SONAR-16518 changing the rules in the xoo plugin

7 files changed, 207 insertions, 22 deletions

diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
index e4718cd6909..9f000f49013 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/XooPlugin.java
@@ -43,7 +43,9 @@ import org.sonar.xoo.rule.ChecksSensor;
 import org.sonar.xoo.rule.CreateIssueByInternalKeySensor;
 import org.sonar.xoo.rule.CustomMessageSensor;
 import org.sonar.xoo.rule.HasTagSensor;
-import org.sonar.xoo.rule.HotspotSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
 import org.sonar.xoo.rule.MultilineIssuesSensor;
 import org.sonar.xoo.rule.NoSonarSensor;
 import org.sonar.xoo.rule.OneBlockerIssuePerFileSensor;
@@ -168,7 +170,9 @@ public class XooPlugin implements Plugin {
       DeprecatedGlobalSensor.class,
       GlobalProjectSensor.class,
 
-      HotspotSensor.class,
+      HotspotWithoutContextSensor.class,
+      HotspotWithContextsSensor.class,
+      HotspotWithSingleContextSensor.class,
 
       // Coverage
       UtCoverageSensor.class,
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
index 8052b9843c9..38ed2bad0bf 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
@@ -31,6 +31,9 @@ import org.sonar.api.utils.Version;
 import org.sonar.xoo.Xoo;
 import org.sonar.xoo.Xoo2;
 import org.sonar.xoo.checks.Check;
+import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
 
 import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.ASSESS_THE_PROBLEM_SECTION_KEY;
 import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.HOW_TO_FIX_SECTION_KEY;
@@ -49,6 +52,7 @@ public class XooRulesDefinition implements RulesDefinition {
   public static final String XOO2_REPOSITORY = "xoo2";
 
   private static final String TEN_MIN = "10min";
+  private static final String[] AVAILABLE_CONTEXTS = { "JavaScript", "JQuery", "Express.js", "React", "Axios" };
 
   @Nullable
   private final Version version;
@@ -89,8 +93,10 @@ public class XooRulesDefinition implements RulesDefinition {
     new RulesDefinitionAnnotationLoader().load(repo, Check.ALL);
 
     NewRule hasTag = repo.createRule(HasTagSensor.RULE_KEY).setName("Has Tag")
-      .setActivatedByDefault(true);
-    addAllDescriptionSections(hasTag, "Search for a given tag in Xoo files");
+      .setActivatedByDefault(true)
+      .addDescriptionSection(howToFixSectionWithContext("singleContext"));
+    addDescriptionSectionsWithoutContexts(hasTag, "Search for a given tag in Xoo files");
+
     hasTag
       .setDebtRemediationFunction(hasTag.debtRemediationFunctions().constantPerIssue("2min"));
     hasTag.createParam("tag")
@@ -108,7 +114,8 @@ public class XooRulesDefinition implements RulesDefinition {
 
     NewRule oneIssuePerLine = repo.createRule(OneIssuePerLineSensor.RULE_KEY).setName("One Issue Per Line")
       .setTags("line");
-    addAllDescriptionSections(oneIssuePerLine, "Generate an issue on each line of a file. It requires the metric \"lines\".");
+    addDescriptionSectionsWithoutContexts(oneIssuePerLine, "Generate an issue on each line of a file. It requires the metric \"lines\".");
+    addHowToFixSectionsWithContexts(oneIssuePerLine);
     oneIssuePerLine
       .setDebtRemediationFunction(oneIssuePerLine.debtRemediationFunctions().linear("1min"))
       .setGapDescription("It takes about 1 minute to an experienced software craftsman to remove a line of code");
@@ -207,7 +214,7 @@ public class XooRulesDefinition implements RulesDefinition {
       .setName("Template of rule");
     addAllDescriptionSections(templateofRule, "Template to be overridden by custom rules");
 
-    NewRule hotspot = repo.createRule(HotspotSensor.RULE_KEY)
+    NewRule hotspot = repo.createRule(HotspotWithoutContextSensor.RULE_KEY)
       .setName("Find security hotspots")
       .setType(RuleType.SECURITY_HOTSPOT)
       .setActivatedByDefault(false);
@@ -228,6 +235,20 @@ public class XooRulesDefinition implements RulesDefinition {
         .addCwe(250, 564, 546, 943);
     }
 
+    NewRule hotspotWithContexts = repo.createRule(HotspotWithContextsSensor.RULE_KEY)
+      .setName("Find security hotspots with contexts")
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setActivatedByDefault(false);
+    addDescriptionSectionsWithoutContexts(hotspotWithContexts, "Search for Security Hotspots with contexts in Xoo files");
+    addHowToFixSectionsWithContexts(hotspotWithContexts);
+
+    NewRule hotspotWithSingleContext = repo.createRule(HotspotWithSingleContextSensor.RULE_KEY)
+      .setName("Find security hotspots, how_to_fix with single context")
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setActivatedByDefault(false)
+      .addDescriptionSection(howToFixSectionWithContext("singleContext"));
+    addDescriptionSectionsWithoutContexts(hotspotWithSingleContext, "Search for Security Hotspots with single context in Xoo files");
+
     repo.done();
   }
 
