diff --git a/pom.xml b/pom.xml
index 523e318..7f122fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,9 +4,9 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
- org.sonarsource.java
- java
- 7.30.1.34514
+ org.sonarsource.parent
+ parent
+ 68.0.0.247
com.keyware.sonar
@@ -45,22 +45,37 @@
+ 11
+ 11
11
11
UTF-8
+ 7.24.0.32100
+ 0.8.10
integration-tests/target/site/jacoco-aggregate/jacoco.xml
sonar-keyware-plugins-cxx
sonar-keyware-plugins-java
+ soanr-keyware-example
-
+
+ org.sonarsource.sonarqube-plugins.cxx
+ cxx
+ 2.1.2-SNAPSHOT
+ pom
+ import
+
+
+ org.sonarsource.java
+ java
+ 7.24.0.32100
+ pom
+ import
+
-
-
-
\ No newline at end of file
diff --git a/sonar-keyware-plugins-cxx/pom.xml b/sonar-keyware-plugins-cxx/pom.xml
index 1516834..c31dce9 100644
--- a/sonar-keyware-plugins-cxx/pom.xml
+++ b/sonar-keyware-plugins-cxx/pom.xml
@@ -10,6 +10,13 @@
1.0
+
+
+
C++ 信息安全性设计准则
sonar-keyware-plugins-cxx
1.0
@@ -21,9 +28,9 @@
com.keyware.sonar.cxx.CxxPlugin
C++ 信息安全性设计准则
+ integration-tests/target/site/jacoco-aggregate/jacoco.xml
${basedir}/../${aggregate.report.dir}
- 11
2.15.1
2.6
2.1.2-SNAPSHOT
diff --git a/sonar-keyware-plugins-java/pom.xml b/sonar-keyware-plugins-java/pom.xml
index 5ef531f..a4af77f 100644
--- a/sonar-keyware-plugins-java/pom.xml
+++ b/sonar-keyware-plugins-java/pom.xml
@@ -16,58 +16,38 @@
1.0
用于检查Java源代码的安全性设计准则的Sonarqube插件
-
- 0.8.10
- UTF-8
-
-
-
- org.sonarsource.java
- sonar-java-plugin
- 7.30.1.34514
- sonar-plugin
- compile
-
-
org.sonarsource.api.plugin
sonar-plugin-api
+ 9.9.0.229
provided
-
- org.sonarsource.analyzer-commons
- sonar-analyzer-commons
-
-
org.slf4j
slf4j-api
provided
-
-
- org.sonarsource.api.plugin
- sonar-plugin-api-test-fixtures
- test
-
- org.sonarsource.sonarqube
- sonar-plugin-api-impl
- test
+ org.sonarsource.java
+ sonar-java-plugin
+ ${sonar.java.version}
+ sonar-plugin
+ provided
+
- org.sonarsource.java
- test-classpath-reader
- 7.30.1.34514
- test
+ org.sonarsource.analyzer-commons
+ sonar-analyzer-commons
+
+
org.sonarsource.java
java-checks-testkit
- 7.30.1.34514
+ ${sonar.java.version}
test
@@ -80,21 +60,11 @@
junit-jupiter-migrationsupport
test
-
- org.mockito
- mockito-core
- test
-
org.assertj
assertj-core
test
-
- com.google.guava
- guava
- test
-
@@ -109,14 +79,12 @@
com.keyware.sonar.java.JavaSecurityDesignRulesPlugin
true
true
- 9.14.0.375
- java:${project.version}
+ 8.9
+ java:${sonar.java.version}
+ 11
-
- org.apache.maven.plugins
- maven-jar-plugin
-
+
org.apache.maven.plugins
maven-shade-plugin
@@ -144,7 +112,7 @@
org.jacoco
jacoco-maven-plugin
- ${jacoco.version}
+ ${version.jacoco.plugin}
prepare-agent
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
index 0e273ad..74545c2 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java
@@ -22,6 +22,9 @@ public class JavaSecurityDesignRulesPlugin implements Plugin {
// 服务器扩展 - >对象在服务器启动期间实例化
context.addExtension(JavaSecurityDesignRulesRepository.class);
+ // 服务器扩展 - >对象在服务器启动期间实例化
+ context.addExtension(JavaSecurityDesignWayProfile.class);
+
// 批处理扩展 - >对象在代码分析期间实例化
context.addExtension(JavaFileCheckRegistrar.class);
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/package-info.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/package-info.java
new file mode 100644
index 0000000..2e98d09
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/package-info.java
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+/**
+ * TODO package-info
+ *
+ * @author GuoXin
+ * @date 2024/1/12
+ */
+package com.keyware.sonar.java;
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java
index 5806b20..08f44e8 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java
@@ -7,7 +7,7 @@
package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
-import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;
@@ -21,7 +21,7 @@ import java.util.List;
* @date 2024/1/6
*/
@Rule(key = "ABCVarNameChecker")
-public class ABCVarNameChecker extends SubscriptionVisitor {
+public class ABCVarNameChecker extends IssuableSubscriptionVisitor {
@Override
public List nodesToVisit() {
