HUAWEI CLOUD CodeArts Check IDE plug-in experience tour

1 Developer's Thoughts

In recent years, the advent of ChatGPT is like a sudden storm. The worry about whether programmers will be replaced soon appeared in the media. As a software development novice, I also fell into such deep thinking not long ago, but seriously After all, ChatGPT is just like autonomous driving. It will face the problem of who is responsible for accidents in AI scenarios. When the level of intelligence cannot completely replace humans, the driver needs to observe and deal with accidents in the car. Even if ChatGPT generates the code perfectly, it cannot be directly released as an official product without review, repair and testing by programmers. How to efficiently and accurately find credible problems of our products, here I will share with you the experience of using the HUAWEI CLOUD CodeArts Check IDE plug-in for reference.

2 Experience tour of using the CodeArts Check IDE plug-in

This time, we started our experience from the aspects of scanning and configuration to see what kind of problems can be detected and the impact of a series of localization rule configurations on detection.

The prerequisite steps are as follows:

1. Search for "CodeArts Check" in the IDE plug-in market, and click Install;
2. After the plug-in is installed, the toolkit will be downloaded automatically;
3. Wait for the tool to be installed and then use the scan directly;

scanning aspect

• We can open the project file and right-click "CodeArts Check File Check":

      

• You can also select certain files or directories in the project list and right-click "CodeArts Check File Check":

     

• If you want to check the entire project, click "CodeArts Check Project Check" in the project list or any open file;
• After the check is completed, you can view the results in the "CodeArts Check" window below. The results support three display methods and multiple filters:

     

• Click the alarm to view the specific details of the problem. According to the correct example and repair suggestion or repair preview, we can quickly repair it:

configuration

First, we need a HUAWEI CLOUD account. If you already have a HUAWEI CLOUD account, you can directly experience the standard configuration.

Log in

Click the "CodeArts Check" logo on the left sidebar, click "You are not logged in, please log in first" in the expanded interface, and then a login window will open on the right, and we can choose a HUAWEI CLOUD account to log in (this one is recommended, Others are a bit troublesome);

Click "Open" to jump directly to the browser. After confirming the authorization, select your HUAWEI CLOUD account to log in directly. After the login is successful, the configuration function entrance will be unlocked.

configuration

Click "CodeArts Check Configuration" to enter the configuration home page, as shown below:

The configuration content is mainly divided into 4 parts:

1. Whether code saving automatically triggers scanning: After checking, after editing code and saving, the plug-in will automatically scan and refresh the alarm information;

2. Shield directory: You can configure the relative directory, but it will only take effect when the "CodeArt Check project inspection" is triggered; if our project scale is relatively large or there are directories that we don't want to scan, I think this configuration is still very useful;

3. Scan directory: You can configure the relative directory, but it will only take effect when the "CodeArt Check project check" is triggered; if you only want to scan certain directories, you can use this configuration to achieve the desired effect;

4. Enabling and disabling rules: You can check or uncheck certain rules and apply them, and then scan the code to find that the alarm has changed (the following uses G.ERR.02 Do not directly capture exception base class Throwable, Exception, RuntimeException rules example);

Before disabling:

After disabling:

4 Experience Summary

After personally experiencing the HUAWEI CLOUD CodeArts Check IDE plug-in, I think its advantages are as follows (compared to this common similar software on the market):

• CodeArts Check not only has quality checks, but also detects security vulnerabilities in code, such as:

1.  May cause the program to be implanted as a Trojan horse (no legality check for all external data):
2. May lead to arbitrary code execution (transforming XML files using unsafe XSLT);
3. May cause memory to be attacked or leaked (sensitive information in memory is not cleared immediately after use);

     There are many checks like this, and they are very powerful! ! ! 

• CodeArts Check provides a variety of manual trigger scans and one-key formatting: activated single-file scanning or one-key formatting, project list single file, multiple files, single directory, multiple directories, mixed file and directory scanning or one-key formatting, Engineering scanning, etc.;
• The configuration of CodeArts Check rules can be complicated or simplified: there is a separate configuration panel, which can set the screening directory and scanning directory, enable and disable rules (also has various filters);
• CodeArts Check alarm display: There is a separate display window, especially the scanning results of a single file are more obvious, and detailed alarm details and automatic repair help are provided;
• CodeArts Check's excellent graphical interface: Basically, you can get started easily through the interface. For novices, it also provides a user-friendly guide with text + animation;

For software practitioners, I especially recommend using the "local inspection" method to provide prompts anytime and anywhere to guide us in developing high-quality code.