新增语言:增加html检查支持

wuhaoyang
Guo XIn 10 months ago
parent 219eb4ab20
commit a4aa0ebff9
  1. 14
      sonar-keyware-plugins-java/pom.xml
  2. 15
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
  3. 20
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrar.java
  4. 18
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
  5. 44
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/RulesList.java
  6. 2
      sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaFileCheckRegistrarTest.java
  7. 5
      sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepositoryTest.java

@ -37,6 +37,13 @@
<type>sonar-plugin</type> <type>sonar-plugin</type>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency>
<groupId>org.sonarsource.html</groupId>
<artifactId>sonar-html-plugin</artifactId>
<version>${sonar.html.version}</version>
<!--<type>sonar-plugin</type>-->
<scope>compile</scope>
</dependency>
<dependency> <dependency>
<groupId>org.sonarsource.analyzer-commons</groupId> <groupId>org.sonarsource.analyzer-commons</groupId>
@ -86,6 +93,11 @@
<artifactId>junit-jupiter-migrationsupport</artifactId> <artifactId>junit-jupiter-migrationsupport</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>org.sonarsource.sonarqube</groupId>
<artifactId>sonar-plugin-api-impl</artifactId>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
<build> <build>
@ -101,7 +113,7 @@
<sonarLintSupported>true</sonarLintSupported> <sonarLintSupported>true</sonarLintSupported>
<skipDependenciesPackaging>true</skipDependenciesPackaging> <skipDependenciesPackaging>true</skipDependenciesPackaging>
<sonarQubeMinVersion>8.9</sonarQubeMinVersion> <sonarQubeMinVersion>8.9</sonarQubeMinVersion>
<requirePlugins>java:${sonar.java.version}</requirePlugins> <requirePlugins>java:${sonar.java.version},web:${sonar.html.version}</requirePlugins>
<jreMinVersion>11</jreMinVersion> <jreMinVersion>11</jreMinVersion>
</configuration> </configuration>
</plugin> </plugin>

@ -7,7 +7,9 @@
package com.keyware.sonar.java; package com.keyware.sonar.java;
import com.keyware.sonar.java.rules.JavaSecurityDesignRulesRepository; import com.keyware.sonar.java.rules.JavaSecurityDesignRulesRepository;
import com.keyware.sonar.java.rules.RulesList;
import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition; import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition;
import org.sonar.plugins.html.api.HtmlConstants;
import org.sonarsource.api.sonarlint.SonarLintSide; import org.sonarsource.api.sonarlint.SonarLintSide;
/** /**
@ -21,11 +23,12 @@ public class JavaSecurityDesignWayProfile implements BuiltInQualityProfilesDefin
@Override @Override
public void define(Context context) { public void define(Context context) {
var way = context.createBuiltInQualityProfile("Java信息安全性设计准则", "java"); var javaWay = context.createBuiltInQualityProfile("Java信息安全性设计准则", "java");
way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "ABCVarNameChecker"); RulesList.getJavaRules().forEach(check -> javaWay.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, check.getSimpleName()));
way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "AbsolutePathDetectorChecker"); javaWay.done();
way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "DynamicCodeChecker");
way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "DynamicLibraryLoadChecker"); var webWay = context.createBuiltInQualityProfile("Web信息安全性设计准则", HtmlConstants.LANGUAGE_KEY);
way.done(); RulesList.getHtmlRules().forEach(check -> webWay.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, check.getSimpleName()));
webWay.done();
} }
} }

@ -6,11 +6,11 @@
*/ */
package com.keyware.sonar.java.rules; package com.keyware.sonar.java.rules;
import org.sonar.plugins.html.api.HtmlConstants;
import org.sonar.plugins.java.api.CheckRegistrar; import org.sonar.plugins.java.api.CheckRegistrar;
import org.sonar.plugins.java.api.JavaCheck;
import org.sonarsource.api.sonarlint.SonarLintSide; import org.sonarsource.api.sonarlint.SonarLintSide;
import java.util.List; import java.util.Collections;
/** /**
* 负责将java规则检查器注册到SonarQube中 * 负责将java规则检查器注册到SonarQube中
@ -26,20 +26,8 @@ public class JavaFileCheckRegistrar implements CheckRegistrar {
@Override @Override
public void register(RegistrarContext registrarContext) { public void register(RegistrarContext registrarContext) {
// 调用 registerClassesForRepository 以将类与正确的存储库密钥相关联 // 调用 registerClassesForRepository 以将类与正确的存储库密钥相关联
registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, checkClasses(), testCheckClasses()); registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, RulesList.getJavaRules(), Collections.emptyList());
registrarContext.registerClassesForRepository(JavaSecurityDesignRulesRepository.REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, RulesList.getHtmlRules(), Collections.emptyList());
} }
/**
* 列出插件提供的所有主检查器
*/
public static List<Class<? extends JavaCheck>> checkClasses() {
return RulesList.getJavaChecks();
}
/**
* 列出插件提供的所有测试检查器
*/
public static List<Class<? extends JavaCheck>> testCheckClasses() {
return RulesList.getJavaTestChecks();
}
} }

