Apex static code analysis with PMD from CLI

Introduction

For every Software Developer, producing quality and maintainable code is paramount. This article will guide you through the process of conducting Apex static code analysis with PMD from CLI. Utilizing PMD for code analysis can enhance your workflow and contribute to the resilience of your applications.

This article covers:

• Why Apex Static Code Analysis Matters
• How to Install & Setup PMD ?
• Create a ruleset.xml file for code analysis in PMD
• Apex static code analysis with PMD from CLI
• PMD commands to do Apex code analysis
• Conclusion

Why Apex Static Code Analysis Matters

Before delving into the details of utilizing PMD from CLI, it is crucial to understand the significance of code analysis in Apex development. Static code analysis enables the identification of potential issues vulnerabilities in your code without executing it. Adopting this proactive approach allows developers to identify errors early in the development lifecycle, resulting in more reliable and maintainable code.

How to Install & Setup PMD ?

• Visit the PMD website here and download the latest package.
• Extract the zip installed in your system. Example: pmd-dist-7.0.0-rc4-bin
• After extracting the zip, copy the bin folder path from the extracted folder. Example: C:\pmd-dist-7.0.0-rc4-bin\pmd-bin-7.0.0-rc4\bin
• Setup the Environment Variable by:
  • Open Environment Variable from control panel, edit PATH and add the complete location of bin folder.
  • Optionally, you can setup the path from command prompt by entering SET PATH=C:\pmd-dist-7.0.0-rc4-bin\pmd-bin-7.0.0-rc4\bin;%PATH%.

If you are facing issues to setup PMD, please read through the details document on Step by Step guide to install and setup PMD for Apex.

Note: Setting up path from command prompt using SET PATH=C:\pmd-dist-7.0.0-rc4-bin\pmd-bin-7.0.0-rc4\bin;%PATH% will temporary set the path only for the current session, you will have to repeat the this again when session expires/ system restart.

Verify PMD is installed by entering pmd in the command prompt. you should see the response similar to screenshot above.

Create a ruleset.xml file for code analysis in PMD

Open your notepad and copy paste the below xml code to get started, save the file as ruleset.xml. (You can name it anything you like)

<?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="http://pmd.sourceforge.net/ruleset/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Default ruleset used by the CodeClimate Engine for Salesforce.com Apex" xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd">
    <description> Custom Rule Set </description>

    <rule ref="category/apex/bestpractices.xml" />
    <rule ref="category/apex/documentation.xml" />
    <rule ref="category/java/errorprone.xml/EmptyCatchBlock" />

    <!--excluding some rules -->
    <rule ref="category/apex/codestyle.xml">
	<exclude name="WhileLoopsMustUseBraces"/>  
        <exclude name="IfElseStmtsMustUseBraces"/>  
    </rule>

</ruleset>

Explanation

We won’t get deep into learning how to create custom ruleset, but will give you an understanding of what is happening here.

In the rule set sample above, we mentioned the rules that we want our code to check for using <rule ref=”” /> tag. We can also mentioned rules that we want to ignore while running the static code analysis in pmd using <exclude name=”” /> tag.

Read the PMD Documentation to learn more about creating rulesets.

Apex static code analysis with PMD from CLI

Once pmd is installed and setup properly, you are all set to start analyzing you apex code with pmd rules.

Here is the list of commonly used options in the pmd toolkit, we should be aware of to make most out of it. The pmd check command requires at least one option and a list of sources.

Parameters	Required/ Optional	Details
-R <path>	Optional	Specify the path for ruleset xml file that you want to use for static code analysis.
-d or --dir <source>	Required	Mention the path of the source you want to analyze, this can be a single apex class or a folder containing apex classes
-f <format>	Optional	You can extract report of the static code analysis in formats like html, xml, json etc. Complete list here.
–aux-classpath <classpath>	Optional	Used the specify the compiled class files of the analyzed source. You can skill this for Apex, mostly used for Java.
-r or –report-file <path>	Optional	Set the path with the file name to write the output.

Note: To get the list of all the pmd command visit PMD documentation.

Sample commands to do Apex static code analysis with PMD from CLI

Example 1: Simple command to do code analysis of a single class

pmd check --dir C:\Development\MyDevOrg\mydevorg\force-app\main\default\classes\AccountData.cls -R C:\pmd-dist-7.0.0-rc4-bin\pmd-bin-7.0.0-rc4\ruleset.xml

Example 2: PMD Command to do code analysis of a folder containing Apex classes

pmd check --dir C:\Development\MyDevOrg\mydevorg\force-app\main\default\classes -R C:\pmd-dist-7.0.0-rc4-bin\pmd-bin-7.0.0-rc4\ruleset.xml

Example 3: Extract a PMD analysis report in html file, which can be shared and easy to view.

pmd.bat check --dir C:\Development\MyDevOrg\mydevorg\force-app\main\default\classes -R C:\pmd-dist-7.0.0-rc4-bin\pmd-bin-7.0.0-rc4\ruleset.xml -f html  -r C:\pmd-dist-7.0.0-rc4-bin\pmd-bin-7.0.0-rc4\output.html

Explanation

We will try to understand the command executed in Example 3 above.. Lets break down the command to understand what is happening in the background.

First, we enter the pmd.bat check command to run the PMD standard source code analyzer. There are other commands and features, which we will cover as part of some other article.

Next, we enter the complete path of the folder where all our apex classes are after the –dir option. By default apex classes are stores in force-app\main\default\classes directory.

After this, we need to mention the ruleset which we want to used to analyze the classes. We enter the ruleset path after -R option. The apex classes are reviewed for the rules mentioned in the ruleset.

We want the analysis report saved in a file, in our case an html file. For this we use the -f option to specify the html file format and -r to set the path of the file where the output is written.

There are other file formats in which we can extract the apex code analysis report like (CSV, JSON, XML etc.) You can fine the complete list of formats in PMD Documentation.

Note: The -r option mentions the path to a file to which report output is written. The file is created if it does not exist. If this option is not specified, the report is rendered to standard output (i.e. displayed in the command prompt itself).

As specified in the prompt, output.html is where complete analysis report of apex class is written. We can open this file to read/ share with the team to take further actions.

After opening the file you can see the list of all the Apex classes with their names and line numbers and the issues. You can click on the problem url, which will take you to the PMD documentation to resolve that particular issue.

Read the complete PMD documentation on using command prompt here.

Conclusion

In conclusion, mastering Apex static code analysis with PMD from CLI is a game-changer for Salesforce developers. By incorporating this powerful tool into your workflow, you can proactively identify and address potential issues, leading to more reliable and maintainable Apex code.

Make PMD a cornerstone of your code quality assurance process to empower your development team and elevate your code quality.

Feel free to copy paste the sample commands above and play around. Don’t forget to subscribe to our newsletter for more Salesforce development tips.

If you have any issues or suggestions, please feel free to use the comment section below.