Merge remote-tracking branch 'origin/master'

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxLanguage.java

@@ -40,7 +40,7 @@ public class CxxLanguage extends AbstractLanguage {
   /**
    * Default cxx files knows suffixes
    */
-  public static final String DEFAULT_FILE_SUFFIXES = "-";
+  public static final String DEFAULT_FILE_SUFFIXES = ".cxx,.cpp,.cc,.c,.hxx,.hpp,.hh,.h";
 
   /**
    * Settings of the plugin.

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxPlugin.java

@@ -64,9 +64,9 @@ public final class CxxPlugin implements Plugin {
     // plugin elements
     l.add(CxxLanguage.class);
     l.add(CxxSonarWayProfile.class);
+    l.add(SecurityDesignWayProfile.class);
     l.add(CxxRuleRepository.class);
     l.add(SecurityDesignRuleRepository.class);
-    l.add(SecurityDesignWayProfile.class);
 
     // reusable elements
     l.addAll(getSensorsImpl());

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSonarWayProfile.java

@@ -8,6 +8,7 @@ package com.keyware.sonar.cxx;
 
 import com.google.common.io.Resources;
 import com.google.gson.Gson;
+import com.keyware.sonar.cxx.rules.SecurityDesignRuleRepository;
 import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition;
 import org.sonar.cxx.checks.CheckList;
 import org.sonarsource.api.sonarlint.SonarLintSide;
@@ -43,7 +44,6 @@ public class CxxSonarWayProfile implements BuiltInQualityProfilesDefinition {
         jsonProfile.ruleKeys.forEach((key) -> {
             sonarWay.activateRule(CheckList.REPOSITORY_KEY, key);
         });
-
         sonarWay.done();
     }
 

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSquidSensor.java

@@ -6,6 +6,7 @@
  */
 package com.keyware.sonar.cxx;
 
+import com.keyware.sonar.cxx.rules.SecurityDesignRuleRepository;
 import com.sonar.cxx.sslr.api.Grammar;
 import org.sonar.api.PropertyType;
 import org.sonar.api.batch.fs.InputFile;
@@ -98,6 +99,7 @@ public class CxxSquidSensor implements ProjectSensor {
                           @Nullable CustomCxxRulesDefinition[] customRulesDefinition) {
         this.checks = CxxChecks.createCxxCheck(checkFactory)
                 .addChecks(CheckList.REPOSITORY_KEY, CheckList.getChecks())
+                .addChecks(SecurityDesignRuleRepository.REPOSITORY_KEY, SecurityDesignRuleRepository.RULE_CHECKERS)
                 .addCustomChecks(customRulesDefinition);
         this.fileLinesContextFactory = fileLinesContextFactory;
         this.noSonarFilter = noSonarFilter;
@@ -456,14 +458,20 @@ public class CxxSquidSensor implements ProjectSensor {
                 if (message.getLine() != null && message.getLine() > 0) {
                     line = message.getLine();
                 }
+                // 增加对规则库的判断
+                var checker = (SquidAstVisitor<Grammar>) message.getCheck();
+                var repositoryKey = CheckList.REPOSITORY_KEY;
+                if (checker.getClass().getPackageName().startsWith("com.keyware.sonar.cxx.rules.checkers")) {
+                    repositoryKey = SecurityDesignRuleRepository.REPOSITORY_KEY;
+                }
 
-        RuleKey ruleKey = checks.ruleKey((SquidAstVisitor<Grammar>) message.getCheck());
+                RuleKey ruleKey = checks.ruleKey(checker);
                 if (ruleKey != null) {
-          var newIssue = context.newIssue().forRule(RuleKey.of(CheckList.REPOSITORY_KEY, ruleKey.rule()));
+                    var newIssue = context.newIssue().forRule(RuleKey.of(repositoryKey, ruleKey.rule()));
                     var location = newIssue.newLocation()
                             .on(inputFile)
                             .at(inputFile.selectLine(line))
-            .message(message.getText(Locale.ENGLISH));
+                            .message(message.getText(Locale.CHINA));
 
                     newIssue.at(location);
                     newIssue.save();

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/SubscriptionAstVisitor.java

