Skip to content

Commit

Permalink
Merge pull request #14 from h3xstream/feature/jsp_support
Browse files Browse the repository at this point in the history
Feature: JSP support
  • Loading branch information
h3xstream committed Jun 6, 2016
2 parents 1f6832e + e0a654c commit 2361423
Show file tree
Hide file tree
Showing 38 changed files with 1,438 additions and 235 deletions.
3 changes: 1 addition & 2 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
<sonar.version>4.5.2</sonar.version>
<sonar-java.version>2.7</sonar-java.version>
<fbcontrib.version>6.2.3</fbcontrib.version>
<findsecbugs.version>1.4.3</findsecbugs.version>
<findsecbugs.version>1.4.4</findsecbugs.version>
</properties>

<dependencies>
Expand Down Expand Up @@ -158,7 +158,6 @@
<dependency>
<groupId>org.codehaus.sonar-plugins.java</groupId>
<artifactId>sonar-java-plugin</artifactId>
<type>sonar-plugin</type>
<version>${sonar-java.version}</version>
<scope>provided</scope>
</dependency>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* SonarQube Findbugs Plugin
* Copyright (C) 2012 SonarSource
* [email protected]
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02
*/
package org.sonar.plugins.findbugs;

import org.sonar.api.server.rule.RulesDefinition;
import org.sonar.api.server.rule.RulesDefinitionXmlLoader;
import org.sonar.plugins.findbugs.language.Jsp;

/**
* This RulesDefinition build a separate repository from the FindSecurityBugsRulesDefinition to allow a separate ruleset
* for JSP language.
* @see FindSecurityBugsRulesDefinition
*/
public class FindSecurityBugsJspRulesDefinition implements RulesDefinition {

public static final String REPOSITORY_KEY = "findsecbugs-jsp";
public static final String REPOSITORY_JSP_NAME = "Find Security Bugs (JSP)";

@Override
public void define(Context context) {
NewRepository repositoryJsp = context
.createRepository(REPOSITORY_KEY, Jsp.KEY)
.setName(REPOSITORY_JSP_NAME);

RulesDefinitionXmlLoader ruleLoaderJsp = new RulesDefinitionXmlLoader();
ruleLoaderJsp.load(repositoryJsp, FindSecurityBugsRulesDefinition.class.getResourceAsStream("/org/sonar/plugins/findbugs/rules-jsp.xml"), "UTF-8");
repositoryJsp.done();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,12 @@
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.CharEncoding;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.api.BatchExtension;
import org.sonar.api.CoreProperties;
import org.sonar.api.PropertyType;
Expand All @@ -44,11 +47,15 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.util.Collection;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.Queue;

public class FindbugsConfiguration implements BatchExtension {

private static final Logger LOG = LoggerFactory.getLogger(FindbugsExecutor.class);

private final FileSystem fileSystem;
private final Settings settings;
private final RulesProfile profile;
Expand All @@ -71,18 +78,34 @@ public File getTargetXMLReport() {
public edu.umd.cs.findbugs.Project getFindbugsProject() throws IOException {
edu.umd.cs.findbugs.Project findbugsProject = new edu.umd.cs.findbugs.Project();

for (File file : getSourceFiles()) {
findbugsProject.addFile(file.getCanonicalPath());
/*for (File file : getSourceFiles()) {
if(FilenameUtils.getExtension(file.getName()).equals("java")) {
findbugsProject.addFile(file.getCanonicalPath());
}
}*/

List<File> classFilesToAnalyze = new ArrayList<>(javaResourceLocator.classFilesToAnalyze());

for (File file : javaResourceLocator.classpath()) {
//Will capture additional classes including precompiled JSP
if(file.isDirectory()) { // will include "/target/classes" and other non-standard folders
classFilesToAnalyze.addAll(scanForAdditionalClasses(file));
}

//Auxiliary dependencies
findbugsProject.addAuxClasspathEntry(file.getCanonicalPath());
}

Collection<File> classFilesToAnalyze = javaResourceLocator.classFilesToAnalyze();
for (File classToAnalyze : classFilesToAnalyze) {
findbugsProject.addFile(classToAnalyze.getCanonicalPath());
}

for (File file : javaResourceLocator.classpath()) {
findbugsProject.addAuxClasspathEntry(file.getCanonicalPath());
if (classFilesToAnalyze.isEmpty()) {
LOG.warn("Findbugs needs sources to be compiled."
+ " Please build project before executing sonar or check the location of compiled classes to"
+ " make it possible for Findbugs to analyse your project.");
}

copyLibs();
if (annotationsLib != null) {
// Findbugs dependencies are packaged by Maven. They are not available during execution of unit tests.
Expand All @@ -107,6 +130,29 @@ File saveIncludeConfigXml() throws IOException {
return file;
}

