├── .cirrus.star ├── .cirrus.yml ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ └── config.yml ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── PullRequestClosed.yml │ ├── PullRequestCreated.yml │ ├── RequestReview.yml │ ├── SubmitReview.yml │ └── release.yml ├── .gitignore ├── LICENSE ├── README.md ├── SECURITY.md ├── commons ├── README.md ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ ├── BuiltInQualityProfileJsonLoader.java │ │ ├── EducationRuleLoader.java │ │ ├── EntropyDetector.java │ │ ├── ExternalReportProvider.java │ │ ├── ExternalRuleLoader.java │ │ ├── FileProvider.java │ │ ├── HumanLanguageDetector.java │ │ ├── JsonParser.java │ │ ├── LengthPrefixSerializer.java │ │ ├── ProfileGenerator.java │ │ ├── ProgressReport.java │ │ ├── Resources.java │ │ ├── RuleMetadataLoader.java │ │ ├── ShannonEntropy.java │ │ ├── TokenLocation.java │ │ ├── annotations │ │ ├── DeprecatedRuleKey.java │ │ ├── DeprecatedRuleKeys.java │ │ └── package-info.java │ │ ├── collections │ │ ├── AVLTree.java │ │ ├── ListUtils.java │ │ ├── MapBuilder.java │ │ ├── MapEntriesIterable.java │ │ ├── PCollections.java │ │ ├── PMap.java │ │ ├── PSet.java │ │ ├── PStack.java │ │ ├── SetUtils.java │ │ ├── SinglyLinkedList.java │ │ ├── TreeIterator.java │ │ └── package-info.java │ │ ├── domain │ │ ├── RuleManifest.java │ │ ├── RuleManifestCode.java │ │ ├── RuleManifestParameter.java │ │ ├── RuleManifestRemediation.java │ │ └── package-info.java │ │ └── package-info.java │ └── test │ ├── java │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ ├── BuiltInQualityProfileJsonLoaderTest.java │ │ ├── EducationRuleLoaderTest.java │ │ ├── EntropyDetectorTest.java │ │ ├── ExternalReportProviderTest.java │ │ ├── ExternalRuleLoaderTest.java │ │ ├── FileProviderTest.java │ │ ├── HumanLanguageDetectorTest.java │ │ ├── JsonParserTest.java │ │ ├── LengthPrefixSerializerTest.java │ │ ├── ProfileGeneratorTest.java │ │ ├── ProgressReportTest.java │ │ ├── ResourcesTest.java │ │ ├── RuleMetadataLoaderTest.java │ │ ├── ShannonEntropyTest.java │ │ ├── TokenLocationTest.java │ │ └── collections │ │ ├── AVLTreeTest.java │ │ ├── ListUtilsTest.java │ │ ├── MapEntriesIterableTest.java │ │ ├── PCollectionsTest.java │ │ ├── PMapTest.java │ │ ├── PSetTest.java │ │ ├── PStackTest.java │ │ ├── SetUtilsTest.java │ │ └── SinglyLinkedListTest.java │ └── resources │ └── org │ └── sonarsource │ └── analyzer │ └── commons │ ├── InputFileContentExtractor.txt │ ├── ResourcesTest.txt │ ├── S100.html │ ├── S100.json │ ├── S102.html │ ├── S102.json │ ├── S102_fallback.html │ ├── S110.html │ ├── S110.json │ ├── S112.html │ ├── S112.json │ ├── S123.html │ ├── S123.json │ ├── S2092.html │ ├── S2092.json │ ├── Sonar_way_profile.json │ ├── Sonar_way_profile_invalid.json │ ├── Sonar_way_profile_no_rule_keys.json │ ├── Sonar_way_profile_with_hotspots.json │ ├── education │ ├── invalid │ │ ├── S100.html │ │ └── S102.html │ └── valid │ │ ├── S100.html │ │ ├── S101.html │ │ ├── S101_fallback.html │ │ ├── S102.html │ │ ├── S103.html │ │ ├── S104.html │ │ ├── S105.html │ │ └── S106.html │ ├── mylinter.json │ ├── not_valid_taxonomy_rule.html │ ├── not_valid_taxonomy_rule.json │ ├── not_valid_taxonomy_rule_2.html │ ├── not_valid_taxonomy_rule_2.json │ ├── notvalid.html │ ├── notvalid.json │ ├── profile_wrong_cwe.json │ ├── rule_missing_title.html │ ├── rule_missing_title.json │ ├── rule_wrong_cwe.html │ ├── rule_wrong_cwe.json │ ├── rule_wrong_tag.html │ ├── rule_wrong_tag.json │ ├── scanner │ └── dir │ │ ├── f1.txt │ │ └── subdir │ │ └── f1.txt │ ├── taxonomy_rule.html │ └── taxonomy_rule.json ├── performance-measure ├── README.md ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── sonarsource │ │ └── performance │ │ └── measure │ │ ├── DurationMeasure.java │ │ ├── DurationMeasureFiles.java │ │ ├── DurationMeasureMerger.java │ │ ├── MeasurementCost.java │ │ ├── PerformanceMeasure.java │ │ ├── log │ │ ├── JavaLoggerBridge.java │ │ ├── Logger.java │ │ ├── SonarSourceLoggerBridge.java │ │ └── package-info.java │ │ └── package-info.java │ └── test │ ├── java │ └── org │ │ └── sonarsource │ │ └── performance │ │ └── measure │ │ ├── DurationMeasureFilesTest.java │ │ ├── DurationMeasureMergerTest.java │ │ ├── DurationMeasureTest.java │ │ ├── MeasurementCostTest.java │ │ ├── PerformanceMeasureTest.java │ │ └── log │ │ ├── JavaLoggerBridgeTest.java │ │ ├── SonarSourceLoggerBridgeTest.java │ │ └── StringLogger.java │ └── resources │ ├── events │ ├── 6.14.0.25321 │ │ └── apache-tika │ │ │ └── 2021-04-01-02h23m15.537 │ │ │ └── sonar.java.performance.measure.json │ ├── 6.14.0.25463 │ │ ├── apache-tika │ │ │ └── 2021-03-19-15h33m00.000 │ │ │ │ └── sonar.java.performance.measure.json │ │ └── buck │ │ │ └── 2021-03-19-15h33m00.000 │ │ │ └── sonar.java.performance.measure.json │ ├── 6.15.0.25600 │ │ ├── AltoroJ │ │ │ └── 2021-04-01-05h14m07.773 │ │ │ │ └── sonar.java.performance.measure.json │ │ ├── apache-tika │ │ │ └── 2021-04-01-05h28m54.334 │ │ │ │ └── sonar.java.performance.measure.json │ │ ├── buck │ │ │ └── 2021-04-01-05h52m13.430 │ │ │ │ └── sonar.java.performance.measure.json │ │ └── performance.score.json │ └── 6.15.0.25780 │ │ ├── apache-tika │ │ ├── 2021-04-10-21h45m24.701 │ │ │ └── sonar.java.performance.measure.json │ │ └── 2021-04-12-02h25m04.427 │ │ │ └── sonar.java.performance.measure.json │ │ ├── buck │ │ ├── 2021-04-10-22h22m24.355 │ │ │ └── sonar.java.performance.measure.json │ │ └── 2021-04-12-02h47m31.083 │ │ │ └── sonar.java.performance.measure.json │ │ ├── com.mpatric-mp3agic │ │ ├── 2021-04-10-00h13m01.400 │ │ │ └── sonar.java.performance.measure.json │ │ ├── 2021-04-10-21h35m56.070 │ │ │ └── sonar.java.performance.measure.json │ │ └── 2021-04-12-02h32m12.993 │ │ │ └── sonar.java.performance.measure.json │ │ ├── performance.score.json │ │ ├── performance.statistics.txt │ │ └── sonar.java.performance.measure.json │ └── performance.score.json ├── pom.xml ├── recognizers ├── README.md ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ └── recognizers │ │ ├── CamelCaseDetector.java │ │ ├── CodeRecognizer.java │ │ ├── ContainsDetector.java │ │ ├── Detector.java │ │ ├── EndWithDetector.java │ │ ├── KeywordsDetector.java │ │ ├── LanguageFootprint.java │ │ ├── RegexDetector.java │ │ ├── StringUtils.java │ │ └── package-info.java │ └── test │ └── java │ └── org │ └── sonarsource │ └── analyzer │ └── commons │ └── recognizers │ ├── CamelCaseDetectorTest.java │ ├── CodeRecognizerTest.java │ ├── ContainsDetectorTest.java │ ├── EndWithDetectorTest.java │ ├── KeywordsDetectorTest.java │ ├── RegexDetectorTest.java │ └── StringUtilsTest.java ├── regex-parsing ├── README.md ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ └── regex │ │ ├── CharacterBuffer.java │ │ ├── CharacterParser.java │ │ ├── MatchType.java │ │ ├── RegexFeature.java │ │ ├── RegexIssueLocation.java │ │ ├── RegexIssueReporter.java │ │ ├── RegexLexer.java │ │ ├── RegexParseResult.java │ │ ├── RegexParser.java │ │ ├── RegexSource.java │ │ ├── SyntaxError.java │ │ ├── ast │ │ ├── AbstractRegexSyntaxElement.java │ │ ├── ActiveFlagsState.java │ │ ├── AtomicGroupTree.java │ │ ├── AutomatonState.java │ │ ├── BackReferenceTree.java │ │ ├── BoundaryTree.java │ │ ├── BranchState.java │ │ ├── CapturingGroupTree.java │ │ ├── CharacterClassElementTree.java │ │ ├── CharacterClassIntersectionTree.java │ │ ├── CharacterClassTree.java │ │ ├── CharacterClassUnionTree.java │ │ ├── CharacterRangeTree.java │ │ ├── CharacterTree.java │ │ ├── ConditionalSubpatternTree.java │ │ ├── CurlyBraceQuantifier.java │ │ ├── DisjunctionTree.java │ │ ├── DotTree.java │ │ ├── EndOfCapturingGroupState.java │ │ ├── EndOfConditionalSubpatternsState.java │ │ ├── EndOfLookaroundState.java │ │ ├── EndOfRepetitionState.java │ │ ├── EscapedCharacterClassTree.java │ │ ├── FinalState.java │ │ ├── FlagSet.java │ │ ├── GroupTree.java │ │ ├── IndexRange.java │ │ ├── LookAroundTree.java │ │ ├── MiscEscapeSequenceTree.java │ │ ├── NegationState.java │ │ ├── NonCapturingGroupTree.java │ │ ├── OpeningQuote.java │ │ ├── PosixCharacterClassElementTree.java │ │ ├── Quantifier.java │ │ ├── ReferenceConditionTree.java │ │ ├── RegexBaseVisitor.java │ │ ├── RegexSyntaxElement.java │ │ ├── RegexToken.java │ │ ├── RegexTree.java │ │ ├── RegexVisitor.java │ │ ├── RepetitionTree.java │ │ ├── SequenceTree.java │ │ ├── SimpleQuantifier.java │ │ ├── SourceCharacter.java │ │ ├── StartOfLookBehindState.java │ │ ├── StartState.java │ │ └── package-info.java │ │ ├── finders │ │ ├── AnchorPrecedenceFinder.java │ │ ├── ComplexRegexFinder.java │ │ ├── DuplicatesInCharacterClassFinder.java │ │ ├── EmptyAlternativeFinder.java │ │ ├── EmptyGroupFinder.java │ │ ├── EmptyStringRepetitionFinder.java │ │ ├── FailingLookaheadFinder.java │ │ ├── GraphemeInClassFinder.java │ │ ├── ImpossibleBackReferenceFinder.java │ │ ├── ImpossibleBoundaryFinder.java │ │ ├── MultipleWhitespaceFinder.java │ │ ├── PossessiveQuantifierContinuationFinder.java │ │ ├── RedosFinder.java │ │ ├── RedundantRegexAlternativesFinder.java │ │ ├── ReluctantQuantifierFinder.java │ │ ├── ReluctantQuantifierWithEmptyContinuationFinder.java │ │ ├── SingleCharCharacterClassFinder.java │ │ ├── SingleCharacterAlternationFinder.java │ │ ├── SuperfluousCurlyBraceFinder.java │ │ ├── UnicodeUnawareCharClassFinder.java │ │ ├── UnquantifiedNonCapturingGroupFinder.java │ │ ├── VerboseRegexFinder.java │ │ └── package-info.java │ │ ├── helpers │ │ ├── AbstractAutomataChecker.java │ │ ├── BranchTrackingVisitor.java │ │ ├── GraphemeHelper.java │ │ ├── IntersectAutomataChecker.java │ │ ├── RegexReachabilityChecker.java │ │ ├── RegexTreeHelper.java │ │ ├── SimplifiedRegexCharacterClass.java │ │ ├── SubAutomaton.java │ │ ├── SupersetAutomataChecker.java │ │ └── package-info.java │ │ ├── java │ │ ├── JavaCharacterParser.java │ │ ├── JavaRegexSource.java │ │ ├── JavaUnicodeEscapeParser.java │ │ └── package-info.java │ │ ├── package-info.java │ │ ├── php │ │ ├── PhpRegexFlags.java │ │ ├── PhpRegexSource.java │ │ ├── PhpStringCharacterParser.java │ │ └── package-info.java │ │ └── python │ │ ├── PythonRegexSource.java │ │ └── package-info.java │ └── test │ ├── java │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ └── regex │ │ ├── CharacterBufferTests.java │ │ ├── CharacterParsingTest.java │ │ ├── CombinedTests.java │ │ ├── RegexParserTestUtils.java │ │ ├── ast │ │ ├── AutomatonStateTest.java │ │ ├── BackReferenceTreeTest.java │ │ ├── BoundaryTreeTest.java │ │ ├── CapturingGroupTreeTest.java │ │ ├── CharacterClassTreeTest.java │ │ ├── CharacterTreeTest.java │ │ ├── ConditionalSubpatternTreeTest.java │ │ ├── CurlyBraceQuantifierTest.java │ │ ├── DisjunctionTreeTest.java │ │ ├── DotTreeTest.java │ │ ├── EscapedCharacterClassTreeTest.java │ │ ├── FlagSetTest.java │ │ ├── GroupTreesTest.java │ │ ├── MiscEscapeSequenceTreeTest.java │ │ ├── OpeningQuoteTest.java │ │ ├── PosixCharacterClassElementTreeTest.java │ │ ├── QuantifierTest.java │ │ ├── RegexBaseVisitorTest.java │ │ └── SequenceTreeTest.java │ │ ├── finders │ │ ├── AnchorPrecedenceFinderTest.java │ │ ├── ComplexRegexFinderTest.java │ │ ├── DuplicatesInCharacterClassFinderTest.java │ │ ├── EmptyAlternativeFinderTest.java │ │ ├── EmptyGroupFinderTest.java │ │ ├── EmptyStringRepetitionFinderTest.java │ │ ├── FailingLookaheadFinderTest.java │ │ ├── FinderCheck.java │ │ ├── GraphemeInClassFinderTest.java │ │ ├── ImpossibleBackReferenceFinderTest.java │ │ ├── ImpossibleBoundaryFinderTest.java │ │ ├── MultipleWhitespaceFinderTest.java │ │ ├── PossessiveQuantifierContinuationFinderTest.java │ │ ├── RedosFinderTest.java │ │ ├── RedundantRegexAlternativesFinderTest.java │ │ ├── RegexFinderVerifier.java │ │ ├── ReluctantQuantifierFinderTest.java │ │ ├── ReluctantQuantifierWithEmptyContinuationFinderTest.java │ │ ├── SingleCharCharacterClassFinderTest.java │ │ ├── SingleCharacterAlternationFinderTest.java │ │ ├── SuperfluousCurlyBraceFinderTest.java │ │ ├── UnicodeUnawareCharClassFinderTest.java │ │ ├── UnquantifiedNonCapturingGroupFinderTest.java │ │ ├── VerboseRegexFinderTest.java │ │ └── Verifier.java │ │ ├── helpers │ │ ├── AutomataCheckerTest.java │ │ ├── OrderedAutomataPairCacheTest.java │ │ ├── OrderedAutomataPairTest.java │ │ ├── RegexReachabilityCheckerTest.java │ │ ├── RegexTreeHelperTest.java │ │ ├── SimplifiedRegexCharacterClassTest.java │ │ └── SubAutomatonTest.java │ │ ├── php │ │ └── PhpStringCharacterParserTest.java │ │ └── python │ │ └── PythonRegexSourceTest.java │ └── resources │ └── finders │ ├── AnchorPrecedenceFinder.yml │ ├── ComplexRegexFinder.yml │ ├── DuplicatesInCharacterClassFinder.yml │ ├── EmptyAlternativeFinder.yml │ ├── EmptyGroupFinder.yml │ ├── EmptyStringRepetitionFinder.yml │ ├── FailingLookaheadFinder.yml │ ├── FailingLookaheadFinderFullMatch.yml │ ├── GraphemeInClassFinder.yml │ ├── ImpossibleBackReferenceFinder.yml │ ├── ImpossibleBoundaryFinder.yml │ ├── MultipleWhitespaceFinder.yml │ ├── PossessiveQuantifierContinuationFinder.yml │ ├── RedosFinderBoth.yml │ ├── RedosFinderFull.yml │ ├── RedosFinderPartial.yml │ ├── RedosFinderUnknown.yml │ ├── RedundantRegexAlternativesFinder.yml │ ├── ReluctantQuantifierFinder.yml │ ├── ReluctantQuantifierWithEmptyContinuationFinder.yml │ ├── ReluctantQuantifierWithEmptyContinuationFinderBothOrUnknownMatch.yml │ ├── ReluctantQuantifierWithEmptyContinuationFinderFullMatch.yml │ ├── SingleCharCharacterClassFinder.yml │ ├── SingleCharacterAlternationFinder.yml │ ├── SuperfluousCurlyBraceFinder.yml │ ├── UnicodeUnawareCharClassFinder.yml │ ├── UnquantifiedNonCapturingGroupFinder.yml │ └── VerboseRegexFinder.yml ├── test-commons ├── README.md ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ └── checks │ │ ├── coverage │ │ ├── UtilityClass.java │ │ └── package-info.java │ │ └── verifier │ │ ├── CommentParser.java │ │ ├── FileContent.java │ │ ├── MultiFileVerifier.java │ │ ├── SingleFileVerifier.java │ │ ├── internal │ │ ├── Comment.java │ │ ├── FileIssues.java │ │ ├── FlowLocation.java │ │ ├── InternalCommentParser.java │ │ ├── InternalIssue.java │ │ ├── InternalIssueVerifier.java │ │ ├── IssueLocation.java │ │ ├── LineIssues.java │ │ ├── NoncompliantCommentParser.java │ │ ├── PerLineLocationWriter.java │ │ ├── PreciseLocation.java │ │ ├── PreciseLocationParser.java │ │ ├── PrimaryLocation.java │ │ ├── QuickFixParser.java │ │ ├── Report.java │ │ ├── ReportDiff.java │ │ ├── SecondaryLocation.java │ │ ├── SingleLineCommentParser.java │ │ ├── TestFile.java │ │ ├── UnderlinedRange.java │ │ └── package-info.java │ │ ├── package-info.java │ │ └── quickfix │ │ ├── QuickFix.java │ │ ├── TextEdit.java │ │ ├── TextSpan.java │ │ └── package-info.java │ └── test │ ├── java │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ └── checks │ │ ├── coverage │ │ └── UtilityClassTest.java │ │ └── verifier │ │ ├── FileContentTest.java │ │ ├── MultiFileVerifierTest.java │ │ ├── PerLineLocationWriterTest.java │ │ ├── SingleFileVerifierTest.java │ │ ├── internal │ │ ├── CommentTest.java │ │ ├── FileIssuesTest.java │ │ ├── FlowLocationTest.java │ │ ├── IssueLocationTest.java │ │ ├── LineIssuesTest.java │ │ ├── NoncompliantCommentParserTest.java │ │ ├── PreciseLocationParserTest.java │ │ ├── PrimaryLocationTest.java │ │ ├── QuickFixParserTest.java │ │ ├── ReportDiffTest.java │ │ ├── SecondaryLocationTest.java │ │ ├── SingleLineCommentParserTest.java │ │ ├── TestFileTest.java │ │ └── UnderlinedRangeTest.java │ │ └── quickfix │ │ ├── QuickFixTest.java │ │ ├── TextEditTest.java │ │ └── TextSpanTest.java │ └── resources │ ├── code.js │ ├── code.js.issues.txt │ ├── empty.js │ ├── main.js │ ├── quickfixes │ └── JavaCodeWithQuickFix.java │ ├── same-location.js │ ├── several-issues-on-the-same-line.js │ └── simple.js ├── test-xml-parsing ├── README.md ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ └── xml │ │ └── checks │ │ ├── SonarXmlCheckVerifier.java │ │ └── package-info.java │ └── test │ ├── java │ └── org │ │ └── sonarsource │ │ └── analyzer │ │ └── commons │ │ └── xml │ │ └── checks │ │ └── SonarXmlCheckVerifierTest.java │ └── resources │ ├── checks │ ├── FileTestCheck │ │ └── file.xml │ ├── SilentTestCheck │ │ ├── file.xml │ │ └── malformedFile.xml │ ├── TestCheck │ │ └── checkTestFile.xml │ └── file.xml │ └── file.xml ├── wss-unified-agent.config └── xml-parsing ├── README.md ├── pom.xml └── src ├── main └── java │ └── org │ └── sonarsource │ └── analyzer │ └── commons │ └── xml │ ├── ParseException.java │ ├── PrologElement.java │ ├── SafeDomParserFactory.java │ ├── SafeStaxParserFactory.java │ ├── SafetyFactory.java │ ├── XPathBuilder.java │ ├── XmlFile.java │ ├── XmlFilePosition.java │ ├── XmlParser.java │ ├── XmlTextRange.java │ ├── checks │ ├── SimpleXPathBasedCheck.java │ ├── SonarXmlCheck.java │ └── package-info.java │ └── package-info.java └── test ├── java └── org │ └── sonarsource │ └── analyzer │ └── commons │ └── xml │ ├── SafetyFactoryTest.java │ ├── XPathBuilderTest.java │ ├── XmlFileTest.java │ ├── XmlParserTest.java │ ├── XmlTextRangeTest.java │ └── checks │ ├── SimpleXPathBasedCheckTest.java │ └── SonarXmlCheckTest.java └── resources ├── checks └── SimpleXPathBasedCheck │ ├── simple.xml │ └── xPathFailure.xml └── file.xml /.cirrus.star: -------------------------------------------------------------------------------- 1 | load("github.com/SonarSource/cirrus-modules@v3", "load_features") 2 | 3 | def main(ctx): 4 | return load_features(ctx) 5 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | .github/CODEOWNERS @SonarSource/quality-team 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | contact_links: 3 | - name: Sonar Analyzer Commons Jira Project 4 | url: https://sonarsource.atlassian.net/browse/ACOMMONS 5 | about: Browse existing issues here. 6 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Part of 2 | 8 | -------------------------------------------------------------------------------- /.github/workflows/PullRequestClosed.yml: -------------------------------------------------------------------------------- 1 | name: Pull Request Closed 2 | 3 | on: 4 | pull_request: 5 | types: [closed] 6 | 7 | jobs: 8 | PullRequestMerged_job: 9 | name: Pull Request Merged 10 | runs-on: ubuntu-latest-large 11 | permissions: 12 | id-token: write 13 | pull-requests: read 14 | # For external PR, ticket should be moved manually 15 | if: | 16 | github.event.pull_request.head.repo.full_name == github.repository 17 | steps: 18 | - id: secrets 19 | uses: SonarSource/vault-action-wrapper@v3 20 | with: 21 | secrets: | 22 | development/kv/data/jira user | JIRA_USER; 23 | development/kv/data/jira token | JIRA_TOKEN; 24 | - uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@v2 25 | with: 26 | github-token: ${{secrets.GITHUB_TOKEN}} 27 | jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} 28 | jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} 29 | -------------------------------------------------------------------------------- /.github/workflows/PullRequestCreated.yml: -------------------------------------------------------------------------------- 1 | name: Pull Request Created 2 | 3 | on: 4 | pull_request: 5 | types: ["opened"] 6 | 7 | jobs: 8 | PullRequestCreated_job: 9 | name: Pull Request Created 10 | runs-on: ubuntu-latest-large 11 | permissions: 12 | id-token: write 13 | # For external PR, ticket should be created manually 14 | if: | 15 | github.event.pull_request.head.repo.full_name == github.repository 16 | steps: 17 | - id: secrets 18 | uses: SonarSource/vault-action-wrapper@v3 19 | with: 20 | secrets: | 21 | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; 22 | development/kv/data/jira user | JIRA_USER; 23 | development/kv/data/jira token | JIRA_TOKEN; 24 | - uses: sonarsource/gh-action-lt-backlog/PullRequestCreated@v2 25 | with: 26 | github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} 27 | jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} 28 | jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} 29 | jira-project: ACOMMONS 30 | -------------------------------------------------------------------------------- /.github/workflows/RequestReview.yml: -------------------------------------------------------------------------------- 1 | name: Request review 2 | 3 | on: 4 | pull_request: 5 | types: ["review_requested"] 6 | 7 | jobs: 8 | RequestReview_job: 9 | name: Request review 10 | runs-on: ubuntu-latest-large 11 | permissions: 12 | id-token: write 13 | # For external PR, ticket should be moved manually 14 | if: | 15 | github.event.pull_request.head.repo.full_name == github.repository 16 | steps: 17 | - id: secrets 18 | uses: SonarSource/vault-action-wrapper@v3 19 | with: 20 | secrets: | 21 | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; 22 | development/kv/data/jira user | JIRA_USER; 23 | development/kv/data/jira token | JIRA_TOKEN; 24 | - uses: sonarsource/gh-action-lt-backlog/RequestReview@v2 25 | with: 26 | github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} 27 | jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} 28 | jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} 29 | -------------------------------------------------------------------------------- /.github/workflows/SubmitReview.yml: -------------------------------------------------------------------------------- 1 | name: Submit Review 2 | 3 | on: 4 | pull_request_review: 5 | types: [submitted] 6 | 7 | jobs: 8 | SubmitReview_job: 9 | name: Submit Review 10 | runs-on: ubuntu-latest-large 11 | permissions: 12 | id-token: write 13 | pull-requests: read 14 | # For external PR, ticket should be moved manually 15 | if: | 16 | github.event.pull_request.head.repo.full_name == github.repository 17 | && (github.event.review.state == 'changes_requested' 18 | || github.event.review.state == 'approved') 19 | steps: 20 | - id: secrets 21 | uses: SonarSource/vault-action-wrapper@v3 22 | with: 23 | secrets: | 24 | development/kv/data/jira user | JIRA_USER; 25 | development/kv/data/jira token | JIRA_TOKEN; 26 | - uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2 27 | with: 28 | github-token: ${{secrets.GITHUB_TOKEN}} 29 | jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} 30 | jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} 31 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: sonar-release 3 | # This workflow is triggered when publishing a new github release 4 | # yamllint disable-line rule:truthy 5 | on: 6 | release: 7 | types: 8 | - published 9 | 10 | jobs: 11 | release: 12 | permissions: 13 | id-token: write 14 | contents: write 15 | uses: SonarSource/gh-action_release/.github/workflows/main.yaml@v5 16 | with: 17 | publishToBinaries: true 18 | mavenCentralSync: true 19 | slackChannel: team-analysis-notifications 20 | 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Maven 2 | target/ 3 | dependency-reduced-pom.xml 4 | 5 | # IntelliJ IDEA 6 | *.iws 7 | *.iml 8 | *.ipr 9 | .idea/ 10 | 11 | # Eclipse 12 | .classpath 13 | .project 14 | .settings 15 | 16 | # ---- Mac OS X 17 | .DS_Store 18 | Icon? 19 | # Thumbnails 20 | ._* 21 | # Files that might appear on external disk 22 | .Spotlight-V100 23 | .Trashes 24 | 25 | # ---- Windows 26 | # Windows image file caches 27 | Thumbs.db 28 | # Folder config file 29 | Desktop.ini 30 | 31 | # ---- Sonar 32 | .sonar 33 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SonarSource Analyzers Commons Libraries 2 | 3 | [![Build Status](https://api.cirrus-ci.com/github/SonarSource/sonar-analyzer-commons.svg?branch=master)](https://cirrus-ci.com/github/SonarSource/sonar-analyzer-commons) [![Quality Gate Status](https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=org.sonarsource.analyzer-commons%3Asonar-analyzer-commons-parent&metric=alert_status)](https://next.sonarqube.com/sonarqube/dashboard?id=org.sonarsource.analyzer-commons%3Asonar-analyzer-commons-parent) [![Coverage](https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=org.sonarsource.analyzer-commons%3Asonar-analyzer-commons-parent&metric=coverage)](https://next.sonarqube.com/sonarqube/dashboard?id=org.sonarsource.analyzer-commons%3Asonar-analyzer-commons-parent) 4 | 5 | ## Modules 6 | 7 | * [commons](commons) Logic useful for a language plugin 8 | * [recognizers](recognizers) Logic useful for detecting commented out code 9 | * [test-commons](test-commons) Logic useful to test a language analyzer 10 | * [xml-parsing](xml-parsing) Logic useful to analyze and test checks for XML file 11 | * [test-xml-parsing](test-xml-parsing) Logic useful to test XML parsing and XML-related rules 12 | * [regex-parsing](regex-parsing) Logic used to parse regular expressions (currently only for Java) 13 | 14 | ## Build 15 | ``` 16 | mvn clean install 17 | ``` 18 | 19 | ### License 20 | Copyright 2009-2023 SonarSource. 21 | Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt) 22 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Reporting Security Issues 2 | 3 | A mature software vulnerability treatment process is a cornerstone of a robust information security management system. Contributions from the community play an important role in the evolution and security of our products, and in safeguarding the security and privacy of our users. 4 | 5 | If you believe you have discovered a security vulnerability in Sonar's products, we encourage you to report it immediately. 6 | 7 | To responsibly report a security issue, please email us at [security@sonarsource.com](mailto:security@sonarsource.com). Sonar’s security team will acknowledge your report, guide you through the next steps, or request additional information if necessary. Customers with a support contract can also report the vulnerability directly through the support channel. 