sonarqube插件基础框架

.gitignore

@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "sonar-dependencies/sonar-cxx"]
+	path = sonar-dependencies/sonar-cxx
+	url = https://github.com/SonarOpenCommunity/sonar-cxx.git
+[submodule "sonar-dependencies/sonar-java"]
+	path = sonar-dependencies/sonar-java
+	url = https://github.com/SonarSource/sonar-java.git

pom.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.sonarsource.java</groupId>
+        <artifactId>java</artifactId>
+        <version>7.30.1.34514</version>
+    </parent>
+
+    <groupId>com.keyware.sonar</groupId>
+    <artifactId>sonar-keyware</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>pom</packaging>
+
+    <properties>
+        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.target>11</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <modules>
+        <module>sonar-dependencies</module>
+        <module>sonar-keyware-plugins</module>
+    </modules>
+    <dependencyManagement>
+        <dependencies>
+
+        </dependencies>
+    </dependencyManagement>
+    <dependencies>
+
+    </dependencies>
+</project>

sonar-dependencies/pom.xml

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.keyware.sonar</groupId>
+        <artifactId>sonar-keyware</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>sonar-dependencies</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>pom</packaging>
+
+    <modules>
+        <!--<module>sonar-cxx</module>-->
+        <module>sonar-java</module>
+    </modules>
+
+    <properties>
+
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+        </dependencies>
+    </dependencyManagement>
+</project>

sonar-dependencies/sonar-cxx

@@ -0,0 +1 @@
+Subproject commit dd3c88c7343f3a44c5172dc4499b361dda028d85

sonar-dependencies/sonar-java

@@ -0,0 +1 @@
+Subproject commit 0d3165c6aebe18052b1d97893a2e3da85e6d9b41

sonar-keyware-plugins/pom.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.keyware.sonar</groupId>
+        <artifactId>sonar-keyware</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>sonar-keyware-plugins</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>pom</packaging>
+
+    <modules>
+        <module>sonar-keyware-plugins-java</module>
+        <module>sonar-keyware-plugins-cxx</module>
+    </modules>
+
+</project>

sonar-keyware-plugins/sonar-keyware-plugins-cxx/pom.xml

@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.keyware.sonar</groupId>
+        <artifactId>sonar-keyware-plugins</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+
+    <name>C++ 信息安全性设计准则</name>
+    <artifactId>sonar-keyware-plugins-cxx</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <description>用于检查C++源代码的安全性设计准则的Sonarqube插件</description>
+
+    <properties>
+        <java.version>11</java.version>
+        <commons-io.version>2.15.1</commons-io.version>
+        <commons-lang.version>2.6</commons-lang.version>
+        <!-- we depend on API ${sonar.version} but we keep backward compatibility with LTS -->
+        <sonar.version>9.9.0.65466</sonar.version>
+        <sonar.plugin.api.version>9.14.0.375</sonar.plugin.api.version>
+        <sonarQubeMinVersion>8.9</sonarQubeMinVersion>
+        <gson.version>2.10.1</gson.version>
+        <guava.version>33.0.0-jre</guava.version>
+        <jsr305.version>3.0.2</jsr305.version>
+        <mockito-all.version>1.10.19</mockito-all.version>
+        <mockito-core.version>5.8.0</mockito-core.version>
+        <assertj-core.version>3.24.2</assertj-core.version>
+        <junit-jupiter.version>5.10.1</junit-jupiter.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+            <artifactId>cxx-sslr-toolkit</artifactId>
+            <systemPath>${project.basedir}/libs/cxx-sslr-toolkit-2.1.1.488.jar</systemPath>
+            <version>2.1.1.488</version>
+            <scope>system</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+            <artifactId>sonar-cxx-plugin</artifactId>
+            <systemPath>${project.basedir}/libs/sonar-cxx-plugin-2.1.1.488.jar</systemPath>
+            <version>2.1.1.488</version>
+            <scope>system</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.sonarsource.api.plugin</groupId>
+            <artifactId>sonar-plugin-api</artifactId>
+            <version>${sonar.plugin.api.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.sonarsource.sonarqube</groupId>
+            <artifactId>sonar-plugin-api-impl</artifactId>
+            <version>${sonar.version}</version>
+            <scope>compile</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>${commons-io.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <version>${commons-lang.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.code.findbugs</groupId>
+            <artifactId>jsr305</artifactId>
+            <version>${jsr305.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>${guava.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>${gson.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>${mockito-core.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <version>${assertj-core.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <version>${junit-jupiter.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <version>${junit-jupiter.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
+                <artifactId>sonar-packaging-maven-plugin</artifactId>
+                <configuration>
+                    <sonarQubeMinVersion>${sonarQubeMinVersion}</sonarQubeMinVersion>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>com.mycila</groupId>
+                <artifactId>license-maven-plugin</artifactId>
+                <configuration>
+                    <header>${project.basedir}/src/main/resources/license-header.txt</header>
+                    <!--排除文件-->
+                    <excludes>
+                        <exclude>**/*.properties</exclude>
+                        <exclude>*.sh</exclude>
+                        <exclude>*.yml</exclude>
+                        <exclude>.editorconfig</exclude>
+                        <exclude>.gitignore</exclude>
+                        <exclude>**/*.md</exclude>
+                        <exclude>**/*.xml</exclude>
+                    </excludes>
+                </configuration>
+            </plugin>
+        </plugins>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+                <excludes>
+                    <exclude>com/sonar/sqale/cxx-model-project*</exclude>
+                    <exclude>external/*</exclude>
+                </excludes>
+            </resource>
+        </resources>
+    </build>
+</project>

sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSecurityDesignRulesPlugin.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：C++ 信息安全性设计准则
+ * 项目描述：用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx;
+
+import com.keyware.sonar.cxx.rules.CxxSecurityDesignRulesRepository;
+import org.sonar.api.Plugin;
+import org.sonar.plugins.cxx.CxxLanguage;
+
+/**
+ * TODO CxxSecurityDesignRulesPlugin
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class CxxSecurityDesignRulesPlugin implements Plugin {
+    @Override
+    public void define(Context context) {
+        context.addExtension(CxxLanguage.class);
+        context.addExtension(CxxSecurityDesignRulesRepository.class);
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/CxxSecurityDesignRulesRepository.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：C++ 信息安全性设计准则
+ * 项目描述：用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx.rules;
+
+import org.sonar.api.SonarEdition;
+import org.sonar.api.SonarProduct;
+import org.sonar.api.SonarQubeSide;
+import org.sonar.api.SonarRuntime;
+import org.sonar.api.config.internal.MapSettings;
+import org.sonar.api.resources.Language;
+import org.sonar.api.server.rule.RulesDefinition;
+import org.sonar.api.utils.Version;
+import org.sonar.plugins.cxx.CustomCxxRulesDefinition;
+import org.sonar.plugins.cxx.CxxLanguage;
+
+import java.util.Collections;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * TODO CxxSecurityDesignRulesRepository
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class CxxSecurityDesignRulesRepository extends CustomCxxRulesDefinition {
+    // 不要修改这个值，因为路径在 CheckVerifier 中是硬编码的
+    private static final String RESOURCE_BASE_PATH = "org/sonar/l10n/java/rules/java";
+
+    public static final String REPOSITORY_KEY = "keyware-cxx-security-design";
+    public static final String REPOSITORY_NAME = "C++ 安全性设计准则";
+
+
+    // 添加需要视为模板规则的规则的规则键
+    private static final Set<String> RULE_TEMPLATES_KEY = Collections.emptySet();
+
+    private final SonarRuntime runtime;
+
+    public CxxSecurityDesignRulesRepository(SonarRuntime runtime) {
+        this.runtime = runtime;
+    }
+
+    @Override
+    public void define(RulesDefinition.Context context) {
+        RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "cxx").setName(REPOSITORY_NAME);
+
+
+
+        setTemplates(repository);
+
+        repository.done();
+    }
+
+    @Override
+    public Language getLanguage() {
+        return new CxxLanguage(new MapSettings().asConfig());
+    }
+
+    @Override
+    public String repositoryName() {
+        return REPOSITORY_NAME;
+    }
+
+    @Override
+    public String repositoryKey() {
+        return REPOSITORY_KEY;
+    }
+
+    @Override
+    public Class[] checkClasses() {
+        return new Class[0];
+    }
+
+    private static void setTemplates(RulesDefinition.NewRepository repository) {
+        RULE_TEMPLATES_KEY.stream()
+                .map(repository::rule)
+                .filter(Objects::nonNull)
+                .forEach(rule -> rule.setTemplate(true));
+    }
+
+
+    public static class MockedSonarRuntime implements SonarRuntime {
+
+        @Override
+        public Version getApiVersion() {
+            return Version.create(9, 9);
+        }
+
+        @Override
+        public SonarProduct getProduct() {
+            return SonarProduct.SONARQUBE;
+        }
+
+        @Override
+        public SonarQubeSide getSonarQubeSide() {
+            return SonarQubeSide.SCANNER;
+        }
+
+        @Override
+        public SonarEdition getEdition() {
+            return SonarEdition.COMMUNITY;
+        }
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/DemoChecker.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：C++ 信息安全性设计准则
+ * 项目描述：用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx.rules.checkers;
+
+import com.sonar.cxx.sslr.api.AstNode;
+import com.sonar.cxx.sslr.api.Grammar;
+import org.sonar.check.Priority;
+import org.sonar.check.Rule;
+import org.sonar.cxx.parser.CxxGrammarImpl;
+import org.sonar.cxx.squidbridge.SquidAstVisitor;
+import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
+import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
+
+/**
+ * TODO DemoChecker
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+@Rule(key = "DemoChecker", name = "DemoChecker", description = "DemoChecker", priority = Priority.INFO, tags = {"28Suo"})
+@ActivatedByDefault
+@SqaleConstantRemediation("5min")
+public class DemoChecker extends SquidAstVisitor<Grammar> {
+    @Override
+    public void init() {
+        this.subscribeTo(
+                CxxGrammarImpl.functionDefinition
+        );
+    }
+
+    @Override
+    public void visitNode(AstNode astNode) {
+        super.visitNode(astNode);
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-cxx/src/main/resources/license-header.txt

