From 0061c1577285b0a182f7aee526046fd9bd25bca8 Mon Sep 17 00:00:00 2001
From: wuhaoyang <2507865306@qq.com>
Date: Mon, 22 Jan 2024 19:50:54 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0ini,properties,conf=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E6=89=AB=E6=8F=8F=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../sonar/java/ConfigFileSquidSensor.java     | 69 +++++++++++++++++++
 .../java/JavaSecurityDesignRulesPlugin.java   |  9 +++
 .../java/JavaSecurityDesignWayProfile.java    |  4 ++
 .../JavaSecurityDesignRulesRepository.java    | 13 ++--
 .../JavaSecurityDesignRulesPluginTest.java    | 16 ++++-
 5 files changed, 104 insertions(+), 7 deletions(-)
 create mode 100644 sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java

diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
new file mode 100644
index 0000000..7ce3247
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：信息安全性设计准则检查插件
+ * 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java;
+
+import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
+import org.sonar.api.batch.fs.FilePredicates;
+import org.sonar.api.batch.fs.InputFile;
+import org.sonar.api.batch.rule.CheckFactory;
+import org.sonar.api.batch.rule.Checks;
+import org.sonar.api.batch.sensor.Sensor;
+import org.sonar.api.batch.sensor.SensorContext;
+import org.sonar.api.batch.sensor.SensorDescriptor;
+import org.sonar.api.measures.CoreMetrics;
+
+import java.io.IOException;
+
+public class ConfigFileSquidSensor implements Sensor {
+    private final Checks<ConfigurationFileChecker> checks;
+
+    private SensorContext context;
+
+    public ConfigFileSquidSensor(CheckFactory checkFactory){
+        checks = checkFactory.create("config");
+        checks.addAnnotatedChecks(ConfigurationFileChecker.class);
+    }
+    @Override
+    public void describe(SensorDescriptor descriptor) {
+        descriptor
+                .name("ConfigSquidSensor")
+                .onlyOnLanguages(ConfigurationFileLanguage.KEY)
+                .createIssuesForRuleRepository("config");
+    }
+
+    @Override
+    public void execute(SensorContext context) {
+        FilePredicates p = context.fileSystem().predicates();
+        for (InputFile inputFile : context.fileSystem().inputFiles(p.hasLanguages(ConfigurationFileLanguage.KEY))) {
+            checks.all().forEach(check -> {
+                check.execute(context, inputFile, checks.ruleKey(check));
+            });
+        }
+    }
+
+    private String readFileContents(InputFile javaFile) {
+        String content;
+        try {
+            content = javaFile.contents();
+        } catch (IOException e) {
+            System.err.println("Failed to read " + javaFile + " due to " + e.getMessage());
+            content = "";
+        }
+        return content;
+    }
+
+    private void measureLines(SensorContext context, InputFile javaFile, String content) {
+        int lines = content.split("[\n\r]").length;
+        context.<Integer>newMeasure()
+                .forMetric(CoreMetrics.NCLOC)
+                .on(javaFile)
+                .withValue(lines)
+                .save();
+    }
+
+
+}
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
index 6fc1f83..d271efc 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
@@ -28,5 +28,14 @@ public class JavaSecurityDesignRulesPlugin implements Plugin {
         // 批处理扩展 - >对象在代码分析期间实例化
         context.addExtension(JavaFileCheckRegistrar.class);
 
+
+        context.addExtension(ConfigurationFileLanguage.class);
+
+
+        context.addExtension(ConfigFileSquidSensor.class);
+
+
+        context.addExtensions(ConfigurationFileLanguage.getProperties());
+
     }
 }
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
index 8aa513c..e3aeef6 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
@@ -30,5 +30,9 @@ public class JavaSecurityDesignWayProfile implements BuiltInQualityProfilesDefin
         var webWay = context.createBuiltInQualityProfile("Web信息安全性设计准则", HtmlConstants.LANGUAGE_KEY);
         RulesList.getHtmlRules().forEach(check -> webWay.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, check.getSimpleName()));
         webWay.done();
+
+        var cfgWay = context.createBuiltInQualityProfile("配置信息安全性设计规则", ConfigurationFileLanguage.KEY);
+        cfgWay.activateRule("config", "ConfigurationFileChecker");
+        cfgWay.done();
     }
 }
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
index 679a4cc..e0ad7a1 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
@@ -6,6 +6,7 @@
  */
 package com.keyware.sonar.java.rules;
 
+import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
 import org.sonar.api.SonarEdition;
 import org.sonar.api.SonarProduct;
 import org.sonar.api.SonarQubeSide;
@@ -15,10 +16,7 @@ import org.sonar.api.utils.Version;
 import org.sonar.plugins.html.api.HtmlConstants;
 import org.sonarsource.analyzer.commons.RuleMetadataLoader;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Objects;
-import java.util.Set;
+import java.util.*;
 
 /**
  * 用于定义出现在规则页面中规则的元数据
@@ -50,10 +48,15 @@ public class JavaSecurityDesignRulesRepository implements RulesDefinition {
         setTemplates(javaRepo);
         javaRepo.done();
 
-        RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName(REPOSITORY_NAME);
+        RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName("web");
         ruleMetadataLoader.addRulesByAnnotatedClass(htmlRepo, new ArrayList<>(RulesList.getHtmlRules()));
         setTemplates(htmlRepo);
         htmlRepo.done();
+
+        RulesDefinition.NewRepository configRepo = context.createRepository("config", "cfg").setName("config");
+        ruleMetadataLoader.addRulesByAnnotatedClass(configRepo, List.of(ConfigurationFileChecker.class));
+        setTemplates(configRepo);
+        configRepo.done();
     }
 
     private static void setTemplates(RulesDefinition.NewRepository repository) {
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
index ff7eb95..3410494 100644
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
@@ -8,6 +8,7 @@ package com.keyware.sonar.java;
 
 import org.junit.jupiter.api.Test;
 import org.sonar.api.*;
+import org.sonar.api.config.PropertyDefinition;
 import org.sonar.api.utils.Version;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -26,11 +27,22 @@ public class JavaSecurityDesignRulesPluginTest {
         new JavaSecurityDesignRulesPlugin().define(context);
 
         assertThat(context.getExtensions())
-                .extracting(ext -> ((Class) ext).getSimpleName())
+                .extracting((ext) -> {
+                    var type =  ext.getClass().getSimpleName();
+                    if("Class".equals(type)){
+                        return ((Class) ext).getSimpleName();
+                    }else if("PropertyDefinition".equals(type)){
+                        return ((PropertyDefinition) ext).name();
+                    }
+                    return ext.getClass().getSimpleName();
+                })
                 .containsExactlyInAnyOrder(
                         "JavaSecurityDesignRulesRepository",
                         "JavaSecurityDesignWayProfile",
-                        "JavaFileCheckRegistrar");
+                        "JavaFileCheckRegistrar",
+                        "ConfigurationFileLanguage",
+                        "ConfigFileSquidSensor",
+                        "File Suffixes");
     }
 
     public static class MockedSonarRuntime implements SonarRuntime {