mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33341 Commits
59 Branches
Tree: 3fd6248dd0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3fd6248dd0'
${ noResults }
sonarqube/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java

XooRulesDefinition.java 18KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2023 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.xoo.rule;

  21. 

  22. import javax.annotation.Nullable;

  23. import org.sonar.api.SonarRuntime;

  24. import org.sonar.api.rule.RuleScope;

  25. import org.sonar.api.rules.RuleType;

  26. import org.sonar.api.server.rule.RuleDescriptionSection;

  27. import org.sonar.api.server.rule.RuleParamType;

  28. import org.sonar.api.server.rule.RulesDefinition;

  29. import org.sonar.api.server.rule.RulesDefinitionAnnotationLoader;

  30. import org.sonar.api.utils.Version;

  31. import org.sonar.xoo.Xoo;

  32. import org.sonar.xoo.Xoo2;

  33. import org.sonar.xoo.checks.Check;

  34. import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;

  35. import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;

  36. import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;

  37. 

  38. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.ASSESS_THE_PROBLEM_SECTION_KEY;

  39. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.HOW_TO_FIX_SECTION_KEY;

  40. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.INTRODUCTION_SECTION_KEY;

  41. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.RESOURCES_SECTION_KEY;

  42. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.ROOT_CAUSE_SECTION_KEY;

  43. import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.Y2017;

  44. import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.Y2021;

  45. 

  46. /**

  47.  * Define all the coding rules that are supported on the repositories named "xoo" and "xoo2"

  48.  */

  49. public class XooRulesDefinition implements RulesDefinition {

  50. 

  51.   public static final String[] AVAILABLE_CONTEXTS = {"javascript", "jquery", "express_js", "react", "axios"};

  52. 

  53.   public static final String XOO_REPOSITORY = "xoo";

  54.   public static final String XOO2_REPOSITORY = "xoo2";

  55. 

  56.   private static final String TEN_MIN = "10min";

  57. 

  58.   @Nullable

  59.   private final Version version;

  60. 

  61.   public XooRulesDefinition() {

  62.     this(null);

  63.   }

  64. 

  65.   public XooRulesDefinition(@Nullable SonarRuntime sonarRuntime) {

  66.     this.version = sonarRuntime != null ? sonarRuntime.getApiVersion() : null;

  67.   }

  68. 

  69.   @Override

  70.   public void define(Context context) {

  71.     defineRulesXoo(context);

  72.     defineRulesXoo2(context);

  73.     defineRulesXooExternal(context);

  74.   }

  75. 

  76.   private static void defineRulesXoo2(Context context) {

  77.     NewRepository repo = context.createRepository(XOO2_REPOSITORY, Xoo2.KEY).setName("Xoo2");

  78. 

  79.     NewRule hasTag = repo.createRule(HasTagSensor.RULE_KEY).setName("Has Tag");

  80.     addAllDescriptionSections(hasTag, "Search for a given tag in Xoo files");

  81. 

  82.     NewRule oneIssuePerLine = repo.createRule(OneIssuePerLineSensor.RULE_KEY).setName("One Issue Per Line");

  83.     addAllDescriptionSections(oneIssuePerLine, "Generate an issue on each line of a file. It requires the metric \"lines\".");

  84.     oneIssuePerLine

  85.       .setDebtRemediationFunction(hasTag.debtRemediationFunctions().linear("1min"))

  86.       .setGapDescription("It takes about 1 minute to an experienced software craftsman to remove a line of code");

  87. 

  88.     repo.done();

  89.   }

  90. 

  91.   private void defineRulesXoo(Context context) {

  92.     NewRepository repo = context.createRepository(XOO_REPOSITORY, Xoo.KEY).setName("Xoo");

  93. 

  94.     new RulesDefinitionAnnotationLoader().load(repo, Check.ALL);

  95. 

  96.     NewRule hasTag = repo.createRule(HasTagSensor.RULE_KEY).setName("Has Tag")

  97.       .setActivatedByDefault(true)

  98.       .addDescriptionSection(howToFixSectionWithContext("single_context"));

  99.     addDescriptionSectionsWithoutContexts(hasTag, "Search for a given tag in Xoo files");

  100. 

  101.     hasTag

  102.       .setDebtRemediationFunction(hasTag.debtRemediationFunctions().constantPerIssue("2min"));

  103.     hasTag.createParam("tag")

  104.       .setDefaultValue("xoo")

  105.       .setDescription("The tag to search for");

  106. 