@@ -0,0 +1,4 @@
+Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+项目名称：${project.name}
+项目描述：${project.description}
+版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。

sonar-keyware-plugins/sonar-keyware-plugins-java/pom.xml

@@ -0,0 +1,244 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.keyware.sonar</groupId>
+        <artifactId>sonar-keyware-plugins</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+
+    <name>Java 信息安全性设计准则</name>
+    <artifactId>sonar-keyware-plugins-java</artifactId>
+    <packaging>sonar-plugin</packaging>
+    <version>1.0-SNAPSHOT</version>
+    <description>用于检查Java源代码的安全性设计准则的Sonarqube插件</description>
+
+    <properties>
+        <jacoco.version>0.8.10</jacoco.version>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.sonarsource.java</groupId>
+            <artifactId>sonar-java-plugin</artifactId>
+            <version>7.30.1.34514</version>
+            <type>sonar-plugin</type>
+            <scope>compile</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.sonarsource.api.plugin</groupId>
+            <artifactId>sonar-plugin-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.sonarsource.analyzer-commons</groupId>
+            <artifactId>sonar-analyzer-commons</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- unit tests -->
+        <dependency>
+            <groupId>org.sonarsource.api.plugin</groupId>
+            <artifactId>sonar-plugin-api-test-fixtures</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.sonarsource.sonarqube</groupId>
+            <artifactId>sonar-plugin-api-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.sonarsource.java</groupId>
+            <artifactId>test-classpath-reader</artifactId>
+            <version>7.30.1.34514</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.sonarsource.java</groupId>
+            <artifactId>java-checks-testkit</artifactId>
+            <version>7.30.1.34514</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-migrationsupport</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
+                <artifactId>sonar-packaging-maven-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <pluginKey>keyware-java-plugin</pluginKey>
+                    <pluginName>Java 安全性设计准则</pluginName>
+                    <pluginClass>com.keyware.sonar.java.JavaSecurityDesignRulesPlugin</pluginClass>
+                    <sonarLintSupported>true</sonarLintSupported>
+                    <skipDependenciesPackaging>true</skipDependenciesPackaging>
+                    <pluginApiMinVersion>9.14.0.375</pluginApiMinVersion>
+                    <requirePlugins>java:${project.version}</requirePlugins>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <configuration>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>11</source>
+                    <target>11</target>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.jacoco</groupId>
+                <artifactId>jacoco-maven-plugin</artifactId>
+                <version>${jacoco.version}</version>
+                <executions>
+                    <execution>
+                        <id>prepare-agent</id>
+                        <goals>
+                            <goal>prepare-agent</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>report</id>
+                        <goals>
+                            <goal>report</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <!-- only required to run UT - these are UT dependencies -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>test-compile</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.slf4j</groupId>
+                                    <artifactId>slf4j-api</artifactId>
+                                    <version>1.7.30</version>
+                                    <type>jar</type>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.commons</groupId>
+                                    <artifactId>commons-collections4</artifactId>
+                                    <version>4.0</version>
