commit
2ab2551735
@ -0,0 +1,38 @@ |
||||
target/ |
||||
!.mvn/wrapper/maven-wrapper.jar |
||||
!**/src/main/**/target/ |
||||
!**/src/test/**/target/ |
||||
|
||||
### IntelliJ IDEA ### |
||||
.idea/modules.xml |
||||
.idea/jarRepositories.xml |
||||
.idea/compiler.xml |
||||
.idea/libraries/ |
||||
*.iws |
||||
*.iml |
||||
*.ipr |
||||
|
||||
### Eclipse ### |
||||
.apt_generated |
||||
.classpath |
||||
.factorypath |
||||
.project |
||||
.settings |
||||
.springBeans |
||||
.sts4-cache |
||||
|
||||
### NetBeans ### |
||||
/nbproject/private/ |
||||
/nbbuild/ |
||||
/dist/ |
||||
/nbdist/ |
||||
/.nb-gradle/ |
||||
build/ |
||||
!**/src/main/**/build/ |
||||
!**/src/test/**/build/ |
||||
|
||||
### VS Code ### |
||||
.vscode/ |
||||
|
||||
### Mac OS ### |
||||
.DS_Store |
@ -0,0 +1,6 @@ |
||||
[submodule "sonar-dependencies/sonar-cxx"] |
||||
path = sonar-dependencies/sonar-cxx |
||||
url = https://github.com/SonarOpenCommunity/sonar-cxx.git |
||||
[submodule "sonar-dependencies/sonar-java"] |
||||
path = sonar-dependencies/sonar-java |
||||
url = https://github.com/SonarSource/sonar-java.git |
@ -0,0 +1,35 @@ |
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> |
||||
<modelVersion>4.0.0</modelVersion> |
||||
<parent> |
||||
<groupId>org.sonarsource.java</groupId> |
||||
<artifactId>java</artifactId> |
||||
<version>7.30.1.34514</version> |
||||
</parent> |
||||
|
||||
<groupId>com.keyware.sonar</groupId> |
||||
<artifactId>sonar-keyware</artifactId> |
||||
<version>1.0-SNAPSHOT</version> |
||||
<packaging>pom</packaging> |
||||
|
||||
<properties> |
||||
<maven.compiler.source>11</maven.compiler.source> |
||||
<maven.compiler.target>11</maven.compiler.target> |
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> |
||||
</properties> |
||||
|
||||
<modules> |
||||
<module>sonar-dependencies</module> |
||||
<module>sonar-keyware-plugins</module> |
||||
</modules> |
||||
<dependencyManagement> |
||||
<dependencies> |
||||
|
||||
</dependencies> |
||||
</dependencyManagement> |
||||
<dependencies> |
||||
|
||||
</dependencies> |
||||
</project> |
@ -0,0 +1,30 @@ |
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> |
||||
<modelVersion>4.0.0</modelVersion> |
||||
|
||||
<parent> |
||||
<groupId>com.keyware.sonar</groupId> |
||||
<artifactId>sonar-keyware</artifactId> |
||||
<version>1.0-SNAPSHOT</version> |
||||
</parent> |
||||
|
||||
<artifactId>sonar-dependencies</artifactId> |
||||
<version>1.0-SNAPSHOT</version> |
||||
<packaging>pom</packaging> |
||||
|
||||
<modules> |
||||
<!--<module>sonar-cxx</module>--> |
||||
<module>sonar-java</module> |
||||
</modules> |
||||
|
||||
<properties> |
||||
|
||||
</properties> |
||||
|
||||
<dependencyManagement> |
||||
<dependencies> |
||||
</dependencies> |
||||
</dependencyManagement> |
||||
</project> |
@ -0,0 +1 @@ |
||||
Subproject commit dd3c88c7343f3a44c5172dc4499b361dda028d85 |
@ -0,0 +1 @@ |
||||
Subproject commit 0d3165c6aebe18052b1d97893a2e3da85e6d9b41 |
@ -0,0 +1,22 @@ |
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> |
||||
<modelVersion>4.0.0</modelVersion> |
||||
|
||||
<parent> |
||||
<groupId>com.keyware.sonar</groupId> |
||||
<artifactId>sonar-keyware</artifactId> |
||||
<version>1.0-SNAPSHOT</version> |
||||
</parent> |
||||
|
||||
<artifactId>sonar-keyware-plugins</artifactId> |
||||
<version>1.0-SNAPSHOT</version> |
||||
<packaging>pom</packaging> |
||||
|
||||
<modules> |
||||
<module>sonar-keyware-plugins-java</module> |
||||
<module>sonar-keyware-plugins-cxx</module> |
||||
</modules> |
||||
|
||||
</project> |
Binary file not shown.
Binary file not shown.
