SONAR-17560 Improve SARIF rule vulnerability detection

4 files changed, 89 insertions, 0 deletions

diff --git a/sonar-core/src/main/java/org/sonar/core/sarif/DefaultConfiguration.java b/sonar-core/src/main/java/org/sonar/core/sarif/DefaultConfiguration.java
new file mode 100644
index 00000000000..545a27bda71
--- /dev/null
+++ b/sonar-core/src/main/java/org/sonar/core/sarif/DefaultConfiguration.java
@@ -0,0 +1,33 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.core.sarif;
+
+import com.google.gson.annotations.SerializedName;
+
+public class DefaultConfiguration {
+  @SerializedName("level")
+  private String level;
+
+  DefaultConfiguration() {}
+
+  public String getLevel() {
+    return level;
+  }
+}
diff --git a/sonar-core/src/main/java/org/sonar/core/sarif/Extension.java b/sonar-core/src/main/java/org/sonar/core/sarif/Extension.java
new file mode 100644
index 00000000000..10c2bd9771d
--- /dev/null
+++ b/sonar-core/src/main/java/org/sonar/core/sarif/Extension.java
@@ -0,0 +1,43 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.core.sarif;
+
+import com.google.gson.annotations.SerializedName;
+import java.util.Set;
+
+public class Extension {
+  @SerializedName("rules")
+  private Set<Rule> rules;
+  @SerializedName("name")
+  private String name;
+
+  public Extension() {
+    // even if empty constructor is not required for Gson, it is strongly recommended:
+    // http://stackoverflow.com/a/18645370/229031
+  }
+
+  public Set<Rule> getRules() {
+    return rules;
+  }
+
+  public String getName() {
+    return name;
+  }
+}
diff --git a/sonar-core/src/main/java/org/sonar/core/sarif/Rule.java b/sonar-core/src/main/java/org/sonar/core/sarif/Rule.java
index eb4e140ae64..5167d3d89d0 100644
--- a/sonar-core/src/main/java/org/sonar/core/sarif/Rule.java
+++ b/sonar-core/src/main/java/org/sonar/core/sarif/Rule.java
@@ -35,6 +35,8 @@ public class Rule {
   private final WrappedText help;
   @SerializedName("properties")
   private final PropertiesBag properties;
+  @SerializedName("defaultConfiguration")
+  private DefaultConfiguration defaultConfiguration;
 
   private Rule(String id, String name, WrappedText shortDescription, WrappedText fullDescription, WrappedText help, PropertiesBag properties) {
     this.id = id;
@@ -69,6 +71,10 @@ public class Rule {
     return properties;
   }
 
+  public DefaultConfiguration getDefaultConfiguration() {
+    return defaultConfiguration;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {
diff --git a/sonar-core/src/main/java/org/sonar/core/sarif/Tool.java b/sonar-core/src/main/java/org/sonar/core/sarif/Tool.java
index 7a10feea395..5bb893908de 100644
--- a/sonar-core/src/main/java/org/sonar/core/sarif/Tool.java
+++ b/sonar-core/src/main/java/org/sonar/core/sarif/Tool.java
@@ -20,10 +20,13 @@
 package org.sonar.core.sarif;
 
 import com.google.gson.annotations.SerializedName;
+import java.util.Set;
 
 public class Tool {
   @SerializedName("driver")
   private final Driver driver;
+  @SerializedName("extensions")
+  private Set<Extension> extensions;
 
   public Tool(Driver driver) {
     this.driver = driver;
@@ -32,4 +35,8 @@ public class Tool {
   public Driver getDriver() {
     return driver;
   }
+
+  public Set<Extension> getExtensions() {
+    return extensions;
+  }
 }