commit 2ab255173599990e3389b17c5a4eaed0a36e3c24
Author: Guo XIn <371864209@qq.com>
Date: Sun Jan 7 15:41:54 2024 +0800
sonarqube插件基础框架
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5ff6309
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..e715f25
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,6 @@
+[submodule "sonar-dependencies/sonar-cxx"]
+ path = sonar-dependencies/sonar-cxx
+ url = https://github.com/SonarOpenCommunity/sonar-cxx.git
+[submodule "sonar-dependencies/sonar-java"]
+ path = sonar-dependencies/sonar-java
+ url = https://github.com/SonarSource/sonar-java.git
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..486f2ba
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,35 @@
+
+
+ 4.0.0
+
+ org.sonarsource.java
+ java
+ 7.30.1.34514
+
+
+ com.keyware.sonar
+ sonar-keyware
+ 1.0-SNAPSHOT
+ pom
+
+
+ 11
+ 11
+ UTF-8
+
+
+
+ sonar-dependencies
+ sonar-keyware-plugins
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/sonar-dependencies/pom.xml b/sonar-dependencies/pom.xml
new file mode 100644
index 0000000..e0a8c1c
--- /dev/null
+++ b/sonar-dependencies/pom.xml
@@ -0,0 +1,30 @@
+
+
+ 4.0.0
+
+
+ com.keyware.sonar
+ sonar-keyware
+ 1.0-SNAPSHOT
+
+
+ sonar-dependencies
+ 1.0-SNAPSHOT
+ pom
+
+
+
+ sonar-java
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/sonar-dependencies/sonar-cxx b/sonar-dependencies/sonar-cxx
new file mode 160000
index 0000000..dd3c88c
--- /dev/null
+++ b/sonar-dependencies/sonar-cxx
@@ -0,0 +1 @@
+Subproject commit dd3c88c7343f3a44c5172dc4499b361dda028d85
diff --git a/sonar-dependencies/sonar-java b/sonar-dependencies/sonar-java
new file mode 160000
index 0000000..0d3165c
--- /dev/null
+++ b/sonar-dependencies/sonar-java
@@ -0,0 +1 @@
+Subproject commit 0d3165c6aebe18052b1d97893a2e3da85e6d9b41
diff --git a/sonar-keyware-plugins/pom.xml b/sonar-keyware-plugins/pom.xml
new file mode 100644
index 0000000..edb04b9
--- /dev/null
+++ b/sonar-keyware-plugins/pom.xml
@@ -0,0 +1,22 @@
+
+
+ 4.0.0
+
+
+ com.keyware.sonar
+ sonar-keyware
+ 1.0-SNAPSHOT
+
+
+ sonar-keyware-plugins
+ 1.0-SNAPSHOT
+ pom
+
+
+ sonar-keyware-plugins-java
+ sonar-keyware-plugins-cxx
+
+
+
\ No newline at end of file
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-cxx/libs/cxx-sslr-toolkit-2.1.1.488.jar b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/libs/cxx-sslr-toolkit-2.1.1.488.jar
new file mode 100644
index 0000000..85c50bf
Binary files /dev/null and b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/libs/cxx-sslr-toolkit-2.1.1.488.jar differ
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-cxx/libs/sonar-cxx-plugin-2.1.1.488.jar b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/libs/sonar-cxx-plugin-2.1.1.488.jar
new file mode 100644
index 0000000..f30b775
Binary files /dev/null and b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/libs/sonar-cxx-plugin-2.1.1.488.jar differ
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-cxx/pom.xml b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/pom.xml
new file mode 100644
index 0000000..82e7304
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/pom.xml
@@ -0,0 +1,155 @@
+
+
+ 4.0.0
+
+
+ com.keyware.sonar
+ sonar-keyware-plugins
+ 1.0-SNAPSHOT
+
+
+ C++ 信息安全性设计准则
+ sonar-keyware-plugins-cxx
+ 1.0-SNAPSHOT
+ 用于检查C++源代码的安全性设计准则的Sonarqube插件
+
+
+ 11
+ 2.15.1
+ 2.6
+
+ 9.9.0.65466
+ 9.14.0.375
+ 8.9
+ 2.10.1
+ 33.0.0-jre
+ 3.0.2
+ 1.10.19
+ 5.8.0
+ 3.24.2
+ 5.10.1
+
+
+
+
+ org.sonarsource.sonarqube-plugins.cxx
+ cxx-sslr-toolkit
+ ${project.basedir}/libs/cxx-sslr-toolkit-2.1.1.488.jar
+ 2.1.1.488
+ system
+
+
+ org.sonarsource.sonarqube-plugins.cxx
+ sonar-cxx-plugin
