SONAR-10985 Add filters for owaspTop10, sans25Top10, cwe (#485)

* Add security standards for Xoo hotspot sensor (when API supports it) * Re-generate issues/SearchRequest * Verify security standards in issue search * Store security standards when registering rules
author: Janos Gyerik <janos.gyerik@sonarsource.com> 2018-07-09 10:22:06 +0200
committer: SonarTech <sonartech@sonarsource.com> 2018-07-17 20:21:24 +0200
commit: 494faa4ab6425a54f40a891024034b1d8fe14647 (patch)
tree: 655d9cbafabce0147aa3bc8c7f5ccdafd4e67c83 /plugins
parent: 4c237919e3c72aa0a62a27b4587825944bc81ee9 (diff)
download: sonarqube-494faa4ab6425a54f40a891024034b1d8fe14647.tar.gz
sonarqube-494faa4ab6425a54f40a891024034b1d8fe14647.zip
2 files changed, 41 insertions, 3 deletions
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
index 303000225cb..8991b04bc28 100644
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
@@ -19,11 +19,14 @@
  */
 package org.sonar.xoo.rule;
 
+import javax.annotation.Nullable;
+import org.sonar.api.SonarRuntime;
 import org.sonar.api.rule.RuleScope;
 import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.rule.RuleParamType;
 import org.sonar.api.server.rule.RulesDefinition;
 import org.sonar.api.server.rule.RulesDefinitionAnnotationLoader;
+import org.sonar.api.utils.Version;
 import org.sonar.xoo.Xoo;
 import org.sonar.xoo.Xoo2;
 import org.sonar.xoo.checks.Check;
@@ -39,6 +42,17 @@ public class XooRulesDefinition implements RulesDefinition {
 
   private static final String TEN_MIN = "10min";
 
+  @Nullable
+  private final Version version;
+
+  public XooRulesDefinition() {
+    this(null);
+  }
+
+  public XooRulesDefinition(@Nullable SonarRuntime sonarRuntime) {
+    this.version = sonarRuntime != null ? sonarRuntime.getApiVersion() : null;
+  }
+
   @Override
   public void define(Context context) {
     defineRulesXoo(context);
@@ -128,7 +142,7 @@ public class XooRulesDefinition implements RulesDefinition {
     repo.createRule(MultilineIssuesSensor.RULE_KEY).setName("Creates issues with ranges/multiple locations")
       .setHtmlDescription("Issue with range and multiple locations");
 
-    repo.createRule(OneIssuePerUnknownFileSensor.RULE_KEY).setName("Creates issues on each file with extenstion 'unknown'")
+    repo.createRule(OneIssuePerUnknownFileSensor.RULE_KEY).setName("Creates issues on each file with extension 'unknown'")
       .setHtmlDescription("This issue is generated on each file with extenstion 'unknown'");
 
     NewRule oneBugIssuePerLine = repo.createRule(OneBugIssuePerLineSensor.RULE_KEY).setName("One Bug Issue Per Line")
@@ -159,8 +173,13 @@ public class XooRulesDefinition implements RulesDefinition {
     hotspot
       .setDebtRemediationFunction(hotspot.debtRemediationFunctions().constantPerIssue("2min"));
 
-    repo.done();
+    if (version != null && version.isGreaterThanOrEqual(Version.create(7, 3))) {
+      hotspot
+        .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)
+        .addCwe(1, 123, 863);
+    }
 
+    repo.done();
   }
 
   private static void defineRulesXooExternal(Context context) {
diff --git a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
index 9658ab8e3a4..0ded44031fc 100644
--- a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
+++ b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
@@ -21,8 +21,12 @@ package org.sonar.xoo.rule;
 
 import org.junit.Before;
 import org.junit.Test;
+import org.sonar.api.SonarProduct;
+import org.sonar.api.SonarQubeSide;
+import org.sonar.api.internal.SonarRuntimeImpl;
 import org.sonar.api.server.debt.DebtRemediationFunction;
 import org.sonar.api.server.rule.RulesDefinition;
+import org.sonar.api.utils.Version;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -31,7 +35,7 @@ public class XooRulesDefinitionTest {
 
   @Before
   public void setUp() {
-    XooRulesDefinition def = new XooRulesDefinition();
+    XooRulesDefinition def = new XooRulesDefinition(SonarRuntimeImpl.forSonarQube(Version.create(7, 3), SonarQubeSide.SCANNER));
     context = new RulesDefinition.Context();
     def.define(context);
   }
@@ -53,6 +57,21 @@ public class XooRulesDefinitionTest {
   }
   
   @Test
+  public void define_xoo_hotspot_rule() {
+    RulesDefinition.Repository repo = context.repository("xoo");
+    assertThat(repo).isNotNull();
+    assertThat(repo.name()).isEqualTo("Xoo");
+    assertThat(repo.language()).isEqualTo("xoo");
+    assertThat(repo.rules()).hasSize(19);
+
+    RulesDefinition.Rule rule = repo.rule(HotspotSensor.RULE_KEY);
+    assertThat(rule.name()).isNotEmpty();
+    assertThat(rule.securityStandards())
+      .isNotEmpty()
+      .containsExactlyInAnyOrder("cwe:1", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3");
+  }
+
+  @Test
   public void define_xooExternal_rules() {
     RulesDefinition.Repository repo = context.repository("external_xoo");
     assertThat(repo).isNotNull();
author	Janos Gyerik <janos.gyerik@sonarsource.com>	2018-07-09 10:22:06 +0200
committer	SonarTech <sonartech@sonarsource.com>	2018-07-17 20:21:24 +0200
commit	494faa4ab6425a54f40a891024034b1d8fe14647 (patch)
tree	655d9cbafabce0147aa3bc8c7f5ccdafd4e67c83 /plugins
parent	4c237919e3c72aa0a62a27b4587825944bc81ee9 (diff)
download	sonarqube-494faa4ab6425a54f40a891024034b1d8fe14647.tar.gz sonarqube-494faa4ab6425a54f40a891024034b1d8fe14647.zip