Yasca - Yet Another Source Code Analyzer

Creating a Plug-in 101

Posted October 3rd, 2008 by Michael Scovetta

So you’ve downloaded and installed Yasca, and like the results, but you want it to write your own plugin. This tutorial will show you how easy it is to do. First, you should understand how Yasca is designed. Yasca is basically a file scanning engine with the ability to run plug-ins that find interesting things in those files and report the results back to the engine for inclusion into the report. Everything that goes into a report comes from a plugin. (Yasca can do nothing without them.) Yasca comes with a number of plug-ins by default, including FindBugs, PMD, Jlint, and Grep. The first three are external tools that are maintained by others, but included because I think they provide great information. I wrote the Grep plugin to make it easy to create simple rules that only require regular expression matching. In the first part of this tutorial, we’ll create a new Grep plugin to search for something interesting.

Writing a New Grep Plugin

Writing a Grep plug-in requires you to have a few pieces of information (and a few more optional pieces):

the regular expression to search for, and
the category (single-line description) of the plug-in

Let’s pretend you want to search for social security numbers within a code base. Create a new file called SocialSecurityNumber.grep. The base name of the file is not important, but the extension (.grep) is. The Grep plugin actually scans for .grep files in the plug-in directory and uses each of them. Here’s the contents of SocialSecurityNumber.grep:

category = Social Security Number Found
grep = /\d{3}-\d{2}-\d{4}/

Additional parameters are also available, including:

file_type - a comma-separated list of file extensions to apply this plug-in to
category_link - a URL containing more information about this particular plug-in
severity - the severity (1=critical down to 5=informative)
description - a multi-line description of the plug-in, ending with a line containing only the string “END;”

For example, consider the a slightly modified version of the Formatting.MissingAMPM.grep pluigin:

name = Missing AM or PM in Time Format
file_type = java,jsp
grep = /hh:mm:ss\"/
category = Formatting: Missing AM/PM in Time Format
severity = 2
description =
  <p>
        When specifying time formatting in Java, the phrase "hh:mm:ss" is based on 12-hour time, so 5:00 AM and 5:00
        PM would both be rendered as "05:00:00", possibly confusing the user. Instead, use either "HH:mm:ss", which
        is based on 24-hour time, or include either AM or PM by using "hh:mm:ss a".
  </p>
  <p>
    <h4>References</h4>
     <ul>
       <li>TODO</li>
    </ul>
  </p>
END;

You can also specify multiple grep patterns, which are logically ‘ORed’ during evaluation. Place the file you created in the plugins directory and start Yasca. The Grep plugin will automatically find all .grep files within the plugins directory and use them. In our next tutorial, you’ll learn how to write more complex plugins.

Share/Save

Tags: plugin, Tutorial
Posted in Tutorial | No Comments »

Yasca v1.0 Release Party!

Posted September 30th, 2008 by Michael Scovetta

Yasca v1.0 has finally been released publicly. While there isn’t a party per se, we encourage you to throw one, and give out copies of Yasca to your friends and neighbors! Download Yasca

Share/Save

Tags: release
Posted in Major Releases | No Comments »