import org.sonar.xoo.rule.CreateIssueByInternalKeySensor;
import org.sonar.xoo.rule.CustomMessageSensor;
import org.sonar.xoo.rule.HasTagSensor;
-import org.sonar.xoo.rule.MultilineHotspotSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
import org.sonar.xoo.rule.MarkAsUnchangedSensor;
+import org.sonar.xoo.rule.MultilineHotspotSensor;
import org.sonar.xoo.rule.MultilineIssuesSensor;
import org.sonar.xoo.rule.NoSonarSensor;
import org.sonar.xoo.rule.OneBlockerIssuePerFileSensor;
import org.sonar.xoo.rule.XooFakeImporterWithMessages;
import org.sonar.xoo.rule.XooRulesDefinition;
import org.sonar.xoo.rule.XooSonarWayProfile;
+import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
+import org.sonar.xoo.rule.variant.HotspotWithCodeVariantsSensor;
+import org.sonar.xoo.rule.variant.IssueWithCodeVariantsSensor;
import org.sonar.xoo.scm.XooBlameCommand;
import org.sonar.xoo.scm.XooIgnoreCommand;
import org.sonar.xoo.scm.XooScmProvider;
HotspotWithoutContextSensor.class,
HotspotWithContextsSensor.class,
HotspotWithSingleContextSensor.class,
+ HotspotWithCodeVariantsSensor.class,
// Coverage
UtCoverageSensor.class,
XooPostJob.class,
XooIssueFilter.class,
XooIgnoreCommand.class,
- SignificantCodeSensor.class);
+ SignificantCodeSensor.class,
+ IssueWithCodeVariantsSensor.class);
if (context.getRuntime().getProduct() != SonarProduct.SONARLINT) {
context.addExtension(MeasureSensor.class);
import org.sonar.xoo.Xoo;
import org.sonar.xoo.Xoo2;
import org.sonar.xoo.checks.Check;
+import org.sonar.xoo.rule.variant.HotspotWithCodeVariantsSensor;
import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
+import org.sonar.xoo.rule.variant.IssueWithCodeVariantsSensor;
import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.ASSESS_THE_PROBLEM_SECTION_KEY;
import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.HOW_TO_FIX_SECTION_KEY;
hotspot
.setDebtRemediationFunction(hotspot.debtRemediationFunctions().constantPerIssue("2min"));
+ NewRule variants = repo.createRule(IssueWithCodeVariantsSensor.RULE_KEY).setName("Find issues with code variants");
+ addAllDescriptionSections(variants, "Search for a given variant in Xoo files");
+
if (version != null && version.isGreaterThanOrEqual(Version.create(9, 3))) {
hotspot
.addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)
.addDescriptionSection(howToFixSectionWithContext("single_context"));
addDescriptionSectionsWithoutContexts(hotspotWithSingleContext, "Search for Security Hotspots with single context in Xoo files");
+ NewRule hotspotWithCodeVariants = repo.createRule(HotspotWithCodeVariantsSensor.RULE_KEY)
+ .setName("Find security hotspots with code variants")
+ .setType(RuleType.SECURITY_HOTSPOT)
+ .setActivatedByDefault(false);
+ addAllDescriptionSections(hotspotWithCodeVariants, "Search for a given variant in Xoo files");
+
repo.done();
}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.fs.InputFile;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.batch.sensor.SensorContext;
+import org.sonar.api.batch.sensor.issue.NewIssue;
+import org.sonar.api.config.Configuration;
+import org.sonar.api.rule.RuleKey;
+import org.sonar.xoo.rule.AbstractXooRuleSensor;
+
+/**
+ * Raise issue for multiple code variants.
+ * Use the property "sonar.variants" to define the variants.
+ * If variant names are found on the file content, an issue is raised with all the corresponding variants.
+ * Extend this abstract class to define the rule key.
+ */
+public abstract class CodeVariantSensor extends AbstractXooRuleSensor {
+
+ private static final String VARIANTS_PROPERTY = "sonar.variants";
+
+ private final Configuration settings;
+
+ public CodeVariantSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+ super(fs, activeRules);
+ this.settings = settings;
+ }
+
+ @Override
+ protected void processFile(InputFile inputFile, SensorContext context, RuleKey ruleKey, String languageKey) {
+ Optional<String> variantsValue = settings.get(VARIANTS_PROPERTY);
+ if (variantsValue.isEmpty()) {
+ return;
+ }
+
+ List<String> variants = Arrays.asList(variantsValue.get().split(","));
+
+ try {
+ String contents = inputFile.contents();
+ List<String> identifiedVariants = variants.stream()
+ .filter(contents::contains)
+ .collect(Collectors.toList());
+
+ if (!identifiedVariants.isEmpty()) {
+ NewIssue newIssue = context.newIssue()
+ .forRule(ruleKey)
+ .setCodeVariants(identifiedVariants);
+ newIssue.at(newIssue.newLocation()
+ .on(inputFile)
+ .message("This is generated for variants"))
+ .save();
+ }
+ } catch (IOException e) {
+ throw new IllegalStateException("Fail to get content of file " + inputFile, e);
+ }
+ }
+
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.config.Configuration;
+
+/**
+ * Raises security hotspots with code variants.
+ */
+public class HotspotWithCodeVariantsSensor extends CodeVariantSensor {
+
+ public static final String RULE_KEY = "HotspotWithCodeVariants";
+
+ public HotspotWithCodeVariantsSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+ super(settings, fs, activeRules);
+ }
+
+ @Override
+ protected String getRuleKey() {
+ return RULE_KEY;
+ }
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.config.Configuration;
+
+/**
+ * Raises issues with code variants.
+ */
+public class IssueWithCodeVariantsSensor extends CodeVariantSensor {
+
+ public static final String RULE_KEY = "IssueWithCodeVariants";
+
+ public IssueWithCodeVariantsSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+ super(settings, fs, activeRules);
+ }
+
+ @Override
+ protected String getRuleKey() {
+ return RULE_KEY;
+ }
+}
assertThat(repo).isNotNull();
assertThat(repo.name()).isEqualTo("Xoo");
assertThat(repo.language()).isEqualTo("xoo");
- assertThat(repo.rules()).hasSize(26);
+ assertThat(repo.rules()).hasSize(28);
return repo;
}
}
projects / sonarqube.git / commitdiff