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AbsolutePathDetectorChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AbsolutePathDetectorChecker.java
index c691b9b..a8a803d 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AbsolutePathDetectorChecker.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AbsolutePathDetectorChecker.java
@@ -28,7 +28,7 @@ import java.util.List;
* @author WuHaoyang
* @date 2024/1/9
*/
-@Rule(key = "AbsolutePathDetector")
+@Rule(key = "AbsolutePathDetectorChecker")
public class AbsolutePathDetectorChecker extends IssuableSubscriptionVisitor {
@Override
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java
index a8dfb04..60b469a 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java
@@ -8,7 +8,7 @@ package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
-import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
import java.util.Collections;
@@ -18,7 +18,7 @@ import java.util.List;
@Rule(key = "DynamicCodeChecker")
//检测代码中包含动态代码执行操作时,工具进行提示
-public class DynamicCodeChecker extends SubscriptionVisitor {
+public class DynamicCodeChecker extends IssuableSubscriptionVisitor {
@Override
public List nodesToVisit() {
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java
index 8980daa..cd34bd8 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java
@@ -7,10 +7,10 @@
package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
-import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
-import org.springframework.lang.NonNull;
+import javax.annotation.Nonnull;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
@@ -24,7 +24,7 @@ import java.util.stream.Collectors;
* @date 2024/1/10
*/
@Rule(key = "DynamicLibraryLoadChecker")
-public class DynamicLibraryLoadChecker extends SubscriptionVisitor {
+public class DynamicLibraryLoadChecker extends IssuableSubscriptionVisitor {
@Override
public List nodesToVisit() {
@@ -33,7 +33,7 @@ public class DynamicLibraryLoadChecker extends SubscriptionVisitor {
}
@Override
- public void visitNode(@NonNull Tree tree) {
+ public void visitNode(@Nonnull Tree tree) {
if (tree.is(Tree.Kind.METHOD)) {
MethodTree method = (MethodTree) tree;
var block = method.block();
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java
index 282b0c9..2d8f51b 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java
@@ -8,9 +8,10 @@ package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
-import org.springframework.lang.NonNull;
+import javax.annotation.Nonnull;
import java.util.Arrays;
import java.util.List;
@@ -21,7 +22,7 @@ import java.util.List;
* @date 2024/1/9
*/
@Rule(key = "RedirectUrlChecker")
-public class RedirectUrlChecker extends SubscriptionVisitor {
+public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
@Override
public List nodesToVisit() {
var nodeType = new Tree.Kind[]{Tree.Kind.METHOD};
@@ -29,7 +30,7 @@ public class RedirectUrlChecker extends SubscriptionVisitor {
}
@Override
- public void visitNode(@NonNull Tree tree) {
+ public void visitNode(@Nonnull Tree tree) {
MethodTree methodTree = (MethodTree) tree;
BlockTree block = methodTree.block();
// 方法的参数列表
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/package-info.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/package-info.java
new file mode 100644
index 0000000..acaf02f
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/package-info.java
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+/**
+ * TODO package-info
+ *
+ * @author GuoXin
+ * @date 2024/1/12
+ */
+package com.keyware.sonar.java.rules.checkers;
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/package-info.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/package-info.java
new file mode 100644
index 0000000..f19f35e
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/package-info.java
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:Java 信息安全性设计准则
+ * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+/**
+ * TODO package-info
+ *
+ * @author GuoXin
+ * @date 2024/1/12
+ */
+package com.keyware.sonar.java.rules;
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
index 377d157..61c6798 100644
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java
@@ -27,7 +27,10 @@ public class JavaSecurityDesignRulesPluginTest {