@@ -9,6 +9,7 @@ package com.keyware.sonar.cxx;
 import com.sonar.cxx.sslr.api.AstNode;
 import com.sonar.cxx.sslr.api.AstNodeType;
 import com.sonar.cxx.sslr.api.Grammar;
+import org.sonar.cxx.squidbridge.SquidAstVisitor;
 import org.sonar.cxx.squidbridge.checks.SquidCheck;
 
 import java.util.List;
@@ -19,13 +20,15 @@ import java.util.List;
  * @author GuoXin
  * @date 2024/1/13
  */
-public abstract class SubscriptionAstVisitor extends SquidCheck<Grammar> {
+public abstract class SubscriptionAstVisitor extends SquidAstVisitor<Grammar> {
+    private SquidCheck<Grammar> checker;
     /**
      * 构造函数需要传入初代访问器
      *
      * @param checker 初代规则检查器
      */
     public SubscriptionAstVisitor(SquidCheck<Grammar> checker) {
+        this.checker = checker;
         setContext(checker.getContext());
         visitNodeTypes().forEach(this::subscribeTo);
     }
@@ -95,7 +98,7 @@ public abstract class SubscriptionAstVisitor extends SquidCheck<Grammar> {
      * @param messageParameters 可选消息参数（请参阅 java.text.MessageFormat）
      */
     protected void reportIssue(String message, Object... messageParameters) {
-        getContext().createFileViolation(this, message, messageParameters);
+        getContext().createFileViolation(checker, message, messageParameters);
     }
 
     /**
@@ -106,7 +109,7 @@ public abstract class SubscriptionAstVisitor extends SquidCheck<Grammar> {
      * @param messageParameters 可选消息参数（请参阅 java.text.MessageFormat）
      */
     protected void reportIssue(AstNode node, String message, Object... messageParameters) {
-        getContext().createLineViolation(this, message, node, messageParameters);
+        getContext().createLineViolation(checker, message, node, messageParameters);
     }
 }
 

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignRuleRepository.java

@@ -25,7 +25,7 @@ public class SecurityDesignRuleRepository implements RulesDefinition {
     public final static String REPOSITORY_NAME = "C++信息安全性设计准则";
 
     // 规则检查器的集合，当有新的规则开发完毕后，需要添加到下面的集合中
-    private final List<Class> RULE_CHECKERS = Arrays.asList(ABCVarNameChecker.class);
+    public final static List<Class> RULE_CHECKERS = Arrays.asList(ABCVarNameChecker.class);
 
     @Override
     public void define(Context context) {

sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/CxxLanguageTest.java

@@ -32,7 +32,7 @@ class CxxLanguageTest {
   @Test
   void shouldReturnDefaultFileSuffixes1() {
     var cxx = new CxxLanguage(settings.asConfig());
-    String[] expected = {"disabled"};
+    String[] expected = {".cxx", ".cpp", ".cc", ".c", ".hxx", ".hpp", ".hh", ".h"};
     assertThat(cxx.getFileSuffixes()).contains(expected);
   }
 
@@ -40,7 +40,7 @@ class CxxLanguageTest {
   void shouldReturnDefaultFileSuffixes2() {
     settings.setProperty(CxxLanguage.FILE_SUFFIXES_KEY, "");
     var cxx = new CxxLanguage(settings.asConfig());
-    String[] expected = {"disabled"};
+    String[] expected = {".cxx", ".cpp", ".cc", ".c", ".hxx", ".hpp", ".hh", ".h"};
     assertThat(cxx.getFileSuffixes()).contains(expected);
   }
 

sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/CxxPluginTest.java

@@ -28,7 +28,7 @@ class CxxPluginTest {
         var context = new Plugin.Context(runtime);
         var plugin = new CxxPlugin();
         plugin.define(context);
-    assertThat(context.getExtensions()).hasSize(84);
+        assertThat(context.getExtensions()).hasSize(85);
     }
 
 }

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java

@@ -21,7 +21,7 @@ public class JavaSecurityDesignWayProfile implements BuiltInQualityProfilesDefin
 
     @Override
     public void define(Context context) {
-        var way = context.createBuiltInQualityProfile("Java信息安全设计准则", "java");
+        var way = context.createBuiltInQualityProfile("Java信息安全性设计准则", "java");
         way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "ABCVarNameChecker");
         way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "AbsolutePathDetectorChecker");
         way.activateRule(JavaSecurityDesignRulesRepository.REPOSITORY_KEY, "DynamicCodeChecker");