From 6337ada7d17109532b58cfe7a97c868804ed3c0f Mon Sep 17 00:00:00 2001
From: Josh Feingold <jfeingold@salesforce.com>
Date: Wed, 13 Dec 2023 11:51:44 -0600
Subject: [PATCH 01/10] @W-13222948@: Pmd Catalog generated as temp file.

---
 src/Constants.ts                       |  1 -
 src/lib/pmd/PmdCatalogWrapper.ts       | 16 +++++-----------
 src/lib/pmd/PmdEngine.ts               |  4 ++--
 test/lib/pmd/PmdCatalogWrapper.test.ts |  4 ++--
 4 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/src/Constants.ts b/src/Constants.ts
index b80f85d3f..2a6957232 100644
--- a/src/Constants.ts
+++ b/src/Constants.ts
@@ -8,7 +8,6 @@ export const CATALOG_FILE = 'Catalog.json';
 export const CUSTOM_PATHS_FILE = 'CustomPaths.json';
 export const CONFIG_PILOT_FILE = 'Config-pilot.json';
 export const CONFIG_FILE = 'Config.json';
-export const PMD_CATALOG_FILE = 'PmdCatalog.json';
 
 // TODO: We should flesh this one-off solution out into one that handles all the various env vars we use.
 //       E.g., the ones defined in `EnvironmentVariable.ts` and `dfa.ts`.
diff --git a/src/lib/pmd/PmdCatalogWrapper.ts b/src/lib/pmd/PmdCatalogWrapper.ts
index de213ef73..7bed06ecf 100644
--- a/src/lib/pmd/PmdCatalogWrapper.ts
+++ b/src/lib/pmd/PmdCatalogWrapper.ts
@@ -9,8 +9,7 @@ import {PmdSupport} from './PmdSupport';
 import { PMD_LIB } from '../../Constants';
 import path = require('path');
 import {uxEvents, EVENTS} from '../ScannerEvents';
-import { Controller } from '../../Controller';
-import { PMD_CATALOG_FILE, PMD_VERSION } from '../../Constants';
+import { PMD_VERSION } from '../../Constants';
 import {BundleName, getMessage} from "../../MessageCatalog";
 
 // Here, current dir __dirname = <base_dir>/sfdx-scanner/src/lib/pmd
@@ -20,7 +19,7 @@ const MAIN_CLASS = 'sfdc.sfdx.scanner.pmd.Main';
 export class PmdCatalogWrapper extends PmdSupport {
 	private logger: Logger; // TODO: add relevant trace logs
 	private initialized: boolean;
-	private sfdxScannerPath: string;
+	private catalogFilePath: path.ParsedPath;
 
 	protected async init(): Promise<void> {
 		if (this.initialized) {
@@ -28,8 +27,7 @@ export class PmdCatalogWrapper extends PmdSupport {
 		}
 		await super.init();
 		this.logger = await Logger.child('PmdCatalogWrapper');
-		this.sfdxScannerPath = Controller.getSfdxScannerPath();
-
+		this.catalogFilePath = path.parse(await new FileHandler().tmpFileWithCleanup());
 		this.initialized = true;
 	}
 
@@ -39,12 +37,8 @@ export class PmdCatalogWrapper extends PmdSupport {
 		return this.readCatalogFromFile();
 	}
 
-	private getCatalogPath(): string {
-		return path.join(this.sfdxScannerPath, PMD_CATALOG_FILE);
-	}
-
 	private async readCatalogFromFile(): Promise<Catalog> {
-		const rawCatalog = await new FileHandler().readFile(this.getCatalogPath());
+		const rawCatalog = await new FileHandler().readFile(path.format(this.catalogFilePath));
 		return JSON.parse(rawCatalog) as Catalog;
 	}
 
@@ -56,7 +50,7 @@ export class PmdCatalogWrapper extends PmdSupport {
 		// is intended for child_process.spawn(), which freaks out if you do that.
 		const classpathEntries = await this.buildClasspath();
 		const parameters = await this.buildCatalogerParameters();
-		const args = [`-DcatalogHome=${this.sfdxScannerPath}`, `-DcatalogName=${PMD_CATALOG_FILE}`, '-cp', classpathEntries.join(path.delimiter), MAIN_CLASS, ...parameters];
+		const args = [`-DcatalogHome=${this.catalogFilePath.dir}`, `-DcatalogName=${this.catalogFilePath.base}`, '-cp', classpathEntries.join(path.delimiter), MAIN_CLASS, ...parameters];
 
 		this.logger.trace(`Preparing to execute PMD Cataloger with command: "${command}", args: "${JSON.stringify(args)}"`);
 		return [command, args];
diff --git a/src/lib/pmd/PmdEngine.ts b/src/lib/pmd/PmdEngine.ts
index 9491b1cf5..1187c6252 100644
--- a/src/lib/pmd/PmdEngine.ts
+++ b/src/lib/pmd/PmdEngine.ts
@@ -457,8 +457,8 @@ export class PmdEngine extends BasePmdEngine {
 		return await this.runInternal(selectedRules, targets);
 	}
 
-	public async isEnabled(): Promise<boolean> {
-		return await this.config.isEngineEnabled(PmdEngine.THIS_ENGINE);
+	public isEnabled(): Promise<boolean> {
+		return this.config.isEngineEnabled(PmdEngine.THIS_ENGINE);
 	}
 }
 
diff --git a/test/lib/pmd/PmdCatalogWrapper.test.ts b/test/lib/pmd/PmdCatalogWrapper.test.ts
index 568cd4df6..f584b4154 100644
--- a/test/lib/pmd/PmdCatalogWrapper.test.ts
+++ b/test/lib/pmd/PmdCatalogWrapper.test.ts
@@ -40,7 +40,7 @@ describe('PmdCatalogWrapper', () => {
 					const thePath = path.join('dist', 'pmd-cataloger', 'lib');
 					const expectedParamList = [
 						`-DcatalogHome=`,
-						'-DcatalogName=PmdCatalog.json',
+						'-DcatalogName=',
 						'-cp',
 						thePath,
 						'sfdc.sfdx.scanner.pmd.Main'];
@@ -48,7 +48,7 @@ describe('PmdCatalogWrapper', () => {
 					const target = await TestablePmdCatalogWrapper.create({});
 					const params = (await target.buildCommandArray())[1];
 
-					expectedParamList.forEach((value: string, index: number, array: string[]) => {
+					expectedParamList.forEach((value: string, index: number) => {
 						expect(params[index]).contains(value, `Unexpected param value at position ${index}`);
 					});
 				});

From 96ad9046e394b8f41033422236bc050e20706c5c Mon Sep 17 00:00:00 2001
From: Josh Feingold <jfeingold@salesforce.com>
Date: Mon, 18 Dec 2023 13:42:49 -0600
Subject: [PATCH 02/10] @W-13222948@: Refactored PMD support classes.

---
 src/lib/cpd/CpdWrapper.ts              |   6 +-
 src/lib/pmd/PmdCatalogWrapper.ts       | 114 ++++--------------
 src/lib/pmd/PmdEngine.ts               |  99 +++++++++++++---
 src/lib/pmd/PmdSupport.ts              |  43 +++----
 src/lib/pmd/PmdWrapper.ts              |  72 ++++--------
 src/lib/services/CommandLineSupport.ts |   4 -
 src/lib/sfge/SfgeWrapper.ts            |   6 +-
 test/lib/pmd/PmdCatalogWrapper.test.ts | 154 +------------------------
 test/lib/pmd/PmdEngine.test.ts         | 131 ++++++++++++++++++++-
 9 files changed, 284 insertions(+), 345 deletions(-)

diff --git a/src/lib/cpd/CpdWrapper.ts b/src/lib/cpd/CpdWrapper.ts
index afc8f524c..0b40b5473 100644
--- a/src/lib/cpd/CpdWrapper.ts
+++ b/src/lib/cpd/CpdWrapper.ts
@@ -32,15 +32,11 @@ export default class CpdWrapper extends CommandLineSupport {
 		this.initialized = true;
 	}
 
-	protected buildClasspath(): Promise<string[]> {
-		return Promise.resolve([`${PMD_LIB}/*`]);
-	}
-
 	protected async buildCommandArray(): Promise<[string, string[]]> {
 		const javaHome = await JreSetupManager.verifyJreSetup();
 		const command = path.join(javaHome, 'bin', 'java');
 
-		const classpath = await this.buildClasspath();
+		const classpath = [`${PMD_LIB}/*`];
 
 		const fileHandler = new FileHandler();
 		const tmpPath = await fileHandler.tmpFileWithCleanup();
diff --git a/src/lib/pmd/PmdCatalogWrapper.ts b/src/lib/pmd/PmdCatalogWrapper.ts
index 7bed06ecf..ccf9756c9 100644
--- a/src/lib/pmd/PmdCatalogWrapper.ts
+++ b/src/lib/pmd/PmdCatalogWrapper.ts
@@ -1,15 +1,10 @@
 import {Logger} from '@salesforce/core';
 import {Catalog} from '../../types';
 import {FileHandler} from '../util/FileHandler';
-import * as PrettyPrinter from '../util/PrettyPrinter';
 import * as JreSetupManager from './../JreSetupManager';
 import {ResultHandlerArgs} from '../services/CommandLineSupport';
-import * as PmdLanguageManager from './PmdLanguageManager';
-import {PmdSupport} from './PmdSupport';
-import { PMD_LIB } from '../../Constants';
+import {PmdSupport, PmdSupportOptions} from './PmdSupport';
 import path = require('path');
-import {uxEvents, EVENTS} from '../ScannerEvents';
-import { PMD_VERSION } from '../../Constants';
 import {BundleName, getMessage} from "../../MessageCatalog";
 
 // Here, current dir __dirname = <base_dir>/sfdx-scanner/src/lib/pmd
@@ -17,10 +12,14 @@ const PMD_CATALOGER_LIB = path.join(__dirname, '..', '..', '..', 'dist', 'pmd-ca
 const MAIN_CLASS = 'sfdc.sfdx.scanner.pmd.Main';
 
 export class PmdCatalogWrapper extends PmdSupport {
-	private logger: Logger; // TODO: add relevant trace logs
+	private logger: Logger;
 	private initialized: boolean;
 	private catalogFilePath: path.ParsedPath;
 
+	constructor(opts: PmdSupportOptions) {
+		super(opts);
+	}
+
 	protected async init(): Promise<void> {
 		if (this.initialized) {
 			return;
@@ -46,99 +45,34 @@ export class PmdCatalogWrapper extends PmdSupport {
 		const javaHome = await JreSetupManager.verifyJreSetup();
 		const command = path.join(javaHome, 'bin', 'java');
 
-		// NOTE: If we were going to run this command from the CLI directly, then we'd wrap the classpath in quotes, but this
-		// is intended for child_process.spawn(), which freaks out if you do that.
-		const classpathEntries = await this.buildClasspath();
-		const parameters = await this.buildCatalogerParameters();
-		const args = [`-DcatalogHome=${this.catalogFilePath.dir}`, `-DcatalogName=${this.catalogFilePath.base}`, '-cp', classpathEntries.join(path.delimiter), MAIN_CLASS, ...parameters];
+		// The classpath needs the cataloger's lib folder. Note that the classpath is not wrapped in quotes
+		// like it would be if we invoked through the CLI, because child_process.spawn() hates that.
+		const classpath: string = [`${PMD_CATALOGER_LIB}/*`, ...this.buildSharedClasspath()].join(path.delimiter);
+		const languageArgs: string[] = this.buildLanguageArgs();
+		this.logger.trace(`Cataloger parameters have been built: ${JSON.stringify(languageArgs)}`);
+
+		const args = [`-DcatalogHome=${this.catalogFilePath.dir}`, `-DcatalogName=${this.catalogFilePath.base}`, '-cp', classpath, MAIN_CLASS, ...languageArgs];
 
 		this.logger.trace(`Preparing to execute PMD Cataloger with command: "${command}", args: "${JSON.stringify(args)}"`);
 		return [command, args];
 	}
 
-	protected async buildClasspath(): Promise<string[]> {
-		const catalogerLibs = `${PMD_CATALOGER_LIB}/*`;
-		const classpathEntries = await super.buildSharedClasspath();
-		classpathEntries.push(catalogerLibs);
-		return classpathEntries;
-	}
-
-	private async buildCatalogerParameters(): Promise<string[]> {
-		const pathSetMap = await this.getRulePathEntries();
-		const parameters: string[] = [];
-		const divider = '=';
-		const joiner = ',';
-
-		// For each language, build an argument that looks like:
-		// "language=path1,path2,path3"
-		pathSetMap.forEach((entries, language) => {
-			const paths = Array.from(entries.values());
-
-			// add parameter only if paths are available for real
-			if (paths && paths.length > 0) {
-				parameters.push(language + divider + paths.join(joiner));
-			}
-		});
-
-		this.logger.trace(`Cataloger parameters have been built: ${JSON.stringify(parameters)}`);
-		return parameters;
-	}
-
 	/**
-	 * Return a map where the key is the language and the value is a set of class/jar paths.  Start with the given
-	 * default values, if provided.
+	 * Constructs the arguments for the PMD Cataloger so it knows which rules to catalog for which languages.
+	 * @private
 	 */
-	protected async getRulePathEntries(): Promise<Map<string, Set<string>>> {
-		const pathSetMap = new Map<string, Set<string>>();
-
-		const customRulePaths: Map<string, Set<string>> = await this.getCustomRulePathEntries();
-		const fileHandler = new FileHandler();
-
-
-		// Iterate through the custom paths.
-		for (const [langKey, paths] of customRulePaths.entries()) {
-			// If the language by which these paths are mapped can be de-aliased into one of PMD's default-supported
-			// languages, we should use the name PMD recognizes. That way, if they have custom paths for 'ecmascript'
-			// and 'js', we'll turn both of those into 'javascript'.
-			// If we can't de-alias the key, we should at least convert it to lowercase. Otherwise 'python', 'PYTHON',
-			// and 'PyThOn' would all be considered different languages.
-			const lang = (await PmdLanguageManager.resolveLanguageAlias(langKey)) || langKey.toLowerCase();
-			this.logger.trace(`Custom paths mapped to ${langKey} are using converted key ${lang}`);
+	private buildLanguageArgs(): string[] {
+		const languageArgs: string[] = [];
 
-			// Add this language's custom paths to the pathSetMap so they're cataloged properly.
-			const pathSet = pathSetMap.get(lang) || new Set<string>();
-			if (paths) {
-				for (const value of paths.values()) {
-					if (await fileHandler.exists(value)) {
-						pathSet.add(value);
-					} else {
-						// The catalog file may have been deleted or moved. Show the user a warning.
-						uxEvents.emit(EVENTS.WARNING_ALWAYS, getMessage(BundleName.EventKeyTemplates, 'warning.customRuleFileNotFound', [value, lang]));
-					}
-				}
+		// For each language, build an argument that looks like:
+		// "language=path1,path2,path3"
+		this.rulePathsByLanguage.forEach((rulePaths, language) => {
+			if (rulePaths && rulePaths.size > 0) {
+				languageArgs.push(`${language}=${[...rulePaths].join(',')}`);
 			}
-			pathSetMap.set(lang, pathSet);
-		}
-
-		// Now, we'll want to add the default PMD JARs for any activated languages.
-		const supportedLanguages = await PmdLanguageManager.getSupportedLanguages();
-		supportedLanguages.forEach((language) => {
-			const pmdJarName = PmdCatalogWrapper.derivePmdJarName(language);
-			const pathSet = pathSetMap.get(language) || new Set<string>();
-			pathSet.add(pmdJarName);
-			this.logger.trace(`Adding JAR ${pmdJarName}, the default PMD JAR for language ${language}`);
-			pathSetMap.set(language, pathSet);
 		});
-		this.logger.trace(`Found PMD rule paths ${PrettyPrinter.stringifyMapOfSets(pathSetMap)}`);
-		return pathSetMap;
-	}
-
-
-	/**
-	 * PMD library holds the same naming structure for each language
-	 */
-	private static derivePmdJarName(language: string): string {
-		return path.join(PMD_LIB, "pmd-" + language + "-" + PMD_VERSION + ".jar");
+		this.logger.trace(`Cataloger parameters have been built: ${JSON.stringify(languageArgs)}`);
+		return languageArgs;
 	}
 
 	protected isSuccessfulExitCode(code: number): boolean {
diff --git a/src/lib/pmd/PmdEngine.ts b/src/lib/pmd/PmdEngine.ts
index 1187c6252..4059011f2 100644
--- a/src/lib/pmd/PmdEngine.ts
+++ b/src/lib/pmd/PmdEngine.ts
@@ -4,14 +4,18 @@ import {Controller} from '../../Controller';
 import {Catalog, Rule, RuleGroup, RuleResult, RuleTarget, RuleViolation, TargetPattern} from '../../types';
 import {AbstractRuleEngine} from '../services/RuleEngine';
 import {Config} from '../util/Config';
-import {ENGINE, CUSTOM_CONFIG, EngineBase, HARDCODED_RULES, Severity} from '../../Constants';
+import {CUSTOM_CONFIG, ENGINE, EngineBase, HARDCODED_RULES, PMD_LIB, PMD_VERSION, Severity} from '../../Constants';
 import {PmdCatalogWrapper} from './PmdCatalogWrapper';
 import PmdWrapper from './PmdWrapper';
-import {uxEvents, EVENTS} from "../ScannerEvents";
+import {EVENTS, uxEvents} from "../ScannerEvents";
 import {FileHandler} from '../util/FileHandler';
 import {EventCreator} from '../util/EventCreator';
 import * as engineUtils from '../util/CommonEngineUtils';
 import {BundleName, getMessage} from "../../MessageCatalog";
+import * as PrettyPrinter from '../util/PrettyPrinter';
+import * as PmdLanguageManager from './PmdLanguageManager';
+import path = require('path');
+import {AsyncCreatable} from "@salesforce/kit";
 
 interface PmdViolation extends Element {
 	attributes: {
@@ -63,7 +67,7 @@ const HARDCODED_RULE_DETAILS: HardcodedRuleDetail[] = [
 ];
 
 
-abstract class BasePmdEngine extends AbstractRuleEngine {
+abstract class AbstractPmdEngine extends AbstractRuleEngine {
 	/**
 	 * As per our internal policies, we want to avoid significantly changing output in minor releases, except for
 	 * high-severity security rules.
@@ -75,7 +79,6 @@ abstract class BasePmdEngine extends AbstractRuleEngine {
 	protected logger: Logger;
 	protected config: Config;
 
-	protected pmdCatalogWrapper: PmdCatalogWrapper;
 	protected eventCreator: EventCreator;
 	private initialized: boolean;
 
@@ -126,12 +129,11 @@ abstract class BasePmdEngine extends AbstractRuleEngine {
 		this.logger = await Logger.child(this.getName());
 
 		this.config = await Controller.getConfig();
-		this.pmdCatalogWrapper = await PmdCatalogWrapper.create({});
 		this.eventCreator = await EventCreator.create({});
 		this.initialized = true;
 	}
 
-	protected async runInternal(selectedRules: string, targets: RuleTarget[]): Promise<RuleResult[]> {
+	protected async runInternal(selectedRules: string, targets: RuleTarget[], rulePathsByLanguage: Map<string, Set<string>>): Promise<RuleResult[]> {
 		try {
 			const targetPaths: string[] = [];
 			for (const target of targets) {
@@ -143,8 +145,11 @@ abstract class BasePmdEngine extends AbstractRuleEngine {
 			}
 			this.logger.trace(`About to run PMD rules. Targets: ${targetPaths.length}, Selected rules: ${selectedRules}`);
 
-			const selectedTargets = targetPaths.join(',');
-			const stdout = await PmdWrapper.execute(selectedTargets, selectedRules);
+			const stdout = await (await PmdWrapper.create({
+				targets: targetPaths,
+				rules: selectedRules,
+				rulePathsByLanguage
+			})).execute();
 			const results = this.processStdOut(stdout);
 			this.logger.trace(`Found ${results.length} for PMD`);
 			return results;
@@ -416,16 +421,22 @@ function isCustomRun(engineOptions: Map<string, string>): boolean {
 	return engineUtils.isCustomRun(CUSTOM_CONFIG.PmdConfig, engineOptions);
 }
 
-export class PmdEngine extends BasePmdEngine {
+export class PmdEngine extends AbstractPmdEngine {
 	private static THIS_ENGINE = ENGINE.PMD;
 	public static ENGINE_NAME = PmdEngine.THIS_ENGINE.valueOf();
+	private catalogWrapper: PmdCatalogWrapper;
 
 	getName(): string {
 		return PmdEngine.ENGINE_NAME;
 	}
 
-	getCatalog(): Promise<Catalog> {
-		return this.pmdCatalogWrapper.getCatalog();
+	async getCatalog(): Promise<Catalog> {
+		if (!this.catalogWrapper) {
+			this.catalogWrapper = await PmdCatalogWrapper.create({
+				rulePathsByLanguage: await (await _PmdRuleMapper.create({})).createStandardRuleMap()
+			});
+		}
+		return this.catalogWrapper.getCatalog();
 	}
 
 	shouldEngineRun(
@@ -454,7 +465,7 @@ export class PmdEngine extends BasePmdEngine {
 		this.logger.trace(`${ruleGroups.length} Rules found for PMD engine`);
 
 		const selectedRules = ruleGroups.map(np => np.paths).join(',');
-		return await this.runInternal(selectedRules, targets);
+		return await this.runInternal(selectedRules, targets, await (await _PmdRuleMapper.create({})).createStandardRuleMap());
 	}
 
 	public isEnabled(): Promise<boolean> {
@@ -462,7 +473,7 @@ export class PmdEngine extends BasePmdEngine {
 	}
 }
 
-export class CustomPmdEngine extends BasePmdEngine {
+export class CustomPmdEngine extends AbstractPmdEngine {
 	private static THIS_ENGINE = ENGINE.PMD_CUSTOM;
 
 	getName(): string {
@@ -513,7 +524,7 @@ export class CustomPmdEngine extends BasePmdEngine {
 			await this.eventCreator.createUxInfoAlwaysMessage('info.filtersIgnoredCustom', []);
 		}
 
-		return await this.runInternal(selectedRules, targets);
+		return await this.runInternal(selectedRules, targets, await (await _PmdRuleMapper.create({})).createStandardRuleMap());
 	}
 
 	private async getCustomConfig(engineOptions: Map<string, string>): Promise<string> {
@@ -528,4 +539,64 @@ export class CustomPmdEngine extends BasePmdEngine {
 
 }
 
+/**
+ * Helper class for PMD variants that need to catalog PMD's default rules and any user-registered rules.
+ */
+export class _PmdRuleMapper extends AsyncCreatable {
+	private initialized: boolean;
+	private logger: Logger;
+
+	public async init(): Promise<void> {
+		if (this.initialized) {
+			return;
+		}
+
+		this.logger = await Logger.child(this.constructor.name);
+	}
 
+	/**
+	 * Creates a mapping from language names to sets of files that define PMD rules for those languages.
+	 * The mapped files encompass PMD's default rules for activated languages, as well as any user-registered
+	 * custom rules.
+	 */
+	public async createStandardRuleMap(): Promise<Map<string, Set<string>>> {
+		const rulePathsByLanguage = new Map<string, Set<string>>();
+		// Add the default PMD jar for each activated language.
+		(await PmdLanguageManager.getSupportedLanguages()).forEach(language => {
+			const pmdJarPath = path.join(PMD_LIB, `pmd-${language}-${PMD_VERSION}.jar`);
+			const rulePaths = rulePathsByLanguage.get(language) || new Set<string>();
+			rulePaths.add(pmdJarPath);
+			this.logger.trace(`Adding JAR ${pmdJarPath}, the default PMD JAR for language ${language}`);
+			rulePathsByLanguage.set(language, rulePaths);
+		});
+
+		// Next, handle custom paths.
+		const fileHandler = new FileHandler();
+		const customRulePaths: Map<string, Set<string>> = (await Controller.createRulePathManager()).getRulePathEntries(PmdEngine.ENGINE_NAME);
+		for (const [languageKey, rulePathSet] of customRulePaths.entries()) {
+			// Attempt to de-alias the language key into one that PMD will recognize.
+			// If that doesn't work, just cast the key to lowercase.
+			const finalKey = (await PmdLanguageManager.resolveLanguageAlias(languageKey)) || languageKey.toLowerCase();
+			this.logger.trace(`Custom path language key ${languageKey} converted to cataloger language key ${finalKey}`);
+
+			// Next we want to do an existence check on each of the custom paths.
+			const mappedPathSet = rulePathsByLanguage.get(finalKey) || new Set<string>();
+			if (rulePathSet) {
+				for (const rulePath of rulePathSet.values()) {
+					if (await fileHandler.exists(rulePath)) {
+						// If the path matches an existing file/directory, add it to the map
+						// and the classpath.
+						mappedPathSet.add(rulePath);
+					} else {
+						// If the path doesn't match an existing file, then the file may have been
+						// deleted or moved. Warn the user about that.
+						uxEvents.emit(EVENTS.WARNING_ALWAYS, getMessage(BundleName.EventKeyTemplates, 'warning.customRuleFileNotFound', [rulePath, finalKey]));
+					}
+				}
+			}
+			rulePathsByLanguage.set(finalKey, mappedPathSet);
+		}
+		this.logger.trace(`Found PMD rule paths ${PrettyPrinter.stringifyMapOfSets(rulePathsByLanguage)}`);
+		return rulePathsByLanguage;
+	}
+}
diff --git a/src/lib/pmd/PmdSupport.ts b/src/lib/pmd/PmdSupport.ts
index 93b8f4a20..d4cc20702 100644
--- a/src/lib/pmd/PmdSupport.ts
+++ b/src/lib/pmd/PmdSupport.ts
@@ -1,35 +1,26 @@
-import {Controller} from '../../Controller';
-import {PmdEngine} from './PmdEngine';
 import { CommandLineSupport } from '../services/CommandLineSupport';
-import { PMD_LIB } from '../../Constants';
 
-/**
- * Output format supported by PMD
- */
-export enum Format {
-	XML = 'xml',
-	CSV = 'csv',
-	TEXT = 'text'
-}
+export type PmdSupportOptions = {
+	/**
+	 * A mapping from language names to Sets of files that define rules for those languages.
+	 */
+	rulePathsByLanguage: Map<string, Set<string>>;
+};
 
 export abstract class PmdSupport extends CommandLineSupport {
+	protected readonly rulePathsByLanguage: Map<string, Set<string>>;
 
-	protected async buildSharedClasspath(): Promise<string[]> {
-		// Include PMD libs into classpath
-		const pmdLibs = `${PMD_LIB}/*`;
-		const classpathEntries = [pmdLibs];
-
-		// Include custom rule paths into classpath
-		const customPathEntries = await this.getCustomRulePathEntries();
-		customPathEntries.forEach((pathEntries) => {
-			classpathEntries.push(...pathEntries);
-		});
-
-		return classpathEntries;
+	protected constructor(opts: PmdSupportOptions) {
+		super({});
+		this.rulePathsByLanguage = opts.rulePathsByLanguage;
 	}
 
-	protected async getCustomRulePathEntries(): Promise<Map<string, Set<string>>> {
-		const customRulePathManager = await Controller.createRulePathManager();
-		return customRulePathManager.getRulePathEntries(PmdEngine.ENGINE_NAME);
+	protected buildSharedClasspath(): string[] {
+		const classpath: string[] = [];
+		// Every entry in the rule paths map should be added to the classpath.
+		for (const rulePaths of this.rulePathsByLanguage.values()) {
+			classpath.push(...rulePaths);
+		}
+		return classpath;
 	}
 }
diff --git a/src/lib/pmd/PmdWrapper.ts b/src/lib/pmd/PmdWrapper.ts
index a37812936..4b3525369 100644
--- a/src/lib/pmd/PmdWrapper.ts
+++ b/src/lib/pmd/PmdWrapper.ts
@@ -1,5 +1,6 @@
 import {Logger} from '@salesforce/core';
-import {Format, PmdSupport} from './PmdSupport';
+import {PMD_LIB} from '../../Constants';
+import {PmdSupport, PmdSupportOptions} from './PmdSupport';
 import * as JreSetupManager from './../JreSetupManager';
 import path = require('path');
 import {FileHandler} from '../util/FileHandler';
@@ -7,23 +8,23 @@ import {FileHandler} from '../util/FileHandler';
 const MAIN_CLASS = 'net.sourceforge.pmd.PMD';
 const HEAP_SIZE = '-Xmx1024m';
 
-interface PmdWrapperOptions {
-	path: string;
+type PmdWrapperOptions = PmdSupportOptions & {
+	targets: string[];
 	rules: string;
-	reportFormat?: Format;
-	reportFile?: string;
-}
+};
 
 export default class PmdWrapper extends PmdSupport {
-
-
-	path: string;
-	rules: string;
-	reportFormat: Format;
-	reportFile: string;
-	logger: Logger; // TODO: Add relevant trace log lines
+	private targets: string[];
+	private rules: string;
+	private logger: Logger;
 	private initialized: boolean;
 
+	public constructor(opts: PmdWrapperOptions) {
+		super(opts);
+		this.targets = opts.targets;
+		this.rules = opts.rules;
+	}
+
 	protected async init(): Promise<void> {
 		if (this.initialized) {
 			return;
@@ -33,57 +34,30 @@ export default class PmdWrapper extends PmdSupport {
 		this.initialized = true;
 	}
 
-	protected async buildClasspath(): Promise<string[]> {
-		return super.buildSharedClasspath();
-	}
-
-	public static async execute(path: string, rules: string, reportFormat?: Format, reportFile?: string): Promise<string> {
-		const myPmd = await PmdWrapper.create({
-			path: path,
-			rules: rules,
-			reportFormat: reportFormat,
-			reportFile: reportFile
-		});
-		return myPmd.execute();
-	}
-
-	private async execute(): Promise<string> {
+	public async execute(): Promise<string> {
 		return super.runCommand();
 	}
 
-	constructor(options: PmdWrapperOptions) {
-		super(options);
-		this.path = options.path;
-		this.rules = options.rules;
-		this.reportFormat = options.reportFormat || Format.XML;
-		this.reportFile = options.reportFile || null;
-	}
-
 	protected async buildCommandArray(): Promise<[string, string[]]> {
 		const javaHome = await JreSetupManager.verifyJreSetup();
 		const command = path.join(javaHome, 'bin', 'java');
 
-		// Start with the arguments we know we'll always need.
-		// NOTE: If we were going to run this command from the CLI directly, then we'd wrap the classpath in quotes, but this
-		// is intended for child_process.spawn(), which freaks out if you do that.
-		const classpath = await this.buildClasspath();
+		// The classpath needs PMD's lib folder. There may be redundancy with the shared classpath, but having the
+		// same JAR in the classpath twice is fine. Also note that the classpath is not wrapped in quotes like how it
+		// would be if we invoked directly through the CLI, because child_process.spawn() hates that.
+		const classpath = [`${PMD_LIB}/*`, ...this.buildSharedClasspath()].join(path.delimiter);
 		// Operating systems impose limits on the maximum length of a command line invocation. This can be problematic
-		// when scannning a large number of files. Store the list of files to scan in a temp file. Pass the location
+		// when scanning a large number of files. Store the list of files to scan in a temp file. Pass the location
 		// of the temp file to PMD. The temp file is cleaned up when the process exits.
 		const fileHandler = new FileHandler();
 		const tmpPath = await fileHandler.tmpFileWithCleanup();
-		await fileHandler.writeFile(tmpPath, this.path);
-		const args = ['-cp', classpath.join(path.delimiter), HEAP_SIZE, MAIN_CLASS, '-filelist', tmpPath,
-			'-format', this.reportFormat];
+		await fileHandler.writeFile(tmpPath, this.targets.join(','));
+		const args = ['-cp', classpath, HEAP_SIZE, MAIN_CLASS, '-filelist', tmpPath,
+			'-format', 'xml'];
 		if (this.rules.length > 0) {
 			args.push('-rulesets', this.rules);
 		}
 
-		// Then add anything else that's dynamically included based on other input.
-		if (this.reportFile) {
-			args.push('-reportfile', this.reportFile);
-		}
-
 		this.logger.trace(`Preparing to execute PMD with command: "${command}", args: "${JSON.stringify(args)}"`);
 		return [command, args];
 	}
diff --git a/src/lib/services/CommandLineSupport.ts b/src/lib/services/CommandLineSupport.ts
index 03afc1628..f1b8485f7 100644
--- a/src/lib/services/CommandLineSupport.ts
+++ b/src/lib/services/CommandLineSupport.ts
@@ -41,8 +41,6 @@ export abstract class CommandLineSupport extends AsyncCreatable {
 		this.parentInitialized = true;
 	}
 
-	protected abstract buildClasspath(): Promise<string[]>;
-
 	/**
 	 * Returns a {@link SpinnerManager} implementation to be used while waiting for the child process to complete. This
 	 * default implementation returns a {@link NoOpSpinnerManager}, but subclasses may override to return another object
@@ -85,7 +83,6 @@ export abstract class CommandLineSupport extends AsyncCreatable {
 						// hold onto data only if it was not processed
 						stdout += data;
 					}
-					
 				})();
 			});
 			cp.stderr.on('data', data => {
@@ -95,7 +92,6 @@ export abstract class CommandLineSupport extends AsyncCreatable {
 						// hold onto data only if it was not processed
 						stderr += data;
 					}
-					
 				})();
 			});
 
diff --git a/src/lib/sfge/SfgeWrapper.ts b/src/lib/sfge/SfgeWrapper.ts
index 12c8332ff..b9bb64871 100644
--- a/src/lib/sfge/SfgeWrapper.ts
+++ b/src/lib/sfge/SfgeWrapper.ts
@@ -121,10 +121,6 @@ abstract class AbstractSfgeWrapper extends CommandLineSupport {
 		this.initialized = true;
 	}
 
-	protected buildClasspath(): Promise<string[]> {
-		return Promise.resolve([`${SFGE_LIB}/*`]);
-	}
-
 	protected isSuccessfulExitCode(code: number): boolean {
 		return code === EXIT_NO_VIOLATIONS || code === EXIT_WITH_VIOLATIONS;
 	}
@@ -157,7 +153,7 @@ abstract class AbstractSfgeWrapper extends CommandLineSupport {
 	protected async buildCommandArray(): Promise<[string, string[]]> {
 		const javaHome = await JreSetupManager.verifyJreSetup();
 		const command = path.join(javaHome, 'bin', 'java');
-		const classpath = await this.buildClasspath();
+		const classpath = [`${SFGE_LIB}/*`];
 
 		const args = [`-Dsfge_log_name=${this.logFilePath}`, '-cp', classpath.join(path.delimiter)];
 		if (this.jvmArgs != null) {
diff --git a/test/lib/pmd/PmdCatalogWrapper.test.ts b/test/lib/pmd/PmdCatalogWrapper.test.ts
index f584b4154..ecd2d92d2 100644
--- a/test/lib/pmd/PmdCatalogWrapper.test.ts
+++ b/test/lib/pmd/PmdCatalogWrapper.test.ts
@@ -1,13 +1,9 @@
 import {PmdCatalogWrapper} from '../../../src/lib/pmd/PmdCatalogWrapper';
-import {PmdEngine} from '../../../src/lib/pmd/PmdEngine';
-import {CustomRulePathManager} from '../../../src/lib/CustomRulePathManager';
 import {Config} from '../../../src/lib/util/Config';
 import {expect} from 'chai';
 import Sinon = require('sinon');
 import path = require('path');
-import {ENGINE,LANGUAGE,PMD_VERSION} from '../../../src/Constants';
-import {FileHandler} from '../../../src/lib/util/FileHandler';
-import {uxEvents, EVENTS} from '../../../src/lib/ScannerEvents';
+import {ENGINE,LANGUAGE} from '../../../src/Constants';
 import { after } from 'mocha';
 
 // In order to get access to PmdCatalogWrapper's protected methods, we're going to extend it with a test class here.
@@ -15,12 +11,7 @@ class TestablePmdCatalogWrapper extends PmdCatalogWrapper {
 	public async buildCommandArray(): Promise<[string, string[]]> {
 		return super.buildCommandArray();
 	}
-
-	public async getRulePathEntries(): Promise<Map<string, Set<string>>> {
-		return super.getRulePathEntries();
-	}
 }
-const irrelevantPath = path.join('this', 'path', 'does', 'not', 'actually', 'matter');
 
 describe('PmdCatalogWrapper', () => {
 	describe('buildCommandArray()', () => {
@@ -45,7 +36,9 @@ describe('PmdCatalogWrapper', () => {
 						thePath,
 						'sfdc.sfdx.scanner.pmd.Main'];
 
