trusty-analyze 0.2.0

Sidecar code-analysis daemon for trusty-search: complexity, smells, quality, facts
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

//! `PmdTool` — Java diagnostics via `pmd`.
//!
//! Why: PMD is a mature Java static analyzer with a structured JSON report.
//! What: runs `pmd check -f json -d <file> --no-fail-on-violation` and walks
//! `files[].violations[]`, mapping PMD priority to a `Severity`.
//! Test: `parse_pmd_json_extracts_violation` parses a captured report.

use std::path::Path;

use anyhow::Result;
use serde_json::Value;

use super::run_command;
use crate::core::tools::{Severity, StaticTool, ToolDiagnostic};

/// Java static-analysis tool backed by `pmd`.
pub struct PmdTool;

impl StaticTool for PmdTool {
    fn name(&self) -> &str {
        "pmd"
    }

    fn language(&self) -> &str {
        "java"
    }

    fn is_available(&self) -> bool {
        which::which("pmd").is_ok()
    }

    fn run(&self, file: &Path, _content: &str) -> Result<Vec<ToolDiagnostic>> {
        let dir = file.parent().unwrap_or_else(|| Path::new("."));
        let path = file.to_string_lossy();
        let out = match run_command(
            "pmd",
            &["check", "-f", "json", "-d", &path, "--no-fail-on-violation"],
            dir,
        ) {
            Ok(o) => o,
            Err(e) => {
                tracing::debug!("pmd invocation failed: {e}");
                return Ok(Vec::new());
            }
        };
        Ok(parse_pmd_json(&out.stdout))
    }
}

/// Parse PMD's JSON report into diagnostics.
fn parse_pmd_json(stdout: &str) -> Vec<ToolDiagnostic> {
    let Ok(root) = serde_json::from_str::<Value>(stdout.trim()) else {
        return Vec::new();
    };
    let Some(files) = root.get("files").and_then(Value::as_array) else {
        return Vec::new();
    };
    let mut diags = Vec::new();
    for file_entry in files {
        let file = file_entry
            .get("filename")
            .and_then(Value::as_str)
            .unwrap_or("")
            .to_string();
        let Some(violations) = file_entry.get("violations").and_then(Value::as_array) else {
            continue;
        };
        for v in violations {
            diags.push(pmd_violation_to_diag(v, &file));
        }
    }
    diags
}

/// Convert one PMD violation into a `ToolDiagnostic`.
fn pmd_violation_to_diag(v: &Value, file: &str) -> ToolDiagnostic {
    let line = v.get("beginline").and_then(Value::as_u64).unwrap_or(0) as u32;
    let col = v.get("begincolumn").and_then(Value::as_u64).unwrap_or(0) as u32;
    let priority = v.get("priority").and_then(Value::as_u64).unwrap_or(3);
    let message = v
        .get("description")
        .and_then(Value::as_str)
        .unwrap_or("")
        .to_string();
    let code = v.get("rule").and_then(Value::as_str).map(str::to_string);
    ToolDiagnostic {
        tool: "pmd".into(),
        file: file.to_string(),
        line,
        col,
        severity: severity_from_priority(priority),
        code,
        message,
    }
}

/// Map PMD priority (1 = highest) to a `Severity`.
fn severity_from_priority(priority: u64) -> Severity {
    match priority {
        1 | 2 => Severity::Error,
        3 => Severity::Warning,
        _ => Severity::Info,
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parse_pmd_json_extracts_violation() {
        let json = r#"{"files":[{"filename":"A.java","violations":[{"beginline":4,"begincolumn":2,"priority":1,"rule":"UnusedImport","description":"unused import"}]}]}"#;
        let diags = parse_pmd_json(json);
        assert_eq!(diags.len(), 1);
        assert_eq!(diags[0].line, 4);
        assert_eq!(diags[0].severity, Severity::Error);
        assert_eq!(diags[0].code.as_deref(), Some("UnusedImport"));
    }

    #[test]
    fn parse_pmd_json_tolerates_garbage() {
        assert!(parse_pmd_json("not json").is_empty());
        assert!(parse_pmd_json("{}").is_empty());
    }

    #[test]
    fn severity_from_priority_buckets() {
        assert_eq!(severity_from_priority(1), Severity::Error);
        assert_eq!(severity_from_priority(3), Severity::Warning);
        assert_eq!(severity_from_priority(5), Severity::Info);
    }
}