@ -0,0 +1,155 @@ |
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> |
||||
<modelVersion>4.0.0</modelVersion> |
||||
|
||||
<parent> |
||||
<groupId>com.keyware.sonar</groupId> |
||||
<artifactId>sonar-keyware-plugins</artifactId> |
||||
<version>1.0-SNAPSHOT</version> |
||||
</parent> |
||||
|
||||
<name>C++ 信息安全性设计准则</name> |
||||
<artifactId>sonar-keyware-plugins-cxx</artifactId> |
||||
<version>1.0-SNAPSHOT</version> |
||||
<description>用于检查C++源代码的安全性设计准则的Sonarqube插件</description> |
||||
|
||||
<properties> |
||||
<java.version>11</java.version> |
||||
<commons-io.version>2.15.1</commons-io.version> |
||||
<commons-lang.version>2.6</commons-lang.version> |
||||
<!-- we depend on API ${sonar.version} but we keep backward compatibility with LTS --> |
||||
<sonar.version>9.9.0.65466</sonar.version> |
||||
<sonar.plugin.api.version>9.14.0.375</sonar.plugin.api.version> |
||||
<sonarQubeMinVersion>8.9</sonarQubeMinVersion> |
||||
<gson.version>2.10.1</gson.version> |
||||
<guava.version>33.0.0-jre</guava.version> |
||||
<jsr305.version>3.0.2</jsr305.version> |
||||
<mockito-all.version>1.10.19</mockito-all.version> |
||||
<mockito-core.version>5.8.0</mockito-core.version> |
||||
<assertj-core.version>3.24.2</assertj-core.version> |
||||
<junit-jupiter.version>5.10.1</junit-jupiter.version> |
||||
</properties> |
||||
|
||||
<dependencies> |
||||
<dependency> |
||||
<groupId>org.sonarsource.sonarqube-plugins.cxx</groupId> |
||||
<artifactId>cxx-sslr-toolkit</artifactId> |
||||
<systemPath>${project.basedir}/libs/cxx-sslr-toolkit-2.1.1.488.jar</systemPath> |
||||
<version>2.1.1.488</version> |
||||
<scope>system</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.sonarsource.sonarqube-plugins.cxx</groupId> |
||||
<artifactId>sonar-cxx-plugin</artifactId> |
||||
<systemPath>${project.basedir}/libs/sonar-cxx-plugin-2.1.1.488.jar</systemPath> |
||||
<version>2.1.1.488</version> |
||||
<scope>system</scope> |
||||
</dependency> |
||||
|
||||
<dependency> |
||||
<groupId>org.sonarsource.api.plugin</groupId> |
||||
<artifactId>sonar-plugin-api</artifactId> |
||||
<version>${sonar.plugin.api.version}</version> |
||||
</dependency> |
||||
|
||||
<dependency> |
||||
<groupId>org.sonarsource.sonarqube</groupId> |
||||
<artifactId>sonar-plugin-api-impl</artifactId> |
||||
<version>${sonar.version}</version> |
||||
<scope>compile</scope> |
||||
</dependency> |
||||
|
||||
<dependency> |
||||
<groupId>commons-io</groupId> |
||||
<artifactId>commons-io</artifactId> |
||||
<version>${commons-io.version}</version> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>commons-lang</groupId> |
||||
<artifactId>commons-lang</artifactId> |
||||
<version>${commons-lang.version}</version> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>com.google.code.findbugs</groupId> |
||||
<artifactId>jsr305</artifactId> |
||||
<version>${jsr305.version}</version> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>com.google.guava</groupId> |
||||
<artifactId>guava</artifactId> |
||||
<version>${guava.version}</version> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>com.google.code.gson</groupId> |
||||
<artifactId>gson</artifactId> |
||||
<version>${gson.version}</version> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.mockito</groupId> |
||||
<artifactId>mockito-core</artifactId> |
||||
<version>${mockito-core.version}</version> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.assertj</groupId> |
||||
<artifactId>assertj-core</artifactId> |
||||
<version>${assertj-core.version}</version> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.junit.jupiter</groupId> |
||||
<artifactId>junit-jupiter-api</artifactId> |
||||
<version>${junit-jupiter.version}</version> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.junit.jupiter</groupId> |
||||
<artifactId>junit-jupiter-engine</artifactId> |
||||
<version>${junit-jupiter.version}</version> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
</dependencies> |
||||
|
||||
|
||||
<build> |
||||
<plugins> |
||||
<plugin> |
||||
<groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId> |
||||
<artifactId>sonar-packaging-maven-plugin</artifactId> |
||||
<configuration> |
||||
<sonarQubeMinVersion>${sonarQubeMinVersion}</sonarQubeMinVersion> |
||||
</configuration> |
||||
</plugin> |
||||
|
||||
<plugin> |
||||
<groupId>com.mycila</groupId> |
||||
<artifactId>license-maven-plugin</artifactId> |
||||
<configuration> |
||||
<header>${project.basedir}/src/main/resources/license-header.txt</header> |
||||
<!--排除文件--> |
||||
<excludes> |
||||
<exclude>**/*.properties</exclude> |
||||
<exclude>*.sh</exclude> |
||||
<exclude>*.yml</exclude> |
||||
<exclude>.editorconfig</exclude> |
||||
<exclude>.gitignore</exclude> |
||||
<exclude>**/*.md</exclude> |
||||
<exclude>**/*.xml</exclude> |
||||
</excludes> |
||||
</configuration> |
||||
</plugin> |
||||
</plugins> |
||||
<resources> |
||||
<resource> |
||||
<directory>src/main/resources</directory> |
||||
<excludes> |
||||
<exclude>com/sonar/sqale/cxx-model-project*</exclude> |
