From d60b40b8a934843ddbb969d7bb1d4d65b8ddbef9 Mon Sep 17 00:00:00 2001
From: sertic <sertic@thalia.de>
Date: Wed, 17 Feb 2016 10:00:49 +0100
Subject: [PATCH] Cleanup of configuration options

---
 .../mavensonarsputnik/MavenEnvironment.java   | 13 +++-------
 .../MavenSonarSputnikMojo.java                |  8 +-----
 .../owasp/OWASPDependencyCheckProcessor.java  | 18 ++++++++++---
 .../processor/sonar/SonarProcessor.java       | 26 +++++++++++++++++--
 .../processor/sonar/SonarResultParser.java    |  2 +-
 src/main/resources/default-sputnik.properties |  1 +
 6 files changed, 44 insertions(+), 24 deletions(-)

diff --git a/src/main/java/de/mirkosertic/mavensonarsputnik/MavenEnvironment.java b/src/main/java/de/mirkosertic/mavensonarsputnik/MavenEnvironment.java
index 70ea8be..92e2f3f 100644
--- a/src/main/java/de/mirkosertic/mavensonarsputnik/MavenEnvironment.java
+++ b/src/main/java/de/mirkosertic/mavensonarsputnik/MavenEnvironment.java
@@ -1,6 +1,5 @@
 package de.mirkosertic.mavensonarsputnik;
 
-import java.io.File;
 import org.apache.maven.artifact.factory.ArtifactFactory;
 import org.apache.maven.artifact.metadata.ArtifactMetadataSource;
 import org.apache.maven.artifact.repository.ArtifactRepository;
@@ -29,19 +28,18 @@ public class MavenEnvironment {
     private final ArtifactFactory artifactFactory;
     private final ArtifactMetadataSource artifactMetadataSource;
     private final ArtifactCollector artifactCollector;
-    private final File sonarConfiguration;
     private final RuntimeInformation runtimeInformation;
 
     public static void initialize(MavenSession aMavenSession, BuildPluginManager aBuildPluginManager, Log aLog,
             DependencyTreeBuilder aDependencyTreeBuilder, ArtifactRepository aLocalRepository,
             SecDispatcher aSecurityDispatcher, MavenProjectBuilder aProjectBuilder,
             LifecycleExecutor aLifecycleExecutor, ArtifactFactory aArtifactFactory,
-            ArtifactMetadataSource aArtifactMetadataSource, ArtifactCollector aArtifactCollector, File aSonarConfiguration, RuntimeInformation aRuntimeInformation) {
+            ArtifactMetadataSource aArtifactMetadataSource, ArtifactCollector aArtifactCollector, RuntimeInformation aRuntimeInformation) {
         ENVIRONMENT.set(new MavenEnvironment(aMavenSession, aBuildPluginManager, aLog,
                 aDependencyTreeBuilder, aLocalRepository,
                 aSecurityDispatcher, aProjectBuilder,
                 aLifecycleExecutor, aArtifactFactory,
-                aArtifactMetadataSource, aArtifactCollector, aSonarConfiguration, aRuntimeInformation));
+                aArtifactMetadataSource, aArtifactCollector, aRuntimeInformation));
     }
 
     public static MavenEnvironment get() {
@@ -52,7 +50,7 @@ public MavenEnvironment(MavenSession aMavenSession, BuildPluginManager aBuildPlu
             DependencyTreeBuilder aDependencyTreeBuilder, ArtifactRepository aLocalRepository,
             SecDispatcher aSecurityDispatcher, MavenProjectBuilder aProjectBuilder,
             LifecycleExecutor aLifecycleExecutor, ArtifactFactory aArtifactFactory,
-            ArtifactMetadataSource aArtifactMetadataSource, ArtifactCollector aArtifactCollector, File aSonarConfiguration, RuntimeInformation aRuntimeInformation) {
+            ArtifactMetadataSource aArtifactMetadataSource, ArtifactCollector aArtifactCollector, RuntimeInformation aRuntimeInformation) {
         mavenSession = aMavenSession;
         buildPluginManager = aBuildPluginManager;
         log = aLog;
@@ -64,7 +62,6 @@ public MavenEnvironment(MavenSession aMavenSession, BuildPluginManager aBuildPlu
         artifactFactory = aArtifactFactory;
         artifactMetadataSource = aArtifactMetadataSource;
         artifactCollector = aArtifactCollector;
-        sonarConfiguration = aSonarConfiguration;
         runtimeInformation = aRuntimeInformation;
     }
 
@@ -115,8 +112,4 @@ public ArtifactMetadataSource getArtifactMetadataSource() {
     public ArtifactCollector getArtifactCollector() {
         return artifactCollector;
     }
-
-    public File getSonarConfiguration() {
-        return sonarConfiguration;
-    }
 }
\ No newline at end of file
diff --git a/src/main/java/de/mirkosertic/mavensonarsputnik/MavenSonarSputnikMojo.java b/src/main/java/de/mirkosertic/mavensonarsputnik/MavenSonarSputnikMojo.java
index d23b6d5..f307438 100644
--- a/src/main/java/de/mirkosertic/mavensonarsputnik/MavenSonarSputnikMojo.java
+++ b/src/main/java/de/mirkosertic/mavensonarsputnik/MavenSonarSputnikMojo.java
@@ -68,12 +68,6 @@ public class MavenSonarSputnikMojo extends AbstractMojo {
     @Parameter(defaultValue = "${sputnikConfiguration}", required = true)
     private File sputnikConfiguration;
 
-    /**
-     * The Sonar configuration property file.
-     */
-    @Parameter(defaultValue = "${sonarConfiguration}", required = true)
-    private File sonarConfiguration;
-
     @Component
     private ArtifactFactory artifactFactory;
 
