# 1.BLOCKER and CRITICAL Ant issues analysis

## Loading data

Query used to get all the described issues and connection string to the database (Postgres):

In [2]:
query_issues = '''
    select
        i.kee as uuid,
        i.severity,
        i.message as message,
        i.line as line,
        p.name as file_name,
        m.name as metric,
        l.value as value
    from
        issues i 
        inner join projects p on i.component_uuid = p.uuid
        inner join live_measures l on i.component_uuid = l.component_uuid
        inner join metrics m on l.metric_id = m.id
    where
        i.project_uuid = 'AWwKYKvNNVnBRBMSHei7'
        -- dívidas técnicas com tipo BLOCKER ou CRITICAL
        and i.severity in ('BLOCKER', 'CRITICAL')
        and l.metric_id in (3, 18, 47) -- metricas que se deseja extrair do arquivo em questao'''

connection_url = 'postgresql://sonar:sonar@localhost/sonar'

Importing analysis libraries:

In [3]:
import pandas as pd
import numpy as np
import scipy.stats as ss

Loading the results into a Dataframe:

In [3]:
df_issues = pd.read_sql(query_issues, connection_url)
df_issues.head()

Unnamed: 0,uuid,severity,message,line,file_name,metric,value
0,AWwKYN7qIFKoM8TmMFvQ,CRITICAL,Refactor this method to reduce its Cognitive C...,789,ZipFile.java,ncloc,577.0
1,AWwKYN7qIFKoM8TmMFvQ,CRITICAL,Refactor this method to reduce its Cognitive C...,789,ZipFile.java,complexity,96.0
2,AWwKYN7qIFKoM8TmMFvO,CRITICAL,Do not override the Object.finalize() method.,409,ZipFile.java,ncloc,577.0
3,AWwKYN7qIFKoM8TmMFvO,CRITICAL,Do not override the Object.finalize() method.,409,ZipFile.java,complexity,96.0
4,AWwKYN7qIFKoM8TmMFvM,CRITICAL,Make sure this file handling is safe here.,178,ZipFile.java,ncloc,577.0


## Insights

Size of the Dataframe

In [5]:
df_issues.shape

(2369, 7)

Issues count per severity

In [6]:
df_issues.drop_duplicates('uuid').groupby('severity').count().uuid

severity
BLOCKER      88
CRITICAL    992
Name: uuid, dtype: int64

Descriptive statistics per metric type (complexity and ncloc)

In [30]:
df_issues.loc[df_issues['metric'] == 'complexity'].groupby('file_name').sum()['value'].describe()

count      333.000000
mean       335.150150
std        964.533942
min          0.000000
25%         23.000000
50%         63.000000
75%        238.000000
max      11228.000000
Name: value, dtype: float64

In [8]:
df_issues.loc[df_issues['metric'] == 'ncloc'].drop_duplicates('file_name')['value'].describe()

count     333.000000
mean      242.516517
std       239.344594
min         5.000000
25%        88.000000
50%       160.000000
75%       321.000000
max      1667.000000
Name: value, dtype: float64

In [29]:
df_issues.loc[df_issues['metric'] == 'duplicated_lines'].groupby('file_name').sum()['value'].append(pd.Series([0]*283), ignore_index=True).describe()

count      333.000000
mean       162.807808
std       1732.985287
min          0.000000
25%          0.000000
50%          0.000000
75%          0.000000
max      26908.000000
dtype: float64

---
# 2.Same analysis, but with all the files in the project for comparison

## Loading data

Query used to get all the described issues and connection string to the database (Postgres):

In [14]:
query_all = """
    select
        p.uuid,
        p.name as file_name,
        m.name as metric,
        l.value as value
    from 
        projects p
        inner join live_measures l on p.uuid = l.component_uuid
        inner join metrics m on l.metric_id = m.id
    where
        p.project_uuid = 'AWwKYKvNNVnBRBMSHei7'
        and l.metric_id in (3, 18, 47) -- metricas que se deseja extrair do arquivo em questao
        and p."scope" = 'FIL' and p.qualifier = 'FIL'"""