8 | 9 | For security vulnerabilities found in third-party libraries, please also contact the library's owner or maintainer directly. 10 | 11 | ## Responsible Disclosure Policy 12 | 13 | For more information about disclosing a security vulnerability to Sonar, please refer to our community post: [Responsible Vulnerability Disclosure](https://community.sonarsource.com/t/responsible-vulnerability-disclosure/9317). -------------------------------------------------------------------------------- /commons/README.md: -------------------------------------------------------------------------------- 1 | SonarSource Analyzers Commons (compatible with SQ >=7.9) 2 | ========================= 3 | Logic useful for an average language plugin 4 | 5 | * [`RuleMetadataLoader`](./src/main/java/org/sonarsource/analyzer/commons/RuleMetadataLoader.java) - to define rules metadata based on `json` and `html` files 6 | * [`DeprecatedRuleKey`](./src/main/java/org/sonarsource/analyzer/commons/annotations/DeprecatedRuleKey.java) annotation - when used with [`RuleMetadataLoader`](./src/main/java/org/sonarsource/analyzer/commons/RuleMetadataLoader.java) in will add deprecated rule key for an annotated rule 7 | * [`BuiltInQualityProfileJsonLoader`](./src/main/java/org/sonarsource/analyzer/commons/BuiltInQualityProfileJsonLoader.java) - to define default rules profiles based on `json` file 8 | * [`ProfileGenerator`](./src/main/java/org/sonarsource/analyzer/commons/ProfileGenerator.java) - to generate rules profile `xml` file (e.g. can be used for integration tests) 9 | * [`TokenLocation`](./src/main/java/org/sonarsource/analyzer/commons/TokenLocation.java) - to compute token location 10 | * [`ExternalRuleLoader`](./src/main/java/org/sonarsource/analyzer/commons/ExternalRuleLoader.java) - to load external rules descriptions from `json` file 11 | * [`ExternalReportProvider`](./src/main/java/org/sonarsource/analyzer/commons/ExternalReportProvider.java) - to get the list of io.File with external reports 12 | * [`ProgressReport`](./src/main/java/org/sonarsource/analyzer/commons/ProgressReport.java) - to produce logs with number of analyzed files 13 | * [`FileProvider`](./src/main/java/org/sonarsource/analyzer/commons/FileProvider.java) - to get files matching given pattern in the given directory 14 | 15 | ### License 16 | Copyright 2009-2023 SonarSource. 17 | Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt) 18 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/JsonParser.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons; 18 | 19 | import java.io.IOException; 20 | import java.io.Reader; 21 | import java.util.List; 22 | import java.util.Map; 23 | import org.json.simple.parser.JSONParser; 24 | import org.json.simple.parser.ParseException; 25 | 26 | /** 27 | * Not designed for multi-threads 28 | */ 29 | class JsonParser { 30 | 31 | private final JSONParser parser = new JSONParser(); 32 | 33 | Map parse(String data) { 34 | try { 35 | return (Map) parser.parse(data); 36 | } catch (ParseException e) { 37 | throw new IllegalArgumentException("Could not parse JSON", e); 38 | } 39 | } 40 | 41 | List> parseArray(Reader reader) throws IOException { 42 | try { 43 | return (List>) parser.parse(reader); 44 | } catch (ParseException e) { 45 | throw new IllegalArgumentException("Could not parse JSON", e); 46 | } 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/ShannonEntropy.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons; 18 | 19 | import java.util.function.Function; 20 | import java.util.stream.Collectors; 21 | import javax.annotation.Nullable; 22 | 23 | public class ShannonEntropy { 24 | private static final double LOG_2 = Math.log(2.0d); 25 | 26 | private ShannonEntropy() { 27 | // utility class 28 | } 29 | 30 | public static double calculate(@Nullable String str) { 31 | if (str == null || str.isEmpty()) { 32 | return 0.0d; 33 | } 34 | int length = str.length(); 35 | return str.chars() 36 | .boxed() 37 | .collect(Collectors.groupingBy(Function.identity(), Collectors.counting())) 38 | .values() 39 | .stream() 40 | .map(Long::doubleValue) 41 | .mapToDouble(count -> count / length) 42 | .map(frequency -> -frequency * Math.log(frequency)) 43 | .sum() / LOG_2; 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/annotations/DeprecatedRuleKeys.