In this article we are going to make a static code review for salesforce Apex code using the PMD static code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. Additionally it includes CPD, the copy-paste-detector.
It will allow us to have a better quality and avoid maintenance, performance and bug problems in our Apex code. Let’s do it.
Extract the code from the org to a local directory
PMD anlyzes files in directories, then the first thing is to extract the code from our salesforce org to a local directory, to do that we’re going to use the force.com migration tool. You can find in the link how to install it in your local system, take care with the requirements. Basically you need to install Java 1.7.x or higher (better Java 8 to avoid additional configurations) and ant 1.6 or later.
Once you have installed the requirements, you are able to see the following outputs in your terminal:
Download the force.com migration tool:
Extract the zip file salesforce_ant_<version>.zip
Copy or rename the sample directory to make your configuration. Then edit the build.properties and provide the parameters to connect to your salesforce org. For sf.password provide the password concatenate with the security token, you can generate it from your settings:
I will send you a mail with the security token, then the build.properties files should look like bellow:
Then the next thing is to select the things that we want to extract from the salesforce org. It is specified in a file named package.xml. Go to unpackaged sub-directory and edit the package.xml file to provide the Apex metadata elements:
Now we have the environment configured to extract the Apex metadata related from the org. from your project directory execute the retrieveUnpackaged ant target:
Now we have in the retrieveUnpackaged directory of the project folder the code for the Apex classes and triggers.
Install PMD tool
PMD installation is just to uncompress the zip distribution file, choose the binary one, at the moment of this article the last release is 5.8.1-SNAPSHOT, but this is a pre-release available 6.0.0-SNAPSHOT, check in sourceforge pmd page to install the last one.
Analyze the code with PMD
There are different ways to do the analysis, it is possible to use the pmd.bat / run.sh pmd command located in the bin directory of the PMD installation. But we’re going to use ant to run the tasks for PMD and CPD (PMD Copy/Paster Detector). Two files are necessary build.xml
and the build.properties where we are going to define several properties (format, pmd dir…)
Once we have our files configured adapted to our environment, we can run the ant all to perform the analysis:
The results can be generated in different formats, and you can integrate this tasks in your force.com migration tool build.xml to perform a code analysis every time you do a deployment request over a sandbox.
The provided script generates an outputPMD.html file which contains the information about the rule violations:
Plus to this a duplication code report is generated in xml format in the file outputCPD.xml reporting the parts of the code duplicated across the classes.