@ -12,6 +12,7 @@ import org.sonar.api.SonarQubeSide;
import org.sonar.api.SonarRuntime; import org.sonar.api.SonarRuntime;
import org.sonar.api.server.rule.RulesDefinition; import org.sonar.api.server.rule.RulesDefinition;
import org.sonar.api.utils.Version; import org.sonar.api.utils.Version;
import org.sonar.plugins.html.api.HtmlConstants;
import org.sonarsource.analyzer.commons.RuleMetadataLoader; import org.sonarsource.analyzer.commons.RuleMetadataLoader;
import java.util.ArrayList; import java.util.ArrayList;
@ -43,15 +44,16 @@ public class JavaSecurityDesignRulesRepository implements RulesDefinition {
@Override @Override
public void define(RulesDefinition.Context context) { public void define(RulesDefinition.Context context) {
RulesDefinition.NewRepository repository = context.createRepository(REPOSITORY_KEY, "java").setName(REPOSITORY_NAME); RulesDefinition.NewRepository javaRepo = context.createRepository(REPOSITORY_KEY, "java").setName(REPOSITORY_NAME);
RuleMetadataLoader ruleMetadataLoader = new RuleMetadataLoader(RESOURCE_BASE_PATH, runtime); RuleMetadataLoader ruleMetadataLoader = new RuleMetadataLoader(RESOURCE_BASE_PATH, runtime);
ruleMetadataLoader.addRulesByAnnotatedClass(javaRepo, new ArrayList<>(RulesList.getJavaRules()));
ruleMetadataLoader.addRulesByAnnotatedClass(repository, new ArrayList<>(RulesList.getChecks())); setTemplates(javaRepo);
javaRepo.done();
setTemplates(repository);
RulesDefinition.NewRepository htmlRepo = context.createRepository(REPOSITORY_KEY + "-" + HtmlConstants.LANGUAGE_KEY, HtmlConstants.LANGUAGE_KEY).setName(REPOSITORY_NAME);
repository.done(); ruleMetadataLoader.addRulesByAnnotatedClass(htmlRepo, new ArrayList<>(RulesList.getHtmlRules()));
setTemplates(htmlRepo);
htmlRepo.done();
} }
private static void setTemplates(RulesDefinition.NewRepository repository) { private static void setTemplates(RulesDefinition.NewRepository repository) {

@ -9,43 +9,39 @@ package com.keyware.sonar.java.rules;
import com.keyware.sonar.java.rules.checkers.*; import com.keyware.sonar.java.rules.checkers.*;
import org.sonar.plugins.java.api.JavaCheck; import org.sonar.plugins.java.api.JavaCheck;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List; import java.util.List;
public final class RulesList { public final class RulesList {
private RulesList() {
}
public static List<Class<? extends JavaCheck>> getChecks() {
List<Class<? extends JavaCheck>> checks = new ArrayList<>();
checks.addAll(getJavaChecks());
checks.addAll(getJavaTestChecks());
return Collections.unmodifiableList(checks);
}
/** /**
* These rules are going to target MAIN code only * These rules are going to target MAIN code only
*/ */
public static List<Class<? extends JavaCheck>> getJavaChecks() { public static List<Class<? extends JavaCheck>> getJavaRules() {
return List.of( return List.of(
ABCVarNameChecker.class, //ABCVarNameChecker.class,
AbsolutePathDetectorChecker.class, AbsolutePathDetectorChecker.class,
PathAndKeywordCheck.class, AvoidSensitiveInfoInLogsCheck.class,
CookieSensitiveParameterCheck.class,
DynamicCodeChecker.class, DynamicCodeChecker.class,
DynamicLibraryLoadChecker.class,
FileCheck.class,
HashSaltPassWordChecker.class,
HttpInputDataChecker.class,
InputSQLVerifyChecker.class,
Md5PassWordVerifyChecker.class,
PasswordRegexCheck.class,
PathAndKeywordCheck.class,
RedirectUrlChecker.class,
RSAEncryptionChecker.class,
SecurityCookieChecker.class,
SystemFunctionChecker.class, SystemFunctionChecker.class,
UploadFileVerifyChecker.class, UploadFileVerifyChecker.class,
SecurityCookieChecker.class, UpperCycleLimitRuleChecker.class
RedirectUrlChecker.class,
DynamicLibraryLoadChecker.class
); );
} }
public static List<Class<? extends JavaCheck>> getHtmlRules() {
/** return List.of(
* These rules are going to target TEST code only PasswordInputTagChecker.class
*/ );
public static List<Class<? extends JavaCheck>> getJavaTestChecks() {
return Collections.emptyList();
} }
} }

@ -27,7 +27,7 @@ public class JavaFileCheckRegistrarTest {
JavaFileCheckRegistrar registrar = new JavaFileCheckRegistrar(); JavaFileCheckRegistrar registrar = new JavaFileCheckRegistrar();
registrar.register(context); registrar.register(context);
assertThat(context.checkClasses()).hasSize(9); assertThat(context.checkClasses()).hasSize(1);
assertThat(context.testCheckClasses()).hasSize(0); assertThat(context.testCheckClasses()).hasSize(0);
} }

@ -7,9 +7,6 @@
package com.keyware.sonar.java.rules; package com.keyware.sonar.java.rules;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.sonar.api.rules.RuleType;
import org.sonar.api.server.debt.DebtRemediationFunction;
import org.sonar.api.server.rule.RuleParamType;
import org.sonar.api.server.rule.RulesDefinition; import org.sonar.api.server.rule.RulesDefinition;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
@ -31,7 +28,7 @@ public class JavaSecurityDesignRulesRepositoryTest {
assertThat(repository.name()).isEqualTo(JavaSecurityDesignRulesRepository.REPOSITORY_NAME); assertThat(repository.name()).isEqualTo(JavaSecurityDesignRulesRepository.REPOSITORY_NAME);
assertThat(repository.language()).isEqualTo("java"); assertThat(repository.language()).isEqualTo("java");
assertThat(repository.rules()).hasSize(RulesList.getChecks().size()); assertThat(repository.rules()).hasSize(RulesList.getJavaRules().size());
assertThat(repository.rules().stream().filter(RulesDefinition.Rule::template)).isEmpty(); assertThat(repository.rules().stream().filter(RulesDefinition.Rule::template)).isEmpty();
} }

Loading…
Cancel
Save