From fd7ad162b2200b8aee72b9760e9c7aef9eae5182 Mon Sep 17 00:00:00 2001
From: Antoine Vinot <antoine.vinot@sonarsource.com>
Date: Tue, 9 May 2023 16:59:38 +0200
Subject: [PATCH] SONAR-19197 - Add BlackBox Test for code variants

---
 .../main/java/org/sonar/xoo/XooPlugin.java    | 14 ++--
 .../sonar/xoo/rule/XooRulesDefinition.java    | 11 +++
 .../xoo/rule/variant/CodeVariantSensor.java   | 82 +++++++++++++++++++
 .../HotspotWithCodeVariantsSensor.java        | 41 ++++++++++
 .../variant/IssueWithCodeVariantsSensor.java  | 41 ++++++++++
 .../xoo/rule/XooRulesDefinitionTest.java      |  2 +-
 6 files changed, 185 insertions(+), 6 deletions(-)
 create mode 100644 plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/CodeVariantSensor.java
 create mode 100644 plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/HotspotWithCodeVariantsSensor.java
 create mode 100644 plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/IssueWithCodeVariantsSensor.java

diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
index 06f5ae53f06..4964d6dd316 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
@@ -43,11 +43,8 @@ import org.sonar.xoo.rule.ChecksSensor;
 import org.sonar.xoo.rule.CreateIssueByInternalKeySensor;
 import org.sonar.xoo.rule.CustomMessageSensor;
 import org.sonar.xoo.rule.HasTagSensor;
-import org.sonar.xoo.rule.MultilineHotspotSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
 import org.sonar.xoo.rule.MarkAsUnchangedSensor;
+import org.sonar.xoo.rule.MultilineHotspotSensor;
 import org.sonar.xoo.rule.MultilineIssuesSensor;
 import org.sonar.xoo.rule.NoSonarSensor;
 import org.sonar.xoo.rule.OneBlockerIssuePerFileSensor;
@@ -82,6 +79,11 @@ import org.sonar.xoo.rule.XooFakeImporter;
 import org.sonar.xoo.rule.XooFakeImporterWithMessages;
 import org.sonar.xoo.rule.XooRulesDefinition;
 import org.sonar.xoo.rule.XooSonarWayProfile;
+import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
+import org.sonar.xoo.rule.variant.HotspotWithCodeVariantsSensor;
+import org.sonar.xoo.rule.variant.IssueWithCodeVariantsSensor;
 import org.sonar.xoo.scm.XooBlameCommand;
 import org.sonar.xoo.scm.XooIgnoreCommand;
 import org.sonar.xoo.scm.XooScmProvider;
@@ -176,6 +178,7 @@ public class XooPlugin implements Plugin {
       HotspotWithoutContextSensor.class,
       HotspotWithContextsSensor.class,
       HotspotWithSingleContextSensor.class,
+      HotspotWithCodeVariantsSensor.class,
 
       // Coverage
       UtCoverageSensor.class,
@@ -191,7 +194,8 @@ public class XooPlugin implements Plugin {
       XooPostJob.class,
       XooIssueFilter.class,
       XooIgnoreCommand.class,
-      SignificantCodeSensor.class);
+      SignificantCodeSensor.class,
+      IssueWithCodeVariantsSensor.class);
 
     if (context.getRuntime().getProduct() != SonarProduct.SONARLINT) {
       context.addExtension(MeasureSensor.class);
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
index c818dadcbc9..4583eb6f7d4 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
@@ -31,9 +31,11 @@ import org.sonar.api.utils.Version;
 import org.sonar.xoo.Xoo;
 import org.sonar.xoo.Xoo2;
 import org.sonar.xoo.checks.Check;
+import org.sonar.xoo.rule.variant.HotspotWithCodeVariantsSensor;
 import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
 import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
 import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
+import org.sonar.xoo.rule.variant.IssueWithCodeVariantsSensor;
 
 import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.ASSESS_THE_PROBLEM_SECTION_KEY;
 import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.HOW_TO_FIX_SECTION_KEY;
@@ -231,6 +233,9 @@ public class XooRulesDefinition implements RulesDefinition {
     hotspot
       .setDebtRemediationFunction(hotspot.debtRemediationFunctions().constantPerIssue("2min"));
 
+    NewRule variants = repo.createRule(IssueWithCodeVariantsSensor.RULE_KEY).setName("Find issues with code variants");
+    addAllDescriptionSections(variants, "Search for a given variant in Xoo files");
+
     if (version != null && version.isGreaterThanOrEqual(Version.create(9, 3))) {
       hotspot
         .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)
@@ -278,6 +283,12 @@ public class XooRulesDefinition implements RulesDefinition {
       .addDescriptionSection(howToFixSectionWithContext("single_context"));
     addDescriptionSectionsWithoutContexts(hotspotWithSingleContext, "Search for Security Hotspots with single context in Xoo files");
 
