COBOL
COBOL analysis is available starting in Enterprise Edition and is supported by SonarLint for VS Code and SonarLint for Eclipse when running in Connected Mode.
Language-specific properties
You can discover and update the COBOL-specific properties in: Administration > General Settings > Languages > COBOL
Source code extraction
In order to analyze your source code with SonarQube you need to first extract it onto a filesystem. You can use your own tool or an open-source tool; SonarSource does not provide any connectors or source code extraction tools.
Advanced configuration
Defining source code format
The supported source code formats are:
- Fixed format
- Free format
- Variable format
To set the format, go to Administration > General Settings > COBOL and set the "Source format" property.
The fixed format has three main areas:
Areas #1 and #3 contain non-significant characters. Area #2 contains the source code. The first character of Area #2 is the Indicator Area, which has a special meaning (for instance *
means that the line is a comment line, D
means that the line is only taken into account in debug mode, etc.).
The free format:
The Indicator Area that has a special meaning (for instance *
means that the line is a comment line, D
means that the line is only taken into account in debug mode, etc.) is located at column 0. The size of the source code area is not limited.
Variable format is also supported: it's similar to the fixed format but without Area #3.
Defining COBOL dialect
Go to Administration > General Settings > COBOL and set the "Dialect" property.
COBOL analysis supports the following dialects:
bull-gcos-cobol
hp-tandem-cobol
ibm-os/vs-cobol
ibm-ile-cobol
ibm-cobol/ii
ibm-cobol/400
ibm-enterprise-cobol
microfocus-cobol
microfocus-acucobol-gt-cobol
opencobol/cobol-it
Making copybooks available to the analysis
Copybooks are, by definition, COBOL files that are not syntactically valid by themselves. However, copybooks are usually needed to properly parse COBOL programs. Thus, paths to the copybooks must be listed through the sonar.cobol.copy.directories
property.
Raising issues against copybooks
To have copybooks imported into a project, and issues logged against them, the copybook directories must be added to sonar.sources
AND the copybook file suffixes must be added to sonar.cobol.file.suffixes
. E.G.:
In the case where a number of projects share a common set of copybooks, it may not be desirable to increment each project’s technical debt with the issues from the common copybooks. In such cases, the directory holding the common copybooks should be listed in sonar.cobol.copy.directories
(as before) but left out of sonar.sources, E.G.:
Analyzing without file suffixes
Note that it is possible to analyze a COBOL project without file suffixes. To do this, remove the two suffix-related properties from your configuration and substitute the following setting for sonar.lang.patterns.cobol
:
sonar.lang.patterns.cobol=**/*
Switching off Issues
There are three ways to switch off issues:
- Flagging issues as false positive
- Ignoring the issues
- Using the
NOSONAR
tag. To switch off an issue, place theNOSONAR
tag in a comment line located right before the line containing the issue. Example:
ACUCOBOL-GT source code control directives
COBOL analysis supports the ACUCOBOL-GT’s Source Code Control directives. This mechanism allows you to conditionally modify the program at compile time by excluding or including lines. This can be used to maintain different versions of the program, perhaps to support different machine environments.
The -Si
(include) flag controls the actions of the source code control system. It must be followed by an argument that specifies a pattern that the compiler will search for in the Identification Area of each source line. If the pattern is found, then the line will be included in the source program, even if it is a comment line. However, if the pattern is immediately preceded by an exclamation point, then the line will be excluded from the source (i.e., commented out).
The -Sx
(exclude) flag works the same way except that its meaning is reversed (lines with the pattern will be commented out and lines with a preceding exclamation point will be included).
For example, suppose a program is being maintained for both the UNIX and VMS environments. The following piece of code is in the program:
This program fragment is ready to be compiled for the VMS system. If a UNIX version is desired, then the following flags will correct the source during compilation:
Please consult the ACUCOBOL-GT documentation for more on the mechanism.
There are two ways in SonarQube to specify the list of ACUCOBOL-GT flags to be used in order to preprocess the source code. The first option is to define a list of global flags which will be used to preprocess all source files. This can be done in the Administration > General Settings > COBOL > Preprocessor.
The second option is to provide a list of relative paths (with help of the ‘sonar.cobol.acucobol.preprocessor.directives.directories’ property) which contain the list of flags to be used for each COBOL source file. Let’s take a simple example. If a file ‘MYPROGRAM.CBL’ is going to be processed, the SonarQube ACUCOBOL-GT preprocessor, will try to find a file ‘MYPROGRAM.CMD’. If this file is found, then the flags contained in this file is going to be used to preprocess the program ‘MYPROGRAM.CBL’. If the file ‘MYPROGRAM.CMD’ doesn’t exist, then the preprocess will use the content of the file ‘DEFAULT.CMD’ if exists.
