添加ini,properties,conf文件扫描配置

8 months ago · 0061c15772
parent c7b633deab
commit 0061c15772
5 changed files with 104 additions and 7 deletions
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：信息安全性设计准则检查插件
+ * 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java;
+
+import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
+import org.sonar.api.batch.fs.FilePredicates;
+import org.sonar.api.batch.fs.InputFile;
+import org.sonar.api.batch.rule.CheckFactory;
+import org.sonar.api.batch.rule.Checks;
+import org.sonar.api.batch.sensor.Sensor;
+import org.sonar.api.batch.sensor.SensorContext;
+import org.sonar.api.batch.sensor.SensorDescriptor;
+import org.sonar.api.measures.CoreMetrics;
+
+import java.io.IOException;
+
+public class ConfigFileSquidSensor implements Sensor {
+    private final Checks<ConfigurationFileChecker> checks;
+
+    private SensorContext context;
+
+    public ConfigFileSquidSensor(CheckFactory checkFactory){
+        checks = checkFactory.create("config");
+        checks.addAnnotatedChecks(ConfigurationFileChecker.class);
+    }
+    @Override
+    public void describe(SensorDescriptor descriptor) {
+        descriptor
+                .name("ConfigSquidSensor")
+                .onlyOnLanguages(ConfigurationFileLanguage.KEY)
+                .createIssuesForRuleRepository("config");
+    }
+
+    @Override
+    public void execute(SensorContext context) {
+        FilePredicates p = context.fileSystem().predicates();
+        for (InputFile inputFile : context.fileSystem().inputFiles(p.hasLanguages(ConfigurationFileLanguage.KEY))) {
+            checks.all().forEach(check -> {
+                check.execute(context, inputFile, checks.ruleKey(check));
+            });
+        }
+    }
+
+    private String readFileContents(InputFile javaFile) {
+        String content;
+        try {
+            content = javaFile.contents();
+        } catch (IOException e) {
+            System.err.println("Failed to read " + javaFile + " due to " + e.getMessage());
+            content = "";
+        }
+        return content;
+    }
+
+    private void measureLines(SensorContext context, InputFile javaFile, String content) {
+        int lines = content.split("[\n\r]").length;
+        context.<Integer>newMeasure()
+                .forMetric(CoreMetrics.NCLOC)
+                .on(javaFile)
+                .withValue(lines)
+                .save();
+    }
+
+
+}
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
@ -28,5 +28,14 @@ public class JavaSecurityDesignRulesPlugin implements Plugin {
        // 批处理扩展 - >对象在代码分析期间实例化
        context.addExtension(JavaFileCheckRegistrar.class);

+
+        context.addExtension(ConfigurationFileLanguage.class);
+
+
+        context.addExtension(ConfigFileSquidSensor.class);
+
+
+        context.addExtensions(ConfigurationFileLanguage.getProperties());
+
    }
 }
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
@ -30,5 +30,9 @@ public class JavaSecurityDesignWayProfile implements BuiltInQualityProfilesDefin
        var webWay = context.createBuiltInQualityProfile("Web信息安全性设计准则", HtmlConstants.LANGUAGE_KEY);
        RulesList.getHtmlRules().forEach(check -> webWay.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, check.getSimpleName()));
        webWay.done();
+
+        var cfgWay = context.createBuiltInQualityProfile("配置信息安全性设计规则", ConfigurationFileLanguage.KEY);
+        cfgWay.activateRule("config", "ConfigurationFileChecker");
+        cfgWay.done();
    }
 }
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
@ -6,6 +6,7 @@
 */
 package com.keyware.sonar.java.rules;

+import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
 import org.sonar.api.SonarEdition;
 import org.sonar.api.SonarProduct;
 import org.sonar.api.SonarQubeSide;
@ -15,10 +16,7 @@ import org.sonar.api.utils.Version;
 import org.sonar.plugins.html.api.HtmlConstants;
 import org.sonarsource.analyzer.commons.RuleMetadataLoader;

-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Objects;
-import java.util.Set;
+import java.util.*;

 /**
 * 用于定义出现在规则页面中规则的元数据
@ -50,10 +48,15 @@ public class JavaSecurityDesignRulesRepository implements RulesDefinition {
        setTemplates(javaRepo);
        javaRepo.done();

-        RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName(REPOSITORY_NAME);
+        RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName("web");
        ruleMetadataLoader.addRulesByAnnotatedClass(htmlRepo, new ArrayList<>(RulesList.getHtmlRules()));
        setTemplates(htmlRepo);
        htmlRepo.done();
+
+        RulesDefinition.NewRepository configRepo = context.createRepository("config", "cfg").setName("config");
+        ruleMetadataLoader.addRulesByAnnotatedClass(configRepo, List.of(ConfigurationFileChecker.class));
+        setTemplates(configRepo);
+        configRepo.done();
    }

    private static void setTemplates(RulesDefinition.NewRepository repository) {
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
@ -8,6 +8,7 @@ package com.keyware.sonar.java;

 import org.junit.jupiter.api.Test;
 import org.sonar.api.*;
+import org.sonar.api.config.PropertyDefinition;
 import org.sonar.api.utils.Version;

 import static org.assertj.core.api.Assertions.assertThat;
@ -26,11 +27,22 @@ public class JavaSecurityDesignRulesPluginTest {
        new JavaSecurityDesignRulesPlugin().define(context);

        assertThat(context.getExtensions())
-                .extracting(ext -> ((Class) ext).getSimpleName())
+                .extracting((ext) -> {
+                    var type =  ext.getClass().getSimpleName();
+                    if("Class".equals(type)){
+                        return ((Class) ext).getSimpleName();
+                    }else if("PropertyDefinition".equals(type)){
+                        return ((PropertyDefinition) ext).name();
+                    }
+                    return ext.getClass().getSimpleName();
+                })
                .containsExactlyInAnyOrder(
                        "JavaSecurityDesignRulesRepository",
                        "JavaSecurityDesignWayProfile",
-                        "JavaFileCheckRegistrar");
+                        "JavaFileCheckRegistrar",
+                        "ConfigurationFileLanguage",
+                        "ConfigFileSquidSensor",
+                        "File Suffixes");
    }

    public static class MockedSonarRuntime implements SonarRuntime {