Z PL/SQL Analyzer - ZPA

The Z PL/SQL Analyzer (or simply ZPA) is a code analyzer for PL/SQL and Oracle SQL code.

Currently you can use it in SonarQube. SonarQube is an open platform to manage code quality. This project supports SonarQube 6.7.x and newer.

See some examples in our SonarQube instance!

Soon: you'll be able to analyze code without using the SonarQube environment with zpa-cli and more.

Installation

• Download the latest sonar-plsql-open-plugin release and copy to the SONARQUBE_HOME/extensions/plugins directory;
• Restart your SonarQube server;
• Navigate to the Marketplace (SONARQUBE_URL/marketplace?filter=installed). It should list "Z PL/SQL Analyzer" on the tab "Installed Plugins";
• Run an analysis with SonarQube Scanner.

If you like to live on the bleeding edge, you can use the latest development version. Download it from the button "Artifacts" in Azure DevOps.

Contribute

Everyone is welcome to contribute. Note that no matter how you contribute, your participation is governed by our code of conduct.

There are a few things you need to know about the code. It is divided in these modules:

• its - Integration tests with SonarQube (more below).
• plsql-checks-testkit - Test helper for coding rules, it can be used to test custom rules.
• plsql-checks - The built-in coding rules provided by ZPA.
• plsql-custom-rules - Demo project showing how to extend ZPA with custom coding rules.
• sonar-plsql-open-plugin - The SonarQube plugin itself, this module contains all the code necessary to integrate with the SonarQube platform.
• zpa-core - The heart of this project. It contains the lexer, the parser and the code required to understand and process PL/SQL code.
• zpa-toolkit - A visual tool to review the AST (abstract syntax tree) generated by the parser.

The API exposed to custom plugins must be located in the package org.sonar.plugins.plsqlopen.api (it's a requirement from the SonarQube server). The classes located outside this package are not prepared for external consumption, so if you use them, your code can break without any further notice.

If you're interested in a stable API to integrate ZPA with another software, please open an issue or contact us directly explaining your needs.

Running the integration tests

There are two sets of integration tests:

• plugin: checks if the metrics are imported correctly in SonarQube
• ruling: checks the quality of parser and rules against real-world code

To run the integrations tests, update the submodules:

git submodule update --init --recursive

Build the main plugin and the custom rules example:

./mvnw clean install
./mvnw -f plsql-custom-rules/pom.xml package

Download the Oracle HTML documentation to any folder.

Then run the tests:

./mvnw test -Pit -DoracleDocs="path/to/oracle-database_19.zip"

By default the tests will be executed using SonarQube 6.7.x LTS. You can change the SonarQube version using the property sonar.runtimeVersion, passing the specific version or one of LATEST_RELEASE[6.7] (for SonarQube 6.7.x LTS), LATEST_RELEASE (latest official release) or DEV (unstable version, in development):

./mvnw test -Pit -DoracleDocs="path/to/oracle-database_19.zip" -Dsonar.runtimeVersion=7.7