https://wiki.expertiza.ncsu.edu/api.php?action=feedcontributions&feedformat=atom&user=Jyang23Expertiza_Wiki - User contributions [en]2026-06-05T18:13:34ZUser contributionsMediaWiki 1.41.0https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84287CSC/ECE 517 Spring 2014/oss S1402 jyy2014-04-07T04:31:52Z<p>Jyang23: /* Design Pattern */</p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
=== Database ===<br />
<br />
This is a basic relation established on the system between the place and the contact for the drop off site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
=== Framework ===<br />
<br />
In order to add the capability to manage drop off sites information from within the Sahana Eden instance, we have two options: installing a separate package, or integrating this into the Sahana Eden instance. We have decided to use the latter so that :<br />
<br />
* We don’t need to define data, like users, locations, organizations, in multiple systems.<br />
* We can use Sahana Eden’s messaging and mapping capabilities for the drop off sites in the future.<br />
* The organization module can use drop off sites records of personnel.<br />
<br />
=== Design Pattern ===<br />
<br />
We have taken two design patterns into consider during our development.<br />
<br />
* '''Factory Methods'''<br />
<br />
In the controller, we return an s3_rest_controller() method, this function provides all the Sahana Eden framework support needed to access the resource, including automatic loading of the respective model definitions. With this method, we can have a working module and be able to see the CRUD (Create, Read, Update, Delete) user interface. We could define our own methods to do CRUD of drop off site module. In that case, the code will violate DRY principle. If all contributors to Sahana have done the CRUD themselves, there will be a lot of duplication and the readability of the system will decrease. However, we can replace the deault strings within the CRUD user interface with custom strings. To be specific, we use crud_strings() method in S3 framework to do customizations.<br />
<br />
<pre><br />
def course():<br />
return s3_rest_controller()<br />
</pre><br />
<br />
* '''Oberserver'''<br />
<br />
Observer pattern is widely used in GUI systems. By the nature of Model-View-Controller(MVC) architecture, the observer pattern is used to decouple the model from the view. View represents the Observer and the model is the Observable object. This kind of framework can be enhanced in future with new observers with minimal changes.<br />
<br />
=== Component ===<br />
<br />
As shown above, we'd like to be able to record information relating to staff in each drop off site, such as how long they will be there and contact number etc. To do this, we need to build a 'link' table between the person and the drop off site. The natural way to do this within Sahana Eden is to make the link table a 'component' of the drop off site table. The drop off site is the 'primary resource', and contact person are a 'component' of the course.<br />
<br />
To realize the 'component' feature. First, we add a 'represent' function to allow a record in the drop off site table to be represented by its name.<br />
<br />
<pre><br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
</pre><br />
<br />
This code involves using Web2Py's Database Abstraction Layer (DAL) to do a SQL query.The variable db is an instance of the DAL class, which represents a database. Queries are written in a syntax that is much like a Python expression.<br />
<br />
Then, we define a 'reusable field' which can be added to other table definitions to provide a foreign key reference to the drop off site table.<br />
<br />
<pre><br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
Note that this uses the represent function which we just defined. It also adds a 'requires' validator function. This provides both server-side validation and a client-side widget (in this case a dropdown of records in the drop off site table).<br />
<br />
As to the controller, we don't need to create a separate REST controller to manage the component, since it will always be accessed via the existing drop off site controller, however we must then extend the controller with 2 new elements to allow the Sahana Eden framework to display the component: 'tabs' and an 'rheader'. Tabs are how the framework provides access to the different components in a web page for the primary resource. The 'resource header' is a section of HTML that provides a summary of the primary resource record, in this case the drop off site. This is displayed above the tabs so that when each component record is being viewed, its parent record is also visible at the same time.<br />
<br />
We can simply add the following code into the controller model. Here, rheader is simply a variable passed through the REST controller unaltered & then serialized as rheader.xml() in the views.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
</pre><br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Deliverables ==<br />
<br />
<br />
The application can be accessed with the following link: [http://152.46.16.162/eden Sahana Eden Site]<br />
<br />
We go through one use case to see how the system handles a drop off site information collection.<br />
<br />
<br />
*Accessing "DropOff Site" from the main menu<br />
<br />
[[File:Ss1.png]]<br />
<br />
<br />
* After click on the menu, we will see a welcome page first. This page gives users a brief introduction of what is drop off site and how does it works.<br />
<br />
[[File:Ss2.png]] <br />
<br />
<br />
* Click on "list of drop off site" link, we'll see a list of drop off sites with their detail information. Then we can add a new record by clicking the button "Adding a Record".<br />
<br />
[[File:Ss3.png]]<br />
<br />
<br />
* Fill in the table with detail. Notice that here when you fill in the person name, you can look up their name by enter part of their name.<br />
<br />
[[File:Ss4.png]]]<br />
<br />
<br />
* After successfully add a new record, we can go back to see the new drop off site information.<br />
<br />
[[File:Ss5.png]]<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation Web2py]<br />
<br />
* [http://diveintopython.org/ Python]<br />
<br />
* [http://docs.jquery.com/ Jquery]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/ Ext_JS 3.4.0]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84286CSC/ECE 517 Spring 2014/oss S1402 jyy2014-04-07T04:24:16Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
=== Database ===<br />
<br />
This is a basic relation established on the system between the place and the contact for the drop off site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
=== Framework ===<br />
<br />
In order to add the capability to manage drop off sites information from within the Sahana Eden instance, we have two options: installing a separate package, or integrating this into the Sahana Eden instance. We have decided to use the latter so that :<br />
<br />
* We don’t need to define data, like users, locations, organizations, in multiple systems.<br />
* We can use Sahana Eden’s messaging and mapping capabilities for the drop off sites in the future.<br />
* The organization module can use drop off sites records of personnel.<br />
<br />
=== Design Pattern ===<br />
<br />
* '''Factory Methods'''<br />
<br />
In the controller, we return an s3_rest_controller() method, this function provides all the Sahana Eden framework support needed to access the resource, including automatic loading of the respective model definitions. With this method, we can have a working module and be able to see the CRUD (Create, Read, Update, Delete) user interface. We could define our own methods to do CRUD of drop off site module. In that case, the code will violate DRY principle. If all contributors to Sahana have done the CRUD themselves, there will be a lot of duplication and the readability of the system will decrease. However, we can replace the deault strings within the CRUD user interface with custom strings. To be specific, we use crud_strings() method in S3 framework to do customizations.<br />
<br />
* '''Oberserver'''<br />
<br />
Observer pattern is widely used in GUI systems. By the nature of Model-View-Controller(MVC) architecture, the observer pattern is used to decouple the model from the view. View represents the Observer and the model is the Observable object. This kind of framework can be enhanced in future with new observers with minimal changes.<br />
<br />
=== Component ===<br />
<br />
As shown above, we'd like to be able to record information relating to staff in each drop off site, such as how long they will be there and contact number etc. To do this, we need to build a 'link' table between the person and the drop off site. The natural way to do this within Sahana Eden is to make the link table a 'component' of the drop off site table. The drop off site is the 'primary resource', and contact person are a 'component' of the course.<br />
<br />
To realize the 'component' feature. First, we add a 'represent' function to allow a record in the drop off site table to be represented by its name.<br />
<br />
<pre><br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
</pre><br />
<br />
This code involves using Web2Py's Database Abstraction Layer (DAL) to do a SQL query.The variable db is an instance of the DAL class, which represents a database. Queries are written in a syntax that is much like a Python expression.<br />
<br />
Then, we define a 'reusable field' which can be added to other table definitions to provide a foreign key reference to the drop off site table.<br />
<br />
<pre><br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
Note that this uses the represent function which we just defined. It also adds a 'requires' validator function. This provides both server-side validation and a client-side widget (in this case a dropdown of records in the drop off site table).<br />
<br />
As to the controller, we don't need to create a separate REST controller to manage the component, since it will always be accessed via the existing drop off site controller, however we must then extend the controller with 2 new elements to allow the Sahana Eden framework to display the component: 'tabs' and an 'rheader'. Tabs are how the framework provides access to the different components in a web page for the primary resource. The 'resource header' is a section of HTML that provides a summary of the primary resource record, in this case the drop off site. This is displayed above the tabs so that when each component record is being viewed, its parent record is also visible at the same time.<br />
<br />
We can simply add the following code into the controller model. Here, rheader is simply a variable passed through the REST controller unaltered & then serialized as rheader.xml() in the views.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
</pre><br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Deliverables ==<br />
<br />
<br />
The application can be accessed with the following link: [http://152.46.16.162/eden Sahana Eden Site]<br />
<br />
We go through one use case to see how the system handles a drop off site information collection.<br />
<br />
<br />
*Accessing "DropOff Site" from the main menu<br />
<br />
[[File:Ss1.png]]<br />
<br />
<br />
* After click on the menu, we will see a welcome page first. This page gives users a brief introduction of what is drop off site and how does it works.<br />
<br />
[[File:Ss2.png]] <br />
<br />
<br />
* Click on "list of drop off site" link, we'll see a list of drop off sites with their detail information. Then we can add a new record by clicking the button "Adding a Record".<br />
<br />
[[File:Ss3.png]]<br />
<br />
<br />
* Fill in the table with detail. Notice that here when you fill in the person name, you can look up their name by enter part of their name.<br />
<br />
[[File:Ss4.png]]]<br />
<br />
<br />
* After successfully add a new record, we can go back to see the new drop off site information.<br />
<br />
[[File:Ss5.png]]<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation Web2py]<br />
<br />
* [http://diveintopython.org/ Python]<br />
<br />
* [http://docs.jquery.com/ Jquery]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/ Ext_JS 3.4.0]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84285CSC/ECE 517 Spring 2014/oss S1402 jyy2014-04-07T04:16:54Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
=== Database ===<br />
<br />
This is a basic relation established on the system between the place and the contact for the drop off site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
=== Framework ===<br />
<br />
In order to add the capability to manage drop off sites information from within the Sahana Eden instance, we have two options: installing a separate package, or integrating this into the Sahana Eden instance. We have decided to use the latter so that :<br />
<br />
* We don’t need to define data, like users, locations, organizations, in multiple systems.<br />
* We can use Sahana Eden’s messaging and mapping capabilities for the drop off sites in the future.<br />
* The organization module can use drop off sites records of personnel.<br />
<br />
=== Design Pattern ===<br />
<br />
* '''Factory Methods'''<br />
<br />
In the controller, we return an s3_rest_controller() method, this function provides all the Sahana Eden framework support needed to access the resource, including automatic loading of the respective model definitions. We could define our own methods to do CRUD of drop off site module. In that case, the code will violate DRY principle. If all contributors to Sahana have done the CRUD themselves, there will be a lot of duplication and the readability of the system will decrease. However, we can replace the deault strings within the CRUD user interface with custom strings. To be specific, we use crud_strings() method in S3 framework to do customizations.<br />
<br />
* '''Oberserver'''<br />
<br />
Observer pattern is widely used in GUI systems. By the nature of Model-View-Controller(MVC) architecture, the observer pattern is used to decouple the model from the view. View represents the Observer and the model is the Observable object. This kind of framework can be enhanced in future with new observers with minimal changes.<br />
<br />
=== Component ===<br />
<br />
As shown above, we'd like to be able to record information relating to staff in each drop off site, such as how long they will be there and contact number etc. To do this, we need to build a 'link' table between the person and the drop off site. The natural way to do this within Sahana Eden is to make the link table a 'component' of the drop off site table. The drop off site is the 'primary resource', and contact person are a 'component' of the course.<br />
<br />
To realize the 'component' feature. First, we add a 'represent' function to allow a record in the drop off site table to be represented by its name.<br />
<br />
<pre><br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
</pre><br />
<br />
This code involves using Web2Py's Database Abstraction Layer (DAL) to do a SQL query.The variable db is an instance of the DAL class, which represents a database. Queries are written in a syntax that is much like a Python expression.<br />
<br />
Then, we define a 'reusable field' which can be added to other table definitions to provide a foreign key reference to the drop off site table.<br />
<br />
<pre><br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
Note that this uses the represent function which we just defined. It also adds a 'requires' validator function. This provides both server-side validation and a client-side widget (in this case a dropdown of records in the drop off site table).<br />
<br />
As to the controller, we don't need to create a separate REST controller to manage the component, since it will always be accessed via the existing drop off site controller, however we must then extend the controller with 2 new elements to allow the Sahana Eden framework to display the component: 'tabs' and an 'rheader'. Tabs are how the framework provides access to the different components in a web page for the primary resource. The 'resource header' is a section of HTML that provides a summary of the primary resource record, in this case the drop off site. This is displayed above the tabs so that when each component record is being viewed, its parent record is also visible at the same time.<br />
<br />
We can simply add the following code into the controller model. Here, rheader is simply a variable passed through the REST controller unaltered & then serialized as rheader.xml() in the views.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
</pre><br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Deliverables ==<br />
<br />
<br />
The application can be accessed with the following link: [http://152.46.16.162/eden Sahana Eden Site]<br />
<br />
We go through one use case to see how the system handles a drop off site information collection.<br />
<br />
<br />
*Accessing "DropOff Site" from the main menu<br />
<br />
[[File:Ss1.png]]<br />
<br />
<br />
* After click on the menu, we will see a welcome page first. This page gives users a brief introduction of what is drop off site and how does it works.<br />
<br />
[[File:Ss2.png]] <br />
<br />
<br />
* Click on "list of drop off site" link, we'll see a list of drop off sites with their detail information. Then we can add a new record by clicking the button "Adding a Record".<br />
<br />
[[File:Ss3.png]]<br />
<br />
<br />
* Fill in the table with detail. Notice that here when you fill in the person name, you can look up their name by enter part of their name.<br />
<br />
[[File:Ss4.png]]]<br />
<br />
<br />
* After successfully add a new record, we can go back to see the new drop off site information.<br />
<br />
[[File:Ss5.png]]<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation Web2py]<br />
<br />
* [http://diveintopython.org/ Python]<br />
<br />
* [http://docs.jquery.com/ Jquery]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/ Ext_JS 3.4.0]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84284CSC/ECE 517 Spring 2014/oss S1402 jyy2014-04-07T04:04:18Z<p>Jyang23: /* Design */</p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
=== Database ===<br />
<br />
This is a basic relation established on the system between the place and the contact for the drop off site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
=== Framework ===<br />
<br />
In order to add the capability to manage drop off sites information from within the Sahana Eden instance, we have two options: installing a separate package, or integrating this into the Sahana Eden instance. We have decided to use the latter so that :<br />
<br />
* We don’t need to define data, like users, locations, organizations, in multiple systems.<br />
* We can use Sahana Eden’s messaging and mapping capabilities for the drop off sites in the future.<br />
* The organization module can use drop off sites records of personnel.<br />
<br />
=== Design Pattern ===<br />
<br />
* '''Factory Methods'''<br />
<br />
In the controller, we return an s3_rest_controller() method, this function provides all the Sahana Eden framework support needed to access the resource, including automatic loading of the respective model definitions. We could define our own methods to do CRUD of drop off site module. In that case, the code will violate DRY principle. If all contributors to Sahana have done the CRUD themselves, there will be a lot of duplication and the readability of the system will decrease. However, we can replace the deault strings within the CRUD user interface with custom strings. To be specific, we use crud_strings() method in S3 framework to do customizations.<br />
<br />
* '''Oberserver'''<br />
<br />
Observer pattern is widely used in GUI systems. By the nature of Model-View-Controller(MVC) architecture, the observer pattern is used to decouple the model from the view. View represents the Observer and the model is the Observable object. This kind of framework can be enhanced in future with new observers with minimal changes.<br />
<br />
=== Component ===<br />
<br />
As shown above, we'd like to be able to record information relating to staff in each drop off site, such as how long they will be there and contact number etc. To do this, we need to build a 'link' table between the person and the drop off site. The natural way to do this within Sahana Eden is to make the link table a 'component' of the drop off site table. The drop off site is the 'primary resource', and contact person are a 'component' of the course.<br />
<br />
There is no need to create a separate REST controller to manage the component, since it will always be accessed via the existing drop off site controller, however we must then extend the controller with 2 new elements to allow the Sahana Eden framework to display the component: 'tabs' and an 'rheader'. Tabs are how the framework provides access to the different components in a web page for the primary resource. The 'resource header' is a section of HTML that provides a summary of the primary resource record, in this case the drop off site. This is displayed above the tabs so that when each component record is being viewed, its parent record is also visible at the same time.<br />
<br />
To realize the 'component' feature. First, we add a 'represent' function to allow a record in the drop off site table to be represented by its name.<br />
<br />
Tip: This involves using Web2Py's Database Abstraction Layer (DAL) to do a SQL query.The variable db is an instance of the DAL class, which represents a database. Queries are written in a syntax that is much like a Python expression, but not quite. Look at the Web2Py book (http://web2py.com/book) for more on the DAL.<br />
<br />
Define a 'reusable field' which can be added to other table definitions to provide a foreign key reference to the course table<br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
<br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
<br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
<br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Deliverables ==<br />
<br />
<br />
The application can be accessed with the following link: [http://152.46.16.162/eden Sahana Eden Site]<br />
<br />
We go through one use case to see how the system handles a drop off site information collection.<br />
<br />
<br />
*Accessing "DropOff Site" from the main menu<br />
<br />
[[File:Ss1.png]]<br />
<br />
<br />
* After click on the menu, we will see a welcome page first. This page gives users a brief introduction of what is drop off site and how does it works.<br />
<br />
[[File:Ss2.png]] <br />
<br />
<br />
* Click on "list of drop off site" link, we'll see a list of drop off sites with their detail information. Then we can add a new record by clicking the button "Adding a Record".<br />
<br />
[[File:Ss3.png]]<br />
<br />
<br />
* Fill in the table with detail. Notice that here when you fill in the person name, you can look up their name by enter part of their name.<br />
<br />
[[File:Ss4.png]]]<br />
<br />
<br />
* After successfully add a new record, we can go back to see the new drop off site information.<br />
<br />
[[File:Ss5.png]]<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation Web2py]<br />
<br />
* [http://diveintopython.org/ Python]<br />
<br />
* [http://docs.jquery.com/ Jquery]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/ Ext_JS 3.4.0]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84274CSC/ECE 517 Spring 2014/oss S1402 jyy2014-04-05T01:14:56Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
=== Database ===<br />
<br />
This is a basic relation established on the system between the place and the contact for the drop off site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
=== Framework ===<br />
<br />
In order to add the capability to manage drop off sites information from within the Sahana Eden instance, we have two options: installing a separate package, or integrating this into the Sahana Eden instance. We have decided to use the latter so that :<br />
<br />
* We don’t need to define data, like users, locations, organizations, in multiple systems.<br />
* We can use Sahana Eden’s messaging and mapping capabilities for the drop off sites in the future.<br />
* The organization module can use drop off sites records of personnel.<br />
<br />
=== Design Pattern ===<br />
<br />
* '''Factory Methods'''<br />
<br />
In the controller, we return an s3_rest_controller() method, this function provides all the Sahana Eden framework support needed to access the resource, including automatic loading of the respective model definitions. We could define our own methods to do CRUD of drop off site module. In that case, the code will violate DRY principle. If all contributors to Sahana have done the CRUD themselves, there will be a lot of duplication and the readability of the system will decrease. However, we can replace the deault strings within the CRUD user interface with custom strings. To be specific, we use crud_strings() method in S3 framework to do customizations.<br />
<br />
* '''Oberserver'''<br />
<br />
Observer pattern is widely used in GUI systems. By the nature of Model-View-Controller(MVC) architecture, the observer pattern is used to decouple the model from the view. View represents the Observer and the model is the Observable object. This kind of framework can be enhanced in future with new observers with minimal changes.<br />
<br />
=== Component ===<br />
<br />
As shown above, we'd like to be able to record information relating to staff in each drop off site, such as how long they will be there and contact number etc. To do this, we need to build a 'link' table between the person and the drop off site. The natural way to do this within Sahana Eden is to make the link table a 'component' of the drop off site table. The drop off site is the 'primary resource', and contact person are a 'component' of the course.<br />
<br />
There is no need to create a separate REST controller to manage the component, since it will always be accessed via the existing course controller, however we must then extend the controller with 2 new elements to allow the Sahana Eden framework to display the component: 'tabs' and an 'rheader'. Tabs are how the framework provides access to the different components in a web page for the primary resource. The 'resource header' is a section of HTML that provides a summary of the primary resource record, in this case the course. This is displayed above the tabs so that when each component record is being viewed, its parent record is also visible at the same time.<br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
<br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
<br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
<br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Deliverables ==<br />
<br />
We go through one use case to see how the system handles a drop off site information collection.<br />
<br />
<br />
*Accessing "DropOff Site" from the main menu<br />
<br />
[[File:Ss1.png]]<br />
<br />
<br />
* After click on the menu, we will see a welcome page first. This page gives users a brief introduction of what is drop off site and how does it works.<br />
<br />
[[File:Ss2.png]] <br />
<br />
<br />
* Click on "list of drop off site" link, we'll see a list of drop off sites with their detail information. Then we can add a new record by clicking the button "Adding a Record".<br />
<br />
[[File:Ss3.png]]<br />
<br />
<br />
* Fill in the table with detail. Notice that here when you fill in the person name, you can look up their name by enter part of their name.<br />
<br />
[[File:Ss4.png]]]<br />
<br />
<br />
* After successfully add a new record, we can go back to see the new drop off site information.<br />
<br />
[[File:Ss5.png]]<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation Web2py]<br />
<br />
* [http://diveintopython.org/ Python]<br />
<br />
* [http://docs.jquery.com/ Jquery]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/ Ext_JS 3.4.0]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84273CSC/ECE 517 Spring 2014/oss S1402 jyy2014-04-04T04:26:27Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
=== Database ===<br />
<br />
This is a basic relation established on the system between the place and the contact for the drop off site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
=== Framework ===<br />
<br />
In order to add the capability to manage drop off sites information from within the Sahana Eden instance, we have two options: installing a separate package, or integrating this into the Sahana Eden instance. We have decided to use the latter so that :<br />
<br />
* We don’t need to define data, like users, locations, organizations, in multiple systems.<br />
* We can use Sahana Eden’s messaging and mapping capabilities for the drop off sites in the future.<br />
* The organization module can use drop off sites records of personnel.<br />
<br />
=== Design Pattern ===<br />
<br />
* '''Factory Methods'''<br />
<br />
In the controller, we return an s3_rest_controller() method, this function provides all the Sahana Eden framework support needed to access the resource, including automatic loading of the respective model definitions. We could define our own methods to do CRUD of drop off site module. In that case, the code will violate DRY principle. If all contributors to Sahana have done the CRUD themselves, there will be a lot of duplication and the readability of the system will decrease. However, we can replace the deault strings within the CRUD user interface with custom strings. To be specific, we use crud_strings() method in S3 framework to do customizations.<br />
<br />
* '''Oberserver'''<br />
<br />
Observer pattern is widely used in GUI systems. By the nature of Model-View-Controller(MVC) architecture, the observer pattern is used to decouple the model from the view. View represents the Observer and the model is the Observable object. This kind of framework can be enhanced in future with new observers with minimal changes.<br />
<br />
=== Component ===<br />
<br />
We'd like to be able to record information relating to each participant in the course, such as whether they actually attended and what grade they attained.<br />
<br />
To do this, we need to build a 'link' table between the participants and the course.<br />
<br />
The natural way to do this within Sahana Eden is to make the link table a 'component' of the course. The course is the 'primary resource', and participants are a 'component' of the course.<br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
<br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
<br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
<br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Deliverables ==<br />
<br />
We go through one use case to see how the system handles a drop off site information collection.<br />
<br />
<br />
*Accessing "DropOff Site" from the main menu<br />
<br />
[[File:Ss1.png]]<br />
<br />
<br />
* After click on the menu, we will see a welcome page first. This page gives users a brief introduction of what is drop off site and how does it works.<br />
<br />
[[File:Ss2.png]] <br />
<br />
<br />
* Click on "list of drop off site" link, we'll see a list of drop off sites with their detail information. Then we can add a new record by clicking the button "Adding a Record".<br />
<br />
[[File:Ss3.png]]<br />
<br />
<br />
* Fill in the table with detail. Notice that here when you fill in the person name, you can look up their name by enter part of their name.<br />
<br />
[[File:Ss4.png]]]<br />
<br />
<br />
* After successfully add a new record, we can go back to see the new drop off site information.<br />
<br />
[[File:Ss5.png]]<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation Web2py]<br />
<br />
* [http://diveintopython.org/ Python]<br />
<br />
* [http://docs.jquery.com/ Jquery]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/ Ext_JS 3.4.0]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84188CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T21:39:25Z<p>Jyang23: /* Further Reading */</p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
This is a basic relation established on the system between the place and the contact for the dropoff site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
<br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
<br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
<br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Deliverables ==<br />
<br />
We go through one use case to see how the system handles a drop off site information collection.<br />
<br />
<br />
*Accessing "DropOff Site" from the main menu<br />
<br />
[[File:Ss1.png]]<br />
<br />
<br />
* After click on the menu, we will see a welcome page first. This page gives users a brief introduction of what is drop off site and how does it works.<br />
<br />
[[File:Ss2.png]] <br />
<br />
<br />
* Click on "list of drop off site" link, we'll see a list of drop off sites with their detail information. Then we can add a new record by clicking the button "Adding a Record".<br />
<br />
[[File:Ss3.png]]<br />
<br />
<br />
* Fill in the table with detail. Notice that here when you fill in the person name, you can look up their name by enter part of their name.<br />
<br />
[[File:Ss4.png]]]<br />
<br />
<br />
* After successfully add a new record, we can go back to see the new drop off site information.<br />
<br />
[[File:Ss5.png]]<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation Web2py]<br />
<br />
* [http://diveintopython.org/ Python]<br />
<br />
* [http://docs.jquery.com/ Jquery]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/ Ext_JS 3.4.0]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84187CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T21:23:46Z<p>Jyang23: /* Drop Off Site Feature */</p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
This is a basic relation established on the system between the place and the contact for the dropoff site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
<br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
<br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
<br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Deliverables ==<br />
<br />
We go through one use case to see how the system handles a drop off site information collection.<br />
<br />
<br />
*Accessing "DropOff Site" from the main menu<br />
<br />
[[File:Ss1.png]]<br />
<br />
<br />
* After click on the menu, we will see a welcome page first. This page gives users a brief introduction of what is drop off site and how does it works.<br />
<br />
[[File:Ss2.png]] <br />
<br />
<br />
* Click on "list of drop off site" link, we'll see a list of drop off sites with their detail information. Then we can add a new record by clicking the button "Adding a Record".<br />
<br />
[[File:Ss3.png]]<br />
<br />
<br />
* Fill in the table with detail. Notice that here when you fill in the person name, you can look up their name by enter part of their name.<br />
<br />
[[File:Ss4.png]]]<br />
<br />
<br />
* After successfully add a new record, we can go back to see the new drop off site information.<br />
<br />
[[File:Ss5.png]]<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation]<br />
<br />
* [http://diveintopython.org/]<br />
<br />
* [http://docs.jquery.com/]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:Ss5.png&diff=84186File:Ss5.png2014-03-31T21:22:43Z<p>Jyang23: </p>
<hr />
<div></div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:Ss4.png&diff=84185File:Ss4.png2014-03-31T21:11:52Z<p>Jyang23: DropOffSite Snapshot4</p>
<hr />
<div>DropOffSite Snapshot4</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:Ss3.png&diff=84184File:Ss3.png2014-03-31T21:11:22Z<p>Jyang23: DropOffSite Snapshot3</p>
<hr />
<div>DropOffSite Snapshot3</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:Ss2.png&diff=84183File:Ss2.png2014-03-31T21:08:28Z<p>Jyang23: DropOffSite Snapshot2</p>
<hr />
<div>DropOffSite Snapshot2</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:Ss1.png&diff=84182File:Ss1.png2014-03-31T21:06:37Z<p>Jyang23: DropOffSite Snapshot1</p>
<hr />
<div>DropOffSite Snapshot1</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84181CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T20:59:29Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
This is a basic relation established on the system between the place and the contact for the dropoff site. An organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>. A dropOffSite table has six attributes: name, flyer, comments, startTime and endTime which indicates the time period the site will be open for donation, and personId as a foreign key to person table.<br />