/**
* Scan the given folder for classes. It will catch classes from Java, JSP and more.
*
* @param folder Folder to scan
* @return
* @throws IOException
*/
public static List<File> scanForAdditionalClasses(File folder) throws IOException {
List<File> allFiles = new ArrayList<File>();
Queue<File> dirs = new LinkedList<File>();
dirs.add(folder);
while (!dirs.isEmpty()) {
for (File f : dirs.poll().listFiles()) {
if (f.isDirectory()) {
dirs.add(f);
} else if (f.isFile()&& f.getName().endsWith(".class")) {
allFiles.add(f);
}
}
}
return allFiles;
}

@VisibleForTesting
List<File> getExcludesFilters() {
List<File> result = Lists.newArrayList();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -210,9 +210,7 @@ public Object call() {
try {
engine.execute();
return null;
} catch (InterruptedException e) {
throw Throwables.propagate(e);
} catch (IOException e) {
} catch (InterruptedException | IOException e) {
throw Throwables.propagate(e);
} finally {
engine.dispose();
Expand Down
12 changes: 10 additions & 2 deletions src/main/java/org/sonar/plugins/findbugs/FindbugsPlugin.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@

import com.google.common.collect.ImmutableList;
import org.sonar.api.SonarPlugin;
import org.sonar.plugins.findbugs.language.Jsp;
import org.sonar.plugins.findbugs.language.JspCodeColorizerFormat;
import org.sonar.plugins.findbugs.resource.ByteCodeResourceLocator;

import java.util.List;

Expand All @@ -31,17 +34,22 @@ public List getExtensions() {
ImmutableList.Builder<Object> extensions = ImmutableList.builder();
extensions.addAll(FindbugsConfiguration.getPropertyDefinitions());
extensions.add(
Jsp.class,
JspCodeColorizerFormat.class,
FindbugsSensor.class,
FindbugsConfiguration.class,
FindbugsExecutor.class,
FindbugsRulesDefinition.class,
FindbugsProfileExporter.class,
FindbugsProfileImporter.class,
FindbugsProfile.class,
FindbugsSecurityAuditProfile.class,
FindbugsSecurityMinimalProfile.class,
FindbugsSecurityJspProfile.class,
FindbugsRulesDefinition.class,
FbContribRulesDefinition.class,
FindSecurityBugsRulesDefinition.class);
FindSecurityBugsRulesDefinition.class,
FindSecurityBugsJspRulesDefinition.class,
ByteCodeResourceLocator.class);
return extensions.build();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import org.sonar.api.profiles.RulesProfile;
import org.sonar.api.rules.ActiveRule;
import org.sonar.api.utils.SonarException;
import org.sonar.plugins.findbugs.language.Jsp;
import org.sonar.plugins.findbugs.xml.Bug;
import org.sonar.plugins.findbugs.xml.FindBugsFilter;
import org.sonar.plugins.findbugs.xml.Match;
Expand All @@ -37,7 +38,7 @@ public class FindbugsProfileExporter extends ProfileExporter {

public FindbugsProfileExporter() {
super(/* (Godin): actually exporter key: */FindbugsRulesDefinition.REPOSITORY_KEY, FindbugsConstants.PLUGIN_NAME);
setSupportedLanguages(Java.KEY);
setSupportedLanguages(Java.KEY, Jsp.KEY);
setMimeType("application/xml");
}

