# SQ06C > [name=Martin. S] > [name=Lucas. C] > [name=Lukas. B] > [name=Linus. S] # Code Reviews und Static Code Analysis ### 1. Starte SonarQube und erstelle ein Projekt für deinen Code.  Im SonarQube muss nun ein Projekt erstellt werden. Man erhält ein Token welches man für den mvn Befehl zur ausführung des SonarQube benutzebn muss. Folgender befehl im Projektordner ausführen: ```java mvn clean verify sonar:sonar \ -Dsonar.projectKey=m450 \ -Dsonar.projectName='m450_applikation_testen' \ -Dsonar.host.url=http://localhost:9000 \ -Dsonar.token=sqp_88702729d324f7f0ef9401c3cab91976a7c8ed42 ``` ### 2. & 3. Analysiere deinen Code und schaue dir die Auswertung an.  1 Bugs 4 Vulnerabilities ----  ### 4. Verbessert den Code ## Bug 1: #### Alter Code: ```java @GetMapping(path = "/set/{id}") public ResponseEntity<Iterable<LearnWord>> getLearnSetWords(@PathVariable("id") Integer id) { learnSetRepository.findById(id).orElseThrow(() -> new LearnSetNotFoundException(id)); Iterable<LearnWord> words = learnWordRepository.findByLearnSetId(id); return ResponseEntity.ok(words); } ``` #### Neuer Code: ```java @GetMapping(path = "/set/{id}") public ResponseEntity<Iterable<LearnWord>> getLearnSetWords(@PathVariable("id") Integer id) { Iterable<LearnWord> words = learnWordRepository.findByLearnSetId(id); return ResponseEntity.ok(words); } ``` ## Vulnerabilities:  ### Dto's erstellt: ```java package ch.project.quizme.controller; public class LanguageDTO { private String name; public String getName() { return name; } public void setName(String name) { this.name = name; } } ``` ```java package ch.project.quizme.controller; public class LearnSetDTO { private Integer language1Id; private Integer language2Id; public Integer getLanguage1Id() { return language1Id; } public void setLanguage1Id(Integer language1Id) { this.language1Id = language1Id; } public Integer getLanguage2Id() { return language2Id; } public void setLanguage2Id(Integer language2Id) { this.language2Id = language2Id; } } ``` ### Anpassung in den Controller: ```java /** * This method creates a new language. * * @param languageDTO The language to be created. * @return Successful */ @PostMapping(path = "") public ResponseEntity<String> createLanguage(@Valid @RequestBody LanguageDTO languageDTO) { try { Language language = new Language(); language.setName(languageDTO.getName()); languageRepository.save(language); } catch (Exception e) { throw new LanguageFailedToSaveException(languageDTO.getName()); } return ResponseEntity.ok("Success: saved"); } ``` ```java @PostMapping(path = "") public ResponseEntity<String> createLearnSet(@Valid @RequestBody LearnSetDTO learnSetDTO) { if (Objects.equals(learnSetDTO.getLanguage1Id(), learnSetDTO.getLanguage2Id())) { throw new LanguageIdenticalException(learnSetDTO.getLanguage1Id(), learnSetDTO.getLanguage2Id()); } try { LearnSet learnSet = new LearnSet(); Language language1 = languageRepository.findById(learnSetDTO.getLanguage1Id()) .orElseThrow(() -> new LanguageNotFoundException(learnSetDTO.getLanguage1Id())); Language language2 = languageRepository.findById(learnSetDTO.getLanguage2Id()) .orElseThrow(() -> new LanguageNotFoundException(learnSetDTO.getLanguage2Id())); learnSet.setLanguage1(language1); learnSet.setLanguage2(language2); learnSetRepository.save(learnSet); } catch (Exception e) { throw new LearnWordFailedToSaveException(); } return ResponseEntity.ok("Success: saved"); } ``` ### Progress im SonarQube:  ### Unit tests Um die JUnit tests Coverage anzuzeigen mussten wir die pom.xml anpassen mit dem JaCoCo Plugin: ```xml <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> <!-- JaCoCo Plugin --> <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> <version>0.8.7</version> <executions> <execution> <goals> <goal>prepare-agent</goal> </goals> </execution> <execution> <id>report</id> <phase>test</phase> <goals> <goal>report</goal> </goals> </execution> </executions> </plugin> </plugins> </build> ``` Test coverage nach der anpassung der Plugins: