Add code-review profile (Checkstyle/PMD/SpotBugs/JaCoCo), raise coverage, and harden Chronicle Analytics
#40
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
peter-lawrey
changed the title
peter-lawrey
changed the title
code-review profile (Checkstyle/PMD/SpotBugs/JaCoCo), raise coverage, and harden Chronicle Analytics
…consistent ordering
- enforce 89.8% line and 71.42857% branch coverage\n- suppress expected PATH_TRAVERSAL_IN warnings for sanitized client-id paths
- Tighten the code-review Jacoco gates to 91.02% line / 71.43% branch - Drop Jacoco from the default build so coverage runs live only in the review profile - Bring HttpUtil.java’s Chronicle header forward to 2025
- Relax FilesUtil.sanitize so legacy '../' client-id paths resolve again - Guard the behaviour with a regression test that exercises parent segments - Add FilesUtil coverage for error handling to keep Jacoco gates passing
|
james-mcsherry
approved these changes
Nov 3, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR polishes user-facing docs, introduces an opt-in
code-reviewprofile with Chronicle’s standard quality toolchain, strengthens path handling and immutability in the analytics core, and broadens test coverage—without changing the public API or runtime behaviour.Why
What changed
Docs & housekeeping
README.adoc
[source,java]markers.New project docs under
src/main/adoc/:project-requirements.adoc(Nine-Box catalogue,CA-*IDs).security-review.adoc(data flows, risks, mitigations).Copyright headers updated to 2016–2025.
module-info.java.txtheader year updated.Removed a few stray trailing spaces/formatting inconsistencies.
Build & quality (opt-in profile)
Parent POM aligned to
net.openhft:java-parent-pom:1.27ea0.Added shared properties for Checkstyle, SpotBugs/FindSecBugs, PMD, JaCoCo, and Chronicle rules.
code-reviewprofile:Checkstyle (Chronicle rules), SpotBugs(+FindSecBugs), PMD, JaCoCo check with current project gates:
0.898, Branch coverage0.7142857.Dependencies:
spotbugs-annotations(provided) andjunit-vintage-engine(tests).Local scaffolding for suppressions:
src/main/config/spotbugs-exclude.xml(narrow, documented matches).src/main/config/pmd-exclude.properties(empty by default).Core code safety & clarity
FilesUtil
sanitize(String)→ normalises to absolute path and rejects..segments.lastPath()now uses a normalised${user.home}.AnalyticsConfiguration: tidy method layout/spacing (no behaviour change).
GoogleAnalytics3/4: continue to extend
AbstractGoogleAnalytics(no functional change); minor import tidy.VanillaAnalyticsBuilder
userProperties()/eventParameters().Analytics: minor Javadoc formatting.
HttpUtil.Sender: trivial style compacting (no functional change).
JUnitUtil and
package-infotidy-ups only.Tests (coverage uplift)
@TempDir; validates debug messages and re-use of generated ID.How to run