From a4aa0ebff9b08a1de8c5368a5b5869357135101e Mon Sep 17 00:00:00 2001
From: Guo XIn <371864209@qq.com>
Date: Sat, 20 Jan 2024 20:29:25 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E8=AF=AD=E8=A8=80=EF=BC=9A?=
=?UTF-8?q?=E5=A2=9E=E5=8A=A0html=E6=A3=80=E6=9F=A5=E6=94=AF=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
sonar-keyware-plugins-java/pom.xml | 14 +++++-
.../java/JavaSecurityDesignWayProfile.java | 15 ++++---
.../java/rules/JavaFileCheckRegistrar.java | 20 ++-------
.../JavaSecurityDesignRulesRepository.java | 18 ++++----
.../keyware/sonar/java/rules/RulesList.java | 44 +++++++++----------
.../rules/JavaFileCheckRegistrarTest.java | 2 +-
...JavaSecurityDesignRulesRepositoryTest.java | 5 +--
7 files changed, 58 insertions(+), 60 deletions(-)
diff --git a/sonar-keyware-plugins-java/pom.xml b/sonar-keyware-plugins-java/pom.xml
index 38e8161..e5e4aa1 100644
--- a/sonar-keyware-plugins-java/pom.xml
+++ b/sonar-keyware-plugins-java/pom.xml
@@ -37,6 +37,13 @@
sonar-plugin
provided
+
+ org.sonarsource.html
+ sonar-html-plugin
+ ${sonar.html.version}
+
+ compile
+
org.sonarsource.analyzer-commons
@@ -86,6 +93,11 @@
junit-jupiter-migrationsupport
test
+
+ org.sonarsource.sonarqube
+ sonar-plugin-api-impl
+ test
+
@@ -101,7 +113,7 @@
true
true
8.9
- java:${sonar.java.version}
+ java:${sonar.java.version},web:${sonar.html.version}
11
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
index 652efc8..8aa513c 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
@@ -7,7 +7,9 @@
package com.keyware.sonar.java;
import com.keyware.sonar.java.rules.JavaSecurityDesignRulesRepository;
+import com.keyware.sonar.java.rules.RulesList;
import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition;
+import org.sonar.plugins.html.api.HtmlConstants;
import org.sonarsource.api.sonarlint.SonarLintSide;
/**
@@ -21,11 +23,12 @@ public class JavaSecurityDesignWayProfile implements BuiltInQualityProfilesDefin
@Override
public void define(Context context) {
- var way = context.createBuiltInQualityProfile("Java信息安全性设计准则", "java");
- way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "ABCVarNameChecker");
- way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "AbsolutePathDetectorChecker");
- way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "DynamicCodeChecker");
- way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "DynamicLibraryLoadChecker");
- way.done();
+ var javaWay = context.createBuiltInQualityProfile("Java信息安全性设计准则", "java");
+ RulesList.getJavaRules().forEach(check -> javaWay.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, check.getSimpleName()));
+ javaWay.done();
+
+ var webWay = context.createBuiltInQualityProfile("Web信息安全性设计准则", HtmlConstants.LANGUAGE_KEY);
+ RulesList.getHtmlRules().forEach(check -> webWay.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, check.getSimpleName()));
+ webWay.done();
}
}
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java
index bf9bb5a..5cd45ca 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java
@@ -6,11 +6,11 @@
*/
package com.keyware.sonar.java.rules;
+import org.sonar.plugins.html.api.HtmlConstants;
import org.sonar.plugins.java.api.CheckRegistrar;
-import org.sonar.plugins.java.api.JavaCheck;
import org.sonarsource.api.sonarlint.SonarLintSide;
-import java.util.List;
+import java.util.Collections;
/**
* 负责将java规则检查器注册到SonarQube中
@@ -26,20 +26,8 @@ public class JavaFileCheckRegistrar implements CheckRegistrar {
@Override
public void register(RegistrarContext registrarContext) {
// 调用 registerClassesForRepository 以将类与正确的存储库密钥相关联
- registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, checkClasses(), testCheckClasses());
+ registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, RulesList.getJavaRules(), Collections.emptyList());
+ registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, RulesList.getHtmlRules(), Collections.emptyList());
}
- /**
- * 列出插件提供的所有主检查器
- */
- public static List> checkClasses() {
- return RulesList.getJavaChecks();
- }
-
- /**
- * 列出插件提供的所有测试检查器
- */
- public static List> testCheckClasses() {
- return RulesList.getJavaTestChecks();
- }
}
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
index 6cff16a..679a4cc 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
@@ -12,6 +12,7 @@ import org.sonar.api.SonarQubeSide;
import org.sonar.api.SonarRuntime;
import org.sonar.api.server.rule.RulesDefinition;
