aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAntoine Vinot <antoine.vinot@sonarsource.com>2023-05-09 16:59:38 +0200
committersonartech <sonartech@sonarsource.com>2023-05-16 20:02:50 +0000
commitfd7ad162b2200b8aee72b9760e9c7aef9eae5182 (patch)
tree20c8ca4d2076af259124d10f19fb5f1ff781e6fb
parent059965c0d4843daf4efd62164e325f762dc9dd08 (diff)
downloadsonarqube-fd7ad162b2200b8aee72b9760e9c7aef9eae5182.tar.gz
sonarqube-fd7ad162b2200b8aee72b9760e9c7aef9eae5182.zip
SONAR-19197 - Add BlackBox Test for code variants
-rw-r--r--plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java14
-rw-r--r--plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java11
-rw-r--r--plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/CodeVariantSensor.java82
-rw-r--r--plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/HotspotWithCodeVariantsSensor.java41
-rw-r--r--plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/IssueWithCodeVariantsSensor.java41
-rw-r--r--plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java2
6 files changed, 185 insertions, 6 deletions
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
index 06f5ae53f06..4964d6dd316 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
@@ -43,11 +43,8 @@ import org.sonar.xoo.rule.ChecksSensor;
import org.sonar.xoo.rule.CreateIssueByInternalKeySensor;
import org.sonar.xoo.rule.CustomMessageSensor;
import org.sonar.xoo.rule.HasTagSensor;
-import org.sonar.xoo.rule.MultilineHotspotSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
-import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
import org.sonar.xoo.rule.MarkAsUnchangedSensor;
+import org.sonar.xoo.rule.MultilineHotspotSensor;
import org.sonar.xoo.rule.MultilineIssuesSensor;
import org.sonar.xoo.rule.NoSonarSensor;
import org.sonar.xoo.rule.OneBlockerIssuePerFileSensor;
@@ -82,6 +79,11 @@ import org.sonar.xoo.rule.XooFakeImporter;
import org.sonar.xoo.rule.XooFakeImporterWithMessages;
import org.sonar.xoo.rule.XooRulesDefinition;
import org.sonar.xoo.rule.XooSonarWayProfile;
+import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
+import org.sonar.xoo.rule.variant.HotspotWithCodeVariantsSensor;
+import org.sonar.xoo.rule.variant.IssueWithCodeVariantsSensor;
import org.sonar.xoo.scm.XooBlameCommand;
import org.sonar.xoo.scm.XooIgnoreCommand;
import org.sonar.xoo.scm.XooScmProvider;
@@ -176,6 +178,7 @@ public class XooPlugin implements Plugin {
HotspotWithoutContextSensor.class,
HotspotWithContextsSensor.class,
HotspotWithSingleContextSensor.class,
+ HotspotWithCodeVariantsSensor.class,
// Coverage
UtCoverageSensor.class,
@@ -191,7 +194,8 @@ public class XooPlugin implements Plugin {
XooPostJob.class,
XooIssueFilter.class,
XooIgnoreCommand.class,
- SignificantCodeSensor.class);
+ SignificantCodeSensor.class,
+ IssueWithCodeVariantsSensor.class);
if (context.getRuntime().getProduct() != SonarProduct.SONARLINT) {
context.addExtension(MeasureSensor.class);
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
index c818dadcbc9..4583eb6f7d4 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
@@ -31,9 +31,11 @@ import org.sonar.api.utils.Version;
import org.sonar.xoo.Xoo;
import org.sonar.xoo.Xoo2;
import org.sonar.xoo.checks.Check;
+import org.sonar.xoo.rule.variant.HotspotWithCodeVariantsSensor;
import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
+import org.sonar.xoo.rule.variant.IssueWithCodeVariantsSensor;
import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.ASSESS_THE_PROBLEM_SECTION_KEY;
import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.HOW_TO_FIX_SECTION_KEY;
@@ -231,6 +233,9 @@ public class XooRulesDefinition implements RulesDefinition {
hotspot
.setDebtRemediationFunction(hotspot.debtRemediationFunctions().constantPerIssue("2min"));
+ NewRule variants = repo.createRule(IssueWithCodeVariantsSensor.RULE_KEY).setName("Find issues with code variants");
+ addAllDescriptionSections(variants, "Search for a given variant in Xoo files");
+
if (version != null && version.isGreaterThanOrEqual(Version.create(9, 3))) {
hotspot
.addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)
@@ -278,6 +283,12 @@ public class XooRulesDefinition implements RulesDefinition {
.addDescriptionSection(howToFixSectionWithContext("single_context"));
addDescriptionSectionsWithoutContexts(hotspotWithSingleContext, "Search for Security Hotspots with single context in Xoo files");
+ NewRule hotspotWithCodeVariants = repo.createRule(HotspotWithCodeVariantsSensor.RULE_KEY)
+ .setName("Find security hotspots with code variants")
+ .setType(RuleType.SECURITY_HOTSPOT)
+ .setActivatedByDefault(false);
+ addAllDescriptionSections(hotspotWithCodeVariants, "Search for a given variant in Xoo files");
+
repo.done();
}
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/CodeVariantSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/CodeVariantSensor.java
new file mode 100644
index 00000000000..53fa9f7e68a
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/CodeVariantSensor.java
@@ -0,0 +1,82 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.fs.InputFile;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.batch.sensor.SensorContext;
+import org.sonar.api.batch.sensor.issue.NewIssue;
+import org.sonar.api.config.Configuration;
+import org.sonar.api.rule.RuleKey;
+import org.sonar.xoo.rule.AbstractXooRuleSensor;
+
+/**
+ * Raise issue for multiple code variants.