<br />
[[File:SahanaER.png]]<br />
<br />
== Implementation ==<br />
<br />
* Define dropOtffSite table in our new models and its relationship with person table and organization table.<br />
<br />
<pre><br />
tablename = "dosite_place"<br />
table = db.define_table(tablename,<br />
Field("name", notnull=True, length=64, label=T("Place Name")),<br />
s3db.pr_person_id(label=T("Place Contact")),<br />
Field("flyer", "upload",label=T("Flyer Propaganda")),<br />
s3_comments(),<br />
s3base.s3_date("start_date",label="Collection Start Date"),<br />
s3base.s3_date("end_date",label="Collection End Date"),<br />
*s3_meta_fields()<br />
)<br />
<br />
def place_represent(id):<br />
table = db.dosite_place<br />
query = (table.id == id)<br />
record = db(query).select().first()<br />
if record:<br />
return record.name<br />
else:<br />
return "-"<br />
<br />
place_id = S3ReusableField("place_id", db.dosite_place,<br />
requires = IS_ONE_OF(db,<br />
"dosite_place.id",<br />
"%(name)s"),<br />
represent = place_represent,<br />
label = T("Place"),<br />
ondelete = "RESTRICT")<br />
</pre><br />
<br />
* Add editable features to the the Drop Off Site list.<br />
<br />
<pre><br />
LIST_PLACE = T("List Drop-Off Sites")<br />
s3.crud_strings[tablename] = Storage(<br />
title_create = T("Add New Place"),<br />
title_display = T("Place Details"),<br />
title_list = LIST_PLACE,<br />
title_update = T("Edit Place"),<br />
title_search = T("Search Place"),<br />
title_upload = T("Import Place"),<br />
subtitle_create = T("Add New Place"),<br />
subtitle_list = T("Place"),<br />
label_list_button = LIST_PLACE,<br />
label_create_button = T("Add New Place"),<br />
label_delete_button = T("Delete Place"),<br />
msg_record_created = T("Place added"),<br />
msg_record_modified = T("Place updated"),<br />
msg_record_deleted = T("Place deleted"),<br />
msg_list_empty = T("No Place currently registered"))<br />
</pre> <br />
<br />
* Customized the view in controller so that it fits Sahana Eden's standard.<br />
<br />
<pre><br />
def place_rheader(r, tabs=[]):<br />
if r.representation != "html":<br />
# RHeader is a UI facility & so skip for other formats<br />
return None<br />
if r.record is None:<br />
# List or Create form: rheader makes no sense here<br />
return None<br />
<br />
rheader_tabs = s3_rheader_tabs(r, tabs)<br />
<br />
place = r.record<br />
<br />
rheader = DIV(TABLE(<br />
TR(<br />
TH("%s: " % T("Name")),<br />
place.name,<br />
TH("%s: " % T("Start Date")),<br />
place.start_date,<br />
)<br />
), rheader_tabs)<br />
<br />
return rheader<br />
<br />
def place():<br />
return s3_rest_controller(rheader=place_rheader)<br />
</pre><br />
<br />
== Drop Off Site Feature ==<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation]<br />
<br />
* [http://diveintopython.org/]<br />
<br />
* [http://docs.jquery.com/]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:SahanaER.png&diff=84179File:SahanaER.png2014-03-31T20:35:13Z<p>Jyang23: drop off site ER</p>
<hr />
<div>drop off site ER</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:ER.png&diff=84131File:ER.png2014-03-31T15:09:22Z<p>Jyang23: uploaded a new version of &quot;File:ER.png&quot;</p>
<hr />
<div>Sahana ER diagram</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:ER.png&diff=84130File:ER.png2014-03-31T15:08:40Z<p>Jyang23: uploaded a new version of &quot;File:ER.png&quot;</p>
<hr />
<div>Sahana ER diagram</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:ER.png&diff=84129File:ER.png2014-03-31T15:07:55Z<p>Jyang23: Sahana ER diagram</p>
<hr />
<div>Sahana ER diagram</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84127CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T14:50:29Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
== Background == <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
== Motivation ==<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
== Technique Overview == <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
=== Web2py ===<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
=== S3 Framework ===<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
== Design == <br />
<br />
This is a basic relation established on the system between the place and the contact for the dropoff site.<br />
<br />
We assign an organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>.<br />
<br />
<br />
== Implementation ==<br />
<br />
== Drop Off Site Feature ==<br />
<br />
== Future Work == <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
== Further Reading ==<br />
<br />
* [http://web2py.com/init/default/documentation]<br />
<br />
* [http://diveintopython.org/]<br />
<br />
* [http://docs.jquery.com/]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84125CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T07:42:09Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
= Background = <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters).<ref>http://sahanafoundation.org/products/eden/</ref> This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation<ref>http://sahanafoundation.org/about-us/</ref> whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
= Motivation =<br />
<br />
Sahana Eden provides a wide range of functionality. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, GIS mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
= Technique Overview = <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
== Web2py ==<br />
<br />
Web2py<ref>http://www.infoworld.com/d/application-development/pillars-python-six-python-web-frameworks-compared-169442</ref> is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller Model View Controller(MVC)] pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python<ref>https://www.python.org/</ref> was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geo-spatial Information Systems (GIS).<ref>http://www.gis.usu.edu/~chrisg/python/2009/</ref><br />
<br />
== S3 Framework ==<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework.<ref>http://en.flossmanuals.net/sahana-eden/technical-overview/</ref> This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
= Design = <br />
<br />
This is a basic relation established on the system between the place and the contact for the dropoff site.<br />
<br />
We assign an organization to each drop off sites, and one organization can have different representative for each site. Both of them are many-to-one relationship<ref>http://en.wikipedia.org/wiki/Relational_database</ref>.<br />
<br />
<br />
= Implementation =<br />
<br />
= Drop Off Site Feature =<br />
<br />
= Future Work = <br />
<br />
Based on the information we have now for Drop Off Site. We plan to add a location attribute to this table so that we can map this location information to mapping feature of Sahana. <br />
<br />
Sahana has a fully integrated mapping functionality which allows any location-based data to be visualized on a map. What we can do is to add a layer on the map. When user want to view drop off site information, one can select "Drop off sites" label besides the map, then he will see some marked location on map which indicates available sites. When we click on these marked places, information about the sites, including detailed address and contact number will be available for users in a small text field.<br />
<br />
= Further Reading = <br />
<br />
* [http://web2py.com/init/default/documentation]<br />
<br />
* [http://diveintopython.org/]<br />
<br />
* [http://docs.jquery.com/]<br />
<br />
* [http://docs.sencha.com/ext-js/3-4/]<br />
<br />
= Reference =<br />
<references/><br />
---</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84124CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T07:04:07Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
= Background = <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters). This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
= Motivation =<br />
<br />
Sahana Eden provides a wide range of functionalities. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, gis mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
= Technique Overview = <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
== Web2py ==<br />
<br />
Web2py is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the Model View Controller (MVC) pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
Because Sahana Eden needs to be accessible to users at remote locations, including the public, a browser-based solution was essential. The system also needs to be able to be used on offline laptops, so it needs to run on a lightweight stack.<br />
<br />
Python was selected as a suitable high level language allowing the rapid customization of code required for each individual circumstance yet has a large number of powerful libraries available including for Geospatial Information Systems (GIS).<br />
<br />
== S3 Framework ==<br />
<br />
The Sahana Eden Software Platform(S3) has been built around a Rapid Application Development (RAD) Framework. This provides a high level of automation to ensure that new solutions can be quickly and effectively developed. Once a database table is defined, the Sahana Eden Framework automatically generates HTML pages to handle CRUD (Create, Read, Update, Delete) as well as Search, Map and Pivot Reports. Web Services are available to import and export in XML, CSV, JSON and EXtensible Stylesheet Language (XSL) transforms are supported to produce other data standards.<br />
<br />
The Sahana Eden Framework has flexible authorization policies which can be configured to grant permissions for different modules, tables as well as the ability to have multiple Organizations control their own data on a single Sahana Eden installation.<br />
<br />
= Design = <br />
<br />
This is a basic relation established on the system between the place and the contact for the dropoff site.<br />
<br />
We assign an organization to each drop off sites, and one organization can have different representatives for each site.</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84123CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T06:48:15Z<p>Jyang23: /* Technique Overview */</p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
= Background = <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters). This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
= Motivation =<br />
<br />
Sahana Eden provides a wide range of functionalities. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, gis mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
= Technique Overview = <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}<br />
<br />
== Web2py ==<br />
<br />
Web2py is an open source framework, licensed under the LGPL version 3 License, developed and interpreted with the Python language and agile concept development that follows good software engineering practices. It is based on the Model View Controller (MVC) pattern. It also includes a Database Abstraction Layer (DAL) that writes SQL dynamically so the communication between the application and any database will be transparent. Since this framework includes various options in security, data access control, input validation on forms, it is been said that is built for security, because the framework addresses many of these issues. <br />
<br />
== S3 Framework ==</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84122CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T06:46:46Z<p>Jyang23: </p>
<hr />
<div>[[File:sahana.jpg|right]]<br />
This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
<br />
<br />
= Background = <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters). This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
= Motivation =<br />
<br />
Sahana Eden provides a wide range of functionalities. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, gis mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
= Technique Overview = <br />
<br />
The basic Sahana Eden architecture is as follows:<br />
<br />
{| border="1" class="wikitable"<br />
|-<br />
! Web Server<br />
| Apache || Other web servers can also be used, such as Cherokee.<br />
|-<br />
! Application<br />
| Sahana Eden || <br />
|-<br />
! Web Framework<br />
| Web2py || <br />
|-<br />
! Programming Language<br />
| Python & Java Script || <br />
|-<br />
