调整工程结构

.gitignore

@@ -35,4 +35,5 @@ build/
 .vscode/
 
 ### Mac OS ###
-.DS_Store
+.DS_Store
+/*/dependency-reduced-pom.xml

pom.xml

@@ -11,18 +11,49 @@
 
     <groupId>com.keyware.sonar</groupId>
     <artifactId>sonar-keyware</artifactId>
-    <version>1.0-SNAPSHOT</version>
+    <version>1.0</version>
     <packaging>pom</packaging>
 
+    <licenses>
+        <license>
+            <name>Keyware Private Terms</name>
+            <distribution>user must manually download and install the dependency.</distribution>
+        </license>
+    </licenses>
+
+    <organization>
+        <name>北京关键科技股份有限公司</name>
+        <url>http://www.keyware.cn</url>
+    </organization>
+
+    <url>http://www.keyware.cn</url>
+
+    <scm>
+        <connection>scm:git:http://www.keyware.cn</connection>
+        <developerConnection>scm:git:http://www.keyware.cn</developerConnection>
+        <url>http://www.keyware.cn</url>
+        <tag>-</tag>
+    </scm>
+
+    <developers>
+        <developer><id>guoxin</id><name>GuoXin</name><organization>Keyware</organization></developer>
+        <developer><id>renfengjiang</id><name>RenFengJiang</name><organization>Keyware</organization></developer>
+        <developer><id>renfengshan</id><name>RenFengShan</name><organization>Keyware</organization></developer>
+        <developer><id>wuhaoyang</id><name>WuHaoYang</name><organization>Keyware</organization></developer>
+        <developer><id>zhangchenbao</id><name>ZhangChenBao</name><organization>Keyware</organization></developer>
+    </developers>
+
+
     <properties>
         <maven.compiler.source>11</maven.compiler.source>
         <maven.compiler.target>11</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <aggregate.report.dir>integration-tests/target/site/jacoco-aggregate/jacoco.xml</aggregate.report.dir>
     </properties>
 
     <modules>
-        <module>sonar-dependencies</module>
-        <module>sonar-keyware-plugins</module>
+        <module>sonar-keyware-plugins-cxx</module>
+        <module>sonar-keyware-plugins-java</module>
     </modules>
     <dependencyManagement>
         <dependencies>

sonar-dependencies/pom.xml

@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>com.keyware.sonar</groupId>
-        <artifactId>sonar-keyware</artifactId>
-        <version>1.0-SNAPSHOT</version>
-    </parent>
-
-    <artifactId>sonar-dependencies</artifactId>
-    <version>1.0-SNAPSHOT</version>
-    <packaging>pom</packaging>
-
-    <modules>
-        <!--<module>sonar-cxx</module>-->
-        <module>sonar-java</module>
-    </modules>
-
-    <properties>
-
-    </properties>
-
-    <dependencyManagement>
-        <dependencies>
-        </dependencies>
-    </dependencyManagement>
-</project>

sonar-dependencies/sonar-cxx

@@ -1 +0,0 @@
-Subproject commit dd3c88c7343f3a44c5172dc4499b361dda028d85

sonar-dependencies/sonar-java

@@ -1 +0,0 @@
-Subproject commit 0d3165c6aebe18052b1d97893a2e3da85e6d9b41

sonar-keyware-plugins-cxx/pom.xml

@@ -6,41 +6,27 @@
 
     <parent>
         <groupId>com.keyware.sonar</groupId>
-        <artifactId>sonar-keyware-plugins</artifactId>
-        <version>1.0-SNAPSHOT</version>
+        <artifactId>sonar-keyware</artifactId>
+        <version>1.0</version>
     </parent>
 
     <name>C++ 信息安全性设计准则</name>
     <artifactId>sonar-keyware-plugins-cxx</artifactId>
+    <version>1.0</version>
     <packaging>sonar-plugin</packaging>
-    <version>1.0-SNAPSHOT</version>
     <description>用于检查C++源代码的安全性设计准则的Sonarqube插件</description>
 