-					const target = await TestablePmdCatalogWrapper.create({});
+					const target = await TestablePmdCatalogWrapper.create({
+						rulePathsByLanguage: new Map<string, Set<string>>()
+					});
 					const params = (await target.buildCommandArray())[1];
 
 					expectedParamList.forEach((value: string, index: number) => {
@@ -53,146 +46,7 @@ describe('PmdCatalogWrapper', () => {
 					});
 				});
 			});
-			describe('When Custom PMD JARs have been registered for a language whose default PMD rules are off...', () => {
-				before(() => {
-					Sinon.createSandbox();
-					// Spoof a config that claims that only Apex's default PMD JAR is enabled.
-					Sinon.stub(Config.prototype, 'getSupportedLanguages').withArgs(ENGINE.PMD).resolves([LANGUAGE.APEX]);
-					// Spoof a CustomPathManager that claims that a custom JAR exists for Java.
-					const customJars: Map<string, Set<string>> = new Map();
-					customJars.set(LANGUAGE.JAVA, new Set([irrelevantPath]));
-					Sinon.stub(CustomRulePathManager.prototype, 'getRulePathEntries').withArgs(PmdEngine.ENGINE_NAME).resolves(customJars);
-					Sinon.stub(FileHandler.prototype, 'exists').resolves(true);
-				});
-
-				after(() => {
-					Sinon.restore();
-				});
-
-				it('Custom PMD JARs are included', async () => {
-					// Get our parameters.
-					const target = await TestablePmdCatalogWrapper.create({});
-					const params = (await target.buildCommandArray())[1];
-
-					const customJarValue = `java=${irrelevantPath}`;
-					const defaultJarPattern = /^apex=.*pmd-apex-.*.jar$/;
-
-					validateCustomAndDefaultJarParams(params, customJarValue, defaultJarPattern);
-				});
-			});
-
-			describe('When Custom PMD JARs have been registered for a language under a weird alias...', () => {
-				before(() => {
-					Sinon.createSandbox();
-					// Spoof a config that claims that only Apex's default PMD JAR is enabled.
-					Sinon.stub(Config.prototype, 'getSupportedLanguages').withArgs(ENGINE.PMD).resolves([LANGUAGE.APEX]);
-					// Spoof a CustomPathManager that claims that a custom JAR exists for plsql, using a weird alias for that language.
-					const customJars: Map<string, Set<string>> = new Map();
-					customJars.set('ViSuAlFoRcE', new Set([irrelevantPath]));
-					Sinon.stub(CustomRulePathManager.prototype, 'getRulePathEntries').withArgs(PmdEngine.ENGINE_NAME).resolves(customJars);
-					Sinon.stub(FileHandler.prototype, 'exists').resolves(true);
-				});
-
-				after(() => {
-					Sinon.restore();
-				});
-
-				it('Custom PMD JARs are included', async () => {
-					// Get our parameters.
-					const target = await TestablePmdCatalogWrapper.create({});
-					const params = (await target.buildCommandArray())[1];
-
-					const customJarValue = `visualforce=${irrelevantPath}`;
-					const defaultJarPattern = /^apex=.*pmd-apex-.*.jar$/;
-					validateCustomAndDefaultJarParams(params, customJarValue, defaultJarPattern);
-				});
-			});
-
-			describe("When not all supported languages have an associated PMD JAR", () => {
-				before(() => {
-					Sinon.createSandbox();
-					// Spoof a config that claims that only apex is the supported language
-					Sinon.stub(Config.prototype, 'getSupportedLanguages').withArgs(ENGINE.PMD).resolves([LANGUAGE.APEX]);
-					const customJars: Map<string, Set<string>> = new Map();
-					customJars.set('visualforce', new Set([irrelevantPath]));
-					customJars.set(LANGUAGE.JAVA, new Set());
-					Sinon.stub(CustomRulePathManager.prototype, 'getRulePathEntries').withArgs(PmdEngine.ENGINE_NAME).resolves(customJars);
-					Sinon.stub(FileHandler.prototype, 'exists').resolves(true);
-				});
-
-				after(() => {
-					Sinon.restore();
-				});
-
-				it('should not include a supported language as input to PmdCataloger if the language has no associated path', async () => {
-					// Get our parameters.
-					const target = await TestablePmdCatalogWrapper.create({});
-					const params = (await target.buildCommandArray())[1];
-
-					const customJarValue = `visualforce=${irrelevantPath}`;
-					const defaultJarPattern = /^apex=.*jar$/;
-
-					validateCustomAndDefaultJarParams(params, customJarValue, defaultJarPattern);
-				});
-			});
-
-			describe('Missing Rule Files are Handled Gracefully', () => {
-				const validJar = 'jar-that-exists.jar';
-				const missingJar = 'jar-that-is-missing.jar';
-				// This jar is automatically included by the PmdCatalogWrapper
-				const pmdJar = path.resolve(path.join('dist', 'pmd', 'lib', `pmd-java-${PMD_VERSION}.jar`));
-				let uxSpy = null;
-
-				before(() => {
-					Sinon.createSandbox();
-					Sinon.stub(Config.prototype, 'getSupportedLanguages').withArgs(ENGINE.PMD).resolves([LANGUAGE.JAVA]);
-					const customJars: Map<string, Set<string>> = new Map();
-					// Simulate CustomPaths.json contains a jar that has been deleted or moved
-					customJars.set(LANGUAGE.JAVA, new Set([validJar, missingJar]));
-					Sinon.stub(CustomRulePathManager.prototype, 'getRulePathEntries').withArgs(PmdEngine.ENGINE_NAME).resolves(customJars);
-					const stub = Sinon.stub(FileHandler.prototype, 'exists');
-					stub.withArgs(validJar).resolves(true);
-					stub.withArgs(missingJar).resolves(false);
-					uxSpy = Sinon.spy(uxEvents, 'emit');
-				});
-
-				after(() => {
-					Sinon.restore();
-				});
-
-				it('Missing file should be filtered out and display warning', async () => {
-					const target = await TestablePmdCatalogWrapper.create({});
-					const entries = await target.getRulePathEntries();
-
-					// The rule path entries should only include the jar that exists
-					expect(entries.size).to.equal(1, `Entries: ${Array.from(entries.keys())}`);
-					const jars = entries.get(LANGUAGE.JAVA);
-					const jarsErrorMessage =  `Jars: ${Array.from(jars)}`;
-					expect(jars.size).to.equal(2, jarsErrorMessage);
-					expect(jars).to.contain(validJar, jarsErrorMessage);
-					expect(jars).to.contain(pmdJar, jarsErrorMessage);
-					expect(jars).to.not.contain(missingJar, jarsErrorMessage);
-
-					// A warning should be displayed
-					Sinon.assert.calledOnce(uxSpy);
-					Sinon.assert.calledWith(uxSpy, EVENTS.WARNING_ALWAYS, `Custom rule file path [${missingJar}] for language [${LANGUAGE.JAVA}] was not found.`);
-				});
-			});
 		});
 	});
 });
 
-function validateCustomAndDefaultJarParams(params: string[], customJarValue: string, defaultJarPattern: RegExp) {
-	const expectedParamLength = 7;
-	expect(params.length).to.equal(expectedParamLength, `Should have been ${expectedParamLength} parameters: ${params}`);
-
-	const classpathIndex = expectedParamLength - 4;
-	expect(params[classpathIndex]).to.contain(irrelevantPath, `Parameter as position ${classpathIndex} should be classpath, including custom Java JAR`);
-
-	const customJarIndex = expectedParamLength - 2;
-	expect(params[customJarIndex]).to.equal(customJarValue, `Parameter as position ${customJarIndex} is incorrect`);
-
-	const defaultJarIndex = expectedParamLength - 1;
-	expect(params[defaultJarIndex]).to.match(defaultJarPattern, `Parameter as position ${defaultJarIndex} does not match pattern`);
-}
-
diff --git a/test/lib/pmd/PmdEngine.test.ts b/test/lib/pmd/PmdEngine.test.ts
index b5ebb7b20..c7a0398fb 100644
--- a/test/lib/pmd/PmdEngine.test.ts
+++ b/test/lib/pmd/PmdEngine.test.ts
@@ -4,12 +4,15 @@ import {RuleResult, RuleViolation} from '../../../src/types';
 import path = require('path');
 import {expect} from 'chai';
 import Sinon = require('sinon');
-import {PmdEngine}  from '../../../src/lib/pmd/PmdEngine'
+import {PmdEngine, _PmdRuleMapper}  from '../../../src/lib/pmd/PmdEngine'
 import {uxEvents, EVENTS} from '../../../src/lib/ScannerEvents';
 import * as TestOverrides from '../../test-related-lib/TestOverrides';
-import { CUSTOM_CONFIG } from '../../../src/Constants';
+import {CUSTOM_CONFIG, ENGINE, LANGUAGE, PMD_VERSION} from '../../../src/Constants';
 import * as DataGenerator from '../eslint/EslintTestDataGenerator';
 import {BundleName, getMessage} from "../../../src/MessageCatalog";
+import {Config} from "../../../src/lib/util/Config";
+import {CustomRulePathManager} from "../../../src/lib/CustomRulePathManager";
+import {after} from "mocha";
 
 TestOverrides.initializeTestSetup();
 
@@ -324,3 +327,127 @@ describe('Tests for BasePmdEngine and PmdEngine implementation', () => {
 		});
 	});
 });
+
+describe('_PmdRuleMapper', () => {
+	const irrelevantPath = path.join('this', 'path', 'does', 'not', 'actually', 'matter');
+	describe('When Custom PMD JARs have been registered for a language whose default PMD rules are off...', () => {
+		before(() => {
+			Sinon.createSandbox();
+			// Spoof a config that claims that only Apex's default PMD JAR is enabled.
+			Sinon.stub(Config.prototype, 'getSupportedLanguages').withArgs(ENGINE.PMD).resolves([LANGUAGE.APEX]);
+			// Spoof a CustomPathManager that claims that a custom JAR exists for Java.
+			const customJars: Map<string, Set<string>> = new Map<string, Set<string>>();
+			customJars.set(LANGUAGE.JAVA, new Set([irrelevantPath]));
+			Sinon.stub(CustomRulePathManager.prototype, 'getRulePathEntries').withArgs(PmdEngine.ENGINE_NAME).returns(customJars);
+			Sinon.stub(FileHandler.prototype, 'exists').resolves(true);
+		});
+
+		after(() => {
+			Sinon.restore();
+		});
+
+		it('Custom PMD JARs are included', async () => {
+			// Get our parameters.
+			const target = await _PmdRuleMapper.create({});
+			const ruleMap = await target.createStandardRuleMap();
+
+			expect(ruleMap).to.include.keys(LANGUAGE.JAVA);
+			expect(ruleMap.get(LANGUAGE.JAVA)).to.have.key(irrelevantPath);
+		});
+	});
+
+	describe('When Custom PMD JARs have been registered for a language under a weird alias...', () => {
+		before(() => {
+			Sinon.createSandbox();
+			// Spoof a config that claims that only Apex's default PMD JAR is enabled.
+			Sinon.stub(Config.prototype, 'getSupportedLanguages').withArgs(ENGINE.PMD).resolves([LANGUAGE.APEX]);
+			// Spoof a CustomPathManager that claims that a custom JAR exists for plsql, using a weird alias for that language.
+			const customJars: Map<string, Set<string>> = new Map();
+			customJars.set('ViSuAlFoRcE', new Set([irrelevantPath]));
+			Sinon.stub(CustomRulePathManager.prototype, 'getRulePathEntries').withArgs(PmdEngine.ENGINE_NAME).returns(customJars);
+			Sinon.stub(FileHandler.prototype, 'exists').resolves(true);
+		});
+
+		after(() => {
+			Sinon.restore();
+		});
+
+		it('Custom PMD JARs are included', async () => {
+			// Get our parameters.
+			const target = await _PmdRuleMapper.create({});
+			const ruleMap = await target.createStandardRuleMap();
+
+			expect(ruleMap).to.include.keys(LANGUAGE.VISUALFORCE);
+			expect(ruleMap.get(LANGUAGE.VISUALFORCE)).to.have.key(irrelevantPath);
+		});
+	});
+
+	describe("When not all supported languages have an associated PMD JAR", () => {
+		before(() => {
+			Sinon.createSandbox();
+			// Spoof a config that claims that only apex is the supported language
+			Sinon.stub(Config.prototype, 'getSupportedLanguages').withArgs(ENGINE.PMD).resolves([LANGUAGE.APEX]);
+			const customJars: Map<string, Set<string>> = new Map();
+			customJars.set('visualforce', new Set([irrelevantPath]));
+			customJars.set(LANGUAGE.JAVA, new Set());
+			Sinon.stub(CustomRulePathManager.prototype, 'getRulePathEntries').withArgs(PmdEngine.ENGINE_NAME).returns(customJars);
+			Sinon.stub(FileHandler.prototype, 'exists').resolves(true);
+		});
+
+		after(() => {
+			Sinon.restore();
+		});
+
+		it('should not include a supported language as input to PmdCataloger if the language has no associated path', async () => {
+			// Get our parameters.
+			const target = await _PmdRuleMapper.create({});
+			const ruleMap = await target.createStandardRuleMap();
+
+			// Since Java had no JAR, it should not be included in map
+			expect(ruleMap).to.not.have.key(LANGUAGE.JAVA);
+		});
+	});
+
+	describe('Missing Rule Files are Handled Gracefully', () => {
+		const validJar = 'jar-that-exists.jar';
+		const missingJar = 'jar-that-is-missing.jar';
+		// This jar is automatically included by the PmdCatalogWrapper
+		const pmdJar = path.resolve(path.join('dist', 'pmd', 'lib', `pmd-java-${PMD_VERSION}.jar`));
+		let uxSpy = null;
+
+		before(() => {
+			Sinon.createSandbox();
+			Sinon.stub(Config.prototype, 'getSupportedLanguages').withArgs(ENGINE.PMD).resolves([LANGUAGE.JAVA]);
+			const customJars: Map<string, Set<string>> = new Map();
+			// Simulate CustomPaths.json contains a jar that has been deleted or moved
+			customJars.set(LANGUAGE.JAVA, new Set([validJar, missingJar]));
+			Sinon.stub(CustomRulePathManager.prototype, 'getRulePathEntries').withArgs(PmdEngine.ENGINE_NAME).returns(customJars);
+			const stub = Sinon.stub(FileHandler.prototype, 'exists');
+			stub.withArgs(validJar).resolves(true);
+			stub.withArgs(missingJar).resolves(false);
+			uxSpy = Sinon.spy(uxEvents, 'emit');
+		});
+
+		after(() => {
+			Sinon.restore();
+		});
+
+		it('Missing file should be filtered out and display warning', async () => {
+			const target = await _PmdRuleMapper.create({});
+			const ruleMap = await target.createStandardRuleMap();
+
+			// The rule path entries should only include the jar that exists
+			expect(ruleMap.size).to.equal(1);
+			const jars = ruleMap.get(LANGUAGE.JAVA);
+			const jarsErrorMessage =  `Jars: ${Array.from(jars)}`;
+			expect(jars.size).to.equal(2, jarsErrorMessage);
+			expect(jars).to.contain(validJar, jarsErrorMessage);
+			expect(jars).to.contain(pmdJar, jarsErrorMessage);
+			expect(jars).to.not.contain(missingJar, jarsErrorMessage);
+
+			// A warning should be displayed
+			Sinon.assert.calledOnce(uxSpy);
+			Sinon.assert.calledWith(uxSpy, EVENTS.WARNING_ALWAYS, `Custom rule file path [${missingJar}] for language [${LANGUAGE.JAVA}] was not found.`);
+		});
+	});
+});

From 4a4cde2db6f19aa26e8999cd735302758f2c2cea Mon Sep 17 00:00:00 2001
From: Josh Feingold <jfeingold@salesforce.com>
Date: Mon, 18 Dec 2023 17:00:08 -0600
Subject: [PATCH 03/10] @W-13222948@: Added AppExchange PMD subvariant.

---
 pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar      | Bin 0 -> 2931 bytes
 pmd-appexchange/lib/sfca-pmd-apex-0.12.jar    | Bin 0 -> 9140 bytes
 pmd-appexchange/lib/sfca-pmd-html-0.12.jar    | Bin 0 -> 1946 bytes
 .../lib/sfca-pmd-javascript-0.12.jar          | Bin 0 -> 1873 bytes
 .../lib/sfca-pmd-visualforce-0.12.jar         | Bin 0 -> 7568 bytes
 pmd-appexchange/lib/sfca-pmd-xml-0.12.jar     | Bin 0 -> 4153 bytes
 .../java/sfdc/sfdx/scanner/Constants.java     |  10 +++
 .../main/java/sfdc/sfdx/scanner/pmd/Main.java |   6 +-
 .../sfdx/scanner/pmd/PmdRuleCataloger.java    |  40 ++++++---
 .../scanner/pmd/catalog/PmdCatalogJson.java   |   8 +-
 .../scanner/pmd/catalog/PmdCatalogRule.java   |  11 ++-
 .../pmd/Pmd7CompatibilityCheckerTest.java     |   5 +-
 .../scanner/pmd/PmdRuleCatalogerTest.java     |  13 +--
 .../pmd/catalog/PmdCatalogJsonTest.java       |   7 +-
 .../pmd/catalog/PmdCatalogRuleTest.java       |   9 +-
 src/Constants.ts                              |   7 ++
 src/ioc.config.ts                             |   3 +-
 src/lib/pmd/PmdCatalogWrapper.ts              |  10 ++-
 src/lib/pmd/PmdEngine.ts                      |  80 ++++++++++++++++--
 src/lib/pmd/PmdWrapper.ts                     |  11 ++-
 src/lib/util/Config.ts                        |  35 ++++++++
 test/commands/scanner/rule/list.test.ts       |   2 +-
 test/lib/Controller.test.ts                   |   8 +-
 test/lib/pmd/PmdCatalogWrapper.test.ts        |   4 +-
 24 files changed, 208 insertions(+), 61 deletions(-)
 create mode 100644 pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar
 create mode 100644 pmd-appexchange/lib/sfca-pmd-apex-0.12.jar
 create mode 100644 pmd-appexchange/lib/sfca-pmd-html-0.12.jar
 create mode 100644 pmd-appexchange/lib/sfca-pmd-javascript-0.12.jar
 create mode 100644 pmd-appexchange/lib/sfca-pmd-visualforce-0.12.jar
 create mode 100644 pmd-appexchange/lib/sfca-pmd-xml-0.12.jar
 create mode 100644 pmd-cataloger/src/main/java/sfdc/sfdx/scanner/Constants.java

diff --git a/pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar b/pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar
new file mode 100644
index 0000000000000000000000000000000000000000..b5c63ae6d81021aefdcc1064d8da14e0401f3692
GIT binary patch
literal 2931
zcma)83pmqzA7_|LGHH~v*5z<oc+8=YOLaz^vL<rRtzkAIdl_o9jJ9%#(}nfA<uVa+
ziAIW2;@!d~msYtfjtmcqR7bse|Nqy?<E&oq`Rw`q_xnH3_w)Jwe*fR|dp;irtc<LZ
zl$3&kRH)x2Hz@!R@Bu&(7&seejQ&A;TLT#>hrblwIs=(T00o-BfUhjXVeAju+Bi9*
zakg`~_9ut1`sl8;Sbg2jc7Dx~pL=$SMu$fs5@G;<xvMNNKS7{;({N>t>Yp_cVUgkf
zgut+HB4O2faDkxa%6f8Wz^WW@W8dS1;7<@&C2Frmj0g-RQ1AhG3jQ07bBEPPt#VRQ
zn}O4?`I{O}wzxm#+(SbS0V|8d6A8GmfXEO6+CKyz5s{NYjE0-SnU!P&!oR&JbFdm`
z*r*Aq_@$~DZ^~rI7UXnItK_z}mt(0jjlbDZ4YXqw$F#TY+j?gE;#O2;;4`7hZWPKl
zS8F_#UFKFfJ-y}3zh^DhO|g#~@3IzbJN!8GqOUS8eeTh{;5A-l9T$C?^m%u5Gcr;L
zo~3p7`z=SzPb+8;eC9v7b~!>_luCDZ4-p-Ve<-YQvS#MBCWpIc^c{ShKQ+3x)Y=_N
z$IQo15Dd|>`TIgVb$69W=a+9m^z0x7nq0|cXzDPeHF}QO)#O0~HomN$ih*{lcP84k
zjUVwTCmN{Mw!HJM6F-0Je)JAq%fI(#IL9rw>VTji5vIh;QS(lr92%OtqN!JAjjDGR
z+(Hi_T=ClTrU|^7&u^~E)4e=0YrO<s-LS%LISbcR<YSbzMVMCA5!5ER@v4pZJMaSN
zO^sbc`-h^_bWvhAA45jRrN}<3(j%l_7!^nxu9%9sospvC;mgdxbi`|r-rlwIm~fue
zO|pQz%yZ4gwL#ftXR&4{+Ai}s2L<=0b-FG;Pj-Kpr?2YB$NuCNCUC_hqZV>(_~F+}
zYLSWdEp2YkJqGuvXHpUFR%VTy@N$|WGTQ%x_7CUm8ZNuN)H{#*aU?oWK*Q9O`-z0x
z8;aFpkZ~u2;Txt77RTIDfDUXU;qAHg8-rsG2wfOCO*1<Z^;L$ppHyaYk3XSUiLwiA
zr=&_Z_UM-wjeXRD&JQolrd~_$%%ddfz7;uQa87Mct4P0Jxk)b0Gm{&7j6T&ndY3-a
z%!1D2i{8H4Yxa7BVHD((FxNO(5SJJHYhe0%O^R+1tLeZbCuzMe%u2bfbAunOGQT@o
zb+1fgn96(#RJS&rSlZGJ&0#oKD4%mq*^!%>(V=HHvH9wzLE|;&uTb_FkeF*C2F_V}
ztJ|1=ia*Oq#dvJuB9m_SFO-bbg(@0(6~BxwilW*JLSPL?z4LF813di#rOQr*3p-K6
zq%s6$onH(sWNf%v3SqIkz}KhCy0s{Z>lT!#21mVC{LNZtm(7%FfvgdlBD%4^y2q}K
zDt<kg_%40zBVQ-xY`$+xL1BEbLsU4&RYcQ{PemMin6Sf=mBcaYaim>^jhsHqoA-C2
zK1v%Nagd{(Pup_XuOY|Y{+;%MBZfI*GZ`d?pE5eH)Np-I^03B}atz-;?c}V7&sn7H
zrAr@;nl!6L47ZD-^E`8oX@FqTo!A09XV(|IQ>W4u>3zNKxHyMOWeu*c{l|-i0Ua&l
z+pZ%D^6%ES+%+5O|G-xo__Ao*IbhynL=woymoWFjYw<5+-+Fd2hb|W$d6rp~S|Mm#
zaJVMQ?$A$&)E3uJ7qXk;8lK*QI$p@n%+spFo_>LARo`*gAgqtZk*h45-T&(uSa$d%
zl?<OaG+g<6hZcjvzv0YhJWb)D;pW2o{P#VH1z9fmqk*@Z`p2>w4xQypv*h(g;*p9I
zSNC!k-#aCjPuTI<&-x}SKC{B=#9Cdtq?4Na-tR0)Y+_dmKADfZ<SllvY3fI<urL}{
z`wRPM?SX#Ms8X|wSFbQ8A=pUWD~snm+wOcliCARRYiW^w<CWQsl;#Mhf3^na!usA=
z2}IkgGFWku_ms1_dJm{Ra-GA*$7CvHh;z`Yi=Ge6?yU<LRPG!#A#V<o8JklfOV2<y
z%x)&Hn~}+?M|!o(H~$o?;Kf6VjHV&12v~i5TAbb=8|#zO63Xsu@p^=6z8$-vKGjJ?
zZ9?=vC~gkyjMI-*2^o!Pz7Q+j-=fyvzP+BIE^IwT)_W;3*$k<xSu=fXOFx(Oz<U$@
z?j42cSL?_IY4lGYrOEsD$#UkjMA9^6%YPk?i+<xI+D3y~w)5%8&k!NkfbRWSN!U?I
z-}Bja!o0DUH?wHxX7p^lkaumo`#86kCT}8osJM8uV)(;|DNpc0+{;2=rR9~06&DQu
zSSY?P{a5P+ykXfb)qwf3M@JCCqk{Yi5#Lx#*5!vTK0xIcVC?)Z18_R@3U@>U?uZ7R
z4*k_sF7T_B;(k_^6%3?tiMu^iH&ND_OkLVl6x7A9OUP32PDKo^WtGGS>7nHGFK$hi
zZ-u|oU|OFXZ^UaCHyPr_S)OAi?FMtoF=<^GSGo(~il=I+xcbMCnwZHCoiYwsX$V~A
zf5#AD%>Y!TrZC|D@`fd8lA#1F2EnH50MBLGiijeq09Jp^KVTAB0@yeTn1Xp=H3pbV
zmH;v`fvIGISd9&)lqG;{9x#<;gPCPD1u(NL0aO4_`+ExiO)#s;fC**^pp2>XDl#kb
zjHIGup82ZDrpNqE#s8abBwK<lzMdX<GnN2uf-S$|{Fm>EBwzBLd{to6`@YKuzV7O`
U#sMn_1x1vApAc9XLjipI4{MD%*8l(j