  107.     NewRule ruleWithParameters = repo.createRule("RuleWithParameters").setName("Rule with parameters");

  108.     addAllDescriptionSections(ruleWithParameters,

  109.       "Rule containing parameter of different types : boolean, integer, etc. For information, no issue will be linked to this rule.");

  110.     ruleWithParameters.createParam("string").setType(RuleParamType.STRING);

  111.     ruleWithParameters.createParam("text").setType(RuleParamType.TEXT);

  112.     ruleWithParameters.createParam("boolean").setType(RuleParamType.BOOLEAN);

  113.     ruleWithParameters.createParam("integer").setType(RuleParamType.INTEGER);

  114.     ruleWithParameters.createParam("float").setType(RuleParamType.FLOAT);

  115. 

  116.     NewRule oneIssuePerLine = repo.createRule(OneIssuePerLineSensor.RULE_KEY).setName("One Issue Per Line")

  117.       .setTags("line");

  118.     addDescriptionSectionsWithoutContexts(oneIssuePerLine, "Generate an issue on each line of a file. It requires the metric \"lines\".");

  119.     addHowToFixSectionsWithContexts(oneIssuePerLine);

  120.     oneIssuePerLine

  121.       .setDebtRemediationFunction(oneIssuePerLine.debtRemediationFunctions().linear("1min"))

  122.       .setGapDescription("It takes about 1 minute to an experienced software craftsman to remove a line of code")

  123.       .addEducationPrincipleKeys("defense_in_depth", "never_trust_user_input");

  124. 

  125.     NewRule oneQuickFixPerLine = repo.createRule(OneQuickFixPerLineSensor.RULE_KEY).setName("One Quick Fix Per Line")

  126.       .setTags("line");

  127.     addAllDescriptionSections(oneQuickFixPerLine,

  128.       "Generate an issue with quick fix available on each line of a file. It requires the metric \"lines\".");

  129. 

  130.     oneQuickFixPerLine

  131.       .setDebtRemediationFunction(oneQuickFixPerLine.debtRemediationFunctions().linear("1min"))

  132.       .setGapDescription("It takes about 1 minute to an experienced software craftsman to remove a line of code");

  133. 

  134.     NewRule oneIssueOnDirPerFile = repo.createRule(OneIssueOnDirPerFileSensor.RULE_KEY).setName("One Issue On Dir Per File");

  135.     addAllDescriptionSections(oneIssueOnDirPerFile,

  136.       "Generate issues on directories");

  137.     NewRule oneIssuePerFile = repo.createRule(OneIssuePerFileSensor.RULE_KEY).setName("One Issue Per File");

  138.     oneIssuePerFile.setDebtRemediationFunction(oneIssuePerFile.debtRemediationFunctions().linear(TEN_MIN));

  139.     addAllDescriptionSections(oneIssuePerFile, "Generate an issue on each file");

  140. 

  141.     NewRule oneIssuePerTestFile = repo.createRule(OneIssuePerTestFileSensor.RULE_KEY).setName("One Issue Per Test File")

  142.       .setScope(RuleScope.TEST);

  143.     oneIssuePerTestFile.setDebtRemediationFunction(oneIssuePerTestFile.debtRemediationFunctions().linear("8min"));

  144.     addAllDescriptionSections(oneIssuePerTestFile, "Generate an issue on each test file");

  145. 

  146.     NewRule oneBugIssuePerTestLine = repo.createRule(OneBugIssuePerTestLineSensor.RULE_KEY).setName("One Bug Issue Per Test Line")

  147.       .setScope(RuleScope.TEST)

  148.       .setType(RuleType.BUG);

  149.     addAllDescriptionSections(oneBugIssuePerTestLine, "Generate a bug issue on each line of a test file. It requires the metric \"lines\".");

  150. 

  151.     oneBugIssuePerTestLine

  152.       .setDebtRemediationFunction(oneBugIssuePerTestLine.debtRemediationFunctions().linear("4min"));

  153. 

  154.     NewRule oneCodeSmellIssuePerTestLine = repo.createRule(OneCodeSmellIssuePerTestLineSensor.RULE_KEY).setName("One Code Smell Issue Per Test Line")

  155.       .setScope(RuleScope.TEST)

  156.       .setType(RuleType.CODE_SMELL);

  157.     addAllDescriptionSections(oneCodeSmellIssuePerTestLine, "Generate a code smell issue on each line of a test file. It requires the metric \"lines\".");

  158. 

