修复：sonar-keyware-java打包部署到sonarqube后无法使用的问题

pom.xml

@@ -4,9 +4,9 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <parent>
-        <groupId>org.sonarsource.java</groupId>
+        <groupId>org.sonarsource.parent</groupId>
-        <artifactId>java</artifactId>
+        <artifactId>parent</artifactId>
-        <version>7.30.1.34514</version>
+        <version>68.0.0.247</version>
     </parent>
 
     <groupId>com.keyware.sonar</groupId>
@@ -45,22 +45,37 @@
 
 
     <properties>
+        <java.version>11</java.version>
+        <jdk.min.version>11</jdk.min.version>
         <maven.compiler.source>11</maven.compiler.source>
         <maven.compiler.target>11</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <sonar.java.version>7.24.0.32100</sonar.java.version>
+        <version.jacoco.plugin>0.8.10</version.jacoco.plugin>
         <aggregate.report.dir>integration-tests/target/site/jacoco-aggregate/jacoco.xml</aggregate.report.dir>
     </properties>
 
     <modules>
         <module>sonar-keyware-plugins-cxx</module>
         <module>sonar-keyware-plugins-java</module>
+        <module>soanr-keyware-example</module>
     </modules>
     <dependencyManagement>
         <dependencies>
-
+            <dependency>
+                <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+                <artifactId>cxx</artifactId>
+                <version>2.1.2-SNAPSHOT</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.sonarsource.java</groupId>
+                <artifactId>java</artifactId>
+                <version>7.24.0.32100</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
         </dependencies>
     </dependencyManagement>
-    <dependencies>
-
-    </dependencies>
 </project>

sonar-keyware-plugins-cxx/pom.xml

@@ -10,6 +10,13 @@
         <version>1.0</version>
     </parent>
 
+    <!--<parent>
+        <groupId>org.sonarsource.sonarqube-plugins.cxx</groupId>
+        <artifactId>cxx</artifactId>
+        <version>2.1.2-SNAPSHOT</version>
+    </parent>-->
+
+    <!--<groupId>com.keyware.sonar</groupId>-->
     <name>C++ 信息安全性设计准则</name>
     <artifactId>sonar-keyware-plugins-cxx</artifactId>
     <version>1.0</version>
@@ -21,9 +28,9 @@
         <sonar.pluginClass>com.keyware.sonar.cxx.CxxPlugin</sonar.pluginClass>
         <sonar.pluginName>C++ 信息安全性设计准则</sonar.pluginName>
         <!-- in addition, a dependency must be set in 'integration-tests/pom.xml' to aggregate the results -->
+        <aggregate.report.dir>integration-tests/target/site/jacoco-aggregate/jacoco.xml</aggregate.report.dir>
         <sonar.coverage.jacoco.xmlReportPaths>${basedir}/../${aggregate.report.dir}</sonar.coverage.jacoco.xmlReportPaths>
 
-        <java.version>11</java.version>
         <commons-io.version>2.15.1</commons-io.version>
         <commons-lang.version>2.6</commons-lang.version>
         <sonar-cxx.versin>2.1.2-SNAPSHOT</sonar-cxx.versin>

sonar-keyware-plugins-java/pom.xml

@@ -16,58 +16,38 @@
     <version>1.0</version>
     <description>用于检查Java源代码的安全性设计准则的Sonarqube插件</description>
 
-    <properties>
-        <jacoco.version>0.8.10</jacoco.version>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    </properties>
-
     <dependencies>
-        <dependency>
-            <groupId>org.sonarsource.java</groupId>
-            <artifactId>sonar-java-plugin</artifactId>
-            <version>7.30.1.34514</version>
-            <type>sonar-plugin</type>
-            <scope>compile</scope>
-        </dependency>
-
         <dependency>
             <groupId>org.sonarsource.api.plugin</groupId>
             <artifactId>sonar-plugin-api</artifactId>
+            <version>9.9.0.229</version>
             <scope>provided</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.sonarsource.analyzer-commons</groupId>
-            <artifactId>sonar-analyzer-commons</artifactId>
-        </dependency>
-
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
             <scope>provided</scope>
         </dependency>
 