literal 0
HcmV?d00001

diff --git a/pmd-appexchange/lib/sfca-pmd-apex-0.12.jar b/pmd-appexchange/lib/sfca-pmd-apex-0.12.jar
new file mode 100644
index 0000000000000000000000000000000000000000..cdcecec2d8b46cda633376f8cc9d589ba33e2c78
GIT binary patch
literal 9140
zcma)C1yEgEvgJZ>cXxM!yF+kycXtTx?v~(i0|bJ*yE}y765N8j6X3(le{bI8&CmS4
zb<W+VYOU_Q&)L;gYj-P1gS~+P0fB-7u`^0k2YE5j*V~Ihzg)6nDnj&<a^j3&APWBm
zto8#v#(e=`zg%d41<DG^Ns5apt1!rlU&xM*$Vk&OOu$Ri(|jEruTf%}W?9?b*arQ@
z*$e;AsBd1z#`d;<3;0(I;{Rft4Q))F&Fr0wO@9l=`a9g&)cC!VrHjXJd3e9!IoO)~
zmP`C!xP}g<?tgReoS`DL0|x?P{t{XA|KmXD#f!3~ow<#vn606ujjXA&v!S`Eh?1(P
zxQsG`v5ld#bD0LTH`)yTlV0_ZP4c>yDAZLrnhj`xs-QJA3Gu>Uw;5`UG^>zI*s>&Z
zV+zX$sCp~JLqlyZsyYqrV!m&)#r_bd#r1XdbvOBSZqg?Yc12Ph94req)wqKv1$Znc
zZ5}6nzR#OSDf-^KZ$V0WFF|M&iaHB&VP-&SYnt(^okYx(PR7%~JgGiOhD>U?66I}Q
z;S)Pkm4&4@Xx0~zADNZAI0|KZ#w4&E)`2En!7s!71Rar=c~^6&;LKaKFgcc7Yo-Z!
z!z3F}Y{YE_RVur~Oe`&ZfPqMP6`xNTCeyRBr{D-BvEoR|6F=L7Jtom`kem;{ORt-u
z{XN$)U_pz9T+AAKI@+ee5WBvU`fB26v2sUh-NDvsx14xWlg5mc%E3zdopmEQj-|a^
z@PpQEW8-I96pA|7-0j+-jHXt*#ZbGD?uDFaJF9x26`|C3@q!0a^ACZ_Z_HvGW4=?E
zUT>-Z{FbI9i~04%=rN#VYFxZ7D+ODhOuX^!mbE-32>E7;wI!zpzjM`CN+&eqf3H7~
z{62NVie9h@7ZB2S?;7&Grz~MdG>>$4uAM7A+(n#pogu(kjzWaY`T(q1^Bb2xcV@mp
zPNcdKGT&Q@;09$u>|_$R%c-ragiwp2SPIJzHTkl7<dy4rYE+*eOo}-QH3IWN&CyEQ
z`4=aui|j?VHsBSX<VB4z<%N!}nsl`0s>Q4rdz`?Di>|pgr>|Y5OueF#u4eH~)eAL-
zEJS5#Fh>@G-b4sCwr+fYROBl2BEPy&ZN<S<C={a4kUBVO=1Y~Xv)HS>Vs_k1)=?|5
zNYue-)Iss2_+%#GvbXTju9<hc9#*w9>HAI$%!h?98Dq(&a3(CCvt~3JVP@b5s<qjw
z27PEKi9++Kn)LXK*##FU2F`G_IokCjwLMANM6BehT;bbF&Bol|wloa=5b1V;4dmQo
zzVt-{wb62(U7q7vBJ~LfV(=q&>7g<6c|^sz_-_NSHw9Ss;k9=nGN~sNyty~ZJ_u7X
zD1OT)iGAbo(a!KEoRyl)sv*x^y*hAL&5@b`_0%+LTX`Q>s*UVywZsUP0W%dlq7QX!
z!eTXaN5fjB--C(!tt@h?vqMNEe`_*^srXmxFTg=Dh-xln`w6<8$EK_N0vwXW33hbJ
zq1|bBd0u3@lZ;Mzy9w3H5&9aAfnjfa6~n=b3qDZtjGv84Yt0IU+AQ$4+FJHAA1q@a
zn4K2rMLfC<G!vO;E22y^uy7bkX|=Q)=e6b)-rb@zmP;Rw9>Blf<Y;~$VnxqL&kl=Q
zPcs-ja#Eh3zwAVF-WZvbz&T>!GGslRTC5Ywu)Gaf<*G_GZMM5NoqV4{;Z(E;^r1*M
zFLCLPk2KVwcUY`6)53pD)TLJJ&W0Ks`%-k|VkDGqSP*G_%8kL!)1b-hV8}uM1h3VN
zIzZE@*noE@1*nITCD=2i9mXda<6Vl!U?vbhn4z~gfT79=a5TW-?0t+jKTzr+Xf0K)
zfdt1$3bJid@GXgKSU-ZJ9cdJI%cUpj^A3x2+tAId8A%mQ)B``Ea8EN4{$7Xg$zH3-
z-@}vWsYk-<pK+>(e)55SZj=|ia<e|UmAR{4>ShxofKoW8iWPq)fy443V$cp(s$f}`
znOL@0$h*MwAZ^>&fhkKA&m3YxIrdqch1HnYd{#E={G$Xj`wFAO>=txNliIyl7bF&*
zGL6tS+{S>d%%SpJo!#JM7PCuBB;tCHD74SK?bf8+Mm!dEwx=<62Qb^;{hl=`K&^q0
z5ZOPvkVn-UjgT~+C6+n*kV{)ip6d1uc}8QaZ@9+n7zlr?)Lo-?ALSYK4pz+9A(V&_
zih=jk*gHw`uyoX}4_gc=*h1B<@_moYz(-fR+7!Od)A-x7O~CAvq(RI4B2H%+mZGBs
z!KbfQ-2F0L$k+4Afr2S36;ln8KGF4g50#PcPN{4qn{7ia7v$z!prs8Q)A~E6>i~HD
z<|@3$g_I?2qfsc-pH$Ddyn&h{mMrsX3bvAs^c-X{Pl-5%ij-IPXW#*_x*5~-^?0eX
zy0V<Jx_qfodBQ0OR<6C;RYR@itcVY1Vi?LRL?}2RmAZ8#)B^3J?TI4{&;sq<AA9!h
zO{%$)62+(K1={<~LZayVtXCc8P?~b<>>cS7>uj3cf~Gpse7(cCzD0FLd}<#!Z{)I;
z(eO!LyGD@tNi}6n4leTpB0A5-DMMYLpkZsPzw}7QZC=BqzgdH_EY6O%j26!t-tDRn
z6<>FKmj4<dOL1Xae|90$fD}_^r}{B8ZDJr77&RN8R8SX*@pzloNv`ZHv0i(Sj;d;q
zK1^p79%WJ(Q3E!6Nc_PIXBd5&Ex%FodvCn4EyKP~Kkg>_W3?sKJ@0WzMF@0Me=LqB
zA3NE@Y4Bm52}`Q9)!xL{VeQK^y>9P1hWkl|A81Wh^KA)k9e8eWljI8!JdsHqy;=Ue
z@?TiBaaZ9n3+3FbTw0O|*}}`o7i347D3)N&WNpa9XU`zWrFe0oC=RoFhgc{%H3d&k
z19wdxLq4+q7?cGn(e3n~k+rH>*lGGhWvY|R4bgr=yZk7VcFE|F+wGAEBcEH53F>^E
znzrFp#&jznTsJnENL=Y@b^ei>!vt**O$xK8KE7!8Hi9c6$wZd<=#d>Goab;6Zto_9
zGCE;<@|F|!e1OXUf(Mcv9&cuYO9vr<&_O4_i}TrV;wRA$0h;vH(Yv^)9eJmx54m^p
zT+bd8-iUXnu22g_WNmI8H|(t(6<|xxu;$N-z-QBmyQ9qKVhg+OaYyvxyPs_8=U<^T
zs<x1N6SJ8E)5#&3rf#TqE>$3Y^uJ?@yHFpM!tYNb)fjd3**0W#YFy2^!R5z{ho~gr
zul>edmKo;AzUaVEvDdMUIkWA*x_;vg`xD@I*{B~R^#uM^r@HnG>FaV(asNZsy2sZG
zwy(~zn~zIMn!Q$}Nh`sY;fCzoOo%CKE-qZ9`#Mepv|RV7PluHPsD54g)TgU>T1Gfw
zv{l1NBGV2O&^Ppa(NR<(C%}ACsDWgBz(n(+`T<WMf{=dchtFey@I#q1s&%T6-&g|6
zyecIS*vvI(!>G+UMGzo4TV+v}+<qnudkuE~*saQ(1mkPPzEVml3!Xx^2o7bN7ynFN
zBny)=G12C7uEwpnUms~_y*1P^m8GgQADHX|PXEA5Z~l$qxl^EMuY(t|k@k5fvbNJ(
zWu_HGwM!g4YkXwYbq6nqv;PD7c?!`uA0}6Qu1~-BQ7*Z<iH#zX2wE=^5DUFp`od;u
zGaCU5!H%+dk}oOdtY@%4&}_n{?gYdp(0Tw$PrqvJtfv~eRdVqjYK4T4sibnfU;3_Y
z)-8AZ0V#e}{FETQ9draL6OPd%!$RfGRkw<u=C(Bwf*JbrK_%Lp^ACpf2Z;0y`tY?f
zUPsamcSzkcIk*j7mqGfxQ@zD?v-$Z04P&sZCYT?a0<2!>9V+V`oI9LWjRraEfgz!1
z0?mrtR!HN{Dv~RF?g6CwU8W3mn39|Ja=;=_z{oDulNUk3)cXO4eot@?)ekbtUFHK4
zg6l0FmZxTmU(kABVX;=|V=g%DbamVEs_MBL&EF8dy!Ixa(*cXin?tv)R{y+r^zYeo
zV0L&zQeyjV-*mZieBFHi19WLb_Y;Y`K+OBb3WFH&V*v&-GmNQzKTPHmDo%A3&Q2YX
z;z?l?kuh*sHcYzdLqm&coZ}%(K9KQ%6Yx=&vj_cYX`b80yP40fh4W*g1x}k2YbzSt
zckNB0v-ok#5xYIN?&HLVpF`ciPaJaw7@d7+$(|ZH1HFuo&GfApchK!uPkdIkQ6FMY
z5D8r58Jz>P;lwN*{K{5Y+$-=rAS#N=5+D$#A;eGDtn%5BczFZE2nN<?rmPD1LiT+I
zK9y&&2M+8e=GV=Ho%Rxp7C3`;QR<r2Mbc8>zyE>NoL>TQ>VpAPRJSz_279oiqj1K^
zNpkl$@QwG_2DunUKK2bndZfGYLukRyZKy$74q^NjAb-YuC$<9hX(zT~1NRoEeeCAu
z6mIX?9}j4H=Na3#^DZ{S&5(QfJ2_2AT&CNU<>WeGQj4Kjl&xk-HaO752i}swMNnVX
z4ihGXG=$m4ZB0R}*cjkk3ljDjoD=VAO<{<~e-%0vpfl2|i^s%JH{sueE#o*7jd3Pm
zL$bbE3Sff)g+T+i<cNnNQizsY<E;9ee7E1qjee-+P||%s#lgVv&dg;kzF2T37=M&S
zuJB$gTfwU$Z})s$%(r2YAN}MEyaVl|2!<d3qzJ*6ZRPWu4g!I2p1@V!aNt@4qA;xQ
z4UtlpIfBuep^mhH?=#Wiqg*$BNo-A8s=Csksz&!I+}nuKTsz^xNM+*bXRv=4r!Ug!
zPd)jnVvP-5OwH|`ey{cr{tEn$^6YKTL)IKT2#BQw2ngBV(9UMYhWf8O{XfJdgS)NG
z5uUaEck%O@J6d+`HM(WZyiK&QAY&dylO~M)FstGBU_D5)Tf-Y6Tg*C>)#XQi9cjz?
zqWeNaah!JJ0GN=aw1owaafhia&Z{&7XlTn$SK4c#8X+9T>1JmL)>gw_GdUcuq43Nq
z?KpVaErwH(Ds5~s$y!@Y#kKUnf~uZ--gZN?K@@4_+WJvhXJt~GRcQNYRy>5Ubskit
z(z3C!hS`dNcl9g=fHJQf35#8(PL!4Uc*eL!5!AS_k`qZJh0%aZcZm7#`?lBYV?66>
z*U@$ODbSSHBui%YX;7}EysShWMRNd3bZEr=hj8Qz6}%dgPTlz;kr1r&`La1=jD}C)
zp4f6Bx0T70xF7|{EhX{((8PoT5~na#;e062u%mdcb>d20IvXJlc&_j8jsp$w36tGu
ziE0Ba6jU11BJk2XTrHS6gF13tX5oaPexl_CpRCDmCVMg1Y=&@La1GkqB}M^Y$(3>V
zI;27g@W^B(&@RIJg1?+%c|9i$QyRd0#jFy-!$J8p5iQs)xdxprQT~n$o&_(Iw@L$P
zg>uLrnKL&6YpNNSkUo+xmV3pk#W?0!PvadBB@WuV<%`=uhnX~K*{t?FM!5PQ{gtvi
zL{zE9Nc=HLe8a~pEE$pVBMELR%P}U`6&>~)+~xj!L(O5m^ywRIH$}K)z=IwRKVfy_
zu|iidA)?Z%x&mdTe9U3ul9j2NVG>Sw<Wi6*V6Kt5y!?802fuqbi-Zx97PVJHSp2vQ
zqX7_0itiTD&__4$6<kA^HXFEVDzr5fTz2TcZ6f7e-GhojL2$*AF+Hn(`OWEkW>L9i
z*JFh%#rA1Gg>ir}Wq#d9_dRyg$x++D&*Wtu&7A~-qcovdtb5`XX$?H34*csokHZqs
zHwQ2&%glu17BDc|ZyF1FWWpemNAL|N-u#?1G2}z1I7hB&hsITu78qOwE^1u{FKIug
z29e!n=%~?|3J9&It}^kXiJjs=>IvgfQ9ZZo>5D$C@aw6Qzo&%ob5R($x=;|PoXKkc
zC?$!;sUAyc+SN&j>{cATLID{~VL2LW3B?HjNuO#7h<V`GV7d>g)x%lMgOZ$e_Ad3?
zyd@42#2_?F10s;IAhqoo^U;-;=CJwqOWsViSGmf(+e$~qHWWc(M8p;<MKpPDsus;=
z32pke1dLd`&_@B__ndyd_2@K4%~>QME3yAA=Pe8T<4&2RRt^ZaU>ZdtZzv6OwlKf{
zEKzO_t+B%tJqew~rMA5L95C)EH`X?mmwkQi89?#P>ne(bxKHb=?{rjjNttFja|tRc
z{}&rH!PF{<d185@;4sP2{B>cfP^vLu^kCVxK0qag!+aOG_Jz058{_X=Vi||l!-YpX
zL61&|8bATpA12wVyTVpgrKE@?1Y;M#)gpWlPsgAOCLGA)#U#`9Q^;1*l@%amgt?qv
zjNE~`1pSBHe8{KC%}1cZq5HYmp^*E@a;3>nS4R>rs=n$xc2yO_`3ZLu-t>S`Ok)h@
zfWk72?}&6{HU5YKNaqcbJ@4O62>JHFuhF-kww*>rOBcW!#Oj>hN)t{qs6ib)=!DYp
z4(XKV(116;l{P{Yp1duz<%lwd_mg-hjN(sKfF*H@iBYa$*#1xx7R4Hg!R^-fWaFki
zu+y~6ZT$%^GhLv**>$A;djaLqBg|VO&X3t5wwh^icWtmE!p;wslH*edu0ZG5i^amW
zXz?-&xw!Ok?=UrZ=P7J5{aZxdUPH{`$U{Jgw~I1x3S%?LeMWQSI8nR+KFJm(E}Q-$
zJ0y``gqQe(|H#@~2;AUBFZ`!LD_yGY+h~-2eMUUN$zU9kj@#*{x!LVjlXytI+<QP9
z>0P&YA?F|$Lv<W@z1{QAgfISVTx}50%)FJ{_NsYbLB`)j_$=;fC{e9BHUNVh%7Z6w
z9Tr{PNAUA<4kfsJ2ns@FLK0b0t}OROu-4jtnDByFV;&u^?|G!mhrx$$2@H4Z&-{c_
z_IOjBkYlv@7T^Ep3X2`!lzI+~X<}*vg^ymK^hq6-PTMcNbK^>KrZ%?e;EE69Q#Kq9
z@qFFK<9wR1xA|5l2^3mQ#n^>HP4AHJ&Pkh-uW36ElnFP)Wwn+DTz5cO4%8un^d;rn
zJ&r2_wFL62qS)82Z7^UM&+If2X<HHtl|t1}RFK5Xgu=nG5xP9nFFkNpI(Bq<dnJud
zQvoL5Ed2~}LdMuRo4}#j5z72qZf6!yZi&-o)**-06$khs-RoT-S$!F$ues&61I!do
zN_M2_9?@XopSK1XWT|>7fcFe?CLgPRB6rDZ&SFG|!KVi&@&(Kblk>j`eJfFKQ9}mM
zF+`CuBC;kbh$PJ^l5tJ?^eLx0K4X~s4KcoMxD1jI$6KyLR~~FaBr4*N@B!7s!&r!f
z3OJkrB3Xg~&OpT+mYUOumh$yNlOH|0YpD1nuC(@N5MZ!f*=wWUY~Ca8KbL#YXEY+@
zQVnGm1LV(qgV$J@o$IUWn(i2_FCb~Zk(8rJ60@-p4EHYKi`kqEq7KEfnH%C@pJ|5Q
zt^2=KKa>nxtvavR$q`gDdLpRT-VNbN_5?z5VcQ?Y(1U>vY#og{mbSWFD<IN5nS3Z?
zhicGaG}cn|ginj!DgnugMGenB8MJ4~KIaP_T#C#x*~1auYL@7t|EMqCe5vIp0N{T^
z53H)7jt@w_pfw1#N%hk%+s+1n3VdmBnJq6j&jDp@wXpuE=5OQUKm4O$_Q&#-A1JMJ
zA(f@dT+WzQg=`g>vr}vuDCX|Fcv%tx;kSs6U~5Qt7NK_N;g~mp-%v=<uIE2B@}$S#
ziyTDkx_@#mNJ)0?a-LbeG%$iMm2$PwN!IUefi|7qMDov0IaBdrHP;anEINbQE8^;t
zDL94Iz`vhtFO^Xx;V8aK)<kTg$=03$9o4mE&G^Q{7?1!#0@$&iu$*^==4a5)1RkaM
z*UF`vf8x>IU6-!k13pc2Qxh9Cq??!7L3bMV@CS!}*~)BF&8x%t7X1CLAb^xsxPJ!k
z@fkSf*pBJ#AL&)W?F-Efl=+C8J(7VmFo!zUp5Cdy`eu+Bch_hcHEy`H`_|`p4jv5F
zXFtRU0TI_@EYYbmH?0(;B+i~LhymvvwZ)g!d{)><oq)LqfO({DNKEtWDN92wJ6b#v
z?&<w>)jp3GCfJHABLu5uOWV%E-BVXWTVsPRd`I4pZAkTJA}C1^6~y<ZxcMjOMJK(}
zjvB%FB|)Ey*jvA7Jc(MK<29hB?!M(ULG*00K5X|A2I86XZHnVT{kTECudcHhO!ye_
z!Cy1NR9I^sO$7RJ$PtGD;V$6A{`=#c(2}vGjZ3W*`B@a8HcRvE_G7w8*rOet75%m~
z6=PNVl@3XqtVJj#rCT{(F2_V(mZ(iUskm-apihe0L?iq5Sqw3D&RevdVh^j9nY>df
zO;vGa{NYcaK|}HK8o{BSQ1bqA_XHP|Jk)BaKJf7>ZSAdf>qCqd<v-_>#Tgg?F4^f7
zsdtCTp%IzPtsLJD=a*gCiL-J!<9o)IX15wR;0FL+5~E*1uJ1Sbvb%gm#&5Q#1?^H=
z^ihe?pr_VwI?SND@GGFQk6Jtvpu3(Z)G>z-HSY*wxg6%vAgkG!qOsB$FfbVx5GLk0
z!YAh;QezHsEU6W=znVuvrBR`)A>0W`;099|1cJ!~n(wpFT*>Fp@v^nSmyLktJG-m~
z=Ey~>tflDsJEcCg*H7!!@ku>OTleO$d0=dpIFy>t!CuB04iAg%4%tK(VIjy`QW=BY
zVrRIWgf9z;_C~}xCHmrU7gzMrir1thk`cp62yf|#Xh?-4;uV(NBCAdF81vgC%UG4o
zJRgmaz?c%6|1d_nvX4MPrxBDR#!b(Qu!?V96yO)07%`yT+{=uff2@6;)=$82<Y8m&
zqqTfQGsomy4x<D0O~Redjg2?~KhH?{DQLX`-iki+(A|-}#!4yRd^eCkj=w*bAcHRT
zz{QdZvopbq=Bt*bexP3N4}2?j8Vv7e^jSY1GD*w%blyM)6~aApuwJABO)2PWe6Z)$
z`6e7H=Xe=b_K~oF@vN(}e3Xr@>Ri;s)=zi9v0gp}twj$rh3%w>XnTv`8sky_S&%)p
z-$O><GogB@bl~Pe-O8MGTZ!I*&${LzqjTAu69n+YNbYvMI38o=P|b|OXq@0!y;1S|
zZmq13Pwm`_-}LqpNl{|(H-wpYeIXo91=M`DL}R+SwxW7=pT*qFugWxIp4M7w{3t%P
z{$S<Mmw&weQrIrw0)JJSj0jHJ5n;)C+DWeMIBNWG`Qvln4j*BAZzwF3sFC2v$(_vV
z$cH(_nrDtc0!jXD@Qi{shfs1M#teq*>SOI#k`zwml%Bn<Ha-U+7*|*K7a4P3!lukY
z0OK5T%M7o8wVS|=7A0hX`PeLf>{RtgGzGO9&;32v$LMrw)i@a^-%chvFA^;M!~FGd
zw7MPz9>jKfmYe3$(HX3Tmp!sfkRw+Oj{h}(ncIr3<;@R4WIV(~sGW?n9`F{7H4Bps
zR7mrJ0nrbdMCG(~Iqm*L9z&U%;H$!eLnSl-`jH*|3xJuOx8)>~6D-x4d8?Pgca3*x
zm&|GLG86}OwC6k?bh_s;yVqteRD1l`EnLOoV<5gP(BtA~)kJy}-@{OKh^8sm9LiY<
zdkldDQ0Lm_rCEp14K?OJ5r3~Yo!-CHB~4wN|5o685siNe(^tLuC-6V&O%L@_Ih>bj
ztlf)-#s3@nRd4<;|5a$#sY%*zFro1`bdZekISwx&5fNj+qgY@qMXu0|_>v`~@Kk4k
zUK|V{)Ef12(}hVyT-f@0csNO`b755m<bl_U@E*PggDaivE)QDR(Zwo_)Jb<u)zoH3
zrhz5ERkehG%~uX5*QiYris6j-K%djZypd6>!?3v>H;=49DycUyU=pnf0Ui^~nk)qo
zYbrW59cA2Ch%TjfjP0Jy<&U-xD}h5sEZNG;d&nzL$BFetY|oY(@@84M1!=%Nf&{WO
zT2*YifEm1uh6Rv8eY~b@HL7GuAVzS&2L>PIy6XyBG-)j=twCI4@bQ+%sNS`T7Nc2^
zL)4tvVqR!GWDEiv{SFt+^q6FcZPv1+Mv`(Ll|ZRncfE$1B>66+NDU+PxqqT%iNDjw
zILl>md?5>gA1_cXwxo}6Est4nx;qVfb3Rw^n=k{KWS4KnO7fl7-1EW6K;8N}_t#Dh
zH!cLQ)xzRx&d+w3dq*?e<vv7FDfg0W=8-LvM)BerXV4~F`yR$0l_wu0D@Rg99(&}L
zIP$3DJ-&#00~L8T@;JOs5C?ASB~m;xkMK}sg)npNSmEjq?36V9Yj3iu26W0(i4e1J
z)MX=&UC=hiP_eHF`AMGYzRUltXHYG+OoJA`2$+@H)bAK*=;JPJI^!>H`n(kfCQq+X
z)w)s12YvUcILy2!M#?9clN@rTZdyth-!^6Wp4-m__zbEb4FE+0`@d`aubUDC1PSCw
z==J~4ivO>)Un~Bv;8)8FpnkdkN&8Fv|5p#M=s%hZUd#OdwAa9{FT>ZO|L+*DMgM==
zD<l17_{#W83&8KluPp%ov{&-b%kUTSA7?hdox*EFz(4KP3jpwcdwFdS_}zS7+XMdP
ziSNI7`bT#7)!nbn0)IHn3-JB_xD)#CtpmSCe2wtO_j^57`=`CWivE{m_U9qn?`W?{
z?_ac&ztaBWB7Z${`-7bqfd8@|{tWpK?teaj``v8*eG%+0Irh(l{5#seFGByXwEwt>
hU-S6C77_C|?k`zgK^h$56^`)oYXt)V*&uv<`XAdczL)?2

literal 0
HcmV?d00001

diff --git a/pmd-appexchange/lib/sfca-pmd-html-0.12.jar b/pmd-appexchange/lib/sfca-pmd-html-0.12.jar
new file mode 100644
index 0000000000000000000000000000000000000000..a52419d76cae3d218a95bed515ca3a099792865c
GIT binary patch
literal 1946
zcmWIWW@h1HVBp|j$V-|O&Hw~VAOZ+Df!NnI#8KDN&rP41Apk|;rh2A#(m(~0KrDi+
z(AUw=)6F$FM9<glv+tSHKHj=|7kRyPwa%S6zd6X@it&S|kDfB283xpkVrz0@Nosn2
zQ6+}0$O`#@9Js=alH42&)vgA|Py7b@Mwg9&K?Or~aawX>JV;-BacXjDQD#Y{UPW$B
z@07d#w+#di%%8pg(Fx{T7lg_`Tx-qZFyrOi(%ID35|H|6@y2KUXUb-My8nL868Rp^
zYtya1*Y3C8UC`^)&&YGVV$QjJ^X47!jIEEHDr(N%A~~&h@<Yyb1)3Xu6PHf?csx_o
z$u@D#HKp&{3RUf*wja2Ykl^f6HlzRZ#|H+Hl{*WwZky%z7ZoM6KmO=mR$XbRt$oF2
z@-g;2FBN@#^?kx|Hzu)Xp8fy4CF8~aM9sIi3hFH6&maGJs=H)X4_D*9l1+V?%kmX9
zZmcu4e4i@$)5I=fZtNeMy-$`seD&sc>NM9}pB=5gFKMy5MoR5FaAQH3X2zF&zxRCP
zSf#6e=+)!D_j`Hgmps2Zf8o@HO_Quy@>s5%W7A>&z}heJu*}SRVaT1!8#*o+^G)<V
zGwb-HPq*c5Lc&YD7{eLoK74h@=9cvGswWdu3Sw4qS$=%NGU3pa8PmgzP1bBtTfpg~
zSl*VYt(5dk+4PK;s^{~i2Yem~O<h~M<*LyMR{kaB*Q)hjni!aNTTBdOV)*hs$0*Qk
z|7Z6H7b;2wjICFTa7|d2$K=8Pr?G;ayT$8T?;;riEfytSet(C>{hDzHe=)Y1JV|w6
z^SY$Lcx6sU;%<vO!EQ`EHY{=fPCb;qbjdAQ>wse6LbbpNfh#IrWWVK>N&3BtJ1eJw
zU21;NHr2=5oW8$0qG@G1;kZJ5{zJBiw@Z3&TiI&ec(!Npanb8r4{5wgnIKYKzC2z1
zx_bHDbioN<T5@}5yEy4xU+q$Ui1mZlkDQaS%Z%UUBp-=cJfZiUsEgm@m<P)FA|JEo
zY}dQ{W$HKGrNLQ_ddqDmHRWC|Yx*1Kw>eIG!6TDcflEhC?;D+cXyvEX*Zkwk7Qabh
z3z}KJf4_WjTj{pTzs07ny~x^G=e^`|PKf{Ex3P;pAF*mx4d<=B96Wi`_Bmmuch}}E
zG*4@Oy5hy7FRKDK8M7YaduJzqN3-gCh}hvh)%A1uzFc~@?zwcw_wSzfAD{k^qy8_i
zH7EAbvTrHwRt+96p1!(wDl=%!{WF=L*ikb$a#jPC1VyDesl}-!#TdB^Ss^G-!WCl8
zleVwj)!zVBonT~Oki}39%9Bw2;LJGTY+j3kh}-qK%NM-)x$>^0=}e!?Q<r(hZn1Wj
zknv>U5nufITkEyVw8UBOIKIz$|2XJJWyk`iO@~$pZC}4!Icw^iy?o(c{uv+6FkRd#
z#INXMnLODtxM1`2RptK{tq5(*HPl%==acV=@C*AdZPF>JTo#xh`P~1_=9STw8p<8p
z1X`wQMJ*`)v2V>>5l8Fa|NW*o+)&)QyD|3K$G*#==XO}xh@`V#daZdiWOudr8@bM7
z%8G(>6fK-z^#?1z(K$AKd)ovPU)>X{_Z|88_SK_5Q+W^e@KkB;DtVQlz2IZ@jXa^W
zdbPVhJ9YAAhqmhncr!AIFyk(XLBY(xAi(g}5k$kwWpr)m<uXVy2rOyT1d?!VNToEo
z2_V(TRRD+&vA7IK!%JLz+Ca$w0zmGa4`jl%ffEI~Ui5+*rh7@_Sq#0{i*0lhK_+1L
w1Q!cZ62+$t)f2|Z+OT>8J!K<2k%*xeEu9B=vjVFqU?mKMe}EaIgB8RB0I(IfG5`Po

literal 0
HcmV?d00001

diff --git a/pmd-appexchange/lib/sfca-pmd-javascript-0.12.jar b/pmd-appexchange/lib/sfca-pmd-javascript-0.12.jar
new file mode 100644
index 0000000000000000000000000000000000000000..298093c61ee6a6599c00a8c9abcb67135711c0a7
GIT binary patch
literal 1873
zcmWIWW@h1HVBp|j$V-|O&Hw~VAOZ+Df!NnI#8KDN&rP41Apk|;rh2A#(m(~0KrDi+
z(AUw=)6F$FM9<glv+tSHKHj=|7kRyPwa%S6zd6X@it&S|kDfB283xpkVrz0@Nosn2
zQ6+}0$O=KW!WE__=Oz{>7iAWdVCebd;8K(e^iwV?1A_q$J;iCsiSY<C;)_$0ON%l~
zD)lOIbLNJ;&%SLS@K@%)=qmg3LD%ZI^CDiDX`J46Nq&t$Q{WTtHHzMDlO8|Wf8TTC
z<t0-}&m`!~f4BE}b$L-<G%KIY#XW7WzdU?>w&%>OXQ%x_V)7eo8Zy>?sV?G==8W|!
z+j{Ap)!IGzYCWc<o^vzTHf-G}y+F$5wd74z*~^9eGv3UxY1*}J@m*0@hTSs#_M4u+
z|I8lfc-DC3+~-jYi{{MPAu&h#;9iqo_f0)LO7c^@j8(*@AKf8wd9L>5OrulY1&2<l
zo$$H8Ss{J-O^$shjE-zMH`{9V|6Q74Z?jsJS`A8*Wu~-l*G-A^;C-d<x1ZUw)9LTD
zd;@8hv;2!RS03Cc;iA&0o8hnZ?!>7dU0+;UUQgmlQQ2}`y68d6T=vyFcU{f?oO1Qx
z)r7FlkW(fJD<69__HiyaanMUyraMJytC4E>wA-~D+fCV$iX}3ZSqbJz*`E~cHRZj3
z<n9!Xqq2Uy+g`0vT<EyaL#k)t`SLsA-*<4?N~*R9)Xe#+cH~3Vnk9!neTmA8k{0c2
zeLr!pd8@W-4eOG}za#2cZEJoMCG~!k@A%?U&|ChR@2q3i(k0GO?kD>{JNSQO>fpNe
z!gqaFrJPBGxXJZPOuQ4WI~T86xA9WT!&z}p-|Vov&9D1WD5j&Y>gNWTZQuSn<OUj7
z?R~oHXt@oSW;Oqo><gbVz8kJRFY|Qb^9`n6ll~+Xey;px5v|hmH|8(f!{<WkovU4o
zD)zpf8Cj6?@#VHY<6GZVV>h)$e@Qp0ocfpd+uV&$9n2m)+Mp*q=kfka{Ko(G|2eG^
zskeOb_EYKVU*}t$VB_w;r>1^!Um&O4w;$_gs{Q<Mex_PIfqYR^nv+_bT2hRW#?kWy
zTp=P&W9X?XX6*P1)cA#wfk7EaW77l57f^9fR_L9uG4HT~K-=?YnlWVuO3hDi6mfm^
zMDOc`JdVf3O(F*#Ih5Vox1;bD&%{|1AOHUEUp}>8-GO7~RJLtPYHz>aBo^|;YR=~V
z)AA?NiZ|_0JuYx;(&vj`cw)bBu|4NMpu@87+J~m6I`Pa;dw!Xl_zKUCi{$#CbUyya
z_3F#3lqEd39#vS|G{q_Q(fJL9UTkmQJU*Ah_>phrT~U$N6Rzjd-gxe<Tvg@p^y`j{
zSG%jj|A={Zrh5rX7+N^bKEL-x(sk7!jdZv63*8Tt19mOwHu`Lk;~B-mcW%C=hO&OC
z47=*l`_T`w(q88Msb_u2uaT!EzHe9D!h1E$0p5&EBFwmpNKn`_FbFWbbp+Ay0ux;u
zdVvX23<66UHGw2t8&dI!ZURU(a@h>xLo6->((s}XpEgjL2>~GY&IdB#+K^HTx(Vnd
zD9nr{jhAtlfUi77Hyvaec5n4DBc)1w+EBf<9a$S5Z=q)ZgtuPfFaa$)1bDNufi!Ud
Op%l;yiohC%fdK%`+>E#Y

literal 0
HcmV?d00001

diff --git a/pmd-appexchange/lib/sfca-pmd-visualforce-0.12.jar b/pmd-appexchange/lib/sfca-pmd-visualforce-0.12.jar
new file mode 100644
index 0000000000000000000000000000000000000000..8efa54a4fa9ac7610ba73cacf2b919118635d35c
GIT binary patch
literal 7568
zcmbVR1yEdBvxdQf1$PUO1b25If(;JA861KS?!HKn0D(YocXuaPa0rAT!3jFJOW;B6
zzq{G&zWlFVPu)9bs=lwg=ghf1UHvJ^!NH@zz&v^cV`~(v33G3Nhugg&-(Lz+YGO<>
zARr4IjMCqLRla~dl6wHr{e}A@P(chN1C&x#V^#njD+~?F%P}#JqsuYTj|`1gtFTUT
zEPY$~2KdR@J^#<B@b_zDJDYz5{1Jok9}EO+Z3;27b2K*nC7ke|aEPg~v!kVx`!9K<
zzu?*1nEaAU@n5(uX8)ikBP2y{A;G|`-G4pF|4x^Mfb5)PY*n4WPL{?hrVu;l`+a!f
zWMi#r>}YB4#B6L0hCp&PcOkg0WOp|opLx2@tbGsz{H7$95rkPal_1JO7aI~7q`xQ5
zjEp;*_kQsCjJ@Lge4r#<?bNI`g;h_!As!yr=PmhC4t=RU&}lHoS!onU6w3{g*GBVW
zOp*5am}WsG+g^hD>+jy@*Ebi<82dN3-Z0Tinqt<Xk%07Y?MY+{zOHeo*SIW6ocpVR
zF_al(rtFQpnuxe$^&vv-(T3fZ9<xNLq$|o9WphJGBg+2CQ{S^uZU9Ikpb%RDZAGhw
z(S9=(%Rxq7F?i*2QT1^@pnvw3mqzvJYj7NojYZuXX6-zV4HU{dI)OK?R}eaB*P)Y`
z<w80+oaq8Z`4@v8`OX|XR<q9?-s`M#TuIGyWbtIrxg^%q%4D>n=y;O$vG+wpVFd+L
zgey!lVy1CIa9StK%s#L?_V+J00*os?$%M%BHs293+0KGAg|sWAIyLaHtZ^)KFSR=C
z_(O69+~qQIYh#;zkrk2WDkVDM=!L^lYfPBJ{Mbw9kd3DtCLBSIUa~#5P^^P*x+m++
zReCycs~o`DEflICBz33+!!vmzkoYKZv5YDj&^A2BhBqTauSZN~z9v~TW1+wAI1#N_
zvmRZ9Q`<<#vi~e5d~^wXL^z6f`g&gE?VwIb4z`7@Ua{pJpU7imYi&?hK^h(LEbDyC
z8M%f7d^C!+7U%_)2zc6D-uw!hu_uoT)l%HtuDKY0b}&XyRw-{?XGm0MvkuWlm=*!A
zkwQLkG9pAHTbq8f;J7MzGXd&1x8}CNCB;S@j~p%HeJ;SDmSOap^ZPc|p<6Z+GQqMe
z%{(Qx-IsMsLo&MZJ;*60HH5xIF}Kb~IT`Iu+zcedk`!r5Sc&~ds!qNd=|<Yv)=O_P
zFT&PhC;|cgLasWppD+qvfZx6Rgt1)$A+Aa6u~+O-DSj=CPFgzB;i&YTm!YD%FPYw~
z@Z;1}v@0exFKLInVD6G7-l(Cq>F)4M)Em<Sv<QVUsMN^Nt3Z7ylf)?d1V5g7UR{ZE
zzA{LU7zYInFV2w7PFouLczvBSu3387vHKmMd5@&bLw*%mgdH%KPnK^e&Batq0F5g2
z@}W20M3~r%QB^(zfu!`$Kw~aWgAT=Cqc?czr_2w#@G-sc5V$S842-P#`8oNVHq^Wx
zrxPggu}Tkn0TXReNiFqs?9@%XL~z=+OxWGo$w^2yiR2?s(axePt9a9=fWVAQp7d-~
zzCIhyvrYaI<GwiRXq?3G^PH<t!(qD<E9a6sH%7LvzF8vNlBE)rYK|5;JavGbom_Qj
zQ$rF5b`P`xjJ~t#Xb`-5S(8TenMpM*F-F*Y)+8sY=dOKMqR)!OgTXxKbU{qV4&9|R
z@`^ul)EnHq=6L0Pon?9Y6ldB@4cE2NRnSAswZ3PctMcPKbPd&&Bx`7>Sd8oOTOyNK
zx<VCk)$xHC4$JvS(rWN5^{bc_(o)(6ICEZ+78RhnMtp1Hts2m{ae@z_F)E>Gv>dYM
zIcU3M()R8>?W>Yaw0%`8zFWL>FBLygX|7(T{ddfbujlDY2MX~_*WZtkd7IiXC5C1-
z6K@&~4rp(XnHDZ!l+q{f(evL}BwEK5T~0w>hFjQcF8S%(D=1e~82NdE?Avm6lW62E
zchjzG^nP3GWB%C8xYWh1+k1@J@L>W`cj+=X9OA#hqLzZ>=2N+nvZnZPjy2uj={nmv
z+GKqz(m1|`?4y<)?6z)mYO9N{V!0Sf-<iF_Xg*W-4PLM>0?L=v731wvCP~6PwnTZ=
zKJ<2XzPG>+y`pM+e-YHt((oix4?yt*w={Axp`t$M`*_m}y@u={MFWZX4=W;6wae17
zo3H8Nv#<|XGAM~d;bnQ7DlYUD%ro*h2oDz}qdT}-NDjYz?LI`uogpZVo=mi-F9J>;
z_%W3GE5(ip;w}QbxKh!F(T`Q+#8lF5VW`J}Sm;v3UFNcG?8MrlytBBLS$T^~x)(Fp
zz0{fQO0pk6b4UA?b5!_QJXM?8id|Hs5rXiIO2$8HMxq+fBbwl0>!KaMI0(kB`m%Qu
zsni*KEBld(Q?c+AEG_QpBe$6qQLNK&oKVg&P1=Cy3$Z8ftaBlnm<blJtGP=?h5`Zk
zmtIKiT@)8*jdb1=#OWAEW$hTAmFf9#Zn(QQx2#4tgYipSoR1H!oCwX`&jq7t_bK(p
zWE}iIb4G|w&0)5I!e6zN>C${wJj7k-otWeV>LJz&MTi)Y`mQsrO2{v#uifxCUSQN;
z`zm7w2()4)On3Lp2k>DnXDviBtYGTn!?{Uqx~a=AbFl?}k;1nNmup}yTT)z+l8t|M
z;mSFofoIV9>V&$p>YAQXgz0GYRSl!)E;{q1WU9>tqCO301jX|Epl!>$^8-Xr@m!?D
zLnhs4r*rQ*>kr8iZUkyBn&Szwgrr|w3i5Hj={`sPye!CcdLsLA;`;S;|8|3HYtyt?
zlI9GfXHVP(?1D*tC1pagl(<L^-iP3_)xM!vD&|$1c$F?%fOKK!F|@bJoTs3(dJFLm
z)9uQRaVOD0h)9I`bd+w@VA_#{5`hV&ZV}i_wOj{An6JmOuVjiCvIz{x07!MR2+Bqe
zT{8y-2&efa8?WF4jIeaZ)eztes09P|_j-G0b*7~SO&QraPbmgR!yu@wk_8lC3Bxzw
z0zD}VueGS6`mb9jgLklh@6O&o!N5JdZzbyQTM6m^XDcCNYi#XoV*2-PVh)0{fp_O!
z2YtJCihuwINDh(f;O>>ppj2Cb9`pnN7KpXhm0c;xt!<H<qHks}`joR3oU^vT*(#Y+
zza=q0QbWd{N^flTX_<~g!Qd)pOEuqnTV$->4CefNmsqC_^Xpci%P61c$bQPc*G9_z
z1dXfh4RS}~!SNH~v4W2LEaYLpo7g=`>uRHKC&&}@n{STPgjFVGgFohmg{sqSznQ*o
zDYQq3l3v8&SqPiNqiuwW8f%`10@_7KH^3HkIANw$VOheti78J4ER-{fETrCxGMa;=
ztV;{#IES{dbVk(~yBeWXV;40-hW!01z2l_RiBm!p{VHWI`*)I3OykM?owbEos3R1u
zfR^1A=mS%(xy)9HoGhVk%GJBKdsrg;@Z#E9=~2YwLA&DcnNM<7U`q&;P?|V06t=Ll
znjcfIz62JIQFJ3(t5wKI5xz&@Phe2W5z!nEcd1fhXA&x#k=%xABTstkcWU@AaG5Z#
zkD0WrY_g9ase55zI1u3g=_t}U!`<ar&_O0FiCY$Z^u=dS@%m_iDj~Zk^@aj2w9|zv
zU?{eQ&eeU3!rPR~m-nn9vv`4@kA+5@pb77!U^-AASfvtdnKB85^`3QzSZk@-RK@C~
z2DHU8=qJy29!7YKfL-dJJXLKmFwJ%3(I(|E6)x9dkM<$Ov}nq~V|a>zB3KcVh(#A+
z62<_VMStb+!f;hQ1W|tPgs&@!l<ZTAjDKqJZr_pMWhaWSQ&O}f8=GF8(;WAZN=}sg
zy4GxOP^Jz_6teY-29Vim!h_CHTNr18uNA7q7MjglM#W50-YVbsm_gv&I$<|=FjA&~
zmkv@y=weg^)lI0PQG4o;9A;uVpe<V#%Zotg-}<T`w?{OPHxL#tkbT%koF=~pfOGxy
z+LJexpYPonH8tk6d;M0<ZACa%N_PB}1Tktftk6(oOTO`zx>-7`kEsnT^YhQq<tT!<
z)hKv;JkXEZmyeBbl@SzCt()y|ncPs|d@KMuG-UbK($sJ0O0CcF<g1k?YpcNL{SHr2
zS@Wq_NCYhelD{?dtoFg{7&+sJywnINj{u-!wMBd_Z)*!pae0RKd;mb-HyH}X=hAuv
zKx)>oT_whz5&94nf&L8G7Ylbdc@QS~JPq{NlulP`0#NEu-HjJdTJJT(k&lR^n2T*}
zZY+^hIj!XQT4&hjr4+x5k^Kd)X_6Y_F+76Ih*mjsZ!8Tq+{{|P36(;J6BWlh@+g{w
z7v2sb11O3_&%86(xyp33Y;?)VGUJmb!l{!@U-;;6LY|}RJW0E19}V!~d(r~;WZrq-
zq>MNIO4GK7UZEGfl}h0F$*rr(_;M0+y5!4nXb=DC2|{8spL6+^=nkllagpg#$~f)Q
zE3M%y|F0fYpQ)YHN~oBSN}H2bZ3)i~P%?Q(X$Nc}=EG2x*IZJS4IYhYSJsRt>@-m}
z-_~D!DtGAhklxEfu2vaf@hEvku&-)HdFPz&g)N$4$JEI*bnN4f-Kai$-HwY=dX${a
zWK$n}rNl{)wlh~zGv>}eN^osFNWVTt>~Z@jGrDx%w)V4ZsK$8-U-8>{CEOd6{_j0H
z@HG0pJ%W}WEnFAdH?E$-*NN#fbTWK16GTD<a5o~>#JO%?n19sVc1yj<<@X7_Id=9+
z7NKM*@&c(kPJi=HNW-A?5SK;wUu+IfytI~}PM=%udK^-X$`Ye0<m`pca>R6i-L@xo
zS*GksCe@BwyI%;_Lr?uOHtFfDXd#DgKsYTBVFOS$nC6L?2dF!!t9T;V8p+kreO2qq
z=7L6W|Mp%Yx-oB<1LBLy6HH#dJg6Mp4VJkuA0tK&g5&BoTNkz##Iz8^M7uV35MLtp
zAv)t3Sy6+d9F^4hz{HgjSp??dTwAG)m5nPBKOFA(;+9ccT}$5@pKEsZ9GGoGHA`-b
znp(arUgM3}X(8PZnD$|pVxnpOR7I-8^$BaBMT7TvVzG;efi4zP*ML`rdDnoRU%nYz
z?<DKW7zfvDgXUull_oiF*&@***^db^l!XF3GD158$>w`EotlY$HmI8<0&wckO*D-|
zL&b9Wy-BnwSH!YT7Sqn=Dgn^G^WLeYZU>>A3dOSVO_E)D^L4r*MY>STmrvYKDVnPa
zis%ZHvt``Ei57e_`_MWzZHf@!ATnv7|0?Z~tl0{@187;@sx25-xI^nE{5*ScMMhT|
zpNCaGdSmk#&>FSE!W-SbVtErM^_^wyz;1!?7EX`0g{DMWEXbW`8buWv!1Q<pfh~wY
ziku}Z!c9wlIh=O2s3G7>&zze?OSEeb%R$-&*DbA2V6skQx+4Nn*}AD$;Q1|T$&_8}
z%4u-B-SXTc)_~`U+Zp@hx}6L;`aKwzp22u`_zRt`)3WrM%S-h7t0HA2gnc`1ftQz|
zd~R`WyRUbjI5TOJ;!CwC6cL5+a_?)Zq%CIg%6EU+{DQ0Om8gb!-Sey^VxR5t*|=A<
z%(jr1!5LX01#23jQ#iekWIV7%F_`*fskEf2qKaO~jZK}8Q}FIH!rf8vZ<Nhva7H&|
z?`LhZ6*^rI^y<fp4I={3wGgE3sF!5xN0%LH=pWJFAO7iylgXC-03GKL(lIyrui~OZ
zU>yD_!;UYsS_j@Wjip=oE~=o{eCv7NAiMrLp>dib5?y;8q{m}5@)Q?CWDX+E`Lm<9
zsDJM&?i-0e$21SaA!D$UskxowuZJjTKLY<{>TyfBE;4sN^y$KcfqC*17Gh=$HgGXB
z_+whb>}F%VtEp@^$BpSz=Zj#BtA{$ImVoAIPikx%XZyIRE;O!G6!TGuQ{A*u4p618
zI`hukHGXXX6p)9GvIh34cy_ecyy|+Mnw!al$9o_jLHgKpLX)M>S{Jvk_$iLZV`~%{
z%iMOe{EC<gXr+2tjR4eifgq5U{wQ8Rbr#;Ncf|kIfpR3_?x9|rjsThls4O*M@R`9L
z#3}U5#nm@_;qK5Q*(4^SZE^%P6~=>)&mMeOD-)CmToiduE#VrG%NYr7A=vM2_WJf|
zp<s?EZwZ?L6@}vp8=<SfCUQjJyYN-~$om#w_Q*v-3PmTu(|69;>Edri1<{$m3%e^}
zrz5wgn@7_P<>5k{w1+$xkv2XI_s3hVCb3fm#}AkEC!szXntBu^Gn_{6tCaiQX%FKa
z!7;g9y#33;?zOMTYY1Ahe$7`cDVsV&7hzr9&zoe6`?p=wi=VT-bg$4Z2un+X6c>qO
z-7TOLvSV73kY`JUjg!|z<31|R{+grq)`C)xPOT!`JQwul$!_rM*MbrJ@=@UFjuVmb
zMYVDtGj`lN+;@ZWg(_#T#8E-botQL1y8~rlR0ec5_E{3(&d!u@iKISlMlPscBBCob
zB2jv^`cSHYOrv0EX076Ue<UtM^7e2a8+w|r&uP?&>52Z*ma&5P6I-?xSOHc;ulkdW
zP`lPV8Y3DlR)9r=A{aLOrmj&@VTEeB@`Ti>-O0=DjzCSJfWP}AVQ=V0uDt)ol9bb6
z@07MtB&0HqyjXQSe?#!to#&~OJD>K1$}wK;qn#}B0Q!BF+%S+@(uaBmE4Zc157-DL
zh*jcFTq|%vwQuKAXRng4ZeO1=9mtmzSu~WiRR+0(!T5tNFX<Puzo=tsJn;==ufr?~
zx-)e#Ncw(R<Xa}S#bI(s@nZFpn6+7@1fF573Gtna7q?Ivh{kSFK57qtPP6kXT_ZPq
z0_?k_O5%Y28fJNtt(oK6=>s;y)zLIbAec9IaIqanSfHo4s9c~M<CC9=IZG6xbxPh-
zE;T}AbWKY!8SiiJc%Zw4)keNVo?NPCTTQ7QUAx<c%Mg<f&<twpJUM&(mbcS9JJ|{<
zBfVC1WqP|HAMq~^t&M>1td#1dyU!YA<<xPTtn12l0+>5gWLts23(?@J%Yca@QAfDS
zSJkss9B90s@!#l|a({It1c~B)elsrOmi$y4`MvS3h%QIE*aTpFdPL5H(7tnnF^<=r
zOfC{}MU@ea8wn*F4I}(9s%tQb1=pi9RB%#8*cfw9{({)_%?mdB*EApAU|6MOY{B*r
z=XN04r6Wh<C#wXhgGuvVTr4wmq}Z7chzj7A7khc9R=r@A3FbiLN>9RNdz(dF!$F-;
zgh)N0P0bP>rO8_&F)A5{oBc5f-cuR><!fQGrJ3?L(%_Suih9a=Inp!yVWdF(4*m%p
z?&i;&jatJ6>LV@^k_yr#I=OS&rPq6N=3^K0L5juA7h<XwIGZDUoa3K2TOo)xtAa;F
zoXjQ+^ZSB<XB6jXR{N7T*$Dx(J2c7LYZr<8kv7Ev<2!V1!%EWj<PL37$5|&Lh*dI2
z@*~0+*d`VJMk8w#Xe8k0V`YvZ^4bH%SQLUVX@(IC%r|>)4$u1v^Ix>E0lBekdkq)8
z{m|a?Tq>W7{JPpYI^PewO`RbBm>b_0%|FZXL$&=A_%GF#g;9-A5Ecez5)KCDVSN81
z_MzJT=kr6Mt&JTAePG26DgQ>dzV`*xLLC@H`;JIbV%+Tu<2(^3m}$$B=;Fi$4NX!$
zCTOtkZgF2g0cRE8&k*kI+cET+gG>rm%#jz($j^th2ulWoKiKltyUb)dX|2Q8asW_l
z%tUctHZ_OT$;hwhWmW?(Rf~$k)y}&KECizVH#Y`D!}#L0p5o2QBOfrulYO;~s`*$l
zx$R}9gmfsWvh5vH?>=N))hh_CwT&fJB5W*SYmI}@oUpEt)GMzAJ}za>Ht+45JyLTp
zYb{#Bu_#EfVNh1%v2rxb*bMO@e`i^pSsY+Q$=*iKyXV&}LLhX#9+S2oOJ8Zvr>nU2
z=wJ?NOxRjHG}Fj^gzC75*-%CodaGbMl8&g#ZOG_NmLHvX{T&tJZ+ge{tVHXu*n>Qf
zctS)J$&Wt~>g!&9imoIF3&4f@-({7Dp9}^D6J}TJ;r&mM<!9Q@BFh8#!E*fR?(cun
zevn*#_V9rIL(h3oR(`jKz%KX82c6|tj0c_NcY9zY-!C5+Kd3IhB0s1uzuN=3|9<%s
z`Hz3~U#9S&!TfFyUSRK!?*HcHL6P}YJ`ak_U!H{ii>Lc%=Vxa>>ob42%klU6@6P^D
zYR%6Pe;(uf6|wKW|N7NN+^7Gq5&vbV^K;OLAb%X0hc54Td)R$4?E9d9^nAafJyfB;
zXuuz7|FW+?cYuFzbNn5DV*Xn{_^Ukro_++u5B2U>w7;ic^CRtF(*L=n{+0gHPt2bR
Xtdbl8;sY4t{`Kts;Z%RnQeplFX6lAI