  159.     oneCodeSmellIssuePerTestLine

  160.       .setDebtRemediationFunction(oneCodeSmellIssuePerTestLine.debtRemediationFunctions().linear("3min"));

  161. 

  162.     NewRule oneIssuePerDirectory = repo.createRule(OneIssuePerDirectorySensor.RULE_KEY).setName("One Issue Per Directory");

  163.     oneIssuePerDirectory.setDebtRemediationFunction(oneIssuePerDirectory.debtRemediationFunctions().linear(TEN_MIN));

  164.     addAllDescriptionSections(oneIssuePerDirectory, "Generate an issue on each non-empty directory");

  165. 

  166.     NewRule oneDayDebtPerFile = repo.createRule(OneDayDebtPerFileSensor.RULE_KEY).setName("One Day Debt Per File");

  167.     oneDayDebtPerFile.setDebtRemediationFunction(oneDayDebtPerFile.debtRemediationFunctions().linear("1d"));

  168.     addAllDescriptionSections(oneDayDebtPerFile, "Generate an issue on each file with a debt of one day");

  169. 

  170.     NewRule oneIssuePerModule = repo.createRule(OneIssuePerModuleSensor.RULE_KEY).setName("One Issue Per Module");

  171.     oneIssuePerModule

  172.       .setDebtRemediationFunction(oneIssuePerModule.debtRemediationFunctions().linearWithOffset("25min", "1h"))

  173.       .setGapDescription("A certified architect will need roughly half an hour to start working on removal of modules, " +

  174.         "then it's about one hour per module.");

  175.     addAllDescriptionSections(oneIssuePerModule, "Generate an issue on each module");

  176. 

  177.     NewRule oneBlockerIssuePerFile = repo.createRule(OneBlockerIssuePerFileSensor.RULE_KEY).setName("One Blocker Issue Per File");

  178.     addAllDescriptionSections(oneBlockerIssuePerFile, "Generate a blocker issue on each file, whatever the severity declared in the Quality profile");

  179. 

  180.     NewRule issueWithCustomMessage = repo.createRule(CustomMessageSensor.RULE_KEY).setName("Issue With Custom Message");

  181.     addAllDescriptionSections(issueWithCustomMessage, "Generate an issue on each file with a custom message");

  182. 

  183.     NewRule oneIssuePerFileWithRandomAccess = repo.createRule(RandomAccessSensor.RULE_KEY).setName("One Issue Per File with Random Access");

  184.     addAllDescriptionSections(oneIssuePerFileWithRandomAccess, "This issue is generated on each file");

  185. 

  186.     NewRule issueWithRangeAndMultipleLocations = repo.createRule(MultilineIssuesSensor.RULE_KEY).setName("Creates issues with ranges/multiple locations");

  187.     addAllDescriptionSections(issueWithRangeAndMultipleLocations, "Issue with range and multiple locations");

  188. 

  189.     NewRule hotspotWithRangeAndMultipleLocations = repo.createRule(MultilineHotspotSensor.RULE_KEY)

  190.       .setName("Creates hotspots with ranges/multiple locations")

  191.       .setType(RuleType.SECURITY_HOTSPOT);

  192.     addAllDescriptionSections(hotspotWithRangeAndMultipleLocations, "Hotspot with range and multiple locations");

  193. 

  194. 

  195.     NewRule issueOnEachFileWithExtUnknown = repo.createRule(OneIssuePerUnknownFileSensor.RULE_KEY).setName("Creates issues on each file with extension 'unknown'");

  196.     addAllDescriptionSections(issueOnEachFileWithExtUnknown, "This issue is generated on each file with extenstion 'unknown'");

  197. 

  198.     NewRule oneBugIssuePerLine = repo.createRule(OneBugIssuePerLineSensor.RULE_KEY).setName("One Bug Issue Per Line")

  199.       .setType(RuleType.BUG);

  200.     oneBugIssuePerLine

  201.       .setDebtRemediationFunction(oneBugIssuePerLine.debtRemediationFunctions().linear("5min"));

  202.     addAllDescriptionSections(oneBugIssuePerLine, "Generate a bug issue on each line of a file. It requires the metric \"lines\".");

  203. 