-        <!-- unit tests -->
-        <dependency>
-            <groupId>org.sonarsource.api.plugin</groupId>
-            <artifactId>sonar-plugin-api-test-fixtures</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
-            <groupId>org.sonarsource.sonarqube</groupId>
+            <groupId>org.sonarsource.java</groupId>
-            <artifactId>sonar-plugin-api-impl</artifactId>
+            <artifactId>sonar-java-plugin</artifactId>
-            <scope>test</scope>
+            <version>${sonar.java.version}</version>
+            <type>sonar-plugin</type>
+            <scope>provided</scope>
         </dependency>
+
         <dependency>
-            <groupId>org.sonarsource.java</groupId>
+            <groupId>org.sonarsource.analyzer-commons</groupId>
-            <artifactId>test-classpath-reader</artifactId>
+            <artifactId>sonar-analyzer-commons</artifactId>
-            <version>7.30.1.34514</version>
-            <scope>test</scope>
         </dependency>
+
+        <!-- unit tests -->
         <dependency>
             <groupId>org.sonarsource.java</groupId>
             <artifactId>java-checks-testkit</artifactId>
-            <version>7.30.1.34514</version>
+            <version>${sonar.java.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -80,21 +60,11 @@
             <artifactId>junit-jupiter-migrationsupport</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.mockito</groupId>
-            <artifactId>mockito-core</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.assertj</groupId>
             <artifactId>assertj-core</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>
@@ -109,14 +79,12 @@
                     <pluginClass>com.keyware.sonar.java.JavaSecurityDesignRulesPlugin</pluginClass>
                     <sonarLintSupported>true</sonarLintSupported>
                     <skipDependenciesPackaging>true</skipDependenciesPackaging>
-                    <pluginApiMinVersion>9.14.0.375</pluginApiMinVersion>
+                    <sonarQubeMinVersion>8.9</sonarQubeMinVersion>
-                    <requirePlugins>java:${project.version}</requirePlugins>
+                    <requirePlugins>java:${sonar.java.version}</requirePlugins>
+                    <jreMinVersion>11</jreMinVersion>
                 </configuration>
             </plugin>
-            <plugin>
+
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
@@ -144,7 +112,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>${jacoco.version}</version>
+                <version>${version.jacoco.plugin}</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignRulesPlugin.java

@@ -22,6 +22,9 @@ public class JavaSecurityDesignRulesPlugin implements Plugin {
         // 服务器扩展 - >对象在服务器启动期间实例化
         context.addExtension(JavaSecurityDesignRulesRepository.class);
 
+        // 服务器扩展 - >对象在服务器启动期间实例化
+        context.addExtension(JavaSecurityDesignWayProfile.class);
+
         // 批处理扩展 - >对象在代码分析期间实例化
         context.addExtension(JavaFileCheckRegistrar.class);
 

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/package-info.java

@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+/**
+ * TODO package-info
+ *
+ * @author GuoXin
+ * @date 2024/1/12
+ */
+package com.keyware.sonar.java;

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java

@@ -7,7 +7,7 @@
 package com.keyware.sonar.java.rules.checkers;
 
 import org.sonar.check.Rule;
-import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
 import org.sonar.plugins.java.api.tree.Tree;
 import org.sonar.plugins.java.api.tree.VariableTree;
 
@@ -21,7 +21,7 @@ import java.util.List;
  * @date 2024/1/6
  */
 @Rule(key = "ABCVarNameChecker")
-public class ABCVarNameChecker extends SubscriptionVisitor {
+public class ABCVarNameChecker extends IssuableSubscriptionVisitor {
 
     @Override
     public List<Tree.Kind> nodesToVisit() {

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AbsolutePathDetectorChecker.java

@@ -28,7 +28,7 @@ import java.util.List;
  * @author WuHaoyang
  * @date 2024/1/9
  */
-@Rule(key = "AbsolutePathDetector")
+@Rule(key = "AbsolutePathDetectorChecker")
 public class AbsolutePathDetectorChecker extends IssuableSubscriptionVisitor {
 
