Skip to content

Commit

Permalink
Upgrade to CFlint 1.4.1 (#5)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nbihan-mediware
nbihan-mediware authored Feb 8, 2019
1 parent 10dd4e5 commit 0330cc7
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 58 deletions.
4 changes: 2 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<groupId>com.stepstone.sonar.plugin</groupId>
<artifactId>sonar-coldfusion-plugin</artifactId>
<packaging>sonar-plugin</packaging>
<version>1.6.8-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>

<name>SonarQube Coldfusion Analyzer</name>
<description>Enables scanning of ColdFusion source files</description>
Expand Down Expand Up @@ -40,7 +40,7 @@
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<sonar.version>6.7.6</sonar.version>
<cflint.version>1.2.3</cflint.version>
<cflint.version>1.4.1</cflint.version>
</properties>

<dependencies>
Expand Down
17 changes: 11 additions & 6 deletions src/main/java/com/stepstone/sonar/plugin/coldfusion/ColdFusionSensor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.SensorDescriptor;
import org.sonar.api.measures.CoreMetrics;
import org.sonar.api.measures.Metric;
import org.sonar.api.profiles.RulesProfile;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
Expand All @@ -39,7 +38,10 @@
import java.nio.file.Files;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.*;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;

public class ColdFusionSensor implements Sensor {

Expand Down Expand Up @@ -75,9 +77,12 @@ public void execute(SensorContext context) {

private void analyze(SensorContext context) throws IOException, XMLStreamException {
File configFile = generateCflintConfig();
new CFLintAnalyzer(context).analyze(configFile);
//when analysis is done we delete the created file
deleteFile(configFile);
try {
new CFLintAnalyzer(context).analyze(configFile);
} finally {
//when analysis is done we delete the created file
deleteFile(configFile);
}
}

private File generateCflintConfig() throws IOException, XMLStreamException {
Expand Down Expand Up @@ -105,7 +110,7 @@ private void importResults(SensorContext sensorContext) throws IOException {
private void measureProcessor(SensorContext context) {
LOGGER.info("Starting measure processor");

ExecutorService executorService = Executors.newFixedThreadPool(2);
ExecutorService executorService = Executors.newSingleThreadExecutor();
List<Callable<Integer>> callableTasks = new ArrayList<>();

for (InputFile inputFile : fs.inputFiles(fs.predicates().hasLanguage(ColdFusionPlugin.LANGUAGE_KEY))) {
Expand Down
89 changes: 44 additions & 45 deletions src/main/resources/com/stepstone/sonar/plugin/coldfusion/rules.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,60 +13,60 @@
<name>Variable declared in both var and argument scopes.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Variable should not be declared in both local and argument scopes.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>ARG_VAR_MIXED</key>
<name>Variable referenced in local and argument scopes.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Variable should not be referenced in local and argument scope.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>NO_DEFAULT_INSIDE_SWITCH</key>
<name>Missing default switch statement.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Not having a Default statement defined for a switch could pose potential issues.</p> ]]></description>
</rule>
<rule>
<key>GLOBAL_VAR</key>
<name>Global variable exists.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Identifier is global. Referencing in a CFC or function should be avoided.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>NESTED_CFOUTPUT</key>
<name>Nested cfoutput with cfquery tag.</name>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Nested CFOutput, outer CFOutput has <code>@query</code>.</p> ]]></description>
</rule>
<rule>
<key>OUTPUT_ATTR</key>
<name>Tag should have output='false'.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p><code><tag name="variable"></code> should have @output='false'</p> ]]></description>
</rule>
<rule>
<key>QUERYPARAM_REQ</key>
<name>SetSql() statement should use .addParam().</name>
<severity>BLOCKER</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>setSql() statement should use .addParam() instead of #'s name="variable"</p> ]]></description>
<tag>security</tag>
</rule>
<rule>
<key>CFQUERYPARAM_REQ</key>
<name>cfquery should use</name>
<name>cfquery should use cfqueryparam</name>
<severity>BLOCKER</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p><code><tag></code> should use <code><cfqueryparam/></code> for variable 'variable'.</p> ]]></description>
<tag>security</tag>
</rule>
<rule>
Expand All @@ -82,23 +82,23 @@
<name>Variable is not declared with a var statement.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Variable is not declared with a var statement.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>AVOID_USING_CFDUMP_TAG</key>
<name>Avoid use of cfdump tags.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Avoid leaving <code><cfdump></code> tags in committed code. Debug information should be omitted from release code</p> ]]></description>
<tag>security</tag>
</rule>
<rule>
<key>AVOID_USING_CFEXECUTE_TAG</key>
<name>Avoid use of cfexecute tags.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Avoid leaving <code><cfexecute></code> tags in committed code. CFexecute can be used as an attack vector and is slow.</p> ]]></description>
<tag>security</tag>
</rule>
<rule>
Expand All @@ -107,30 +107,30 @@
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p>Avoid using the <code>isDate()</code> built-in function. It is too permissive. Use <code>isValid()</code> instead.</p> ]]></description>
<tag>security</tag>
<tag>bug</tag>
</rule>
<rule>
<key>AVOID_USING_CFABORT_TAG</key>
<name>Avoid use of cfabort tags.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Avoid leaving <code><cfabort></code> tags in committed code.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>AVOID_USING_ABORT</key>
<name>Avoid use of abort statements.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Avoid using abort in production code.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>AVOID_USING_CFINSERT_TAG</key>
<name>Avoid use of cfinsert tags.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Avoid using <code><cfinsert></code> tags. Use cfquery and cfstoredproc instead.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
Expand All @@ -146,15 +146,15 @@
<name>Avoid use of cfupdate tags.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Avoid using <code><cfupdate></code> tags. Use cfquery and cfstoredproc instead.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>AVOID_USING_CFINCLUDE_TAG</key>
<name>Avoid use of cfinclude tags.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Avoid using <code><cfinclude></code> tags. Use components instead.</p> ]]></description>

