Merge branch 'green-code-initiative:main' into main

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "maven" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "monthly"

CHANGELOG.md

@@ -11,11 +11,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+### Deleted
+
+## [1.5.0] - 2024-10-04
+
+### Changed
+
 - refactoring docker system
 - [#29](https://github.com/green-code-initiative/ecoCode-python/issues/29) Add test to ensure all Rules are registered
+- [#24](https://github.com/green-code-initiative/ecoCode-python/issues/24) Set correct required language because the
+  plugin wasn't loaded anymore - retro-compatibility modifications (9.9.0 to 10.7 and not compatible before 9.9.0) AND
+  add support for > 10.5 Sonarqube version (up to 10.7.0)
+- update some maven plugin versions and library versions to be up-to-date
+- correction of SonarCloud issues
 
 ### Deleted
 
+- deletion of EC69 rule because of already deprecated (see RULES.md file)
+
 ## [1.4.4] - 2024-07-18
 
 ### Added
@@ -63,7 +76,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [#5](https://github.com/green-code-initiative/ecoCode-python/pull/5) Upgrade licence system and licence headers of
   Java files
 - [#6](https://github.com/green-code-initiative/ecoCode-python/pull/6) Adding EC35 rule : EC35 rule replaces EC34 with a
-  specific use case ("file not found" sepcific)
+  specific use case ("file not found" specific)
 - [#7](https://github.com/green-code-initiative/ecoCode-python/issues/7) Add build number to manifest
 - [#123](https://github.com/green-code-initiative/ecoCode/issues/123) Improve unit tests for EC7 rule
 - Update ecocode-rules-specifications to 1.4.6
@@ -86,7 +99,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Comparison list
 
-[unreleased](https://github.com/green-code-initiative/ecoCode-python/compare/1.4.4...HEAD)
+[unreleased](https://github.com/green-code-initiative/ecoCode-python/compare/1.5.0...HEAD)
+[1.5.0](https://github.com/green-code-initiative/ecoCode-python/compare/1.4.4...1.5.0)
 [1.4.4](https://github.com/green-code-initiative/ecoCode-python/compare/1.4.3...1.4.4)
 [1.4.3](https://github.com/green-code-initiative/ecoCode-python/compare/1.4.2...1.4.3)
 [1.4.2](https://github.com/green-code-initiative/ecoCode-python/compare/1.4.1...1.4.2)

Dockerfile

@@ -1,5 +1,5 @@
 ARG MAVEN_BUILDER=3-openjdk-17-slim
-ARG SONARQUBE_VERSION=10.4.1-community
+ARG SONARQUBE_VERSION=10.7.0-community
 
 FROM maven:${MAVEN_BUILDER} AS builder
 

README.md

@@ -65,6 +65,7 @@ Ready to use binaries are available [from GitHub](https://github.com/green-code-
 
 | Plugin version | SonarQube version   | Java version |
 |----------------|---------------------|--------------|
+| 1.5.+          | 9.9.+ LTS to 10.7.0 | 11 / 17      |
 | 1.4.+          | 9.4.+ LTS to 10.4.1 | 11 / 17      |
 
 > Compatibility table of versions lower than 1.4.+ are available from the

pom.xml

@@ -1,11 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>io.ecocode</groupId>
     <artifactId>ecocode-python-plugin</artifactId>
-    <version>1.4.5-SNAPSHOT</version>
+    <version>1.5.1-SNAPSHOT</version>
     <packaging>sonar-plugin</packaging>
 
     <name>ecoCode - Python language</name>
@@ -48,21 +47,21 @@
         <sonar.organization>green-code-initiative</sonar.organization>
         <sonar.host.url>https://sonarcloud.io</sonar.host.url>
 
-        <!-- max version with SonarQube 10.0 -->
         <sonarqube.version>9.4.0.54424</sonarqube.version>
+        <sonar-analyzer-commons.version>2.13.0.3004</sonar-analyzer-commons.version>
 
-        <!-- max version with SonarQube 10.0 : check lib/extension directory -->
-        <sonarpython.version>4.1.0.11333</sonarpython.version>
+        <sonarpython.version>4.6.0.12071</sonarpython.version>
+        <!-- version with compatibility problem with mockito (even if last version of Mockito) -->
+        <!--        <sonarpython.version>4.7.0.12181</sonarpython.version>-->
+        <!-- version with compatibility problem : classes not found -->
+        <!--        <sonarpython.version>4.22.0.16914</sonarpython.version>-->
 