+                                    <type>jar</type>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>javax</groupId>
+                                    <artifactId>javaee-api</artifactId>
+                                    <version>6.0</version>
+                                    <type>jar</type>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.springframework</groupId>
+                                    <artifactId>spring-webmvc</artifactId>
+                                    <version>4.3.3.RELEASE</version>
+                                    <type>jar</type>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.springframework</groupId>
+                                    <artifactId>spring-web</artifactId>
+                                    <version>4.3.3.RELEASE</version>
+                                    <type>jar</type>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.springframework</groupId>
+                                    <artifactId>spring-context</artifactId>
+                                    <version>4.3.3.RELEASE</version>
+                                    <type>jar</type>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>junit</groupId>
+                                    <artifactId>junit</artifactId>
+                                    <version>4.13.2</version>
+                                    <type>jar</type>
+                                </artifactItem>
+                            </artifactItems>
+                            <outputDirectory>${project.build.directory}/test-jars</outputDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>com.mycila</groupId>
+                <artifactId>license-maven-plugin</artifactId>
+                <configuration>
+                    <header>${project.basedir}/src/main/resources/license-header.txt</header>
+                    <!--排除文件-->
+                    <excludes>
+                        <exclude>**/*.properties</exclude>
+                        <exclude>*.sh</exclude>
+                        <exclude>*.yml</exclude>
+                        <exclude>.editorconfig</exclude>
+                        <exclude>.gitignore</exclude>
+                        <exclude>**/*.md</exclude>
+                        <exclude>**/*.xml</exclude>
+                    </excludes>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java;
+
+import com.keyware.sonar.java.rules.JavaFileCheckRegistrar;
+import com.keyware.sonar.java.rules.JavaSecurityDesignRulesRepository;
+import org.sonar.api.Plugin;
+
+/**
+ * Java 安全性设计准则插件
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaSecurityDesignRulesPlugin implements Plugin {
+    @Override
+    public void define(Context context) {
+        // 服务器扩展 - >对象在服务器启动期间实例化
+        context.addExtension(JavaSecurityDesignRulesRepository.class);
+
+        // 批处理扩展 - >对象在代码分析期间实例化
+        context.addExtension(JavaFileCheckRegistrar.class);
+
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import org.sonar.plugins.java.api.CheckRegistrar;
+import org.sonar.plugins.java.api.JavaCheck;
+import org.sonarsource.api.sonarlint.SonarLintSide;
+
+import java.util.List;
+
+/**
+ * 负责将java规则检查器注册到SonarQube中
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+@SonarLintSide
+public class JavaFileCheckRegistrar implements CheckRegistrar {
+    /**
+     * 注册将用于在分析期间实例化检查的类。
+     */
+    @Override
+    public void register(RegistrarContext registrarContext) {
+        // 调用 registerClassesForRepository 以将类与正确的存储库密钥相关联
+        registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, checkClasses(), testCheckClasses());
+    }
+
+    /**
+     * 列出插件提供的所有主检查器
+     */
+    public static List<Class<? extends JavaCheck>> checkClasses() {
+        return RulesList.getJavaChecks();
+    }
+
+    /**
+     * 列出插件提供的所有测试检查器
+     */
+    public static List<Class<? extends JavaCheck>> testCheckClasses() {
+        return RulesList.getJavaTestChecks();
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java