</rule>
<rule>
Expand Down Expand Up @@ -183,14 +183,14 @@
<name>Argument is missing a hint.</name>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p>Use JavaDoc style annotations on cfscript functions.</p> ]]></description>
<description><![CDATA[ <p>Argument is missing a hint. Use javadoc style annotations on cfscript functions.</p> ]]></description>
</rule>
<rule>
<key>ARG_TYPE_MISSING</key>
<name>Component is missing a type.</name>
<severity>BLOCKER</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Argument variable is missing a type.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
Expand All @@ -206,14 +206,14 @@
<name>Method is too long.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Function should be fewer than 100 lines.</p> ]]></description>
</rule>
<rule>
<key>EXCESSIVE_COMPONENT_LENGTH</key>
<name>Component is too long.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Component should be fewer than 500 lines.</p> ]]></description>
</rule>
<rule>
<key>FUNCTION_TYPE_MISSING</key>
Expand All @@ -236,21 +236,21 @@
<name>Function has too many arguments.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Function has too many arguments. Should be fewer than 10.</p> ]]></description>
</rule>
<rule>
<key>EXCESSIVE_FUNCTIONS</key>
<name>Too many functions.</name>
<severity>MAJOR</severity>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Component has too many functions. Should be fewer than 10.</p> ]]></description>
</rule>
<rule>
<key>FUNCTION_TOO_COMPLEX</key>
<name>Function is too complex.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Function is too complex. Consider breaking the function into smaller functions.</p> ]]></description>
</rule>
<rule>
<key>AVOID_USING_WRITEDUMP</key>
Expand All @@ -272,7 +272,7 @@
<name>Avoid use of isdebugmode statements.</name>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Avoid using the IsDebugMode function in production code.</p> ]]></description>
</rule>
<rule>
<key>AVOID_USING_ARRAYNEW</key>
Expand All @@ -293,22 +293,22 @@
<name>Checking boolean expression explicitly.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Explicit check of boolean expression is not needed.</p> ]]></description>
</rule>
<rule>
<key>VAR_INVALID_NAME</key>
<name>Variable has invalid name.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Variable is not a valid name. Please use camelCase or underscores.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>VAR_ALLCAPS_NAME</key>
<name>Variable name is allcaps.</name>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Variable should not be upper case.</p> ]]></description>
</rule>
<rule>
<key>VAR_TOO_SHORT</key>
Expand Down Expand Up @@ -343,7 +343,7 @@
<name>Variable name has prefix or postfix.</name>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Variable has prefix or postfix variable and could be named better.</p> ]]></description>
</rule>
<rule>
<key>ARGUMENT_MISSING_NAME</key>
Expand All @@ -357,7 +357,7 @@
<name>Argument has invalid name.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Please use camelCase or underscores.</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
Expand Down Expand Up @@ -493,21 +493,21 @@
<name>Component name looks temporary.</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Component name component could be named better.</p> ]]></description>
</rule>
<rule>
<key>COMPONENT_HAS_PREFIX_OR_POSTFIX</key>
<name>Component name has prefix or postfix.</name>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Component name has prefix or postfix and could be named better.</p> ]]></description>
</rule>
<rule>
<key>FILE_SHOULD_START_WITH_LOWERCASE</key>
<name>CFM File starts with upper case.</name>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Filename starts with an upper case letter. Only components (.cfc files) should start with an upper case letter.</p> ]]></description>
</rule>
<rule>
<key>AVOID_USING_CREATEOBJECT</key>
Expand Down Expand Up @@ -543,7 +543,7 @@
<name>Using comparison where assignment was probably meant.</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Comparing instead of Assigning</p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
Expand All @@ -559,7 +559,7 @@
<name>Variable scope name is allcaps.</name>
<severity>MINOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<description><![CDATA[ <p>Scope variable should not be upper case.</p> ]]></description>
</rule>
<rule>
<key>AVOID_USING_CFSETTING_DEBUG</key>
Expand All @@ -569,14 +569,6 @@
<description><![CDATA[ <p></p> ]]></description>
<tag>security</tag>
</rule>
<rule>
<key>MISSING_SEMI</key>
<name>No semicolon!</name>
<severity>CRITICAL</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p></p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>UNQUOTED_STRUCT_KEY</key>
<name>Unquoted struct key</name>
Expand Down Expand Up @@ -650,4 +642,11 @@
<description><![CDATA[ <p></p> ]]></description>
<tag>bug</tag>
</rule>
<rule>
<key>STRUCT_ARRAY_NOTATION</key>
<name>Use array notation</name>
<severity>MAJOR</severity>
<cardinality>SINGLE</cardinality>
<description><![CDATA[ <p>Unquoted struct key variable is not case-sensitive. Using array notation is recommended.</p> ]]></description>
</rule>
</rules>
Loading

0 comments on commit 0330cc7

Please sign in to comment.