literal 0
HcmV?d00001

diff --git a/pmd-appexchange/lib/sfca-pmd-xml-0.12.jar b/pmd-appexchange/lib/sfca-pmd-xml-0.12.jar
new file mode 100644
index 0000000000000000000000000000000000000000..09860a70cce6ff2e1c843dc7140b25dea1c70bc6
GIT binary patch
literal 4153
zcmaJ^2UJt()(s(akzNB5sRII`iJ?TAL?JXG5b3>0@4a^egAO1=Qv^a+svsyJposL|
z6bK3dq&Epg;K6$T?{k=W@7#62@1C{xKHoiS-E-I8I!Iy=B>+H94sf+fMgz_Qc)pwk
z#o4W?ic%6$(?URr0XlyHR)+!C!Dj%rvzzf(pr(?R8bVbMC8~+o(d_BgK#GVCQX@r#
z`g;0nbj3y_XYpV0zzfCB_<uRo+S1$B-pw=MZ>RnWq&`c20{vZ_{{|*!=dX-9YmEQ{
z0JtxLz3i+l&CgioUbfagp7*^2M9-2nV;8s2F!~dYQ%Zw-Cg5jjLw_1i6(j|j2{aV?
zWI{YMO&MbpkuQ4@+)dm}9dXB7H&oQCZ8|)LM24j9406+5m*lvd6TmZSklC&wt_jkd
zNSfR5lfz18teVDJ3n3Esg?n_%?dPLS-KBj#+R{_i&L!49bq<>0ePF^@BW0tKk(7Qd
zeb4j34AQTAx{Iw2$^^|Q94?Uy!2_cRo=z(<gd@v-nhxPyP0`dsZkv{Z{W^&#IGb*7
zLH$8Ch+>o})r2{^wcFy_geO#g{v{avBECcn&yZc%)CUr&P^a$E&eWXkOifeUc_gTM
z`#Dv1WV>eho~VFsRq^C4_3U8Rr4<<t`gf~rjh{SPqA#lne@W6?gg6S<z__ggTkmvg
zx+80ORoJgp+Og`9WRa$oP7<$0)zlZKA03I0&N1v$YgP|JqFWwj-e*6?`FaEog7~(0
z@${Obp_AKPIHwJKbU~(MOupSjv!Hpe=aESzD#AU^WB?XrKXI?axWii}f{AqvS)J{f
zZ#zGM2LFy&>0DfQEy5j4Z3YHQjYTHhoh~=KkJPR~9v>)>J*aBdl3WPBAAB%0Q}4)L
zA)&3WSD{mDqLMF>3C0q!ij$j0GNCQqg&YbyEQU|3e*4HsH7};~Ofvm}Iay_GV_B|&
zEl&$#{?WWM=%ASd4X$^;$MFLIb4k%+q!Zh`&(0N}8-14}z5#|NpUuDgn_{0$;LSul
z>bi7~as{I3I-#6b*)iY6zReU@3g%eNt55xwD!G|z#YFZ8Qg$n~57n0xjGEtZ4CsqK
znuWO0O_LW4Fe<OtI0Lz}uIjI5#2hSm6?p~E9tJgsx$n|BFFH%x1j65i5e{XVuAY8v
zSmz8<b7N2IyJR?*U7)(Or(~J2JgQZl=2QDHH5hv><pHCHgFaQ4cbmfG3suliM06GU
z^dwYiav7PbpE^L*Wi1<iJyIU{`HrUrT{<i#!!3T1g#hj!y&?T{p66H`&6_L9KtftM
zoTw@ss8Y<`R3nQ0h>5|*+uNjfVP6ienCCD?VuZLO{ps?P%ky;P!}V1bVkNe?*@U3N
z(oJkTO6tRGm+dJorI)r_w<Q!^J@L}NTmq4nV+M#p$epMs1Q%Woy4Yfb==O~H^U?#n
z91Q<tHk7cq|0RWYZ2tS0>0)U};&5w8uQ+W)Q~=0qEo@xOH06o2@}ce3o_Ck$#)esK
zls{o4VnflaIf}GYhC(9*ua<(wn&P|4{ke(q%N$_8OG=V>`jHu%jO?(?MHtHWJqTG6
zx}QN#nBKY9GhnGT@u=XEZ%1T+Oy?@>tuVIW4Jm<cOhpN;9K-6!tdvFTZ7D}4B_9Xm
zhtZPS3Hy(4a8)3VT(Hk$!;}z-Fx@*4NLy^6jlhJiID2mXY|UwtWmx=#0lLIv$oNuS
zbh3$UzPjkum%f0E8}A8aIb^s|_#Q7iIU+WAK4#~*&H?IlEzu~UR)6L|Hp?%G(2CYE
zzm7W!?`px(_}bDp#=&dl7%iTJQun#FG_m8nl;7XYRO-GOZ(e9o9poLa22Tv|cLmtB
zhnV~4(>Ln_<>N7IgEbV!J>nCF;h}ov9nbQw)MS6IV7jD3p`~c3#{yaQz?m9XxYK=L
z(=g9~vWT}>DKX{YI-@zQQ;gCw`#agdyOpMaTF)mtA;U(Pyxd%FW%vV7tuB3^6AE5f
z33NxGIF~8>sd$;5B)s?a-WOB<kZH}XXBZx6RyQAm_JM84<;aE-=4b2QQa|-yJf?1|
zrO0v#oWp2ya+dG5j0%T!uW>j}<i_R|+Q!k^^)FQ38xxE^66eisx0;+ab%5GQF`04m
z$j3(&b<eKIL+;I!Qg9V~KwfD&APd~lMj?#!as|D10w8+3mToI?e!AY`#yzjv4~RM#
z(WtOc^6b`7=8jiF?2FE2(+xH)k}k>B3X+8Y(T}$nx5M1HR^A5+*9=a)9%<Z&{0JHO
zO+<_4OND{(m7CDz56b<(r4+S*#AGLz@3nWxpa}tOwLWNC)p-=F^3zN^<%Wi5*72|b
z$AX2;nSC0DLbL0h1Gg9W^OzX$s|)eZWUHhFD3`%bqrYdjaD=yQERgT^kY8c9?HVSf
zPbxss-jZ#48epBOGa7kv4H9+9QUKR{z3sJNcNU@?Wk(YZ8Tf6dI@CQ7+T^ca<&18A
zeQio%?fZHolhkcyvbLO7U*0$gD<`cRrP#7*CN;XLTtk_bmm0UzV}1u%@l6dmp^H|<
z69f__jRF{jX+Nwoz<Q0ZtQF@b#4#wnf2<`l&&$jx<MuoyY`|ulRPS4#!gzF?UW`D&
zf$}p-v4bxDTM`RA8jiD27I`}!yW~tU`v9pCHf&P{e1K}u=vxm*QS82jUf!B?Vgij!
zR6Wt>baw`~5wI=|87d0MV9LsJ+|AJ({@8EwkzJLvU8q)}^_8TZM}OEGhH2=TkZ6s-
zWv0LH1>F>9N#G}vv|MF{*Sqdzz{`n(ILW27;IH}yLq3QTFHLFmv23$6kl1(D9T0b|
z;4!PrF?;L_9mz*k^Pw<4Lh{w7h(x=UH%nau!v>cRi?W<5SjwEec3pWEO$AQ2{l~^7
zNbs9oZE>L1?<7<Ma>SxQBzS^2cJy)Un(g$gygwxc19Vvlt5%1&($TM?2#HPOScuaY
zj(2o~(>t~YPrdTf#inn*(PtmWVeeA!)N4pd;uj1kY(W@Me&X#OO-0iU3=5U@K{c_y
zuw2V^tH;&NUJ+@<QfXBhGvSJ(maP#@fR8uKRh~Ua(km%5?as4pE#~Wt40w#Z31sD_
zkA!V<Y0Yte?XmAorB1TbjpP&8Wu|lQb5IYFM?rU6S~9=6t?6zPR_T{tr}xg?<^!ZJ
zjv0qrc=)}ZYi!wQO0NW0&1LTqvQ9l`jCSfu1zf4j{}5Em1wMKA1wS@cF*D`_?d)B8
ziR^ccL1<X2IB$L4fFbX*C)tZ^U|xBReL|bbsLk*wCG{rTAo!)^$?QE@Gz>5nK<!LI
z6_In6TbYrWkAs#2<v>?BXS4w|q47APHxl9;fLDAXYL$}O%3o8Qj+LmsBa7ZaRqd8=
zL#E7*|LpW^cU;9#+KVifCXT3C%UXE6A=id!ch^|^$f6$ea0{1X;$-j6l-_pv@r)Aa
zvURUW_bLdpXV6{qcEsFj!ZAz=JtLw$zW1rI9~5WMe9z!S3dil{@o<}joi}_djd}ca
zc+4gLL^IvM>%18U#j1g8?hP*R_QGO`QIz~jGv7fe#kCVN&QOD(HU+a|#Squzz=E)B
zYC!TpDRgTNox?g`_sS_U?Kps`V7g~0zo!v7Y+{^2yZCN~tB?P~>dM>1WnV%tZV0$F
z#5*p*<rjQP>IIpc9PC`DzC*a_t9=4n2X}q`Hl%P^N!TKl+z*;gX*!`M$NBv5^S^C4
zYLPN><@8WV@$hJKpVV7E(wY<IsO@L`!Q4Z{H|xzBxJtpyRUv!kN70+9a<jN&d6ube
zT;g*%-#3`Kt><flIb3~)#xIgH7ML6R(Nj-^3vh>mCxJ5^Zd)7T1|CPglaHv9${NtP
zl2@41<8jv?Tz^&Bzv|s{IqvD>Z0lv~?e#aU`z!EV82<$RlQ2eut;(p+R6gHXNsf!)
zb7A~{>~l$6YcTEhNsKnk>=Yxsaljg+5+1#zQ=<4HEpKhjCYxBEUT#~4dbJ{FSTQcO
zQYWTKb#J5FZ;_YyiNGBPj!s>U*Mr^?zTEQ-%nP%@6?-Q3IsD17>tpH9xj=^OM_A8Z
zj~Bb7ArJUrT_Cu^?mM2`w*p&QLYOva^I;n8Zrdhu(@Xr}KC|8eg<7myQkrU>wp)T%
zdj_4l*~Yh2MMp(SAD}XgGWjvQeSK+t7=rj}WK+;vyfqay%VEWq1MdfVNeF#szVluh
zHYp(}z6A>TY>yG!Yos@nm1Q4S8GlNAL!Ap~oE$!u9T5VMH9EjMmKB0Wrbs;Qsi$SV
z82WnS!y|@BBV$YMECcWE!BR7ADd@h5a~*=Rp=$bb?#;)NT{Rl_hxv5M{NeplcS%~S
zyWoAGTl&7~(|&5(G?Rg`Mb(jFck8mIEadwn(kpol#hZ<nL3Z1{#9zMP@eRo0hx<}k
zljCZs?JGP9(GHXZp_toyU8R$8w?3K{d83!cbswV#jv~rDcd`#(F45wvm-L$w>bqzQ
z1Cpoe4Z~ufJzE+GGKq9iRN|8&g30rSbsC}e#cfsWkcL|7LLH~W9~I-XA>lmvFZt5^
zpvr1(jd}PNOym?y%%%5Nbg>WLj56G~H0c5z)hF$peu3*)7jYSSj<(Hq+B>~TzqYKO
zhg`PL<8yaEbYY!7CelF?0U3$^yIVZ}3IPCGz?#ze{?j{Nq+Rrm=iu|eMhKp*KWV=>
z$%_@v(ZAZ%^Zefj`=0GTUE%+tolnWX<NSSd&K`f#&S&N#^`e>le=;_r=OXnVt>wjf
z=lp-};33s7<NLp8f9;_DSK2>yaB=GY(*gb>^};_u2T4MDjwV052t)vY@a6ODU((|E
A3;+NC

literal 0
HcmV?d00001

diff --git a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/Constants.java b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/Constants.java
new file mode 100644
index 000000000..bcc7d8cef
--- /dev/null
+++ b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/Constants.java
@@ -0,0 +1,10 @@
+package sfdc.sfdx.scanner;
+
+public class Constants {
+
+    public static final class SystemProperty {
+        public static final String CATALOG_HOME = "catalogHome";
+        public static final String CATALOG_NAME = "catalogName";
+        public static final String CATALOGED_ENGINE_NAME = "catalogedEngineName";
+    }
+}
diff --git a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/Main.java b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/Main.java
index 55aa92c55..d00afc5e9 100644
--- a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/Main.java
+++ b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/Main.java
@@ -6,6 +6,7 @@
 import com.salesforce.messaging.EventKey;
 import com.salesforce.messaging.MessagePassableException;
 import com.salesforce.messaging.CliMessager;
+import sfdc.sfdx.scanner.Constants;
 
 public class Main {
 
@@ -111,7 +112,10 @@ private void parseArg(Map<String, List<String>> languagePathEntries, String arg)
 	static class Dependencies {
 
 		PmdRuleCataloger getPmdRuleCataloger(Map<String, List<String>> rulePathEntries) {
-			return new PmdRuleCataloger(rulePathEntries);
+            String catalogHome = System.getProperty(Constants.SystemProperty.CATALOG_HOME);
+            String catalogName = System.getProperty(Constants.SystemProperty.CATALOG_NAME);
+            String catalogedEngineName = System.getProperty(Constants.SystemProperty.CATALOGED_ENGINE_NAME);
+			return new PmdRuleCataloger(rulePathEntries, catalogHome, catalogName, catalogedEngineName);
 		}
 	}
 }
diff --git a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/PmdRuleCataloger.java b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/PmdRuleCataloger.java
index 2647faa53..8f5f84f3e 100644
--- a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/PmdRuleCataloger.java
+++ b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/PmdRuleCataloger.java
@@ -19,26 +19,42 @@
 import sfdc.sfdx.scanner.paths.PathManipulator;
 
 class PmdRuleCataloger {
-	private Map<String, List<String>> rulePathEntries;
+	private final Map<String, List<String>> rulePathEntries;
 
 	// Holds category and rulesets maps that provide files we need to scan for each language.
-	private LanguageXmlFileMapping languageXmlFileMapping = new LanguageXmlFileMapping();
+	private final LanguageXmlFileMapping languageXmlFileMapping = new LanguageXmlFileMapping();
 
 	// These maps are going to help us store intermediate objects in an easy-to-reference way.
-	private Map<String, List<PmdCatalogRule>> rulesByLanguage = new HashMap<>();
-	private Map<String, List<PmdCatalogRuleset>> rulesetsByLanguage = new HashMap<>();
+	private final Map<String, List<PmdCatalogRule>> rulesByLanguage = new HashMap<>();
+	private final Map<String, List<PmdCatalogRuleset>> rulesetsByLanguage = new HashMap<>();
 
 	// These lists are going to be the master lists that we ultimately use to build our JSON at the end.
-	private List<PmdCatalogCategory> masterCategoryList = new ArrayList<>();
-	private List<PmdCatalogRule> masterRuleList = new ArrayList<>();
-	private List<PmdCatalogRuleset> masterRulesetList = new ArrayList<>();
+	private final List<PmdCatalogCategory> masterCategoryList = new ArrayList<>();
+	private final List<PmdCatalogRule> masterRuleList = new ArrayList<>();
+	private final List<PmdCatalogRuleset> masterRulesetList = new ArrayList<>();
+
+    /**
+     * The directory in which the catalog file will be placed.
+     */
+    private final String catalogHome;
+    /**
+     * The name that the catalog file will be given.
+     */
+    private final String catalogName;
+    /**
+     * The specific PMD variant whose rules are being cataloged. (E.g., "pmd" vs "pmd-appexchange")
+     */
+    private final String engineSubvariant;
 
 
 	/**
 	 * @param rulePathEntries Map of languages and their file resources. Includes both inbuilt PMD and custom rules provided by user
 	 */
-	PmdRuleCataloger(Map<String, List<String>> rulePathEntries) {
+	PmdRuleCataloger(Map<String, List<String>> rulePathEntries, String catalogHome, String catalogName, String engineSubvariant) {
 		this.rulePathEntries = rulePathEntries;
+        this.catalogHome = catalogHome;
+        this.catalogName = catalogName;
+        this.engineSubvariant = engineSubvariant;
 	}
 
 
@@ -84,7 +100,7 @@ void catalogRules() {
         new Pmd7CompatibilityChecker().validatePmd7Readiness(masterRuleList);
 
 		// STEP 6: Build a JSON using all of our objects.
-		PmdCatalogJson json = new PmdCatalogJson(masterRuleList, masterCategoryList, masterRulesetList);
+		PmdCatalogJson json = new PmdCatalogJson(masterRuleList, masterCategoryList, masterRulesetList, engineSubvariant);
 
 		// STEP 7: Write the JSON to a file.
 		writeJsonToFile(json);
@@ -128,7 +144,7 @@ private void processCategoryFile(String language, String path) {
 		int ruleCount = ruleNodes.getLength();
 		for (int i = 0; i < ruleCount; i++) {
 			Element ruleNode = (Element) ruleNodes.item(i);
-			PmdCatalogRule rule = new PmdCatalogRule(ruleNode, category, language);
+			PmdCatalogRule rule = new PmdCatalogRule(ruleNode, category, language, engineSubvariant);
 			rules.add(rule);
 		}
 		if (!this.rulesByLanguage.containsKey(language)) {
@@ -180,9 +196,7 @@ private void linkRulesToRulesets(List<PmdCatalogRule> rules, List<PmdCatalogRule
 		}
 	}
 
-	void writeJsonToFile(PmdCatalogJson json) {
-		final String catalogHome = System.getProperty("catalogHome");
-		final String catalogName = System.getProperty("catalogName");
+	private void writeJsonToFile(PmdCatalogJson json) {
 		CliMessager.getInstance().addMessage(String.format("Received catalogHome as %s and catalogName as %s", catalogHome, catalogName), EventKey.INFO_GENERAL_INTERNAL_LOG, "PmdRuleCataloger.writeJsonToFile()");
 		Path catDirPath = Paths.get(catalogHome);
 		Gson prettyGson = new GsonBuilder().setPrettyPrinting().create();
diff --git a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogJson.java b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogJson.java
index e60e6c50e..4a7c11d00 100644
--- a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogJson.java
+++ b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogJson.java
@@ -5,8 +5,6 @@
 import org.json.simple.*;
 
 public class PmdCatalogJson {
-	public static final String PMD_ENGINE_NAME = "pmd";
-
 	public static final String JSON_ENGINE = "engine";
 	public static final String JSON_NAME = "name";
 	public static final String JSON_CATEGORIES = "categories";
@@ -24,11 +22,13 @@ public class PmdCatalogJson {
 	private final List<PmdCatalogRule> rules;
 	private final List<PmdCatalogCategory> categories;
 	private final List<PmdCatalogRuleset> rulesets;
+    private final String engineName;
 
-	public PmdCatalogJson(List<PmdCatalogRule> rules, List<PmdCatalogCategory> categories, List<PmdCatalogRuleset> rulesets) {
+	public PmdCatalogJson(List<PmdCatalogRule> rules, List<PmdCatalogCategory> categories, List<PmdCatalogRuleset> rulesets, String engineName) {
 		this.rules = rules;
 		this.categories = categories;
 		this.rulesets = rulesets;
+        this.engineName = engineName;
 	}
 
 	/**
@@ -89,7 +89,7 @@ private void addRulePath(Map<String, JSONObject> pathsByAlias, String alias, Str
 		JSONObject obj = pathsByAlias.get(alias);
 		if (obj == null) {
 			obj = new JSONObject();
-			obj.put(JSON_ENGINE, PMD_ENGINE_NAME);
+			obj.put(JSON_ENGINE, this.engineName);
 			obj.put(JSON_NAME, alias);
 			obj.put(JSON_PATHS, new ArrayList<String>());
 			pathsByAlias.put(alias, obj);
diff --git a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogRule.java b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogRule.java
index d2f0f6e61..4f2018370 100644
--- a/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogRule.java
+++ b/pmd-cataloger/src/main/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogRule.java
@@ -54,8 +54,10 @@ public class PmdCatalogRule {
 
     private final Element element;
 
+    private final String engineName;
 
-	public PmdCatalogRule(Element element, PmdCatalogCategory category, String language) {
+
+	public PmdCatalogRule(Element element, PmdCatalogCategory category, String language, String engineName) {
         this.element = element;
 		this.name = element.getAttribute(ATTR_NAME);
 		this.message = element.getAttribute(ATTR_MESSAGE);
@@ -63,12 +65,9 @@ public PmdCatalogRule(Element element, PmdCatalogCategory category, String langu
 		this.category = category;
 		this.description = getDescription(element);
 		this.sourceJar = category.getSourceJar();
+        this.engineName = engineName;
 	}
 
-    public String getLanguage() {
-        return language;
-    }
-
 	String getFullName() {
 		return getCategoryPath() + "/" + getName();
 	}
@@ -153,7 +152,7 @@ private String getDescription(Element element) {
 	 */
 	JSONObject toJson() {
 		Map<String, Object> m = new HashMap<>();
-		m.put(JSON_ENGINE, PMD_ENGINE_NAME);
+		m.put(JSON_ENGINE, this.engineName);
 		m.put(JSON_NAME, this.name);
 		m.put(JSON_MESSAGE, this.message);
 		m.put(JSON_DESCRIPTION, this.description);
diff --git a/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/Pmd7CompatibilityCheckerTest.java b/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/Pmd7CompatibilityCheckerTest.java
index 24a101597..8e5a5dc0e 100644
--- a/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/Pmd7CompatibilityCheckerTest.java
+++ b/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/Pmd7CompatibilityCheckerTest.java
@@ -31,6 +31,7 @@ public class Pmd7CompatibilityCheckerTest {
     private static final String NONSTANDARD_JAR = "/Users/me/some/path/to/MyRules.jar";
     private static final String STANDARD_CATPATH = "category/apex/bestpractices.xml";
     private static final String NONSTANDARD_CATPATH = "category/apex/somewildcat.xml";
+    private static final String MOCKED_ENGINE_NAME = "MockedEngineName";
 
     /**
      * Before and after each test, reset the CLI messages.
@@ -135,7 +136,7 @@ private PmdCatalogRule createJavaBasedRule(PmdCatalogCategory category, boolean
         String classProp = "net.sourceforge.pmd.lang.apex.rule.codestyle.ClassNamingConventionsRule";
         String ruleXml = createRuleXml(classProp, hasLangProp, "");
         Element ruleElement = createRuleElement(ruleXml);
-        return new PmdCatalogRule(ruleElement, category, "apex");
+        return new PmdCatalogRule(ruleElement, category, "apex", MOCKED_ENGINE_NAME);
     }
 
     private PmdCatalogRule createXpathRule(PmdCatalogCategory category, String classProp, boolean hasLangProp) {
@@ -153,7 +154,7 @@ private PmdCatalogRule createXpathRule(PmdCatalogCategory category, String class
                 + "</properties>";
         String ruleXml = createRuleXml(classProp, hasLangProp, propertiesTags);
         Element ruleElement = createRuleElement(ruleXml);
-        return new PmdCatalogRule(ruleElement, category, "apex");
+        return new PmdCatalogRule(ruleElement, category, "apex", MOCKED_ENGINE_NAME);
     }
 
     private String createRuleXml(String classProp, boolean hasLangProp, String innerXml) {
diff --git a/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/PmdRuleCatalogerTest.java b/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/PmdRuleCatalogerTest.java
index 7b7214fdd..19a9af1fb 100644
--- a/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/PmdRuleCatalogerTest.java
+++ b/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/PmdRuleCatalogerTest.java
@@ -34,6 +34,7 @@
 public class PmdRuleCatalogerTest {
 	private static final String TEST_CATALOG_DIR = "./test/path/to/a/directory";
 	private static final String TEST_CATALOG_FILE = "PmdCatalog.json";
+    private static final String TEST_ENGINE_NAME = "MockedEngineName";
 
 	public ArgumentCaptor<String> jsonContentsCaptor;
 	public ArgumentCaptor<Path> directoryPathCaptor;
@@ -41,19 +42,11 @@ public class PmdRuleCatalogerTest {
 
 	@BeforeEach
 	public void setup() {
-		System.setProperty("catalogHome", TEST_CATALOG_DIR);
-		System.setProperty("catalogName", TEST_CATALOG_FILE);
 		CliMessager.getInstance().resetMessages();
 	}
 
-	@AfterEach
-	public void teardown() {
-		System.clearProperty("catalogHome");
-		System.clearProperty("catalogName");
-	}
-
 	public PmdRuleCataloger createPmdRuleCatalogerSpy(Map<String,List<String>> rulePathEntries) {
-		PmdRuleCataloger pmdRuleCataloger = new PmdRuleCataloger(rulePathEntries);
+		PmdRuleCataloger pmdRuleCataloger = new PmdRuleCataloger(rulePathEntries, TEST_CATALOG_DIR, TEST_CATALOG_FILE, TEST_ENGINE_NAME);
 		PmdRuleCataloger pmdRuleCatalogerSpy = Mockito.spy(pmdRuleCataloger);
 
 		jsonContentsCaptor = ArgumentCaptor.forClass(String.class);
@@ -144,7 +137,7 @@ public void testExceptionIsThrownWhenCollisionOccurs() {
 
 		rulePathEntries.put(APEX, Arrays.asList(COLLISION_JAR_1.toAbsolutePath().toString(),
 				COLLISION_JAR_2.toAbsolutePath().toString()));
-		PmdRuleCataloger pmdRuleCataloger = new PmdRuleCataloger(rulePathEntries);
+		PmdRuleCataloger pmdRuleCataloger = new PmdRuleCataloger(rulePathEntries, TEST_CATALOG_DIR, TEST_CATALOG_FILE, TEST_ENGINE_NAME);
 
         MessagePassableException ex = assertThrows(MessagePassableException.class,
             () -> pmdRuleCataloger.catalogRules());
diff --git a/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogJsonTest.java b/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogJsonTest.java
index 3e7fdfb69..01087a688 100644
--- a/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogJsonTest.java
+++ b/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogJsonTest.java
@@ -16,6 +16,7 @@ public class PmdCatalogJsonTest {
     private static final String RULE_PATH = "rule path";
     private static final String CATEGORY_NAME = "category name";
     private static final String CATEGORY_PATH = "category path";
+    private static final String MOCKED_ENGINE_NAME = "MockedEngineName";
 
     @Test
     public void testConstructJson() {
@@ -27,7 +28,7 @@ public void testConstructJson() {
         categories.add(getPmdCatalogCategoryMock(CATEGORY_NAME, CATEGORY_PATH));
         rulesets.add(getPmdCatalogRulesetMock(RULE_NAME, RULE_PATH));
 
-        final PmdCatalogJson catalogJson = new PmdCatalogJson(rules, categories, rulesets);
+        final PmdCatalogJson catalogJson = new PmdCatalogJson(rules, categories, rulesets, MOCKED_ENGINE_NAME);
 
         // Execute
         final JSONObject jsonObject = catalogJson.constructJson();
@@ -35,11 +36,11 @@ public void testConstructJson() {
         // Verify
         //[{"paths":["rule path"],"name":"rule name"}]
         final String expectedRulesetJson = String.format("[{\"engine\":\"%s\",\"paths\":[\"%s\"],\"name\":\"%s\"}]",
-            PmdCatalogJson.PMD_ENGINE_NAME, RULE_PATH, RULE_NAME);
+            MOCKED_ENGINE_NAME, RULE_PATH, RULE_NAME);
         assertEquals(expectedRulesetJson, jsonObject.get(PmdCatalogJson.JSON_RULESETS).toString());
 
         final String expectedCategoryJson = String.format("[{\"engine\":\"%s\",\"paths\":[\"%s\"],\"name\":\"%s\"}]",
-            PmdCatalogJson.PMD_ENGINE_NAME, CATEGORY_PATH, CATEGORY_NAME);
+            MOCKED_ENGINE_NAME, CATEGORY_PATH, CATEGORY_NAME);
         assertEquals(expectedCategoryJson, jsonObject.get(PmdCatalogJson.JSON_CATEGORIES).toString());
 
         // Rules json has its own test where we verify the Json contents. Here, we only confirm that it exists
diff --git a/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogRuleTest.java b/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogRuleTest.java
index bf800e5cb..586939079 100644
--- a/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogRuleTest.java
+++ b/pmd-cataloger/src/test/java/sfdc/sfdx/scanner/pmd/catalog/PmdCatalogRuleTest.java
@@ -29,13 +29,14 @@ public class PmdCatalogRuleTest {
 	private static final String CATEGORY_NAME = "Best Practices";
 	private static final String CATEGORY_PATH = "/some/path";
 	private static final String CATEGORY_SOURCEJAR = "/path/to/sourcejar.jar";
+    private static final String MOCKED_ENGINE_NAME = "MockedEngineName";
 	private static final PmdCatalogCategory CATEGORY = new PmdCatalogCategory(CATEGORY_NAME, CATEGORY_PATH, CATEGORY_SOURCEJAR);
 
 	@Test
 	public void testCatalogRuleJsonConversion() {
 		// Setup mock
 		final Element elementMock = getElementMock(Collections.singletonList("description"));
-		final PmdCatalogRule catalogRule = new PmdCatalogRule(elementMock, CATEGORY, LANGUAGE);
+		final PmdCatalogRule catalogRule = new PmdCatalogRule(elementMock, CATEGORY, LANGUAGE, MOCKED_ENGINE_NAME);
 
 
 		// Execute
@@ -64,7 +65,7 @@ public void testCatalogRuleNoDescription() {
 
 		// Setup mock
 		final Element elementMock = getElementMock(Collections.singletonList(""));
-		final PmdCatalogRule catalogRule = new PmdCatalogRule(elementMock, CATEGORY, LANGUAGE);
+		final PmdCatalogRule catalogRule = new PmdCatalogRule(elementMock, CATEGORY, LANGUAGE, MOCKED_ENGINE_NAME);
 
 		// Execute
 		final JSONObject jsonObject = catalogRule.toJson();
@@ -79,7 +80,7 @@ public void testCatalogRuleJsonWithDescription() {
 
 		// Setup mock
 		final Element elementMock = getElementMock(Collections.singletonList(description));
-		final PmdCatalogRule catalogRule = new PmdCatalogRule(elementMock, CATEGORY, LANGUAGE);
+		final PmdCatalogRule catalogRule = new PmdCatalogRule(elementMock, CATEGORY, LANGUAGE, MOCKED_ENGINE_NAME);
 
 		// Execute
 		final JSONObject jsonObject = catalogRule.toJson();
@@ -97,7 +98,7 @@ public void testCatalogRuleJsonWithMultipleDescriptions_expectException() {
 		final Element elementMock = getElementMock(Arrays.asList(description1, description2));
 