Loading the results into a Dataframe:

In [15]:
df_all = pd.read_sql(query_all, connection_url)
df_all.head()

Unnamed: 0,uuid,file_name,metric,value
0,AWwKYL9CIFKoM8TmMEm2,MultiRootFileSet.java,complexity,38.0
1,AWwKYL9CIFKoM8TmMEm2,MultiRootFileSet.java,ncloc,155.0
2,AWwKYL9FIFKoM8TmMEm3,Type.java,complexity,10.0
3,AWwKYL9FIFKoM8TmMEm3,Type.java,ncloc,40.0
4,AWwKYL9FIFKoM8TmMEm4,Not.java,complexity,5.0


## Insights

Size of the Dataframe

In [16]:
df_all.drop_duplicates('uuid').shape

(925, 4)

Descriptive statistics per metric type (complexity and ncloc)

In [17]:
df_all.loc[df_all['metric'] == 'complexity', 'value'].append(pd.Series([0]*2), ignore_index=True).describe()

count    925.000000
mean      27.505946
std       43.095148
min        0.000000
25%        4.000000
50%       13.000000
75%       31.000000
max      401.000000
dtype: float64

In [15]:
df_all.loc[df_all['metric'] == 'ncloc', 'value'].describe()

count     925.000000
mean      121.480000
std       176.656522
min         1.000000
25%        24.000000
50%        61.000000
75%       134.000000
max      1667.000000
Name: value, dtype: float64

In [22]:
df_all.loc[df_all['metric'] == 'duplicated_lines', 'value'].append(pd.Series([0]*834), ignore_index=True).describe()

count    925.000000
mean       7.594595
std       46.343800
min        0.000000
25%        0.000000
50%        0.000000
75%        0.000000
max      961.000000
dtype: float64

---
# 3.Analysing metrics per issue type (rule)

Now, let's add the columns `rule_id` and replace `message` to (rule) `name` in the query. 

This queries all the issues (technical debt) of types 'BLOCKER' and 'CRITICAL' and gets the rule that it is breaking. This way, we'll be able to get the metrics (like "complexity" or "ncloc") per rule and make the analysis.

In [4]:
query_rules = '''
    select
        i.rule_id,
        r.name,
        m.name as metric,
        l.value as value
    from
        issues i 
        inner join rules r on i.rule_id = r.id
        inner join projects p on i.component_uuid = p.uuid
        inner join live_measures l on i.component_uuid = l.component_uuid
        inner join metrics m on l.metric_id = m.id
    where
        i.project_uuid = 'AWwKYKvNNVnBRBMSHei7'
        -- dívidas técnicas com tipo BLOCKER ou CRITICAL
        and i.severity in ('BLOCKER', 'CRITICAL')
        and l.metric_id in (3, 18, 47) -- metricas que se deseja extrair do arquivo em questao'''

Loading the data

In [5]:
df_rules = pd.read_sql(query_rules, connection_url)
df_rules.head()

Unnamed: 0,rule_id,name,metric,value
0,5510,Cognitive Complexity of methods should not be ...,ncloc,577.0
1,5510,Cognitive Complexity of methods should not be ...,complexity,96.0
2,5245,The Object.finalize() method should not be ove...,ncloc,577.0
3,5245,The Object.finalize() method should not be ove...,complexity,96.0
4,5370,Handling files is security-sensitive,ncloc,577.0