  204.     NewRule oneCodeSmellIssuePerLine = repo.createRule(OneCodeSmellIssuePerLineSensor.RULE_KEY).setName("One Code Smell Issue Per Line")

  205.       .setType(RuleType.CODE_SMELL);

  206.     oneCodeSmellIssuePerLine

  207.       .setDebtRemediationFunction(oneCodeSmellIssuePerLine.debtRemediationFunctions().linear("9min"));

  208.     addAllDescriptionSections(oneCodeSmellIssuePerLine, "Generate a code smell issue on each line of a file. It requires the metric \"lines\".");

  209. 

  210.     NewRule oneVulnerabilityIssuePerModule = repo.createRule(OneVulnerabilityIssuePerModuleSensor.RULE_KEY).setName("One Vulnerability Issue Per Module")

  211.       .setType(RuleType.VULNERABILITY);

  212.     addAllDescriptionSections(oneVulnerabilityIssuePerModule, "Generate an issue on each module");

  213. 

  214.     oneVulnerabilityIssuePerModule

  215.       .setDebtRemediationFunction(oneVulnerabilityIssuePerModule.debtRemediationFunctions().linearWithOffset("25min", "1h"))

  216.       .setGapDescription("A certified architect will need roughly half an hour to start working on removal of modules, " +

  217.         "then it's about one hour per module.");

  218. 

  219.     NewRule templateofRule = repo

  220.       .createRule("xoo-template")

  221.       .setTemplate(true)

  222.       .setName("Template of rule");

  223.     addAllDescriptionSections(templateofRule, "Template to be overridden by custom rules");

  224. 

  225.     NewRule hotspot = repo.createRule(HotspotWithoutContextSensor.RULE_KEY)

  226.       .setName("Find security hotspots")

  227.       .setType(RuleType.SECURITY_HOTSPOT)

  228.       .setActivatedByDefault(false);

  229.     addAllDescriptionSections(hotspot, "Search for Security Hotspots in Xoo files");

  230. 

  231.     hotspot

  232.       .setDebtRemediationFunction(hotspot.debtRemediationFunctions().constantPerIssue("2min"));

  233. 

  234.     if (version != null && version.isGreaterThanOrEqual(Version.create(9, 3))) {

  235.       hotspot

  236.         .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)

  237.         .addOwaspTop10(Y2021, OwaspTop10.A3, OwaspTop10.A2)

  238.         .addCwe(1, 89, 123, 863);

  239. 

  240.       oneVulnerabilityIssuePerModule

  241.         .addOwaspTop10(Y2017, OwaspTop10.A9, OwaspTop10.A10)

  242.         .addOwaspTop10(Y2021, OwaspTop10.A6, OwaspTop10.A9)

  243.         .addCwe(250, 564, 546, 943);

  244.     }

  245. 

  246.     if (version != null && version.isGreaterThanOrEqual(Version.create(9, 5))) {

  247.       hotspot

  248.         .addPciDss(PciDssVersion.V4_0, "6.5.1", "4.1")

  249.         .addPciDss(PciDssVersion.V3_2, "6.5.1", "4.2")

  250.         .addPciDss(PciDssVersion.V4_0, "6.5a.1", "4.2c")

  251.         .addPciDss(PciDssVersion.V3_2, "6.5a.1b", "4.2b");

  252. 

  253.       oneVulnerabilityIssuePerModule

  254.         .addPciDss(PciDssVersion.V4_0, "10.1")

  255.         .addPciDss(PciDssVersion.V3_2, "10.2")

  256.         .addPciDss(PciDssVersion.V4_0, "10.1a.2b")

  257.         .addPciDss(PciDssVersion.V3_2, "10.1a.2c");

  258.     }

  259. 

  260.     if (version != null && version.isGreaterThanOrEqual(Version.create(9, 6))) {

  261.       hotspot

  262.         .addOwaspAsvs(OwaspAsvsVersion.V4_0, "2.8.7", "3.1.1", "4.2.2");

  263.       oneVulnerabilityIssuePerModule

  264.         .addOwaspAsvs(OwaspAsvsVersion.V4_0, "11.1.2", "14.5.1", "14.5.4");

  265.     }

  266. 