         // Even initializing the object should be enough to trigger the expected exception.
-        MessagePassableException ex = assertThrows(MessagePassableException.class, () -> new PmdCatalogRule(elementMock, CATEGORY, LANGUAGE));
+        MessagePassableException ex = assertThrows(MessagePassableException.class, () -> new PmdCatalogRule(elementMock, CATEGORY, LANGUAGE, MOCKED_ENGINE_NAME));
 		assertThat(ex.getEventKey(), is(EventKey.ERROR_EXTERNAL_MULTIPLE_RULE_DESC));
         assertThat(ex.getArgs(), is(new String[]{CATEGORY.getPath() + "/" + NAME, "2"}));
 	}
diff --git a/src/Constants.ts b/src/Constants.ts
index 2a6957232..81b23f6ff 100644
--- a/src/Constants.ts
+++ b/src/Constants.ts
@@ -2,6 +2,7 @@ import os = require('os');
 import path = require('path');
 
 export const PMD_VERSION = '6.55.0';
+export const PMD_APPEXCHANGE_VERSION = '0.12';
 export const SFGE_VERSION = '1.0.1-pilot';
 export const DEFAULT_SCANNER_PATH = path.join(os.homedir(), '.sfdx-scanner');
 export const CATALOG_FILE = 'Catalog.json';
@@ -20,6 +21,7 @@ export const INTERNAL_ERROR_CODE = 1;
 
 export enum ENGINE {
 	PMD = 'pmd',
+	PMD_APPEXCHANGE = 'pmd-appexchange',
 	PMD_CUSTOM = 'pmd-custom',
 	ESLINT = 'eslint',
 	ESLINT_LWC = 'eslint-lwc',
@@ -58,6 +60,7 @@ export const AllowedEngineFilters = [
 	ENGINE.ESLINT_LWC,
 	ENGINE.ESLINT_TYPESCRIPT,
 	ENGINE.PMD,
+	ENGINE.PMD_APPEXCHANGE,
 	ENGINE.RETIRE_JS,
 	ENGINE.CPD,
 	ENGINE.SFGE
@@ -73,6 +76,7 @@ export const PathlessEngineFilters = [
 	ENGINE.ESLINT_LWC,
 	ENGINE.ESLINT_TYPESCRIPT,
 	ENGINE.PMD,
+	ENGINE.PMD_APPEXCHANGE,
 	ENGINE.RETIRE_JS,
 	ENGINE.SFGE,
 	ENGINE.CPD
@@ -129,3 +133,6 @@ export enum Severity {
 
 // Here, current dir __dirname = <base_dir>/sfdx-scanner/src
 export const PMD_LIB = path.join(__dirname, '..', 'dist', 'pmd', 'lib');
+
+// Here, current dir __dirname = <base_dir>/sfdx-scanner/src
+export const APPEXCHANGE_PMD_LIB = path.join(__dirname, '..', 'pmd-appexchange', 'lib');
diff --git a/src/ioc.config.ts b/src/ioc.config.ts
index 129c28684..d60c2f252 100644
--- a/src/ioc.config.ts
+++ b/src/ioc.config.ts
@@ -10,7 +10,7 @@ import {CustomEslintEngine} from './lib/eslint/CustomEslintEngine';
 import {RetireJsEngine} from './lib/retire-js/RetireJsEngine';
 import {SfgeDfaEngine} from './lib/sfge/SfgeDfaEngine';
 import {SfgePathlessEngine} from './lib/sfge/SfgePathlessEngine';
-import {CustomPmdEngine, PmdEngine} from './lib/pmd/PmdEngine';
+import {AppExchangePmdEngine, CustomPmdEngine, PmdEngine} from './lib/pmd/PmdEngine';
 import LocalCatalog from './lib/services/LocalCatalog';
 import {Config} from './lib/util/Config';
 import {Services} from './Constants';
@@ -27,6 +27,7 @@ export function registerAll(): void {
 		container.registerSingleton(Services.RuleManager, DefaultRuleManager);
 		container.registerSingleton(Services.RuleEngine, PmdEngine);
 		container.registerSingleton(Services.RuleEngine, CustomPmdEngine);
+		container.registerSingleton(Services.RuleEngine, AppExchangePmdEngine);
 		container.registerSingleton(Services.RuleEngine, JavascriptEslintEngine);
 		container.registerSingleton(Services.RuleEngine, LWCEslintEngine);
 		container.registerSingleton(Services.RuleEngine, TypescriptEslintEngine);
diff --git a/src/lib/pmd/PmdCatalogWrapper.ts b/src/lib/pmd/PmdCatalogWrapper.ts
index ccf9756c9..46752ad0a 100644
--- a/src/lib/pmd/PmdCatalogWrapper.ts
+++ b/src/lib/pmd/PmdCatalogWrapper.ts
@@ -11,13 +11,19 @@ import {BundleName, getMessage} from "../../MessageCatalog";
 const PMD_CATALOGER_LIB = path.join(__dirname, '..', '..', '..', 'dist', 'pmd-cataloger', 'lib');
 const MAIN_CLASS = 'sfdc.sfdx.scanner.pmd.Main';
 
+type PmdCatalogWrapperOptions = PmdSupportOptions & {
+	catalogedEngineName: string;
+};
+
 export class PmdCatalogWrapper extends PmdSupport {
 	private logger: Logger;
 	private initialized: boolean;
 	private catalogFilePath: path.ParsedPath;
+	private readonly catalogedEngineName: string;
 
-	constructor(opts: PmdSupportOptions) {
+	constructor(opts: PmdCatalogWrapperOptions) {
 		super(opts);
+		this.catalogedEngineName = opts.catalogedEngineName;
 	}
 
 	protected async init(): Promise<void> {
@@ -51,7 +57,7 @@ export class PmdCatalogWrapper extends PmdSupport {
 		const languageArgs: string[] = this.buildLanguageArgs();
 		this.logger.trace(`Cataloger parameters have been built: ${JSON.stringify(languageArgs)}`);
 
-		const args = [`-DcatalogHome=${this.catalogFilePath.dir}`, `-DcatalogName=${this.catalogFilePath.base}`, '-cp', classpath, MAIN_CLASS, ...languageArgs];
+		const args = [`-DcatalogHome=${this.catalogFilePath.dir}`, `-DcatalogName=${this.catalogFilePath.base}`, `-DcatalogedEngineName=${this.catalogedEngineName}`, '-cp', classpath, MAIN_CLASS, ...languageArgs];
 
 		this.logger.trace(`Preparing to execute PMD Cataloger with command: "${command}", args: "${JSON.stringify(args)}"`);
 		return [command, args];
diff --git a/src/lib/pmd/PmdEngine.ts b/src/lib/pmd/PmdEngine.ts
index 4059011f2..4006806b9 100644
--- a/src/lib/pmd/PmdEngine.ts
+++ b/src/lib/pmd/PmdEngine.ts
@@ -4,7 +4,7 @@ import {Controller} from '../../Controller';
 import {Catalog, Rule, RuleGroup, RuleResult, RuleTarget, RuleViolation, TargetPattern} from '../../types';
 import {AbstractRuleEngine} from '../services/RuleEngine';
 import {Config} from '../util/Config';
-import {CUSTOM_CONFIG, ENGINE, EngineBase, HARDCODED_RULES, PMD_LIB, PMD_VERSION, Severity} from '../../Constants';
+import {APPEXCHANGE_PMD_LIB, PMD_APPEXCHANGE_VERSION, CUSTOM_CONFIG, ENGINE, EngineBase, HARDCODED_RULES, PMD_LIB, PMD_VERSION, Severity} from '../../Constants';
 import {PmdCatalogWrapper} from './PmdCatalogWrapper';
 import PmdWrapper from './PmdWrapper';
 import {EVENTS, uxEvents} from "../ScannerEvents";
@@ -82,10 +82,6 @@ abstract class AbstractPmdEngine extends AbstractRuleEngine {
 	protected eventCreator: EventCreator;
 	private initialized: boolean;
 
-	getTargetPatterns(): Promise<TargetPattern[]> {
-		return this.config.getTargetPatterns(ENGINE.PMD);
-	}
-
 	public matchPath(path: string): boolean {
 		// TODO implement this for realz
 		return path != null;
@@ -133,7 +129,7 @@ abstract class AbstractPmdEngine extends AbstractRuleEngine {
 		this.initialized = true;
 	}
 
-	protected async runInternal(selectedRules: string, targets: RuleTarget[], rulePathsByLanguage: Map<string, Set<string>>): Promise<RuleResult[]> {
+	protected async runInternal(selectedRules: string, targets: RuleTarget[], rulePathsByLanguage: Map<string, Set<string>>, supplementalClasspath: string[] = []): Promise<RuleResult[]> {
 		try {
 			const targetPaths: string[] = [];
 			for (const target of targets) {
@@ -148,7 +144,8 @@ abstract class AbstractPmdEngine extends AbstractRuleEngine {
 			const stdout = await (await PmdWrapper.create({
 				targets: targetPaths,
 				rules: selectedRules,
-				rulePathsByLanguage
+				rulePathsByLanguage,
+				supplementalClasspath
 			})).execute();
 			const results = this.processStdOut(stdout);
 			this.logger.trace(`Found ${results.length} for PMD`);
@@ -430,10 +427,15 @@ export class PmdEngine extends AbstractPmdEngine {
 		return PmdEngine.ENGINE_NAME;
 	}
 
+	getTargetPatterns(): Promise<TargetPattern[]> {
+		return this.config.getTargetPatterns(ENGINE.PMD);
+	}
+
 	async getCatalog(): Promise<Catalog> {
 		if (!this.catalogWrapper) {
 			this.catalogWrapper = await PmdCatalogWrapper.create({
-				rulePathsByLanguage: await (await _PmdRuleMapper.create({})).createStandardRuleMap()
+				rulePathsByLanguage: await (await _PmdRuleMapper.create({})).createStandardRuleMap(),
+				catalogedEngineName: PmdEngine.ENGINE_NAME
 			});
 		}
 		return this.catalogWrapper.getCatalog();
@@ -480,6 +482,11 @@ export class CustomPmdEngine extends AbstractPmdEngine {
 		return CustomPmdEngine.THIS_ENGINE.valueOf();
 	}
 
+	getTargetPatterns(): Promise<TargetPattern[]> {
+		// The Custom variant shares the same target patterns as the standard variant.
+		return this.config.getTargetPatterns(ENGINE.PMD);
+	}
+
 	isEnabled(): Promise<boolean> {
 		return Promise.resolve(true); // Custom config will always be enabled
 	}
@@ -536,7 +543,64 @@ export class CustomPmdEngine extends AbstractPmdEngine {
 
 		return configFile;
 	}
+}
+
+export class AppExchangePmdEngine extends AbstractPmdEngine {
+	private static readonly SUPPORTED_LANGUAGES = ['apex', 'html', 'javascript', 'visualforce', 'xml'];
+	private static ENGINE_ENUM = ENGINE.PMD_APPEXCHANGE;
+	public static ENGINE_NAME = AppExchangePmdEngine.ENGINE_ENUM.valueOf();
+	private catalogWrapper: PmdCatalogWrapper;
+
+	getName(): string {
+		return AppExchangePmdEngine.ENGINE_NAME;
+	}
+
+	getTargetPatterns(): Promise<TargetPattern[]> {
+		return this.config.getTargetPatterns(ENGINE.PMD_APPEXCHANGE);
+	}
+
+	async getCatalog(): Promise<Catalog> {
+		if (!this.catalogWrapper) {
+			this.catalogWrapper = await PmdCatalogWrapper.create({
+				rulePathsByLanguage: this.createRuleMap(),
+				catalogedEngineName: AppExchangePmdEngine.ENGINE_NAME
+			});
+		}
+		return this.catalogWrapper.getCatalog();
+	}
 
+	shouldEngineRun(
+		ruleGroups: RuleGroup[],
+		rules: Rule[],
+		target: RuleTarget[],
+		engineOptions: Map<string, string>): boolean {
+		// If this isn't a custom run, and there are rule groups for the engine to run,
+		// then we're good.
+		return !isCustomRun(engineOptions) && (ruleGroups.length > 0);
+	}
+
+	isEngineRequested(filterValues: string[], engineOptions: Map<string, string>): boolean {
+		// If the analyzer run isn't custom, then this engine counts as requested by default.
+		return !isCustomRun(engineOptions) && engineUtils.isFilterEmptyOrNameInFilter(this.getName(), filterValues);
+	}
+
+	public async run(ruleGroups: RuleGroup[], rules: Rule[], targets: RuleTarget[], engineOptions: Map<string, string>): Promise<RuleResult[]> {
+		const selectedRules = ruleGroups.map(np => np.paths).join(',');
+		return await this.runInternal(selectedRules, targets, this.createRuleMap(), [`${APPEXCHANGE_PMD_LIB}/*`]);
+	}
+
+	public isEnabled(): Promise<boolean> {
+		return this.config.isEngineEnabled(AppExchangePmdEngine.ENGINE_ENUM);
+	}
+
+	private createRuleMap(): Map<string, Set<string>> {
+		const rulePathsByLanguage = new Map<string, Set<string>>();
+		for (const language of AppExchangePmdEngine.SUPPORTED_LANGUAGES) {
+			const jarPath = path.join(`${APPEXCHANGE_PMD_LIB}`, `sfca-pmd-${language}-${PMD_APPEXCHANGE_VERSION}.jar`);
+			rulePathsByLanguage.set(language, new Set<string>([jarPath]));
+		}
+		return rulePathsByLanguage;
+	}
 }
 
 /**
diff --git a/src/lib/pmd/PmdWrapper.ts b/src/lib/pmd/PmdWrapper.ts
index 4b3525369..dc59c528e 100644
--- a/src/lib/pmd/PmdWrapper.ts
+++ b/src/lib/pmd/PmdWrapper.ts
@@ -11,11 +11,17 @@ const HEAP_SIZE = '-Xmx1024m';
 type PmdWrapperOptions = PmdSupportOptions & {
 	targets: string[];
 	rules: string;
+	/**
+	 * Any extra files that need to be added to the classpath, NOT including files that declare rules (since those files
+	 * are handled elsewhere).
+	 */
+	supplementalClasspath: string[];
 };
 
 export default class PmdWrapper extends PmdSupport {
 	private targets: string[];
-	private rules: string;
+	private readonly rules: string;
+	private supplementalClasspath: string[];
 	private logger: Logger;
 	private initialized: boolean;
 
@@ -23,6 +29,7 @@ export default class PmdWrapper extends PmdSupport {
 		super(opts);
 		this.targets = opts.targets;
 		this.rules = opts.rules;
+		this.supplementalClasspath = opts.supplementalClasspath;
 	}
 
 	protected async init(): Promise<void> {
@@ -45,7 +52,7 @@ export default class PmdWrapper extends PmdSupport {
 		// The classpath needs PMD's lib folder. There may be redundancy with the shared classpath, but having the
 		// same JAR in the classpath twice is fine. Also note that the classpath is not wrapped in quotes like how it
 		// would be if we invoked directly through the CLI, because child_process.spawn() hates that.
-		const classpath = [`${PMD_LIB}/*`, ...this.buildSharedClasspath()].join(path.delimiter);
+		const classpath = [...this.supplementalClasspath, `${PMD_LIB}/*`, ...this.buildSharedClasspath()].join(path.delimiter);
 		// Operating systems impose limits on the maximum length of a command line invocation. This can be problematic
 		// when scanning a large number of files. Store the list of files to scan in a temp file. Pass the location
 		// of the temp file to PMD. The temp file is cleaned up when the process exits.
diff --git a/src/lib/util/Config.ts b/src/lib/util/Config.ts
index e56b842ae..7ed13c8d2 100644
--- a/src/lib/util/Config.ts
+++ b/src/lib/util/Config.ts
@@ -27,6 +27,26 @@ export type EngineConfigContent = {
 	minimumTokens?: number;
 }
 
+/**
+ * An array of file extensions that can theoretically correspond to XML files when scanning a Salesforce Managed Package.
+ */
+const APPEXCHANGE_XML_EXTENSIONS = [
+	"app", "authprovider", "bot", "brandingSet", "cachePartition", "callCenter", "communityTemplateDefinition",
+	"communityThemeDefinition", "connectedApp", "ConversationVendorInformation", "corsWhitelistOrigin",
+	"cspTrustedSite", "customHelpMenuSection", "customPermission", "dashboard", "dataConnectorIngestApi",
+	"dataPackageKitDefinition", "DataPackageKitObject", "dataSource", "dataSourceBundleDefinition",
+	"dataSourceObject", "dataSrcDataModelFieldMap", "dataStreamDefinition", "dataStreamTemplate",
+	"duplicateRule", "externalDataConnector", "featureParameterBoolean", "featureParameterInteger",
+	"flexipage", "flow", "globalValueSet", "globalValueSetTranslation", "homePageComponent",
+	"homePageLayout", "indx", "labels", "layout", "letter", "lightningBolt", "lightningExperienceTheme",
+	"marketingappextension", "matchingRule", "md", "messageChannel", "mktDataTranObject", "mlDomain",
+	"namedCredential", "navigationMenu", "notiftype", "object", "objectSourceTargetMap", "objectTranslation",
+	"pathAssistant", "permissionset", "permissionsetgroup", "profile", "prompt", "quickAction", "remoteSite",
+	"report", "reportType", "sharingSet", "snapshot", "tab", "translation", "wapp", "wds", "weblink", "workflow",
+	"xmd"
+];
+
+
 const DEFAULT_CONFIG: ConfigContent = {
 	// It's typically bad practice to use `require` instead of `import`, but the former is much more straightforward
 	// in this case.
@@ -42,6 +62,21 @@ const DEFAULT_CONFIG: ConfigContent = {
 			supportedLanguages: ['apex', 'vf'],
 			disabled: false
 		},
+		{
+			name: ENGINE.PMD_APPEXCHANGE,
+			targetPatterns: [
+				// By default, the App Exchange PMD variant targets all the same patterns as the base PMD engine.
+				"**/*.cls","**/*.trigger","**/*.java","**/*.page","**/*.component","**/*.xml",
+				"!**/node_modules/**",
+				// It also targets JS files, since there are JS-specific rules.
+				"**/*.js",
+				// It also targets all the various extensions that, in a managed package, can represent XML files.
+				...(APPEXCHANGE_XML_EXTENSIONS.map(s => `**/*.${s}`)),
+			],
+			// The App Exchange PMD variant is disabled by default, since it's only relevant to users submitting
+			// for security review.
+			disabled: true
+		},
 		{
 			name: ENGINE.ESLINT,
 			targetPatterns: [
diff --git a/test/commands/scanner/rule/list.test.ts b/test/commands/scanner/rule/list.test.ts
index e976b085d..19092aa3b 100644
--- a/test/commands/scanner/rule/list.test.ts
+++ b/test/commands/scanner/rule/list.test.ts
@@ -222,7 +222,7 @@ describe('scanner rule list', () => {
 			it('Filtering by a single engine returns only rules applied to that engine', () => {
 				const output = runCommand(`scanner rule list --engine ${ENGINE.PMD} --json`);
 				// Count how many rules in the catalog fit the criteria.
-				const targetRuleCount = getCatalogJson().rules.filter(rule => rule.engine.includes(ENGINE.PMD)).length;
+				const targetRuleCount = getCatalogJson().rules.filter(rule => rule.engine === (ENGINE.PMD)).length;
 
 				// Parse the output back into a JSON and make sure it has the right number of rules.
 				const outputJson = output.jsonOutput;
diff --git a/test/lib/Controller.test.ts b/test/lib/Controller.test.ts
index e49c56f98..da336ffb7 100644
--- a/test/lib/Controller.test.ts
+++ b/test/lib/Controller.test.ts
@@ -18,12 +18,13 @@ describe('Controller.ts tests', () => {
 			const engines: RuleEngine[] = await Controller.getAllEngines();
 			const names: string[] = engines.map(e => e.constructor.name);
 
-			expect(engines.length, names + '').to.equal(10);
+			expect(engines.length, names + '').to.equal(11);
 			expect(names).to.contain('JavascriptEslintEngine');
 			expect(names).to.contain('LWCEslintEngine');
 			expect(names).to.contain('TypescriptEslintEngine');
 			expect(names).to.contain('CustomEslintEngine');
 			expect(names).to.contain('PmdEngine');
+			expect(names).to.contain('AppExchangePmdEngine');
 			expect(names).to.contain('CustomPmdEngine');
 			expect(names).to.contain('RetireJsEngine');
 			expect(names).to.contain('CpdEngine');
@@ -117,11 +118,12 @@ describe('Controller.ts tests', () => {
 			const engines: RuleEngine[] = await Controller.getFilteredEngines([]);
 			const names: string[] = engines.map(e => e.constructor.name);
 
-			expect(engines.length).to.equal(6);
+			expect(engines.length).to.equal(7);
 			expect(names).to.contain('JavascriptEslintEngine');
 			expect(names).to.contain('LWCEslintEngine');
 			expect(names).to.contain('TypescriptEslintEngine');
 			expect(names).to.contain('PmdEngine');
+			expect(names).to.contain('AppExchangePmdEngine');
 			expect(names).to.contain('RetireJsEngine');
 			expect(names).to.contain('SfgeDfaEngine');
 		})
@@ -152,7 +154,7 @@ describe('Controller.ts tests', () => {
 				await Controller.getFilteredEngines(['invalid-engine']);
 				fail('getFilteredEngines should have thrown');
 			} catch (e) {
-				expect(e.message).to.equal(`The filter doesn't match any engines. Filter 'invalid-engine'. Engines: cpd, eslint, eslint-lwc, eslint-typescript, pmd, retire-js, sfge.`);
+				expect(e.message).to.equal(`The filter doesn't match any engines. Filter 'invalid-engine'. Engines: cpd, eslint, eslint-lwc, eslint-typescript, pmd, pmd-appexchange, retire-js, sfge.`);
 			}
 		});
 	});
diff --git a/test/lib/pmd/PmdCatalogWrapper.test.ts b/test/lib/pmd/PmdCatalogWrapper.test.ts
index ecd2d92d2..885314dbe 100644
--- a/test/lib/pmd/PmdCatalogWrapper.test.ts
+++ b/test/lib/pmd/PmdCatalogWrapper.test.ts
@@ -32,12 +32,14 @@ describe('PmdCatalogWrapper', () => {
 					const expectedParamList = [
 						`-DcatalogHome=`,
 						'-DcatalogName=',
+						'-DcatalogedEngineName=',
 						'-cp',
 						thePath,
 						'sfdc.sfdx.scanner.pmd.Main'];
 
 					const target = await TestablePmdCatalogWrapper.create({
-						rulePathsByLanguage: new Map<string, Set<string>>()
+						rulePathsByLanguage: new Map<string, Set<string>>(),
+						catalogedEngineName: 'TestVariant'
 					});
 					const params = (await target.buildCommandArray())[1];
 

From 674eb95feac575ca20cfabacc84bbd1d2ddf18c4 Mon Sep 17 00:00:00 2001
From: Josh Feingold <jfeingold@salesforce.com>
Date: Thu, 28 Dec 2023 12:21:24 -0600
Subject: [PATCH 04/10] @W-13222948@: Updated JARs and added docs.

---
 pmd-appexchange/docs/AvoidApiSessionId.md     |  18 +++++++
 .../docs/AvoidAuraWithLockerDisabled.md       |  18 +++++++
 ...ingSystemResetPasswordWithEmailTemplate.md |  18 +++++++
 pmd-appexchange/docs/AvoidChangeProtection.md |  18 +++++++
 .../docs/AvoidChangeProtectionUnprotected.md  |  18 +++++++
 .../docs/AvoidHardcodedCredentials.md         |  47 ++++++++++++++++++
 .../docs/AvoidJavaScriptCustomRule.md         |  18 +++++++
 .../docs/AvoidJavaScriptHomePageComponent.md  |  18 +++++++
 .../docs/AvoidJavaScriptWeblink.md            |  18 +++++++
 .../docs/AvoidJsLinksInCustomObject.md        |  18 +++++++
 .../docs/AvoidJsLinksInWebLinks.md            |  18 +++++++
 pmd-appexchange/docs/AvoidLmcIsExposedTrue.md |  18 +++++++
 .../docs/AvoidLwcBubblesComposedTrue.md       |  18 +++++++
 .../docs/AvoidSystemModeInFlows.md            |  18 +++++++
 .../AvoidUnauthorizedApiSessionIdInApex.md    |  18 +++++++
 .../AvoidUnauthorizedApiSessionIdInFlows.md   |  18 +++++++
 ...voidUnauthorizedApiSessionIdVisualforce.md |  18 +++++++
 .../AvoidUnauthorizedGetSessionIdInApex.md    |  18 +++++++
 ...idUnauthorizedGetSessionIdInVisualforce.md |  18 +++++++
 .../docs/AvoidUnsafeSystemMovePassword.md     |  18 +++++++
 .../docs/AvoidUnsafeSystemResetPassword.md    |  18 +++++++
 .../docs/AvoidUnsafeSystemSetPassword.md      |  18 +++++++
 .../AvoidWithoutSharingInRestApiController.md |  18 +++++++
 .../docs/LimitConnectedAppScope.md            |  18 +++++++
 .../docs/LimitPermissionSetAssignment.md      |  18 +++++++
 .../docs/LoadJavaScriptHtmlScript.md          |  26 ++++++++++
 .../docs/LoadJavaScriptIncludeScript.md       |  26 ++++++++++
 pmd-appexchange/docs/ProtectSensitiveData.md  |  45 +++++++++++++++++
 .../docs/UpgradeLwcLockerSecuritySupport.md   |  18 +++++++
 pmd-appexchange/docs/UseHttpsCallbackUrl.md   |  18 +++++++
 pmd-appexchange/docs/UseLwcDomManual.md       |  31 ++++++++++++
 .../ValidateCrudFlsEmailMessageWhoIdWhatId.md |  18 +++++++
 pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar      | Bin 2931 -> 2931 bytes
 pmd-appexchange/lib/sfca-pmd-apex-0.12.jar    | Bin 9140 -> 8217 bytes
 pmd-appexchange/lib/sfca-pmd-html-0.12.jar    | Bin 1946 -> 1920 bytes
 .../lib/sfca-pmd-javascript-0.12.jar          | Bin 1873 -> 1951 bytes
 .../lib/sfca-pmd-visualforce-0.12.jar         | Bin 7568 -> 7618 bytes
 pmd-appexchange/lib/sfca-pmd-xml-0.12.jar     | Bin 4153 -> 3986 bytes
 38 files changed, 661 insertions(+)
 create mode 100644 pmd-appexchange/docs/AvoidApiSessionId.md
 create mode 100644 pmd-appexchange/docs/AvoidAuraWithLockerDisabled.md
 create mode 100644 pmd-appexchange/docs/AvoidCallingSystemResetPasswordWithEmailTemplate.md
 create mode 100644 pmd-appexchange/docs/AvoidChangeProtection.md
 create mode 100644 pmd-appexchange/docs/AvoidChangeProtectionUnprotected.md
 create mode 100644 pmd-appexchange/docs/AvoidHardcodedCredentials.md
 create mode 100644 pmd-appexchange/docs/AvoidJavaScriptCustomRule.md
 create mode 100644 pmd-appexchange/docs/AvoidJavaScriptHomePageComponent.md
 create mode 100644 pmd-appexchange/docs/AvoidJavaScriptWeblink.md
 create mode 100644 pmd-appexchange/docs/AvoidJsLinksInCustomObject.md
 create mode 100644 pmd-appexchange/docs/AvoidJsLinksInWebLinks.md
 create mode 100644 pmd-appexchange/docs/AvoidLmcIsExposedTrue.md
 create mode 100644 pmd-appexchange/docs/AvoidLwcBubblesComposedTrue.md
 create mode 100644 pmd-appexchange/docs/AvoidSystemModeInFlows.md
 create mode 100644 pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdInApex.md
 create mode 100644 pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdInFlows.md
 create mode 100644 pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdVisualforce.md
 create mode 100644 pmd-appexchange/docs/AvoidUnauthorizedGetSessionIdInApex.md
 create mode 100644 pmd-appexchange/docs/AvoidUnauthorizedGetSessionIdInVisualforce.md
 create mode 100644 pmd-appexchange/docs/AvoidUnsafeSystemMovePassword.md
 create mode 100644 pmd-appexchange/docs/AvoidUnsafeSystemResetPassword.md
 create mode 100644 pmd-appexchange/docs/AvoidUnsafeSystemSetPassword.md
 create mode 100644 pmd-appexchange/docs/AvoidWithoutSharingInRestApiController.md
 create mode 100644 pmd-appexchange/docs/LimitConnectedAppScope.md
 create mode 100644 pmd-appexchange/docs/LimitPermissionSetAssignment.md
 create mode 100644 pmd-appexchange/docs/LoadJavaScriptHtmlScript.md
 create mode 100644 pmd-appexchange/docs/LoadJavaScriptIncludeScript.md
 create mode 100644 pmd-appexchange/docs/ProtectSensitiveData.md
 create mode 100644 pmd-appexchange/docs/UpgradeLwcLockerSecuritySupport.md
 create mode 100644 pmd-appexchange/docs/UseHttpsCallbackUrl.md
 create mode 100644 pmd-appexchange/docs/UseLwcDomManual.md
 create mode 100644 pmd-appexchange/docs/ValidateCrudFlsEmailMessageWhoIdWhatId.md

