This section is a howto guide for auditing source with Lint4j by using Sun's PetStore Blueprint as an example.
The first step is to construct the source and class path information that are needed by the tool to perform a full analysis. For projects with scattered source directories, generated sources, and many dependencies this can look painful. Let's look at how the configuration for Sun's PetStore BluePrint example was created.
The first step is to construct the source path. Change to the base directory of the project, and then look for the first package of the source code, in this case "com" (aka com.sun.j2ee).
%pwd /Users/Shared/petstore1.3.2 %find . -name com | tr '\n' ':' | sed 's|/com:|:|g' src/apps/admin/src/admin:src/apps/admin/src/client:src/apps/opc/src:src/ apps/petstore/src:src/apps/supplier/src:src/components/address/src:src/com ponents/asyncsender/src:src/components/cart/src:src/components/catalog/src:. /src/components/contactinfo/src:src/components/creditcard/src:src/components /customer/src:src/components/encodingfilter/src:src/components/lineitem/src: src/components/mailer/src:src/components/processmanager/src:src/components /purchaseorder/src:src/components/servicelocator/src:src/components/signon/s rc:src/components/supplierpo/src:src/components/uidgen/src:src/components/ util/tracer/src:src/components/xmldocuments/src:src/waf/src/controller:src /waf/src/view/taglibs:src/waf/src/view/template:
The result can be passed as the value for the -sourcepath
option of the lint4j launcher. If the audit is conducted using the Ant task, the following commands will produce the value for the sourcepath
option:
%find . -name com | tr '\n' ',' | sed 's|/com,|,|g'
Now the class path has to be set. Again, the find command helps us out:
%find . -type f -name \*.jar -o -name \*.zip | tr '\n' ':' src/apps/admin/src/client/crimson.jar:src/apps/admin/src/client/jaxp.jar:s rc/lib/ant/lib/ant.jar:src/lib/ant/lib/jaxp.jar:src/lib/ant/lib/parser.jar:. /src/lib/base64/base64.jar:src/lib/jstl/commons-collections.jar:src/lib/jstl /commons-JXPath-0.1-dev.jar:src/lib/jstl/commons-logging.jar:src/lib/jstl/ja xen-full.jar:src/lib/jstl/jdbc2_0-stdext.jar:src/lib/jstl/jstl.jar:src/lib /jstl/saxpath.jar:src/lib/jstl/standard.jar
Or, to produce the format used in the Ant task:
%find . -type f -name \*.jar -o -name \*.zip | tr '\n' ','
Let's run the first test. We use the option -v 1
to get only the severest warnings.
lint4j -v 1 -sourcepath src/apps/admin/src/admin:src/apps/admin/src/client:src/apps/opc/src:src/apps/petstore/src:src/apps/supplier/src:src/components/address/src:src/components/asyncsender/src:src/components/cart/src:src/components/catalog/src:src/components/contactinfo/src:src/components/creditcard/src:src/components/customer/src:src/components/encodingfilter/src:src/components/lineitem/src:src/components/mailer/src:src/components/processmanager/src:src/components/purchaseorder/src:src/components/servicelocator/src:src/components/signon/src:src/components/supplierpo/src:src/components/uidgen/src:src/components/util/tracer/src:src/components/xmldocuments/src:src/waf/src/controller:src/waf/src/view/taglibs:src/waf/src/view/template -classpath src/apps/admin/src/client/crimson.jar:src/apps/admin/src/client/jaxp.jar:src/lib/ant/lib/ant.jar:src/lib/ant/lib/jaxp.jar:src/lib/ant/lib/parser.jar:src/lib/base64/base64.jar:src/lib/jstl/commons-collections.jar:src/lib/jstl/commons-JXPath-0.1-dev.jar:src/lib/jstl/commons-logging.jar:src/lib/jstl/jaxen-full.jar:src/lib/jstl/jdbc2_0-stdext.jar:src/lib/jstl/jstl.jar:src/lib/jstl/saxpath.jar:src/lib/jstl/standard.jar com.sun.j2ee.\* src/apps/petstore/src/com/sun/j2ee/blueprints/petstore/tools/populate/AddressPopulator.java:94: (1): The local variable "address" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.petstore.tools.populate.AddressPopulator src/apps/petstore/src/com/sun/j2ee/blueprints/petstore/tools/populate/UserPopulator.java:87: (1): The local variable "userHome" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.petstore.tools.populate.UserPopulator src/components/xmldocuments/src/com/sun/j2ee/blueprints/xmldocuments/tpa/TPAInvoiceXDE.java:92: (1): The local variable "systemId" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.xmldocuments.tpa.TPAInvoiceXDE src/components/xmldocuments/src/com/sun/j2ee/blueprints/xmldocuments/tpa/TPASupplierOrderXDE.java:99: (1): The local variable "systemId" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.xmldocuments.tpa.TPASupplierOrderXDE src/apps/admin/src/client/com/sun/j2ee/blueprints/admin/client/DataSource.java:204: (1): The enclosing class "com.sun.j2ee.blueprints.admin.client.DataSource.RefreshAction" of this inner class must implement Serializable, but it doesnt. src/apps/admin/src/client/com/sun/j2ee/blueprints/admin/client/DataSource.java:295: (1): The enclosing class "com.sun.j2ee.blueprints.admin.client.DataSource.OrdersViewTableModel" of this inner class must implement Serializable, but it doesnt. src/apps/admin/src/client/com/sun/j2ee/blueprints/admin/client/DataSource.java:416: (1): The enclosing class "com.sun.j2ee.blueprints.admin.client.DataSource.OrdersApproveTableModel" of this inner class must implement Serializable, but it doesnt. src/apps/admin/src/client/com/sun/j2ee/blueprints/admin/client/DataSource.java:609: (1): The enclosing class "com.sun.j2ee.blueprints.admin.client.DataSource.ChartModel.RefreshChartAction" of this inner class must implement Serializable, but it doesnt. src/components/catalog/src/com/sun/j2ee/blueprints/catalog/client/CatalogHelper.java:166: (1): The local variable "locale" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.catalog.client.CatalogHelper Please add the following types to your classpath for full analysis: [javax.ejb.EJBObject, javax.ejb.EJBHome, javax.servlet.http.HttpServlet, SessionBean, javax.activation.DataSource, javax.servlet.http.HttpSession, javax.mail.Session, javax.servlet.jsp.tagext.TagSupport, Queue, javax.servlet.Filter, TopicConnectionFactory, javax.ejb.EJBLocalObject, javax.jms.TopicConnectionFactory, java.awt.RenderingHints$Key, javax.servlet.http.HttpSessionListener, javax.servlet.http.HttpServletRequest, QueueConnectionFactory, javax.ejb.EntityBean, HttpServlet, javax.servlet.http.HttpSessionAttributeListener, javax.ejb.MessageDrivenBean, javax.ejb.EJBLocalHome, javax.ejb.SessionBean, javax.servlet.ServletContext]
Lint4j warns that it could not perform a full analysis, because the jar files for the EJB, JavaMail, Activation, Servlet, and JMS API are missing from the classpath. They need to be downloaded and added to the class path.
The full analysis can be found in the sample reports section on the web site.