How to use Android Classes on a Sonarqube custom rule
Question
I'm trying to develop a custom rule for SonarQube Java Plugin, where it will analyze Android code. I've already created some rules that just identify basic functions of Java as the example below:
@Override
public void visitNode(Tree tree){
MethodInvocationTree method = (MethodInvocationTree) tree;
Symbol symbol = method.symbol();
if (symbol.name() != null && symbol.name().equalsIgnoreCase("createTempFile")){
reportIssue(method.firstToken(), "Criação de arquivo temporário identificada. Analisar!");
}
}
On another rule, I'm trying to get all the cases of the code where SharedPreferences are used, and I'm using the following logic:
@Override
public List<Kind> nodesToVisit() {
return ImmutableList.of(Kind.METHOD_INVOCATION);
}
@Override
public void visitNode(Tree tree){
MethodInvocationTree kindTree = (MethodInvocationTree) tree;
Symbol symbol = (Symbol) kindTree.symbol();
TypeSymbol classe = symbol.owner().enclosingClass();
if (classe != null && classe.equals("SharedPreferences")){
reportIssue(kindTree.firstToken(), "SharedPreferences sendo utilizado no código. Analisar!!");
}
}
When I run the test on JUnit, it not works. I've printed when the specified Kind is found, the name of the symbol (should be the name of the Method Invoked) and the enclosing class. The results are:
====================== Kind Finded ======================
Name >>>>>>>>>>>>>null
Class >>>>>>>>>>>>> !unknownSymbol!
Here is a example with another file where it prints other classes and Method's without problem:
====================== Kind Finded ======================
Name >>>>>>>>>>>>>createTempFile
Class >>>>>>>>>>>>> File
====================== Kind Finded ======================
Name >>>>>>>>>>>>>setReadable
Class >>>>>>>>>>>>> File
====================== Kind Finded ======================
Name >>>>>>>>>>>>>setWritable
Class >>>>>>>>>>>>> File
====================== Kind Finded ======================
Name >>>>>>>>>>>>>write
Class >>>>>>>>>>>>> Writer
Seems like when I'm running the test, the JUnit or Maven are not recognizing Android classes from code. I've already tryed to import the jar of Android lib and Sonarqube Android plugin to my project, but it not worked.
Here is the target file that I'm testing (Yes, I've tryed to import my Rule code package in the target too, not worked. I thought it was worth trying):
package jakhar.aseem.diva;
import org.sonar.template.java.checks.SharedPreferencesCheck;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.EditText;
import android.widget.Toast;
public class InsecureDataStorage1Activity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_insecure_data_storage1);
}
public void saveCredentials(View view) {
SharedPreferences spref = PreferenceManager.getDefaultSharedPreferences(this);
SharedPreferences.Editor spedit = spref.edit(); // Noncompliant
EditText usr = (EditText) findViewById(R.id.ids1Usr);
EditText pwd = (EditText) findViewById(R.id.ids1Pwd);
spedit.putString("user", usr.getText().toString());
spedit.putString("password", pwd.getText().toString());
spedit.commit();
Toast.makeText(this,"3rd party credentials saved successfully!", Toast.LENGTH_SHORT).show();
}
}
So the question is: How can I make the test recognize Android Classes and validate my rule?
I'm using the folowing template from SonarQube documentation to develop the rules: https://docs.sonarqube.org/display/PLUG/Writing+Custom+Java+Rules+101
Any help, I'll be very grateful for.
Since now, thanks for your attention.
