添加ini,properties,conf文件扫描配置

wuhaoyang
wuhaoyang 10 months ago
parent c7b633deab
commit 0061c15772
  1. 69
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
  2. 9
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
  3. 4
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
  4. 13
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
  5. 16
      sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java

@ -0,0 +1,69 @@
/*
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
* 项目名称信息安全性设计准则检查插件
* 项目描述用于检查源代码的安全性设计准则的Sonarqube插件
* 版权说明本软件属北京关键科技股份有限公司所有在未获得北京关键科技股份有限公司正式授权情况下任何企业和个人不能获取阅读安装传播本软件涉及的任何受知识产权保护的内容
*/
package com.keyware.sonar.java;
import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
import org.sonar.api.batch.fs.FilePredicates;
import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.rule.CheckFactory;
import org.sonar.api.batch.rule.Checks;
import org.sonar.api.batch.sensor.Sensor;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.SensorDescriptor;
import org.sonar.api.measures.CoreMetrics;
import java.io.IOException;
public class ConfigFileSquidSensor implements Sensor {
private final Checks<ConfigurationFileChecker> checks;
private SensorContext context;
public ConfigFileSquidSensor(CheckFactory checkFactory){
checks = checkFactory.create("config");
checks.addAnnotatedChecks(ConfigurationFileChecker.class);
}
@Override
public void describe(SensorDescriptor descriptor) {
descriptor
.name("ConfigSquidSensor")
.onlyOnLanguages(ConfigurationFileLanguage.KEY)
.createIssuesForRuleRepository("config");
}
@Override
public void execute(SensorContext context) {
FilePredicates p = context.fileSystem().predicates();
for (InputFile inputFile : context.fileSystem().inputFiles(p.hasLanguages(ConfigurationFileLanguage.KEY))) {
checks.all().forEach(check -> {
check.execute(context, inputFile, checks.ruleKey(check));
});
}
}
private String readFileContents(InputFile javaFile) {
String content;
try {
content = javaFile.contents();
} catch (IOException e) {
System.err.println("Failed to read " + javaFile + " due to " + e.getMessage());
content = "";
}
return content;
}
private void measureLines(SensorContext context, InputFile javaFile, String content) {
int lines = content.split("[\n\r]").length;
context.<Integer>newMeasure()
.forMetric(CoreMetrics.NCLOC)
.on(javaFile)
.withValue(lines)
.save();
}
}

@ -28,5 +28,14 @@ public class JavaSecurityDesignRulesPlugin implements Plugin {
// 批处理扩展 - >对象在代码分析期间实例化
context.addExtension(JavaFileCheckRegistrar.class);
context.addExtension(ConfigurationFileLanguage.class);
context.addExtension(ConfigFileSquidSensor.class);
context.addExtensions(ConfigurationFileLanguage.getProperties());
}
}

@ -30,5 +30,9 @@ public class JavaSecurityDesignWayProfile implements BuiltInQualityProfilesDefin
var webWay = context.createBuiltInQualityProfile("Web信息安全性设计准则", HtmlConstants.LANGUAGE_KEY);
RulesList.getHtmlRules().forEach(check -> webWay.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, check.getSimpleName()));
webWay.done();
var cfgWay = context.createBuiltInQualityProfile("配置信息安全性设计规则", ConfigurationFileLanguage.KEY);
cfgWay.activateRule("config", "ConfigurationFileChecker");
cfgWay.done();
}
}

@ -6,6 +6,7 @@
*/
package com.keyware.sonar.java.rules;
import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
import org.sonar.api.SonarEdition;
import org.sonar.api.SonarProduct;
import org.sonar.api.SonarQubeSide;
@ -15,10 +16,7 @@ import org.sonar.api.utils.Version;
import org.sonar.plugins.html.api.HtmlConstants;
import org.sonarsource.analyzer.commons.RuleMetadataLoader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import java.util.*;
/**
* 用于定义出现在规则页面中规则的元数据
@ -50,10 +48,15 @@ public class JavaSecurityDesignRulesRepository implements RulesDefinition {
setTemplates(javaRepo);
javaRepo.done();
RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName(REPOSITORY_NAME);
RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName("web");
ruleMetadataLoader.addRulesByAnnotatedClass(htmlRepo, new ArrayList<>(RulesList.getHtmlRules()));
setTemplates(htmlRepo);
htmlRepo.done();
RulesDefinition.NewRepository configRepo = context.createRepository("config", "cfg").setName("config");
ruleMetadataLoader.addRulesByAnnotatedClass(configRepo, List.of(ConfigurationFileChecker.class));
setTemplates(configRepo);
configRepo.done();
}
private static void setTemplates(RulesDefinition.NewRepository repository) {

@ -8,6 +8,7 @@ package com.keyware.sonar.java;
import org.junit.jupiter.api.Test;
import org.sonar.api.*;
import org.sonar.api.config.PropertyDefinition;
import org.sonar.api.utils.Version;
import static org.assertj.core.api.Assertions.assertThat;
@ -26,11 +27,22 @@ public class JavaSecurityDesignRulesPluginTest {
new JavaSecurityDesignRulesPlugin().define(context);
assertThat(context.getExtensions())
.extracting(ext -> ((Class) ext).getSimpleName())
.extracting((ext) -> {
var type = ext.getClass().getSimpleName();
if("Class".equals(type)){
return ((Class) ext).getSimpleName();
}else if("PropertyDefinition".equals(type)){
return ((PropertyDefinition) ext).name();
}
return ext.getClass().getSimpleName();
})
.containsExactlyInAnyOrder(
"JavaSecurityDesignRulesRepository",
"JavaSecurityDesignWayProfile",
"JavaFileCheckRegistrar");
"JavaFileCheckRegistrar",
"ConfigurationFileLanguage",
"ConfigFileSquidSensor",
"File Suffixes");
}
public static class MockedSonarRuntime implements SonarRuntime {

Loading…
Cancel
Save