Automated Java code review tools

I recently found out about ‘static analysis’ of Java code. I’ve found two of these tools that are both free and easy to use. Both provide review of java bytecode and look for common development errors and inefficiencies…
FindBugs is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons:

  • Difficult language features
  • Misunderstood API methods
  • Misunderstood invariants when code is modified during maintenance
  • Garden variety mistakes: typos, use of the wrong boolean operator

PMD scans Java source code and looks for potential problems like:

  • Possible bugs – empty try/catch/finally/switch statements
  • Dead code – unused local variables, parameters and private methods
  • Suboptimal code – wasteful String/StringBuffer usage
  • Overcomplicated expressions – unnecessary if statements, for loops that could be while loops
  • Duplicate code – copied/pasted code means copied/pasted bugs

Both integrate easily within Eclipse based (and other IDE’s) is typically done with the use of a simple plugin.

FindBugs can also run as a Java WebStart (JNLP) application, however a different UI is shown for JRE 1.4 vs. 1.5 and above (look out!).
More information:

While no tool can identify all problems, these will help you find some troublesome problems and give you areas to take a deeper look at.

Happy reviewing and fixing.

Installing Perl CGI on Apache (for Windows)

Installing Perl on a Win32 installation of Apache is trivial. Just a few short years ago (roughly the year 2000) most commercial website still ran large amounts of Perl code. Several open-source projects like BugZilla still rely on this powerful scripting language.

Here’s a few simple steps and advice to consider when the need comes to add this feature to your installation.

  1. Download Perl for Win32 – ActiveState Perl is the standard distribution to use, and installation is a snap.URL = http://www.activestate.com/Products/ActivePerl/a) Get the MSI file version as it’s executable (the AS version is a ZIP file for manual installs)

    b) The default path it chooses is “C:\Perl”, I advise that you use “c:\usr” instead as it makes it easier to port programs to and from UNIX/LINUX.

    c) The MSI installer takes care of the PATH file settings, so you should have no other work for installation.

  2. Modify the Apache httpd.conf file to enable (uncomment or add the following lines).

    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl

  3. Restart Windows to ensure that the new configuration is available to the operating system.
  4. Test your install…a) Create a new file on the server named /cgi-bin/hello.pl with the following content:

    #!/usr/bin/perl
    print “Content-type:text/html\n\n”;
    print “hello world”;

    b) Start (or restart) the Apache service.

    c) Access the file in the browser, example:

    URL = http://localhost/cgi-bin/hello.pl

    d) If everything works, you should see the words “hello world”, otherwise, if you see the source code or ‘500 Server Error’ then the config has a problem.

Happy Scripting.

Custom JavaScript error notification

Debugging JavaScript errors is a time-consuming effort requiring keen eyes and a sharp mind.

MSIE typically only gives a cryptic ‘Object Expected’ error message and little more (even with the Microsoft Script Debugger installed!).

Some tools like FireBug and the Venkman debugger (both for Mozilla/Firefox) help in this matter, but often it helps to have an alert when an issue occurs.

Here’s a simple implementation that I’ve found useful…

[script type=”text/javascript”]
window.onerror=myErrorHandler;

function myErrorHandler(msg,url,l){
var txt=”There was an error on this page.\n”;
txt+=”Error: ” + msg + “\n”;
txt+=”URL: ” + url + “\n”;
txt+=”Line: ” + l + “\n\n”;
txt+=”Click OK to continue.\n\n”;
alert(txt); return true; }
[/script]

REFERENCES:

That’s it….

java.policy file

While it’s not preferred or even ‘secure’, sometimes the need arises to ‘open’ up the Java security model.   Fortunately this is an easy task.

This is located in a file named ‘java.policy’ in the “JRE/lib/security” folder.

Default file (from JRE 1.5.0.x) resembles the following…

// Standard extensions get all permissions by default

grant codeBase “file:${{java.ext.dirs}}/*” {
permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See “http://java.sun.com/notes” for more information.
permission java.lang.RuntimePermission “stopThread”;

// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission “localhost:1024-“, “listen”;

// “standard” properies that can be read by anyone

permission java.util.PropertyPermission “java.version”, “read”;
permission java.util.PropertyPermission “java.vendor”, “read”;
permission java.util.PropertyPermission “java.vendor.url”, “read”;
permission java.util.PropertyPermission “java.class.version”, “read”;
permission java.util.PropertyPermission “os.name”, “read”;
permission java.util.PropertyPermission “os.version”, “read”;
permission java.util.PropertyPermission “os.arch”, “read”;
permission java.util.PropertyPermission “file.separator”, “read”;
permission java.util.PropertyPermission “path.separator”, “read”;
permission java.util.PropertyPermission “line.separator”, “read”;

permission java.util.PropertyPermission “java.specification.version”, “read”;
permission java.util.PropertyPermission “java.specification.vendor”, “read”;
permission java.util.PropertyPermission “java.specification.name”, “read”;

permission java.util.PropertyPermission “java.vm.specification.version”, “read”;
permission java.util.PropertyPermission “java.vm.specification.vendor”, “read”;
permission java.util.PropertyPermission “java.vm.specification.name”, “read”;
permission java.util.PropertyPermission “java.vm.version”, “read”;
permission java.util.PropertyPermission “java.vm.vendor”, “read”;
permission java.util.PropertyPermission “java.vm.name”, “read”;
};

The replacement to remove all restrictions…

grant {
permission java.security.AllPermission;
};

Just be sure to restore your settings back to ‘normal’ before visiting any untrusted websites or java applications.