||||
<exclude>external/*</exclude> |
||||
</excludes> |
||||
</resource> |
||||
</resources> |
||||
</build> |
||||
</project> |
@ -0,0 +1,25 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:C++ 信息安全性设计准则 |
||||
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.cxx; |
||||
|
||||
import com.keyware.sonar.cxx.rules.CxxSecurityDesignRulesRepository; |
||||
import org.sonar.api.Plugin; |
||||
import org.sonar.plugins.cxx.CxxLanguage; |
||||
|
||||
/** |
||||
* TODO CxxSecurityDesignRulesPlugin |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
public class CxxSecurityDesignRulesPlugin implements Plugin { |
||||
@Override |
||||
public void define(Context context) { |
||||
context.addExtension(CxxLanguage.class); |
||||
context.addExtension(CxxSecurityDesignRulesRepository.class); |
||||
} |
||||
} |
@ -0,0 +1,108 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:C++ 信息安全性设计准则 |
||||
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.cxx.rules; |
||||
|
||||
import org.sonar.api.SonarEdition; |
||||
import org.sonar.api.SonarProduct; |
||||
import org.sonar.api.SonarQubeSide; |
||||
import org.sonar.api.SonarRuntime; |
||||
import org.sonar.api.config.internal.MapSettings; |
||||
import org.sonar.api.resources.Language; |
||||
import org.sonar.api.server.rule.RulesDefinition; |
||||
import org.sonar.api.utils.Version; |
||||
import org.sonar.plugins.cxx.CustomCxxRulesDefinition; |
||||
import org.sonar.plugins.cxx.CxxLanguage; |
||||
|
||||
import java.util.Collections; |
||||
import java.util.Objects; |
||||
import java.util.Set; |
||||
|
||||
/** |
||||
* TODO CxxSecurityDesignRulesRepository |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
public class CxxSecurityDesignRulesRepository extends CustomCxxRulesDefinition { |
||||
// 不要修改这个值,因为路径在 CheckVerifier 中是硬编码的
|
||||
private static final String RESOURCE_BASE_PATH = "org/sonar/l10n/java/rules/java"; |
||||
|
||||
public static final String REPOSITORY_KEY = "keyware-cxx-security-design"; |
||||
public static final String REPOSITORY_NAME = "C++ 安全性设计准则"; |
||||
|
||||
|
||||
// 添加需要视为模板规则的规则的规则键
|
||||
private static final Set<String> RULE_TEMPLATES_KEY = Collections.emptySet(); |
||||
|
||||
private final SonarRuntime runtime; |
||||
|
||||
public CxxSecurityDesignRulesRepository(SonarRuntime runtime) { |
||||
this.runtime = runtime; |
||||
} |
||||
|
||||
@Override |
||||
public void define(RulesDefinition.Context context) { |
||||
RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "cxx").setName(REPOSITORY_NAME); |
||||
|
||||
|
||||
|
||||
setTemplates(repository); |
||||
|
||||
repository.done(); |
||||
} |
||||
|
||||
@Override |
||||
public Language getLanguage() { |
||||
return new CxxLanguage(new MapSettings().asConfig()); |
||||
} |
||||
|
||||
@Override |
||||
public String repositoryName() { |
||||
return REPOSITORY_NAME; |
||||
} |
||||
|
||||
@Override |
||||
public String repositoryKey() { |
||||
return REPOSITORY_KEY; |
||||
} |
||||
|
||||
@Override |
||||
public Class[] checkClasses() { |
||||
return new Class[0]; |
||||
} |
||||
|
||||
private static void setTemplates(RulesDefinition.NewRepository repository) { |
||||
RULE_TEMPLATES_KEY.stream() |
||||
.map(repository::rule) |
||||
.filter(Objects::nonNull) |
||||
.forEach(rule -> rule.setTemplate(true)); |
||||
} |
||||
|
||||
|
||||
public static class MockedSonarRuntime implements SonarRuntime { |
||||
|
||||
@Override |
||||
public Version getApiVersion() { |
||||
return Version.create(9, 9); |
||||
} |
||||
|
||||
@Override |
||||
public SonarProduct getProduct() { |
||||
return SonarProduct.SONARQUBE; |
||||
} |
||||
|
||||
@Override |
||||
public SonarQubeSide getSonarQubeSide() { |
||||
return SonarQubeSide.SCANNER; |
||||
} |
||||
|
||||
@Override |
||||
public SonarEdition getEdition() { |
||||
return SonarEdition.COMMUNITY; |
||||
} |
||||
} |
||||
} |
@ -0,0 +1,39 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:C++ 信息安全性设计准则 |
||||
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.cxx.rules.checkers; |
||||
|
||||
import com.sonar.cxx.sslr.api.AstNode; |
||||
import com.sonar.cxx.sslr.api.Grammar; |
||||
import org.sonar.check.Priority; |
||||
import org.sonar.check.Rule; |
||||
import org.sonar.cxx.parser.CxxGrammarImpl; |
||||
import org.sonar.cxx.squidbridge.SquidAstVisitor; |
||||
import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; |
||||
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; |
||||
|
||||
/** |
||||
* TODO DemoChecker |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
@Rule(key = "DemoChecker", name = "DemoChecker", description = "DemoChecker", priority = Priority.INFO, tags = {"28Suo"}) |
||||
@ActivatedByDefault |
||||
@SqaleConstantRemediation("5min") |
||||
public class DemoChecker extends SquidAstVisitor<Grammar> { |
||||
@Override |
||||
public void init() { |
||||
this.subscribeTo( |
||||
CxxGrammarImpl.functionDefinition |
||||
); |
||||
} |
||||
|
||||
@Override |
||||
public void visitNode(AstNode astNode) { |
||||
