添加ini,properties,conf文件扫描配置

10 months ago · 0061c15772
parent c7b633deab
commit 0061c15772
5 changed files with 104 additions and 7 deletions
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
@ -0,0 +1,69 @@
 /*
 * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
 * 项目名称：信息安全性设计准则检查插件
 * 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
 * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
 */
 package com.keyware.sonar.java;
 import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
 import org.sonar.api.batch.fs.FilePredicates;
 import org.sonar.api.batch.fs.InputFile;
 import org.sonar.api.batch.rule.CheckFactory;
 import org.sonar.api.batch.rule.Checks;
 import org.sonar.api.batch.sensor.Sensor;
 import org.sonar.api.batch.sensor.SensorContext;
 import org.sonar.api.batch.sensor.SensorDescriptor;
 import org.sonar.api.measures.CoreMetrics;
 import java.io.IOException;
 public class ConfigFileSquidSensor implements Sensor {
    private final Checks<ConfigurationFileChecker> checks;
    private SensorContext context;
    public ConfigFileSquidSensor(CheckFactory checkFactory){
        checks = checkFactory.create("config");
        checks.addAnnotatedChecks(ConfigurationFileChecker.class);
    }
    @Override
    public void describe(SensorDescriptor descriptor) {
        descriptor
                .name("ConfigSquidSensor")
                .onlyOnLanguages(ConfigurationFileLanguage.KEY)
                .createIssuesForRuleRepository("config");
    }
    @Override
    public void execute(SensorContext context) {
        FilePredicates p = context.fileSystem().predicates();
        for (InputFile inputFile : context.fileSystem().inputFiles(p.hasLanguages(ConfigurationFileLanguage.KEY))) {
            checks.all().forEach(check -> {
                check.execute(context, inputFile, checks.ruleKey(check));
            });
        }
    }
    private String readFileContents(InputFile javaFile) {
        String content;
        try {
            content = javaFile.contents();
        } catch (IOException e) {
            System.err.println("Failed to read " + javaFile + " due to " + e.getMessage());
            content = "";
        }
        return content;
    }
    private void measureLines(SensorContext context, InputFile javaFile, String content) {
        int lines = content.split("[\n\r]").length;
        context.<Integer>newMeasure()
                .forMetric(CoreMetrics.NCLOC)
                .on(javaFile)
                .withValue(lines)
                .save();
    }
 }
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
@ -28,5 +28,14 @@ public class JavaSecurityDesignRulesPlugin implements Plugin {
        // 批处理扩展 - >对象在代码分析期间实例化
        context.addExtension(JavaFileCheckRegistrar.class);
        context.addExtension(ConfigurationFileLanguage.class);
        context.addExtension(ConfigFileSquidSensor.class);
        context.addExtensions(ConfigurationFileLanguage.getProperties());
    }
 }
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
@ -30,5 +30,9 @@ public class JavaSecurityDesignWayProfile implements BuiltInQualityProfilesDefin
        var webWay = context.createBuiltInQualityProfile("Web信息安全性设计准则", HtmlConstants.LANGUAGE_KEY);
        RulesList.getHtmlRules().forEach(check -> webWay.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, check.getSimpleName()));
        webWay.done();
        var cfgWay = context.createBuiltInQualityProfile("配置信息安全性设计规则", ConfigurationFileLanguage.KEY);
        cfgWay.activateRule("config", "ConfigurationFileChecker");
        cfgWay.done();
    }
 }
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
@ -6,6 +6,7 @@
 */
 package com.keyware.sonar.java.rules;
 import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
 import org.sonar.api.SonarEdition;
 import org.sonar.api.SonarProduct;
 import org.sonar.api.SonarQubeSide;
@ -15,10 +16,7 @@ import org.sonar.api.utils.Version;
 import org.sonar.plugins.html.api.HtmlConstants;
 import org.sonarsource.analyzer.commons.RuleMetadataLoader;
-import java.util.ArrayList;
+import java.util.*;
 import java.util.Collections;
 import java.util.Objects;
 import java.util.Set;
 /**
 * 用于定义出现在规则页面中规则的元数据
@ -50,10 +48,15 @@ public class JavaSecurityDesignRulesRepository implements RulesDefinition {
        setTemplates(javaRepo);
        javaRepo.done();
-        RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName(REPOSITORY_NAME);
+        RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName("web");
        ruleMetadataLoader.addRulesByAnnotatedClass(htmlRepo, new ArrayList<>(RulesList.getHtmlRules()));
        setTemplates(htmlRepo);
        htmlRepo.done();
        RulesDefinition.NewRepository configRepo = context.createRepository("config", "cfg").setName("config");
        ruleMetadataLoader.addRulesByAnnotatedClass(configRepo, List.of(ConfigurationFileChecker.class));
        setTemplates(configRepo);
        configRepo.done();
    }
    private static void setTemplates(RulesDefinition.NewRepository repository) {
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
@ -8,6 +8,7 @@ package com.keyware.sonar.java;
 import org.junit.jupiter.api.Test;
 import org.sonar.api.*;
 import org.sonar.api.config.PropertyDefinition;
 import org.sonar.api.utils.Version;
 import static org.assertj.core.api.Assertions.assertThat;
@ -26,11 +27,22 @@ public class JavaSecurityDesignRulesPluginTest {
        new JavaSecurityDesignRulesPlugin().define(context);
        assertThat(context.getExtensions())
-                .extracting(ext -> ((Class) ext).getSimpleName())
+                .extracting((ext) -> {
                    var type =  ext.getClass().getSimpleName();
                    if("Class".equals(type)){
                        return ((Class) ext).getSimpleName();
                    }else if("PropertyDefinition".equals(type)){
                        return ((PropertyDefinition) ext).name();
                    }
                    return ext.getClass().getSimpleName();
                })
                .containsExactlyInAnyOrder(
                        "JavaSecurityDesignRulesRepository",
                        "JavaSecurityDesignWayProfile",
-                        "JavaFileCheckRegistrar");
+                        "JavaFileCheckRegistrar",
                        "ConfigurationFileLanguage",
                        "ConfigFileSquidSensor",
                        "File Suffixes");
    }
    public static class MockedSonarRuntime implements SonarRuntime {