@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import org.sonar.api.SonarEdition;
+import org.sonar.api.SonarProduct;
+import org.sonar.api.SonarQubeSide;
+import org.sonar.api.SonarRuntime;
+import org.sonar.api.server.rule.RulesDefinition;
+import org.sonar.api.utils.Version;
+import org.sonarsource.analyzer.commons.RuleMetadataLoader;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * 用于定义出现在规则页面中规则的元数据
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaSecurityDesignRulesRepository implements RulesDefinition {
+    // 不要修改这个值，因为路径在 CheckVerifier 中是硬编码的
+    private static final String RESOURCE_BASE_PATH = "org/sonar/l10n/java/rules/java";
+
+    public static final String REPOSITORY_KEY = "keyware-java-security-design";
+    public static final String REPOSITORY_NAME = "Java安全性设计准则";
+
+    // 添加需要视为模板规则的规则的规则键
+    private static final Set<String> RULE_TEMPLATES_KEY = Collections.emptySet();
+
+    private final SonarRuntime runtime;
+
+    public JavaSecurityDesignRulesRepository(SonarRuntime runtime) {
+        this.runtime = runtime;
+    }
+
+    @Override
+    public void define(RulesDefinition.Context context) {
+        RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "java").setName(REPOSITORY_NAME);
+
+        RuleMetadataLoader ruleMetadataLoader = new RuleMetadataLoader(RESOURCE_BASE_PATH, runtime);
+
+        ruleMetadataLoader.addRulesByAnnotatedClass(repository, new ArrayList<>(RulesList.getChecks()));
+
+        setTemplates(repository);
+
+        repository.done();
+    }
+
+    private static void setTemplates(RulesDefinition.NewRepository repository) {
+        RULE_TEMPLATES_KEY.stream()
+                .map(repository::rule)
+                .filter(Objects::nonNull)
+                .forEach(rule -> rule.setTemplate(true));
+    }
+
+
+    public static class MockedSonarRuntime implements SonarRuntime {
+
+        @Override
+        public Version getApiVersion() {
+            return Version.create(9, 9);
+        }
+
+        @Override
+        public SonarProduct getProduct() {
+            return SonarProduct.SONARQUBE;
+        }
+
+        @Override
+        public SonarQubeSide getSonarQubeSide() {
+            return SonarQubeSide.SCANNER;
+        }
+
+        @Override
+        public SonarEdition getEdition() {
+            return SonarEdition.COMMUNITY;
+        }
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import com.keyware.sonar.java.rules.checkers.ABCVarNameChecker;
+import org.sonar.plugins.java.api.JavaCheck;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+public final class RulesList {
+
+    private RulesList() {
+    }
+
+    public static List<Class<? extends JavaCheck>> getChecks() {
+        List<Class<? extends JavaCheck>> checks = new ArrayList<>();
+        checks.addAll(getJavaChecks());
+        checks.addAll(getJavaTestChecks());
+        return Collections.unmodifiableList(checks);
+    }
+
+    /**
+     * These rules are going to target MAIN code only
+     */
+    public static List<Class<? extends JavaCheck>> getJavaChecks() {
+        return Collections.unmodifiableList(Arrays.asList(
+                ABCVarNameChecker.class
+                /*SpringControllerRequestMappingEntityRule.class,
+                AvoidAnnotationRule.class,
+                AvoidBrandInMethodNamesRule.class,
+                AvoidMethodDeclarationRule.class,
+                AvoidSuperClassRule.class,
+                AvoidTreeListRule.class,
+                MyCustomSubscriptionRule.class,
+                SecurityAnnotationMandatoryRule.class*/
+        ));
+    }
+
+    /**
+     * These rules are going to target TEST code only
+     */
+    public static List<Class<? extends JavaCheck>> getJavaTestChecks() {
+        return Collections.unmodifiableList(Arrays.asList(
+                /*NoIfStatementInTestsRule.class*/
+        ));
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules.checkers;
+
+import org.sonar.check.Rule;
+import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.tree.Tree;
+import org.sonar.plugins.java.api.tree.VariableTree;
+
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * TODO ABCVarNameChecker
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+@Rule(key = "ABCVarNameChecker")
+public class ABCVarNameChecker extends SubscriptionVisitor {
+
+    @Override
+    public List<Tree.Kind> nodesToVisit() {
+        return Collections.singletonList(
+                Tree.Kind.VARIABLE
+        );
+    }
+
+    @Override
+    public void visitNode(Tree tree) {
+        VariableTree node = (VariableTree) tree;
+        if (node.simpleName().name().matches("ABC")) {
+            context.reportIssue(this, node.simpleName(), "不能使用ABC作为变量名");
+        }
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/license-header.txt