super.visitNode(astNode); |
||||
} |
||||
} |
@ -0,0 +1,4 @@ |
||||
Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
项目名称:${project.name} |
||||
项目描述:${project.description} |
||||
版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
@ -0,0 +1,244 @@ |
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> |
||||
<modelVersion>4.0.0</modelVersion> |
||||
|
||||
<parent> |
||||
<groupId>com.keyware.sonar</groupId> |
||||
<artifactId>sonar-keyware-plugins</artifactId> |
||||
<version>1.0-SNAPSHOT</version> |
||||
</parent> |
||||
|
||||
<name>Java 信息安全性设计准则</name> |
||||
<artifactId>sonar-keyware-plugins-java</artifactId> |
||||
<packaging>sonar-plugin</packaging> |
||||
<version>1.0-SNAPSHOT</version> |
||||
<description>用于检查Java源代码的安全性设计准则的Sonarqube插件</description> |
||||
|
||||
<properties> |
||||
<jacoco.version>0.8.10</jacoco.version> |
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> |
||||
</properties> |
||||
|
||||
<dependencies> |
||||
<dependency> |
||||
<groupId>org.sonarsource.java</groupId> |
||||
<artifactId>sonar-java-plugin</artifactId> |
||||
<version>7.30.1.34514</version> |
||||
<type>sonar-plugin</type> |
||||
<scope>compile</scope> |
||||
</dependency> |
||||
|
||||
<dependency> |
||||
<groupId>org.sonarsource.api.plugin</groupId> |
||||
<artifactId>sonar-plugin-api</artifactId> |
||||
<scope>provided</scope> |
||||
</dependency> |
||||
|
||||
<dependency> |
||||
<groupId>org.sonarsource.analyzer-commons</groupId> |
||||
<artifactId>sonar-analyzer-commons</artifactId> |
||||
</dependency> |
||||
|
||||
<dependency> |
||||
<groupId>org.slf4j</groupId> |
||||
<artifactId>slf4j-api</artifactId> |
||||
<scope>provided</scope> |
||||
</dependency> |
||||
|
||||
<!-- unit tests --> |
||||
<dependency> |
||||
<groupId>org.sonarsource.api.plugin</groupId> |
||||
<artifactId>sonar-plugin-api-test-fixtures</artifactId> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.sonarsource.sonarqube</groupId> |
||||
<artifactId>sonar-plugin-api-impl</artifactId> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.sonarsource.java</groupId> |
||||
<artifactId>test-classpath-reader</artifactId> |
||||
<version>7.30.1.34514</version> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.sonarsource.java</groupId> |
||||
<artifactId>java-checks-testkit</artifactId> |
||||
<version>7.30.1.34514</version> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.junit.jupiter</groupId> |
||||
<artifactId>junit-jupiter</artifactId> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.junit.jupiter</groupId> |
||||
<artifactId>junit-jupiter-migrationsupport</artifactId> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.mockito</groupId> |
||||
<artifactId>mockito-core</artifactId> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>org.assertj</groupId> |
||||
<artifactId>assertj-core</artifactId> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
<dependency> |
||||
<groupId>com.google.guava</groupId> |
||||
<artifactId>guava</artifactId> |
||||
<scope>test</scope> |
||||
</dependency> |
||||
</dependencies> |
||||
|
||||
<build> |
||||
<plugins> |
||||
<plugin> |
||||
<groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId> |
||||
<artifactId>sonar-packaging-maven-plugin</artifactId> |
||||
<extensions>true</extensions> |
||||
<configuration> |
||||
<pluginKey>keyware-java-plugin</pluginKey> |
||||
<pluginName>Java 安全性设计准则</pluginName> |
||||
<pluginClass>com.keyware.sonar.java.JavaSecurityDesignRulesPlugin</pluginClass> |
||||
<sonarLintSupported>true</sonarLintSupported> |
||||
<skipDependenciesPackaging>true</skipDependenciesPackaging> |
||||
<pluginApiMinVersion>9.14.0.375</pluginApiMinVersion> |
||||
<requirePlugins>java:${project.version}</requirePlugins> |
||||
</configuration> |
||||
</plugin> |
||||
<plugin> |
||||
<groupId>org.apache.maven.plugins</groupId> |
||||
<artifactId>maven-jar-plugin</artifactId> |
||||
</plugin> |
||||
<plugin> |
||||
<groupId>org.apache.maven.plugins</groupId> |
||||
<artifactId>maven-shade-plugin</artifactId> |
||||
<configuration> |
||||
</configuration> |
||||
<executions> |
||||
<execution> |
||||
<phase>package</phase> |
||||
<goals> |
||||
<goal>shade</goal> |
||||
</goals> |
||||
</execution> |
||||
</executions> |
||||
</plugin> |
||||
|
||||
<plugin> |
||||
<groupId>org.apache.maven.plugins</groupId> |
||||
<artifactId>maven-compiler-plugin</artifactId> |
||||
<configuration> |
||||
<source>11</source> |
||||
<target>11</target> |
||||
</configuration> |
||||
</plugin> |
||||
|
||||
<plugin> |
||||
<groupId>org.jacoco</groupId> |
||||
<artifactId>jacoco-maven-plugin</artifactId> |
||||
<version>${jacoco.version}</version> |
||||
<executions> |
||||
<execution> |
||||
<id>prepare-agent</id> |
||||
<goals> |
||||
<goal>prepare-agent</goal> |
||||
</goals> |
||||
</execution> |
||||
<execution> |
||||
<id>report</id> |
||||
<goals> |
||||
<goal>report</goal> |
||||
</goals> |
||||
</execution> |
||||
</executions> |
||||
</plugin> |
||||
|
||||
<!-- only required to run UT - these are UT dependencies --> |