## Insights

General information

In [6]:
df_rules['name'].unique()

array(['Cognitive Complexity of methods should not be too high',
       'The Object.finalize() method should not be overriden',
       'Handling files is security-sensitive',
       '"clone" should not be overridden',
       'Child class fields should not shadow parent class fields',
       'Class names should not shadow interfaces or superclasses',
       'Constants should not be defined in interfaces',
       'Constant names should comply with a naming convention',
       'Methods should not be empty',
       'Using Sockets is security-sensitive',
       'Dynamically executing code is security-sensitive',
       'Expanding archive files is security-sensitive',
       'Using command line arguments is security-sensitive',
       'String literals should not be duplicated',
       'Untrusted XML should be parsed with a local, static DTD',
       '"switch" statements should have "default" clauses',
       'Reading the Standard Input is security-sensitive',
       'Using regular expression

In [7]:
df_rules['name'].unique().shape

(39,)

## Grouping by `rule_id` and calculating the metric's statistics

In [8]:
df_rules_grouped = df_rules.groupby(['rule_id', 'name', 'metric'])

Some counting 

In [9]:
df_rules_grouped.count().sort_values('value', ascending=False).head(10)

Unnamed: 0_level_0,Unnamed: 1_level_0,Unnamed: 2_level_0,value
rule_id,name,metric,Unnamed: 3_level_1
5510,Cognitive Complexity of methods should not be too high,ncloc,292
5510,Cognitive Complexity of methods should not be too high,complexity,292
5370,Handling files is security-sensitive,ncloc,197
5370,Handling files is security-sensitive,complexity,197
5413,Methods should not be empty,complexity,128
5413,Methods should not be empty,ncloc,128
5098,String literals should not be duplicated,ncloc,119
5098,String literals should not be duplicated,complexity,119
5297,Dynamically executing code is security-sensitive,ncloc,80
5297,Dynamically executing code is security-sensitive,complexity,80


Some statistics

In [33]:
df_agg = df_rules_grouped.agg(['describe'])
df_agg.columns = df_agg.columns.droplevel().droplevel()

df_agg.sort_values(['count', 'rule_id', 'metric'], ascending=False).head(16)

Unnamed: 0_level_0,Unnamed: 1_level_0,Unnamed: 2_level_0,count,mean,std,min,25%,50%,75%,max
rule_id,name,metric,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,Unnamed: 6_level_1,Unnamed: 7_level_1,Unnamed: 8_level_1,Unnamed: 9_level_1,Unnamed: 10_level_1
5510,Cognitive Complexity of methods should not be too high,ncloc,292.0,541.84589,404.334276,53.0,248.25,434.0,710.5,1667.0
5510,Cognitive Complexity of methods should not be too high,complexity,292.0,130.458904,98.710039,9.0,57.75,107.0,177.0,401.0
5370,Handling files is security-sensitive,ncloc,197.0,493.467005,358.039097,15.0,231.0,391.0,721.0,1667.0
5370,Handling files is security-sensitive,complexity,197.0,116.771574,91.529596,4.0,49.0,80.0,179.0,401.0
5413,Methods should not be empty,ncloc,128.0,260.648438,269.51831,5.0,85.0,151.0,289.0,1193.0
5413,Methods should not be empty,complexity,128.0,57.476562,61.94981,1.0,21.0,31.5,62.0,293.0
5098,String literals should not be duplicated,ncloc,119.0,545.529412,395.591722,22.0,249.0,434.0,758.0,1667.0
5098,String literals should not be duplicated,complexity,119.0,129.033613,97.491758,3.0,61.0,99.0,173.5,401.0
5297,Dynamically executing code is security-sensitive,ncloc,80.0,297.3125,283.405135,32.0,90.0,191.0,388.0,1245.0
5297,Dynamically executing code is security-sensitive,complexity,80.0,63.4375,67.151603,2.0,16.5,40.0,80.75,295.0


# Correlation between metric and rule

In [26]:
from sklearn.svm import SVC
from sklearn.neighbors import KNeighborsClassifier
from sklearn.naive_bayes import GaussianNB
from sklearn.model_selection import cross_val_score

