Static Code Analysis for WSO2

Doing static code analysis is a good practice. It has helped me to create more robust and maintainable code and therefore it is part of my regular routine when writing code. However, in the last few weeks i was not able to keep up that routine because i was working on the service bus parts. Although it is kept in XML files, the mediation sequences on the WSO2 service bus are code, just like the c# code for the services and APIs and the JavaScript code on the client.

A static code analysis tool for the WSO2/synapse files would have some important benefits:

  • It is much easier to check if the project/naming conventions are followed (that’s important to keep the code maintainable).
  • Since it can scan all code – even the code that’s rarely executed, it makes it easier to detect areas with code quality issues.
  • It helps to identify design issues like too complex sequences.
  • Code quality issues will be found earlier.

I searched the web for existing code analysis tools, but didn’t find any, so i decided to do a proof of concept. I created a small tool to scan a folder-structure. All rules to check are hardcoded – no configuration options. The plain text output looks like this:

CancelOrders.xml: Warning: artifact name different from filename
OrderEntry.xml: Warning: Unexpected mediator. Drop, Loopback, Respond or Send 
should be the last mediator in a sequence
error.xml: Warning: filename should end with '.sequence'
prj: Warning: artifact CancelOrder not specified in artifact.xml
0 errors, 4 warnings.

The implemented rules at this moment are a combination of the project naming conventions and some best practices as described here. This first version already helps in keeping the code base clean, but there is still a lot left to do, like:

  • detecting unused properties.
  • detecting when messages are send to a jms queue without specifying the transport as OUT_ONLY.
  • applying the testability checklist to the WSO2 code
  • calculating code metrics