Creating a SonarQube plugin for UiPath projects


(Keith Emanuel) #1

Hello!

I am a developer who works for UiPath and I’m exploring using SonarQube for doing analysis on project created using UiPath Studio. UiPath develops Robotic Process Automation (RPA) software, which makes it easy to automate mundane, repetitive tasks.

I’m looking for help in identifying what would need to be done to integrate with SonarQube. I’ve read the docs and cloned the sample plugin, but I’m not yet sure what route to take for implementation.

A UiPath Studio project lives in a directory that could look like:

SomeProject
SomeProject/project.json
SomeProject/Main.xaml
SomeProject/Init.xaml
SomeProject/SomeFolder/Login.xaml
etc...

The bulk of the analysis would be done on the XAML files, which are pretty much XML files. So I would need to inspect all of the xaml files (checking the attributes and values of each XML element) and also look at the project.json file and any other potential dependencies (ex. Excel files, images, etc…). One thing in particular is that any XAML file can invoke another XAML file, so I would need to sure that that invocation meets all prerequisites (ex. input arguments), so just a static analysis on a single file wouldn’t work there.

I’m not sure what route to take to implement this. For example, would I need to define a language? That seems a bit overkill. Or could everything live in the Plugin somewhere? Any thoughts on what would be the best way to implement this?

Some more specific questions:

  • What defines a “language”? A UiPath project is mostly a collection of XAML documents, but it could have other dependencies as well, like the project.json file. Should “UiPath” be implemented as a language?
  • Can I pass around custom objects in the Context? I would probably want to pass around an entire object of the “Project” to the analyzers. Even if it is analyzing an XML node, a rule might need to look at a property of another workflow or the project.json. Is that possible?

(Keith Emanuel) #2

Hi again. I’ve been looking through the source of other plugins to get an idea of how they’re coded. I think I still have the same sort of question as before, but more specific. If anyone can answer this it would be a huge help.

The main difference is that I need to analyze a collection of related file instead of individual. I think it would be best to create a POJO “Project” object for analysis instead looking at every file individually. The code is generated by the software, so things like line numbers are not important.

  • Does a Sensor have to check files? For example, can Sensor.execute be called on a directory, or a directory that contains a certain file? It looks like FileSystem might have the function I need to determine the path and build a Project object from the files in that directory.

  • The only other thing I would need to do is report issues. Is it possible to just build the project, do an analysis and report issues? What other integration points would I need to hit to make sure it’s working properly? Comparing some of the source code, it looks like different plugins hit different ones.

Does that make sense, or am I trying to fit a square peg into a round hole here?

Thanks!