+ ${project.basedir}/libs/sonar-cxx-plugin-2.1.1.488.jar
+ 2.1.1.488
+ system
+
+
+
+ org.sonarsource.api.plugin
+ sonar-plugin-api
+ ${sonar.plugin.api.version}
+
+
+
+ org.sonarsource.sonarqube
+ sonar-plugin-api-impl
+ ${sonar.version}
+ compile
+
+
+
+ commons-io
+ commons-io
+ ${commons-io.version}
+ test
+
+
+ commons-lang
+ commons-lang
+ ${commons-lang.version}
+
+
+ com.google.code.findbugs
+ jsr305
+ ${jsr305.version}
+
+
+ com.google.guava
+ guava
+ ${guava.version}
+
+
+ com.google.code.gson
+ gson
+ ${gson.version}
+
+
+ org.mockito
+ mockito-core
+ ${mockito-core.version}
+ test
+
+
+ org.assertj
+ assertj-core
+ ${assertj-core.version}
+ test
+
+
+ org.junit.jupiter
+ junit-jupiter-api
+ ${junit-jupiter.version}
+ test
+
+
+ org.junit.jupiter
+ junit-jupiter-engine
+ ${junit-jupiter.version}
+ test
+
+
+
+
+
+
+
+ org.sonarsource.sonar-packaging-maven-plugin
+ sonar-packaging-maven-plugin
+
+ ${sonarQubeMinVersion}
+
+
+
+
+ com.mycila
+ license-maven-plugin
+
+ ${project.basedir}/src/main/resources/license-header.txt
+
+
+ **/*.properties
+ *.sh
+ *.yml
+ .editorconfig
+ .gitignore
+ **/*.md
+ **/*.xml
+
+
+
+
+
+
+ src/main/resources
+
+ com/sonar/sqale/cxx-model-project*
+ external/*
+
+
+
+
+
\ No newline at end of file
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSecurityDesignRulesPlugin.java b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSecurityDesignRulesPlugin.java
new file mode 100644
index 0000000..6184a52
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSecurityDesignRulesPlugin.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:C++ 信息安全性设计准则
+ * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx;
+
+import com.keyware.sonar.cxx.rules.CxxSecurityDesignRulesRepository;
+import org.sonar.api.Plugin;
+import org.sonar.plugins.cxx.CxxLanguage;
+
+/**
+ * TODO CxxSecurityDesignRulesPlugin
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class CxxSecurityDesignRulesPlugin implements Plugin {
+ @Override
+ public void define(Context context) {
+ context.addExtension(CxxLanguage.class);
+ context.addExtension(CxxSecurityDesignRulesRepository.class);
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/CxxSecurityDesignRulesRepository.java b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/CxxSecurityDesignRulesRepository.java
new file mode 100644
index 0000000..e2884e5
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/CxxSecurityDesignRulesRepository.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:C++ 信息安全性设计准则
+ * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx.rules;
+
+import org.sonar.api.SonarEdition;
+import org.sonar.api.SonarProduct;
+import org.sonar.api.SonarQubeSide;
+import org.sonar.api.SonarRuntime;
+import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.resources.Language;
+import org.sonar.api.server.rule.RulesDefinition;
+import org.sonar.api.utils.Version;
+import org.sonar.plugins.cxx.CustomCxxRulesDefinition;
+import org.sonar.plugins.cxx.CxxLanguage;
+
+import java.util.Collections;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * TODO CxxSecurityDesignRulesRepository
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class CxxSecurityDesignRulesRepository extends CustomCxxRulesDefinition {
+ // 不要修改这个值,因为路径在 CheckVerifier 中是硬编码的
+ private static final String RESOURCE_BASE_PATH = "org/sonar/l10n/java/rules/java";
+
+ public static final String REPOSITORY_KEY = "keyware-cxx-security-design";
+ public static final String REPOSITORY_NAME = "C++ 安全性设计准则";
+
+
+ // 添加需要视为模板规则的规则的规则键
+ private static final Set RULE_TEMPLATES_KEY = Collections.emptySet();
+
+ private final SonarRuntime runtime;
+