-    <licenses>
-        <license>
-            <name>Keyware Private Terms</name>
-            <distribution>user must manually download and install the dependency.</distribution>
-        </license>
-    </licenses>
-
-    <organization>
-        <name>北京关键科技股份有限公司</name>
-        <url>http://www.keyware.cn</url>
-    </organization>
-
-    <url>http://www.keyware.cn</url>
-
-    <scm>
-        <connection>scm:git:http://www.keyware.cn</connection>
-        <developerConnection>scm:git:http://www.keyware.cn</developerConnection>
-        <url>http://www.keyware.cn</url>
-        <tag>-</tag>
-    </scm>
-
     <properties>
+        <sonar.artifact.path>target/${project.artifactId}-${project.version}.jar</sonar.artifact.path>
+        <sonar.pluginClass>com.keyware.sonar.cxx.CxxSecurityDesignPlugin</sonar.pluginClass>
+        <sonar.pluginName>C++ 信息安全性设计准则</sonar.pluginName>
+        <!-- in addition, a dependency must be set in 'integration-tests/pom.xml' to aggregate the results -->
+        <sonar.coverage.jacoco.xmlReportPaths>${basedir}/../${aggregate.report.dir}</sonar.coverage.jacoco.xmlReportPaths>
+
         <java.version>11</java.version>
         <commons-io.version>2.15.1</commons-io.version>
         <commons-lang.version>2.6</commons-lang.version>
+        <sonar-cxx.versin>2.1.2-SNAPSHOT</sonar-cxx.versin>
         <!-- we depend on API ${sonar.version} but we keep backward compatibility with LTS -->
         <sonar.version>9.9.0.65466</sonar.version>
         <sonar.plugin.api.version>9.14.0.375</sonar.plugin.api.version>
@@ -56,82 +42,77 @@
 
     <dependencies>
         <dependency>
-            <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
-            <artifactId>cxx-sslr-toolkit</artifactId>
-            <systemPath>${project.basedir}/libs/cxx-sslr-toolkit-2.1.1.488.jar</systemPath>
-            <version>2.1.1.488</version>
-            <scope>system</scope>
+            <groupId>org.sonarsource.api.plugin</groupId>
+            <artifactId>sonar-plugin-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.sonarsource.sonarqube</groupId>
+            <artifactId>sonar-plugin-api-impl</artifactId>
+            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
             <artifactId>sonar-cxx-plugin</artifactId>
-            <systemPath>${project.basedir}/libs/sonar-cxx-plugin-2.1.1.488.jar</systemPath>
-            <version>2.1.1.488</version>
-            <!--<type>sonar-plugin</type>-->
-            <scope>system</scope>
+            <version>${sonar-cxx.versin}</version>
+            <scope>provided</scope>
         </dependency>
-
         <dependency>
-            <groupId>org.sonarsource.api.plugin</groupId>
-            <artifactId>sonar-plugin-api</artifactId>
-            <version>${sonar.plugin.api.version}</version>
+            <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+            <artifactId>cxx-squid</artifactId>
+            <version>${sonar-cxx.versin}</version>
         </dependency>
-
         <dependency>
-            <groupId>org.sonarsource.sonarqube</groupId>
-            <artifactId>sonar-plugin-api-impl</artifactId>
-            <version>${sonar.version}</version>
-            <scope>compile</scope>
+            <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+            <artifactId>cxx-checks</artifactId>
+            <version>${sonar-cxx.versin}</version>
         </dependency>
-
         <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>${commons-io.version}</version>
-            <scope>test</scope>
+            <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+            <artifactId>cxx-sensors</artifactId>
+            <version>${sonar-cxx.versin}</version>
         </dependency>
         <dependency>
-            <groupId>commons-lang</groupId>
-            <artifactId>commons-lang</artifactId>
-            <version>${commons-lang.version}</version>
+            <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+            <artifactId>cxx-squid-bridge</artifactId>
+            <version>${sonar-cxx.versin}</version>
         </dependency>
+        <dependency>
+            <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+            <artifactId>sslr-core</artifactId>
+            <version>${sonar-cxx.versin}</version>
+        </dependency>
+
         <dependency>
             <groupId>com.google.code.findbugs</groupId>
             <artifactId>jsr305</artifactId>
-            <version>${jsr305.version}</version>
         </dependency>
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>${guava.version}</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>${gson.version}</version>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>${mockito-core.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.assertj</groupId>
             <artifactId>assertj-core</artifactId>
-            <version>${assertj-core.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter-api</artifactId>
-            <version>${junit-jupiter.version}</version>
+            <artifactId>junit-jupiter-engine</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter-engine</artifactId>
-            <version>${junit-jupiter.version}</version>
+            <artifactId>junit-jupiter-api</artifactId>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -142,8 +123,15 @@
             <plugin>
                 <groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
                 <artifactId>sonar-packaging-maven-plugin</artifactId>
+                <extensions>true</extensions>
                 <configuration>
-                    <sonarQubeMinVersion>${sonarQubeMinVersion}</sonarQubeMinVersion>
+                    <pluginKey>keywareCxxPlugin</pluginKey>
+                    <pluginName>C++ 安全性设计准则</pluginName>
+                    <pluginClass>com.keyware.sonar.cxx.CxxSecurityDesignRulesPlugin</pluginClass>
+                    <sonarLintSupported>true</sonarLintSupported>
+                    <skipDependenciesPackaging>true</skipDependenciesPackaging>
+                    <pluginApiMinVersion>9.14.0.375</pluginApiMinVersion>
+                    <requirePlugins>java:${project.version}</requirePlugins>
                 </configuration>
             </plugin>
 