Microfocus compiler constants
If your code takes advantage of conditional compilation features provided by Microfocus, you may have to configure compiler constants for your analysis.
For example, if your COBOL code looks like this:
Go to Project Administration > General Settings > COBOL and declare each constant by name with associated value.
Defining the constant via sonar.cobol.compilationConstant.[constant name here]
in sonar-project.properties is deprecated since version 4.5 of the COBOL analyzer.
Database Catalog (DB2)
COBOL analysis offers rules which target embedded SQL statements and require the analyzer to have knowledge of the database catalog (E.G. the primary key column(s) of a given table). These rules will raise issues only if the database catalog is provided to the analysis. For the moment, this is available only for IBM DB2 (z/OS) catalogs, and the catalog must be provided via a set of CSV ("Comma Separated Values") files.
These rules rely on two analysis properties:
Key | Description |
sonar.cobol.sql.catalog.csv.path | relative path of the directory containing CSV files for the database catalog |
sonar.cobol.sql.catalog.defaultSchema | comma-separated list of default database schemas used in embedded SQL statements |
sonar.cobol.sql.catalog.csv.path
should define a directory that contains 8 CSV files. Each of these CSV files contains data for a specific DB2 catalog table and is named after it. The following table lists the required files and their respective mandatory columns. Additional columns may be listed, but will be ignored:
Table | File name | Required Columns |
SYSIBM.SYSCOLUMNS | SYSCOLUMNS.csv | TBNAME ,TBCREATOR ,NAME ,PARTKEY_COLSEQ ,DEFAULT ,NULLS ,DEFAULTVALUE |
SYSIBM.SYSINDEXES | SYSINDEXES.csv | NAME ,CREATOR ,TBNAME ,TBCREATOR ,UNIQUERULE ,INDEXTYPE |
SYSIBM.SYSINDEXPART | SYSINDEXPART.csv | IXNAME ,IXCREATOR ,PARTITION |
SYSIBM.SYSKEYS | SYSKEYS.csv | IXNAME ,IXCREATOR ,COLNAME ,COLSEQ |
SYSIBM.SYSSYNONYMS | SYSSYNONYMS.csv | NAME ,CREATOR ,TBNAME ,TBCREATOR |
SYSIBM.SYSTABLES | SYSTABLES.csv | NAME ,CREATOR ,TYPE ,PARTKEYCOLNUM ,TSNAME ,DBNAME ,TBNAME ,TBCREATOR ,CARDF |
SYSIBM.SYSTABLESPACE | SYSTABLESPACE.csv | NAME ,DBNAME ,PARTITIONS |
SYSIBM.SYSVIEWS | SYSVIEWS.csv | NAME ,CREATOR ,STATEMENT |
The CSV format is the following:
- Each file must be named for the table it represents.
- The first line must contain the exact names of the columns.
- The order of the columns is not meaningful.
- Fields are comma-delimited.
- If a field contains a comma, then its value must be surrounded by double quotes (").
- If a field that is surrounded by double quotes contains a double quote character ("), then this character must be doubled ("").
Example for SYSVIEWS.csv
:
The UNLOAD
DB2 utility with the DELIMITED
option should produce the required files except for the column names on the first line.
Custom rules
Overview
The COBOL analyzer parses the source code, creates an Abstract Syntax Tree (AST) and then walks through the entire tree. A coding rule can subscribe to be notified every time a node of a certain type is visited.
As soon as the coding rule is notified, it can navigate the tree around the node and raise issues if necessary.
Writing a plugin
Writing new COBOL coding rules is a six-step process:
- Create a standard SonarQube plugin.
- Attach this plugin to the SonarQube COBOL analyzer (see the
pom.xml
file of the provided sample plugin project). - Create as many custom COBOL coding rules as required by extending
com.sonarsource.api.ast.CobolCheck
and add them to the previous repository. - Generate the SonarQube plugin (jar file).
- Place this jar file in the
<sonarqubeHome>/extensions/plugins
directory. - Restart the SonarQube server.