-        <sonar-packaging.version>1.23.0.740</sonar-packaging.version>
         <sonar.skipDependenciesPackaging>true</sonar.skipDependenciesPackaging>
 
-        <mockito.version>5.3.1</mockito.version>
+        <mockito.version>5.14.1</mockito.version>
 
         <!-- temporary version waiting for real automatic release in ecocode repository -->
-        <ecocode-rules-specifications.version>1.6.2</ecocode-rules-specifications.version>
-
-        <sonar-analyzer-commons.version>2.5.0.1358</sonar-analyzer-commons.version>
+        <ecocode-rules-specifications.version>1.6.4</ecocode-rules-specifications.version>
 
     </properties>
 
@@ -122,20 +121,36 @@
 
     <build>
         <plugins>
+            <!-- TO KEEP COMPATIBLE AND NO WARNING during compiling-->
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.11.0</version>
+                <version>3.13.0</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.1.2</version>
+                <version>3.5.0</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>3.3.1</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>3.1.3</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <version>3.1.3</version>
             </plugin>
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.10</version>
+                <version>0.8.12</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>
@@ -154,7 +169,7 @@
             <plugin>
                 <groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
                 <artifactId>sonar-packaging-maven-plugin</artifactId>
-                <version>${sonar-packaging.version}</version>
+                <version>1.23.0.740</version>
                 <extensions>true</extensions>
                 <configuration>
                     <pluginKey>ecocodepython</pluginKey>
@@ -163,7 +178,7 @@
                     <pluginApiMinVersion>${sonarqube.version}</pluginApiMinVersion>
                     <skipDependenciesPackaging>true</skipDependenciesPackaging>
                     <jreMinVersion>${java.version}</jreMinVersion>
-                    <requiredForLanguages>python</requiredForLanguages>
+                    <requiredForLanguages>py</requiredForLanguages>
                     <archive>
                         <manifestEntries>
                             <Implementation-Build>${buildNumber}</Implementation-Build>
@@ -175,7 +190,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>3.5.0</version>
+                <version>3.6.0</version>
                 <executions>
                     <execution>
                         <phase>package</phase>
@@ -220,7 +235,7 @@
                 <!-- plugin to generate a unique build number for sonar-packaging-maven-plugin : usage of buildNumber variable -->
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>buildnumber-maven-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.2.1</version>
                 <executions>
                     <execution>
                         <phase>validate</phase>
@@ -237,7 +252,7 @@
             <plugin>
                 <groupId>com.mycila</groupId>
                 <artifactId>license-maven-plugin</artifactId>
-                <version>4.1</version>
+                <version>4.6</version>
                 <configuration>
                     <properties>
                         <owner>Green Code Initiative</owner>

src/main/java/fr/greencodeinitiative/python/PythonRuleRepository.java

@@ -26,16 +26,17 @@
 import java.util.Arrays;
 import java.util.List;
 
+
 public class PythonRuleRepository implements RulesDefinition, PythonCustomRuleRepository {
 
+    @SuppressWarnings("rawtypes") // not possible to make a correction because super class is like that
     static final List<Class> ANNOTATED_RULE_CLASSES = Arrays.asList(
             AvoidGettersAndSetters.class,
             AvoidGlobalVariableInFunctionCheck.class,
             AvoidSQLRequestInLoop.class,
             AvoidTryCatchWithFileOpenedCheck.class,
             AvoidUnlimitedCache.class,
             AvoidUnoptimizedVectorImagesCheck.class,
-            NoFunctionCallWhenDeclaringForLoop.class,
             AvoidFullSQLRequest.class,
             AvoidListComprehensionInIterations.class,
             DetectUnoptimizedImageFormat.class,
@@ -66,6 +67,7 @@ public String repositoryKey() {
         return REPOSITORY_KEY;
     }
 
+    @SuppressWarnings("rawtypes") // not possible to make a correction because super class is like that
     @Override
     public List<Class> checkClasses() {
         return ANNOTATED_RULE_CLASSES;

src/main/java/fr/greencodeinitiative/python/checks/AvoidFullSQLRequest.java

@@ -18,12 +18,6 @@
 package fr.greencodeinitiative.python.checks;
 