+    NewRule hotspotWithCodeVariants = repo.createRule(HotspotWithCodeVariantsSensor.RULE_KEY)
+      .setName("Find security hotspots with code variants")
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setActivatedByDefault(false);
+    addAllDescriptionSections(hotspotWithCodeVariants, "Search for a given variant in Xoo files");
+
     repo.done();
   }
 
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/CodeVariantSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/CodeVariantSensor.java
new file mode 100644
index 00000000000..53fa9f7e68a
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/CodeVariantSensor.java
@@ -0,0 +1,82 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.fs.InputFile;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.batch.sensor.SensorContext;
+import org.sonar.api.batch.sensor.issue.NewIssue;
+import org.sonar.api.config.Configuration;
+import org.sonar.api.rule.RuleKey;
+import org.sonar.xoo.rule.AbstractXooRuleSensor;
+
+/**
+ * Raise issue for multiple code variants.
+ * Use the property "sonar.variants" to define the variants.
+ * If variant names are found on the file content, an issue is raised with all the corresponding variants.
+ * Extend this abstract class to define the rule key.
+ */
+public abstract class CodeVariantSensor extends AbstractXooRuleSensor {
+
+  private static final String VARIANTS_PROPERTY = "sonar.variants";
+
+  private final Configuration settings;
+
+  public CodeVariantSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+    super(fs, activeRules);
+    this.settings = settings;
+  }
+
+  @Override
+  protected void processFile(InputFile inputFile, SensorContext context, RuleKey ruleKey, String languageKey) {
+    Optional<String> variantsValue = settings.get(VARIANTS_PROPERTY);
+    if (variantsValue.isEmpty()) {
+      return;
+    }
+
+    List<String> variants = Arrays.asList(variantsValue.get().split(","));
+
+    try {
+      String contents = inputFile.contents();
+      List<String> identifiedVariants = variants.stream()
+        .filter(contents::contains)
+        .collect(Collectors.toList());
+
+      if (!identifiedVariants.isEmpty()) {
+        NewIssue newIssue = context.newIssue()
+          .forRule(ruleKey)
+          .setCodeVariants(identifiedVariants);
+        newIssue.at(newIssue.newLocation()
+            .on(inputFile)
+            .message("This is generated for variants"))
+          .save();
+      }
+    } catch (IOException e) {
+      throw new IllegalStateException("Fail to get content of file " + inputFile, e);
+    }
+  }
+
+}
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/HotspotWithCodeVariantsSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/HotspotWithCodeVariantsSensor.java
new file mode 100644
index 00000000000..657b8e7db2e
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/HotspotWithCodeVariantsSensor.java
@@ -0,0 +1,41 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.config.Configuration;
+
+/**
+ * Raises security hotspots with code variants.
+ */
+public class HotspotWithCodeVariantsSensor extends CodeVariantSensor {
+
+  public static final String RULE_KEY = "HotspotWithCodeVariants";
+
+  public HotspotWithCodeVariantsSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+    super(settings, fs, activeRules);
+  }
+
+  @Override
+  protected String getRuleKey() {
+    return RULE_KEY;
+  }
+}
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/IssueWithCodeVariantsSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/IssueWithCodeVariantsSensor.java
new file mode 100644
index 00000000000..02364bb7622
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/IssueWithCodeVariantsSensor.java
@@ -0,0 +1,41 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.config.Configuration;
+
+/**
+ * Raises issues with code variants.
+ */
+public class IssueWithCodeVariantsSensor extends CodeVariantSensor {
+
+  public static final String RULE_KEY = "IssueWithCodeVariants";
+
+  public IssueWithCodeVariantsSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+    super(settings, fs, activeRules);
+  }
+
+  @Override
+  protected String getRuleKey() {
+    return RULE_KEY;
+  }
+}
diff --git a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
index 8d3ece2a71c..fa287bcd82c 100644
--- a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
+++ b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
@@ -119,7 +119,7 @@ public class XooRulesDefinitionTest {
     assertThat(repo).isNotNull();
     assertThat(repo.name()).isEqualTo("Xoo");
     assertThat(repo.language()).isEqualTo("xoo");
-    assertThat(repo.rules()).hasSize(26);
+    assertThat(repo.rules()).hasSize(28);
     return repo;
   }
 }
-- 
2.39.5