@@ -247,22 +268,41 @@ public class XooRulesDefinition implements RulesDefinition {
   }
 
   private static void addAllDescriptionSections(NewRule rule, String description) {
+    addDescriptionSectionsWithoutContexts(rule, description);
+    rule.addDescriptionSection(descriptionSection(HOW_TO_FIX_SECTION_KEY, "How to fix: " + description));
+  }
+
+  private static void addDescriptionSectionsWithoutContexts(NewRule rule, String description) {
     rule
       .setHtmlDescription(description)
       .addDescriptionSection(descriptionSection(INTRODUCTION_SECTION_KEY, "Introduction: " + description))
       .addDescriptionSection(descriptionSection(ROOT_CAUSE_SECTION_KEY, "Root cause: " + description))
       .addDescriptionSection(descriptionSection(ASSESS_THE_PROBLEM_SECTION_KEY, "Assess the problem: " + description))
-      .addDescriptionSection(descriptionSection(HOW_TO_FIX_SECTION_KEY, "How to fix: " + description))
       .addDescriptionSection(descriptionSection(RESOURCES_SECTION_KEY,
         "<a href=\"www.google.fr\"> Google </a><br><a href=\"https://stackoverflow.com/\"> StackOverflow</a>"))
       .addDescriptionSection(descriptionSection("fake_section_to_be_ignored",
         "fake_section_to_be_ignored"));
   }
 
+  private static void addHowToFixSectionsWithContexts(NewRule rule) {
+    for (String contextName : AVAILABLE_CONTEXTS) {
+      rule.addDescriptionSection(howToFixSectionWithContext(contextName));
+    }
+  }
+
   private static RuleDescriptionSection descriptionSection(String sectionKey, String htmlDescription) {
     return RuleDescriptionSection.builder()
       .sectionKey(sectionKey)
       .htmlContent(htmlDescription)
       .build();
   }
+
+  private static RuleDescriptionSection howToFixSectionWithContext(String contextName) {
+    return RuleDescriptionSection.builder()
+      .sectionKey(HOW_TO_FIX_SECTION_KEY)
+      .htmlContent(String.format("This is 'How to fix?' description section for the <a href=\"https://stackoverflow.com/\"> %s</a>. " +
+        "This text can be very long.", contextName))
+      .context(new org.sonar.api.server.rule.Context(contextName, contextName))
+      .build();
+  }
 }
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooSonarWayProfile.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooSonarWayProfile.java
index 587e6b00370..0b0af42eaec 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooSonarWayProfile.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooSonarWayProfile.java
@@ -22,6 +22,9 @@ package org.sonar.xoo.rule;
 import org.sonar.api.rule.Severity;
 import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition;
 import org.sonar.xoo.Xoo;
+import org.sonar.xoo.rule.hotspot.HotspotWithContextsSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithSingleContextSensor;
+import org.sonar.xoo.rule.hotspot.HotspotWithoutContextSensor;
 
 public class XooSonarWayProfile implements BuiltInQualityProfilesDefinition {
   @Override
@@ -30,7 +33,9 @@ public class XooSonarWayProfile implements BuiltInQualityProfilesDefinition {
     qProfile.activateRule(XooRulesDefinition.XOO_REPOSITORY, HasTagSensor.RULE_KEY).overrideSeverity(Severity.MAJOR);
     qProfile.activateRule(XooRulesDefinition.XOO_REPOSITORY, OneIssuePerLineSensor.RULE_KEY).overrideSeverity(Severity.INFO);
     qProfile.activateRule(XooRulesDefinition.XOO_REPOSITORY, OneIssuePerFileSensor.RULE_KEY).overrideSeverity(Severity.CRITICAL);
-    qProfile.activateRule(XooRulesDefinition.XOO_REPOSITORY, HotspotSensor.RULE_KEY).overrideSeverity(Severity.CRITICAL);
+    qProfile.activateRule(XooRulesDefinition.XOO_REPOSITORY, HotspotWithoutContextSensor.RULE_KEY).overrideSeverity(Severity.CRITICAL);
+    qProfile.activateRule(XooRulesDefinition.XOO_REPOSITORY, HotspotWithContextsSensor.RULE_KEY).overrideSeverity(Severity.CRITICAL);
+    qProfile.activateRule(XooRulesDefinition.XOO_REPOSITORY, HotspotWithSingleContextSensor.RULE_KEY).overrideSeverity(Severity.CRITICAL);
     qProfile.done();
   }
 }
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/HotspotSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotSensor.java
index c55c521a47d..11d353cdd57 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/HotspotSensor.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotSensor.java
@@ -17,7 +17,7 @@
  * along with this program; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
-package org.sonar.xoo.rule;
+package org.sonar.xoo.rule.hotspot;
 
 import java.io.BufferedReader;
 import java.io.IOException;
@@ -28,39 +28,34 @@ import org.sonar.api.batch.rule.ActiveRules;
 import org.sonar.api.batch.sensor.SensorContext;
 import org.sonar.api.batch.sensor.issue.NewIssue;
 import org.sonar.api.rule.RuleKey;
+import org.sonar.xoo.rule.AbstractXooRuleSensor;
 