! Database<br />
| MySQL, PostgreSQL, or SQLite || MySQL, PostgreSQL, and SQLite are supported. Other databases should be usable without major additional work since Web2Py supplies many connectors.<br />
|-<br />
! Operating System<br />
| Linux (Debian recommended) || Windows and Mac OS X are possible, but only recommended for single-user environments.<br />
|}</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/oss_S1402_jyy&diff=84121CSC/ECE 517 Spring 2014/oss S1402 jyy2014-03-31T06:37:31Z<p>Jyang23: Created page with "This project is developed as a contribution to Sahana Software Foundation (Eden). right = Background = Sahana Eden is an open source software project that ..."</p>
<hr />
<div>This project is developed as a contribution to Sahana Software Foundation (Eden).<br />
[[File:sahana.jpg|right]]<br />
<br />
= Background = <br />
<br />
Sahana Eden is an open source software project that provides effective solutions for critical humanitarian needs management either prior to or during a crisis (mainly disasters). This platform has a rich feature set which can be rapidly customized to adapt to existing process and integrate with existing systems. <br />
<br />
Sahana Eden’s features are designed to help emergency management practitioners to better mitigate, prepare for, respond to and recover from disasters more effectively and efficiently. With this logistic software, strategic planning and the deployment of efforts of human resources and supplies to victims is handled in an efficient manner. It coordinates the information of all the components required to relieve in some way the pain of the affected victims.<br />
<br />
Sahana Eden is supported by Sahana Software Foundation whose mission it to save lives by providing information management solutions that enable organizations and communities to better prepare for and respond to disasters. This is a voluntary community consisted of disaster management practitioners, academics, companies and students. <br />
<br />
= Motivation =<br />
<br />
Sahana Eden provides a wide range of functionalities. Its main capabilities include organization registry, project tracking, human resources management, inventory&assets tracking, assessments, shelter management, scenario&events planning, gis mapping, messaging, etc. <br />
<br />
Among all the features, inventory tracking keep records of shipments; supports multiple catalogs of items; and allow organization to manage requests, donations and warehouse. However, we found that the systems does not have place where we can track some “Drop Off Sites” for collection of supplies in minor disasters or during our daily life. These drop off sites can convenience stores, supermarket, hospitals, etc. People can donate supplies to one of these sites which might be most convenient for them and the organizations then can collect useful goods themselves. After talking with one of the managers from Sahana Software Foundation, we decide to add this new feature to the system.<br />
<br />
= Technique Overview = <br />
<br />
The basic Sahana Eden architecture is as follows:</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014&diff=84120CSC/ECE 517 Spring 20142014-03-31T06:28:49Z<p>Jyang23: </p>
<hr />
<div>*[[CSC/ECE_517_Fall_2012/example_page]]<br />
*[[CSC/ECE 517 Spring 2014/ch1a 1e rm]]<br />
*[[CSC/ECE 517 Spring 2014/ch1 1w1h jg ]]<br />
*[[CSC/ECE 517 Spring 2014/ch1 1w1b np]]<br />
*[[CSC/ECE 517 Spring 2014/ch1 1w1f mj]]<br />
*[[CSC/ECE 517 Spring 2014/ch1a 1d mm]]<br />
*[[CSC/ECE 517 Spring 2014/ch1a 1c yj]]<br />
*[[CSC/ECE 517 Spring 2014/ch1 1w1l m]]<br />
*[[CSC/ECE 517 Spring 2014/ch1 1w1m bm]]<br />
*[[CSC/ECE 517 Spring 2014/ch1a 1p fy]]<br />
*[[CSC/ECE 517 Spring 2014/oss E1401 lmn]]<br />
*[[CSC/ECE 517 Spring 2014/oss E1402 mmb]]<br />
*[[CSC/ECE 517 Spring 2014/oss E1404 mnp]]<br />
*[[CSC/ECE 517 Spring 2014/oss E1406 st]]<br />
*[[CSC/ECE 517 Spring 2014/oss S1402 jyy]]</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83323CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T04:24:15Z<p>Jyang23: </p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<ref>http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf</ref><br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues.<ref>http://brakemanscanner.org/ </ref> Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools<ref>http://getbarkeep.org/</ref>. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction.<ref>https://github.com/ooyala/barkeep/wiki/Comparing-Barkeep-to-other-code-review-tools</ref> Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time<ref>http://getbarkeep.org/</ref>.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<ref>http://www.sitepoint.com/code-metrics-and-you/</ref><br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<ref>http://www.sitepoint.com/code-metrics-and-you/</ref><br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis.<ref>http://blog.8thcolor.com/2013/09/pullreview-reach-your-ruby-code-skill-walhalla/</ref> It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods.<ref>http://blog.martyandrews.net/2008/09/roodi-checkstyle-for-ruby.html</ref> <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code<ref>http://en.wikipedia.org/wiki/Crucible_(software)</ref>. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles<ref>https://www.atlassian.com/software/crucible/overview </ref>. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review<ref>https://confluence.atlassian.com/display/CRUCIBLE/The+Crucible+workflow</ref>.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool.<ref>http://code.google.com/p/jupiter-eclipse-plugin/wiki/UserGuide</ref> It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews.<ref>http://www.reviewboard.org/</ref> It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4<ref>http://www.reviewboard.org/docs/manual/dev/users/getting-started/workflow/</ref>.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service.<ref>https://developers.google.com/appengine/articles/rietveld?hl=zh-cn</ref> It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= See Also =<br />
<br />
* [http://en.wikipedia.org/wiki/Code_review Code Review]<br />
<br />
* [http://en.wikipedia.org/wiki/Static_program_analysis Static program analysis]<br />
<br />
* [http://en.wikipedia.org/wiki/Software_inspection Software inspection]<br />
<br />
* [http://en.wikipedia.org/wiki/Debugging Debugging]<br />
<br />
* [http://en.wikipedia.org/wiki/Ruby_gems Ruby Gems]<br />
<br />
* [http://en.wikipedia.org/wiki/Ruby_(programming_language) Ruby]<br />
<br />
* [http://en.wikipedia.org/wiki/Ruby_on_Rails Ruby on Rails]<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83319CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T04:13:51Z<p>Jyang23: </p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<ref>http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf</ref><br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues.<ref>http://brakemanscanner.org/ </ref> Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools<ref>http://getbarkeep.org/</ref>. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction.<ref>https://github.com/ooyala/barkeep/wiki/Comparing-Barkeep-to-other-code-review-tools</ref> Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time<ref>http://getbarkeep.org/</ref>.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<ref>http://www.sitepoint.com/code-metrics-and-you/</ref><br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<ref>http://www.sitepoint.com/code-metrics-and-you/</ref><br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis.<ref>http://blog.8thcolor.com/2013/09/pullreview-reach-your-ruby-code-skill-walhalla/</ref> It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods.<ref>http://blog.martyandrews.net/2008/09/roodi-checkstyle-for-ruby.html</ref> <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code<ref>http://en.wikipedia.org/wiki/Crucible_(software)</ref>. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles<ref>https://www.atlassian.com/software/crucible/overview </ref>. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review<ref>https://confluence.atlassian.com/display/CRUCIBLE/The+Crucible+workflow</ref>.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool.<ref>http://code.google.com/p/jupiter-eclipse-plugin/wiki/UserGuide</ref> It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews.<ref>http://www.reviewboard.org/</ref> It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4<ref>http://www.reviewboard.org/docs/manual/dev/users/getting-started/workflow/</ref>.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service.<ref>https://developers.google.com/appengine/articles/rietveld?hl=zh-cn</ref> It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83315CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T04:10:07Z<p>Jyang23: </p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<ref>http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf</ref><br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues.<ref>http://brakemanscanner.org/ </ref> Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction.<ref>https://github.com/ooyala/barkeep/wiki/Comparing-Barkeep-to-other-code-review-tools</ref> Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time<ref>http://getbarkeep.org/</ref>.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<ref>http://www.sitepoint.com/code-metrics-and-you/</ref><br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<ref>http://www.sitepoint.com/code-metrics-and-you/</ref><br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis.<ref>http://blog.8thcolor.com/2013/09/pullreview-reach-your-ruby-code-skill-walhalla/</ref> It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods.<ref>http://blog.martyandrews.net/2008/09/roodi-checkstyle-for-ruby.html</ref> <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code<ref>http://en.wikipedia.org/wiki/Crucible_(software)</ref>. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles<ref>https://www.atlassian.com/software/crucible/overview </ref>. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review<ref>https://confluence.atlassian.com/display/CRUCIBLE/The+Crucible+workflow</ref>.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool.<ref>http://code.google.com/p/jupiter-eclipse-plugin/wiki/UserGuide</ref> It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews.<ref>http://www.reviewboard.org/</ref> It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service.<ref>https://developers.google.com/appengine/articles/rietveld?hl=zh-cn</ref> It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83312CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T04:06:15Z<p>Jyang23: /* PullReview */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<ref>http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf</ref><br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues.<ref>http://brakemanscanner.org/ </ref> Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time<ref>http://getbarkeep.org/</ref>.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis.<ref>http://blog.8thcolor.com/2013/09/pullreview-reach-your-ruby-code-skill-walhalla/</ref> It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods.<ref>http://blog.martyandrews.net/2008/09/roodi-checkstyle-for-ruby.html</ref> <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code<ref>http://en.wikipedia.org/wiki/Crucible_(software)</ref>. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles<ref>https://www.atlassian.com/software/crucible/overview </ref>. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review<ref>https://confluence.atlassian.com/display/CRUCIBLE/The+Crucible+workflow</ref>.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool.<ref>http://code.google.com/p/jupiter-eclipse-plugin/wiki/UserGuide</ref> It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews.<ref>http://www.reviewboard.org/</ref> It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service.<ref>https://developers.google.com/appengine/articles/rietveld?hl=zh-cn</ref> It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83310CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T04:04:45Z<p>Jyang23: /* Roodi */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<ref>http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf</ref><br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues.<ref>http://brakemanscanner.org/ </ref> Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time<ref>http://getbarkeep.org/</ref>.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods.<ref>http://blog.martyandrews.net/2008/09/roodi-checkstyle-for-ruby.html</ref> <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code<ref>http://en.wikipedia.org/wiki/Crucible_(software)</ref>. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles<ref>https://www.atlassian.com/software/crucible/overview </ref>. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review<ref>https://confluence.atlassian.com/display/CRUCIBLE/The+Crucible+workflow</ref>.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool.<ref>http://code.google.com/p/jupiter-eclipse-plugin/wiki/UserGuide</ref> It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews.<ref>http://www.reviewboard.org/</ref> It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service.<ref>https://developers.google.com/appengine/articles/rietveld?hl=zh-cn</ref> It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83308CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T04:02:59Z<p>Jyang23: /* Jupiter */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<ref>http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf</ref><br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues.<ref>http://brakemanscanner.org/ </ref> Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code<ref>http://en.wikipedia.org/wiki/Crucible_(software)</ref>. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles<ref>https://www.atlassian.com/software/crucible/overview </ref>. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review<ref>https://confluence.atlassian.com/display/CRUCIBLE/The+Crucible+workflow</ref>.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool.<ref>http://code.google.com/p/jupiter-eclipse-plugin/wiki/UserGuide</ref> It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews.<ref>http://www.reviewboard.org/</ref> It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service.<ref>https://developers.google.com/appengine/articles/rietveld?hl=zh-cn</ref> It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83306CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T04:01:24Z<p>Jyang23: /* Rietveld */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<ref>http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf</ref><br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues.<ref>http://brakemanscanner.org/ </ref> Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews.<ref>http://www.reviewboard.org/</ref> It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service.<ref>https://developers.google.com/appengine/articles/rietveld?hl=zh-cn</ref> It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83305CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T04:00:32Z<p>Jyang23: /* Review Board */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<ref>http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf</ref><br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues.<ref>http://brakemanscanner.org/ </ref> Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews.<ref>http://www.reviewboard.org/</ref> It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83298CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:55:19Z<p>Jyang23: /* Jupiter */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an [http://en.wikipedia.org/wiki/Xml XML] file format and maintains them in the project configuration management system alongside the source code.<ref>http://whiteboxqa.com/StudentMaterial/Books/IP-WBT-01-JavaPowerTools.pdf</ref><br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [ http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83291CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:49:06Z<p>Jyang23: /* Comparison */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [ http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Ubit || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83290CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:48:29Z<p>Jyang23: /* Comparison */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It [http://en.wikipedia.org/wiki/Parsing parses] the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks, etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that the shipped checks can also be easily configured with a [http://en.wikipedia.org/wiki/Yaml YAML] file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [ http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| MIT || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Flog<br />
| Ruby Sadists || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! Saikuro<br />
| Zev Blut || Open Source || Ruby || Ruby Gem || Free<br />
|-<br />
! PullReview<br />
| Brussels || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83283CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:38:57Z<p>Jyang23: /* Comparison */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps [http://en.wikipedia.org/wiki/Quality_assurance quality assurance] (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in [http://en.wikipedia.org/wiki/Web_server web server] or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [ http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Roodi<br />
| SmartBear || Proprietary || || Desktop Client || Paid<br />
|-<br />
! Flog<br />
| codestriker.sourceforge.net || Open Source || Pearl || Web Application || Free<br />
|-<br />
! Saikuro<br />
| codestriker.sourceforge.net || Open Source || Pearl || Web Application || Free<br />
|-<br />
! Dust<br />
| codestriker.sourceforge.net || Open Source || Pearl || Web Application || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83276CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:34:31Z<p>Jyang23: </p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code. Users can attend commits made to any [http://en.wikipedia.org/wiki/Git_(software) Git] repository, see [http://en.wikipedia.org/wiki/Diffs diffs], write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also [ http://en.wikipedia.org/wiki/Script_(computing) script] tools. It comes with a command line client and [http://en.wikipedia.org/wiki/REST REST] APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a [http://githooks.com/ git hook]. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the [http://en.wikipedia.org/wiki/Cyclomatic_complexity cyclomatic complexity] at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is [http://en.wikipedia.org/wiki/SaaS “SAAS”] solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreview sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company [https://www.atlassian.com/ Atlassian], tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with [http://en.wikipedia.org/wiki/JIRA JIRA] which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative [http://en.wikipedia.org/wiki/Eclipse_(software) Eclipse] code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* [http://en.wikipedia.org/wiki/Cross-platform Cross-platform] Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like [http://en.wikipedia.org/wiki/Bazaar_(software) Bazaar], [http://en.wikipedia.org/wiki/ClearCase ClearCase], [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS], Git, [http://en.wikipedia.org/wiki/Mercurial Mercurial], [http://en.wikipedia.org/wiki/Perforce Perforce], and [http://en.wikipedia.org/wiki/Subversion_(software) Subversion]. It can be installed on any server running [http://en.wikipedia.org/wiki/Apache Apache] or [ http://en.wikipedia.org/wiki/Lighttpd lighttpd] and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It provides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Collaborator<br />
| SmartBear || Proprietary || || Desktop Client || Paid<br />
|-<br />
! Code Striker<br />
| codestriker.sourceforge.net || Open Source || Pearl || Web Application || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Gerrit<br />
| code.google.com || Open Source || Java || Web Application || Free<br />
|-<br />
! Groogle<br />
| groogle.sourceforge.net || Open Source || PHP || Web Application || Free<br />
|-<br />
! JCR<br />
| jcodereview.sourceforge.net || Open Source || Java || Web Application || Free<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Malevich<br />
| malevich.codeplex.com || Open Source || || Web Application || Free<br />
|-<br />
! Perforce<br />
| perforce.com || Proprietary || Multiple || Both || Paid<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83271CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:28:56Z<p>Jyang23: /* Rietveld */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available.<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Collaborator<br />
| SmartBear || Proprietary || || Desktop Client || Paid<br />
|-<br />
! Code Striker<br />
| codestriker.sourceforge.net || Open Source || Pearl || Web Application || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Gerrit<br />
| code.google.com || Open Source || Java || Web Application || Free<br />
|-<br />
! Groogle<br />
| groogle.sourceforge.net || Open Source || PHP || Web Application || Free<br />
|-<br />
! JCR<br />
| jcodereview.sourceforge.net || Open Source || Java || Web Application || Free<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Malevich<br />
| malevich.codeplex.com || Open Source || || Web Application || Free<br />
|-<br />
! Perforce<br />
| perforce.com || Proprietary || Multiple || Both || Paid<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83269CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:28:37Z<p>Jyang23: /* Other Tools */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available. <br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Collaborator<br />
| SmartBear || Proprietary || || Desktop Client || Paid<br />
|-<br />
! Code Striker<br />
| codestriker.sourceforge.net || Open Source || Pearl || Web Application || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Gerrit<br />
| code.google.com || Open Source || Java || Web Application || Free<br />
|-<br />
! Groogle<br />
| groogle.sourceforge.net || Open Source || PHP || Web Application || Free<br />
|-<br />
! JCR<br />
| jcodereview.sourceforge.net || Open Source || Java || Web Application || Free<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Malevich<br />
| malevich.codeplex.com || Open Source || || Web Application || Free<br />
|-<br />
! Perforce<br />
| perforce.com || Proprietary || Multiple || Both || Paid<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83268CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:27:52Z<p>Jyang23: /* Code Review Tools for Ruby */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available. <br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Collaborator<br />
| SmartBear || Proprietary || || Desktop Client || Paid<br />
|-<br />
! Code Striker<br />
| codestriker.sourceforge.net || Open Source || Pearl || Web Application || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Gerrit<br />
| code.google.com || Open Source || Java || Web Application || Free<br />
|-<br />
! Groogle<br />
| groogle.sourceforge.net || Open Source || PHP || Web Application || Free<br />
|-<br />
! JCR<br />
| jcodereview.sourceforge.net || Open Source || Java || Web Application || Free<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Malevich<br />
| malevich.codeplex.com || Open Source || || Web Application || Free<br />
|-<br />
! Perforce<br />
| perforce.com || Proprietary || Multiple || Both || Paid<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83264CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:25:22Z<p>Jyang23: /* References */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available. <br />
<br />
<br />
= Comparison =<br />
<br />
{| border="1" class="wikitable"<br />
|+ Comparison of code review tools<br />
! <br />
! Maintainer<br />
! License<br />
! Developed In<br />
! Desktop Client vs Web App<br />
! Cost<br />
|-<br />
! Brakeman<br />
| brakemanscanner.org || Open Source || Ruby || Desktop Client || Free<br />
|-<br />
! Barkeep<br />
| Ooyala || Open Source || Ruby || Web Application || Free<br />
|-<br />
! Collaborator<br />
| SmartBear || Proprietary || || Desktop Client || Paid<br />
|-<br />
! Code Striker<br />
| codestriker.sourceforge.net || Open Source || Pearl || Web Application || Free<br />