Plugin project sample
To get started, clone the sample plugin project and follow the steps below:
- Install Maven
- Build the plugin by running
mvn install
from the project directory. This will generate a SonarQube plugin jar file in the target directory. - Add your newly created jar into the
<sonarqubeHome>/extensions/plugins
directory - Restart the SonarQube server
If you now look at the COBOL quality profiles, you will find the new coding rule (“Sample check”). Don’t forget to activate it. Run an analysis of a COBOL project, and you will find that an issue was logged at line 5 on every file.
Subscribing to a NodeType
Very often when writing a coding rule, you will want to subscribe to a NodeType. A NodeType can be either a rule of the grammar or a keyword of the language. As an example, here is the code of the implementation of the “Avoid using Merge statement” coding rule:
Note that CICS and SQL grammars can be accessed using getCicsGrammar()
and getSqlGrammar()
.
Coding rule lifecycle
A coding rule can optionally override six methods inherited from the CobolCheck class. Those methods are called sequentially in the following order:
public void init() {…}
: This method is called only once and should be used to subscribe to one or more NodeType(s).public void visitFile(AstNode astNode) {…}
: This method is called on each file before starting the parsing.public void visitNode(AstNode astNode) {…}
: This method is called when an AstNode matches a subscribed NodeType (see Subscribing to a NodeType) and before analyzing its content.public void leaveNode(AstNode astNode) {…}
: This method is called when an AstNode matches a desired NodeType (see Subscribing to a NodeType) and after analyzing its content.public void leaveFile(AstNode astNode) {…}
: This method is called before exiting a file.public void destroy() {…}
: This method is called before shutting down the coding rule.- The
reportIssue(…)
method, used to log an issue, should be called only inside thevisitFile(…)
,visitNode(…)
,leaveNode(…)
andleaveFile(…)
methods. Indeed, the file context isn’t known when theinit()
anddestroy()
methods are called, so the issue can’t be associated to a file.
More advanced features are documented in the API Javadoc.
Navigating the AST (Abstract Syntax Tree) with the SSLR COBOL toolkit
When starting to write a new COBOL coding rule, the main difficulty is to understand the COBOL AST in order to know which NodeType(s) need to be visited. This can be achieved by using the SSLR COBOL Toolkit, a Swing application that enables loading a COBOL file and displaying its representation as an Abstract Syntax Tree.
Each node in the AST is a COBOL grammar rule and each leaf in the AST is a COBOL token. Let’s say you want to visit the node ifStatement
. In this case, the init()
method of your COBOL coding rule must contain the following statement: subscribeTo(getCobolGrammar().ifStatement);
Configuring plugins for analyzer loading optimization
When the loading of analyzers is optimized (see Improving performance), SonarQube will only download analyzers and third-party plugins for the detected languages before running an analysis.
When creating custom plugins, to prevent errors when projects are analyzed, you must use the requiredForLanguages
property in your plugin's pom.xml
file to specify the languages your plugin supports. Without this property, your plugin will be executed unconditionally during analysis, even when its language-specific dependencies are unavailable. See Plugin basics for details on this behavior and the requiredForLanguages
property.
API changes
Since 4.0 A new API is available to write the rules but also to implement the tests.
Custom rules should now extend CobolCheck
(CobolAstCheck
is deprecated) and issues should be logged using the reportIssue(...)
method.
Tests on custom rules should now use CobolCheckVerifier
: the assertions about issues should now be added as comments inside COBOL test files.
Custom rules should be listed in an implementation of CobolCheckRepository
(CobolAstCheckRepository
is now deprecated) and metadata should be loaded by implementing RulesDefinitionExtension
.
You can now store your custom rules into a dedicated rule repository by implementing SonarQube's RulesDefinition
: in that case, you don't need to implement RulesDefinitionExtension
.
For users who already have custom rules in production: existing issues will be closed and re-opened because the internal keys of the rules are changing. If you wrote a custom plugin against version 3.x of the COBOL analyzer, it should still be compatible at runtime with version 4.0.
To migrate to the new API (full example on GitHub):
- First, migrate tests without modifying rule classes. That mainly requires moving assertions from java test classes to comments inside test COBOL files (see an example on GitHub).
- Update check classes to replace the calls to deprecated methods with the new methods which create issues (see an example on GitHub).
- Implement
CobolRulesDefinitionExtension
andCobolCheckRepository
, remove the class extendingCobolAstCheckRepository
(see an example on GitHub). - Update check classes to extend
CobolCheck
instead ofCobolAstCheck
to stop using deprecated APIs (see an example on GitHub).
To move your custom rules to a dedicated rule repository, see an example on GitHub.
Related pages
Was this page helpful?