问题描述
我正在尝试为SonarQube Java插件开发自定义规则,它将在其中分析Android代码.我已经创建了一些规则,这些规则仅标识Java的基本功能,如下例所示:
I'm trying to develop a custom rule for SonarQube Java Plugin, where it will analyze Android code. I've already created some rules that just identify basic functions of Java as the example below:
@Override
public void visitNode(Tree tree){
MethodInvocationTree method = (MethodInvocationTree) tree;
Symbol symbol = method.symbol();
if (symbol.name() != null && symbol.name().equalsIgnoreCase("createTempFile")){
reportIssue(method.firstToken(), "Criação de arquivo temporário identificada. Analisar!");
}
}
根据另一条规则,我试图获取使用SharedPreferences的所有代码情况,并且使用以下逻辑:
On another rule, I'm trying to get all the cases of the code where SharedPreferences are used, and I'm using the following logic:
@Override
public List<Kind> nodesToVisit() {
return ImmutableList.of(Kind.METHOD_INVOCATION);
}
@Override
public void visitNode(Tree tree){
MethodInvocationTree kindTree = (MethodInvocationTree) tree;
Symbol symbol = (Symbol) kindTree.symbol();
TypeSymbol classe = symbol.owner().enclosingClass();
if (classe != null && classe.equals("SharedPreferences")){
reportIssue(kindTree.firstToken(), "SharedPreferences sendo utilizado no código. Analisar!!");
}
}
当我在JUnit上运行测试时,它不起作用.找到指定的Kind,符号名称(应为调用的方法"的名称)和封闭类时,我已经进行了打印.结果是:
When I run the test on JUnit, it not works. I've printed when the specified Kind is found, the name of the symbol (should be the name of the Method Invoked) and the enclosing class. The results are:
====================== Kind Finded ======================
Name >>>>>>>>>>>>>null
Class >>>>>>>>>>>>> !unknownSymbol!
这是另一个文件的示例,在该文件中可以打印其他类和方法,而不会出现问题:
Here is a example with another file where it prints other classes and Method's without problem:
====================== Kind Finded ======================
Name >>>>>>>>>>>>>createTempFile
Class >>>>>>>>>>>>> File
====================== Kind Finded ======================
Name >>>>>>>>>>>>>setReadable
Class >>>>>>>>>>>>> File
====================== Kind Finded ======================
Name >>>>>>>>>>>>>setWritable
Class >>>>>>>>>>>>> File
====================== Kind Finded ======================
Name >>>>>>>>>>>>>write
Class >>>>>>>>>>>>> Writer
似乎在运行测试时,JUnit或Maven无法从代码中识别Android类.我已经尝试将Jar的Android库和Sonarqube Android插件导入到我的项目中,但是没有用.
Seems like when I'm running the test, the JUnit or Maven are not recognizing Android classes from code. I've already tryed to import the jar of Android lib and Sonarqube Android plugin to my project, but it not worked.
这是我正在测试的目标文件(是的,我也尝试将我的Rule代码包导入目标,但没有用.我认为值得尝试):
Here is the target file that I'm testing (Yes, I've tryed to import my Rule code package in the target too, not worked. I thought it was worth trying):
package jakhar.aseem.diva;
import org.sonar.template.java.checks.SharedPreferencesCheck;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.EditText;
import android.widget.Toast;
public class InsecureDataStorage1Activity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_insecure_data_storage1);
}
public void saveCredentials(View view) {
SharedPreferences spref = PreferenceManager.getDefaultSharedPreferences(this);
SharedPreferences.Editor spedit = spref.edit(); // Noncompliant
EditText usr = (EditText) findViewById(R.id.ids1Usr);
EditText pwd = (EditText) findViewById(R.id.ids1Pwd);
spedit.putString("user", usr.getText().toString());
spedit.putString("password", pwd.getText().toString());
spedit.commit();
Toast.makeText(this,"3rd party credentials saved successfully!", Toast.LENGTH_SHORT).show();
}
}
问题是:如何使测试识别Android类并验证我的规则?
So the question is: How can I make the test recognize Android Classes and validate my rule?
我正在使用SonarQube文档中的以下模板来开发规则: https://docs.sonarqube.org/display/PLUG/Writing+Custom+Java+Rules+101
I'm using the folowing template from SonarQube documentation to develop the rules: https://docs.sonarqube.org/display/PLUG/Writing+Custom+Java+Rules+101
任何帮助,我将非常感谢.
Any help, I'll be very grateful for.
从现在开始,谢谢您的关注.
Since now, thanks for your attention.