||||
<plugin> |
||||
<groupId>org.apache.maven.plugins</groupId> |
||||
<artifactId>maven-dependency-plugin</artifactId> |
||||
<executions> |
||||
<execution> |
||||
<id>copy</id> |
||||
<phase>test-compile</phase> |
||||
<goals> |
||||
<goal>copy</goal> |
||||
</goals> |
||||
<configuration> |
||||
<artifactItems> |
||||
<artifactItem> |
||||
<groupId>org.slf4j</groupId> |
||||
<artifactId>slf4j-api</artifactId> |
||||
<version>1.7.30</version> |
||||
<type>jar</type> |
||||
</artifactItem> |
||||
<artifactItem> |
||||
<groupId>org.apache.commons</groupId> |
||||
<artifactId>commons-collections4</artifactId> |
||||
<version>4.0</version> |
||||
<type>jar</type> |
||||
</artifactItem> |
||||
<artifactItem> |
||||
<groupId>javax</groupId> |
||||
<artifactId>javaee-api</artifactId> |
||||
<version>6.0</version> |
||||
<type>jar</type> |
||||
</artifactItem> |
||||
<artifactItem> |
||||
<groupId>org.springframework</groupId> |
||||
<artifactId>spring-webmvc</artifactId> |
||||
<version>4.3.3.RELEASE</version> |
||||
<type>jar</type> |
||||
</artifactItem> |
||||
<artifactItem> |
||||
<groupId>org.springframework</groupId> |
||||
<artifactId>spring-web</artifactId> |
||||
<version>4.3.3.RELEASE</version> |
||||
<type>jar</type> |
||||
</artifactItem> |
||||
<artifactItem> |
||||
<groupId>org.springframework</groupId> |
||||
<artifactId>spring-context</artifactId> |
||||
<version>4.3.3.RELEASE</version> |
||||
<type>jar</type> |
||||
</artifactItem> |
||||
<artifactItem> |
||||
<groupId>junit</groupId> |
||||
<artifactId>junit</artifactId> |
||||
<version>4.13.2</version> |
||||
<type>jar</type> |
||||
</artifactItem> |
||||
</artifactItems> |
||||
<outputDirectory>${project.build.directory}/test-jars</outputDirectory> |
||||
</configuration> |
||||
</execution> |
||||
</executions> |
||||
</plugin> |
||||
<plugin> |
||||
<groupId>com.mycila</groupId> |
||||
<artifactId>license-maven-plugin</artifactId> |
||||
<configuration> |
||||
<header>${project.basedir}/src/main/resources/license-header.txt</header> |
||||
<!--排除文件--> |
||||
<excludes> |
||||
<exclude>**/*.properties</exclude> |
||||
<exclude>*.sh</exclude> |
||||
<exclude>*.yml</exclude> |
||||
<exclude>.editorconfig</exclude> |
||||
<exclude>.gitignore</exclude> |
||||
<exclude>**/*.md</exclude> |
||||
<exclude>**/*.xml</exclude> |
||||
</excludes> |
||||
</configuration> |
||||
</plugin> |
||||
</plugins> |
||||
</build> |
||||
</project> |
@ -0,0 +1,29 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java; |
||||
|
||||
import com.keyware.sonar.java.rules.JavaFileCheckRegistrar; |
||||
import com.keyware.sonar.java.rules.JavaSecurityDesignRulesRepository; |
||||
import org.sonar.api.Plugin; |
||||
|
||||
/** |
||||
* Java 安全性设计准则插件 |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
public class JavaSecurityDesignRulesPlugin implements Plugin { |
||||
@Override |
||||
public void define(Context context) { |
||||
// 服务器扩展 - >对象在服务器启动期间实例化
|
||||
context.addExtension(JavaSecurityDesignRulesRepository.class); |
||||
|
||||
// 批处理扩展 - >对象在代码分析期间实例化
|
||||
context.addExtension(JavaFileCheckRegistrar.class); |
||||
|
||||
} |
||||
} |
@ -0,0 +1,45 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java.rules; |
||||
|
||||
import org.sonar.plugins.java.api.CheckRegistrar; |
||||
import org.sonar.plugins.java.api.JavaCheck; |
||||
import org.sonarsource.api.sonarlint.SonarLintSide; |
||||
|
||||
import java.util.List; |
||||
|
||||
/** |
||||
* 负责将java规则检查器注册到SonarQube中 |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
@SonarLintSide |
||||
public class JavaFileCheckRegistrar implements CheckRegistrar { |
||||
/** |
||||
* 注册将用于在分析期间实例化检查的类。 |
||||
*/ |
||||
@Override |
||||
public void register(RegistrarContext registrarContext) { |
||||
// 调用 registerClassesForRepository 以将类与正确的存储库密钥相关联
|
||||
registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, checkClasses(), testCheckClasses()); |
||||
} |
||||
|
||||
/** |
||||
* 列出插件提供的所有主检查器 |
||||
*/ |
||||
public static List<Class<? extends JavaCheck>> checkClasses() { |
||||
return RulesList.getJavaChecks(); |
||||
} |
||||
|
||||
/** |
||||
* 列出插件提供的所有测试检查器 |
||||
*/ |
||||
public static List<Class<? extends JavaCheck>> testCheckClasses() { |
||||
return RulesList.getJavaTestChecks(); |
||||
} |
||||
} |
@ -0,0 +1,87 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java.rules; |
||||
|
||||
import org.sonar.api.SonarEdition; |
||||
import org.sonar.api.SonarProduct; |
||||
import org.sonar.api.SonarQubeSide; |
||||
import org.sonar.api.SonarRuntime; |
||||
import org.sonar.api.server.rule.RulesDefinition; |
||||
import org.sonar.api.utils.Version; |
||||
import org.sonarsource.analyzer.commons.RuleMetadataLoader; |
||||
|
||||
import java.util.ArrayList; |
||||
import java.util.Collections; |
||||
import java.util.Objects; |
||||
import java.util.Set; |
||||
|
||||
/** |
||||
* 用于定义出现在规则页面中规则的元数据 |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
public class JavaSecurityDesignRulesRepository implements RulesDefinition { |
