Merge branch 'master' into Changing_extension_in_config_still_scanning_.xml_files_#20

Author: ca-stefan-cordes

README.md

@@ -132,6 +132,14 @@ For example, the rule store (rules-4.xml) has three rulesets (categories):
             or
             matches(//mule:mule/mule:flow/ee:transform/ee:message/ee:set-payload/@resource,'^.*dwl$')
         </rule>
+        <rule id="2"
+			name="Mule Credentials Vault should not use a hardcoded encryption key"
+			description="Mule Credentials Vault should not use a hardcoded encryption key"
+			severity="MAJOR" type="bug">
+			count(//mule:mule/secure-properties:config)=0
+			or
+			is-configurable(//mule:mule/secure-properties:config/@key)
+		</rule>
     </ruleset>
 </rulestore>
 ```

pom.xml

@@ -5,7 +5,7 @@
 
 	<groupId>com.mulesoft.services</groupId>
 	<artifactId>mule-validation-sonarqube-plugin</artifactId>
-	<version>1.0.3</version>
+	<version>1.0.4</version>
 	<packaging>jar</packaging>
 
 	<url>http://maven.apache.org</url>
@@ -36,6 +36,11 @@
 			<!-- mandatory scope -->
 			<scope>provided</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.sonarsource.analyzer-commons</groupId>
+			 <artifactId>sonar-xml-parsing</artifactId>
+			 <version>1.12.0.632</version>
+		</dependency>
 		<dependency>
 			<groupId>org.jdom</groupId>
 			<artifactId>jdom2</artifactId>

src/main/java/com/mulesoft/services/tools/sonarqube/measures/MuleTransformationCount.java

@@ -26,11 +26,11 @@ public void compute(MeasureComputerContext context) {
 		logger.info("Computing Mule Transformation Count");
 
 		if (context.getComponent().getType() != Component.Type.FILE) {
-			int sumFlows = 0;
+			int sumTransformations = 0;
 			for (Measure child : context.getChildrenMeasures(MuleMetrics.TRANSFORMATIONS.key())) {
-				sumFlows += child.getIntValue();
+				sumTransformations += child.getIntValue();
 			}
-			context.addMeasure(MuleMetrics.TRANSFORMATIONS.key(), sumFlows);
+			context.addMeasure(MuleMetrics.TRANSFORMATIONS.key(), sumTransformations);
 
 		}
 

src/main/java/com/mulesoft/services/tools/sonarqube/rule/MuleRulesDefinition.java

@@ -36,6 +36,7 @@ public interface PARAMS {
 		String CATEGORY = "category";
 		String SCOPE = "scope";
 		String XPATH = "xpath-expression";
+		String XPATH_LOCATION_HINT = "xpath-location-hint";
 	}
 
 	@Override
@@ -97,8 +98,13 @@ private void addRuleTemplate(NewRepository repository, String language) {
 				.setType(RuleParamType.STRING);
 		x1Rule.createParam(PARAMS.XPATH).setDescription(prop.getProperty("rule.template.parameter.xpath"))
 				.setType(RuleParamType.STRING);
+		x1Rule.createParam(PARAMS.XPATH_LOCATION_HINT).setDescription(prop.getProperty("rule.template.parameter.xpathlocationhint"))
+		.setType(RuleParamType.STRING);
 		x1Rule.createParam(PARAMS.SCOPE).setDescription(prop.getProperty("rule.template.parameter.scope"))
 				.setType(RuleParamType.STRING);
+
+		logger.info("addRuleTemplate x1Rule="+x1Rule);
+
 	}
 
 	private void addRule(NewRepository repository, Ruleset ruleset,
@@ -113,6 +119,8 @@ private void addRule(NewRepository repository, Ruleset ruleset,
 		x1Rule.addTags(language);
 		x1Rule.createParam(PARAMS.CATEGORY).setDefaultValue(ruleset.getCategory()).setType(RuleParamType.STRING);
 		x1Rule.createParam(PARAMS.XPATH).setDefaultValue(rule.getValue()).setType(RuleParamType.STRING);
+		logger.info("LocationHint="+rule.getLocationHint()+" for "+rule.getName());
+		x1Rule.createParam(PARAMS.XPATH_LOCATION_HINT).setDefaultValue(rule.getLocationHint()).setType(RuleParamType.STRING);
 		if (rule.getApplies() != null) {
 			x1Rule.createParam(PARAMS.SCOPE).setDefaultValue(rule.getApplies()).setType(RuleParamType.STRING);
 		}

src/main/java/com/mulesoft/services/tools/sonarqube/rule/scope/ApplicationStrategyScope.java

@@ -37,7 +37,7 @@ public void validate(XPathProcessor xpathValidator, Map<RuleKey, List<NewIssue>>
 			String ruleId = rule.ruleKey().toString();
 			boolean valid = xpathValidator.processXPath(rule.param(MuleRulesDefinition.PARAMS.XPATH).trim(),
 					rootElement, Boolean.class).booleanValue();