import org.sonar.api.utils.Version;
+import org.sonar.plugins.html.api.HtmlConstants;
import org.sonarsource.analyzer.commons.RuleMetadataLoader;
import java.util.ArrayList;
@@ -43,15 +44,16 @@ public class JavaSecurityDesignRulesRepository implements RulesDefinition {
@Override
public void define(RulesDefinition.Context context) {
- RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "java").setName(REPOSITORY_NAME);
-
+ RulesDefinition.NewRepository javaRepo = context.createRepository(REPOSITORY_KEY, "java").setName(REPOSITORY_NAME);
RuleMetadataLoader ruleMetadataLoader = new RuleMetadataLoader(RESOURCE_BASE_PATH, runtime);
-
- ruleMetadataLoader.addRulesByAnnotatedClass(repository, new ArrayList<>(RulesList.getChecks()));
-
- setTemplates(repository);
-
- repository.done();
+ ruleMetadataLoader.addRulesByAnnotatedClass(javaRepo, new ArrayList<>(RulesList.getJavaRules()));
+ setTemplates(javaRepo);
+ javaRepo.done();
+
+ RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName(REPOSITORY_NAME);
+ ruleMetadataLoader.addRulesByAnnotatedClass(htmlRepo, new ArrayList<>(RulesList.getHtmlRules()));
+ setTemplates(htmlRepo);
+ htmlRepo.done();
}
private static void setTemplates(RulesDefinition.NewRepository repository) {
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java
index d55ce8c..486f5c0 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java
@@ -9,43 +9,39 @@ package com.keyware.sonar.java.rules;
import com.keyware.sonar.java.rules.checkers.*;
import org.sonar.plugins.java.api.JavaCheck;
-import java.util.ArrayList;
-import java.util.Collections;
import java.util.List;
public final class RulesList {
- private RulesList() {
- }
-
- public static List> getChecks() {
- List> checks = new ArrayList<>();
- checks.addAll(getJavaChecks());
- checks.addAll(getJavaTestChecks());
- return Collections.unmodifiableList(checks);
- }
-
/**
* These rules are going to target MAIN code only
*/
- public static List> getJavaChecks() {
+ public static List> getJavaRules() {
return List.of(
- ABCVarNameChecker.class,
+ //ABCVarNameChecker.class,
AbsolutePathDetectorChecker.class,
- PathAndKeywordCheck.class,
+ AvoidSensitiveInfoInLogsCheck.class,
+ CookieSensitiveParameterCheck.class,
DynamicCodeChecker.class,
+ DynamicLibraryLoadChecker.class,
+ FileCheck.class,
+ HashSaltPassWordChecker.class,
+ HttpInputDataChecker.class,
+ InputSQLVerifyChecker.class,
+ Md5PassWordVerifyChecker.class,
+ PasswordRegexCheck.class,
+ PathAndKeywordCheck.class,
+ RedirectUrlChecker.class,
+ RSAEncryptionChecker.class,
+ SecurityCookieChecker.class,
SystemFunctionChecker.class,
UploadFileVerifyChecker.class,
- SecurityCookieChecker.class,
- RedirectUrlChecker.class,
- DynamicLibraryLoadChecker.class
+ UpperCycleLimitRuleChecker.class
);
}
-
- /**
- * These rules are going to target TEST code only
- */
- public static List> getJavaTestChecks() {
- return Collections.emptyList();
+ public static List> getHtmlRules() {
+ return List.of(
+ PasswordInputTagChecker.class
+ );
}
}
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
index 3d3abee..8ef35cf 100644
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
@@ -27,7 +27,7 @@ public class JavaFileCheckRegistrarTest {
JavaFileCheckRegistrar registrar = new JavaFileCheckRegistrar();
registrar.register(context);
- assertThat(context.checkClasses()).hasSize(9);
+ assertThat(context.checkClasses()).hasSize(1);
assertThat(context.testCheckClasses()).hasSize(0);
}
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java
index 14260fd..54ed390 100644
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java
@@ -7,9 +7,6 @@
package com.keyware.sonar.java.rules;
import org.junit.jupiter.api.Test;
-import org.sonar.api.rules.RuleType;
-import org.sonar.api.server.debt.DebtRemediationFunction;
-import org.sonar.api.server.rule.RuleParamType;
import org.sonar.api.server.rule.RulesDefinition;
import static org.assertj.core.api.Assertions.assertThat;
@@ -31,7 +28,7 @@ public class JavaSecurityDesignRulesRepositoryTest {
assertThat(repository.name()).isEqualTo(JavaSecurityDesignRulesRepository.REPOSITORY_NAME);
assertThat(repository.language()).isEqualTo("java");
- assertThat(repository.rules()).hasSize(RulesList.getChecks().size());
+ assertThat(repository.rules()).hasSize(RulesList.getJavaRules().size());
assertThat(repository.rules().stream().filter(RulesDefinition.Rule::template)).isEmpty();
}