||||
// 不要修改这个值,因为路径在 CheckVerifier 中是硬编码的
|
||||
private static final String RESOURCE_BASE_PATH = "org/sonar/l10n/java/rules/java"; |
||||
|
||||
public static final String REPOSITORY_KEY = "keyware-java-security-design"; |
||||
public static final String REPOSITORY_NAME = "Java安全性设计准则"; |
||||
|
||||
// 添加需要视为模板规则的规则的规则键
|
||||
private static final Set<String> RULE_TEMPLATES_KEY = Collections.emptySet(); |
||||
|
||||
private final SonarRuntime runtime; |
||||
|
||||
public JavaSecurityDesignRulesRepository(SonarRuntime runtime) { |
||||
this.runtime = runtime; |
||||
} |
||||
|
||||
@Override |
||||
public void define(RulesDefinition.Context context) { |
||||
RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "java").setName(REPOSITORY_NAME); |
||||
|
||||
RuleMetadataLoader ruleMetadataLoader = new RuleMetadataLoader(RESOURCE_BASE_PATH, runtime); |
||||
|
||||
ruleMetadataLoader.addRulesByAnnotatedClass(repository, new ArrayList<>(RulesList.getChecks())); |
||||
|
||||
setTemplates(repository); |
||||
|
||||
repository.done(); |
||||
} |
||||
|
||||
private static void setTemplates(RulesDefinition.NewRepository repository) { |
||||
RULE_TEMPLATES_KEY.stream() |
||||
.map(repository::rule) |
||||
.filter(Objects::nonNull) |
||||
.forEach(rule -> rule.setTemplate(true)); |
||||
} |
||||
|
||||
|
||||
public static class MockedSonarRuntime implements SonarRuntime { |
||||
|
||||
@Override |
||||
public Version getApiVersion() { |
||||
return Version.create(9, 9); |
||||
} |
||||
|
||||
@Override |
||||
public SonarProduct getProduct() { |
||||
return SonarProduct.SONARQUBE; |
||||
} |
||||
|
||||
@Override |
||||
public SonarQubeSide getSonarQubeSide() { |
||||
return SonarQubeSide.SCANNER; |
||||
} |
||||
|
||||
@Override |
||||
public SonarEdition getEdition() { |
||||
return SonarEdition.COMMUNITY; |
||||
} |
||||
} |
||||
} |
@ -0,0 +1,54 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java.rules; |
||||
|
||||
import com.keyware.sonar.java.rules.checkers.ABCVarNameChecker; |
||||
import org.sonar.plugins.java.api.JavaCheck; |
||||
|
||||
import java.util.ArrayList; |
||||
import java.util.Arrays; |
||||
import java.util.Collections; |
||||
import java.util.List; |
||||
|
||||
public final class RulesList { |
||||
|
||||
private RulesList() { |
||||
} |
||||
|
||||
public static List<Class<? extends JavaCheck>> getChecks() { |
||||
List<Class<? extends JavaCheck>> checks = new ArrayList<>(); |
||||
checks.addAll(getJavaChecks()); |
||||
checks.addAll(getJavaTestChecks()); |
||||
return Collections.unmodifiableList(checks); |
||||
} |
||||
|
||||
/** |
||||
* These rules are going to target MAIN code only |
||||
*/ |
||||
public static List<Class<? extends JavaCheck>> getJavaChecks() { |
||||
return Collections.unmodifiableList(Arrays.asList( |
||||
ABCVarNameChecker.class |
||||
/*SpringControllerRequestMappingEntityRule.class, |
||||
AvoidAnnotationRule.class, |
||||
AvoidBrandInMethodNamesRule.class, |
||||
AvoidMethodDeclarationRule.class, |
||||
AvoidSuperClassRule.class, |
||||
AvoidTreeListRule.class, |
||||
MyCustomSubscriptionRule.class, |
||||
SecurityAnnotationMandatoryRule.class*/ |
||||
)); |
||||
} |
||||
|
||||
/** |
||||
* These rules are going to target TEST code only |
||||
*/ |
||||
public static List<Class<? extends JavaCheck>> getJavaTestChecks() { |
||||
return Collections.unmodifiableList(Arrays.asList( |
||||
/*NoIfStatementInTestsRule.class*/ |
||||
)); |
||||
} |
||||
} |
@ -0,0 +1,40 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java.rules.checkers; |
||||
|
||||
import org.sonar.check.Rule; |
||||
import org.sonar.java.ast.visitors.SubscriptionVisitor; |
||||
import org.sonar.plugins.java.api.tree.Tree; |
||||
import org.sonar.plugins.java.api.tree.VariableTree; |
||||
|
||||
import java.util.Collections; |
||||
import java.util.List; |
||||
|
||||
/** |
||||
* TODO ABCVarNameChecker |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
@Rule(key = "ABCVarNameChecker") |
||||
public class ABCVarNameChecker extends SubscriptionVisitor { |
||||
|
||||
@Override |
||||
public List<Tree.Kind> nodesToVisit() { |
||||
return Collections.singletonList( |
||||
Tree.Kind.VARIABLE |
||||
); |
||||
} |
||||
|
||||
@Override |
||||
public void visitNode(Tree tree) { |
||||
VariableTree node = (VariableTree) tree; |
||||
if (node.simpleName().name().matches("ABC")) { |
||||
context.reportIssue(this, node.simpleName(), "不能使用ABC作为变量名"); |
||||
} |
||||
} |
||||
} |
@ -0,0 +1,4 @@ |
||||
Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
项目名称:${project.name} |
||||
项目描述:${project.description} |
||||
版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
@ -0,0 +1,9 @@ |
||||
<p>不能使用ABC作为变量名</p> |
||||
<h2>不能使用ABC作为变量名</h2> |
||||
<pre> |
||||
|
||||
</pre> |
||||
<h2>合规解决方案</h2> |
||||
<pre> |
||||
|
||||
</pre> |
@ -0,0 +1,13 @@ |
||||
{ |
||||
"title": "不能使用ABC作为变量名", |
||||
"type": "CODE_SMELL", |
||||
"status": "ready", |
||||
"remediation": { |
||||
"func": "Constant\/Issue", |