     @Override

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java

@@ -8,7 +8,7 @@ package com.keyware.sonar.java.rules.checkers;
 
 
 import org.sonar.check.Rule;
-import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
 import org.sonar.plugins.java.api.tree.*;
 
 import java.util.Collections;
@@ -18,7 +18,7 @@ import java.util.List;
 @Rule(key = "DynamicCodeChecker")
 
 //检测代码中包含动态代码执行操作时，工具进行提示
-public class DynamicCodeChecker extends SubscriptionVisitor {
+public class DynamicCodeChecker extends IssuableSubscriptionVisitor {
 
     @Override
     public List<Tree.Kind> nodesToVisit() {

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java

@@ -7,10 +7,10 @@
 package com.keyware.sonar.java.rules.checkers;
 
 import org.sonar.check.Rule;
-import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
 import org.sonar.plugins.java.api.tree.*;
-import org.springframework.lang.NonNull;
 
+import javax.annotation.Nonnull;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
@@ -24,7 +24,7 @@ import java.util.stream.Collectors;
  * @date 2024/1/10
  */
 @Rule(key = "DynamicLibraryLoadChecker")
-public class DynamicLibraryLoadChecker extends SubscriptionVisitor {
+public class DynamicLibraryLoadChecker extends IssuableSubscriptionVisitor {
 
     @Override
     public List<Tree.Kind> nodesToVisit() {
@@ -33,7 +33,7 @@ public class DynamicLibraryLoadChecker extends SubscriptionVisitor {
     }
 
     @Override
-    public void visitNode(@NonNull Tree tree) {
+    public void visitNode(@Nonnull Tree tree) {
         if (tree.is(Tree.Kind.METHOD)) {
             MethodTree method = (MethodTree) tree;
             var block = method.block();

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java

@@ -8,9 +8,10 @@ package com.keyware.sonar.java.rules.checkers;
 
 import org.sonar.check.Rule;
 import org.sonar.java.ast.visitors.SubscriptionVisitor;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
 import org.sonar.plugins.java.api.tree.*;
-import org.springframework.lang.NonNull;
 
+import javax.annotation.Nonnull;
 import java.util.Arrays;
 import java.util.List;
 
@@ -21,7 +22,7 @@ import java.util.List;
  * @date 2024/1/9
  */
 @Rule(key = "RedirectUrlChecker")
-public class RedirectUrlChecker extends SubscriptionVisitor {
+public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
     @Override
     public List<Tree.Kind> nodesToVisit() {
         var nodeType = new Tree.Kind[]{Tree.Kind.METHOD};
@@ -29,7 +30,7 @@ public class RedirectUrlChecker extends SubscriptionVisitor {
     }
 
     @Override
-    public void visitNode(@NonNull Tree tree) {
+    public void visitNode(@Nonnull Tree tree) {
         MethodTree methodTree = (MethodTree) tree;
         BlockTree block = methodTree.block();
         // 方法的参数列表

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/package-info.java

@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+/**
+ * TODO package-info
+ *
+ * @author GuoXin
+ * @date 2024/1/12
+ */
+package com.keyware.sonar.java.rules.checkers;

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/package-info.java

@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：Java 信息安全性设计准则
+ * 项目描述：用于检查Java源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+/**
+ * TODO package-info
+ *
+ * @author GuoXin
+ * @date 2024/1/12
+ */
+package com.keyware.sonar.java.rules;

sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/JavaSecurityDesignRulesPluginTest.java

@@ -27,7 +27,10 @@ public class JavaSecurityDesignRulesPluginTest {
 
         assertThat(context.getExtensions())
                 .extracting(ext -> ((Class) ext).getSimpleName())
-                .containsExactlyInAnyOrder("JavaSecurityDesignRulesRepository", "JavaFileCheckRegistrar");
+                .containsExactlyInAnyOrder(
+                        "JavaSecurityDesignRulesRepository",
+                        "JavaSecurityDesignWayProfile",
+                        "JavaFileCheckRegistrar");
     }
 
     public static class MockedSonarRuntime implements SonarRuntime {

sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java

@@ -7,8 +7,7 @@
 package com.keyware.sonar.java.rules;
 
 import org.junit.jupiter.api.Test;
-import org.sonar.api.rule.RuleKey;
+import org.sonar.plugins.java.api.CheckRegistrar;
-import org.sonar.java.checks.verifier.TestCheckRegistrarContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -22,42 +21,14 @@ public class JavaFileCheckRegistrarTest {
 