|-<br />
! Crucible<br />
| Atlassian || Proprietary || Java || Web Application || Paid<br />
|-<br />
! Gerrit<br />
| code.google.com || Open Source || Java || Web Application || Free<br />
|-<br />
! Groogle<br />
| groogle.sourceforge.net || Open Source || PHP || Web Application || Free<br />
|-<br />
! JCR<br />
| jcodereview.sourceforge.net || Open Source || Java || Web Application || Free<br />
|-<br />
! Jupiter<br />
| code.google.com || Open Source || Java || Desktop Client (Eclipse) || Free<br />
|-<br />
! Malevich<br />
| malevich.codeplex.com || Open Source || || Web Application || Free<br />
|-<br />
! Perforce<br />
| perforce.com || Proprietary || Multiple || Both || Paid<br />
|-<br />
! Rietveld<br />
| Google App Engine || Open Source|| Python || Web Application || Free<br />
|-<br />
! Review Board<br />
| reviewboard.org || MIT || Python || Web Application || Free<br />
|}<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83263CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:13:56Z<p>Jyang23: /* References */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available. <br />
<br />
<br />
= References =<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83262CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:13:23Z<p>Jyang23: /* Code Review Tools for Python */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
<br />
== Rietveld ==<br />
<br />
Rietveld is a web-based collaborative code review tool for use with Subversion to run on Google’s cloud service. It is written by Guido van Rossum, Python creator. While this web app was primarily written to serve as a showcase for using Django with Google App Engine, the scalable infrastructure for web applications that developer helped build, serves as a useful tool for the open source community, especially the Python community. Rietveld is inspired by Mondrian, which once has been intensively used inside Google to review their code.Part of the Rietveld’s code derived from Mondrian.<br />
<br />
'''Workflow'''<br />
<br />
The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.<br />
<br />
'''Advantage'''<br />
<br />
* Simplified deployment: For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. They don’t need to find a server and run the application, as which would be required with Review Board.<br />
<br />
* Cross platform: It is extremely easy to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.<br />
<br />
* Free and open to public: Anyone can browse the system, but only users who have a Google account can add issues, comments, and conduct reviews using the tool.<br />
<br />
* Introduction to the Google App Engine interface: While Rietveld does not provide much in the way of additional functionality from Review Board, and in fact it lags Review Board in some areas, Rietveld does provide a very nice introduction to the Google App Engine interface. Developers can use the code as a template for their own ideas once Google makes more App Engine accounts available. <br />
<br />
<br />
== References ==<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83261CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:10:01Z<p>Jyang23: </p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
<br />
== References ==<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83258CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T03:07:09Z<p>Jyang23: /* Code Review Tools for Java */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
== Other Tools ==<br />
<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
==Other Tools==<br />
<br />
* [https://code.google.com/p/gerrit/ Gerrit] is a web based code review system, facilitating online code reviews for projects using the Git version control system. <br />
<br />
* [http://jcodereview.sourceforge.net/ JCR] is a web application for performing and managing formal code reviews. It can be used for reviews of any type of source code, although it has some special smarts for reviewing Java projects. It has special features to make large-scale reviews not only practical but easy and fast.<br />
<br />
* [http://www.sonarqube.org/ Sonar] is an open platform to manage code quality.<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
== References ==<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83252CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T02:55:10Z<p>Jyang23: /* Saikuro */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro looks like this:<br />
<br />
[[File:Saikuro_1.png]]<br />
<br />
* More examples can be viewed [http://saikuro.rubyforge.org/ here].<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
== Other Tools ==<br />
<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
== References ==<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/ch1_1w1f_mj&diff=83250CSC/ECE 517 Spring 2014/ch1 1w1f mj2014-02-11T02:53:08Z<p>Jyang23: /* Roodi */</p>
<hr />
<div>[http://en.wikipedia.org/wiki/Code_review Code review] is the process of evaluation of computer [http://http://en.wikipedia.org/wiki/Source_code source code], with the intention of finding and fixing faults and design errors neglected in the initial development phase. Code review helps in improving the overall quality of software and maintains the consistency in software design and implementation. The reviewer examines the code and reports the findings to the author, which helps in improving the developer’s skill.<br />
<br />
<br />
= Introduction =<br />
<br />
Code review is a phase in the software development process in which the authors of code, peer reviewers, and perhaps quality assurance (QA) testers get together to review code.<ref>http://searchsoftwarequality.techtarget.com/definition/code-review </ref> It facilitates systematic examination of source code for vulnerabilities such as buffer overflows, race conditions, memory leakage, size violations, and duplicate statements. Code review can also help in looking for security breaches to the software which requires higher security.<br />
<br />
<br />
= Types of Code review =<br />
<br />
Code review practices can be divided into the following categories.<br />
<br />
=== Formal inspections===<br />
<br />
Formal inspections refers to a heavy process with several participants sitting together to review code. The defects discovered in this process are usually recorded in great detail.<br />
<br />
=== Lightweight code review ===<br />
<br />
* Over the shoulder: An “over-the-shoulder” review is the most common and informal code review technique where the developer stands over the author’s workstation while the author walks the reviewer through a set of code changes.<br />
<br />
* Email pass around: The author bundles up all source code and sends it to reviewers. Reviewers examine the code, communicate with other developers and suggest changes via e-mail.<br />
<br />
* Pair Programming: In Pair Programming, two developers write code at the same workstation and there is continuous free-form discussion and review.<br />
<br />
* Tool assisted code review: Reviewers use specialized tools in different stages of the code review, which includes collecting files, transmitting and displaying files, commentary, and defects among all participants, collecting metrics, etc.<br />
<br />
<br />
= Code Review Tools for Ruby =<br />
<br />
== Brakeman ==<br />
<br />
Brakeman is an open source vulnerability scanner tool explicitly designed for Ruby on Rails applications. It can be used at any stage of the development to statically analyze Rails application code and find out the security issues. Brakeman carefully inspects the source code of your application and you do not need to set up your whole application stack to use it. Brakeman scans through the application code and produce a summary of all security issues it has found. Brakeman is extremely suspicious and hence sometimes it provides “false positives.” It does not finds security vulnerabilities in web server or other software as it just scans the source code and not the entire application stack.<br />
<br />
'''Advantages'''<br />
<br />
* No Configuration Necessary: Brakeman does not require any setup or configuration once it is installed.<br />
<br />
* Run It Anytime: As it’s working is based on just the source code, Brakeman can be used at any stage of the development process.<br />
<br />
* Ruby Specific: Brakeman is especially built for applications developed in Ruby on Rails, so it can easily check configuration settings for best practices.<br />
<br />
* Flexible Testing: Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.<br />
<br />
* Speed: Brakeman is much faster than other “black box” website scanners. Even large applications do not take more than a few minutes to scan.<br />
<br />
'''Example'''<br />
<br />
Here's one example of warnings Brakeman reports: SQL injection.<br />
<br />
* A Rails 3.x code segment looks like this :<br />
<br />
<pre><br />
username = params[:user][:name].downcase<br />
password = params[:user][:password]<br />
<br />
User.first.where("username = '" + username + "' AND password = '" + password + "'")<br />
</pre><br />
<br />
* Brakeman would produce a warning like this:<br />
<br />
<pre><br />
Possible SQL injection near line 37:<br />
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))<br />
</pre><br />
<br />
== Barkeep ==<br />
<br />
Barkeep is one of the friendly Code Review System which can be used by developers to keep high quality standard of code.Users can attend commits made to any Git repository, see diffs, write comments, and have those comments emailed to your fellow committers. Barkeep is unopinionated. It can be used with pre-commit or post-commit workflows, and also script tools. It comes with a command line client and REST APIs.<br />
<br />
Barkeep is a small codebase written in Ruby. It's easy to add new features and APIs as per the requirement.<br />
<br />
'''Advantages'''<br />
<br />
* Naturally supports post-commit workflows: Barkeep supports post-commit code review workflow. Here, once the part of the code of the developer is ready, he pushes it to the master, so that it becomes available to other developer to begin integrating it. Code review happens when it's conducive for the team (within 1-2 days), and any comments are addressed in future commits.<br />
<br />
* Clean User Interface: Barkeep is designed with a basic UI. The general actions, like leaving a quick comment and approving a commit, are low-friction. Also it provides various keyboard shortcuts for ease of use.<br />
<br />
* Hackable: The codebase of barkeep is small, obtainable and fun to hack on. It can be easily extended and improved with time.<br />
<br />
<br />
==Flog==<br />
<br />
Flog gives feedback about the quality of Ruby code by scoring using the [http://c2.com/cgi/wiki?AbcMetric ABC metric]: assignments, branches, calls, with particular attention placed on calls. The ABC metric is a neat measurement since it combines a lot of information in a way that we can easily understand. But this leads to one important feature of Flog, that is the score reported is very opinionated. This score is custom built to apply commonly accepted design patterns for Ruby. Therefore, we can think of Flog as a modified ABC measurement.<br />
<br />
Flog takes the following branching terms into consideration: and, case, else, if, or, rescue, until, when and while. There are other rules that add to branch total, but these are the most important. Assignments are much more simple, Flog add one to the score per assignment. Calls are defined as any instance method call that takes the flow out of the current scope.<br />
<br />
'''Advantages'''<br />
<br />
* Keep track of code complexity: Flog reports code complexity of each method. In this way, developer is able to know what code segment in the project is different to follow.<br />
<br />
* ABC metric: Flog reports ABC metric which is an easily understood measurement of code complexity.<br />
<br />
* Ruby support: It support different version of Ruby including 1.8 and 1.9 syntax.<br />
<br />
* Speed: Flog executes quite fast, which makes it perfect for a githook. A pre-commit hook which checks code complexity and returns non-zero for any score higher than 61 works quite well.<br />
<br />
'''Example'''<br />
<br />
* Original code<br />
<br />
<pre><br />
class Test<br />