+ public CxxSecurityDesignRulesRepository(SonarRuntime runtime) {
+ this.runtime = runtime;
+ }
+
+ @Override
+ public void define(RulesDefinition.Context context) {
+ RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "cxx").setName(REPOSITORY_NAME);
+
+
+
+ setTemplates(repository);
+
+ repository.done();
+ }
+
+ @Override
+ public Language getLanguage() {
+ return new CxxLanguage(new MapSettings().asConfig());
+ }
+
+ @Override
+ public String repositoryName() {
+ return REPOSITORY_NAME;
+ }
+
+ @Override
+ public String repositoryKey() {
+ return REPOSITORY_KEY;
+ }
+
+ @Override
+ public Class[] checkClasses() {
+ return new Class[0];
+ }
+
+ private static void setTemplates(RulesDefinition.NewRepository repository) {
+ RULE_TEMPLATES_KEY.stream()
+ .map(repository::rule)
+ .filter(Objects::nonNull)
+ .forEach(rule -> rule.setTemplate(true));
+ }
+
+
+ public static class MockedSonarRuntime implements SonarRuntime {
+
+ @Override
+ public Version getApiVersion() {
+ return Version.create(9, 9);
+ }
+
+ @Override
+ public SonarProduct getProduct() {
+ return SonarProduct.SONARQUBE;
+ }
+
+ @Override
+ public SonarQubeSide getSonarQubeSide() {
+ return SonarQubeSide.SCANNER;
+ }
+
+ @Override
+ public SonarEdition getEdition() {
+ return SonarEdition.COMMUNITY;
+ }
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/DemoChecker.java b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/DemoChecker.java
new file mode 100644
index 0000000..cd61fd2
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/DemoChecker.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:C++ 信息安全性设计准则
+ * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx.rules.checkers;
+
+import com.sonar.cxx.sslr.api.AstNode;
+import com.sonar.cxx.sslr.api.Grammar;
+import org.sonar.check.Priority;
+import org.sonar.check.Rule;
+import org.sonar.cxx.parser.CxxGrammarImpl;
+import org.sonar.cxx.squidbridge.SquidAstVisitor;
+import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
+import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
+
+/**
+ * TODO DemoChecker
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+@Rule(key = "DemoChecker", name = "DemoChecker", description = "DemoChecker", priority = Priority.INFO, tags = {"28Suo"})
+@ActivatedByDefault
+@SqaleConstantRemediation("5min")
+public class DemoChecker extends SquidAstVisitor {
+ @Override
+ public void init() {
+ this.subscribeTo(
+ CxxGrammarImpl.functionDefinition
+ );
+ }
+
+ @Override
+ public void visitNode(AstNode astNode) {
+ super.visitNode(astNode);
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/resources/license-header.txt b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/resources/license-header.txt
new file mode 100644
index 0000000..6f93a28
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/resources/license-header.txt
@@ -0,0 +1,4 @@
+Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+项目名称:${project.name}
+项目描述:${project.description}
+版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
\ No newline at end of file
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/pom.xml b/sonar-keyware-plugins/sonar-keyware-plugins-java/pom.xml
new file mode 100644
index 0000000..25b5dce
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/pom.xml
@@ -0,0 +1,244 @@
+
+
+ 4.0.0
+
+
+ com.keyware.sonar
+ sonar-keyware-plugins
+ 1.0-SNAPSHOT
+
+
+ Java 信息安全性设计准则
+ sonar-keyware-plugins-java
+ sonar-plugin
+ 1.0-SNAPSHOT
+ 用于检查Java源代码的安全性设计准则的Sonarqube插件
+
+
+ 0.8.10
+ UTF-8
+
+
+
+
+ org.sonarsource.java
+ sonar-java-plugin
+ 7.30.1.34514
+ sonar-plugin
+ compile
+
+
+
+ org.sonarsource.api.plugin
+ sonar-plugin-api
+ provided
+
+
+
+ org.sonarsource.analyzer-commons
