9 months ago (7 notes)

#static analysis
#groovy
#eclipse
#plugin
#plugins

CodeNarc for Eclipse released

My friend René has released CodeNarc for Eclipse which integrates CodeNarc into Eclipse.

CodeNarc tries to find errors and potential problems in Groovy code. The list of code checks is already quite large and covers a lot more than the basics (for example bitwise OR instead of boolean OR).

If you find yourself writing more Groovy and less Java, it might make sense to expand static analysis to dynamic code, just as it is normally done for Java with tools like PMD, CheckStyle or FindBugs.

The Eclipse update sites are

http://codenarceclipse.sourceforge.net/eclipse/release/ for release builds
http://codenarceclipse.sourceforge.net/eclipse/snapshot/ for snapshot builds

11 months ago (39 notes)

#spread
#spread operator
#operator
#operators
#groovy
#null
#null-safe

Groovy operators: The spread operator is null-safe

Groovy’s spread operator lets you collect a property of objects from a collection. Here’s an example:

[ 1, 2, 3 ]*.toString() == [ '1', '2', '3' ]

This is identical but shorter than calling

[ 1, 2, 3 ].collect { it.toString() }

Keep in mind that, just like .collect, the spread operator is null-safe, i.E. both of these work without throwing any exceptions:

null*.toString()
[ 1, null, 3 ]*.toString()

1 year ago (2 notes)

#groovy
#string
#strings
#performance
#gstring
#concat
#leftShift

View high resolution

Performance of four methods of concatenating Strings together

plus: a + a
.concat: a.concat(b)
GString: "${a}${b}".toString()
left shift: a << b

.concat is the fastest method in all cases. If you’d like a more groovy version, a << b is faster than a + b.

1 year ago (2 notes)

#dos
#attack
#denial of service
#java
#double
#as double
#toDouble
#parseDouble

Java hangs when converting 2.2250738585072012e-308 — prevent DOS attacks with Groovy

The big news now is that

Java — both its runtime and compiler — go into an infinite loop when converting the decimal number 2.2250738585072012e-308 to double-precision binary floating-point.

This has a big impact on web applications since many of them use the java.lang.Double#parseDouble(String) method with data input by the user.

While I’m sure most programmers are aware of SQL injection, this is a new threat since user input is usually handled only with try { double foo = Double.parseDouble(input); } catch (NumberFormatException ex) { /* Flip it and reverse it */ } which does not protect against the denial-of-service attack with the value mentioned above.

A Groovy Solution

Fortunately, Groovy makes it easy to protect yourself from this attack. A simple regular expression that tests for /[eE]-\d*30\d/ is all it takes.

Here is an example of my Pearson Correlation Calculator:

Vulnerable Code

def calculateFromTwoColumns(String x, String y) {

    def xTokens = (x ?: '').tokenize(defaultSeparator)
    def yTokens = (y ?: '').tokenize(defaultSeparator)

    correlation(xTokens.collect { it as double }, yTokens.collect { it as double })

}

Safe Code

def calculateFromTwoColumns(String x, String y) {

    def xTokens = (x ?: '').tokenize(defaultSeparator).
        findAll { !(it =~ /[eE]-\d*30\d/).find() }
    def yTokens = (y ?: '').tokenize(defaultSeparator).
        findAll { !(it =~ /[eE]-\d*30\d/).find() }

    correlation(xTokens.collect { it as double }, yTokens.collect { it as double })

}

This will protect against all the values mentioned in the article, such as 0.00022250738585072012e-304, 00000000002.2250738585072012e-308, 2.225073858507201200000e-308, 2.2250738585072012e-00308, 2.2250738585072012997800001e-308.