Added "Sonar Security" quality profile

NijiDigital · Oct 16, 2018 · 0d0356f · 0d0356f
1 parent 43e8979
commit 0d0356f
Show file tree

Hide file tree

Showing 7 changed files with 313 additions and 14 deletions.
diff --git a/pom.xml b/pom.xml
@@ -6,41 +6,67 @@
 
     <groupId>fr.niji</groupId>
     <artifactId>sonar-niji-php-rules</artifactId>
-    <version>1.0-SNAPSHOT</version>
+    <version>1.0.1-SNAPSHOT</version>
 
     <packaging>sonar-plugin</packaging>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <version.analyzer-commons>1.5.0.178</version.analyzer-commons>
+        <version.assertj>3.5.2</version.assertj>
+        <version.junit>4.12</version.junit>
+        <version.mockito>2.21.0</version.mockito>
+        <version.sonar-php-plugin>2.14.0.3569</version.sonar-php-plugin>
+        <version.sonar-plugin-api>7.3</version.sonar-plugin-api>
+        <version.staxmate>2.0.1</version.staxmate>
     </properties>
 
     <dependencies>
         <dependency>
             <groupId>org.sonarsource.sonarqube</groupId>
             <artifactId>sonar-plugin-api</artifactId>
-            <version>7.1</version>
+            <version>${version.sonar-plugin-api}</version>
             <scope>provided</scope>
         </dependency>
 
         <dependency>
             <groupId>org.sonarsource.php</groupId>
             <artifactId>sonar-php-plugin</artifactId>
-            <type>sonar-plugin</type>
-            <version>2.14.0.3569</version>
-        <scope>provided</scope>
+            <version>${version.sonar-php-plugin}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.sonarsource.analyzer-commons</groupId>
+            <artifactId>sonar-analyzer-commons</artifactId>
+            <version>${version.analyzer-commons}</version>
         </dependency>
 
+        <!-- Test dependencies -->
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>${version.junit}</version>
         </dependency>
 
         <dependency>
-            <groupId>org.sonarsource.analyzer-commons</groupId>
-            <artifactId>sonar-analyzer-commons</artifactId>
-            <version>${version.analyzer-commons}</version>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <version>${version.assertj}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>${version.mockito}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.codehaus.staxmate</groupId>
+            <artifactId>staxmate</artifactId>
+            <version>${version.staxmate}</version>
         </dependency>
     </dependencies>
 

diff --git a/src/main/java/fr/niji/sonarphp/DrupalSecurityProfileDefinition.java b/src/main/java/fr/niji/sonarphp/DrupalSecurityProfileDefinition.java
@@ -0,0 +1,20 @@
+package fr.niji.sonarphp;
+
+import org.sonar.api.profiles.ProfileDefinition;
+import org.sonar.api.profiles.RulesProfile;
+import org.sonar.api.profiles.XMLProfileParser;
+import org.sonar.api.utils.ValidationMessages;
+
+public class DrupalSecurityProfileDefinition extends ProfileDefinition {
+
+    private final XMLProfileParser xmlProfileParser;
+
+    public DrupalSecurityProfileDefinition(XMLProfileParser xmlProfileParser) {
+        this.xmlProfileParser = xmlProfileParser;
+    }
+
+    @Override
+    public RulesProfile createProfile(ValidationMessages validation) {
+        return xmlProfileParser.parseResource(getClass().getClassLoader(), "fr/niji/sonarphp/profile/drupal-security-profile.xml", validation);
+    }
+}
diff --git a/src/main/java/fr/niji/sonarphp/PHPRuleDefinitions.java b/src/main/java/fr/niji/sonarphp/PHPRuleDefinitions.java
@@ -38,11 +38,12 @@
 public class PHPRuleDefinitions implements RulesDefinition, PHPCustomRuleRepository {
 
   private static final String RESOURCE_BASE_PATH = "fr/niji/l10n/php/rules/custom";
+  public static final String REPOSITORY_KEY = "niji-php-rules";
 
   @Override
   public String repositoryKey() {
 
-    return "niji-php-rules";
+    return REPOSITORY_KEY;
   }
 
   /**

diff --git a/src/main/java/fr/niji/sonarphp/PHPRulesPlugin.java b/src/main/java/fr/niji/sonarphp/PHPRulesPlugin.java
@@ -21,13 +21,18 @@
 
 import org.sonar.api.Plugin;
 
+
 /**
  * Extension point to define a Sonar Plugin.
  */
 public class PHPRulesPlugin implements Plugin {
 