+ sonar-analyzer-commons
+
+
+
+ org.slf4j
+ slf4j-api
+ provided
+
+
+
+
+ org.sonarsource.api.plugin
+ sonar-plugin-api-test-fixtures
+ test
+
+
+ org.sonarsource.sonarqube
+ sonar-plugin-api-impl
+ test
+
+
+ org.sonarsource.java
+ test-classpath-reader
+ 7.30.1.34514
+ test
+
+
+ org.sonarsource.java
+ java-checks-testkit
+ 7.30.1.34514
+ test
+
+
+ org.junit.jupiter
+ junit-jupiter
+ test
+
+
+ org.junit.jupiter
+ junit-jupiter-migrationsupport
+ test
+
+
+ org.mockito
+ mockito-core
+ test
+
+
+ org.assertj
+ assertj-core
+ test
+
+
+ com.google.guava
+ guava
+ test
+
+
+
+
+
+
+ org.sonarsource.sonar-packaging-maven-plugin
+ sonar-packaging-maven-plugin
+ true
+
+ keyware-java-plugin
+ Java 安全性设计准则
+ com.keyware.sonar.java.JavaSecurityDesignRulesPlugin
+ true
+ true
+ 9.14.0.375
+ java:${project.version}
+
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+
+
+ org.apache.maven.plugins
+ maven-shade-plugin
+
+
+
+
+ package
+
+ shade
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+ 11
+ 11
+
+
+
+
+ org.jacoco
+ jacoco-maven-plugin
+ ${jacoco.version}
+
+
+ prepare-agent
+
+ prepare-agent
+
+
+
+ report
+
+ report
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ copy
+ test-compile
+
+ copy
+
+
+
+
+ org.slf4j
+ slf4j-api
+ 1.7.30
+ jar
+
+
+ org.apache.commons
+ commons-collections4
+ 4.0
+ jar
+
+
+ javax
+ javaee-api
+ 6.0
+ jar
+
+
+ org.springframework
+ spring-webmvc
+ 4.3.3.RELEASE
+ jar
+
+
+ org.springframework
+ spring-web
+ 4.3.3.RELEASE
+ jar
+
+
+ org.springframework
+ spring-context
+ 4.3.3.RELEASE
+ jar
+
+
+ junit
+ junit
+ 4.13.2
+ jar
+
+
+ ${project.build.directory}/test-jars
+
+
+
+
+
+ com.mycila
+ license-maven-plugin
+
+ ${project.basedir}/src/main/resources/license-header.txt
+
+
+ **/*.properties
+ *.sh
+ *.yml
+ .editorconfig
+ .gitignore
+ **/*.md
+ **/*.xml
+
+
+
+
+
+
\ No newline at end of file
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
new file mode 100644
index 0000000..0e273ad
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java;
+
+import com.keyware.sonar.java.rules.JavaFileCheckRegistrar;
+import com.keyware.sonar.java.rules.JavaSecurityDesignRulesRepository;
+import org.sonar.api.Plugin;
+
+/**
+ * Java 安全性设计准则插件
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaSecurityDesignRulesPlugin implements Plugin {
+ @Override
+ public void define(Context context) {
+ // 服务器扩展 - >对象在服务器启动期间实例化
+ context.addExtension(JavaSecurityDesignRulesRepository.class);
+
+ // 批处理扩展 - >对象在代码分析期间实例化
+ context.addExtension(JavaFileCheckRegistrar.class);
+
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java
new file mode 100644
index 0000000..20eaf0b
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import org.sonar.plugins.java.api.CheckRegistrar;
+import org.sonar.plugins.java.api.JavaCheck;
+import org.sonarsource.api.sonarlint.SonarLintSide;
+
+import java.util.List;
+
+/**
+ * 负责将java规则检查器注册到SonarQube中
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+@SonarLintSide
+public class JavaFileCheckRegistrar implements CheckRegistrar {
+ /**
+ * 注册将用于在分析期间实例化检查的类。
+ */
+ @Override
+ public void register(RegistrarContext registrarContext) {
+ // 调用 registerClassesForRepository 以将类与正确的存储库密钥相关联
+ registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, checkClasses(), testCheckClasses());
+ }
+
+ /**
+ * 列出插件提供的所有主检查器
+ */
+ public static List> checkClasses() {
+ return RulesList.getJavaChecks();
+ }
+
+ /**
+ * 列出插件提供的所有测试检查器
+ */
+ public static List> testCheckClasses() {
+ return RulesList.getJavaTestChecks();
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
new file mode 100644
index 0000000..b440253