Expand All @@ -47,7 +48,8 @@ public void exportProfile(RulesProfile profile, Writer writer) {
FindBugsFilter filter = buildFindbugsFilter(Iterables.concat(
profile.getActiveRulesByRepository(FindbugsRulesDefinition.REPOSITORY_KEY),
profile.getActiveRulesByRepository(FbContribRulesDefinition.REPOSITORY_KEY),
profile.getActiveRulesByRepository(FindSecurityBugsRulesDefinition.REPOSITORY_KEY)
profile.getActiveRulesByRepository(FindSecurityBugsRulesDefinition.REPOSITORY_KEY),
profile.getActiveRulesByRepository(FindSecurityBugsJspRulesDefinition.REPOSITORY_KEY)
));
XStream xstream = FindBugsFilter.createXStream();
writer.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!-- Generated by SonarQube -->\n".concat(xstream.toXML(filter)));
Expand All @@ -61,7 +63,8 @@ protected static FindBugsFilter buildFindbugsFilter(Iterable<ActiveRule> activeR
for (ActiveRule activeRule : activeRules) {
if (FindbugsRulesDefinition.REPOSITORY_KEY.equals(activeRule.getRepositoryKey()) ||
FbContribRulesDefinition.REPOSITORY_KEY.equals(activeRule.getRepositoryKey()) ||
FindSecurityBugsRulesDefinition.REPOSITORY_KEY.equals(activeRule.getRepositoryKey())) {
FindSecurityBugsRulesDefinition.REPOSITORY_KEY.equals(activeRule.getRepositoryKey()) ||
FindSecurityBugsJspRulesDefinition.REPOSITORY_KEY.equals(activeRule.getRepositoryKey())) {
Match child = new Match();
child.setBug(new Bug(activeRule.getConfigKey()));
root.addMatch(child);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import org.sonar.api.rules.RulePriority;
import org.sonar.api.rules.RuleQuery;
import org.sonar.api.utils.ValidationMessages;
import org.sonar.plugins.findbugs.language.Jsp;
import org.sonar.plugins.findbugs.xml.FindBugsFilter;
import org.sonar.plugins.java.Java;

Expand All @@ -45,7 +46,7 @@ public class FindbugsProfileImporter extends ProfileImporter {

public FindbugsProfileImporter(RuleFinder ruleFinder) {
super(FindbugsRulesDefinition.REPOSITORY_KEY, FindbugsConstants.PLUGIN_NAME);
setSupportedLanguages(Java.KEY);
setSupportedLanguages(Java.KEY, Jsp.KEY);
this.ruleFinder = ruleFinder;
}

Expand Down Expand Up @@ -76,6 +77,9 @@ private void activateRulesByPattern(RulesProfile profile, FindBugsFilter filter,
rule = ruleFinder.findByKey(FbContribRulesDefinition.REPOSITORY_KEY, patternLevel.getKey());
if (rule == null) {
rule = ruleFinder.findByKey(FindSecurityBugsRulesDefinition.REPOSITORY_KEY, patternLevel.getKey());
if (rule == null) {
rule = ruleFinder.findByKey(FindSecurityBugsJspRulesDefinition.REPOSITORY_KEY, patternLevel.getKey());
}
}
}
if (rule != null) {
Expand Down Expand Up @@ -132,8 +136,8 @@ private Iterable<Rule> rules() {
return Iterables.concat(
ruleFinder.findAll(RuleQuery.create().withRepositoryKey(FindbugsRulesDefinition.REPOSITORY_KEY)),
ruleFinder.findAll(RuleQuery.create().withRepositoryKey(FbContribRulesDefinition.REPOSITORY_KEY)),
ruleFinder.findAll(RuleQuery.create().withRepositoryKey(FindSecurityBugsRulesDefinition.REPOSITORY_KEY))
);
ruleFinder.findAll(RuleQuery.create().withRepositoryKey(FindSecurityBugsRulesDefinition.REPOSITORY_KEY)),
ruleFinder.findAll(RuleQuery.create().withRepositoryKey(FindSecurityBugsJspRulesDefinition.REPOSITORY_KEY)));
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
/*
* SonarQube Findbugs Plugin
* Copyright (C) 2012 SonarSource
* [email protected]
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02
*/
package org.sonar.plugins.findbugs;

import org.sonar.api.profiles.ProfileDefinition;
import org.sonar.api.profiles.RulesProfile;
import org.sonar.api.utils.ValidationMessages;
import org.sonar.plugins.findbugs.language.Jsp;

import java.io.InputStreamReader;
import java.io.Reader;

public class FindbugsSecurityJspProfile extends ProfileDefinition {

private static final String FINDBUGS_SECURITY_JSP_PROFILE_NAME = "FindBugs Security JSP";
private final FindbugsProfileImporter importer;

public FindbugsSecurityJspProfile(FindbugsProfileImporter importer) {
this.importer = importer;
}

@Override
public RulesProfile createProfile(ValidationMessages messages) {
Reader findbugsProfile = new InputStreamReader(this.getClass().getResourceAsStream(
"/org/sonar/plugins/findbugs/profile-findbugs-security-jsp.xml"));
RulesProfile profile = importer.importProfile(findbugsProfile, messages);
profile.setLanguage(Jsp.KEY);
profile.setName(FINDBUGS_SECURITY_JSP_PROFILE_NAME);
return profile;
}

}
Loading

0 comments on commit 2361423

Please sign in to comment.