  267.     NewRule hotspotWithContexts = repo.createRule(HotspotWithContextsSensor.RULE_KEY)

  268.       .setName("Find security hotspots with contexts")

  269.       .setType(RuleType.SECURITY_HOTSPOT)

  270.       .setActivatedByDefault(false);

  271.     addDescriptionSectionsWithoutContexts(hotspotWithContexts, "Search for Security Hotspots with contexts in Xoo files");

  272.     addHowToFixSectionsWithContexts(hotspotWithContexts);

  273. 

  274.     NewRule hotspotWithSingleContext = repo.createRule(HotspotWithSingleContextSensor.RULE_KEY)

  275.       .setName("Find security hotspots, how_to_fix with single context")

  276.       .setType(RuleType.SECURITY_HOTSPOT)

  277.       .setActivatedByDefault(false)

  278.       .addDescriptionSection(howToFixSectionWithContext("single_context"));

  279.     addDescriptionSectionsWithoutContexts(hotspotWithSingleContext, "Search for Security Hotspots with single context in Xoo files");

  280. 

  281.     repo.done();

  282.   }

  283. 

  284.   private static void defineRulesXooExternal(Context context) {

  285.     NewRepository repo = context.createExternalRepository(OneExternalIssuePerLineSensor.ENGINE_ID, Xoo.KEY).setName(OneExternalIssuePerLineSensor.ENGINE_ID);

  286. 

  287.     repo.createRule(OnePredefinedRuleExternalIssuePerLineSensor.RULE_ID)

  288.       .setSeverity(OnePredefinedRuleExternalIssuePerLineSensor.SEVERITY)

  289.       .setType(OnePredefinedRuleExternalIssuePerLineSensor.TYPE)

  290.       .setScope(RuleScope.ALL)

  291.       .setHtmlDescription("Generates one external issue in each line")

  292.       .addDescriptionSection(descriptionSection(INTRODUCTION_SECTION_KEY, "Generates one external issue in each line"))

  293.       .setName("One external issue per line")

  294.       .setTags("riri", "fifi", "loulou");

  295. 

  296.     repo.done();

  297.   }

  298. 

  299.   private static void addAllDescriptionSections(NewRule rule, String description) {

  300.     addDescriptionSectionsWithoutContexts(rule, description);

  301.     rule.addDescriptionSection(descriptionSection(HOW_TO_FIX_SECTION_KEY, "How to fix: " + description));

  302.   }

  303. 

  304.   private static void addDescriptionSectionsWithoutContexts(NewRule rule, String description) {

  305.     rule

  306.       .setHtmlDescription(description)

  307.       .addDescriptionSection(descriptionSection(INTRODUCTION_SECTION_KEY, "Introduction: " + description))

  308.       .addDescriptionSection(descriptionSection(ROOT_CAUSE_SECTION_KEY, "Root cause: " + description))

  309.       .addDescriptionSection(descriptionSection(ASSESS_THE_PROBLEM_SECTION_KEY, "Assess the problem: " + description))

  310.       .addDescriptionSection(descriptionSection(RESOURCES_SECTION_KEY,

  311.         "<a href=\"www.google.fr\"> Google </a><br><a href=\"https://stackoverflow.com/\"> StackOverflow</a>"))

  312.       .addDescriptionSection(descriptionSection("fake_section_to_be_ignored",

  313.         "fake_section_to_be_ignored"));

  314.   }

  315. 

  316.   private static void addHowToFixSectionsWithContexts(NewRule rule) {

  317.     for (String contextName : AVAILABLE_CONTEXTS) {

  318.       rule.addDescriptionSection(howToFixSectionWithContext(contextName));

  319.     }

  320.   }

  321. 

  322.   private static RuleDescriptionSection descriptionSection(String sectionKey, String htmlDescription) {

  323.     return RuleDescriptionSection.builder()

  324.       .sectionKey(sectionKey)

  325.       .htmlContent(htmlDescription)

  326.       .build();

  327.   }

  328. 

  329.   private static RuleDescriptionSection howToFixSectionWithContext(String contextName) {

  330.     return RuleDescriptionSection.builder()

  331.       .sectionKey(HOW_TO_FIX_SECTION_KEY)

  332.       .htmlContent(String.format("This is 'How to fix?' description section for the <a href=\"https://stackoverflow.com/\"> %s</a>. " +

  333.         "This text can be very long.", contextName))

  334.       .context(new org.sonar.api.server.rule.Context(contextName, contextName))

  335.       .build();

  336.   }

  337. }