------------------- Edit -------------------
I've already added some android dependencies to Maven, but still not working. Follow my project's pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.sonar.samples</groupId>
<artifactId>java-custom-rules-template</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>sonar-plugin</packaging>
<properties>
<sonar.version>5.6.3</sonar.version>
<java.plugin.version>4.2.1.6971</java.plugin.version>
<sslr.version>1.21</sslr.version>
</properties>
<name>Berghem Custom Rules</name>
<description>Criação de Rules Customizadas para avaliação de códigos Java</description>
<dependencies>
<!-- https://mvnrepository.com/artifact/com.google.guava/guava -->
<dependency>
<groupId>org.sonarsource.sonarqube</groupId>
<artifactId>sonar-plugin-api</artifactId>
<version>${sonar.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.sonarsource.java</groupId>
<artifactId>sonar-java-plugin</artifactId>
<type>sonar-plugin</type>
<version>${java.plugin.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-frontend</artifactId>
<version>${java.plugin.version}</version>
</dependency>
<dependency>
<groupId>org.sonarsource.sslr-squid-bridge</groupId>
<artifactId>sslr-squid-bridge</artifactId>
<version>2.6.1</version>
<exclusions>
<exclusion>
<groupId>org.codehaus.sonar.sslr</groupId>
<artifactId>sslr-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.sonar</groupId>
<artifactId>sonar-plugin-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.sonar.sslr</groupId>
<artifactId>sslr-xpath</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks-testkit</artifactId>
<version>${java.plugin.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.sonarsource.sslr</groupId>
<artifactId>sslr-testing-harness</artifactId>
<version>${sslr.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.2</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert</artifactId>
<version>1.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>0.9.30</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.android.tools</groupId>
<artifactId>common</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.android.tools</groupId>
<artifactId>dvlib</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.android.tools</groupId>
<artifactId>sdk-common</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.android.tools</groupId>
<artifactId>sdklib</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>org.codehaus.sonar</groupId>
<artifactId>sonar-check-api</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>org.codehaus.sonar-plugins.java</groupId>
<artifactId>java-checks</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks</artifactId>
<version>4.2.1.6971</version>
</dependency>
<dependency>
<groupId>org.codehaus.sonar.sslr-squid-bridge</groupId>
<artifactId>sslr-squid-bridge</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>org.codehaus.sonar</groupId>
<artifactId>sonar-plugin-api</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>com.android.tools.lint</groupId>
<artifactId>lint-checks</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>19.0</version>
</dependency>
<dependency>
<groupId>com.android.tools.lint</groupId>
<artifactId>lint-api</artifactId>
<version>22.4.2</version>
</dependency>
<dependency>
<groupId>com.android.tools.lint</groupId>
<artifactId>lint</artifactId>
<version>22.4.2</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
<artifactId>sonar-packaging-maven-plugin</artifactId>
<version>1.17</version>
<extensions>true</extensions>
<configuration>
<pluginKey>java-template-custom</pluginKey>
<pluginName>Java Template Custom Rules</pluginName>
<pluginClass>org.sonar.template.java.JavaCustomRulesPlugin</pluginClass>
<sonarLintSupported>true</sonarLintSupported>
<sonarQubeMinVersion>5.6</sonarQubeMinVersion> <!-- allow to depend on API 6.x but run on LTS -->
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
1 answers
solution1
0 ACCPTED 2017-03-14 19:19:32
Got it!
The problem was on the import of dependencies of SonarQube. I've added a lot of Android dependencies on my pom.xml and test after the alterations. After this, still not working. In some searches I've discovered that the responsable for do the interpretation of the classes was the android-maven-plugin. When I've imported by the pom interface of Eclipse, always get some error saying that some arctifacts was missing. This problem occurred because the remote dependency was corrupted or doesn't exist, so I downloaded the jar file from dependency and create a file target/test-jars . With this, the maven identify the external dependencies and proceed with the test by JUnit.
To validate the informations, I've printed the attributes of the classes on my rule Check file:
package org.sonar.template.java.checks;
import com.google.common.collect.ImmutableList;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.semantic.Symbol.TypeSymbol;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
import org.sonar.plugins.java.api.tree.Tree.Kind;
import java.util.List;
@Rule(
key = "SharedPreferencesRule",
name = "Utilização de SharedPreferences no código",
description = "Para cada utilização de SharedPreferences, é feito um alerta para revisar o que está sendo armazenado.",
priority = Priority.CRITICAL,
tags = {"attention point", "security"})
public class SharedPreferencesCheck extends IssuableSubscriptionVisitor {
@Override
public List<Kind> nodesToVisit() {
return ImmutableList.of(Kind.METHOD_INVOCATION);
}
@Override
public void visitNode(Tree tree){
System.out.println("====================== Kind Finded ======================");
MethodInvocationTree kindTree = (MethodInvocationTree) tree;
Symbol symbol = (Symbol) kindTree.symbol();
TypeSymbol classe = symbol.owner().enclosingClass();
System.out.println("Name >>>>>>>>>>>>> " + symbol.name());
System.out.println("Enclosing >>>>>>>>>>>>> " + classe);
if (classe != null && classe.equals("SharedPreferences")){
reportIssue(kindTree.firstToken(), "SharedPreferences sendo utilizado no código. Analisar!!");
}
}
}
I hope that it could help someone who is going throught the same or an similar problem.
If anyone can give a better explanation, would be really helpfull.
Thanks a lot!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.