![Page 1: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/1.jpg)
GenevaJug
#sonarqube#sonarlint
DIY:Java Static Analysis
Nicolas PERU - @benzonico
![Page 2: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/2.jpg)
Ego boost
● Nicolas PERU - @benzonico ○ Java developer@SonarSource○ Developer in language team○ Geneva Jug enthusiast○ Cycle around the Leman
![Page 3: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/3.jpg)
Sonar Java Plugin
● Back Story
![Page 4: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/4.jpg)
Challenge
Get the language.
![Page 5: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/5.jpg)
Lexical Analysis
class A { int b;}
![Page 6: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/6.jpg)
Syntactic Analysis
class A { int b;}
Keywords
Identifiers
punctuators
![Page 7: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/7.jpg)
Syntax Tree
+
3
2 1
+
1 + 2 + 3
interface BinaryExpressionTree {
ExpressionTree leftOperand();
SyntaxToken operatorToken();
ExpressionTree rightOperand();
}
![Page 8: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/8.jpg)
Semantic Analysis
class A { int b; A(int b) { this.b = b; }}
![Page 9: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/9.jpg)
Your turn now : Custom rules !
![Page 10: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/10.jpg)
Beyond Semantic: Symbolic Execution
![Page 11: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/11.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
![Page 12: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/12.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#0myObject != null
![Page 13: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/13.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#0myObject != null
Program State#1myObject != nulla = false
![Page 14: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/14.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#0myObject != null
Program State#1myObject != nulla = false
Program State#2myObject = nulla = true
![Page 15: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/15.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#2myObject = nulla = true
Program State#1myObject != nulla = false
![Page 16: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/16.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#1myObject != nulla = false
![Page 17: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/17.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#1myObject != nulla = false
Program State#3...
![Page 18: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/18.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#1myObject != nulla = false
Program State#3...
![Page 19: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/19.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#2myObject = nulla = true
Program State#1myObject != nulla = false
![Page 20: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/20.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#2myObject = nulla = true
![Page 21: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/21.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#2myObject = nulla = true
![Page 22: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/22.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString();}
Beyond Semantic: Symbolic Execution
Program State#2myObject = nulla = true
Program State#4myObject = nulla = true
![Page 23: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/23.jpg)
Object myObject = new Object();// ... if ( a ) { myObject = null; }// ... if ( !a ) { /* … */ } else { myObject.toString(); // NPE}
Beyond Semantic: Symbolic Execution
Program State#2myObject = nulla = true
Program State#4myObject = nulla = true
![Page 24: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/24.jpg)
Symbolic Execution challenges
● Complex conditions
if (a + 1 < (b * 10 - 39) ) { if ( b > a / 10 + 4 ) { … } // Always true}
![Page 25: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/25.jpg)
Symbolic Execution challenges
● Complex conditions
if (a + 1 < (b * 10 - 39) ) { if ( b > a / 10 + 4 ) { … } // Always true}
● Explosion of states
![Page 26: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/26.jpg)
Uhoh ?!
From apache vysper
![Page 27: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/27.jpg)
What’s next ?
Taint Analysis for vulnerabilities
![Page 29: DIY: #sonarlint Java Static Analysis #sonarqube · #sonarqube #sonarlint DIY: Java Static Analysis Nicolas PERU - @benzonico. Ego boost Nicolas PERU - @benzonico Java developer@SonarSource](https://reader033.vdocuments.mx/reader033/viewer/2022052720/5f08d1ab7e708231d423df68/html5/thumbnails/29.jpg)