-------------------编辑-------------------
------------------- Edit -------------------
我已经向Maven添加了一些android依赖项,但仍然无法正常工作.遵循我项目的pom.xml:
I've already added some android dependencies to Maven, but still not working.Follow my project's pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.sonar.samples</groupId>
<artifactId>java-custom-rules-template</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>sonar-plugin</packaging>
<properties>
<sonar.version>5.6.3</sonar.version>
<java.plugin.version>4.2.1.6971</java.plugin.version>
<sslr.version>1.21</sslr.version>
</properties>
<name>Berghem Custom Rules</name>
<description>Criação de Rules Customizadas para avaliação de códigos Java</description>
<dependencies>
<!-- https://mvnrepository.com/artifact/com.google.guava/guava -->
<dependency>
<groupId>org.sonarsource.sonarqube</groupId>
<artifactId>sonar-plugin-api</artifactId>
<version>${sonar.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.sonarsource.java</groupId>
<artifactId>sonar-java-plugin</artifactId>
<type>sonar-plugin</type>
<version>${java.plugin.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-frontend</artifactId>
<version>${java.plugin.version}</version>
</dependency>
<dependency>
<groupId>org.sonarsource.sslr-squid-bridge</groupId>
<artifactId>sslr-squid-bridge</artifactId>
<version>2.6.1</version>
<exclusions>
<exclusion>
<groupId>org.codehaus.sonar.sslr</groupId>
<artifactId>sslr-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.sonar</groupId>
<artifactId>sonar-plugin-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.sonar.sslr</groupId>
<artifactId>sslr-xpath</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks-testkit</artifactId>
<version>${java.plugin.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.sonarsource.sslr</groupId>
<artifactId>sslr-testing-harness</artifactId>
<version>${sslr.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.2</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert</artifactId>
<version>1.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>0.9.30</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.android.tools</groupId>
<artifactId>common</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.android.tools</groupId>
<artifactId>dvlib</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.android.tools</groupId>
<artifactId>sdk-common</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.android.tools</groupId>
<artifactId>sdklib</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>org.codehaus.sonar</groupId>
<artifactId>sonar-check-api</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>org.codehaus.sonar-plugins.java</groupId>
<artifactId>java-checks</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks</artifactId>
<version>4.2.1.6971</version>
</dependency>
<dependency>
<groupId>org.codehaus.sonar.sslr-squid-bridge</groupId>
<artifactId>sslr-squid-bridge</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>org.codehaus.sonar</groupId>
<artifactId>sonar-plugin-api</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>com.android.tools.lint</groupId>
<artifactId>lint-checks</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>19.0</version>
</dependency>
<dependency>
<groupId>com.android.tools.lint</groupId>
<artifactId>lint-api</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.android.tools.lint</groupId>
<artifactId>lint</artifactId>
<version>22.4.2</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
<artifactId>sonar-packaging-maven-plugin</artifactId>
<version>1.17</version>
<extensions>true</extensions>
<configuration>
<pluginKey>java-template-custom</pluginKey>
<pluginName>Java Template Custom Rules</pluginName>
<pluginClass>org.sonar.template.java.JavaCustomRulesPlugin</pluginClass>
<sonarLintSupported>true</sonarLintSupported>
<sonarQubeMinVersion>5.6</sonarQubeMinVersion> <!-- allow to depend on API 6.x but run on LTS -->
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
推荐答案
知道了!
问题出在SonarQube依赖项的导入上.我在pom.xml上添加了许多Android依赖项,并在更改后进行测试.在此之后,仍然无法正常工作.在一些搜索中,我发现负责解释类的是android-maven-plugin.当我通过Eclipse的pom接口导入时,总是会遇到一些错误,说明缺少一些arctifact.发生此问题的原因是远程依赖项已损坏或不存在,因此我从依赖项下载了jar文件并创建了文件target/test-jars.这样,maven即可识别外部依赖关系,并通过JUnit进行测试.
The problem was on the import of dependencies of SonarQube. I've added a lot of Android dependencies on my pom.xml and test after the alterations. After this, still not working. In some searches I've discovered that the responsable for do the interpretation of the classes was the android-maven-plugin. When I've imported by the pom interface of Eclipse, always get some error saying that some arctifacts was missing. This problem occurred because the remote dependency was corrupted or doesn't exist, so I downloaded the jar file from dependency and create a file target/test-jars. With this, the maven identify the external dependencies and proceed with the test by JUnit.
为验证信息,我已在规则检查文件上打印了类的属性:
To validate the informations, I've printed the attributes of the classes on my rule Check file:
package org.sonar.template.java.checks;
import com.google.common.collect.ImmutableList;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.semantic.Symbol.TypeSymbol;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
import org.sonar.plugins.java.api.tree.Tree.Kind;
import java.util.List;
@Rule(
key = "SharedPreferencesRule",
name = "Utilização de SharedPreferences no código",
description = "Para cada utilização de SharedPreferences, é feito um alerta para revisar o que está sendo armazenado.",
priority = Priority.CRITICAL,
tags = {"attention point", "security"})
public class SharedPreferencesCheck extends IssuableSubscriptionVisitor {
@Override
public List<Kind> nodesToVisit() {
return ImmutableList.of(Kind.METHOD_INVOCATION);
}
@Override
public void visitNode(Tree tree){
System.out.println("====================== Kind Finded ======================");
MethodInvocationTree kindTree = (MethodInvocationTree) tree;
Symbol symbol = (Symbol) kindTree.symbol();
TypeSymbol classe = symbol.owner().enclosingClass();
System.out.println("Name >>>>>>>>>>>>> " + symbol.name());
System.out.println("Enclosing >>>>>>>>>>>>> " + classe);
if (classe != null && classe.equals("SharedPreferences")){
reportIssue(kindTree.firstToken(), "SharedPreferences sendo utilizado no código. Analisar!!");
}
}
}
我希望它可以帮助遇到相同或相似问题的人.
I hope that it could help someone who is going throught the same or an similar problem.
如果有人可以给出更好的解释,那将真的很有帮助.
If anyone can give a better explanation, would be really helpfull.
非常感谢!
这篇关于如何在Sonarqube自定义规则上使用Android类的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!