## Correlação entre Linhas não comentadas e Cognitive Complexity of methods should not be too high

In [63]:
query_not_ok = """
-- arquivos com a divida do tipo rule_id com a métrica metric_id
select 
    value,
    1 as present
from live_measures 
where component_uuid in (select distinct component_uuid from issues where rule_id = 5510 and project_uuid = 'AWrwqThXS_LSSKKohbva')
and metric_id = 3"""

query_ok = """
-- arquivos sem a divida do tipo rule_id com a metrica metric_id
select 
    value,
    0 as present
from live_measures 
where component_uuid not in (
  select distinct component_uuid from issues where rule_id = 5510 and project_uuid = 'AWrwqThXS_LSSKKohbva')
and component_uuid in (
select uuid from projects where project_uuid = 'AWrwqThXS_LSSKKohbva' and "scope" = 'FIL' and qualifier = 'FIL')
and metric_id = 3"""

In [64]:
df_not_ok = pd.read_sql(query_not_ok, connection_url)
df_ok = pd.read_sql(query_ok, connection_url)

In [65]:
df_both = pd.concat([df_not_ok, df_ok])

In [66]:
clf = SVC(gamma='scale')
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.91213389, 0.91596639, 0.91176471])

In [67]:
clf = KNeighborsClassifier()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scoresclf = GaussianNB()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.93723849, 0.90336134, 0.90756303])

In [68]:
clf = GaussianNB()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.92887029, 0.93277311, 0.92857143])

##  Correlação entre Complexidade e Cognitive Complexity of methods should not be too high

In [69]:
query_not_ok = """
-- arquivos com a divida do tipo rule_id com a métrica metric_id
select 
    value,
    1 as present
from live_measures 
where component_uuid in (
  select distinct component_uuid from issues where rule_id = 5510 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and metric_id = 18"""

query_ok = """
-- arquivos sem a divida do tipo rule_id com a metrica metric_id
select 
    value,
    0 as present
from live_measures 
where component_uuid not in (
  select distinct component_uuid from issues where rule_id = 5510 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and component_uuid in (
select uuid from projects where project_uuid = 'AWrwqThXS_LSSKKohbva' and "scope" = 'FIL' and qualifier = 'FIL')
and metric_id = 18"""

In [70]:
df_not_ok = pd.read_sql(query_not_ok, connection_url)
df_ok = pd.read_sql(query_ok, connection_url)

In [71]:
df_both = pd.concat([df_not_ok, df_ok])

In [72]:
clf = SVC(gamma='scale')
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.94017094, 0.91845494, 0.93133047])

In [73]:
clf = KNeighborsClassifier()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.91880342, 0.90987124, 0.90987124])

In [74]:
clf = GaussianNB()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.91880342, 0.93133047, 0.93562232])

## Correlação entre Linhas não comentadas e Methods should not be empty

In [75]:
query_not_ok = """
-- arquivos com a divida do tipo rule_id com a métrica metric_id
select 
    value,
    1 as present
from live_measures 
where component_uuid in (
  select distinct component_uuid from issues where rule_id = 5413 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and metric_id = 3"""

query_ok = """
-- arquivos sem a divida do tipo rule_id com a metrica metric_id
select 
    value,
    0 as present
from live_measures 
where component_uuid not in (
  select distinct component_uuid from issues where rule_id = 5413 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and component_uuid in (
select uuid from projects where project_uuid = 'AWrwqThXS_LSSKKohbva' and "scope" = 'FIL' and qualifier = 'FIL')
and metric_id = 3"""

In [76]:
df_not_ok = pd.read_sql(query_not_ok, connection_url)
df_ok = pd.read_sql(query_ok, connection_url)

In [77]:
df_both = pd.concat([df_not_ok, df_ok])

In [78]:
clf = SVC(gamma='scale')
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.9748954 , 0.97478992, 0.97478992])

In [79]:
clf = KNeighborsClassifier()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.9748954 , 0.97478992, 0.97478992])

In [80]:
clf = GaussianNB()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.9707113 , 0.96638655, 0.94117647])