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.regex.Pattern;
-
 import org.sonar.check.Rule;
 import org.sonar.plugins.python.api.PythonSubscriptionCheck;
 import org.sonar.plugins.python.api.SubscriptionContext;
@@ -32,14 +26,18 @@
 import org.sonar.plugins.python.api.tree.Tree;
 import org.sonarsource.analyzer.commons.annotations.DeprecatedRuleKey;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Pattern;
+
 @Rule(key = "EC74")
 @DeprecatedRuleKey(repositoryKey = "gci-python", ruleKey = "S74")
 public class AvoidFullSQLRequest extends PythonSubscriptionCheck {
 
-    protected static final String MESSAGERULE = "Don't use the query SELECT * FROM";
+    protected static final String MESSAGE_RULE = "Don't use the query SELECT * FROM";
 
-    // TODO DDC : create support to add in deployment th dependency com.google.re2j:re2j
-    // and replace "import java.util.regex.Pattern" by "import com.google.re2j.Pattern"
     private static final Pattern PATTERN = Pattern.compile("(?i).*select.*\\*.*from.*");
     private static final Map<String, Collection<Integer>> linesWithIssuesByFile = new HashMap<>();
 
@@ -68,7 +66,7 @@ private void repport(StringElement stringElement, SubscriptionContext ctx) {
             linesWithIssuesByFile.computeIfAbsent(classname, k -> new ArrayList<>());
             linesWithIssuesByFile.get(classname).add(line);
         }
-        ctx.addIssue(stringElement, MESSAGERULE);
+        ctx.addIssue(stringElement, MESSAGE_RULE);
     }
 
     private boolean lineAlreadyHasThisIssue(StringElement stringElement, SubscriptionContext ctx) {

src/test/java/fr/greencodeinitiative/python/PythonRuleRepositoryTest.java

@@ -30,7 +30,6 @@
 import java.util.Set;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 
@@ -41,30 +40,6 @@ class PythonRuleRepositoryTest {
 
     @BeforeEach
     void init() {
-        // TODO: Remove this check after Git repo split
-    /*
-      On an IDE (like IntelliJ), if the developer runs the unit tests without building/generating the Maven goals on the
-      "ecocode-rules-specifications" module before, the unit tests will not see the generated HTML descriptions (from ASCIIDOC files).
-      The developer must therefore configure his IDE to build the `ecocode-rules-specifications` module before launching the Tests.
-
-      When the `python-plugin` submodule is in a specific Git repository, `ecocode-rules-specifications` will be fetched from a classic
-      external Maven dependency. There will therefore no longer be any need to perform this specific configuration.
-     */
-        if (PythonRuleRepository.class.getResource("/io/ecocode/rules/python/EC4.json") == null) {
-            String message = "'ecocode-rules-specification' resources corrupted. Please check build of 'ecocode-rules-specification' module";
-            if (System.getProperties().keySet().stream().anyMatch(k -> k.toString().startsWith("idea."))) {
-                message += "\n\nOn 'IntelliJ IDEA':" +
-                        "\n1. go to settings :" +
-                        "\n   > Build, Execution, Deployment > Build Tools > Maven > Runner" +
-                        "\n2. check option:" +
-                        "\n   > Delegate IDE build/run actions to Maven" +
-                        "\n3. Click on menu: " +
-                        "\n   > Build > Build Project"
-                ;
-            }
-            fail(message);
-        }
-
         final SonarRuntime sonarRuntime = mock(SonarRuntime.class);
         doReturn(Version.create(0, 0)).when(sonarRuntime).getApiVersion();
         rulesDefinition = new PythonRuleRepository(sonarRuntime);

src/test/java/fr/greencodeinitiative/python/checks/AvoidGlobalVariableInFunctionCheckTest.java

@@ -23,6 +23,8 @@
 public class AvoidGlobalVariableInFunctionCheckTest {
     @Test
     public void test() {
-        PythonCheckVerifier.verify("src/test/resources/checks/avoidGlobalVariableInFunction.py", new AvoidGlobalVariableInFunctionCheck());
+        PythonCheckVerifier.verify("src/test/resources/checks/avoidGlobalVariableInFunctionNonCompliant.py", new AvoidGlobalVariableInFunctionCheck());
+        //PythonCheckVerifier.verifyNoIssue("src/test/resources/checks/avoidGlobalVariableInFunctionCompliant.py", new AvoidGlobalVariableInFunctionCheck());
+        PythonCheckVerifier.verify("src/test/resources/checks/avoidGlobalVariableInFunctionNonCompliant2.py", new AvoidGlobalVariableInFunctionCheck());
     }
 }