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import org.sonar.api.SonarEdition;
+import org.sonar.api.SonarProduct;
+import org.sonar.api.SonarQubeSide;
+import org.sonar.api.SonarRuntime;
+import org.sonar.api.server.rule.RulesDefinition;
+import org.sonar.api.utils.Version;
+import org.sonarsource.analyzer.commons.RuleMetadataLoader;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * 用于定义出现在规则页面中规则的元数据
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaSecurityDesignRulesRepository implements RulesDefinition {
+ // 不要修改这个值,因为路径在 CheckVerifier 中是硬编码的
+ private static final String RESOURCE_BASE_PATH = "org/sonar/l10n/java/rules/java";
+
+ public static final String REPOSITORY_KEY = "keyware-java-security-design";
+ public static final String REPOSITORY_NAME = "Java安全性设计准则";
+
+ // 添加需要视为模板规则的规则的规则键
+ private static final Set RULE_TEMPLATES_KEY = Collections.emptySet();
+
+ private final SonarRuntime runtime;
+
+ public JavaSecurityDesignRulesRepository(SonarRuntime runtime) {
+ this.runtime = runtime;
+ }
+
+ @Override
+ public void define(RulesDefinition.Context context) {
+ RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "java").setName(REPOSITORY_NAME);
+
+ RuleMetadataLoader ruleMetadataLoader = new RuleMetadataLoader(RESOURCE_BASE_PATH, runtime);
+
+ ruleMetadataLoader.addRulesByAnnotatedClass(repository, new ArrayList<>(RulesList.getChecks()));
+
+ setTemplates(repository);
+
+ repository.done();
+ }
+
+ private static void setTemplates(RulesDefinition.NewRepository repository) {
+ RULE_TEMPLATES_KEY.stream()
+ .map(repository::rule)
+ .filter(Objects::nonNull)
+ .forEach(rule -> rule.setTemplate(true));
+ }
+
+
+ public static class MockedSonarRuntime implements SonarRuntime {
+
+ @Override
+ public Version getApiVersion() {
+ return Version.create(9, 9);
+ }
+
+ @Override
+ public SonarProduct getProduct() {
+ return SonarProduct.SONARQUBE;
+ }
+
+ @Override
+ public SonarQubeSide getSonarQubeSide() {
+ return SonarQubeSide.SCANNER;
+ }
+
+ @Override
+ public SonarEdition getEdition() {
+ return SonarEdition.COMMUNITY;
+ }
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java
new file mode 100644
index 0000000..57bec67
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import com.keyware.sonar.java.rules.checkers.ABCVarNameChecker;
+import org.sonar.plugins.java.api.JavaCheck;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+public final class RulesList {
+
+ private RulesList() {
+ }
+
+ public static List> getChecks() {
+ List> checks = new ArrayList<>();
+ checks.addAll(getJavaChecks());
+ checks.addAll(getJavaTestChecks());
+ return Collections.unmodifiableList(checks);
+ }
+
+ /**
+ * These rules are going to target MAIN code only
+ */
+ public static List> getJavaChecks() {
+ return Collections.unmodifiableList(Arrays.asList(
+ ABCVarNameChecker.class
+ /*SpringControllerRequestMappingEntityRule.class,
+ AvoidAnnotationRule.class,
+ AvoidBrandInMethodNamesRule.class,
+ AvoidMethodDeclarationRule.class,
+ AvoidSuperClassRule.class,
+ AvoidTreeListRule.class,
+ MyCustomSubscriptionRule.class,
+ SecurityAnnotationMandatoryRule.class*/
+ ));
+ }
+
+ /**
+ * These rules are going to target TEST code only
+ */
+ public static List> getJavaTestChecks() {
+ return Collections.unmodifiableList(Arrays.asList(
+ /*NoIfStatementInTestsRule.class*/
+ ));
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java
new file mode 100644
index 0000000..08a5f12
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules.checkers;
+
+import org.sonar.check.Rule;
+import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.tree.Tree;
+import org.sonar.plugins.java.api.tree.VariableTree;
+