+ * Use the property "sonar.variants" to define the variants.
+ * If variant names are found on the file content, an issue is raised with all the corresponding variants.
+ * Extend this abstract class to define the rule key.
+ */
+public abstract class CodeVariantSensor extends AbstractXooRuleSensor {
+
+ private static final String VARIANTS_PROPERTY = "sonar.variants";
+
+ private final Configuration settings;
+
+ public CodeVariantSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+ super(fs, activeRules);
+ this.settings = settings;
+ }
+
+ @Override
+ protected void processFile(InputFile inputFile, SensorContext context, RuleKey ruleKey, String languageKey) {
+ Optional<String> variantsValue = settings.get(VARIANTS_PROPERTY);
+ if (variantsValue.isEmpty()) {
+ return;
+ }
+
+ List<String> variants = Arrays.asList(variantsValue.get().split(","));
+
+ try {
+ String contents = inputFile.contents();
+ List<String> identifiedVariants = variants.stream()
+ .filter(contents::contains)
+ .collect(Collectors.toList());
+
+ if (!identifiedVariants.isEmpty()) {
+ NewIssue newIssue = context.newIssue()
+ .forRule(ruleKey)
+ .setCodeVariants(identifiedVariants);
+ newIssue.at(newIssue.newLocation()
+ .on(inputFile)
+ .message("This is generated for variants"))
+ .save();
+ }
+ } catch (IOException e) {
+ throw new IllegalStateException("Fail to get content of file " + inputFile, e);
+ }
+ }
+
+}
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/HotspotWithCodeVariantsSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/HotspotWithCodeVariantsSensor.java
new file mode 100644
index 00000000000..657b8e7db2e
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/HotspotWithCodeVariantsSensor.java
@@ -0,0 +1,41 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.config.Configuration;
+
+/**
+ * Raises security hotspots with code variants.
+ */
+public class HotspotWithCodeVariantsSensor extends CodeVariantSensor {
+
+ public static final String RULE_KEY = "HotspotWithCodeVariants";
+
+ public HotspotWithCodeVariantsSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+ super(settings, fs, activeRules);
+ }
+
+ @Override
+ protected String getRuleKey() {
+ return RULE_KEY;
+ }
+}
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/IssueWithCodeVariantsSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/IssueWithCodeVariantsSensor.java
new file mode 100644
index 00000000000..02364bb7622
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/variant/IssueWithCodeVariantsSensor.java
@@ -0,0 +1,41 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.xoo.rule.variant;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+import org.sonar.api.config.Configuration;
+
+/**
+ * Raises issues with code variants.
+ */
+public class IssueWithCodeVariantsSensor extends CodeVariantSensor {
+
+ public static final String RULE_KEY = "IssueWithCodeVariants";
+
+ public IssueWithCodeVariantsSensor(Configuration settings, FileSystem fs, ActiveRules activeRules) {
+ super(settings, fs, activeRules);
+ }
+
+ @Override
+ protected String getRuleKey() {
+ return RULE_KEY;
+ }
+}
diff --git a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
index 8d3ece2a71c..fa287bcd82c 100644
--- a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
+++ b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
@@ -119,7 +119,7 @@ public class XooRulesDefinitionTest {
assertThat(repo).isNotNull();
assertThat(repo.name()).isEqualTo("Xoo");
assertThat(repo.language()).isEqualTo("xoo");
- assertThat(repo.rules()).hasSize(26);
+ assertThat(repo.rules()).hasSize(28);
return repo;
}
}