@@ -136,7 +130,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
                     dependencyTreeBuilder, localRepository,
                     securityDispatcher, projectBuilder,
                     lifecycleExecutor, artifactFactory,
-                    artifactMetadataSource, artifactCollector, sonarConfiguration, runtimeInformation);
+                    artifactMetadataSource, artifactCollector, runtimeInformation);
 
             Configuration theConfiguration = ConfigurationBuilder.initFromProperties(theSputnikProperties);
 
diff --git a/src/main/java/pl/touk/sputnik/processor/owasp/OWASPDependencyCheckProcessor.java b/src/main/java/pl/touk/sputnik/processor/owasp/OWASPDependencyCheckProcessor.java
index 4bdda42..9b03c93 100644
--- a/src/main/java/pl/touk/sputnik/processor/owasp/OWASPDependencyCheckProcessor.java
+++ b/src/main/java/pl/touk/sputnik/processor/owasp/OWASPDependencyCheckProcessor.java
@@ -306,10 +306,20 @@ private void processSingleDependency(File aPomXML, NodeList aVulnerabilities, Re
             for (int k=0;k<theLines.size();k++) {
                 String theSingleLine = theLines.get(k);
                 if (theSingleLine.contains("<artifactId>" + aMavenIdentifier.getArtifactId() + "</artifactId")) {
-                    Violation theViolation = new Violation(aReviewFile.getReviewFilename(), k+1, theCompleteComment,
-                            severity);
-                    aResult.add(theViolation);
-                    theSomethingFound = true;
+
+                    boolean theGroupIdFound = false;
+                    if (k>0) {
+                        theGroupIdFound = theGroupIdFound || theLines.get(k-1).contains("<groupId>" + aMavenIdentifier.getGroupId() + "</groupId");
+                    }
+                    if (k<theLines.size() - 1) {
+                        theGroupIdFound = theGroupIdFound || theLines.get(k+1).contains("<groupId>" + aMavenIdentifier.getGroupId() + "</groupId");
+                    }
+                    if (theGroupIdFound) {
+                        Violation theViolation = new Violation(aReviewFile.getReviewFilename(), k + 1, theCompleteComment,
+                                severity);
+                        aResult.add(theViolation);
+                        theSomethingFound = true;
+                    }
                 }
             }
 
diff --git a/src/main/java/pl/touk/sputnik/processor/sonar/SonarProcessor.java b/src/main/java/pl/touk/sputnik/processor/sonar/SonarProcessor.java
index 5e62098..6902568 100644
--- a/src/main/java/pl/touk/sputnik/processor/sonar/SonarProcessor.java
+++ b/src/main/java/pl/touk/sputnik/processor/sonar/SonarProcessor.java
@@ -25,6 +25,7 @@
 import com.google.common.annotations.VisibleForTesting;
 
 import pl.touk.sputnik.configuration.Configuration;
+import pl.touk.sputnik.configuration.ConfigurationOption;
 import pl.touk.sputnik.review.Review;
 import pl.touk.sputnik.review.ReviewException;
 import pl.touk.sputnik.review.ReviewFile;
@@ -37,6 +38,23 @@ public class SonarProcessor implements ReviewProcessor {
 
     private static final String PROCESSOR_NAME = "Sonar";
 
+    public final static ConfigurationOption SONAR_CONFIGURATION = new ConfigurationOption() {
+        @Override
+        public String getKey() {
+            return "sonar.configurationFile";
+        }
+
+        @Override
+        public String getDescription() {
+            return "Sonar configuration file";
+        }
+
+        @Override
+        public String getDefaultValue() {
+            return "";
+        }
+    };
+
     private final Configuration configuration;
 
     public SonarProcessor(@NotNull final Configuration aConfiguration) {
@@ -73,8 +91,12 @@ public ReviewResult process(@NotNull Review review) {
 
             Properties theSonarConfigurationToAdd = new Properties();
             theSonarConfigurationToAdd.load(getClass().getResourceAsStream("/default-sonar.properties"));
-            try (InputStream theStream = new FileInputStream(theEnvironment.getSonarConfiguration())) {
-                theSonarConfigurationToAdd.load(theStream);
+
+            String theSonarConfiguration = configuration.getProperty(SONAR_CONFIGURATION);
+            if (!StringUtils.isEmpty(theSonarConfiguration)) {
+                try (InputStream theStream = new FileInputStream(new File(theSonarConfiguration))) {
+                    theSonarConfigurationToAdd.load(theStream);
+                }
             }
 
             theRunner.addGlobalProperties(theSonarConfigurationToAdd);
diff --git a/src/main/java/pl/touk/sputnik/processor/sonar/SonarResultParser.java b/src/main/java/pl/touk/sputnik/processor/sonar/SonarResultParser.java
index 1f29618..5dc0bd3 100644
--- a/src/main/java/pl/touk/sputnik/processor/sonar/SonarResultParser.java
+++ b/src/main/java/pl/touk/sputnik/processor/sonar/SonarResultParser.java
@@ -126,4 +126,4 @@ private String getIssueFilePath(String issueComponent, Map<String, Component> co
         }
         return file;
     }
-}
+}
\ No newline at end of file
diff --git a/src/main/resources/default-sputnik.properties b/src/main/resources/default-sputnik.properties
index ce256a0..955af41 100644
--- a/src/main/resources/default-sputnik.properties
+++ b/src/main/resources/default-sputnik.properties
@@ -21,6 +21,7 @@ jshint.enabled=false
 jshint.configurationFile=jshint.json
 sonar.enabled=true
 sonar.verbose=false
+sonar.configurationFile=
 pitest.enabled=true
 pitest.configurationFile=
 owaspdependencycheck.enabled=true