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * TODO ABCVarNameChecker
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+@Rule(key = "ABCVarNameChecker")
+public class ABCVarNameChecker extends SubscriptionVisitor {
+
+ @Override
+ public List nodesToVisit() {
+ return Collections.singletonList(
+ Tree.Kind.VARIABLE
+ );
+ }
+
+ @Override
+ public void visitNode(Tree tree) {
+ VariableTree node = (VariableTree) tree;
+ if (node.simpleName().name().matches("ABC")) {
+ context.reportIssue(this, node.simpleName(), "不能使用ABC作为变量名");
+ }
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/license-header.txt b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/license-header.txt
new file mode 100644
index 0000000..6f93a28
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/license-header.txt
@@ -0,0 +1,4 @@
+Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+项目名称:${project.name}
+项目描述:${project.description}
+版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
\ No newline at end of file
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/ABCVarNameChecker.html b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/ABCVarNameChecker.html
new file mode 100644
index 0000000..c181a22
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/ABCVarNameChecker.html
@@ -0,0 +1,9 @@
+不能使用ABC作为变量名
+不能使用ABC作为变量名
+
+
+
+合规解决方案
+
+
+
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/ABCVarNameChecker.json b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/ABCVarNameChecker.json
new file mode 100644
index 0000000..94fa3e8
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/ABCVarNameChecker.json
@@ -0,0 +1,13 @@
+{
+ "title": "不能使用ABC作为变量名",
+ "type": "CODE_SMELL",
+ "status": "ready",
+ "remediation": {
+ "func": "Constant\/Issue",
+ "constantCost": "5min"
+ },
+ "tags": [
+ "28suo"
+ ],
+ "defaultSeverity": "Minor"
+}
\ No newline at end of file
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/files/ABCVarNameRule.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/files/ABCVarNameRule.java
new file mode 100644
index 0000000..cd344bc
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/files/ABCVarNameRule.java
@@ -0,0 +1,11 @@
+class VarNameRule{
+ private static String ABC = "abc"; // Noncompliant {{不能使用ABC作为变量名}}
+ private static String edf = "edf";
+
+ public String getABC(){
+ return ABC;
+ }
+ public void test(){
+ System.out.println(ABC);
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
new file mode 100644
index 0000000..377d157
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.api.*;
+import org.sonar.api.utils.Version;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * TODO JavaSecurityDesignRulesPluginTest
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaSecurityDesignRulesPluginTest {
+ @Test
+ void testName() {
+ Plugin.Context context = new Plugin.Context(new MockedSonarRuntime());
+
+ new JavaSecurityDesignRulesPlugin().define(context);
+
+ assertThat(context.getExtensions())
+ .extracting(ext -> ((Class) ext).getSimpleName())
+ .containsExactlyInAnyOrder("JavaSecurityDesignRulesRepository", "JavaFileCheckRegistrar");
+ }
+
+ public static class MockedSonarRuntime implements SonarRuntime {
+
+ @Override
+ public Version getApiVersion() {
+ return Version.create(9, 9);
+ }
+
+ @Override
+ public SonarProduct getProduct() {
+ return SonarProduct.SONARQUBE;
+ }
+
+ @Override
+ public SonarQubeSide getSonarQubeSide() {
+ return SonarQubeSide.SCANNER;
+ }
+
+ @Override
+ public SonarEdition getEdition() {
+ return SonarEdition.COMMUNITY;
+ }
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
new file mode 100644
index 0000000..fed6430
