How To Write a Custom Audit

Part 3: Writing the Audit

The previous part of this tutorial showed how to create an EmptyMethodRule class and the stubs required for a custom audit. This part shows the actual code for those stubs.

Together organizes audits into groups:

• Declarations (for classes, fields, methods, and so on)
• Statements (if, while, throw statements, and so on)
• Expressions (arithmetic expressions, new object creations, and so on)
• Tuples (provide access to the data flow analysis results)

The first coding step is to specify the group for the new audit.

1. The new audit belongs to the Declarations group. The constructor determines the group for the audit. Change the EmptyMethodRule constructor to a null constructor by removing its parameter list and changing the call to super. Your code should be as follows :
   
   

   public EmptyMethodRule() {
  super(DECLARATION_GRP);
}



2. You need a separate method to check for empty method bodies. Add the following isEmpty() method.
   
   

   private boolean isEmpty(AstCompoundStatement body) {
  // if the method is not abstract
  if(body != null) {
    if(body.getStatements().length == 0) {
      return true;
    }
    else {
      return false;
    }
  }
  return false;
}



   If the body is null, this is an abstract method. Skip it and return false. If the body is not null, get the statements that make up the body. If there are no statements, isEmpty() should return true. Otherwise it should return false.

   
   

3. isEmpty() requires an extra import statement (for AstCompoundStatement). Right click the source code and choose Source > Add Import. Then save the file.
   
   
4. Change checkMethod() to call isEmpty(), passing it the body of the current method.
   
   

   public void checkMethod(AstMethod arg0) {
  if(isEmpty(arg0.getBody())) {

  }
}



   The arg0 parameter represents the current method.

   
   

5. Fill in the if statement of checkMethod() to report when this audit fails. All audit failures are reported through messages to the ReportManager class. Since EmptyMethodRule extends AuditRule, it automatically connects to ReportManager. So you can use the message() inherited from AuditRule to report an audit failure.
   
   

   public void checkMethod(AstMethod arg0) {
  if(isEmpty(arg0.getBody())) {
    message(arg0);
  }
}



   The body of the if statement calls message(), passing it the current method that failed. message() handles the reporting and constructing of the audit output to the Audit Results Table.
   
   

   Caveat: As of this writing, the ReportManager class does not use the message method appropriately. The audit does work, but the "Empty Method" string must be reported in the XML file, which is described in the following part.

   
   
6. Your EmptyMethodRule source code file should now be as follows.
   
   

   import com.togethersoft.sca.ast.AstCompoundStatement;
import com.togethersoft.sca.ast.AstMethod;
import com.togethersoft.sca.plugin.audit.AuditRule;

public class EmptyMethodAudit extends AuditRule {

  public EmptyMethodAudit() {
    super(DECLARATION_GRP);
  }

  public void checkMethod(AstMethod arg0) {
    if(isEmpty(arg0.getBody())) {
       message(arg0);
    }
  }

  private boolean isEmpty(AstCompoundStatement body){
    //if the method is not abstract
    if(body != null){
       if(body.getStatements().length == 0){
         return true;
      }
      else {
         return false;
      }
    }
    return false;
  }
}