This presentation was held at the SharePoint Saturday Oslo, 1st of June 2013
http://spsevents.org/worldwide/Oslo/Pages/Oslo.aspx
Title: Automated Code Quality Analysis of SharePoint Solutions
Synopsis:
SharePoint development and fun do not always have much in common! Everyone who has ever developed for SharePoint in Visual Studio might know what I mean. Even a small SharePoint solution consist already of a large amount of different files (xml, cs, js, css, resx, jpg, aspx, etc) which may be structured differently depending on the preferences and experience of the developer.
Particularly the extensive XML Schema for manifest.xml, feature.xml, element.xml, Content Types, List Definitions, etc. is an endless source of surprise and cannot be debugged at all in Visual Studio. As a way out, many developers choose to develop standard SharePoint artifacts programmatically rather than following the declarative approach which make the solutions even more complex.
As a result it is really hard to analyze SharePoint solutions, find violations against the XML schema, ensure best practices, enforce coding guidelines or pinpoint performance sinks and cyclomatic dependencies of artifacts.
Neither Visual Studio nor other tools like FXCop, StyleCop etc. allow you to perform a SharePoint specific static code analysis.
This session will highlight the challenges when analyzing SharePoint code and shows a solution by demoing the SharePoint code analysis framework (SPCAF) (www.spcaf.com) which addresses this gap. Additionally you will learn how easy SPCAF can be extended by developing your own custom rules.
4. @mattein #SPCAF
What is Code Analysis?
Static vs. Dynamic
Source Code vs. Object Code
Manual vs. Automated
Coding Errors, Best Practices
Metrics
5. @mattein #SPCAF
Why is it so important for SharePoint?
Solutions / apps are black boxes
Code quality differs a lot
Solutions change (ALM)
Complexity complicates
maintainability
Farm stability / security / licensing needs to be assured
Policies / best practices are hard to enforce
6. @mattein #SPCAF
So, what the heck is SharePoint Code?
.NET code using SP API
XML Files: Manifest, Features,
Content Types, Web Templates
HTML, ASPX, ASCX
CSS, JavaScript
Resources: images, resx, document templates…
Deployment locations!
7. @mattein #SPCAF
Who needs it and why?
Is my code
correct and follows
best practices?
Developer
Will the code
harm my farm?
Administrator
Is the code
well designed and
maintainable?
Architect
Does the code
comply with
company policies
and standards?
Quality Manager
8. @mattein #SPCAF
What do we have right now?
ObjectCode FxCop / VS CA
FxCop Metrics
CAT.net
SourceCode StyleCop
SPCode SPDisposeCheck
MSOCAF
Checks against general coding errors
(not SharePoint-specific)
Calculates code metrics
(only .NET code, not SharePoint specific)
Checks coding style guidelines
(only .NET code, not SharePoint specific)
Analyses code security
(not SharePoint-specific)
Checks memory leaks
(SharePoint-specific)
Combination of FxCop and
SPDisposeCheck for SharePoint Online
9. @mattein #SPCAF
The Gap…
No tool to check all SharePoint specific Code
Analyze solution dependencies
Calculate SharePoint metrics
Show what’s inside the solution / app!
11. @mattein #SPCAF
What is in it?
Identifies coding
violations against
~400 rules
Visualizes
dependencies
between SharePoint
elements
Calculates metrics
on SharePoint Code
Creates content
reports of packages
12.
13. @mattein #SPCAF
SPCAF 4 Visual Studio
• Run SPCAF manually or on solution build
• Doubleclick results in Error List to open
the line of code
15. @mattein #SPCAF
Continuous Integration
Run SPCAF in TeamBuild as Quality Gate
• Custom Build Activity
• Supports TFS 2010/2012 and Team Foundation Service (Cloud)
Build in TFS on-premises Build in Team Foundation Services
16. @mattein #SPCAF
Client Applications
• SPCAF runs on Azure (WCF Service)
• Available Clients:
Windows 8 App Desktop Client (WPF) Web Client (Silverlight)
SPCAF on Azure
20. @mattein #SPCAF
using SPCAF.Sdk;
using SPCAF.Sdk.Rules;
using SPCAF.Sdk.Model;
using SPCAF.Sdk.Model.Extensions;
1. Create empty class library
2. Add SPCAF.SDK.dll assembly reference
3. Create class and add usings
4. Add method stub by inheriting from ”Rule”
namespace SPSOslo.Rules
{
public class FeatureNameStartsWithSPSOslo : Rule<FeatureDefinition>
{
public override void Visit(FeatureDefinition target, NotificationCollection notifications)
{}
}
}
21. @mattein #SPCAF
5. Add Rule Metadata
namespace SPSOslo.Rules
{
[RuleMetadata(typeof(Naming),
CheckId = "SPC99001",
DisplayName = "Feature name should start with SPSOslo",
Description = "A feature name should be prefixed with 'SPSOslo'.",
DefaultSeverity = Severity.Warning,
SharePointVersion = new string[] { "12", "14", "15" },
Message = "Feature '{0}' should start with 'SPSOslo'.",
Resolution = "Change the folder name of the feature and add the name at the beginning, e.g.
'SPSOslo.Intranet.Components_ContentTypesFeature'.")]
public class FeatureNameStartsWithSPSOslo : Rule<FeatureDefinition>
{
...
22. @mattein #SPCAF
7. Build and drop the assembly into SPCAF installation folder
public class FeatureNameStartsWithSPSOslo : Rule<FeatureDefinition>
{
public override void Visit(FeatureDefinition target, NotificationCollection notifications)
{
if (!target.FeatureName.StartsWith("SPSOslo"))
{
string message = string.Format(this.MessageTemplate(), target.FeatureName);
Notify(target, message, notifications);
}
}
}
6. Implement the rule
23. @mattein #SPCAF
SharePoint Code Analysis
• is important for EVERYBODY
• improves solution quality
• improves farm stability
SPCAF
• fills the tooling gap
• runs locally and in the cloud
• integrates in the ALM process
• is extensible
24. @mattein #SPCAF
Where do I get it?
Matthias Einig
@mattein
www.matthiaseinig.de
Follow us!
The SharePoint Code Quality Team
Torsten Mandelkow
@tmandelkow
blogs.msdn.com/b/torstenmandelkow
SPCAF
@spcaf
www.spcaf.com