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.api.rule.RuleKey;
+import org.sonar.java.checks.verifier.TestCheckRegistrarContext;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * TODO JavaFileCheckRegistrarTest
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaFileCheckRegistrarTest {
+
+ @Test
+ void checkRegisteredRulesKeysAndClasses() {
+ TestCheckRegistrarContext context = new TestCheckRegistrarContext();
+
+ JavaFileCheckRegistrar registrar = new JavaFileCheckRegistrar();
+ registrar.register(context);
+
+ assertThat(context.mainRuleKeys).extracting(RuleKey::toString).containsExactly(
+ /*"mycompany-java:SpringControllerRequestMappingEntity",
+ "mycompany-java:AvoidAnnotation",
+ "mycompany-java:AvoidBrandInMethodNames",
+ "mycompany-java:AvoidMethodDeclaration",
+ "mycompany-java:AvoidSuperClass",
+ "mycompany-java:AvoidTreeList",
+ "mycompany-java:AvoidMethodWithSameTypeInArgument",
+ "mycompany-java:SecurityAnnotationMandatory"*/
+ "keyware-java-security-design:ABCVarNameChecker"
+ );
+
+ assertThat(context.mainCheckClasses).extracting(Class::getSimpleName).containsExactly(
+ /*"SpringControllerRequestMappingEntityRule",
+ "AvoidAnnotationRule",
+ "AvoidBrandInMethodNamesRule",
+ "AvoidMethodDeclarationRule",
+ "AvoidSuperClassRule",
+ "AvoidTreeListRule",
+ "MyCustomSubscriptionRule",
+ "SecurityAnnotationMandatoryRule"*/
+ "ABCVarNameChecker"
+ );
+
+ assertThat(context.testRuleKeys).extracting(RuleKey::toString).containsExactly(
+ /*"mycompany-java:NoIfStatementInTests"*/
+ );
+
+ assertThat(context.testCheckClasses).extracting(Class::getSimpleName).containsExactly(
+ /*"NoIfStatementInTestsRule"*/
+ );
+ }
+
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java
new file mode 100644
index 0000000..b8fb520
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.api.rules.RuleType;
+import org.sonar.api.server.debt.DebtRemediationFunction;
+import org.sonar.api.server.rule.RuleParamType;
+import org.sonar.api.server.rule.RulesDefinition;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * TODO JavaSecurityDesignRulesRepositoryTest
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaSecurityDesignRulesRepositoryTest {
+
+ @Test
+ void test() {
+ JavaSecurityDesignRulesRepository rulesDefinition = new JavaSecurityDesignRulesRepository(new JavaSecurityDesignRulesRepository.MockedSonarRuntime());
+ RulesDefinition.Context context = new RulesDefinition.Context();
+ rulesDefinition.define(context);
+ RulesDefinition.Repository repository = context.repository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY);
+
+ assertThat(repository.name()).isEqualTo(JavaSecurityDesignRulesRepository.REPOSITORY_NAME);
+ assertThat(repository.language()).isEqualTo("java");
+ assertThat(repository.rules()).hasSize(RulesList.getChecks().size());
+ assertThat(repository.rules().stream().filter(RulesDefinition.Rule::template)).isEmpty();
+
+ //assertRuleProperties(repository);
+ // assertParameterProperties(repository);
+ // assertAllRuleParametersHaveDescription(repository);
+ }
+
+ private static void assertParameterProperties(RulesDefinition.Repository repository) {
+ RulesDefinition.Param max = repository.rule("AvoidAnnotation").param("name");
+ assertThat(max).isNotNull();
+ assertThat(max.defaultValue()).isEqualTo("Inject");
+ assertThat(max.description()).isEqualTo("Name of the annotation to avoid, without the prefix @, for instance 'Override'");
+ assertThat(max.type()).isEqualTo(RuleParamType.STRING);
+ }
+
+ private static void assertRuleProperties(RulesDefinition.Repository repository) {
+ RulesDefinition.Rule rule = repository.rule("AvoidAnnotation");
+ assertThat(rule).isNotNull();
