code reviewer I want to be able to audit and review the quality of an entire project or any given functional area in terms of PMD violations.
Ideal forProjects that didnt use FlexPMD from the very beginningProjects where not all developers use FlexPMDAudit specific functional areas
BenefitsFlexPMD recommendations are displayed in a specific panel and can be sorted attending its relevance or violation type
Code Review workflowSelect any source folder in a projectRight click on itSelect FlexPMD > Run FlexPMD
Supported workflows Development workflowDevelopment workflow: As a developer I want to see PMD violations in the files I'm working in. If a file changes the violations should be updated immediately.
Ideal forProjects that start using FlexPMD from the very beginningTeams that proactively want to promote collective code and team best practices
BenefitsFlexPMD execute automatically on every compilation
Development workflowRight click in a projectSelect FlexPMD > Add FlexPMD Nature
Note: If at any point you want to remove the nature you can select FlexPMD > Remove FlexPMD Nature
FlexPMD OutlineIn the FlexPMD Outline View you'll see the violations in the currently opened editor.
If the arrows button is toggled, whenever the file is saved FlexPMD will be re-executed on it and the Outline will be updated providing always up-to-date information to the developer with very little delay and without having to compile the entire project.
FlexCPD integrationFlexCPD can detect suspect copy/paste sections of code in your project.Executes on demandYou can execute FlexCPD by right-click in a source folder and select FlexPMD > Find suspect cut & paste. Creates a list of snippets of duplicated codeYou can navigate to the source code file by double clicking on the item
FlexPMD Ruleset Creatorhttp://opensource.adobe.com/svn/opensource/flexpmd/bin/flex-pmd-ruleset-creator.html
SwfScan from HPHP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.
How SWFScan works and what vulnerabilities it finds: Decompiles applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure. (The tool couldnt decompile flash files protected with SWFEncrypt.)
SwfScan from HP SettingsIt looks for about 75 known security vulnerabilities that are targeted by malicious hackers.
This includes unprotected confidential data, cross-site scripting, cross-domain privilege escalation, and user input that does not get validated.
SwfScan from HP Results
FlexCoverFlexcover - a tool that measures how much of your Flex, AIR or AS3 application code actually runs when tested.http://code.google.com/p/flexcover/
Install FlexCoverCreate a copy of the Flex SDK that you will customize for FlexcoverModify this custom SDK to use the Flexcover compilers and libraries.Modify your own build tools to use the custom Flexcover SDKInstall the CoverageViewer AIR Application
The .cvm file will be generated
FlexCoverLaunch the Coverage Viewer, then click the Load File... button; in the resulting dialog, locate the xxx.cvm file and click Open.
ItDependsItDepends is a tool for visually exploring the dependencies between classes and packages in an Adobe Flex application, with the aim of making it easy for developers to understand how their application can be made smaller and/or broken up into dynamically loadable moduleshttp://code.google.com/p/it-depends/wiki/UsingItDepends
ItDepends works with an XML link report file generated by the MXMLC compiler's -link-report option. This file describes all the classes in the application and their dependencies and code sizes.
FlexFormattingEclipse plugin that provides mxml/actionscript source code formattingUpdate site - http://flexformatter.googlecode.com/svn/trunk/FlexFormatter/FlexPrettyPrintCommandUpdateSite/
FlexFormatting Example Before & After