@@ -0,0 +1,4 @@
+Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+项目名称：${project.name}
+项目描述：${project.description}
+版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。

sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/ABCVarNameChecker.html

@@ -0,0 +1,9 @@
+<p>不能使用ABC作为变量名</p>
+<h2>不能使用ABC作为变量名</h2>
+<pre>
+
+</pre>
+<h2>合规解决方案</h2>
+<pre>
+
+</pre>

sonar-keyware-plugins/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/ABCVarNameChecker.json

@@ -0,0 +1,13 @@
+{
+  "title": "不能使用ABC作为变量名",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "28suo"
+  ],
+  "defaultSeverity": "Minor"
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/files/ABCVarNameRule.java

@@ -0,0 +1,11 @@
+class VarNameRule{
+    private static String ABC = "abc"; // Noncompliant {{不能使用ABC作为变量名}}
+    private static String edf = "edf";
+
+    public String getABC(){
+        return ABC;
+    }
+    public void test(){
+        System.out.println(ABC);
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.api.*;
+import org.sonar.api.utils.Version;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * TODO JavaSecurityDesignRulesPluginTest
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaSecurityDesignRulesPluginTest {
+    @Test
+    void testName() {
+        Plugin.Context context = new Plugin.Context(new MockedSonarRuntime());
+
+        new JavaSecurityDesignRulesPlugin().define(context);
+
+        assertThat(context.getExtensions())
+                .extracting(ext -> ((Class) ext).getSimpleName())
+                .containsExactlyInAnyOrder("JavaSecurityDesignRulesRepository", "JavaFileCheckRegistrar");
+    }
+
+    public static class MockedSonarRuntime implements SonarRuntime {
+
+        @Override
+        public Version getApiVersion() {
+            return Version.create(9, 9);
+        }
+
+        @Override
+        public SonarProduct getProduct() {
+            return SonarProduct.SONARQUBE;
+        }
+
+        @Override
+        public SonarQubeSide getSonarQubeSide() {
+            return SonarQubeSide.SCANNER;
+        }
+
+        @Override
+        public SonarEdition getEdition() {
+            return SonarEdition.COMMUNITY;
+        }
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.api.rule.RuleKey;
+import org.sonar.java.checks.verifier.TestCheckRegistrarContext;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * TODO JavaFileCheckRegistrarTest
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaFileCheckRegistrarTest {
+
+    @Test
+    void checkRegisteredRulesKeysAndClasses() {
+        TestCheckRegistrarContext context = new TestCheckRegistrarContext();
+
+        JavaFileCheckRegistrar registrar = new JavaFileCheckRegistrar();
+        registrar.register(context);
+
+        assertThat(context.mainRuleKeys).extracting(RuleKey::toString).containsExactly(
+                /*"mycompany-java:SpringControllerRequestMappingEntity",
+                "mycompany-java:AvoidAnnotation",
+                "mycompany-java:AvoidBrandInMethodNames",
+                "mycompany-java:AvoidMethodDeclaration",
+                "mycompany-java:AvoidSuperClass",
+                "mycompany-java:AvoidTreeList",
+                "mycompany-java:AvoidMethodWithSameTypeInArgument",
+                "mycompany-java:SecurityAnnotationMandatory"*/
+                "keyware-java-security-design:ABCVarNameChecker"
+        );
+
+        assertThat(context.mainCheckClasses).extracting(Class::getSimpleName).containsExactly(
+                /*"SpringControllerRequestMappingEntityRule",
+                "AvoidAnnotationRule",
+                "AvoidBrandInMethodNamesRule",
+                "AvoidMethodDeclarationRule",
+                "AvoidSuperClassRule",
+                "AvoidTreeListRule",
+                "MyCustomSubscriptionRule",
+                "SecurityAnnotationMandatoryRule"*/
+                "ABCVarNameChecker"
+        );
+
+        assertThat(context.testRuleKeys).extracting(RuleKey::toString).containsExactly(
+                /*"mycompany-java:NoIfStatementInTests"*/
+        );
+
+        assertThat(context.testCheckClasses).extracting(Class::getSimpleName).containsExactly(
+                /*"NoIfStatementInTestsRule"*/
+        );
+    }
+
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java