||||
"constantCost": "5min" |
||||
}, |
||||
"tags": [ |
||||
"28suo" |
||||
], |
||||
"defaultSeverity": "Minor" |
||||
} |
@ -0,0 +1,11 @@ |
||||
class VarNameRule{ |
||||
private static String ABC = "abc"; // Noncompliant {{不能使用ABC作为变量名}}
|
||||
private static String edf = "edf"; |
||||
|
||||
public String getABC(){ |
||||
return ABC; |
||||
} |
||||
public void test(){ |
||||
System.out.println(ABC); |
||||
} |
||||
} |
@ -0,0 +1,55 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java; |
||||
|
||||
import org.junit.jupiter.api.Test; |
||||
import org.sonar.api.*; |
||||
import org.sonar.api.utils.Version; |
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat; |
||||
|
||||
/** |
||||
* TODO JavaSecurityDesignRulesPluginTest |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
public class JavaSecurityDesignRulesPluginTest { |
||||
@Test |
||||
void testName() { |
||||
Plugin.Context context = new Plugin.Context(new MockedSonarRuntime()); |
||||
|
||||
new JavaSecurityDesignRulesPlugin().define(context); |
||||
|
||||
assertThat(context.getExtensions()) |
||||
.extracting(ext -> ((Class) ext).getSimpleName()) |
||||
.containsExactlyInAnyOrder("JavaSecurityDesignRulesRepository", "JavaFileCheckRegistrar"); |
||||
} |
||||
|
||||
public static class MockedSonarRuntime implements SonarRuntime { |
||||
|
||||
@Override |
||||
public Version getApiVersion() { |
||||
return Version.create(9, 9); |
||||
} |
||||
|
||||
@Override |
||||
public SonarProduct getProduct() { |
||||
return SonarProduct.SONARQUBE; |
||||
} |
||||
|
||||
@Override |
||||
public SonarQubeSide getSonarQubeSide() { |
||||
return SonarQubeSide.SCANNER; |
||||
} |
||||
|
||||
@Override |
||||
public SonarEdition getEdition() { |
||||
return SonarEdition.COMMUNITY; |
||||
} |
||||
} |
||||
} |
@ -0,0 +1,63 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java.rules; |
||||
|
||||
import org.junit.jupiter.api.Test; |
||||
import org.sonar.api.rule.RuleKey; |
||||
import org.sonar.java.checks.verifier.TestCheckRegistrarContext; |
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat; |
||||
|
||||
/** |
||||
* TODO JavaFileCheckRegistrarTest |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
public class JavaFileCheckRegistrarTest { |
||||
|
||||
@Test |
||||
void checkRegisteredRulesKeysAndClasses() { |
||||
TestCheckRegistrarContext context = new TestCheckRegistrarContext(); |
||||
|
||||
JavaFileCheckRegistrar registrar = new JavaFileCheckRegistrar(); |
||||
registrar.register(context); |
||||
|
||||
assertThat(context.mainRuleKeys).extracting(RuleKey::toString).containsExactly( |
||||
/*"mycompany-java:SpringControllerRequestMappingEntity", |
||||
"mycompany-java:AvoidAnnotation", |
||||
"mycompany-java:AvoidBrandInMethodNames", |
||||
"mycompany-java:AvoidMethodDeclaration", |
||||
"mycompany-java:AvoidSuperClass", |
||||
"mycompany-java:AvoidTreeList", |
||||
"mycompany-java:AvoidMethodWithSameTypeInArgument", |
||||
"mycompany-java:SecurityAnnotationMandatory"*/ |
||||
"keyware-java-security-design:ABCVarNameChecker" |
||||
); |
||||
|
||||
assertThat(context.mainCheckClasses).extracting(Class::getSimpleName).containsExactly( |
||||
/*"SpringControllerRequestMappingEntityRule", |
||||
"AvoidAnnotationRule", |
||||
"AvoidBrandInMethodNamesRule", |
||||
"AvoidMethodDeclarationRule", |
||||
"AvoidSuperClassRule", |
||||
"AvoidTreeListRule", |
||||
"MyCustomSubscriptionRule", |
||||
"SecurityAnnotationMandatoryRule"*/ |
||||
"ABCVarNameChecker" |
||||
); |
||||
|
||||
assertThat(context.testRuleKeys).extracting(RuleKey::toString).containsExactly( |
||||
/*"mycompany-java:NoIfStatementInTests"*/ |
||||
); |
||||
|
||||
assertThat(context.testCheckClasses).extracting(Class::getSimpleName).containsExactly( |
||||
/*"NoIfStatementInTestsRule"*/ |
||||
); |
||||
} |
||||
|
||||
} |
@ -0,0 +1,65 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java.rules; |
||||
|
||||
import org.junit.jupiter.api.Test; |
||||
import org.sonar.api.rules.RuleType; |
||||
import org.sonar.api.server.debt.DebtRemediationFunction; |
||||
import org.sonar.api.server.rule.RuleParamType; |
||||
import org.sonar.api.server.rule.RulesDefinition; |
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat; |
||||
|
||||
/** |
||||
* TODO JavaSecurityDesignRulesRepositoryTest |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
public class JavaSecurityDesignRulesRepositoryTest { |
||||
|
||||
@Test |
||||
void test() { |
||||
JavaSecurityDesignRulesRepository rulesDefinition = new JavaSecurityDesignRulesRepository(new JavaSecurityDesignRulesRepository.MockedSonarRuntime()); |
||||
RulesDefinition.Context context = new RulesDefinition.Context(); |
||||
rulesDefinition.define(context); |
||||
RulesDefinition.Repository repository = context.repository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY); |
||||
|
||||
assertThat(repository.name()).isEqualTo(JavaSecurityDesignRulesRepository.REPOSITORY_NAME); |
||||
assertThat(repository.language()).isEqualTo("java"); |
||||