diff --git a/pmd-appexchange/docs/AvoidApiSessionId.md b/pmd-appexchange/docs/AvoidApiSessionId.md
new file mode 100644
index 000000000..0f4a66bd4
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidApiSessionId.md
@@ -0,0 +1,18 @@
+AvoidApiSessionId[](#avoidapisessionid)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Session ID use is not approved.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects use of Api.Session_ID to retrieve a session ID.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidAuraWithLockerDisabled.md b/pmd-appexchange/docs/AvoidAuraWithLockerDisabled.md
new file mode 100644
index 000000000..487d9fd31
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidAuraWithLockerDisabled.md
@@ -0,0 +1,18 @@
+AvoidAuraWithLockerDisabled[](#avoidaurawithlockerdisabled)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   To enable Lightning Locker, update the apiVersion to version 40 or greater.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects use of API versions with Lightning Locker disabled in Aura components. Use API version 40 or greater.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidCallingSystemResetPasswordWithEmailTemplate.md b/pmd-appexchange/docs/AvoidCallingSystemResetPasswordWithEmailTemplate.md
new file mode 100644
index 000000000..d522f0b12
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidCallingSystemResetPasswordWithEmailTemplate.md
@@ -0,0 +1,18 @@
+AvoidCallingSystemResetPasswordWithEmailTemplate[](#avoidcallingsystemresetpasswordwithemailtemplate)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Before calling System.resetPasswordWithEmailTemplate(), perform the necessary authorization checks.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects where System.resetPasswordWithEmailTemplate() exists in Apex code. Use this method with caution.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidChangeProtection.md b/pmd-appexchange/docs/AvoidChangeProtection.md
new file mode 100644
index 000000000..ea3644f55
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidChangeProtection.md
@@ -0,0 +1,18 @@
+AvoidChangeProtection[](#avoidchangeprotection)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Update your code to avoid using FeatureManagement.changeProtection.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects potential misuse of FeatureManagement.changeProtection.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidChangeProtectionUnprotected.md b/pmd-appexchange/docs/AvoidChangeProtectionUnprotected.md
new file mode 100644
index 000000000..3abed876f
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidChangeProtectionUnprotected.md
@@ -0,0 +1,18 @@
+AvoidChangeProtectionUnprotected[](#avoidchangeprotectionunprotected)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Update your code to avoid using FeatureManagement.changeProtection called by an UnProtected argument.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects potential misuse of FeatureManagement.changeProtection.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidHardcodedCredentials.md b/pmd-appexchange/docs/AvoidHardcodedCredentials.md
new file mode 100644
index 000000000..79ef09293
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidHardcodedCredentials.md
@@ -0,0 +1,47 @@
+AvoidHardcodedCredentials[](#avoidhardcodedcredentials)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Remove hard-coded credentials from source code.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Identifies hard-coded credentials in source code that must be protected using Protected Custom metadata or Protected Custom settings.
+
+**Example(s):**
+
+   Correct Method
+
+```
+<?xml version="1.0" encoding="UTF-8"?>
+            <CustomObject xmlns="http://soap.sforce.com/2006/04/metadata">
+               <customSettingsType>List</customSettingsType>
+                  <enableFeeds>false</enableFeeds>
+                  <label>Username</label>
+                  <visibility>Protected</visibility>
+               </CustomObject>
+```
+
+Incorrect Method
+
+```
+public with sharing class test3 {
+         public test3() {
+         String key = 'supersecurepassword';
+         HttpRequest req = new HttpRequest();
+         req.setEndpoint('https://www.example.com/test?APIKEY='+key);
+         req.setMethod('GET');
+         Http http = new Http();
+         HTTPResponse res = http.send(req);
+         return res.getBody();
+      }
+```
+
+
+
+        
+
diff --git a/pmd-appexchange/docs/AvoidJavaScriptCustomRule.md b/pmd-appexchange/docs/AvoidJavaScriptCustomRule.md
new file mode 100644
index 000000000..0456cbb7f
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidJavaScriptCustomRule.md
@@ -0,0 +1,18 @@
+AvoidJavaScriptCustomRule[](#avoidjavascriptcustomrule)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Avoid using JavaScript to execute custom button actions.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects use of custom JavaScript actions in custom rules.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidJavaScriptHomePageComponent.md b/pmd-appexchange/docs/AvoidJavaScriptHomePageComponent.md
new file mode 100644
index 000000000..ec8373665
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidJavaScriptHomePageComponent.md
@@ -0,0 +1,18 @@
+AvoidJavaScriptHomePageComponent[](#avoidjavascripthomepagecomponent)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Avoid JavaScript in a home page component body.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects use of custom JavaScript actions in home page components.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidJavaScriptWeblink.md b/pmd-appexchange/docs/AvoidJavaScriptWeblink.md
new file mode 100644
index 000000000..fee204a03
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidJavaScriptWeblink.md
@@ -0,0 +1,18 @@
+AvoidJavaScriptWeblink[](#avoidjavascriptweblink)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Avoid using JavaScript in web links.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects use of custom JavaScript actions in web links.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidJsLinksInCustomObject.md b/pmd-appexchange/docs/AvoidJsLinksInCustomObject.md
new file mode 100644
index 000000000..0be776671
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidJsLinksInCustomObject.md
@@ -0,0 +1,18 @@
+AvoidJsLinksInCustomObject[](#avoidjslinksincustomobject)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Avoid clickable JavaScript-style URLs.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects instances of JavaScript-style URLs (javascript:) in Salesforce DOM components, such as web links and buttons. Avoid JavaScript-style URLs in managed packages.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidJsLinksInWebLinks.md b/pmd-appexchange/docs/AvoidJsLinksInWebLinks.md
new file mode 100644
index 000000000..90168ffe5
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidJsLinksInWebLinks.md
@@ -0,0 +1,18 @@
+AvoidJsLinksInWebLinks[](#avoidjslinksinweblinks)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Avoid clickable JavaScript-style URLs.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects instances of JavaScript-style URLs (javascript:) in Salesforce DOM components, such as web links and buttons. Avoid JavaScript-style URLs in managed packages.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidLmcIsExposedTrue.md b/pmd-appexchange/docs/AvoidLmcIsExposedTrue.md
new file mode 100644
index 000000000..c83d05a4a
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidLmcIsExposedTrue.md
@@ -0,0 +1,18 @@
+AvoidLmcIsExposedTrue[](#avoidlmcisexposedtrue)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Use Lightning Message Channel with isExposed set to false.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects a Lightning Message Channel with isExposed=true, which isn’t allowed in managed packages.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidLwcBubblesComposedTrue.md b/pmd-appexchange/docs/AvoidLwcBubblesComposedTrue.md
new file mode 100644
index 000000000..d3d7d675c
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidLwcBubblesComposedTrue.md
@@ -0,0 +1,18 @@
+AvoidLwcBubblesComposedTrue[](#avoidlwcbubblescomposedtrue)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Avoid setting both Lightning Web component bubbles and composed=true at the same time.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects Lightning Web Component event configurations where bubbles and composed are both set to true. To avoid sharing sensitive information unintentionally, use this configuration with caution.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidSystemModeInFlows.md b/pmd-appexchange/docs/AvoidSystemModeInFlows.md
new file mode 100644
index 000000000..78d97092d
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidSystemModeInFlows.md
@@ -0,0 +1,18 @@
+AvoidSystemModeInFlows[](#avoidsystemmodeinflows)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Reconfigure to avoid running flows in system mode.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects where default mode must be used in flows instead of system mode.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdInApex.md b/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdInApex.md
new file mode 100644
index 000000000..b3b906be8
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdInApex.md
@@ -0,0 +1,18 @@
+AvoidUnauthorizedApiSessionIdInApex[](#avoidunauthorizedapisessionidinapex)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Use of API.Session_ID might not be authorized.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects use of Api.Session_ID to retrieve a session ID.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdInFlows.md b/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdInFlows.md
new file mode 100644
index 000000000..58c47e803
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdInFlows.md
@@ -0,0 +1,18 @@
+AvoidUnauthorizedApiSessionIdInFlows[](#avoidunauthorizedapisessionidinflows)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   $Api.Session_ID usage is not approved.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects use of session ID in SOAP API calls in flows.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdVisualforce.md b/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdVisualforce.md
new file mode 100644
index 000000000..b65146a24
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidUnauthorizedApiSessionIdVisualforce.md
@@ -0,0 +1,18 @@
+AvoidUnauthorizedApiSessionIdVisualforce[](#avoidunauthorizedapisessionidvisualforce)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Retrieval of session ID using API.Session_ID is not authorized.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects use of Api.Session_ID to retrieve a session ID in Visualforce code.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidUnauthorizedGetSessionIdInApex.md b/pmd-appexchange/docs/AvoidUnauthorizedGetSessionIdInApex.md
new file mode 100644
index 000000000..b389d7e97
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidUnauthorizedGetSessionIdInApex.md
@@ -0,0 +1,18 @@
+AvoidUnauthorizedGetSessionIdInApex[](#avoidunauthorizedgetsessionidinapex)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Use of UserInfo.getSessionId might not be authorized.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects use of UserInfo.getSessionId() to retrieve a session ID.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidUnauthorizedGetSessionIdInVisualforce.md b/pmd-appexchange/docs/AvoidUnauthorizedGetSessionIdInVisualforce.md
new file mode 100644
index 000000000..cabaaa7d3
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidUnauthorizedGetSessionIdInVisualforce.md
@@ -0,0 +1,18 @@
+AvoidUnauthorizedGetSessionIdInVisualforce[](#avoidunauthorizedgetsessionidinvisualforce)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Use of session ID with GETSESSIONID is not authorized.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects use of GETSESSIONID() to retrieve a session ID in Visualforce code.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidUnsafeSystemMovePassword.md b/pmd-appexchange/docs/AvoidUnsafeSystemMovePassword.md
new file mode 100644
index 000000000..5e396f3c0
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidUnsafeSystemMovePassword.md
@@ -0,0 +1,18 @@
+AvoidUnsafeSystemMovePassword[](#avoidunsafesystemmovepassword)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Before calling System.movePassword(), perform the necessary authorization checks.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects where System.movePassword() is used in Apex code. Use this method with caution.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidUnsafeSystemResetPassword.md b/pmd-appexchange/docs/AvoidUnsafeSystemResetPassword.md
new file mode 100644
index 000000000..aacb724c8
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidUnsafeSystemResetPassword.md
@@ -0,0 +1,18 @@
+AvoidUnsafeSystemResetPassword[](#avoidunsafesystemresetpassword)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Before calling System.resetPassword(), perform the necessary authorization checks.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects where System.resetPassword() exists in Apex code. Use this method with caution.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidUnsafeSystemSetPassword.md b/pmd-appexchange/docs/AvoidUnsafeSystemSetPassword.md
new file mode 100644
index 000000000..c7497e038
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidUnsafeSystemSetPassword.md
@@ -0,0 +1,18 @@
+AvoidUnsafeSystemSetPassword[](#avoidunsafesystemsetpassword)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Before calling System.setPassword() in Apex, perform necessary authorization checks.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects where System.setPassword() exists in Apex code. Use this method with caution.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/AvoidWithoutSharingInRestApiController.md b/pmd-appexchange/docs/AvoidWithoutSharingInRestApiController.md
new file mode 100644
index 000000000..f5243a8ad
--- /dev/null
+++ b/pmd-appexchange/docs/AvoidWithoutSharingInRestApiController.md
@@ -0,0 +1,18 @@
+AvoidWithoutSharingInRestApiController[](#avoidwithoutsharinginrestapicontroller)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Use "with sharing" in Apex classes with the @RestResource annotation.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects use of "without sharing" in an Apex class exposed with the @RestResource annotation.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/LimitConnectedAppScope.md b/pmd-appexchange/docs/LimitConnectedAppScope.md
new file mode 100644
index 000000000..b1aa409c8
--- /dev/null
+++ b/pmd-appexchange/docs/LimitConnectedAppScope.md
@@ -0,0 +1,18 @@
+LimitConnectedAppScope[](#limitconnectedappscope)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Update the connected app request to limited scope instead of full scope.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects if a connected app uses full scope. Explain this use case in your AppExchange security review submission.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/LimitPermissionSetAssignment.md b/pmd-appexchange/docs/LimitPermissionSetAssignment.md
new file mode 100644
index 000000000..39a964dd0
--- /dev/null
+++ b/pmd-appexchange/docs/LimitPermissionSetAssignment.md
@@ -0,0 +1,18 @@
+LimitPermissionSetAssignment[](#limitpermissionsetassignment)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Ensure that DML operations against PermissionSetAssignment use trusted input.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detects usage of PermissionSetAssignment. Use caution when allowing DML operations against the PermissionSetAssignment object.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/LoadJavaScriptHtmlScript.md b/pmd-appexchange/docs/LoadJavaScriptHtmlScript.md
new file mode 100644
index 000000000..0d51761b2
--- /dev/null
+++ b/pmd-appexchange/docs/LoadJavaScriptHtmlScript.md
@@ -0,0 +1,26 @@
+LoadJavaScriptHtmlScript[](#loadjavascripthtmlscript)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Load JavaScript only from static resources.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Determines HTML script locations where JavaScript code must be loaded as static resources.
+
+**Example(s):**
+
+   
+
+```
+<script src="{!$Resource.jquery}"/>
+```
+
+See more examples on properly using static resources here: https://developer.salesforce.com/docs/atlas.en-us.236.0.secure_coding_guide.meta/secure_coding_guide/secure_coding_cross_site_scripting.htm
+
+        
+
diff --git a/pmd-appexchange/docs/LoadJavaScriptIncludeScript.md b/pmd-appexchange/docs/LoadJavaScriptIncludeScript.md
new file mode 100644
index 000000000..bd63ec795
--- /dev/null
+++ b/pmd-appexchange/docs/LoadJavaScriptIncludeScript.md
@@ -0,0 +1,26 @@
+LoadJavaScriptIncludeScript[](#loadjavascriptincludescript)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Load JavaScript only from static resources.
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Determines include script locations where JavaScript code must be loaded as static resources.
+
+**Example(s):**
+
+   
+
+```
+<apex:IncludeScript value="{!$Resource.jquery}"/>
+```
+
+See more examples on properly using static resources here: https://developer.salesforce.com/docs/atlas.en-us.236.0.secure_coding_guide.meta/secure_coding_guide/secure_coding_cross_site_scripting.htm
+
+        
+
diff --git a/pmd-appexchange/docs/ProtectSensitiveData.md b/pmd-appexchange/docs/ProtectSensitiveData.md
new file mode 100644
index 000000000..5008350b1
--- /dev/null
+++ b/pmd-appexchange/docs/ProtectSensitiveData.md
@@ -0,0 +1,45 @@
+ProtectSensitiveData[](#protectsensitivedata)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   To store secrets, use Protected Custom settings or Protected Custom metadata.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects where sensitive data must be stored with Protected Custom metadata or Protected Custom settings.
+
+**Example(s):**
+
+   
+
+```
+<?xml version="1.0" encoding="UTF-8"?>
+    <CustomObject xmlns="http://soap.sforce.com/2006/04/metadata">
+        <customSettingsType>Hierarchy</customSettingsType>
+        <description>Settings for the Dummy package.</description>
+        <enableFeeds>false</enableFeeds>
+        <fields>
+            <fullName>Key__c</fullName>
+            <deprecated>false</deprecated>
+            <description>User's Key for Applicatio</description>
+            <externalId>false</externalId>
+            <label>Sensitve Key</label>
+            <precision>3</precision>
+            <required>true</required>
+            <scale>0</scale>
+            <type>Number</type>
+            <unique>false</unique>
+        </fields>
+        <label>DummyApp</label>
+        <visibility>Protected</visibility>
+    </CustomObject>
+```
+
+
+
+        
+
diff --git a/pmd-appexchange/docs/UpgradeLwcLockerSecuritySupport.md b/pmd-appexchange/docs/UpgradeLwcLockerSecuritySupport.md
new file mode 100644
index 000000000..a5356eac2
--- /dev/null
+++ b/pmd-appexchange/docs/UpgradeLwcLockerSecuritySupport.md
@@ -0,0 +1,18 @@
+UpgradeLwcLockerSecuritySupport[](#upgradelwclockersecuritysupport)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   To enable Lightning Locker, update the API version to version 40 or greater.
+
+
+**Priority:** Critical (1)
+
+**Description:**
+
+   Detects use of API versions with Lightning Locker disabled. Use API version 40 or greater.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/UseHttpsCallbackUrl.md b/pmd-appexchange/docs/UseHttpsCallbackUrl.md
new file mode 100644
index 000000000..1c62b59ee
--- /dev/null
+++ b/pmd-appexchange/docs/UseHttpsCallbackUrl.md
@@ -0,0 +1,18 @@
+UseHttpsCallbackUrl[](#usehttpscallbackurl)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Update to secure Oauth callback URL over HTTPS.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects instances of an OAuth callback URL that uses HTTP. Use HTTPS instead.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/docs/UseLwcDomManual.md b/pmd-appexchange/docs/UseLwcDomManual.md
new file mode 100644
index 000000000..4b5afe26c
--- /dev/null
+++ b/pmd-appexchange/docs/UseLwcDomManual.md
@@ -0,0 +1,31 @@
+UseLwcDomManual[](#uselwcdommanual)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Protect against XSS when using lwc:dom="manual".
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects instances of lwc:dom="manual" that could allow unintentional or malicious user input. Don't allow user input on these elements.
+
+**Example(s):**
+
+   
+
+```
+<template>
+        <div class="chart slds-var-m-around_medium slds-theme_default cursor" lwc:dom="manual"></div> 
+    </template>
+
+    & 
+    If template has a direct user input. Then XSS is possible.
+```
+
+
+
+        
+
diff --git a/pmd-appexchange/docs/ValidateCrudFlsEmailMessageWhoIdWhatId.md b/pmd-appexchange/docs/ValidateCrudFlsEmailMessageWhoIdWhatId.md
new file mode 100644
index 000000000..900d46e84
--- /dev/null
+++ b/pmd-appexchange/docs/ValidateCrudFlsEmailMessageWhoIdWhatId.md
@@ -0,0 +1,18 @@
+ValidateCrudFlsEmailMessageWhoIdWhatId[](#validatecrudflsemailmessagewhoidwhatid)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Enforce CRUD/FLS checks for methods that accept record IDs as an input value.
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects use WhoId and WhatId without a CRUD/FLS check in these methods: setBccAddresses(bccAddresses), setCcAddresses(ccAddresses), or setToAddresses(toAddresses). Also detects the use of recordIds in setTargetObjectId(targetObjectId) or setWhatId(whatId) without CRUD/FLS validation.
+
+**Example(s):**
+
+   
+
diff --git a/pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar b/pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar
index b5c63ae6d81021aefdcc1064d8da14e0401f3692..fd583f08186c7bd6c56bfd6f8e227fb22628ce95 100644
GIT binary patch
delta 170
zcmew?_F0TKz?+$ci-CcIgMmF^&O}}{W)NlO1*V!6!PIhHFm>G!L`~*qGy~HvjE*3B
za|fdu8(3f?yFQqH%)SmxPvI~D)2BJ?!89)?MBbj$8qBZdgoy9wbOH0(xctF%1Xlr=
MKFwtdrn$K@03ls5P5=M^

delta 170
zcmew?_F0TKz?+$ci-CcIgCRF*(nMZ0W)NlO1*V!6!PIhHFm>G!L`~*qGy~HvjE*3B
za|fdu8(3f?yFQqH%)SmxPvI~D)2BJ?!89)?MBbj$8qBZdgoy9wbOH0(xctF%1Xlr=
MKFwtdrn$K@0D;*!rT_o{

diff --git a/pmd-appexchange/lib/sfca-pmd-apex-0.12.jar b/pmd-appexchange/lib/sfca-pmd-apex-0.12.jar
index cdcecec2d8b46cda633376f8cc9d589ba33e2c78..663a356582e01cdbcf2ecab5e0d6dcf554e91e4c 100644
GIT binary patch
delta 3575
zcmZA4XEYqzw*c@l+UShveK65`?{)MNq7%I(YLsL!CL~()ZV)7*M0Bp+JJA`0Xd_5b
zqIdrHdh7kyyYGDYowd(CXYCLB!#?#IC?yg@9c&yz000C6fb4RUNub#OAfbKFYqonz
z`0kk#|A$mkEa`i-u@wHXE*49j<UTM%dVe|fnv@s(_kr2n<f@m=-%sBv0{|R=)D{R7
zxoiE~Z&4F`7kB$MMj>}yKvTaqAYfBmAGAh7)j85L?A2^tStBOV@*^FU9JaK4chjN)
zgvsG>Bv1zGVF1~Ad7)zl%N4$-aC)I`ju^KgdKXbG8P!IELRlE&R`It?_UGe!2nnHK
zA!5js(3KH1xZ&NKJWfnn>yE_Mi_y2pta?9}Q=Mn?i(?OWNFo$bVzk8N-MmE51;H0D
zY!^D2S){%4BkK1wRHlcVg>=q?Rcz$m+VI>+St9kq-#B0uu_O{y**@8SvTv!nj>3mI
zuR8W@hK7G(%q^i<AC2!#QfEGj&Q^BP1&@PA=;*LCz|+wy-EJz&27ki3fNG7%9NMLL
z-qzivOK>%&E~p*Oa<!t)@q^zFrcyg;e;7w79NlbI#ZDoh2VBeS0h6RcJ>0;Ofb2*D
zOB#Pwo8;LZt+^`K$EOqPsnVzJ!wyga6#3Jb#-VtMOuR6b<>a_ou<_#4_;U)kk;n<H
z9x1~p4hMnpZFUvouZhifiknCw;GUl%!50n>F1kdw$#|~~B4(#NHT>m^+WZxBI}Zk_
z=FwQrQ0m5&Y5{9{^|&QT<q+(-Rt@htcOb7Tw4r^0DiHO=w6x7ixK{B^(zS8Xj{}L+
z(e!ZQOJaZ9Qc;FWAlGwr3`6iJgeIKg>ltnq+3e{MpdM?cXlOS3<Q%EO4c;51<-`{}
z-5uU8su!lUzSLz^@6WpC{N?PH3GFNVc6Am<MBdABCZ@SA>p?lQk~=08R%!$t8+fSb
zbS>fn<GFg;@1fnFb%AetH6dWN>rw@GUpTF)btDR}5`D7_HQdr+kH(Lix8X5A8MCLy
zp+ggBK4vHR5TAWiDT;iCBe8|YN9Y&NyYcH+fyfn)@%-GejopV2@ZB23wvF&ftBrq%
z!Ye`A-m%JFE#9Rj6x%qecuWH{uCIAhFxbOUkb+={{;KpUy}DPY#O#?dP731m=8+pV
zx|0xPirOS7Zy+ciX>S$|t#D{WBo(iIOWX)<fW1A=x`-42dm(>EjZFA=@Ft7QMoaeh
z3l6-;e84H-q)MVt>>iisO4w_QS1y)<U$GVyNgUH93YT?<(mYB*xU5o|Xn(x4wBxp~
zu>Yct>6V9l_Vzt<n9}i;@$kUOQH42=e68U@yqC$yknJ^F2itX#ywXz>_)vGi^X9Pi
zvEI}{vB(KaQzY_ur6GPqm?@bd(ohA%Mcb{Yo4!^R^OLc`h;5^KWxxcU`<74bcb!8P
zO#Q;w(^|*Qg#$sKG)eRH=aP6mqNi%Gt12=<?(@4^`cZnKH6NyqSAGqM@7N$in?OX7
z7icDy=!aEBp!3qgN;vCQaBwVNji+W1MSLpZ)=kgHRCnamNejgmV6`mPq@g&$^(!n=
zG9k-z*}boNYX34ttwyaLB@&Y6WrDgEEwZP8tdl4`PZX0U>&N+NsM++EhL!F5BYk>_
z-kO2J!1WBj+J}V)#53SJ<ve^MA87N$UbmN;6Z^-d6><_=`S<H0V!CV|8TOe!ueXk6
z2InGXr1z0|jCq!w{z3YKzAYsWmm9Q*yE;;SCJmxuUA=6<B{Vt_USAsb-_c|&mB*j-
z22^DHI`NS&E6JEm%(kkSO1W$yos}?+S`d#l{&~zDW%DiG&TPm9(}>YLq#a?n^#r(V
z){3IW6ctKpt}S-ylE;QCbtUOWdej;!$e*pS>YO7Vg)4{Q4JQI~G?Y;3Bc5+1;3*>F
zK%e|ZY_uMhHdHvU)Re(V^bh<3M<EiaQ<i~X48E<HI44+ZUCv!N65)*#x|-zodV(hQ
zQT@olrQZ?qnj$rdXtcE`tV@GI>~JW@3#XC3w70GKfcJHGE2gB<gW<TX@LO+i;XG#a
ziwqKs!J68#+CNmse4b0k^NV#8bCPvku;y4Zuc{o1mMvm$lq1#ZurVR6p?2{{hk*EN
z;sli<2B@mTw86zH=*ZMV`TcOcU`q>0!aAB?kF*XHq$NRTDg<?Xy=EF7n!Ox$qBUl0
zAF2FEMUr-?<rBX3cvS%Cz9Qv`u~Q0ldXXVvQ32*ScmVi1^^9!!-CzhpXqjJ%bLQ9a
zR%esa0asGAy8{800#DMDy}jF|m78JaoI$=?6|YLn)_3TycyOQ(4jj|bZf6%LGVV&z
zPO!k{m?vd;g;<>v<j)3AGEg(xdBzGid%LdEJX*Qx={&$b?&|yeifrby->-$103_)o
zmCQA*G=fIAZCaVKSSyI~Twu!k=wewHn9>31oJcPF4M<;%W=FRfc;FZ|vm14>2PnjF
z!m}HWj?&JVnvQZ2`e7swF7xeSeR!AXr+S5WgmT_fF>M^D>=w&(s)WpkBdU)hu-~4v
zz~>OF7Zo)}g5=IvnWL;|rc&J($fu%^PpUTALb%*3Cqb@0W?C4~G*DA1jC456^}9(J
z+?OBqTn@uoU3VaH3NtoEQZvE`r7CwDJBOK=4IOTcoTp>Tl(;@Oz=<2v?9{GXL1ngy
zeLe=;gvP>ymXji!<gk!8J9PuIBj0-(6qUYj40wrxLi0GOU?%(i-z&_Jlo(!K3+e<3
ztBQn;@`6XoWgu!n-#P!>lnbfrgX1<Em1$}BcXxqvzw`3a_-14gtJ2)|7=O#{cTWhq
zTZ@lK39G^KRr57-L2AbCG|#YkT;t+C<5C<%Z8^3F-T-NA6)(;;{u~@jYfy&3Y1UQK
zKe^_stW~i9olJ<2g$Oo~g|($Zx8~=gV?G<2Mv7n}r<aw%8EKT%y-p;H)(A(c0AVR@
zt-)KH;kvaUai`_DmpcmqeWlyXD<2Lou}MPYmM1ZvUeJO9c=n`tWfV_0D$gjiJN914
z+|=ZGT+)%7cY($1;LYN<&e$dwg-z6f?TkYgSlZ%V6-TkB>&c?X%E5UnGv0C8WXnWW
z76#f)1MXQtMJM@?Wc2uKfCU6y^~fjDe<|EBY)nc~+X&^{oWms78<?M>74S-=d#Gtw
z!xd-5*dQx~=&vZ}bE|pJAZ7@N63wuyvnx&7SU-hf<-*@+e<>qSlK+g_9S;J1BEVJL
z2KN@3>G<uui@SzYl77Hw5wLJlR{Q6#48hb-rc9-ci)#Hb;b*7`32!5TJ+4vjG<L<~
zO}dTuRRz>f|8NH)^LHOXr_31RcpR;w;aCyRspob#*u&ilcgV01QLNm<U?>kMhe5>S
z5(wL&WITKarNYWTV<WHhB|me0qcK{EiJGi>))vAI+ZI8(J5t3MRP2irZJ>ZB`I*W)
z(*+4crq7}){BS?VSXr0!gr0xs8)^fF4iNWJO1zwau^5&Si;4w}4!F=^%b!lSB-?7E
zQpaoF<Xmm$NV8Q_y3zx>Bfd|RiPw8?)yfyKdR>U2FRVn)y2?NK_g2Td>tAp}z4?UC
zshvfL$o!GFN`s~>m*u}+GaD`whp}v$|5&9|xziq0@oe13X9i9inBnRMMOqB#?zSMz
z3-ir9ptptj2f4O>w{Z_26q)M#FMHmxM#*mD-t`!hc4^M<h3VTVU`=dpjd995Uffs+
z@7#{orFkx_Ty5MDtaqI&{%g85OI2gyydPCPnEq!({UJ9=dw~T2l;Q&bOn_7*I}7r!
z^zMWlA@azHRs-ec*X}{FDViX0ej|wb`=uQci<iKRxOk7cBn5<?CS(EXpE<U|mvwQA
z9AFNH>fjO9_xqCi$y(xdP$?T}myyji+_+i=j5lR3q2~G@yoWrj1Q+Sr2|5u9;K%FJ
ziuuaV%W~>IQy0`SF=<9i&T|yRY$Fls6TeN;oRS=)o)-xlbUAU$m<%TJCfn)ZB3p~m
zIAy%ak8`m%w08RQtau#+nOR(L9z)!xhWIMy<W-l+QxE!muW6KrDa~GzO)0w%u}?CT
zKj!4{&4rdy)N$-=H*jMav5|pj4B7uO@cCBm5HRhlmpMs339~^1L}Bnn7}AsB^>z~z
z`s*2^@hQ<^I34;xe}!%O#XP?~|C6;2y`Ny)0M1^yi1-KeDK7bWFQ+Qkv8S;o=S?<@
zTvetOl|o-7C~;FVrzBlPUMDX`H8skvF4bJscSP;*N@}R2$&6HsxkA4~A79~;;LIBd
z;XQAAefQx?Kh!}Bto#ZG3_|+o2^(+pS4{~7bqW{u6#y+#IE@FB&2w(Lxpzb;Qfwjv
zq$<z6Rc&+2-SkiJob(e*daW5dEI!IfW@!8*!-^`|3oQ%`?if8qj)dHN@s$7eJ<x4T
z^-$=wj6G-A48tOMxLd0S_u!x_2;Yd%y^@BsqFw)V=lVH6^BvGo2a6c^0Q<k+q0|Ew
zvHO1EVpY8NDXZYUxvVnxeq~j?mxWE^UUxR#dz;w2?>%5)NL7c>-S6!o(xm_X7NwR#
z)c!Y(v5gJ@cpl*4?C0$7C-`?E|Ej|t!l1DEe-rF|oL~O`EVF-iGvL4LV;Cj<-@Pq}
Jr@{D7>_4J6hb903

delta 4478
zcmY+|Wn2?p_W<w>Bqokg5@TbOgd?Q8yHTXOq(Q<7B8=_^Nf{wsN=t*lZ=`gnbcu8b
z(map+<M}-IzW9Fbx#zq)Z_de(u2TYQtKr_e4*(Dn0$i<<62UCEe-Tu@BbeciVvake
z1^$vu3>3Lj6)5@F+GwBx_%1L(d{>-&MT{i-_lG`D_ht4B7yxik1^}1=$p{1sdKc#8
z_CxWg_8ciFy2LSWSg=YF9&9c4)TW7YE8KD56>c}l^xD8m=o+udcumzVx+7!0P<~6M
zKVH~%1b9DmF5}xbpOKdn*}^9o79fyACklBgQ!4{~I@#=r&);g<^FkBq+aK}1+BhDJ
zT;n>Bt2U-#R;hC_e7ckwR9xMSz7TJ>e9=dyrc>82q~WQ<<h%%Si{Xb64=;<6lT=g=
z4>wMK#40uLSpX}2^OWs3pLCKfG$e4xf0iSU4=>+WA<-TR{OyfD`(w-HRB%{qS?@Ha
z9-anbJ!PDG;g&&&su1U=?<k!CvOWYswk{(`kDtS8Z8}Y7OXWhTk7g^;Go+M_IT3GY
zG(*omrH<1Aib-3_69PaC2(0qK{ptt_G7!-a3{|iAtjlC2^d$_X1ltR;fFn|0BkAjc
z?6seN&WMC%cA)Heg@Zftyrv(>5?)ahgzPVAt)}{NIj@Ea9gFn2xh6#ei5}@dB|22Y
z=wQqm$`r>Dy&**h)V}E3cLS^z_rFqA%fO&yIb$)>UsRSrxyn^a%wRrPn0U1T$pUMC
z0I6_(B=tlyErK&jB2IL{x5Ya4*33W&LlzHu+fwuz+wnq;sdCzQmNG)WkMl&w8$Y_j
zU@&2iF`+T#gj!v$YFAm*(P8)rYQaSC5AFOvg_ec`W|@<Jj9;UlK1c;#nn5KIHJ|si
zyUGxdXN&sUte>=Ecar8DZS^eQK_jB(g5`lTpLwgQPNz5EUk0)nxe1WuJqEIhdzF-p
zz&IxO>&V7l4(wMv107^8X3<t=Z6c&{Ct%%1^=(ZzIVB6-318OawEpi=kE5yYIxU+%
z3nFPQH(P1kSZ;LM?6RNfE1IVL-8Sr1>b#iYMk3vAhD;pw1w)IP0qj`^{Pf&sryS?r
z_WiVZUc`v~{rl_pJ{NbZhZCd@!Y#+{UCr27N<3saBCTx)(LPm^>RZHoH~JkiXMCF;
z%zTz*qQ_w?C9|Bq_(YOI;Q&ftCJSR@yKOf!m%mw%G}A{vdc}&5_R_|l9BWH`n#yiZ
zQB|Q3){jHjc6B01Uzf!!un@$sI1I%(5DEhUnG-F6v6qqtPcDM%%%F<}geudXZ!6HN
zXAHs8l!zA@7-D8VlD1#g5*$?(c>)3dsQj5|uSTgWt!0wZSjv%bLuh0wAU3aT^<o4Z
zK(;*PxD05;5<hJq`Zn`u?b>6QUAR<ALwRd7kB1L@y-}%Rlm`%%&R|Ir4|~j;D=Qf=
zO`o5Kw0=3k$;e^<+gQtc1{1%VALkM$F1S2%3uGDfJ&9&y=r#K4KN%fUUTIjxTTV_c
zS>#M1onDPU%b-Oc60R~-xGc*S#x^YbFhrxR7l{5u`Es@k&-nPQ%suNLYYJIAP6H*o
z8^PBe5Ce=9>ZeVv?xw6`bp;cIk#6`HvselTym1dcegY-f`~J>$`GBC6X<-4w8fm9#
z7OT0fugsa8Ur2B>zIu((-tj(C*pczxpZ{cYg>q-~W$Ude5Y&BcIXmWUBc2&JL}g9M
z8;CBcr2GNlV6F{-NRb>hs&v2N8I$qv1}|~8AG94r$EX#9E#gcL&eRZ-TzZ7NmnLCI
z@qUx4yvKOWJZe@D+3~Xy7olitFj`qjmMnm+m|FRain7YUvi-6)Jeog>QuKB2jq__`
z>_*ePs8bH?eWp}HGitEmM=|T}^?e?CVRTBaoQq*b{COMEpseTRCzX*2Vid+R?)ZC2
zTa03*y=Hvo$lGu|u;&B~v-ufByvLGiAZiB~`qoPaGeNof&U?yma4$)*82rwKEIya>
zI5#v&Qcj#9Ibd*!2cI_NyD$8v&(W0a%UKNBKjz#p>G2RKW5?O#&CK+At4#ud89M(0
z*v54JMX^M<PlT%`9<Ram_A0R`KtQAoAH*yENz_fZ;45H6Dbnxzrol6|CHF>5@XM-@
z@w1oTQQm{_g1jAN5kI=(F!j(RzO)mEEjj9?_MbN504J*5z2#p%X|v(rh&8E!FXmHM
z4|II))g<Owt@6MFt`_)Qfd}j}xacQi6DwpAoKh7x`a~SY=*-TQ6P2mDxTftB3Cf(@
z2T+FD`joxG$KgDMj{Au$MoncjB{EG)q~}LW&8erz&TSpUilT<m92T{K!?&%EA8f9o
z)$X(RDac5wpgLM`>C~C>KKG%kAq3fyRProLkL)>#!V8%QJR0JzH<`bEpy-8;4O8(R
z6{~}Epv|ZQ+9EG>SWvhL4<txj8PIYz^^NR|A!BNpU_k#VR+7NG!Ha<3pIhxzRC7J>
zh4y~=h8o8;1rhjmt&dBCt%n73!KG=FQgcPxrC~Tt850i93`vp*oRxhfc`uAdxxv1c
z8E9fjrfx;=L|+`mlvk>bLchz&$*W1o8W6q505^?LCy^225!peB(I80J7(yekx;r~@
z_=z7MK(X{1bXeh_r+Iv}2azpR%Oy5HyG@tK;fyGx+aW$KQCIHL(5Uk($kuJu+u5wo
z#QALf@5_K%hyEc;{JfqG)%8v1+)l>?$Wg{B3Ka$c0lI;nIk<u|dcTjnKTg2T5=wJu
z7;(NFz@xvT624e{^l>9kTF>f+uEBUSR4nxkhCqbIZ8w$^7YDnxJLF!`>UF9Od3<A&
zTq#J{Xu@r6^z;olBWA4}kR3-Jk-OjL#+Q2}5z;pom2LA2D!bOK+{Kw<uGswB2rUJa
zyvK>D{>YvXn0kyvTZA~Lqm3)qbAdQgMU7t5RaJI*INYuFPAPf;&VB&{KZ~b-&Yz%h
zke(%M4$o)uhK)XIR5N>e#AV=6Z7L;bFw)8LK-_VcNMQD1t`8%q{sfJZF;bk)=6n{*
zOt_HSj@<Ol@hnbD_3ZMTTKsKc1+Gv<Ih&-K_q2d)Cs#?(0l8_1&;9uAOcbO`4+(#j
ziu9@%9}pS9FUH#|)O8t!%Fa^_Ax)2Sji+#iOkMc1M#Z=T6Y&{=8*XC`vnY@xm-&0l
zZdyQ{W~N<^nCa%STEj2Q&7>$hgH>auU8O6i)3RGKB&=xdeVcAUJ#;kW$9Zue6H@k{
zDcJQbX2KoaPW3h*%J-wFKS&g#o<f^Dm_>q}As=qf>@;7z*T+k{X*EwCKTz@I%x`Z7
zj7#LV6>3Ecq4gO~^61RZr~s75yKw|_L6z9;ixvy{iK0vbXD)$uQKq4>&C>^bjdg+)
z2_&=!7n9XnV!l+k3n*@UeutK}jc?~SU5Ra<8%@#Rj)H!d(3%hQgerjNkXN>}h5HXn
z_j@MY4MGabgFloCwiX%O$U7Xt8p+c)dBklXZ<?HT+I?j)FguA=MHu1FKcp8m_0D~X
zDUrzmhLN_iMza)hpzD5jC>Qa0VDi?hy}YpU;klLHMrm5pWEf+<=Ck$dOu6uDR}M$c
zbtg0%cXj)T31hs5eHbh2>nd2j&{#pXymJDRqG?l*Uz*<7XTkNuSO%Ir9*T`JAIFxd
zf&(@~T}2)EKn_lDe}a}lNZ1=ftpLpnx?@%`c0F=GaKiJp_SX94es24!tJzdVE-s)~
zZsy1I^PSYN$oIUhLZdsg^C&@v?0n&b?qT%Y^jf137z^}O9{LJ6y;zmV?edo!`LjML
z?V8qNPR>99nplE%yddm?e<aM^ZF!Rj>bhakryAHXJg18jc{xi#P$TdphB}jrl8XBq
z@z{(|#P}?JdhB+d1G~2ISGy>}47P`Q#OE@~v>_}OLAdHcc3XUpPqYeW#0A>Gm4j%U
zLQk*7pghf(=Syj(0Uqf$?G2M=^%APrYEC_Q0zQ=M<u5DjW{7^rTMi5;Z1y|Hlu{FG
zIIvmcp3!8z-jA4<k?)C&_ek=Gik5xsMJm>&B{4HRP?lXYkuy+@fWS&B&q(zq#jGWr
zQ`H?Sr*3x#8SmR7?0#C4oVZ1jJ$#Io)?}c~EQoYWX#OrGDLXc3fn5FdK4$j1?sn2V
zk<wjEfWH^%a7|%HB|IO_f#d&<b}~OMav$#~EA2|!X$7zK;nd}qj@%`FRw>VOY~cue
zYbH_sq3WdwU;6!xF>wliy$t<r{i*;AkHSF+7;W{zJb~byk>|mzg*rLD_xnC{gWN}o
zXTe_+Lf)Jltv(<Z9;u|x-IbNHo<@0UMLV17&P0!`U3mld%nDhM_T9WJF5`0Y?Jd$v
z+`IoA2D{OqFSB}Y5&B_jL95&K3o}k_<!0M{%Z5ALo|Q8m_?Uew&9mjQ1j>aSy%#K2
zBXoQEpP&BNtkdxGtD9LsPp;3Q8B3EwMv14CdP9XgirFPx=!Z@7UF6MNKPbGmJE=5`
zy;*9hMYH6z{^S=j*SbC}DruMU0-sc*LhzV6A|3b-Iv*Lk4_ROS{`sMILjuv>6GlWR
zZzVmrf3Chbm^|~e_Eso}PDOGZFRQriW!NJb?kuj;nmyw<#x!A_wC-PP=r)O$7+jIA
zFGcEh{)ndceL(IR(v~T4DW}&`e~efOitUD{CF3S)24h&*^~5eNa8qJ3*>&U9J^VYL
zaQHG(o9`4ZM^MyvYl}hJIr;uH4-HLGfBScz%+uv**5JXv7S4-03bfq&DNPE4BoS_8
z9d_fjP%hcqtdJAf6=UU-(T4O@$ojnY0D7PP_p5k|vVHyKkAa+n8|KHr7p`v|#z{Pg
z*bePleYJlWC}sTS%}7vZ*{(+(iTQAt9>s2+zVKrEB}vmFQl>Zz@aF@KC?3|(o3Z=|
zCpV#=WL<h$#gFK=#Ly8Q8QWE4@7y-l+Fe2ZYrIVEr}>`|@rVXV{C7n3(XY^i;s5}y
zpkySJ8Lg+{w(^8Rvay44Si*f^j)b0p5=>@KJr}jWG3d{nN+wp5jdQ$>C9bpT5#<P1
zjy!hp_wn&i(-)!s6j*>)Cnvu13im<9_?N2SZyTo66;URcsB}YPLDI)WbhNq-_(X*|
z5swV&-pRxYM<#RTHSw-w)tPXuuE)=kYBQ;rjiIqNF^2efu_64as`zoX@)MKM*1aVU
zRn7KjymLhYD7J`{q09^_t-Rtp;!^d()I|!vTto@}%*(crV7((52`XZA6();$@hTtl
z0khcmmUJA4o;lDd&}~cLf}>HJD4f!9CwVmkhFXi1Gcl_MR5g;aSz1Wmj@N!xW+ZeN
zAC33$oR-3Nk8w_5+M&Ewg>{RZ?pc-TaxFV!>Un6X9%cINKVvO(lAV6m*<RmAzGV|j
z!h-bT%6kz@1-#OeUovP`XY<WQWw|I+y8J&bq@Eki+-?tI>z9{BzjhkD79qx6EGerI
z{@_aWYj;Yt%8x!e?LtMsE~;hRDnZfU5QMf_+w!qa(HXx~`81d&cipWyCse?m;8Udd
z7V}hWr9jAcAA&t=P)_rCzY8PRkfF+V<$uty?fT3xpzcq0HP)mmogR`6)z^sH^P*TC
zCZ{<;NHX5k|IoT>;L<H~$N(uG2TrT5ns;Cudqpdn4kgQ)KCH##YH=D=x2}AW0CAk>
zl!e=M$Ex~;2tOiNsGn4og}bE9Ux=c;Ft<3`YCs$c-2Y!yB*)XyCcDFE?p6=6FsVC7
zVBB{C;i7j+!sYG^fh*nl6|R0KoX+jecsl+&qY<>p%XD;iJ^7!tMKTy6|G#OpID+tG
zcLde{W#gE`lS>dV`u}cX000j7&nXCug(q`E5tQ0$c=&(A#Q(mnxB$Qk;_vHUef&tV