@@ -165,6 +153,8 @@
                 </configuration>
             </plugin>
         </plugins>
+
+
         <resources>
             <resource>
                 <directory>src/main/resources</directory>

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/CxxSecurityDesignRulesRepository.java

@@ -10,7 +10,6 @@ import org.sonar.api.SonarEdition;
 import org.sonar.api.SonarProduct;
 import org.sonar.api.SonarQubeSide;
 import org.sonar.api.SonarRuntime;
-import org.sonar.api.config.internal.MapSettings;
 import org.sonar.api.resources.Language;
 import org.sonar.api.server.rule.RulesDefinition;
 import org.sonar.api.utils.Version;
@@ -49,7 +48,6 @@ public class CxxSecurityDesignRulesRepository extends CustomCxxRulesDefinition {
         RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "cxx").setName(REPOSITORY_NAME);
 
 
-
         setTemplates(repository);
 
         repository.done();
@@ -57,7 +55,11 @@ public class CxxSecurityDesignRulesRepository extends CustomCxxRulesDefinition {
 
     @Override
     public Language getLanguage() {
-        return new CxxLanguage(new MapSettings().asConfig());
+        return new CxxLanguage(null) {
+            public String[] getFileSuffixes() {
+                return new String[]{".cxx", ".cpp", ".cc", ".c", ".hxx", ".hpp", ".hh", ".h"};
+            }
+        };
     }
 
     @Override

sonar-keyware-plugins-java/pom.xml

@@ -6,45 +6,16 @@
 
     <parent>
         <groupId>com.keyware.sonar</groupId>
-        <artifactId>sonar-keyware-plugins</artifactId>
-        <version>1.0-SNAPSHOT</version>
+        <artifactId>sonar-keyware</artifactId>
+        <version>1.0</version>
     </parent>
 
     <name>Java 信息安全性设计准则</name>
     <artifactId>sonar-keyware-plugins-java</artifactId>
     <packaging>sonar-plugin</packaging>
-    <version>1.0-SNAPSHOT</version>
+    <version>1.0</version>
     <description>用于检查Java源代码的安全性设计准则的Sonarqube插件</description>
 
-    <licenses>
-        <license>
-            <name>Keyware Private Terms</name>
-            <distribution>user must manually download and install the dependency.</distribution>
-        </license>
-    </licenses>
-
-    <organization>
-        <name>北京关键科技股份有限公司</name>
-        <url>http://www.keyware.cn</url>
-    </organization>
-
-    <url>http://www.keyware.cn</url>
-
-    <scm>
-        <connection>scm:git:http://www.keyware.cn</connection>
-        <developerConnection>scm:git:http://www.keyware.cn</developerConnection>
-        <url>http://www.keyware.cn</url>
-        <tag>-</tag>
-    </scm>
-
-    <developers>
-        <developer><id>guoxin</id><name>GuoXin</name><organization>Keyware</organization></developer>
-        <developer><id>renfengjiang</id><name>RenFengJiang</name><organization>Keyware</organization></developer>
-        <developer><id>renfengshan</id><name>RenFengShan</name><organization>Keyware</organization></developer>
-        <developer><id>wuhaoyang</id><name>WuHaoYang</name><organization>Keyware</organization></developer>
-        <developer><id>zhangchenbao</id><name>ZhangChenBao</name><organization>Keyware</organization></developer>
-    </developers>
-
     <properties>
         <jacoco.version>0.8.10</jacoco.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

sonar-keyware-plugins/pom.xml

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>com.keyware.sonar</groupId>
-        <artifactId>sonar-keyware</artifactId>
-        <version>1.0-SNAPSHOT</version>
-    </parent>
-
-    <artifactId>sonar-keyware-plugins</artifactId>
-    <version>1.0-SNAPSHOT</version>
-    <packaging>pom</packaging>
-
-    <modules>
-        <module>sonar-keyware-plugins-java</module>
-        <module>sonar-keyware-plugins-cxx</module>
-    </modules>
-
-</project>