def blah<br />
a = eval "1+1"<br />
if a == 2 then<br />
puts "yay"<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* What we see in Flog<br />
<br />
<pre><br />
class Test<br />
def blah # 11.2 =<br />
a = eval "1+1" # 1.2 + 6.0 +<br />
if a == 2 then # 1.2 + 1.2 + 0.4 +<br />
puts "yay" # 1.2<br />
end<br />
end<br />
end<br />
</pre><br />
<br />
* Report generated<br />
<br />
<pre><br />
Test#blah: (11.2)<br />
6.0: eval<br />
1.2: branch<br />
1.2: ==<br />
1.2: puts<br />
1.2: assignment<br />
0.4: lit_fixnum<br />
</pre><br />
<br />
== Saikuro ==<br />
<br />
Saikuro is mainly designed to analyze cyclomatic complexity, which is a graphical measurement to indicate the complexity of a program, on Ruby program. Given a source project, Saikuro will find each instance method in it, calculate its cyclomatic complexity and generate a report listing all the result according to each method found. In addition, Saikuro also counts the number of lines per method as well as the number of tokens on each line, and generate another report on that.<br />
<br />
Saikuro measures complexity, but as we all know, Ruby is a tricky language. Saikuro adds a branch when it encounters conditional statements like if, unless, while, until, for, elsif and when, but it also adds a branch if the code uses a block. This is because using a block in Ruby very often changes the control flow. Keeping the cyclomatic complexity at a low number is very essential, it ensures your code is simple to test and debug.<br />
<br />
'''Advantages'''<br />
<br />
* Cyclomatic complexity: Saikuro calculates cyclomatic complexity in a more 'Ruby' way so that it is more concise on Ruby projects.<br />
<br />
* Different kind of targets: Saikuro can be recursively used on a dir or a specific troublesome class. <br />
<br />
* Lightweight and quick: It is very similar to the code evaluation tool Flog we covered before. It is a quick reporting tool that can help users understand where they have excess complexity in their projects.<br />
<br />
'''Example'''<br />
<br />
* A report generated by Saikuro can be viewed [http://saikuro.rubyforge.org/ here].<br />
[[File:Saikuro_1.png]]<br />
<br />
<br />
== PullReview ==<br />
<br />
PullReview is an Automated Code Review Tool for Ruby developers using GitHub. PullReview is “SAAS” solution. It requires no servers to install, no extra software. Setup is very easy - Click the button, link to GitHub, and PullReview can start reviewing your branches. It provides feedback very quickly, without having to sit and wait for a colleague to come and have a look. Another important feature is that it does not keep to static analysis. It aggregates several analysis results, and points out the problems at hand – in order of impact. It also tells you ways to make your code better.<br />
<br />
'''Advantages'''<br />
<br />
* Telling You Where to Go Next: PullReview make your coding more robust, it improves you as a coder. It tells you why best practices are what they are – and where to apply them. PullReview analyzes your branches using all important metrics. It tells you what you are doing wrong and what the impact is. <br />
<br />
* Ruby Specific: Like Brakeman, Roodi is specifically built for Ruby on Rails which helps in checking composition and structure settings for best practices.<br />
<br />
* Quick Setup: No setting up of servers or installing a plethora of tools is required. Pullreviews sets up quickly and saves time.<br />
<br />
'''Example''' can be viewed [https://www.pullreview.com/site/onboarding here].<br />
<br />
== Roodi ==<br />
<br />
Roodi stands for Ruby Object Oriented Design Inferometer. It parses the Ruby code and warns about the design issues from the list configured for example Class line count check, for loop check, parameter number check, cyclomatic checks,etc. It helps in breaking down complex and long methods. <br />
<br />
'''Advantages'''<br />
<br />
* Extendable: One advantage of Roodi is that The shipped checks can also be easily configured with a YAML file, which is easy to manipulate. In that way, users are able to write customized class to add new checks. A checker class registers the types of AST nodes it’s interested and then handle the matched subtrees.<br />
<br />
'''Example Usage'''<br />
<br />
* Check all ruby files recursively under the current directory:<br />
<br />
<pre><br />
$ roodi<br />
</pre><br />
<br />
* Check all ruby files in a rails app:<br />
<br />
<pre><br />
$ roodi "rails_app/**/*.rb"<br />
</pre><br />
<br />
* Check one controller and one model file in a rails app:<br />
<br />
<pre><br />
$ roodi app/controller/sample_controller.rb app/models/sample.rb<br />
</pre><br />
<br />
* Check all ruby files in a rails app with a custom configuration file:<br />
<br />
<pre><br />
$ roodi -config=my_roodi_config.yml "rails_app/**/*.rb"<br />
</pre><br />
<br />
* For more details, please refer to [https://github.com/roodi/roodi here].<br />
<br />
== Other Tools ==<br />
<br />
<br />
<br />
= Code Review Tools for Java =<br />
<br />
== Crucible ==<br />
<br />
Crucible is a collaborative code review application developed by software company Atlassian, tailored to distributed teams, and facilitates asynchronous review and commenting on code. Crucible also articulates with prominent source control tools, such as Git and Subversion. Crucible is a flexible application that caters for a wide range of team sizes and work styles. Crucible also supports integration with JIRA which is Atlassian's issue tracking and project management application. <br />
<br />
'''Workflow '''<br />
<br />
1. Creating a Review.<br />
<br />
2. Adding content to the review.<br />
<br />
3. Performing the review<br />
<br />
4. Summarising and closing the review.<br />
<br />
''' Advantages '''<br />
<br />
* Flexible Code Review: Crucible provides configurable options to track and complete reviews - Defined workflow, Moderator, One or more participants. It also supports in-line code discussions.<br />
<br />
* Pre-commit support: It allows code review before check in which ensures that any code going into production has been reviewed. It allows code review from command line.During the pre-commit review process code is re-factored, changed, and updated. Crucible takes this into account and makes sure all files you are reviewing are easily updated and current.<br />
<br />
* Traceability: Developers have a unified view that shows all the activity in their code for commits and reviews. It supports creating filters which provides notification of code committed by new team members. The review coverage report provides information about which parts have already been reviewed and which are currently in review.<br />
<br />
* Notifications: It provides automatic or manual way of notifying reviewers who have not completed your code reviews. Crucible provides multiple features to help team stay on top of their workload.<br />
<br />
<br />
== Jupiter==<br />
<br />
Jupiter is an open source collaborative Eclipse code review tool. It uses a simple, lightweight code review process that is easy to learn and adopt. The result of a research project by the Collaborative Software Development Laboratory at the University of Hawaii, the Jupiter plug-in stores code reviews in an XML file format and maintains them in the project configuration management system alongside the source code.<br />
<br />
'''Workflow'''<br />
<br />
The code review process implemented in Jupiter is relatively simple, and it should suffice for most <br />
projects. In Jupiter, you conduct a code review in the following four stages: <br />
<br />
Configuration: The reviewer initiator sets up the review, specifies the files to be reviewed and what issues can be raised.<br />
<br />
Individual code review: Each reviewer examines the code individually, using a review checklist and raising issues as they encounter them. Jupiter saves the issues you create in XML form directly in the <br />
project directory. <br />
<br />
Team review: The review team (including the author) meet to discuss issues and decide on actions to take. This generally involves a face-to-face meeting, using Jupiter to help work through all the review issues. <br />
<br />
Rework: The developer goes through the raised issues and fixes them.<br />
<br />
Throughout the whole process, the review files are stored and updates in the source code repository, providing a history of raised issues and how they have been corrected.<br />
<br />
Jupiter is an innovative and flexible tool that helps automate peer code reviews and track issues. Until <br />
recently, it was quite unique in this domain. Of late, however, it does have a commercial competitor, <br />
Crucible, which we mentioned before.<br />
<br />
'''Advantages'''<br />
<br />
* Free: It is open source and free. Jupiter uses the CPL License.<br />
<br />
* Cross-platform: Jupiter is based upon the Eclipse plug-in architecture. It is available for all platforms supported by Eclipse.<br />
<br />
* More simply data reuse and sharing: Jupiter stores data in XML format as well as CM repository. Users of Jupiter share their data files the same way they share their code using CVS or some other CM repository.<br />
<br />
* Sorting and Filtering: Jupiter provides filters and sorting to facilitate going over the code<br />
review issues.<br />
<br />
* File integration: Jupiter has the capability to easily jump back and forth between specific<br />
review comments and the corresponding source code.<br />
<br />
<br />
=Code Review Tools for Python=<br />
<br />
== Review Board ==<br />
<br />
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It works well with small projects as well as large companies. Review Board integrates with various version control systems like Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and Subversion. It can be installed on any server running Apache or lighttpd and is free for both personal and commercial use. There is also an official commercial Review Board hosting service, RBCommons for Review Board.<br />
<br />
'''Workflow (pre-commit)'''<br />
1. Make a change to your local source tree.<br />
<br />
2. Create a review request for your new change.<br />
<br />
3. Publish the review request and wait for your reviewers to see it.<br />
<br />
4. Wait for feedback from the reviewers.<br />
<br />
5. If they’re ready for it to go in:<br />
: 5.1 Submit your change to the repository.<br />
: 5.2 Click Close ‣ Submitted on the review request action bar.<br />
<br />
6. If they’ve requested changes:<br />
: 6.1 Update the code in your tree and generate a new diff.<br />
: 6.2 Upload the new diff, specify the changes in the Change Description box, and publish.<br />
: 6.3 Jump back to step 4.<br />
<br />
'''Advantages'''<br />
<br />
* Easily track your team's review requests: The dashboard provides an up-to-the-minute overview of all the review requests. Provides easy controls to group/ sort your review requests, and see what's left to review.<br />
<br />
* Review all kinds of files: Along with code review, Review Board can also be used to review other files by the team members. You can upload screenshots of your feature, or a file showing log output of a unit test run.<br />
<br />
* All history at one place: With Review Board, the entire history of development is in one place. Each change's review request shows the entire development discussion and each iteration of the change that people have reviewed. <br />
<br />
* Helpful command-line tools and Extensible: The RBTools command line tools make it easy to quickly create review requests based on the changes in your source tree and to keep them up-to-date. The fully-featured REST and Python API provides automation and integration. It prrovides rich extension framework to add features to Review Board.<br />
<br />
== References ==<br />
<references/><br />
----</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:Saikuro1.jpg&diff=83244File:Saikuro1.jpg2014-02-11T02:43:40Z<p>Jyang23: uploaded a new version of &quot;File:Saikuro1.jpg&quot;</p>
<hr />
<div>Saikuro example</div>Jyang23https://wiki.expertiza.ncsu.edu/index.php?title=File:Saikuro1.jpg&diff=83243File:Saikuro1.jpg2014-02-11T02:42:32Z<p>Jyang23: uploaded a new version of &quot;File:Saikuro1.jpg&quot;</p>
<hr />
<div>Saikuro example</div>Jyang23