diff --git a/pmd-appexchange/lib/sfca-pmd-html-0.12.jar b/pmd-appexchange/lib/sfca-pmd-html-0.12.jar
index a52419d76cae3d218a95bed515ca3a099792865c..501f41e7bd85569f018a113dd6f58b082890baab 100644
GIT binary patch
delta 1267
zcmbQm-@wls;LXg!#lXP9!N8F)XCki}Gl(+t0#nTp-WqK|pkR3CNmhqvObiT@*%%m9
zCeLS6ub&zcnJ;W8Q0G^7bOV3PrFG7g+P6EpJ~f1>Txkkfxk~B!JQXoJG5MQc?i=4z
zR#8;=ptkztozJzx*X=TSBn}oeiyuwBTyv+(bh~y-w8+WTKUmCn1l|zaV0x>qJ4rUV
z_*_JCifGIyrs?O_Z`dSpb3)JD(9Kz9EOYXkZ?SI8jow<Hug#T^zWJtf+4rBn!q!~;
z5Oh;ur>IAu<J@+?%C{{2r*77-=e%h+=R-(dNz5GGwC>2QyqjkDt8YD`uqUf%=1<>E
z4+1TcFL+J4;ObCvp(1C8d&Q!jgdI<{H<`uMs57o$c=K4y?M_X5^x1FT0Y}qQf9gIc
z)m}H}=b79`yL2|&h1WCtY6_*ERhEuzxL_mj%;d#Ei^@H3qMj~z^^Uv$we%#e1Gz5w
zJO8Cje>eNOZIR@Jsa>zXL|iQB3F4Tdmu9K+bQ@1oboV^ltnVIo^Ngxg^QC0mk}h=~
z=$o~!N2hJA<tC8?gO<Dw{d=w=f<L;_n;yRVCU(m-%ER%d=!>v9-syVv^ZtA2?K6%o
z(GQ<F=j4`phJ*=f?Jcp1=j0M%<}u{`oW4Zhx=mAor}u-X-C~nM%@&<Kxr1%`$*W!(
z)0s*;<_Vc=h7~-0({0iA=F0<})FpG7u6Sq*JD2)=JIN`vJ|=F$&)c)!KC%DtXxePI
zWHbL|yZKY(t-fyl%^yBJUjMzduWbFqno5;?2|wMdX?GMKU2^A$YAZTio9Xo~c2iMe
zz^arg=HBE2#ln-5)s{@+KPPVO(k*u;$uD`;S(#s}-h|)u`?%+Nebk|h22=h6j#~4}
z6XkELuN40jw1T0R+tK!tRry1H{?8{X_!JYXXUu84Zu(;Jp#r9@Z+>`hEv}O?t8BKb
z7bs@U+2QwPw%*jHzxA_no$F8JHCO+BXZ?xkvhwLA@3g)tPJVgu^@QwWargJv*RFqA
zb|qEs$ET~Vh6N!E+l5xihVt`Yu2uOi_%~QNXZ>X1v+{iBj-9M$&+Omm?8WA6mvY+t
zMom=z_0KiGgi*3dI0FzcF-(?Ykq70I$qp>qyr3K+FXepxIZ$fP<O&wG`h!_51_Ev8
z?=JT!Hurq%8=|3WyK}nNLUYc-7-qGJJ}U2SU*D1!c`B$%I&I(k`95CzeHsKhrm|_>
z+Gl4!QS8d2Qj5vk-%F~lo~aX7!jq_HG2i$61>LxV5B_k@Xg%;<VxIBABYGm*ujDn4
zop_{tn`IvN#{>3#zN_5~j4q2cZ{eyp<1THCKYL75a?9rb_dSI=%st-fB}^}0B%E_}
z-nI7Ko7h9*&S(18ettJ8UU_!m{M7dxz9IVOWR}K0nUcD4{-@6Ng^O;le)#0i%>IKu
zGVH3mLrQnJZ+@HnV?EEQ|7Ug>2}j1QTgg8^z?+dtgc)9fK!XMt2$QAQ1SfA|l>~>-
zIaYfxEx=|1rg_+<CnvGVfkO>mu1xM_bA_ssmifxez))10lUkfwQml_=$z-5*M!Crv
j?6L|d!OqCQAPb5bC|J_y!!o&+MSgM%y8v4rD@YUo98?<b

delta 1273
zcmZqRpT*A`;LXg!#lXP9!H}0UX(F#0Gl(+t0#nTp-WqLQpkTPG!SNHnnHU&!CqB`x
z@11hj|F(g^f%&udKRUsD>w-}Ehik1_9A><nTRNNCS^`oZE#CO7|4iAePxs%?St8%V
zd2PDY_uBo|y9;`q`WbnySIjxLZ{EBEp0V|jQ$@|WTO_CTPJYO_u0V66Z{pIaACG5>
zI@u<!xu*1eTcN65)b;~+5)zzU%4YO`{`kNkvT|pAVb*Q4{Qjb%g!acD-OH*g4Yjqe
z*i1ggp68{audlvOIPS(I_RO>YpSNVZ_@Aix_Etfih5Y&BKTma+%<AE4+*h)xFLPPG
zqQ;GNrk3whC4ZXOMa+%;W3%_kvWKtU{7#+bn(MQp_4g$$R@X?WeFttV2-D2?vhVkv
zj~uIX)epUT{I~voFYo-4=U3-1oVu`Sk~K>n%awC%I?Nwf`$Zm>nRzb^xpR3##|2})
ziQZ>s9e?!cw!BS9c!?KdIOE)hukP5~l3rf*WMWD|%qlL+k55=89GWs?dYG}vnk{Mz
zIDHh$+cLG4lAbA>p7B!ke7^L6&jX>UYfHCWH9En{zoh(Hwf;*JgL>0$i;00u3}3$I
z7zMiR|Lp$YLPd#yvGr;Zt_jQXm^}FZG*+;4w|HIaT_hu*#iGQ^@9(g<Uo-CDFUB^L
zC#eo>UY9f&ugvL4+--3u*o}$Dh9&ObsfW^+F1aOZ9Z)P>s1`UOa7D$7?6=%9NxxTd
zXXP}oOU)13ruulB)Av_LG_C4QCmdI(&wt1k@peh?Z7W-?8_)JEJ}!EF>miL-DHBAh
z%a^CCUso@`n=UxvOG|F=Y!@fJ>#JSL53zpm`jK-ocA4?Joa7@hizoEH6Ls->9P>aq
zU*u!<ob7sdzfAq6yEHh<QE$2Jq^8`<WlewM{5HpFFL-1UD{$$k>3yTK53T&P`s$m1
zT-o9`DQrPA%lGe>FK#Q{cKNs1^tBgRJL|lcT+RvcKm0a!(dQ#pt*YU?wU>h@Z`wX5
z%=GTsyoKgz%}-anc=Tme;3i|%V|?%I<nL%!eGd^kyr;T;4&Rqc@76t+?)d)Q^Zw)0
zA9B?H<+bL-K3euI#oemG<Hgfg_fBO7t+{_D^AjICO1_!Q!~)JLleJm2g+O`5_O-kE
z8wLi36O0TDvJ8{G+2!kdC!Eb|Q4n#vK6m+oH$PY2l{B5{b9w4A&)6;2&Jr@7EIi_i
zKYwezmYJ3~>mA4UIqx3_{iqCCz_jVm3Zd=mmn&yYowJuO{L4S%!x^TFTZQ-)eJqnF
zTLu?wp1!L5-=Y<vjk$(8i|2guJrRCk|D{bjC6&tp6C|JezuCMp+EPQgV_UsI%T%qX
z1;s!1t(hz0X#M-Y-xP-%id%O##$Nl_cUkn@4l5gxbk<9+HLr&3t`>hI*Lh4?QE-l;
zh4ZWaVC6SD$EI&@n_%Lrdt&vzBOl+sdh};1@4+6PD$QLbuM)Hue5}5aCzMvNcK2te
zPTuU$cKrZvMkWzvc)1eJz%aRi)euyuOy0t352kBbr6&urNrKtBY?i1+%;aJ=SC}dp
wE*1ucqSBny;?$C2bdx9RvPm-<Pv&EnmB$QsU<5$HlE%czUhD>J9jqV$0J~{GsQ>@~

diff --git a/pmd-appexchange/lib/sfca-pmd-javascript-0.12.jar b/pmd-appexchange/lib/sfca-pmd-javascript-0.12.jar
index 298093c61ee6a6599c00a8c9abcb67135711c0a7..d09080b5ac15981941e1b9ef1cbcdca733fc4473 100644
GIT binary patch
delta 1194
zcmcb}H=mz3z?+$ci-CcIgMlMq&O}}{W)NlO1*V!Iyfub=K*8{vF}3UWGchofvrT+$
zQ6HOs%Rr=7ZT};)^U7&&rI}2wy;~@Cd)2nfT8bf-=UOYg-<&8D`tg15Id*2Z)wyjh
zWi{_@kAI(&l5~nk*DAo~c&3GZmw)ucqOFb<4uMiH%L@9Z9<gf4ou_Hd8~nV>FxhpU
zOW1U`2T`+m-MD05cWpeKA=106<>R$ewL!7h18eI=1DSTq^xoUNT)&%rV$!+xpvdD>
z9Zqd3%9-8Ht-E7#)L&b*9}d-OL9gsS{QOk;#inbU8E5*zgh>lT-NfY5%Hp*QG)m?z
z_A+QxW1iD?DB&RQp*}6AbE5Yz<Q+V!KZ}9!K;r$J`{tLw<R0Qv<oK9mF(*7qtvjkl
z=kW}Mb)|6`_1z~IYZh93F_e=u(h3(kWa2XM^ENk*9i<r}=ku;c)tg7&mac!&Taqd1
z?lNCcwXw6TF7NuuvJBR6F5YfqS>gGozNeq)X0pDdbMeq7^9<KYp{5f%RG9;=_gB5H
ze!J6cUg?*T<FQr#n>T#F@;cP{#Kl|BI($XGp0iwOCXhY-kW+nL(DFZ@*pDgH%yW9G
zkjKp!?)iJlDqq>D%<m2?UBd9NX|knT+#|;e{}>j`=Iu+}@7R9mrtqHEwsK+r^tMEu
z_RW-Xk6IC|;yh<D(>=|zjDM<K-+jEIRB`3NZR2HkDg?Sud8uo&cm~bdqsgNxSkU5L
zJTG;3c|eqvx7J%j#uc8q^#XgobicTgoZcTJv2w3|dbsem`TM0-bDQ`r`YPC*@V`Bc
zg}wjV!QFoExq4Nl6hmyZGkx{bPW;<@W}AY%>94K7e{=s5ob!f9jW=nw5r<!1osZtM
z>*k-2|1?T?6a8m$NW4eY?22tXx1PoxZ>&}2JI%kn^6^=}rv*p<ggfl~_(R42m+`x-
z+)4W)=09)c4`-bD`0S^>h5xqy)8YtQee*%do~s&V7giddwH0godg_nnqx|C=l24aN
z*Ik(R-{4G>=YP(5tokS^fAVZ*aAKc)gxQc6l-e~C9$x;)z`*cqG82nIy@>1cXWAOO
z8+Xi3jrLMbEt<Z|*}VI~a~92pqldSC{(iLga$3i#o&%QOUrqY`kcFc$B6GoluX(!_
zO;;RzU7+@Uy1AEH@ur9i$sD!ED)Xb-@;-1`J?B55!?N$lhbf$DVv4f^{(C*P*z~d0
zwQ;%AnxD_3Lsu(H%*^O^jAFg$H1}cs`P8RVcy8T1ZheyHk!;Xz?HfyaGgxMCSo-vp
zW<KN8>wjZ{@7<mIIa)>PyyvE$MZ4CzeYJY?UGSFGW$Tu2hxsR{7#o)h^2a(pX0ouT
zf3~1!&y#{TQ*!>D<JFt0Qz!9XefB5zP5GPB?DoIY3%?)W&B!Fe3@;PHfq^jDgw+64
zB1}$awFlD%tkRQ@uu6j24_NKd%7@9iYymK3j1MNyVUvI=lxE^&nS6y!NdYB<85tOq
ZftJ9)l15vW$?PnuldahW*z#FH!T|ct4deg-

delta 1133
zcmbQwf02(jz?+$ci-CcIgCQ?z(nMZ0W)NlO1*V!Iyfub=K*8`o4lYHxObiUUtP@{b
z)W6TZZ6NSh=D+AF`}0B9>bUbFUYKc|-gZfTjX+c26Yn*O-foi~KiPlZbK~VDQ%cVy
z=*)k&_jz@BQC>7FpUuTRZLhyPe0{d(%&cdp{X$~$8*Caf)_$oj;*aKx^(xzX>7CWu
zJ^5-qrlp>9GuJk3-6*|4%I3A?O;y>;h5R$#%&}>z-?eV>T~Swt-7@|5o1VY_%pT}?
z)_CRI=TQuc=FHh4F-Q8~UXx$<O+7tI@>9HwRm7$r-63&#uJ+|jqf_1mhfb-T@VUQP
zA$|Exj(sPLj%+zM+iLdzU7BHUvs#r}4N8+`rnGL?O^Nj2eWmZWpV_n1>F>0B18JAD
z{EIYK9^5J6qS9Eeo8hnZ?!>7dU0+;UUQgmlQQ2}`y68d6T=vyFcU{f?oO1Qx)r7Fl
zkW(fJD<69__HiyaanMUyraMJytC4E>wA-~D+fCV$iX}3ZSqbJz*`E~cHRZj3<n9!X
zqq2Uy+g`0vT<EyaL#k)t`SLsA-*<4?N~*R9)Xe#+cH~3Vnk9!neW{Pii;@=YYkfa)
zuX(GsYYpp?$G;=$SZ!;56eab3l<)ZBQqWuen(wS**3u=;QSK-EKRft;Wa{9$_QH34
zSEZaugt*D|OH8~It~(d6S-0_0%fnf5Pv7jYyUnlrQ7ERPuj=OpnQh<xI^+f#SM7be
z>S(zQmu5Bpmh20kGQJzGJumaLe&X{Dre2f&Bo%(H{ALlY((^awFWbZCLh7BXU5hIA
zzMdIbkn{27wm#!q-&JEbwMBnPH>#Zam-pM;jZYoS9z5EhCp_oz{!9GE|MvemtrDrX
zeDU^E>FQtSTb*Fz?!Tv|esNzQr`)$6>u0L{{BVAzT0H|wG7V>7nEZiR8I(pRi?JB;
zf>LK)F=NM91_p*NlS5bx>IK@KKhumUJ5XwVdZUQzt0#J2FXVANE^ZPz@W`R;-o71$
zw|FMbn)vwlfB*8S{pt=JGpDj`TT*-b{U))HFIICl_n($OnO3}Mhw5>GW0O8#{K6Ca
zg^TSu{{bDAeb+uTJ=KY4e%kZP+{9OSc3dRa2c`4zKdx6_UZpJIx%H^R+NLQ^^|6o6
zZz%L)d;8|`xg5rid@JvYinN|^J(u>zb8qFUDu<_EcVxWUT^;^M%(FAyOIX6t!g==j
zy)Tlks|IPLyR~2FexMw%YeBcsXM-HiC>FkR^DQ-$^-E>gRgd0}evp;+GVf14>qCBx
zJT38kyW$q!t6>iCW@Hj!hUeqSb*v`f(Ammr52ou_r6&uqNrKsWZ1!mRd2%&d08E)o
zA2S0(QE5(UacW7iKDxPjY|>2InI|i;D=DA^IwJ#vGBEIAU`gX^=E;#Ps*^j}1=ti>
GLBar|u=`H{

diff --git a/pmd-appexchange/lib/sfca-pmd-visualforce-0.12.jar b/pmd-appexchange/lib/sfca-pmd-visualforce-0.12.jar
index 8efa54a4fa9ac7610ba73cacf2b919118635d35c..dbecad654e0430952d7f25c5f71b184a871c2078 100644
GIT binary patch
delta 2058
zcmZYAc{CeX7Xa`ORMbuzL@XV2)Y^_lq?<jKF0t2I(-t)-6-(6;q=ZnkK`0tQXvI=X
zMfVb<Os$nDO-)lmX{}AVFcV*8zB6Z*_s9Fach0@<y+7W$x8P9sAsLi2P)rH{kdy>S
z29{r!(F1M+a}t8p7E)&@gmrKmf~<&zP$!YY+qPwkI7kW?;~+QTg0N3fcnZNyQD63Z
zgqN}Ffoe^00AO5+fLGMRa8E}>zJ|#Q!ng1_s6ZoAH*e98*m*HDu`>4h6RndSqE>;X
zW0PlXuB$nI3$oeT%q#r(yyY?FnPPj{*+ZfUEAhiNlSkZ~+TUBQspnUvxRehOa;czh
zdBT_^EfrlZRc>cGOld{B%=wL8o7r=!lu2=nY8VtNwFXc0y#sb&hChd8EVJ=NW8tuK
zZ8r8&Yh40?+!})xLf4^}$6syDql!8Hif@w12|;j9Uf@TO-ij~nb|e$itFfbk3#7pa
zH7L#Zv2w&&Th1GG5>ZN84>9aQDX|^_)R9e3M`7=3<rJWM_qO}4&K6%xRkv)r80T%S
zw8+XSGk!i3P=`U+CTwJ$`exejH12-GG6HJy_D#BuuWsoveC>>+V!u(*E$ef|Zm8Lx
ztU7o-NgXfuC!YH))Es4l^l%<(8Q2=SA_kAYpiBfFWD)H>WBJ^hlEfnO+>eZ|nEHyR
zw3(Rc7Lb?JiKHL+GTa0FdrPZT&k!6qGy7URrDxr&9)}4dI*3{LK%)73qV@uP`o(jv
z4RvMK+^+TTEdI89Z;Gi27>{q{=iSoME#GMuk(9jlS-Kutzz_5;335n|xO_YYUqEDa
z$sA1UCZ9w<To9!A(lT9D$jR6|xhrdnDLBKSga8NL>&7^K6_pmx|J8A;3d5w@(DW?u
z0(N2tCfsC`mzW*AW`WP=Y;1IT_}4&lU+&<PD2^2dEp@qigjU6-W#WB($a;{4G!y6e
z4828!Q}amq(PLU<K6^CgfP2MQE0(Sa!u@P|$@ZSkOtquF>v;==M&x8Ctym>u>A4iH
z`oW`Lx(^UHTT%95x;c=8RIfkmAR5-bEie=&+t4lPaA%{%W$T{CZ*M>k5=W1SFWYk0
zA=rS_Q%aa!RaeSyj`&me9KUaPX|EpjeumQ@vX#!@E#0dr7O+h>qcP`RXQB&M@Qk<X
zf%c#dKej-2yt%vBFVjx|s^{t4jhjx)x?(lw@rohG4w{dl+4j<*=9bZ+3cQk`FIqb=
zSfvt$EDm#_cQppC{s@CK=uRJ#U6yV`a#L~h9DVX=4$Hspwj6Ke9oG@O5xQ7S(MoP;
zUj)~nXdM0b$t3o($SHOn<<?}Jff?7zuK@0hRv(x!ocIKuZn6py8#GxBj>t&2|C**Q
zNS^i5LW?e`eZ{(GOfkcBAKebQfWh}M)Qmu>8kV5dGvUDjBjK4W_f4v~Ve{w56`m%S
z8{B=CuF1Xf`=xP%EsAK*f}d>PFqStWvS)kR&38tr8b4J2GFVf?2n@jv+1X=HG`kz{
zjAl}nQ{j~j{eF1gDXlvf3rNvGHu`MaYf?3-dv5OvcB(AuL+tPRmbFTanDSBAD$tbi
zOw67ru1!w@*(l@v5-vY*Zat+YbwKgdq|*db`_t9*!k%i|$kLPjwS`ABg3mv>z%-52
zf4{L`o>7P1K*;x*Y1GVm<%-{=-lz;k9Hq=3lZ$?r14g>Mw2OgmHp>shK9m7cU(v!l
z%IbO-$G?`{$%33~3A(|m!<Yu-aprnp4oOf=x%sseZBH}aRl_Ir2rPZrpoz1tLGZ$b
zZ_!hk682|AN>?1_spM#Uvv(7+W}UvJTV!4sH)5fHdJ8LCaIGbq2$0Gj+CyDIU(a|I
zXsq1{&F#%?+;heI!3w<~aZYUilbLf>(-i%?2*%>2BPi-`MV^VU>k|IV-I{4gl7cbq
zQ^=<6L)_~-{g>PO`abN2B|oEe(I0bHd>Knm0skn?gc9(dRkaJOuee=R4W#rM_K5%h
zC?Eg;0TBG5P)y?umoTiUat3MQ3@6F_((;LLvUG>V17d&Qw2saMtTKDnKH|#<Fttc_
zU(5)tp!`z>+Qjj=n`k;;nHsndGJGn`1URh{DmTqoolD%TckkrIvsn8nvAU9reNjKQ
zPl~z(E@Y7vK#p*=cSi>L$77)j8reUM{3xyY{>!G`4Cc`7(^|WHYT<D3fJ#0QGFV#V
z<4;=PTR*BS+|YSZefWh<E0WW^J3bpQYtKr4vG|S+IzogqlI6qAlp-5~Cf5W^Pi~Y{
zdceqz1PMH4Ws&Y#28`H=7Y|ABorSMwzm}~4e&d~Wt-m}e+3EO7lT}E&cu$#xKNwec
z?RSy2L!vOCt$E@;SH5n`&lF#M9ENcw|5jvM6Zic6P@?MU$a#q*iI1`U3%JJJPf^Yy
zqRPO(Iv+t^9YVmUstQ|Mnd&j2Z&Xc$%BdlQ9#^vwdP5B<l&vQ0lLUQ8q;Ovbi54oa
zZYC6|ZvO8En5%C2{}2df7z_YJ$A$-?gJRGo|9X!X;QJ8Wp1u$1Klwh(1D345{yi-&
e_&=Hd{1|_w0&3E9RQ`5h93d2{ErC<r4)`DG?X6z`

delta 1975
zcmZ9Nc{J4h7sqF!u??m%jTtjTBH1F_pb=w9mN8kgrN`KLgqVkiXe`6AMD(RlNE&3u
zzGtZ<EtnE5mQa+egR)fQ$#j0d-+6xbkNdix&$;KGdp@6g?z@YSNf5TS<lz+rf%y4B
zK^|AKgynd4fw$lyL7Iy)WiDQ8?E(-1>vCxU*4t%$3fPRF8w?59aRWdR&aDF2!4=@Y
zG8})RJ{gSif<O;pAkYC2@B({~w&-XRJc@^1Y@+S;M7Rm{*<XcT2*G*=0YM^no05S_
zB8;C!ZF*~c+tjwHzIZ1lB76E7Ilfd_aGG+l=FsX=+f>9x0i*cHew}4f8dl`Oprh*J
zz%z))Oj)rgkw8Inf5ttZvYO1Ag<6NI2Eu~(xOjrR;%YX*ZiLsThaE@zbJ->xwYcKe
z=}Lf}CRY_)?LG9zQW!OPJv@SzI=-_KmG70A);Yu$DgZ_4>V{BO8qMj~OeYNFWQ-%y
z7@Fync5zNmTlB}5<K?61(n+|Ikf6qQ_}+)*=hE4PZT;`r?Cb3`_4Emp)G4aoTJB%)
zBBLClp0LWcexx<LNPu>)$oH~BUnwGt>e3gb%s123|1{fwDo_1jVs=04X`T>&-)sI1
z^Zr6bnl)pax+Iz_{zcL<JH)BCdwNV@datuZY}@zt8=qbKHd7vU%iXnLKAnpwV#=vG
zMb@~KrxfOeF)NJr?TicFQHS|sBuh@D3`jOyM({IB#%|l^_({{;6zpqKeHrAe1B;0x
zW94jQ^>fp;c`Dj-v)<;h3LMBq<o1&8*sg;mGU#m&V2A08&#EXwO2TUDBN)^9`Pcd^
zle6+S8RTZ;w1)+0*G^8=ubgPXoi6Vip03&8uz@6#pDP^r!dlr`O^*k#3&Ku8$~6)%
z)k>TxR^Zca^|Y7f$L~46gDOMi_r?3QoT7kJx0+f{S$#P8zV<7YdXE|%yd!RJRer4d
z392V~hCzy(nLI)5?Ro9uksekHNHXmP%4YPwL~6@YBXwN{ZNKbq<e$GK8L!AuWu%bp
z^SYXq0(d5iyWo3SkUAr()(0MXW6o&7$oKs3KQFBvS*DSyD*Relowf8x3I*94?xZ+g
z^2Pyn`T#9Ky$M!9-|-IrBX9d#1+D7DtcKT)l-blv!$6-}<NfZ9UJ^Uu(fH$q<io)e
zq>LrxsN;h%g;qT8Rd8-ztwj9O1{D%!cKA!<+hsNPspo|zrW74U@5DVZeZnJVMKz&Y
z^kuApFHJQA5_qFjR?8kGAnfRGXdd%1S9@U*RqsJVU(mAinY~+Z|KZ}C`};7ju7#U2
zfu)uq$o8DK+Vdq=w(On&g(|m2@<pRJ=Q~>WY#)_&s9ZeMVqxikxEt71H6O2X-`1kT
z)O3@WSobY{u!0!MQ~PKANSy{$=M^&RY$bjy0!1Se5wEfa4F1lSH4?b)xoB`kqsVY@
z&%j%@WfUsp!HhDX6N$4-hkUS8hT{1IOQ52uB0>>~7(Xrkbs<XL&6F1^kIKdk-)@<y
zg<Lw^l_eT*<K`^*kp$yDB)CZ6GBV$m?m)qonr*&Ux_=|s_Zg9ZsAfjT6x5j=HBZ!l
zXwi!D5NbKMWEwPNu2w)~p1H`Vre-+mu#BIZ0Em(&dAt{FkWQEMag)Q<05<XKR!y^X
zvn6&N+0U1Nynk%a72ozsv(>r3+<_f#Y+`ki<;oa!sr<1t>ic5z9sLxuZPU=sPwX>W
zS99Ri=Z-MQxhcI>w5E!e(mRe`!n)K3lor4l+A6skFF$`ce{Op78Ylf6Gk#!Rp|jum
zWQgSX&Wta&z8XO4%vVWleNnhqO`HdNx(14&$i1ivO(MBGWA2mE0~NZbjjL=eWvy&H
zzEft_u4ang7u4fE5fcl&uKmqs!{A?=)e-c|_UyV}CIHNdqqs|SFG@jpcSWiy+oSZr
zAkYv%KpmttUKt>F9YrKne^mIi^oHCnlR%fxMVlB8{QXAx9a@ueWY!<O`86C0H6dlv
zdz*G9I0P%PDP*iWPfpGY;o;?CsiQEqS(|`dzcY%}o7fek(;PlrOm+Um+o-We@SG13
z;dHkxsmYx5!L7L7^qXBpMXLQqx40i6gY$W&H<^~Ao9!&Se}p8kd?Xt;7L?KOgf%o5
z?PJZiVq!ZNli3{E=ULaIx6l}L1#69JWvO)lVTZpS{eWq<nNAR?R4MW8c|5Xef8M8~
zVp7bn{Kh#Y8++}5Q1_dklP*f;`qvjT<2|I+I~8@7V!I8*kN^0TS;)DfSR0~y=F}|z
z^5}w<C#r+lH{6O}6$)K~wNxo2|FrUE7eVas?#eN^vdh<gYzu|OdG8!K#ByF?MoA_}
z3>pymVvk*0phZ@%{ZcgW9t6*SH4OmcFhDID&3*5Fv;mi*5~^GpN*v?zqJ%M*-4Z9c
z6v1#65OBo=bI<*lP%d|CxnY0Tio|M*{9E3DPAu_1Y2Y*fhx`4>kywmggE$Bj`d6TL
pm^U>{HQYz_|C;>Y0Pui7nBP;v^|#|D#Q`D;2e5E3hy!}}?jMBKeE<Le

diff --git a/pmd-appexchange/lib/sfca-pmd-xml-0.12.jar b/pmd-appexchange/lib/sfca-pmd-xml-0.12.jar
index 09860a70cce6ff2e1c843dc7140b25dea1c70bc6..7e170f77c20e0803adc2a8851ff82610edb57b32 100644
GIT binary patch
delta 3367
zcmZ9PXH?T`62=1oL+?d;5fMZ0h)9(p2qF*z(iDWy35F1g@TV&Tr9?z&3WTPDRFULf
zs`QQmhR};5U5cTz>OH%AcIU%9@64I^%$ND_{OU#1M3^njz%&dX5FH(e?oM_pvn2Sp
zsG0ten18CbP?ld!c*t>TEB&w0Cwi$17Xd-CAKB<9=^!zoLf1u9JiSJW$H~wRc5Br1
z=@*4Xf+5@4b6cG*E%u1`XSGYMC+#Ow5nZ{;23B|p=Y>vB8+%_X&#%4Nmnc0cz6mNI
z`b0ymSop3*+K${LeR6-)rJ14@xN;B^ulDtoRV60z{ny$zp`_|Hi5(ff;+D7o8KA#8
zQI|w=|7rHdQ?;5lEMr)n$Gq6u`yeKcaW$jwE92o91>BLN+bIws!JX{T1RI{lg(BIA
z4*LOtVcAKbMFta{eyRbdT-AZh(ZZeOwQ-9c@OK6sF_pD>6&LCW4JNUzCf86}Yeh2}
z2?tQt>=T&<cAXAVEYW$B(SYVH(5wDp+uWm}c2$Yt;~su!$>C#zI^AT$s-t8jjlYzY
zhl<BDWEDu=G++aczIQjLo+_g=82?_MbI2rxr>rvK%AD8zr0L~)8Ms(!H5>l3{Y#TO
z;L`{B;yRj$jXs4HadvhZpXE37+uManHZ**SU!!Q=^v_sDJqjL7ZvT-$2P8#4+W7WC
zM#!$yK!EjoG_Ul5T*s7~0imY0!dOpBzsMmag<tEM=zR8CTX_v!n9NXH6Xf+(q}}$X
zZ!xqv+;RrmwO4jAtPpwl%}4WxBmd(Q%F9z|dyHtV_((*Jl&`03H)`<($7}~4yp|zL
z+>1ExlO1WPZ4&*Zl>1ca7${ATXPB{*oM&X?NWO{S)iU{^&aXG=1Z4HlppBKk^zs6>
zC#ABzt2HV{)%S|uZ}NuUzM&mNx!l^{k?Ghe&S@w~Ph^WOv&_>zsTT2SlSufiGol^t
zwILHxemTWabBICwHB$wOMMl|Mj*ke<^oiEiFgAj#eY2RmY$9x00BlTRFJ`bm?bQ%)
zJq~}CZ+MtysOW`^Ml^yp1ipCfJ1_<jl)s&?qCZtW3IUSQTFESNh`e*NQp_|FJBEkj
ztrm$tL-?`st}6O=<e}cbY8N?K=M**XO?O+M<FlK?X{BacX<zxL(Dn$Ig@k*nwckd~
zn*=0{4_JL>7(&*^0*Ll#%*(OM#^F8RFIk*!f~y)E?6GaTj3*-k?wkBaIA1&a1&~D=
zs`<*<>yFp$8X`NbFF>w6jvKGJ{DI1`>k^ae8FmrcMHBx~ErjP>0PS`2$h;4>MGx*l
z_s2xCm{3_LD!L2nW4H<3VZsj`3N?y=PdLQ-+{u+s(8+C+0z{z7`KHIAPv+WU0=Wte
zu_#H<Jy0vXQEAFRAfBHJ3sRUofy}2dTM)Tg_Gl^Kvbq4S-Y>QvXC35pu5_t)@3M|C
zP>c7a30eo0#oQLC^_$I*cp_@`xJiUw&Rr$j<;lB1^j(8{5bKN++mQ7L9*;GR`2--o
z^qqcOS3o8bs4*J;)HigRZR7+}Ti?fuwFM7LF&m5Chj&uPW!9ld1J^z(`V_RB3P9=g
zbV3bo9yxL33m~6O%uMqPN7?YwOl!jkvmY@#_qPM%8F;=`pzz1fv9KgOdyerHcg+=q
zrUVx`9@GgJY&}bJRqpH?M++B|zSo`uYIcf7jbJO_r<_+GowuXS>EmMA9;xoNM>0YQ
z=3v?{Vx+`T7i#wl9pHF(=$B?>@WKR2t?I!r+E;l4ajnWy*v-v6j$d^)(Z|*+?K*XS
z!Y6E0nD_W9YqFYsHBqs947T9Rd0CRXCAAXpBckm18ReGQmv?1G&)KzBHW1C#-n#bM
zUwQ>t5k%0|rE{Ce9X?Wk{143eqBKKq(W^5==Rhchr&`n48)fjCkL4A6r#~ASp1b{K
zHRSyHRT4r_O_~yfmXb@m`5xHI<qj!%(0^~)LTWmvManyTv(vS}=AsNt#@)7#zi&+a
zyofuxYDvnp`wsbg8r*iIFqphwI3JjNXbiMo*<m7&6etu~dVIc^WU^5n#6<B+#~O=a
zkD!>E53^~~rsug&P#Q{wEub<YeyaRd{?@Yz7=dg_I#8rE6od%p?O0|mH2QuNW=7E4
z$TQBBm{GaQMIAgNEjF=+!}@Ov@{ajx-g(zvC4QU>YA<C<GIf=lp>W|Fju|~T0Rj`g
zHYCl|UBM!zDQU`I!`ZxTJWr5wi&h-X<CGu0D~AKMg0@=K+byCZlWsdxIin`Aso`7)
z1kq`eg9dA=(K;!O{EeFyr4hO=Chmriq<Wl&q?cw)RPGQ>S5=L6fv2a7bK__h8jZyz
za%o|_<Z2T9u7vEa^?*0^;3EJ>d@)>|dMcagj6LjlWpAn1(y)b62@%*BpTsCt1_tI_
zf0`C^J~D0P@)<ZbJ(Fc=@k2lNRsQeZ)RS80S~Ef+JaarNg$$qQ>68W)Z-5KOs#9c;
zGz+$W<r~1&hLoy0B%28FhrNO8ma)f=t~&Ld{rVc2*v(tq{Q?=4Uk(5+K!xfpo}Qq(
zzQJ!@!+L_$i?(e-Z4^sZ86huJdh_t8nW}!R=8R9YbVa}R!;t-cqe^x1gZc{UPp*r|
zhb4bYxMnS&QD|rW&~YU##0`x9gTTDM-hKw<r<0#j2_`(Z8HqAE=x&S*FW<ZM@e~G;
zH#~)X8i7a*O2k>r(^>+EC)ZW&W1C4&^JIwNXFFG$hVRiOhQ;o(ct-UOw0S%fR~$ra
z^`2vd&)J7OKf-6-5SU4Ocnu`I`nOkPXvr@Bu0&%M00Z=r!3GQM!nw@YzS*qy>6Lfn
zGc^+l_Q9RD?OK(llzsWEzL%?ClY{!BLx~kd&jQLVjC9Zp;}AfbPHv*>t=qfjIr6e7
zD5R@f^v<E@+5W9tE8_N8*<M#Qe~=bw^hVeF)vZB6<f?(CutJRO<8a+@-^Lgc=>@q8
z8wJgVB!GC|sLC5#@!Qelh-_bt4u<mi<?56P?i~y*OP45eEvnhiKp)%afwiMw`T8)y
z_<q#*DBp@JC;$%d>_*dDA}~=ejlGg%-%u8=aGR5AhPZwzbS0^(FJl=m{v%>=09NAz
zORdelaqbioSj}fgdRPBw)sWAP#>-syt1SB%L08`>LU+{KRzh=ozhr2~^i#dBOrfAS
zj{~M_PS`|B-mG*P)~!4MZCrANllM{WaL&Dgz}UoOAbo#0G`u#(0^|R#YN%@L1H*91
z^}BWa8yuP5+pM>MvBR<kGpFMNgfww7cmAv`jg$WUwYh>P^ApsNs2pM8jcMu{N?zCz
zdC1bB9P?~;mN@m${thy9a(-%)ClVs`Ez-}Y=fW4a^q0WVwZxs><p9W9u+5XKrv+Qy
zVQIU|Ky6Tv-hCZblI-36T=~6iWo@T*olW7Ut+m-0;*7eCXxNExXz2DQpYj*#)7xLO
zBDl|0&J;0hNoFf{{6$r_ALOJ~IxQCNGe0>JTfO6%dFf~4vH|F;A;AVouvPFcT1Chg
zO$-oYrEiv<&J7+p#_N3lJI}kM{uC46*-MY9zj*g_kAJ90h$<jhq&;GRbKoRYeyC>a
zR9TPs6ZjubiOXjEV<T~GjQ{vZmxVW&87dIS8iG4!6bA~^&Hd*T*y0Ds&Z&J@0=lQz
zMDqgQRGHR}xZkAk@F74Mdj`S}n@$eUd(gqFj&WIT16uE<e|TsqxKYuK;%u4*Z-~rS
zW>8Br*V%83o%B-F@>4W+GDerR#cnT%y&hJ0E?pgI8GRnY^gZt8Ss{)CfrVoH>(?#I
z_DdWl@`=ED*UN7bZf0yMGaRz%Ob$F-+UshZZ6%AQCyhmLh>L*)yrb!DhM^sop8~}g
z<9z0lsItSDQi0Jl_`dL*Qp1_%;IiOcI<@8vfikwO>7rQCk{jOK15FQ>h{RU?7qS6v
zq8bPl6qbo~uVTt~VQ;~~?QICdBa5&!3`_%&y#!eQt)TJ{?^50?tzbOuSz4>~K4$d7
zM>A*ZYi2~7_|rJ-q4|Pq9(2`fmvfaE7F$e!x!mSb?!IMh9T;$wdjI<tMAD%gDL&6p
z#-W4oZz4Q>FBDX0Jf<?Kx+2}nz&mNT!XG$%?Zb@PEi26*gmz6gQ;g?{`(WYAKrGM4
z>TY1Ry<rdJ^@fb&*wp7`lg>-0AsyF_r(Rg&EqIH18GY4npI^A7P-rJpK{kBJ2~|g^
zha|sxuelyplbct^yP1Pl6)-b!u6JDT=mQ&TO20aM>Vse7CVL=KG?B=odq$X3kfj+F
zH5d3llmQ3*3hLkKSKv%oF8qcK+<g|EKYE!(05`zG_vc;4Du6q~D)fK&fm3AF|M#dM
zHzNpiAMN9YatlPs|KB3qum4oqxGq*f(cb{`-@^le1pnFoC*z~M8F5rh!aSB{v}b;I
Qez6dU^6Nt5n15IQ0@7naSO5S3