     @Test
     void checkRegisteredRulesKeysAndClasses() {
-        TestCheckRegistrarContext context = new TestCheckRegistrarContext();
+        CheckRegistrar.RegistrarContext context = new CheckRegistrar.RegistrarContext();
+
 
         JavaFileCheckRegistrar registrar = new JavaFileCheckRegistrar();
         registrar.register(context);
 
-        assertThat(context.mainRuleKeys).extracting(RuleKey::toString).containsExactly(
+        assertThat(context.checkClasses()).hasSize(6);
-                /*"mycompany-java:SpringControllerRequestMappingEntity",
+        assertThat(context.testCheckClasses()).hasSize(0);
-                "mycompany-java:AvoidAnnotation",
-                "mycompany-java:AvoidBrandInMethodNames",
-                "mycompany-java:AvoidMethodDeclaration",
-                "mycompany-java:AvoidSuperClass",
-                "mycompany-java:AvoidTreeList",
-                "mycompany-java:AvoidMethodWithSameTypeInArgument",
-                "mycompany-java:SecurityAnnotationMandatory"*/
-                "keyware-java-security-design:ABCVarNameChecker"
-        );
-
-        assertThat(context.mainCheckClasses).extracting(Class::getSimpleName).containsExactly(
-                /*"SpringControllerRequestMappingEntityRule",
-                "AvoidAnnotationRule",
-                "AvoidBrandInMethodNamesRule",
-                "AvoidMethodDeclarationRule",
-                "AvoidSuperClassRule",
-                "AvoidTreeListRule",
-                "MyCustomSubscriptionRule",
-                "SecurityAnnotationMandatoryRule"*/
-                "ABCVarNameChecker"
-        );
-
-        assertThat(context.testRuleKeys).extracting(RuleKey::toString).containsExactly(
-                /*"mycompany-java:NoIfStatementInTests"*/
-        );
-
-        assertThat(context.testCheckClasses).extracting(Class::getSimpleName).containsExactly(
-                /*"NoIfStatementInTestsRule"*/
-        );
     }
 
 }

sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java

@@ -34,32 +34,5 @@ public class JavaSecurityDesignRulesRepositoryTest {
         assertThat(repository.rules()).hasSize(RulesList.getChecks().size());
         assertThat(repository.rules().stream().filter(RulesDefinition.Rule::template)).isEmpty();
 
-        //assertRuleProperties(repository);
-        // assertParameterProperties(repository);
-        // assertAllRuleParametersHaveDescription(repository);
-    }
-
-    private static void assertParameterProperties(RulesDefinition.Repository repository) {
-        RulesDefinition.Param max = repository.rule("AvoidAnnotation").param("name");
-        assertThat(max).isNotNull();
-        assertThat(max.defaultValue()).isEqualTo("Inject");
-        assertThat(max.description()).isEqualTo("Name of the annotation to avoid, without the prefix @, for instance 'Override'");
-        assertThat(max.type()).isEqualTo(RuleParamType.STRING);
-    }
-
-    private static void assertRuleProperties(RulesDefinition.Repository repository) {
-        RulesDefinition.Rule rule = repository.rule("AvoidAnnotation");
-        assertThat(rule).isNotNull();
-        assertThat(rule.name()).isEqualTo("Title of AvoidAnnotation");
-        assertThat(rule.debtRemediationFunction().type()).isEqualTo(DebtRemediationFunction.Type.CONSTANT_ISSUE);
-        assertThat(rule.type()).isEqualTo(RuleType.CODE_SMELL);
-    }
-
-    private static void assertAllRuleParametersHaveDescription(RulesDefinition.Repository repository) {
-        for (RulesDefinition.Rule rule : repository.rules()) {
-            for (RulesDefinition.Param param : rule.params()) {
-                assertThat(param.description()).as("description for " + param.key()).isNotEmpty();
-            }
-        }
     }
 }