-			logger.info("Validation Result: " + valid + " : File: " + t.filename() + " :Rule:" + rule.ruleKey());
+			logger.info("Validation Result: " + valid + " : File: " + t.filename() + " :Rule:" + rule.ruleKey()+" internalKey="+rule.internalKey());
 			if (!valid && !valids.contains(ruleId) && !issues.containsKey(rule.ruleKey())) {
 				NewIssue newIssue = context.newIssue().forRule(rule.ruleKey());
 				NewIssueLocation primaryLocation = newIssue.newLocation().on(t);

src/main/java/com/mulesoft/services/tools/sonarqube/rule/scope/FileStrategyScope.java

@@ -9,6 +9,11 @@
 import org.jdom2.Element;
 import org.jdom2.JDOMException;
 import org.jdom2.input.SAXBuilder;
+
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+
 import org.sonar.api.batch.fs.InputFile;
 import org.sonar.api.batch.rule.ActiveRule;
 import org.sonar.api.batch.sensor.SensorContext;
@@ -18,6 +23,10 @@
 import org.sonar.api.utils.log.Logger;
 import org.sonar.api.utils.log.Loggers;
 
+import org.sonarsource.analyzer.commons.xml.XmlFile;
+import org.sonarsource.analyzer.commons.xml.XmlTextRange;
+import org.w3c.dom.Node;
+
 import com.mulesoft.services.tools.sonarqube.rule.MuleRulesDefinition;
 import com.mulesoft.services.xpath.XPathProcessor;
 
@@ -35,8 +44,44 @@ public void validate(XPathProcessor xpathValidator, Map<RuleKey, List<NewIssue>>
 					rootElement, Boolean.class).booleanValue();
 			logger.info("Validation Result: " + valid + " : File: " + t.filename() + " :Rule:" + rule.ruleKey());
 			if (!valid) {
+				
+				XmlTextRange textRange;
+				try {
+					// see org.sonarsource.analyzer.commons.xml.checks.SonarXmlCheck.reportIssue(Node, String)
+					SonarXmlCheckHelper tempSonarXmlCheckHelper = new SonarXmlCheckHelper();
+					XmlFile xmlFile = XmlFile.create(t);
+					tempSonarXmlCheckHelper.scanFile(context, rule.ruleKey(), xmlFile); // just to fill the properties
+					String locationFindingXPath = rule.param(MuleRulesDefinition.PARAMS.XPATH_LOCATION_HINT).trim();
+					if (locationFindingXPath == null || locationFindingXPath.length()==0) {
+						logger.info("No locationFindingXPath:params="+rule.params());
+						textRange = null;
+					} else {
+						Node locationElement = (Node)XPathFactory.newInstance().newXPath().compile(locationFindingXPath).evaluate(xmlFile.getDocument().getFirstChild(),  XPathConstants.NODE);
+						if (locationElement == null) {
+							textRange= null;
+							logger.warn("Did not find node for "+locationFindingXPath);
+						} else {
+						    textRange = XmlFile.nodeLocation(locationElement);
+							logger.info("Found textRange="+textRange);
+						}
+					}
+				} catch (RuntimeException | XPathExpressionException e) {
+					logger.error("Ignore",e);
+					textRange= null;
+				}
+
 				NewIssue newIssue = context.newIssue().forRule(rule.ruleKey());
-				NewIssueLocation primaryLocation = newIssue.newLocation().on(t);
+				NewIssueLocation primaryLocation;
+				if (textRange == null) {
+					primaryLocation = newIssue.newLocation().on(t);
+				} else {
+					primaryLocation = newIssue.newLocation().on(t) .at(t.newRange(
+							textRange.getStartLine(),
+							textRange.getStartColumn(),
+							textRange.getEndLine(),
+							textRange.getEndColumn()));
+				}
+				
 				newIssue.at(primaryLocation);
 				addIssue(issues, rule, newIssue);
 			}

src/main/java/com/mulesoft/services/tools/sonarqube/rule/scope/SonarXmlCheckHelper.java

@@ -0,0 +1,19 @@
+package com.mulesoft.services.tools.sonarqube.rule.scope;
+
+import org.sonarsource.analyzer.commons.xml.XmlFile;
+import org.sonarsource.analyzer.commons.xml.checks.SonarXmlCheck;
+
+/**
+ * 
+ */
+public class SonarXmlCheckHelper extends SonarXmlCheck {
+
+	/**
+	 * 
+	 */
+	@Override
+	public void scanFile(XmlFile aFile) {
+		// nothing to do
+	}
+
+}

src/main/java/com/mulesoft/services/tools/validation/rules/Rule.java

@@ -99,6 +99,8 @@ public class Rule {
     protected String applies;
     @XmlAttribute(name = "type")
     protected String type;
+    @XmlAttribute(name = "locationHint")
+	private String locationHint;
 
     /**
      * Gets the value of the value property.