delta 3572
zcmZWsS6GvY5{)5rL+_!)&=k?o#84tlPzVCjBE1*sy~9rj1B*(K4Mh<M9jSt#fPf;>
zds85|ROwAZ5xDE#^4-06Ud}gX=FHPPoRcch2#4xnC?Iqo5Dg8;!#4FPRD|Le$ZGus
zG5_q!#hCvju{1m)RWX0Al2ITK0-wbo3~ZRWdwxZ+objI189y+Gy-Xke-E6ubCDc;1
zvCuyg?vrW37N?AP-KT+QMzD7#obKFI)2gxW^d7!8EOU1V!F)rSmmw!uaLhQfLtFA5
z<lbb;{8pd>Q95JYBHm6+Bl%FgSHHq(A=bi6*8j5u3w_;ua@`BJ&{?5J=EAiy_JCSO
z3gIf@z~|8{Ca`Cwo4X##j?5?=DNzVt1jmqlT-V~rCpH6&o#MIouBR0u>{|;C>!o7Q
z-1>b54M*7!+A;PtbB@@y9_y=<K1id5*D%<t#1e@`*6hOOe#o^-EoiT9=DoSDv~<nA
zCs)+(l+$NNcigKuxGt(+T|9ML3&;-hSXq<fW%;nq-Sow~HI_kB{9B5_GTcSH7KN}2
zX}jBX&kIv0q{ef#%8|=}GK(s`bc$jlrnaG&aB?C!HqUwpy;m~?k8ORN`H<(76yO~;
z1QFg5T4cF57BRKkO>*5@j4jBNj>~tPY`J39=W}9SWf<j^U_OY7ahiP437B>I$wjeq
zZD4A$eexX^Cb6*JG}gM7H$93-N7LIOVKU><N%v<eEFWTYYcZ!sO4N_4TXdwC!XAbl
z4bL{X@Kj3a8W~jT)tRg1OJ%}{7q}#8ETY-5HeO=Rg`L(T=hc@#v(Ya|=)IICJhGy$
zs%t9CHFgke)mV74;08Hr0VuJs2CoOaKS3yWybc?)#P&lTfyCU{`@D&bC@jrfKEq|@
ze*2JH$%}?JWP4RBHHvPKD}+>C^4*=<El8y>-u1kOwC`!s+iAA!)K4+;J8Auf{V8FF
z3wtiX{jn!=a8KqLnu0+#)y-NrFe2-c(RxPQ(UNbGZ`j;%Xba#4>@&M9yUE&zpg#cQ
zW4Y!_=YKSA@`Y-8@}&1)G?~vXP+vJvvB_8+)2T`KuX~&pM!brD#HQ_RMBnY#t~B*Z
z9WophTa7(Gi%^+b#iSXf4bpep$w%IZRs?^&>toGKK*eQvCN6W5VFP0~WnU}^o=Rec
za-~@*sj5bj)x|>qwPHkb?RDa3TpTgc$)3<nd_A;gmBSW|6GKD?G3TdN<mo9!8mTSC
zOYI=I#gO8%&D?t`S|i*HPP7*Zr5$$dNkx~=e2o}N;IaxFAPG2)D|GV8((5622b>u5
zftg4iA=ua1<aZ7eDeH&d@IvDYKgKPVOT&{#+DiH)nWBK0V2I@gFd<=qf9|Gw>~N{~
z1H=6I2$#L;7o1dl1ePmDnTg&+Y?SQVTF_Kmd|!1SH(7C&7Z!L?MS78Cbk;s28^~Nn
z83ufWU`iqmGib;&dk=aCZFDA|6kH7Gj1HFTT1UMXCl<V;A~TPxsbE#(xLi0?vY7mA
z6sTns69BLXiiyfmJZNG|pi<++omd_ZsAwdk^zXvq?eQV@qLccPJh}OEwdc(?K;on^
zw#0kb>|%Xvs<}hH*7ZxT13(!!Ka$IGs7Yh!10fz7jrg#IxV_VQXQb=ZWYeTNquC?*
ztiTj<8&=Qi2I(ZSyOqQk;K0(9fUZ+uvwj`{K>Iygn|VmSsvqxXs`Ok+v?{c&3H3|V
zL?;Iad4L={!mWbxSz3(1iitSxp;}tAUdc(5$Owaq&X@W8wb@@Q*)QtR>L{BSaKcx;
zNfu_6Ud*4kwXHIcoRY1!D(rcru2?=hylHyoKo>V`zse#+r+lglK4OZ?%gsfoq8|Z}
zI(?RYS3`7R71&F|kZ+YXh+c^OdD6!Kze5SFPnmW+1}2dqmh}s9Sbx-(LXLa{d10>M
zJ@iG;@+q{vjyB6ZWFDu>$5*l6IwlVEZ1B2G=Emn0IwUYT4lGqY7{3yGA}N&JVLLTv
z;f!>YVYfsGDkjDh^~|j)!XGS9(E<VmpD_H*N7NyEx`rC22Dw*!_k!UD`!=3y34!{4
zl4iYcI*u-MvSAH@2%7A+2#(G-Vm!-kWiyTTt<vtPHA>QjpzEJ+v+V+&0&5>b#A}Bp
z-;OqIMSq5mUcRQo_^r}doc|Vb^^@uVcm=N+oSf?F{-f?LH8Lr<z0M!Yqz)_?a;d(^
zbX09@d})`68gwaG+MYdRWG%G3;WKz=NhFV*b#Z+u@uhsVtSH?o%ysOy>{i~$_N^tF
z{azY=9*6D`DwdQ2L#EsE%`bxO()7ln&#uB_F4~BaT5hzzz0#AVQDNxF7zrP|yjK(9
z6@qLIGOBjNw!FPMt+erDvxyy$xx+!-p3@c}lptm6s&liHST@71$vmBFBG>v_`wk)Q
zH;}FH^sp<oXk9W%G-=8-m`$AN(>g1v&y0VgI5#PQRpsL|9k~S|4mLT@ay&3-ze{EC
zy<ce}Ho+iHwBShfC7r}kx5#a&B|&YMIV7i|qo8AIri4?l%qTapIRgz0(hr$_@8vCu
zKeRT;+mKC8Vw8(%xbT(W#p*c<(`TeMi~+M+aB-gY@U}!g3!Hl5SS{-qp;KtbpR)Jl
zsgntyZD3BRGm4g*`Ed|>OOi85<bt%#Iv2XZ;~)cFaUqnCMn(tyrhh2>lO)B;w01w|
zE@va9Q&;^FMfchwZk+>&JK$OBOg*Vyh(HOGQ!h0~B|EOYTj?GgF=jX}%5tsbEOYbS
z_YhpR5Ix%s8lRA&T-@$%Pk^-jprjvEptugkz$Pi;$DXxqILyo`2GP;7B3D(2n)Mp|
zodash@c4Azr3CGfL>Ct{i%Un?^qW9^B4PWT5zhpPcptjgpbf}KFD@C=IzVuc{Ny{m
z_mnNRaGdmZM>P~i;tH)dY@gM%_(r7{%cNIp&qgYb*|bG9gFfH1QhWI*#h|3jq9@Ox
ztys7#I`|pp7MKgc5{=px(3wa4(d*Qg22F9)j~15H=V12gch(A5G(_&Vwq}0!+|b`8
zud}SaCG^eT5e7hn<#Dq}Ywy6f^G&T=&4emg^?ddLIqTeK)^xAFRMdms>gg5DT=4S`
z-xkNmD`&@DkzIW&uQ3B2aT?k-YHmAUw@{deJSk4sws3EJ$G>1L<uqpnRZ{v=?KMPX
z6setjIJJ#&)?nRCa`gqbEYC7iOMhn_XS%`eNWNHOC_rvHjp~bry9F;QKfi8^PiqsY
zEhZ49YVOKo_YAA|OAzpB%hTVxd^%j#adb}CmP?aIHSOfBz2DL3qI7#|?fm5pp9vzw
zD{u+&_h(D*xc_`f2X^0iP^5nef;%woseM0cWjpBt$Y5u$=}sJcX&Qhe7`HqyK9eCK
zJiQ<90+c*Lkvr)e6K^BqE(RrA>WADA$~Y=k583c)bVqj-7E6s8Dz3E%AC=NxJ+tJC
zFb-{3vOHA|_ec#X0J5Q=)WK5Z&OA1UYoY#)YjpZ)FnhsF?{I!^6K2HREQ4wJ!>mBR
z$fxzS_sOdP<S^1OcxPB>LP{Vo?3~IMJ~cH2bZtWKl5Yj*o}o5j-Cw^CD;-yncc`Qf
zLuc^KXHXiF|IfgnJ0@e+_)-4zV-@A&lkGz)KgDP}K9q}YpxGxY?`r{B?>1o7N|qi<
z*|R^3-c46nCY&mAPWO<K%M}9N;pTVBH->Tq`c2GUrDiN~G!0;<pNkiej<1}B%yxPT
z?`%mLd!GbMJ)uu2Ys8XD-r&wpCp>-%{LRzi5%hoASUiSajOCY)#lmdMpkNS4m=*-$
z1>r3j`GGp)8P6{gOn~J%PJHW#D^x8qc15p5`Bi$}#)f@1g(8c>t{il|GG|0NA+1U;
zu37zHt0!<-h~l~EU1#1decrc2eo_I5g+`90xv<IubEh1U)cDPDLb(9Mgy)3l)93wa
zpDO&32&x-`R@(m{nEPIIM@J0Tj%+zjXWDPy1~A*cl8+BL43=m$<26&#)$?>clYBce
zn6)gozNaa>DAW0aRT))jPSG8kE1M&5jXzB73;K$8reo%KZMk#M17Ke%u^$|FKgyz}
zq^?NrK*GN|;Uo^4SWM*Qc_!2*UQpcB5&)Z}MviAkg@fcxj}~3Z3Spzul->`t(z9L-
z1ApB7^n^9q)XWBvW$f28RBEX!gFG~MtJk1wte*Lrd+V8Wcdhor5n;WuAoPIDeag0)
zZgfB7wow3KCQx&iaVjLfs3uzCetp)owPL>%p-RX^vc+r_;<(#K@$K8<Vk4&b@u3XS
z{Io`9mtQa`)|rkh7I){MyL2ky_GgPCKLEQjq5lj!coJ3SvzLARdWC7RX2qyEsiB*x
zFgSI(!32my_U>qFP)iZ68zw(5BAb^tZZe8>EbpolhqX1+mg@POpH@!Hg+~hJzZOmp
zM5=1GH{~t9VyB^H=O}%+rcZqQZjANj#VL2>m=RUq%qvpo<~8@>a;!tP>%sXg7Wl@h
zQ66U1DNoqT>)4%Z=JbLd<^q_F;y<|vKfnOPS3<der6PO}ROv7L#a(9jCwH3x#qjrx
zgvT+c{(B90Ob-J2_`5myI{5h_|K~Oq^k@C~j(-*OUkCy*fi_ec{#zF0?)HDuzrXT-
Vv>;;C;(tr=4;cli#2J3g{{g@fno0lw


From b575bb1ce016ba9863abf7f7a9bc60ee881e78b2 Mon Sep 17 00:00:00 2001
From: Josh Feingold <jfeingold@salesforce.com>
Date: Tue, 2 Jan 2024 15:35:48 -0600
Subject: [PATCH 05/10] @W-13222948@: Implemented feedback from code review.

---
 src/Constants.ts                       |  2 +-
 src/lib/pmd/PmdEngine.ts               |  4 ++--
 src/lib/services/CommandLineSupport.ts | 14 ++++++++++++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/Constants.ts b/src/Constants.ts
index 81b23f6ff..0e2c2eca3 100644
--- a/src/Constants.ts
+++ b/src/Constants.ts
@@ -2,7 +2,7 @@ import os = require('os');
 import path = require('path');
 
 export const PMD_VERSION = '6.55.0';
-export const PMD_APPEXCHANGE_VERSION = '0.12';
+export const PMD_APPEXCHANGE_RULES_VERSION = '0.12';
 export const SFGE_VERSION = '1.0.1-pilot';
 export const DEFAULT_SCANNER_PATH = path.join(os.homedir(), '.sfdx-scanner');
 export const CATALOG_FILE = 'Catalog.json';
diff --git a/src/lib/pmd/PmdEngine.ts b/src/lib/pmd/PmdEngine.ts
index 4006806b9..5693cfcfc 100644
--- a/src/lib/pmd/PmdEngine.ts
+++ b/src/lib/pmd/PmdEngine.ts
@@ -4,7 +4,7 @@ import {Controller} from '../../Controller';
 import {Catalog, Rule, RuleGroup, RuleResult, RuleTarget, RuleViolation, TargetPattern} from '../../types';
 import {AbstractRuleEngine} from '../services/RuleEngine';
 import {Config} from '../util/Config';
-import {APPEXCHANGE_PMD_LIB, PMD_APPEXCHANGE_VERSION, CUSTOM_CONFIG, ENGINE, EngineBase, HARDCODED_RULES, PMD_LIB, PMD_VERSION, Severity} from '../../Constants';
+import {APPEXCHANGE_PMD_LIB, PMD_APPEXCHANGE_RULES_VERSION, CUSTOM_CONFIG, ENGINE, EngineBase, HARDCODED_RULES, PMD_LIB, PMD_VERSION, Severity} from '../../Constants';
 import {PmdCatalogWrapper} from './PmdCatalogWrapper';
 import PmdWrapper from './PmdWrapper';
 import {EVENTS, uxEvents} from "../ScannerEvents";
@@ -596,7 +596,7 @@ export class AppExchangePmdEngine extends AbstractPmdEngine {
 	private createRuleMap(): Map<string, Set<string>> {
 		const rulePathsByLanguage = new Map<string, Set<string>>();
 		for (const language of AppExchangePmdEngine.SUPPORTED_LANGUAGES) {
-			const jarPath = path.join(`${APPEXCHANGE_PMD_LIB}`, `sfca-pmd-${language}-${PMD_APPEXCHANGE_VERSION}.jar`);
+			const jarPath = path.join(`${APPEXCHANGE_PMD_LIB}`, `sfca-pmd-${language}-${PMD_APPEXCHANGE_RULES_VERSION}.jar`);
 			rulePathsByLanguage.set(language, new Set<string>([jarPath]));
 		}
 		return rulePathsByLanguage;
diff --git a/src/lib/services/CommandLineSupport.ts b/src/lib/services/CommandLineSupport.ts
index f1b8485f7..981ee9f3d 100644
--- a/src/lib/services/CommandLineSupport.ts
+++ b/src/lib/services/CommandLineSupport.ts
@@ -24,6 +24,20 @@ export class CommandLineResultHandler {
 	}
 }
 
+/**
+ * Parent class for wrappers around CLI child processes.
+ *
+ * This class handles spawning and monitoring a child process, processing its real-time output, and invoking
+ * a handler on its final output.
+ *
+ * Subclasses must handle;
+ * - Creating an array of arguments to be used for spawning the process
+ * - Indicating whether a given status code is a successful or failed run
+ *
+ * TODO: The extension of {@link AsyncCreatable} imposes undesirable constraints on subclasses. If possible,
+ *       we should seek to migrate away from {@link AsyncCreatable}, and either towards a fully synchronous
+ *       model or towards a more flexible alternative (possibly one we write ourselves).
+ */
 export abstract class CommandLineSupport extends AsyncCreatable {
 
 	private parentLogger: Logger;

From 0cb04925f8956316fdb9cc0bf2b77d93b18d7e5d Mon Sep 17 00:00:00 2001
From: Josh Feingold <jfeingold@salesforce.com>
Date: Wed, 3 Jan 2024 11:10:38 -0600
Subject: [PATCH 06/10] @W-13222948@: Fixed failing test.

---
 test/commands/scanner/run.test.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/commands/scanner/run.test.ts b/test/commands/scanner/run.test.ts
index fa080381d..2ad3abb47 100644
--- a/test/commands/scanner/run.test.ts
+++ b/test/commands/scanner/run.test.ts
@@ -1,5 +1,4 @@
 import {expect} from 'chai';
-// @ts-ignore
 import {runCommand} from '../../TestUtils';
 import {BundleName, getMessage} from "../../../src/MessageCatalog";
 import * as os from "os";
@@ -591,12 +590,13 @@ describe('scanner run', function () {
 			// Note: Please keep this up-to-date. It will make it way easier to debug if needed.
 			// The following categories are implicitly included:
 			// - 8 PMD categories
+			// - 1 PMD-AppExchange category
 			// - 3 ESLint categories
 			// - 3 ESLint-Typescript categories
 			// - 1 RetireJS category
-			// For a total of 15
+			// For a total of 16
 			// TODO: revisit test, should be improved because of issue above
-			expect(implicitMessages || []).to.have.lengthOf(15, `Entries for implicitly added categories from all engines:\n ${JSON.stringify(implicitMessages)}`);
+			expect(implicitMessages || []).to.have.lengthOf(16, `Entries for implicitly added categories from all engines:\n ${JSON.stringify(implicitMessages)}`);
 
 		});
 	});

From a8d9755c5d3ee8964f030534c16eef153f3158a3 Mon Sep 17 00:00:00 2001
From: Josh Feingold <jfeingold@salesforce.com>
Date: Fri, 5 Jan 2024 10:05:45 -0600
Subject: [PATCH 07/10] @W-13222948@: Updated JARs.

---
 pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar      | Bin 2931 -> 2931 bytes
 pmd-appexchange/lib/sfca-pmd-apex-0.12.jar    | Bin 8217 -> 8217 bytes
 pmd-appexchange/lib/sfca-pmd-html-0.12.jar    | Bin 1920 -> 1920 bytes
 .../lib/sfca-pmd-javascript-0.12.jar          | Bin 1951 -> 1951 bytes
 .../lib/sfca-pmd-visualforce-0.12.jar         | Bin 7618 -> 7618 bytes
 pmd-appexchange/lib/sfca-pmd-xml-0.12.jar     | Bin 3986 -> 3986 bytes
 6 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar b/pmd-appexchange/lib/pmd-xml-sf-0.0.1.jar
index fd583f08186c7bd6c56bfd6f8e227fb22628ce95..30d6bb81ca38dc169d70658c6a55a35c63a9e45c 100644
GIT binary patch
delta 215
zcmew?_F0TCz?+$ci-CcIgW;2xYQ#i7RTeO9?g^n=6d?2p9SD8H08CHjVKjv>Tp1m}
zjLn^ls%(NFy$nFW1R{VyX!1vPQ2}NKR9hxLVP6Z;J(a^4!Z^cW2VwAW>OmL|oK_G<
e9Vb-k0H-rVgq_O|!ieO`hcM1?*+3XP-01+7f<UYQ

delta 215
zcmew?_F0TCz?+$ci-CcIgMmF^PWVJVRTeO9?g^n=6d?2p9SD8H08CHjVKjv>Tp1m}
zjLn^ls%(NFy$nFW1R{VyX!1vPQ2}NKR9hxLVP6Z;J(a^4!Z^cW2VwAW>OmL|oK_G<
e9Vb-k0H-rVgq_O|!ieO`hcM1?*+3XP-01*%X*oau

diff --git a/pmd-appexchange/lib/sfca-pmd-apex-0.12.jar b/pmd-appexchange/lib/sfca-pmd-apex-0.12.jar
index 663a356582e01cdbcf2ecab5e0d6dcf554e91e4c..76cf050e42a6cc775b821db08370974553f64dc4 100644
GIT binary patch
delta 276
zcmbQ~Fw=oAz?+$ci-CcIgW;2xYQ#i7RTeO9?g^n=6d?2pZ3unc1WZrnXS9GYycuo5
zjLkiaF1!$-D^Now|K-zy$Z7M>=7Pwbl7v_=`LiTcPEpE;2_iQ^PHJ+Yj3k89Cu0X;
zT#(U&FqmX5Aq;z2CkUfe)(yfqFY66q$jRkF7!%}-A&ee*smTxJ<RBboc|Vx6)Z~15
Os8v1kP`{jz4+H?SMP1+k

delta 276
zcmbQ~Fw=oAz?+$ci-CcIgMlMqPWVJVRTeO9?g^n=6d?2pZ3unc1WZrnXS9GYycuo5
zjLkiaF1!$-D^Now|K-zy$Z7M>=7Pwbl7v_=`LiTcPEpE;2_iQ^PHJ+Yj3k89Cu0X;
zT#(U&FqmX5Aq;z2CkUfe)(yfqFY66q$jRkF7!%}-A&ee*smTxJ<RBboc|Vx6)Z~15
Os8v1kP`{jz4+H@HPg9rx

diff --git a/pmd-appexchange/lib/sfca-pmd-html-0.12.jar b/pmd-appexchange/lib/sfca-pmd-html-0.12.jar
index 501f41e7bd85569f018a113dd6f58b082890baab..87f6dcf0e601efab75726d7efbb931b1c7f7dad1 100644
GIT binary patch
delta 167
zcmZqRZ{X((@MdP=VqoClVEF8%8ZnVil?6<jd$N22@mo|O^ja-2z45jRGng@%nFS&<
zS%(E8wK<AKff1~EaviHNgt3*?4x+k_Rcf*zn<Rvz$7TUxWU=`nq^}{Qr6%*T%RyxH
G*#iNXA2Uz@

delta 167
zcmZqRZ{X((@MdP=VqoClVBkoY6F!kol?6<jdqU_ID1WUMn7{G13Nx57nVAJ5Gg*fP
zBDFb+MS&3_SI24$VQgi!gNaB@7G#rzaP-(LAdD<FKZNu(gtXLTUUoT%j6QoH0Fan1
AYybcN

diff --git a/pmd-appexchange/lib/sfca-pmd-javascript-0.12.jar b/pmd-appexchange/lib/sfca-pmd-javascript-0.12.jar
index d09080b5ac15981941e1b9ef1cbcdca733fc4473..98376a7b6e481ee0ee433062c86a330a59fb8848 100644
GIT binary patch
delta 163
zcmbQwKcAm3z?+$ci-CcIgW<E6YQ#i7RTeO9?g^n=p!~H4VE)F3oXlXx<af*vnaScT
z5UI`HEC!4axq4P(2xA+o9ZW=OvJjgjgrm;}6)j|of{2`FgKE%clbWo+t^yJDU=IfX
DPv$eB

delta 163
zcmbQwKcAm3z?+$ci-CcIgMlMqPWVJVRTeO9?g^n=p!~H4VE)F3oXlXx<af*vnaScT
z5UI`HEC!4axq4P(2xA+o9ZW=OvJjgjgrm;}6)j|of{2`FgKE%clbWo+t^yJDU=IfX
DS(Yua

diff --git a/pmd-appexchange/lib/sfca-pmd-visualforce-0.12.jar b/pmd-appexchange/lib/sfca-pmd-visualforce-0.12.jar
index dbecad654e0430952d7f25c5f71b184a871c2078..0208136cd6870803a1a334281f34a968f106fbb6 100644
GIT binary patch
delta 287
zcmX?PeaM<Gz?+$ci-CcIgW<E6YQ#i7RTeO9?g^n=6d?2pZ3unc1WZrnXS9GYycw;*
zjLlt)?i>)-Rn8y?YqGWw#JI^JLK+ac2BAn+h{n6(P&qaUsGN~RA|pg@x}-6LaZb_>
z!Vr+sgD{+=EFp|~DJKZysFWLo!7mMQ^yC=nJc!6S=|Tv@Sq5rgm5dogWQ&X!gux^W
Qmy((sEGq*MEtd5M02p>()c^nh

delta 287
zcmX?PeaM<Gz?+$ci-CcIgMlMqPWVJVRTeO9?g^n=6d?2pZ3unc1WZrnXS9GYycw;*
zjLlt)?i>)-Rn8y?YqGWw#JI^JLK+ac2BAn+h{n6(P&qaUsGN~RA|pg@x}-6LaZb_>
z!Vr+sgD{+=EFp|~DJKZysFWLo!7mMQ^yC=nJc!6S=|Tv@Sq5rgm5dogWQ&X!gux^W
Qmy((sEGq*MEtd5M0KPj^vj6}9

diff --git a/pmd-appexchange/lib/sfca-pmd-xml-0.12.jar b/pmd-appexchange/lib/sfca-pmd-xml-0.12.jar
index 7e170f77c20e0803adc2a8851ff82610edb57b32..381a1b3ab1e0e0f738ba8f98c89b85e04eea89ae 100644
GIT binary patch
delta 163
zcmbOvKS`c1z?+$ci-CcIgW<E6YQ#i7RTeO9?g^n=p!~I(VE)Eiu3TWoWMyuM%w!*K
yh}7mvZV4uc+yy?V$?JI~A)GV3b_h`oKB%ZGpE*RdfzJmfZ46<s^FyVa_yYiaC^YW?

delta 163
zcmbOvKS`c1z?+$ci-CcIgMlMqPWVJVRTeO9?g^n=p!~I(VE)Eiu3TWoWMyuM%w!*K
yh}7mvZV4uc+yy?V$?JI~A)GV3b_h`oKB%ZGpE*RdfzJmfZ46<s^FyVa_yYisz%Ks)


From 913196b092f8d732d8c8dfe23dd2ffdc9f4c6041 Mon Sep 17 00:00:00 2001
From: Joshua Feingold <jfeingold35@gmail.com>
Date: Fri, 5 Jan 2024 11:45:20 -0600
Subject: [PATCH 08/10] @W-13222948@: Added test coverage, fixed test failures.

---
 package.json                                  |  1 +
 src/lib/pmd/PmdEngine.ts                      |  1 +
 .../objects/clean.object                      |  5 ++++
 .../objects/unclean.object                    |  5 ++++
 test/commands/scanner/run.filters.test.ts     | 28 +++++++++++++++++--
 5 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 test/code-fixtures/projects/pmd-appexchange-test-app/objects/clean.object
 create mode 100644 test/code-fixtures/projects/pmd-appexchange-test-app/objects/unclean.object

diff --git a/package.json b/package.json
index e2911eeb7..b9ce6351e 100644
--- a/package.json
+++ b/package.json
@@ -91,6 +91,7 @@
 		"/messages",
 		"/npm-shrinkwrap.json",
 		"/oclif.manifest.json",
+		"/pmd-appexchange",
 		"/html-templates",
 		"/retire-js",
 		"/oclif.lock"
diff --git a/src/lib/pmd/PmdEngine.ts b/src/lib/pmd/PmdEngine.ts
index 5693cfcfc..7f46fc588 100644
--- a/src/lib/pmd/PmdEngine.ts
+++ b/src/lib/pmd/PmdEngine.ts
@@ -584,6 +584,7 @@ export class AppExchangePmdEngine extends AbstractPmdEngine {
 		return !isCustomRun(engineOptions) && engineUtils.isFilterEmptyOrNameInFilter(this.getName(), filterValues);
 	}
 
+	// eslint-disable-next-line @typescript-eslint/no-unused-vars
 	public async run(ruleGroups: RuleGroup[], rules: Rule[], targets: RuleTarget[], engineOptions: Map<string, string>): Promise<RuleResult[]> {
 		const selectedRules = ruleGroups.map(np => np.paths).join(',');
 		return await this.runInternal(selectedRules, targets, this.createRuleMap(), [`${APPEXCHANGE_PMD_LIB}/*`]);
diff --git a/test/code-fixtures/projects/pmd-appexchange-test-app/objects/clean.object b/test/code-fixtures/projects/pmd-appexchange-test-app/objects/clean.object
new file mode 100644
index 000000000..a7176c147
--- /dev/null
+++ b/test/code-fixtures/projects/pmd-appexchange-test-app/objects/clean.object
@@ -0,0 +1,5 @@
+<LightningMessageChannel>
+	<masterLabel>Beep</masterLabel>
+	<isExposed>false</isExposed>
+	<description>lorem ipsum</description>
+</LightningMessageChannel>
diff --git a/test/code-fixtures/projects/pmd-appexchange-test-app/objects/unclean.object b/test/code-fixtures/projects/pmd-appexchange-test-app/objects/unclean.object
new file mode 100644
index 000000000..810279573
--- /dev/null
+++ b/test/code-fixtures/projects/pmd-appexchange-test-app/objects/unclean.object
@@ -0,0 +1,5 @@
+<LightningMessageChannel>
+	<masterLabel>Beep</masterLabel>
+	<isExposed>true</isExposed>
+	<description>lorem ipsum</description>
+</LightningMessageChannel>
diff --git a/test/commands/scanner/run.filters.test.ts b/test/commands/scanner/run.filters.test.ts
index dd0a4d1a5..866e5c164 100644
--- a/test/commands/scanner/run.filters.test.ts
+++ b/test/commands/scanner/run.filters.test.ts
@@ -1,5 +1,4 @@
 import {expect} from 'chai';
-// @ts-ignore
 import {runCommand} from '../../TestUtils';
 import path = require('path');
 import * as TestUtils from '../../TestUtils';
@@ -9,7 +8,7 @@ describe('scanner run tests that result in the use of RuleFilters', function ()
 	describe('Single filter', () => {
 		describe('Positive constraints', () => {
 			it('Case: --engine eslint-lwc against clean LWC code', () => {
-				const output = runCommand(`scanner run --target ${path.join('test', 'code-fixtures', 'lwc')} --format csv --engine eslint-lwc`);
+				const output = runCommand(`scanner run --target ${path.join('test', 'code-fixtures', 'projects', 'lwc')} --format csv --engine eslint-lwc`);
 				const stdout = output.shellOutput.stdout;
 				// If there's a summary, then it'll be separated from the CSV by an empty line. Throw it away.
 				const [csv, _] = stdout.trim().split(/\n\r?\n/);
@@ -33,6 +32,31 @@ describe('scanner run tests that result in the use of RuleFilters', function ()
 					expect(messages).to.contain(expectedMessage);
 				}
 			});
+
+			it('Case: --engine pmd-appexchange against clean code', () => {
+				const output = runCommand(`scanner run --target ${path.join('test', 'code-fixtures', 'projects', 'pmd-appexchange-test-app', 'objects', 'clean.object')} --format csv --engine pmd-appexchange`);
+				const stdout = output.shellOutput.stdout;
+				// If there's a summary, then it'll be separated from the CSV by an empty line. Throw it away.
+				const [csv, _] = stdout.trim().split(/\n\r?\n/);
+
+				// Confirm there are no violations.
+				// Since it's a CSV, the rows themselves are separated by newline characters.
+				// The header should not have any newline characters after it. There should be no violation rows.
+				expect(csv.indexOf('\n')).to.equal(-1, "Should be no violations detected");
+			});
+
+			it('Case: --engine pmd-appexchange against unclean code', () => {
+				const output = runCommand(`scanner run --target ${path.join('test', 'code-fixtures', 'projects', 'pmd-appexchange-test-app', 'objects', 'unclean.object')} --format json --engine pmd-appexchange`);
+				const stdout = output.shellOutput.stdout;
+				const results = JSON.parse(stdout.slice(stdout.indexOf('['), stdout.lastIndexOf(']') + 1));
+				expect(results, `results does not have expected length. ${results.map(r => r.fileName).join(',')}`)
+					.to.be.an('Array').that.has.length(1);
+				const messages = results[0].violations.map(v => v.message);
+				const expectedMessages = ['\nUse Lightning Message Channel with isExposed set to false.\n'];
+				for (const expectedMessage of expectedMessages) {
+					expect(messages).to.contain(expectedMessage);
+				}
+			});
 		});
 
 		describe('Negative constraints', () => {

From b3cfa009af8c39f3007df473aa8a648a9bf6711e Mon Sep 17 00:00:00 2001
From: Joshua Feingold <jfeingold35@gmail.com>
Date: Fri, 5 Jan 2024 13:32:19 -0600
Subject: [PATCH 09/10] @W-13222948@: Fixed test failure.

---
 test/commands/scanner/run.test.ts | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/test/commands/scanner/run.test.ts b/test/commands/scanner/run.test.ts
index 2ad3abb47..23f3b1715 100644
--- a/test/commands/scanner/run.test.ts
+++ b/test/commands/scanner/run.test.ts
@@ -583,20 +583,16 @@ describe('scanner run', function () {
 			// Before the violations are logged, there should be 16 log runMessages about implicitly included PMD categories.
 			const regex = new RegExp(getMessage(BundleName.EventKeyTemplates, 'info.categoryImplicitlyRun', ['.*', '.*']), 'g');
 			const implicitMessages = violations[0].match(regex);
-			// if this test is not passing and the output seems very large, that's because the test reruns on failures,
-			// and the output accumulates each time, so the output on failure is not the true length of the output
-			// from individual runs. To get what the actual value is, divide the value in the test failure by 6, since
-			// there are five retries in addition to the initial run.
 			// Note: Please keep this up-to-date. It will make it way easier to debug if needed.
-			// The following categories are implicitly included:
+			// The following categories are implicitly included, because they come from default-enabled engines:
 			// - 8 PMD categories
-			// - 1 PMD-AppExchange category
 			// - 3 ESLint categories
 			// - 3 ESLint-Typescript categories
 			// - 1 RetireJS category
-			// For a total of 16
+			// For a total of 15
 			// TODO: revisit test, should be improved because of issue above
-			expect(implicitMessages || []).to.have.lengthOf(16, `Entries for implicitly added categories from all engines:\n ${JSON.stringify(implicitMessages)}`);
+			console.log(`${JSON.stringify(implicitMessages)}`);
+			expect(implicitMessages || []).to.have.lengthOf(15, `Entries for implicitly added categories from all engines:\n ${JSON.stringify(implicitMessages)}`);
 
 		});
 	});

From ce6ab3e0ba048ed62540328d2962af99a60a1fa2 Mon Sep 17 00:00:00 2001
From: Joshua Feingold <jfeingold35@gmail.com>
Date: Fri, 5 Jan 2024 14:50:30 -0600
Subject: [PATCH 10/10] @W-13222948@: Fixed windows-only failure.

---
 test/commands/scanner/run.filters.test.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/commands/scanner/run.filters.test.ts b/test/commands/scanner/run.filters.test.ts
index 866e5c164..debac5709 100644
--- a/test/commands/scanner/run.filters.test.ts
+++ b/test/commands/scanner/run.filters.test.ts
@@ -51,8 +51,8 @@ describe('scanner run tests that result in the use of RuleFilters', function ()
 				const results = JSON.parse(stdout.slice(stdout.indexOf('['), stdout.lastIndexOf(']') + 1));
 				expect(results, `results does not have expected length. ${results.map(r => r.fileName).join(',')}`)
 					.to.be.an('Array').that.has.length(1);
-				const messages = results[0].violations.map(v => v.message);
-				const expectedMessages = ['\nUse Lightning Message Channel with isExposed set to false.\n'];
+				const messages = results[0].violations.map(v => v.message.trim());
+				const expectedMessages = ['Use Lightning Message Channel with isExposed set to false.'];
 				for (const expectedMessage of expectedMessages) {
 					expect(messages).to.contain(expectedMessage);
 				}