@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.api.rules.RuleType;
+import org.sonar.api.server.debt.DebtRemediationFunction;
+import org.sonar.api.server.rule.RuleParamType;
+import org.sonar.api.server.rule.RulesDefinition;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * TODO JavaSecurityDesignRulesRepositoryTest
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class JavaSecurityDesignRulesRepositoryTest {
+
+    @Test
+    void test() {
+        JavaSecurityDesignRulesRepository rulesDefinition = new JavaSecurityDesignRulesRepository(new JavaSecurityDesignRulesRepository.MockedSonarRuntime());
+        RulesDefinition.Context context = new RulesDefinition.Context();
+        rulesDefinition.define(context);
+        RulesDefinition.Repository repository = context.repository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY);
+
+        assertThat(repository.name()).isEqualTo(JavaSecurityDesignRulesRepository.REPOSITORY_NAME);
+        assertThat(repository.language()).isEqualTo("java");
+        assertThat(repository.rules()).hasSize(RulesList.getChecks().size());
+        assertThat(repository.rules().stream().filter(RulesDefinition.Rule::template)).isEmpty();
+
+        //assertRuleProperties(repository);
+        // assertParameterProperties(repository);
+        // assertAllRuleParametersHaveDescription(repository);
+    }
+
+    private static void assertParameterProperties(RulesDefinition.Repository repository) {
+        RulesDefinition.Param max = repository.rule("AvoidAnnotation").param("name");
+        assertThat(max).isNotNull();
+        assertThat(max.defaultValue()).isEqualTo("Inject");
+        assertThat(max.description()).isEqualTo("Name of the annotation to avoid, without the prefix @, for instance 'Override'");
+        assertThat(max.type()).isEqualTo(RuleParamType.STRING);
+    }
+
+    private static void assertRuleProperties(RulesDefinition.Repository repository) {
+        RulesDefinition.Rule rule = repository.rule("AvoidAnnotation");
+        assertThat(rule).isNotNull();
+        assertThat(rule.name()).isEqualTo("Title of AvoidAnnotation");
+        assertThat(rule.debtRemediationFunction().type()).isEqualTo(DebtRemediationFunction.Type.CONSTANT_ISSUE);
+        assertThat(rule.type()).isEqualTo(RuleType.CODE_SMELL);
+    }
+
+    private static void assertAllRuleParametersHaveDescription(RulesDefinition.Repository repository) {
+        for (RulesDefinition.Rule rule : repository.rules()) {
+            for (RulesDefinition.Param param : rule.params()) {
+                assertThat(param.description()).as("description for " + param.key()).isNotEmpty();
+            }
+        }
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/ABCVarNameCheckerTest.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules.checkers;
+
+import com.keyware.sonar.java.utils.FilesUtils;
