Update rules

Author: gretard

.gitignore

@@ -10,3 +10,6 @@
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
+
+.scannerwork
+.settings

README.md

@@ -26,6 +26,7 @@ You can support this [project and others](https://github.com/gretard) via [Paypa
 4. Install [PSScriptAnalyzer](https://github.com/PowerShell/PSScriptAnalyzer) into your build machine where you plan to run sonar scanner, quick steps:
   - In powershell terminal run (more [info](https://learn.microsoft.com/en-us/powershell/utility-modules/psscriptanalyzer/overview?view=ps-modules#installing-psscriptanalyzer)): ```Install-Module -Name PSScriptAnalyzer -Force``` 
   - Verify if module got installed successfully in poweshell terminal run (more [info](https://learn.microsoft.com/en-us/powershell/utility-modules/psscriptanalyzer/using-scriptanalyzer?source=recommendations&view=ps-modules)): ```Invoke-ScriptAnalyzer -ScriptDefinition '"b" = "b"; function eliminate-file () { }'```
+5. You can check [sample project](https://github.com/gretard/sonar-ps-plugin/tree/master/sampleProject) to test plugin and verify configuration 
 
 ## Configuration ##
 Currently there is a possibility to override the following options either on server in the Administration tab or on the project configuration files:
@@ -39,6 +40,7 @@ Currently there is a possibility to override the following options either on ser
 
 ## Requirements ##
 Different plugin versions supports the following:
+- 0.5.3 - Sonarqube version 8.9.2+ and PSScriptAnalyzer version 1.20+ rules, Java 17+
 - 0.5.1 - Sonarqube version 8.9.2+ and PSScriptAnalyzer version 1.20+ rules, Java 11+
 - 0.5.0 - Sonarqube version 6.7.7+ and PSScriptAnalyzer version 1.18.1 rules, Java 8
 - 0.3.0 - Sonarqube version 6.3+ and PSScriptAnalyzer version 1.17.1 rules, Java 8

sampleProject/readme.md

@@ -1 +1,8 @@
-Sample scripts from: https://adamtheautomator.com/powershell-script-examples/ 
+Sample scripts from: https://adamtheautomator.com/powershell-script-examples/ 
+
+# Getting started
+
+- Install sonar-ps plugin into SonarQube by copying jar from https://github.com/gretard/sonar-ps-plugin/releases into sonar ./downloads folder
+- Restart sonar server
+- Download scanner from https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/scanners/sonarscanner/
+- Execute : ```sonar-scanner.bat -D"sonar.login=admin" -D"sonar.password=<<PASSWORD>>"```

sonar-ps-plugin/pom.xml

@@ -7,7 +7,7 @@
 	<groupId>org.sonar.plugins</groupId>
 	<artifactId>sonar-ps-plugin</artifactId>
 	<packaging>sonar-plugin</packaging>
-	<version>0.5.1</version>
+	<version>0.5.3</version>
 
 	<name>Powershell Plugin for SonarQube</name>
 	<description>Powershell plugin for SonarQube</description>

sonar-ps-plugin/src/main/resources/powershell-profile.xml

@@ -0,0 +1,279 @@
+<?xml version="1.0"?>
+<profile>
+    <name>Sonar way</name>
+    <language>ps</language>
+    <rules>
+        <rule>
+            <key>PSAlignAssignmentStatement</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingCmdletAliases</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidAssignmentToAutomaticVariable</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidDefaultValueSwitchParameter</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidDefaultValueForMandatoryParameter</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingEmptyCatchBlock</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidGlobalAliases</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidGlobalFunctions</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidGlobalVars</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidInvokingEmptyMembers</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidLongLines</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidMultipleTypeAttributes</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidNullOrEmptyHelpMessageAttribute</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidOverwritingBuiltInCmdlets</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingPositionalParameters</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSReservedCmdletChar</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSReservedParams</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidSemicolonsAsLineTerminators</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidShouldContinueWithoutForce</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidTrailingWhitespace</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingUsernameAndPasswordParams</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingBrokenHashAlgorithms</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingComputerNameHardcoded</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingConvertToSecureStringWithPlainText</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingDeprecatedManifestFields</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingDoubleQuotesForConstantString</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingInvokeExpression</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingPlainTextForPassword</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingWMICmdlet</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSAvoidUsingWriteHost</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseCompatibleCommands</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseCompatibleSyntax</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseCompatibleTypes</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSMisleadingBacktick</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSMissingModuleManifestField</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSPlaceCloseBrace</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSPlaceOpenBrace</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSPossibleIncorrectComparisonWithNull</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSPossibleIncorrectUsageOfAssignmentOperator</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSPossibleIncorrectUsageOfRedirectionOperator</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSProvideCommentHelp</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSReviewUnusedParameter</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseApprovedVerbs</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseBOMForUnicodeEncodedFile</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseCmdletCorrectly</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseCompatibleCmdlets</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseConsistentIndentation</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseConsistentWhitespace</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseCorrectCasing</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseDeclaredVarsMoreThanAssignments</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseLiteralInitializerForHashtable</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseOutputTypeCorrectly</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseProcessBlockForPipelineCommand</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUsePSCredentialType</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSShouldProcess</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseShouldProcessForStateChangingFunctions</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseSingularNouns</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseSupportsShouldProcess</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseToExportFieldsInManifest</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseUsingScopeModifierInNewRunspaces</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSUseUTF8EncodingForHelpFile</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSDSCDscExamplesPresent</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSDSCDscTestsPresent</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSDSCReturnCorrectTypesForDSCFunctions</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSDSCUseIdenticalMandatoryParametersForDSC</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSDSCUseIdenticalParametersForDSC</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSDSCStandardDSCFunctionsInResource</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+        <rule>
+            <key>PSDSCUseVerboseMessageInDSCResource</key>
+            <repositoryKey>ps-psanalyzer</repositoryKey>
+        </rule>
+    </rules>
+</profile>