Online backups

We all occasionally suffer lost of vital documents, or entire hard-drives full of them. Backups are an essential tool in preventing most loss…. but performing them is often a tedious task. Copying files and/or burning them to disk is time consuming and easily overlooked when you are overwhelmed. A few months ago I found Mozy, it provides a free, and simple interface that schedules and backs up your files online…. as such all you need to do it schedule it and forget it (of course your computer also needs to be online).

Restoring files is done through their web interface, and while it sometimes takes a few hours, you get an email notification that it’s available for download as a ZIP file.

You get 2GB for free and can purchase more… referrals get you (me in this case) an additional 256MB… please check it out at: https://mozy.com/?ref=3UEYUK

OpenDNS

I’ve used EveryDNS (free service) for years to host my DNS services.    Recently I found that they now offer public DNS service for lookups as OpenDNS.   While I still run my own private DNS server for caching and various private addresses.  I now do a simple forward lookup to their servers to gain the extra services they provide… notably Phishing  and typo protection.

Setup is very simple for most users, and even a non-technical person should have no problems following their installation instructions for a single computer/device or an entire network.
Happy networking!!!

Mozilla cache folder

Due to my UNIX background,  I’ve found it helpful, for both security and performance reasons to relocate your ‘cache’ or temporary files to a new location (Unix/Linux gurus may prefer /tmp/) here’s the simple process for doing this on a Windows machine using Firefox.

This is useful for several reasons:

* Moving many of your ‘tmp’ files/folders to a single location makes it easier to “clean house”.
* If you move ‘tmp’ to a separate drive or partition (like in UNIX), your primary drive will be less fragmented and may even show increased performance.

Firefox didn’t make this as easy to change as MSIE, but it’s a trivial matter. Find and edit the prefs.js file in your Profile directory and add the following…

user_pref(“browser.cache.disk.parent_directory”, “C:\\temp\\Mozilla”);

Alternately, you can type “about:config” in the URL/address line of the browser and add the String…

browser.cache.disk.parent_directory with a value of “C:\\temp\\Mozilla”

If you want to keep your existing cached files, you can always copy them over from the old location.

For Windows XP with MSIE6/7, the disk cache location is easily changed in the Internet Control Panel, on the General tab, Settings button. Microsoft seems to change that control panel with every new OS/browser version, but it’s generally named similarly on different configurations.

Good luck !

Windows Remote Desktop (aka Terminal Services) Port Change

There often becomes a need to remotely access/administer a Windows machine.   While I’d normally recommend using a different method such as an VNC connection over a VPN or a SSH Tunnel, you MAY get away with using the built in services.   Even so, using the default port 3389 may prove troublesome with some security mechanisms such as firewalls and proxy servers.   Here’s a simple way around it all…To change the default port for all new connections created on the Terminal Server:

  1. Run Regedt32 and go to this key:
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  2. Find the “PortNumber” subkey and notice the value of 00000D3D, hex for (3389). Modify the port number in Hex and save the new value.
    • NOTE: Ports 80 and 443 are recommended because they route well across various networks.

Good luck… now go out and find a “safer” method!

Windows file cleanup/housekeeping

Since I routinely run WAMP servers (see previous article) and develop primarily on Windows machines, I find that a lot of garbage remains on these machines. Often these files are created temporarily and not deleted and/or are created for some perceiver performance gains. Additionally, its often nice to schedule cleanup operations for times when you are not using the machine…. here’s a few common items to consider.

@echo off echo ======= DELETES =========
del /q %windir%*.log
del /q %windir%*.tmp
del /q %windir%securitylogs*.*
del /q %windir%SoftwareDistributionDataStoreLogs*.*
del /q %windir%msdownld.tmp*.*
del /q %windir%$hf_mig$*.*
del /q %TEMP%msdownld.tmp*.*
del /q %TEMP%*.dat
del /q %TEMP%*.log
del /q %TEMP%*.tmp
del /q %TEMP%*.xpi
del /q %TEMP%sess_*.*
del /q %TEMP%logs*.*
del /q c:*.log
del /q c:logs*.*
del /q /s %USERPROFILE%*.dmp
del /q /s %USERPROFILE%SIDisttemp*.*"
echo ======= Prefetch ==========
del /q %windir%Prefetch*.*
echo ======== DEFRAG ===========
%windir%system32defrag.exe c: -f -v >%TEMP%batch_defrag.txt
echo ========= done ============

Options….

echo ======== ANALOG ===========
cd c:analog6.0 analog +glocalhost.cfg
echo ========== IP =============
%windir%system32ipconfig.exe /all > %TEMP%batch_ip.txt
echo ======== NETSTAT ==========
%windir%system32netstat.exe -a > %TEMP%batch_netstat.txt

NOTE: this entry will be updated occasionally!

WAMP Servers

I often find myself administering WAMP (Windows, Apache, PHP/Perl/Python, mySQL) servers…. usually this occurs because it is better ‘supported’ (or perhaps ‘tolerated’) configuration in a corporate alternative to the more common LAMP (Linux… etc.) variety. This gives you the benefit of a centrally controlled operating system while maintaining a mostly open source server environment. Albeit with Microsoft’s poor security record, you’ll be patching it a LOT!

Many common distributions exist… here’s some helpful resources with downloads:

If you are a Java shop, you might also consider the following…

Configuration of each of these is a topic in it’s own right. If you need a shortcut to development, you may want to check out this!

Good luck!!!