## Correlação entre Complexidade e Methods should not be empty

In [81]:
query_not_ok = """
-- arquivos com a divida do tipo rule_id com a métrica metric_id
select 
    value,
    1 as present
from live_measures 
where component_uuid in (
  select distinct component_uuid from issues where rule_id = 5413 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and metric_id = 18"""

query_ok = """
-- arquivos sem a divida do tipo rule_id com a metrica metric_id
select 
    value,
    0 as present
from live_measures 
where component_uuid not in (
  select distinct component_uuid from issues where rule_id = 5413 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and component_uuid in (
select uuid from projects where project_uuid = 'AWrwqThXS_LSSKKohbva' and "scope" = 'FIL' and qualifier = 'FIL')
and metric_id = 18"""

In [82]:
df_not_ok = pd.read_sql(query_not_ok, connection_url)
df_ok = pd.read_sql(query_ok, connection_url)

In [83]:
df_both = pd.concat([df_not_ok, df_ok])

In [84]:
clf = SVC(gamma='scale')
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.97435897, 0.97424893, 0.97424893])

In [85]:
clf = KNeighborsClassifier()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.97435897, 0.97424893, 0.97424893])

In [86]:
clf = GaussianNB()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.97863248, 0.97424893, 0.93991416])

## Correlação entre Linhas não comentadas e Handling files is security-sensitive

In [87]:
query_not_ok = """
-- arquivos com a divida do tipo rule_id com a métrica metric_id
select 
    value,
    1 as present
from live_measures 
where component_uuid in (
  select distinct component_uuid from issues where rule_id = 5370 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and metric_id = 3"""

query_ok = """
-- arquivos sem a divida do tipo rule_id com a metrica metric_id
select 
    value,
    0 as present
from live_measures 
where component_uuid not in (
  select distinct component_uuid from issues where rule_id = 5370 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and component_uuid in (
select uuid from projects where project_uuid = 'AWrwqThXS_LSSKKohbva' and "scope" = 'FIL' and qualifier = 'FIL')
and metric_id = 3"""

In [88]:
df_not_ok = pd.read_sql(query_not_ok, connection_url)
df_ok = pd.read_sql(query_ok, connection_url)

In [89]:
df_both = pd.concat([df_not_ok, df_ok])

In [90]:
clf = SVC(gamma='scale')
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.94560669, 0.94117647, 0.93697479])

In [91]:
clf = KNeighborsClassifier()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.9539749 , 0.94537815, 0.93697479])

In [92]:
clf = GaussianNB()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.9539749 , 0.94957983, 0.92857143])

## Complexidade e Handling files is security-sensitive

In [93]:
query_not_ok = """
-- arquivos com a divida do tipo rule_id com a métrica metric_id
select 
    value,
    1 as present
from live_measures 
where component_uuid in (
  select distinct component_uuid from issues where rule_id = 5370 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and metric_id = 18"""

query_ok = """
-- arquivos sem a divida do tipo rule_id com a metrica metric_id
select 
    value,
    0 as present
from live_measures 
where component_uuid not in (
  select distinct component_uuid from issues where rule_id = 5370 and project_uuid = 'AWrwqThXS_LSSKKohbva'
)
and component_uuid in (
select uuid from projects where project_uuid = 'AWrwqThXS_LSSKKohbva' and "scope" = 'FIL' and qualifier = 'FIL')
and metric_id = 18"""

In [94]:
df_not_ok = pd.read_sql(query_not_ok, connection_url)
df_ok = pd.read_sql(query_ok, connection_url)

In [95]:
df_both = pd.concat([df_not_ok, df_ok])

In [96]:
clf = SVC(gamma='scale')
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.94444444, 0.94420601, 0.94849785])

In [97]:
clf = KNeighborsClassifier()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.94444444, 0.94849785, 0.94420601])

In [98]:
clf = GaussianNB()
scores = cross_val_score(clf, df_both.value.values.reshape(-1,1), df_both.present, cv=3)
scores

array([0.94871795, 0.94849785, 0.91845494])