 /**
- * Generate issues on all the occurrences of tag Hotspot in xoo sources.
+ * Raise security hotspots all the occurrences of tag defined by getTag() in xoo sources.
  */
-public class HotspotSensor extends AbstractXooRuleSensor {
+public abstract class HotspotSensor extends AbstractXooRuleSensor {
 
-  public static final String RULE_KEY = "Hotspot";
-  public static final String TAG = "HOTSPOT";
-
-  public HotspotSensor(FileSystem fs, ActiveRules activeRules) {
+  protected HotspotSensor(FileSystem fs, ActiveRules activeRules) {
     super(fs, activeRules);
   }
 
-  @Override
-  protected String getRuleKey() {
-    return RULE_KEY;
-  }
+  protected abstract String getTag();
 
   @Override
   protected void processFile(InputFile inputFile, SensorContext context, RuleKey ruleKey, String languageKey) {
     try {
       int[] lineCounter = {1};
       try (InputStreamReader isr = new InputStreamReader(inputFile.inputStream(), inputFile.charset());
-        BufferedReader reader = new BufferedReader(isr)) {
+           BufferedReader reader = new BufferedReader(isr)) {
         reader.lines().forEachOrdered(lineStr -> {
           int startIndex = -1;
-          while ((startIndex = lineStr.indexOf(TAG, startIndex + 1)) != -1) {
+          while ((startIndex = lineStr.indexOf(getTag(), startIndex + 1)) != -1) {
             NewIssue newIssue = context.newIssue();
             newIssue
               .forRule(ruleKey)
               .at(newIssue.newLocation()
                 .on(inputFile)
-                .at(inputFile.newRange(lineCounter[0], startIndex, lineCounter[0], startIndex + TAG.length())))
+                .at(inputFile.newRange(lineCounter[0], startIndex, lineCounter[0], startIndex + getTag().length())))
               .save();
           }
           lineCounter[0]++;
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithContextsSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithContextsSensor.java
new file mode 100644
index 00000000000..3a859e09ae1
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithContextsSensor.java
@@ -0,0 +1,47 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.xoo.rule.hotspot;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+
+/**
+ * Generates security hotspots with contexts on all the occurrences of tag HOTSPOT_WITH_CONTEXTS in xoo sources.
+ */
+public class HotspotWithContextsSensor extends HotspotSensor {
+
+  public static final String RULE_KEY = "HotspotWithContexts";
+  public static final String TAG = "HOTSPOT_WITH_CONTEXTS";
+
+  public HotspotWithContextsSensor(FileSystem fs, ActiveRules activeRules) {
+    super(fs, activeRules);
+  }
+
+  @Override
+  protected String getRuleKey() {
+    return RULE_KEY;
+  }
+
+  @Override
+  public String getTag() {
+    return TAG;
+  }
+
+}
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithSingleContextSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithSingleContextSensor.java
new file mode 100644
index 00000000000..7ecc062dc2e
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithSingleContextSensor.java
@@ -0,0 +1,47 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.xoo.rule.hotspot;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+
+/**
+ * Generates security hotspots with contexts on all the occurrences of tag HOTSPOT_WITH_CONTEXTS in xoo sources.
+ */
+public class HotspotWithSingleContextSensor extends HotspotSensor {
+
+  public static final String RULE_KEY = "HotspotWithSingleContext";
+  public static final String TAG = "HOTSPOT_WITH_SINGLE_CONTEXT";
+
+  public HotspotWithSingleContextSensor(FileSystem fs, ActiveRules activeRules) {
+    super(fs, activeRules);
+  }
+
+  @Override
+  protected String getRuleKey() {
+    return RULE_KEY;
+  }
+
+  @Override
+  public String getTag() {
+    return TAG;
+  }
+
+}
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithoutContextSensor.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithoutContextSensor.java
new file mode 100644
index 00000000000..7a83eafe23a
--- /dev/null
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/hotspot/HotspotWithoutContextSensor.java
@@ -0,0 +1,47 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.xoo.rule.hotspot;
+
+import org.sonar.api.batch.fs.FileSystem;
+import org.sonar.api.batch.rule.ActiveRules;
+
+/**
+ * Generates security hotspots on all the occurrences of tag HOTSPOT in xoo sources.
+ */
+public class HotspotWithoutContextSensor extends HotspotSensor {
+
+  public static final String RULE_KEY = "Hotspot";
+  public static final String TAG = "HOTSPOT_WITHOUT_CONTEXT";
+
+  public HotspotWithoutContextSensor(FileSystem fs, ActiveRules activeRules) {
+    super(fs, activeRules);
+  }
+
+  @Override
+  protected String getRuleKey() {
+    return RULE_KEY;
+  }
+
+  @Override
+  public String getTag() {
+    return TAG;
+  }
+
+}