assertThat(context.getExtensions())
.extracting(ext -> ((Class) ext).getSimpleName())
- .containsExactlyInAnyOrder("JavaSecurityDesignRulesRepository", "JavaFileCheckRegistrar");
+ .containsExactlyInAnyOrder(
+ "JavaSecurityDesignRulesRepository",
+ "JavaSecurityDesignWayProfile",
+ "JavaFileCheckRegistrar");
}
public static class MockedSonarRuntime implements SonarRuntime {
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
index fed6430..8996b23 100644
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
@@ -7,8 +7,7 @@
package com.keyware.sonar.java.rules;
import org.junit.jupiter.api.Test;
-import org.sonar.api.rule.RuleKey;
-import org.sonar.java.checks.verifier.TestCheckRegistrarContext;
+import org.sonar.plugins.java.api.CheckRegistrar;
import static org.assertj.core.api.Assertions.assertThat;
@@ -22,42 +21,14 @@ public class JavaFileCheckRegistrarTest {
@Test
void checkRegisteredRulesKeysAndClasses() {
- TestCheckRegistrarContext context = new TestCheckRegistrarContext();
+ CheckRegistrar.RegistrarContext context = new CheckRegistrar.RegistrarContext();
+
JavaFileCheckRegistrar registrar = new JavaFileCheckRegistrar();
registrar.register(context);
- assertThat(context.mainRuleKeys).extracting(RuleKey::toString).containsExactly(
- /*"mycompany-java:SpringControllerRequestMappingEntity",
- "mycompany-java:AvoidAnnotation",
- "mycompany-java:AvoidBrandInMethodNames",
- "mycompany-java:AvoidMethodDeclaration",
- "mycompany-java:AvoidSuperClass",
- "mycompany-java:AvoidTreeList",
- "mycompany-java:AvoidMethodWithSameTypeInArgument",
- "mycompany-java:SecurityAnnotationMandatory"*/
- "keyware-java-security-design:ABCVarNameChecker"
- );
-
- assertThat(context.mainCheckClasses).extracting(Class::getSimpleName).containsExactly(
- /*"SpringControllerRequestMappingEntityRule",
- "AvoidAnnotationRule",
- "AvoidBrandInMethodNamesRule",
- "AvoidMethodDeclarationRule",
- "AvoidSuperClassRule",
- "AvoidTreeListRule",
- "MyCustomSubscriptionRule",
- "SecurityAnnotationMandatoryRule"*/
- "ABCVarNameChecker"
- );
-
- assertThat(context.testRuleKeys).extracting(RuleKey::toString).containsExactly(
- /*"mycompany-java:NoIfStatementInTests"*/
- );
-
- assertThat(context.testCheckClasses).extracting(Class::getSimpleName).containsExactly(
- /*"NoIfStatementInTestsRule"*/
- );
+ assertThat(context.checkClasses()).hasSize(6);
+ assertThat(context.testCheckClasses()).hasSize(0);
}
}
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java
index b8fb520..ef311d7 100644
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java
@@ -34,32 +34,5 @@ public class JavaSecurityDesignRulesRepositoryTest {
assertThat(repository.rules()).hasSize(RulesList.getChecks().size());
assertThat(repository.rules().stream().filter(RulesDefinition.Rule::template)).isEmpty();
- //assertRuleProperties(repository);
- // assertParameterProperties(repository);
- // assertAllRuleParametersHaveDescription(repository);
- }
-
- private static void assertParameterProperties(RulesDefinition.Repository repository) {
- RulesDefinition.Param max = repository.rule("AvoidAnnotation").param("name");
- assertThat(max).isNotNull();
- assertThat(max.defaultValue()).isEqualTo("Inject");
- assertThat(max.description()).isEqualTo("Name of the annotation to avoid, without the prefix @, for instance 'Override'");
- assertThat(max.type()).isEqualTo(RuleParamType.STRING);
- }
-
- private static void assertRuleProperties(RulesDefinition.Repository repository) {
- RulesDefinition.Rule rule = repository.rule("AvoidAnnotation");
- assertThat(rule).isNotNull();
- assertThat(rule.name()).isEqualTo("Title of AvoidAnnotation");
- assertThat(rule.debtRemediationFunction().type()).isEqualTo(DebtRemediationFunction.Type.CONSTANT_ISSUE);
- assertThat(rule.type()).isEqualTo(RuleType.CODE_SMELL);
- }
-
- private static void assertAllRuleParametersHaveDescription(RulesDefinition.Repository repository) {
- for (RulesDefinition.Rule rule : repository.rules()) {
- for (RulesDefinition.Param param : rule.params()) {
- assertThat(param.description()).as("description for " + param.key()).isNotEmpty();
- }
- }
}
}