+ assertThat(rule.name()).isEqualTo("Title of AvoidAnnotation");
+ assertThat(rule.debtRemediationFunction().type()).isEqualTo(DebtRemediationFunction.Type.CONSTANT_ISSUE);
+ assertThat(rule.type()).isEqualTo(RuleType.CODE_SMELL);
+ }
+
+ private static void assertAllRuleParametersHaveDescription(RulesDefinition.Repository repository) {
+ for (RulesDefinition.Rule rule : repository.rules()) {
+ for (RulesDefinition.Param param : rule.params()) {
+ assertThat(param.description()).as("description for " + param.key()).isNotEmpty();
+ }
+ }
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/ABCVarNameCheckerTest.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/ABCVarNameCheckerTest.java
new file mode 100644
index 0000000..6a83980
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/ABCVarNameCheckerTest.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules.checkers;
+
+import com.keyware.sonar.java.utils.FilesUtils;
+import org.junit.jupiter.api.Test;
+import org.sonar.java.checks.verifier.CheckVerifier;
+
+/**
+ * TODO ABCVarNameCheckerTest
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class ABCVarNameCheckerTest {
+ @Test
+ void detected() {
+
+
+ ABCVarNameChecker rule = new ABCVarNameChecker();
+
+
+ // Verifies that the check will raise the adequate issues with the expected message.
+ // In the test file, lines which should raise an issue have been commented out
+ // by using the following syntax: "// Noncompliant {{EXPECTED_MESSAGE}}"
+ CheckVerifier.newVerifier()
+ .onFile("src/test/files/ABCVarNameRule.java")
+ .withCheck(rule)
+ .withClassPath(FilesUtils.getClassPath("target/test-jars"))
+ .verifyIssues();
+ }
+}
diff --git a/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/utils/FilesUtils.java b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/utils/FilesUtils.java
new file mode 100644
index 0000000..23edf71
--- /dev/null
+++ b/sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/utils/FilesUtils.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.*;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * Duplicates org.sonar.java.checks.verifier.FilesUtils to locate test jars within the custom-rules plugin
+ */
+public class FilesUtils {
+
+ private FilesUtils() {
+ }
+
+ /**
+ * Default location of the jars/zips to be taken into account when performing the analysis.
+ */
+ private static final String DEFAULT_TEST_JARS_DIRECTORY = "target/test-jars";
+
+ public static List getClassPath(String jarsDirectory) {
+ List classpath = new LinkedList<>();
+ Path testJars = Paths.get(jarsDirectory);
+ if (testJars.toFile().exists()) {
+ classpath = getFilesRecursively(testJars, "jar", "zip");
+ } else if (!DEFAULT_TEST_JARS_DIRECTORY.equals(jarsDirectory)) {
+ throw new AssertionError("The directory to be used to extend class path does not exists ("
+ + testJars.toAbsolutePath()
+ + ").");
+ }
+ classpath.add(new File("target/test-classes"));
+ return classpath;
+ }
+
+ private static List getFilesRecursively(Path root, String... extensions) {
+ final List files = new ArrayList<>();
+
+ FileVisitor visitor = new SimpleFileVisitor() {
+ @Override
+ public FileVisitResult visitFile(Path filePath, BasicFileAttributes attrs) {
+ for (String extension : extensions) {
+ if (filePath.toString().endsWith("."
+ + extension)) {
+ files.add(filePath.toFile());
+ break;
+ }
+ }
+ return FileVisitResult.CONTINUE;
+ }
+
+ @Override
+ public FileVisitResult visitFileFailed(Path file, IOException exc) {
+ return FileVisitResult.CONTINUE;
+ }
+ };
+
+ try {
+ Files.walkFileTree(root, visitor);
+ } catch (IOException e) {
+ // we already ignore errors in the visitor
+ }
+
+ return files;
+ }
+
+}