-  @Override
-  public void define(Context context) {
-    context.addExtension(PHPRuleDefinitions.class);
-  }
+    @Override
+    public void define(Context context) {
+
+        context.addExtensions(
+                PHPRuleDefinitions.class,
+                DrupalSecurityProfileDefinition.class
+        );
+    }
 }
diff --git a/src/main/resources/fr/niji/sonarphp/profile/drupal-security-profile.xml b/src/main/resources/fr/niji/sonarphp/profile/drupal-security-profile.xml
@@ -0,0 +1,192 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<profile>
+    <name>Drupal Security</name>
+    <language>php</language>
+    <rules>
+        <rule>
+            <repositoryKey>niji-php-rules</repositoryKey>
+            <key>S10</key>
+            <priority>MAJOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>niji-php-rules</repositoryKey>
+            <key>S2</key>
+            <priority>MAJOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>niji-php-rules</repositoryKey>
+            <key>S3</key>
+            <priority>MAJOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>niji-php-rules</repositoryKey>
+            <key>S4</key>
+            <priority>MINOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>niji-php-rules</repositoryKey>
+            <key>S5</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>niji-php-rules</repositoryKey>
+            <key>S6</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>niji-php-rules</repositoryKey>
+            <key>S8</key>
+            <priority>MAJOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S1313</key>
+            <priority>MINOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S1523</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S1600</key>
+            <priority>MAJOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S1799</key>
+            <priority>BLOCKER</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2000</key>
+            <priority>MINOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2001</key>
+            <priority>MAJOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2002</key>
+            <priority>MINOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2043</key>
+            <priority>MINOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2053</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2068</key>
+            <priority>BLOCKER</priority>
+            <parameters>
+                <parameter>
+                    <key>credentialWords</key>
+                    <value>password,passwd,pwd</value>
+                </parameter>
+            </parameters>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2070</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2092</key>
+            <priority>MINOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2245</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2255</key>
+            <priority>MINOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2277</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2278</key>
+            <priority>BLOCKER</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S2964</key>
+            <priority>MINOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S3330</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S3331</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S4423</key>
+            <priority>MAJOR</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S4426</key>
+            <priority>BLOCKER</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S4508</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+        <rule>
+            <repositoryKey>php</repositoryKey>
+            <key>S4721</key>
+            <priority>CRITICAL</priority>
+            <parameters/>
+        </rule>
+    </rules>
+</profile>
diff --git a/src/test/java/fr/niji/sonarphp/DrupalSecurityProfileDefinitionTest.java b/src/test/java/fr/niji/sonarphp/DrupalSecurityProfileDefinitionTest.java
@@ -0,0 +1,27 @@
+package fr.niji.sonarphp;
+
+import org.junit.Test;
+import org.sonar.api.profiles.RulesProfile;
+import org.sonar.api.utils.ValidationMessages;
+import org.sonar.php.checks.CheckList;
+import org.sonar.plugins.php.api.Php;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class DrupalSecurityProfileDefinitionTest  {
+
+    @Test
+    public void profile_creation() {
+        ValidationMessages validation = ValidationMessages.create();
+
+        DrupalSecurityProfileDefinition definition = new DrupalSecurityProfileDefinition(new FakeProfileParser());
+        RulesProfile profile = definition.createProfile(validation);
+
+        assertThat(profile.getLanguage()).isEqualTo(Php.KEY);
+        assertThat(profile.getName()).isEqualTo("Drupal Security");
+        assertThat(profile.getActiveRulesByRepository(CheckList.REPOSITORY_KEY)).hasSize(23);
+        assertThat(profile.getActiveRulesByRepository(PHPRuleDefinitions.REPOSITORY_KEY)).hasSize(7);
+        assertThat(validation.hasErrors()).isFalse();
+    }
+
+}
diff --git a/src/test/java/fr/niji/sonarphp/FakeProfileParser.java b/src/test/java/fr/niji/sonarphp/FakeProfileParser.java
@@ -0,0 +1,28 @@
+package fr.niji.sonarphp;
+
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+import org.sonar.api.profiles.XMLProfileParser;
+import org.sonar.api.rules.Rule;
+import org.sonar.api.rules.RuleFinder;
+
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class FakeProfileParser extends XMLProfileParser {
+
+    public FakeProfileParser() {
+        super(ruleFinder());
+    }
+
+    private static RuleFinder ruleFinder() {
+        return when(mock(RuleFinder.class).findByKey(anyString(), anyString())).thenAnswer(new Answer<Rule>() {
+            public Rule answer(InvocationOnMock invocation) {
+                Object[] arguments = invocation.getArguments();
+                return Rule.create((String) arguments[0], (String) arguments[1], (String) arguments[1]);
+            }
+        }).getMock();
+    }
+
+}