Lose jscpd, gain pmd-cpd

* jscpd was failing on larger codebases, and the reporter wasn't packaged in HomeBrew * pmd was waiting in the wings anyway * renamed the csv2sarif utility to make it easier to call
simpsonjulian · Oct 23, 2024 · c6f394f · c6f394f
1 parent c493288
commit c6f394f
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 34 deletions.
diff --git a/acceptance.sh b/acceptance.sh
@@ -16,6 +16,5 @@ brew install semgrep \
     bearer/tap/bearer
 
 pipx install sarif-tools
-npm install -g jscpd-sarif-reporter
 
 ./statica WebGoat html
diff --git a/csv2sarif.rb → csv2sarif b/csv2sarif.rb → csv2sarif
diff --git a/tools.d/churn b/tools.d/churn
@@ -4,17 +4,13 @@ which git > /dev/null || exit 1
 
 source=$1
 tmpdir=$(mktemp -d)
+brew_prefix=$(brew --prefix)
+
 OUTPUT="${tmpdir}/churned"
 CSV="${tmpdir}/findings.csv"
 TOP_N_CHURNED_FILES=10
 touch $CSV
 
-if [ -x "./csv2sarif.rb" ]; then
-  csv2sarif="./csv2sarif.rb"
-else
-  csv2sarif="csv2sarif"
-fi
-
 git -C "${source}" log --format=format: --name-only --since=12.month \
  | grep -Ev '^$' \
  | sort \
@@ -27,7 +23,7 @@ while read -r filename _commits; do
   printf "%s,%s,%s,%s,%s,%s\n" "top-file-churns" "note" "File has been committed to frequently. This may indicate design issues." "${filename}" 0 0 >> "$CSV"
 done < "${OUTPUT}"
 
-$csv2sarif "churn" "$(git --version)" "$CSV"
+PATH="${brew_prefix}/opt/statica/libexec:.:$PATH" csv2sarif "churn" "$(git --version)" "$CSV"
 
 # clean up
 rm -rf "${tmpdir}"
diff --git a/tools.d/jscpd b/tools.d/jscpd
diff --git a/tools.d/lizard b/tools.d/lizard
@@ -5,11 +5,7 @@ which lizard > /dev/null || exit 1
 
 source=$1
 tmpdir=$(mktemp -d)
-if [ -x "./csv2sarif.rb" ]; then
-  csv2sarif="./csv2sarif.rb"
-else
-  csv2sarif="csv2sarif"
-fi
+brew_prefix=$(brew --prefix)
 
 choose() {
   local input=$1
@@ -23,12 +19,12 @@ lizard -w -o "${result}" "${source}" || true
 
 [ -s "$result" ] || exit 1
 
-awk -F':' '{print $2,$3, $1}' "${result}"| while read -r startline severity filename ; do
+awk -F':' '{print $2,$3, $1}' "${result}" | while read -r startline severity filename ; do
   printf "%s,%s,%s,%s,%s,%s\n" "complexity-above-15" "${severity}" "Function has a cyclomatic complexity value higher than 15" \
   "${filename}"  "${startline}"  0 >> "${tmpdir}"/findings.csv
 done
 
-$csv2sarif "lizard" "$(lizard --version)" "${tmpdir}/findings.csv"
+PATH="${brew_prefix}/opt/statica/libexec:.:$PATH" csv2sarif "lizard" "$(lizard --version)" "${tmpdir}/findings.csv"
 
 # clean up
 rm -rf "${tmpdir}"
diff --git a/tools.d/pmd-cpd b/tools.d/pmd-cpd
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -euo pipefail
+which pmd > /dev/null || exit 1
+
+source=$1
+pmd_version=$(pmd --version | grep PMD | awk '{print $2}')
+brew_prefix=$(brew --prefix)
+set -eo pipefail
+
+tmpdir=$(mktemp -d)
+
+
+for language in cpp cs java python ruby typescript; do
+    pmd cpd --minimum-tokens=100 -l $language -d "$source" --no-fail-on-error --ignore-identifiers -f csv | \
+    grep -v "lines,tokens,occurrences" \
+    >> "${tmpdir}/output.csv" || true
+done
+
+awk -F ',' '{print $1, $4, $5}' "${tmpdir}/output.csv" | while read -r lines start_line file; do
+    end_line=$(($start_line + $lines))
+    printf "duplication,note,code duplication found in source files,%s,%s,%s\n" "${file}" "${start_line}" "${end_line}"  >> "${tmpdir}/findings.csv"
+done
+
+PATH="${brew_prefix}/opt/statica/libexec:.:$PATH" csv2sarif "pmd-cp" "${pmd_version}" "${tmpdir}/findings.csv"
+
+rm -rf "${tmpdir}"