@@ -269,4 +271,18 @@ public void setType(String value) {
         this.type = value;
     }
 
+	/**
+	 * 
+	 */
+	public String getLocationHint() {
+		return locationHint;
+	}
+
+	/**
+	 * @see #locationHint
+	 */
+	public void setLocationHint(String aLocationHint) {
+		locationHint = aLocationHint;
+	}
+
 }

src/main/java/com/mulesoft/services/xpath/XPathProcessor.java

@@ -16,6 +16,7 @@
 import org.slf4j.LoggerFactory;
 
 import com.mulesoft.services.xpath.jaxen.function.ext.MatchesFunction;
+import com.mulesoft.services.xpath.jaxen.function.ext.IsConfigurableFunction;
 
 public class XPathProcessor {
 	Logger logger = LoggerFactory.getLogger(getClass());
@@ -26,6 +27,7 @@ public class XPathProcessor {
 
 	public XPathProcessor() {
 		MatchesFunction.registerSelfInSimpleContext();
+		IsConfigurableFunction.registerSelfInSimpleContext();
 	}
 
 	public XPathProcessor loadNamespaces(String resourceName) {

src/main/java/com/mulesoft/services/xpath/jaxen/function/ext/IsConfigurableFunction.java

@@ -0,0 +1,62 @@
+package com.mulesoft.services.xpath.jaxen.function.ext;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.jaxen.Context;
+import org.jaxen.Function;
+import org.jaxen.FunctionCallException;
+import org.jaxen.Navigator;
+import org.jaxen.SimpleFunctionContext;
+import org.jaxen.XPathFunctionContext;
+import org.jaxen.function.StringFunction;
+
+public class IsConfigurableFunction implements Function {
+
+	private static final String IS_CONFIGURABLE_REGEX = "^\\$\\{.*\\}$";
+
+	public static void registerSelfInSimpleContext() {
+		// see http://jaxen.org/extensions.html
+		((SimpleFunctionContext) XPathFunctionContext.getInstance()).registerFunction(null, "is-configurable",
+				new IsConfigurableFunction());
+	}
+
+	@Override
+	public Object call(Context context, List args) throws FunctionCallException {
+
+		if (args.size() == 1) {
+			return evaluate(args.get(0), context.getNavigator());
+		}
+
+		throw new FunctionCallException("is-configurable() requires two arguments.");
+	}
+
+	public static Boolean evaluate(Object strArg, Navigator nav) {
+		if (strArg instanceof List) {
+			@SuppressWarnings("unchecked")
+			List<Object> objectList = (List<Object>) strArg;
+			// Check if it could load any attribute - If Empty then False
+			if (objectList.isEmpty()) {
+				return Boolean.FALSE;
+			}
+
+			for (Iterator<Object> iterator = objectList.iterator(); iterator.hasNext();) {
+				Object object = iterator.next();
+				String str = StringFunction.evaluate(object, nav);
+				String regexp = StringFunction.evaluate(IS_CONFIGURABLE_REGEX, nav);
+				System.out.println("str: " + str);
+				System.out.println("regexp: " + regexp);
+				if (!str.matches(regexp)) {
+					return Boolean.FALSE;
+				}
+			}
+			return Boolean.TRUE;
+		} else {
+			String str = StringFunction.evaluate(strArg, nav);
+			String regexp = StringFunction.evaluate(IS_CONFIGURABLE_REGEX, nav);
+			return (str.matches(regexp) ? Boolean.TRUE : Boolean.FALSE);
+		}
+
+	}
+
+}