+import org.junit.jupiter.api.Test;
+import org.sonar.java.checks.verifier.CheckVerifier;
+
+/**
+ * TODO ABCVarNameCheckerTest
+ *
+ * @author GuoXin
+ * @date 2024/1/6
+ */
+public class ABCVarNameCheckerTest {
+    @Test
+    void detected() {
+
+
+        ABCVarNameChecker rule = new ABCVarNameChecker();
+
+
+        // Verifies that the check will raise the adequate issues with the expected message.
+        // In the test file, lines which should raise an issue have been commented out
+        // by using the following syntax: "// Noncompliant {{EXPECTED_MESSAGE}}"
+        CheckVerifier.newVerifier()
+                .onFile("src/test/files/ABCVarNameRule.java")
+                .withCheck(rule)
+                .withClassPath(FilesUtils.getClassPath("target/test-jars"))
+                .verifyIssues();
+    }
+}

sonar-keyware-plugins/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/utils/FilesUtils.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.*;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * Duplicates org.sonar.java.checks.verifier.FilesUtils to locate test jars within the custom-rules plugin
+ */
+public class FilesUtils {
+
+  private FilesUtils() {
+  }
+
+  /**
+   * Default location of the jars/zips to be taken into account when performing the analysis.
+   */
+  private static final String DEFAULT_TEST_JARS_DIRECTORY = "target/test-jars";
+
+  public static List<File> getClassPath(String jarsDirectory) {
+    List<File> classpath = new LinkedList<>();
+    Path testJars = Paths.get(jarsDirectory);
+    if (testJars.toFile().exists()) {
+      classpath = getFilesRecursively(testJars, "jar", "zip");
+    } else if (!DEFAULT_TEST_JARS_DIRECTORY.equals(jarsDirectory)) {
+      throw new AssertionError("The directory to be used to extend class path does not exists ("
+        + testJars.toAbsolutePath()
+        + ").");
+    }
+    classpath.add(new File("target/test-classes"));
+    return classpath;
+  }
+
+  private static List<File> getFilesRecursively(Path root, String... extensions) {
+    final List<File> files = new ArrayList<>();
+
+    FileVisitor<Path> visitor = new SimpleFileVisitor<Path>() {
+      @Override
+      public FileVisitResult visitFile(Path filePath, BasicFileAttributes attrs) {
+        for (String extension : extensions) {
+          if (filePath.toString().endsWith("."
+            + extension)) {
+            files.add(filePath.toFile());
+            break;
+          }
+        }
+        return FileVisitResult.CONTINUE;
+      }
+
+      @Override
+      public FileVisitResult visitFileFailed(Path file, IOException exc) {
+        return FileVisitResult.CONTINUE;
+      }
+    };
+
+    try {
+      Files.walkFileTree(root, visitor);
+    } catch (IOException e) {
+      // we already ignore errors in the visitor
+    }
+
+    return files;
+  }
+
+}