assertThat(repository.rules()).hasSize(RulesList.getChecks().size()); |
||||
assertThat(repository.rules().stream().filter(RulesDefinition.Rule::template)).isEmpty(); |
||||
|
||||
//assertRuleProperties(repository);
|
||||
// assertParameterProperties(repository);
|
||||
// assertAllRuleParametersHaveDescription(repository);
|
||||
} |
||||
|
||||
private static void assertParameterProperties(RulesDefinition.Repository repository) { |
||||
RulesDefinition.Param max = repository.rule("AvoidAnnotation").param("name"); |
||||
assertThat(max).isNotNull(); |
||||
assertThat(max.defaultValue()).isEqualTo("Inject"); |
||||
assertThat(max.description()).isEqualTo("Name of the annotation to avoid, without the prefix @, for instance 'Override'"); |
||||
assertThat(max.type()).isEqualTo(RuleParamType.STRING); |
||||
} |
||||
|
||||
private static void assertRuleProperties(RulesDefinition.Repository repository) { |
||||
RulesDefinition.Rule rule = repository.rule("AvoidAnnotation"); |
||||
assertThat(rule).isNotNull(); |
||||
assertThat(rule.name()).isEqualTo("Title of AvoidAnnotation"); |
||||
assertThat(rule.debtRemediationFunction().type()).isEqualTo(DebtRemediationFunction.Type.CONSTANT_ISSUE); |
||||
assertThat(rule.type()).isEqualTo(RuleType.CODE_SMELL); |
||||
} |
||||
|
||||
private static void assertAllRuleParametersHaveDescription(RulesDefinition.Repository repository) { |
||||
for (RulesDefinition.Rule rule : repository.rules()) { |
||||
for (RulesDefinition.Param param : rule.params()) { |
||||
assertThat(param.description()).as("description for " + param.key()).isNotEmpty(); |
||||
} |
||||
} |
||||
} |
||||
} |
@ -0,0 +1,36 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java.rules.checkers; |
||||
|
||||
import com.keyware.sonar.java.utils.FilesUtils; |
||||
import org.junit.jupiter.api.Test; |
||||
import org.sonar.java.checks.verifier.CheckVerifier; |
||||
|
||||
/** |
||||
* TODO ABCVarNameCheckerTest |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
public class ABCVarNameCheckerTest { |
||||
@Test |
||||
void detected() { |
||||
|
||||
|
||||
ABCVarNameChecker rule = new ABCVarNameChecker(); |
||||
|
||||
|
||||
// Verifies that the check will raise the adequate issues with the expected message.
|
||||
// In the test file, lines which should raise an issue have been commented out
|
||||
// by using the following syntax: "// Noncompliant {{EXPECTED_MESSAGE}}"
|
||||
CheckVerifier.newVerifier() |
||||
.onFile("src/test/files/ABCVarNameRule.java") |
||||
.withCheck(rule) |
||||
.withClassPath(FilesUtils.getClassPath("target/test-jars")) |
||||
.verifyIssues(); |
||||
} |
||||
} |
@ -0,0 +1,75 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:Java 信息安全性设计准则 |
||||
* 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.java.utils; |
||||
|
||||
import java.io.File; |
||||
import java.io.IOException; |
||||
import java.nio.file.*; |
||||
import java.nio.file.attribute.BasicFileAttributes; |
||||
import java.util.ArrayList; |
||||
import java.util.LinkedList; |
||||
import java.util.List; |
||||
|
||||
/** |
||||
* Duplicates org.sonar.java.checks.verifier.FilesUtils to locate test jars within the custom-rules plugin |
||||
*/ |
||||
public class FilesUtils { |
||||
|
||||
private FilesUtils() { |
||||
} |
||||
|
||||
/** |
||||
* Default location of the jars/zips to be taken into account when performing the analysis. |
||||
*/ |
||||
private static final String DEFAULT_TEST_JARS_DIRECTORY = "target/test-jars"; |
||||
|
||||
public static List<File> getClassPath(String jarsDirectory) { |
||||
List<File> classpath = new LinkedList<>(); |
||||
Path testJars = Paths.get(jarsDirectory); |
||||
if (testJars.toFile().exists()) { |
||||
classpath = getFilesRecursively(testJars, "jar", "zip"); |
||||
} else if (!DEFAULT_TEST_JARS_DIRECTORY.equals(jarsDirectory)) { |
||||
throw new AssertionError("The directory to be used to extend class path does not exists (" |
||||
+ testJars.toAbsolutePath() |
||||
+ ")."); |
||||
} |
||||
classpath.add(new File("target/test-classes")); |
||||
return classpath; |
||||
} |
||||
|
||||
private static List<File> getFilesRecursively(Path root, String... extensions) { |
||||
final List<File> files = new ArrayList<>(); |
||||
|
||||
FileVisitor<Path> visitor = new SimpleFileVisitor<Path>() { |
||||
@Override |
||||
public FileVisitResult visitFile(Path filePath, BasicFileAttributes attrs) { |
||||
for (String extension : extensions) { |
||||
if (filePath.toString().endsWith("." |
||||
+ extension)) { |
||||
files.add(filePath.toFile()); |
||||
break; |
||||
} |
||||
} |
||||
return FileVisitResult.CONTINUE; |
||||
} |
||||
|
||||
@Override |
||||
public FileVisitResult visitFileFailed(Path file, IOException exc) { |
||||
return FileVisitResult.CONTINUE; |
||||
} |
||||
}; |
||||
|
||||
try { |
||||
Files.walkFileTree(root, visitor); |
||||
} catch (IOException e) { |
||||
// we already ignore errors in the visitor
|
||||
} |
||||
|
||||
return files; |
||||
} |
||||
|
||||
} |
Loading…
Reference in new issue