sonar-ps-plugin/src/main/resources/powershell-rules.xml

@@ -132,6 +132,18 @@
         <debtRemediationFunctionCoefficient>5min</debtRemediationFunctionCoefficient>
         <severity>MAJOR</severity>
     </rule>
+    <rule>
+        <key>PSAvoidMultipleTypeAttributes</key>
+        <internalKey>PSAvoidMultipleTypeAttributes</internalKey>
+        <name>Avoid multiple type specifiers on parameters</name>
+        <description>Prameter should not have more than one type specifier.</description>
+        <cardinality>SINGLE</cardinality>
+        <remediationFunction>LINEAR</remediationFunction>
+        <descriptionFormat>MARKDOWN</descriptionFormat>
+        <remediationFunctionBaseEffort />
+        <debtRemediationFunctionCoefficient>5min</debtRemediationFunctionCoefficient>
+        <severity>MAJOR</severity>
+    </rule>
     <rule>
         <key>PSAvoidNullOrEmptyHelpMessageAttribute</key>
         <internalKey>PSAvoidNullOrEmptyHelpMessageAttribute</internalKey>
@@ -192,6 +204,18 @@
         <debtRemediationFunctionCoefficient>5min</debtRemediationFunctionCoefficient>
         <severity>MAJOR</severity>
     </rule>
+    <rule>
+        <key>PSAvoidSemicolonsAsLineTerminators</key>
+        <internalKey>PSAvoidSemicolonsAsLineTerminators</internalKey>
+        <name>Avoid semicolons as line terminators</name>
+        <description>Line should not end with a semicolon</description>
+        <cardinality>SINGLE</cardinality>
+        <remediationFunction>LINEAR</remediationFunction>
+        <descriptionFormat>MARKDOWN</descriptionFormat>
+        <remediationFunctionBaseEffort />
+        <debtRemediationFunctionCoefficient>5min</debtRemediationFunctionCoefficient>
+        <severity>MAJOR</severity>
+    </rule>
     <rule>
         <key>PSAvoidShouldContinueWithoutForce</key>
         <internalKey>PSAvoidShouldContinueWithoutForce</internalKey>
@@ -228,6 +252,18 @@
         <debtRemediationFunctionCoefficient>15min</debtRemediationFunctionCoefficient>
         <severity>BLOCKER</severity>
     </rule>
+    <rule>
+        <key>PSAvoidUsingBrokenHashAlgorithms</key>
+        <internalKey>PSAvoidUsingBrokenHashAlgorithms</internalKey>
+        <name>Avoid Using Broken Hash Algorithms</name>
+        <description>Avoid using the broken algorithms MD5 or SHA-1.</description>
+        <cardinality>SINGLE</cardinality>
+        <remediationFunction>LINEAR</remediationFunction>
+        <descriptionFormat>MARKDOWN</descriptionFormat>
+        <remediationFunctionBaseEffort />
+        <debtRemediationFunctionCoefficient>5min</debtRemediationFunctionCoefficient>
+        <severity>MAJOR</severity>
+    </rule>
     <rule>
         <key>PSAvoidUsingComputerNameHardcoded</key>
         <internalKey>PSAvoidUsingComputerNameHardcoded</internalKey>
@@ -423,7 +459,7 @@
     <rule>
         <key>PSPossibleIncorrectUsageOfAssignmentOperator</key>
         <internalKey>PSPossibleIncorrectUsageOfAssignmentOperator</internalKey>
-        <name>'=' is not an comparison operator. Did you mean the equality operator '-eq'?</name>
+        <name>'=' is not an assignment operator. Did you mean the equality operator '-eq'?</name>
         <description>'=' or '==' are not comparison operators in the PowerShell language and rarely needed inside conditional statements.</description>
         <cardinality>SINGLE</cardinality>
         <remediationFunction>LINEAR</remediationFunction>
@@ -780,4 +816,4 @@
         <debtRemediationFunctionCoefficient>2min</debtRemediationFunctionCoefficient>
         <severity>INFO</severity>
     </rule>
-</psrules>
+</psrules>