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.annotations; 18 | 19 | import java.lang.annotation.ElementType; 20 | import java.lang.annotation.Retention; 21 | import java.lang.annotation.RetentionPolicy; 22 | import java.lang.annotation.Target; 23 | 24 | @Retention(RetentionPolicy.RUNTIME) 25 | @Target(ElementType.TYPE) 26 | public @interface DeprecatedRuleKeys { 27 | DeprecatedRuleKey[] value(); 28 | } 29 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/annotations/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.annotations; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/collections/MapBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.collections; 18 | 19 | import java.util.Collections; 20 | import java.util.HashMap; 21 | import java.util.Map; 22 | 23 | /** 24 | * This class is used for Java < 9 to simplify the creation of maps. 25 | * After moving to Java > 9, should be replaced by Immutable Map Static Factory Methods 26 | * @see Immutable Map Static Factory Methods 27 | */ 28 | public final class MapBuilder { 29 | 30 | public static MapBuilder newMap() { 31 | return new MapBuilder<>(); 32 | } 33 | 34 | private final Map map; 35 | 36 | private MapBuilder() { 37 | this.map = new HashMap<>(); 38 | } 39 | 40 | public MapBuilder put(K key, V value) { 41 | map.put(key, value); 42 | return this; 43 | } 44 | 45 | public Map build() { 46 | return Collections.unmodifiableMap(map); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/collections/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.collections; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/domain/RuleManifest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.domain; 18 | 19 | import java.util.List; 20 | 21 | public interface RuleManifest { 22 | RuleManifestCode code(); 23 | 24 | String defaultSeverity(); 25 | 26 | String htmlDocumentation(); 27 | 28 | String name(); 29 | 30 | List parameters(); 31 | 32 | RuleManifestRemediation remediation(); 33 | 34 | String scope(); 35 | 36 | String status(); 37 | 38 | List tags(); 39 | 40 | String title(); 41 | 42 | String type(); 43 | } 44 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/domain/RuleManifestCode.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.domain; 18 | 19 | import java.util.Map; 20 | 21 | public interface RuleManifestCode { 22 | Map impacts(); 23 | 24 | String attribute(); 25 | } 26 | 27 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/domain/RuleManifestParameter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.domain; 18 | 19 | public interface RuleManifestParameter { 20 | String defaultValue(); 21 | 22 | String description(); 23 | 24 | String name(); 25 | 26 | String type(); 27 | } 28 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/domain/RuleManifestRemediation.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.domain; 18 | 19 | public interface RuleManifestRemediation { 20 | String func(); 21 | 22 | String constantCost(); 23 | 24 | String linearFactor(); 25 | 26 | String linearOffset(); 27 | 28 | String linearDescription(); 29 | } 30 | 31 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/domain/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.domain; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /commons/src/main/java/org/sonarsource/analyzer/commons/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /commons/src/test/java/org/sonarsource/analyzer/commons/JsonParserTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons; 18 | 19 | import java.util.Map; 20 | import org.junit.Test; 21 | 22 | import static org.assertj.core.api.Assertions.assertThat; 23 | 24 | public class JsonParserTest { 25 | 26 | @Test 27 | public void parse() throws Exception { 28 | JsonParser parser = new JsonParser(); 29 | Map map = parser.parse("{ \"name\" : \"Paul\" }"); 30 | Object name = map.get("name"); 31 | assertThat(name).isEqualTo("Paul"); 32 | } 33 | 34 | @Test(expected = IllegalArgumentException.class) 35 | public void invalid_json() { 36 | new JsonParser().parse("{{}"); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /commons/src/test/java/org/sonarsource/analyzer/commons/ResourcesTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons; 18 | 19 | import java.io.IOException; 20 | import org.junit.Test; 21 | 22 | import static java.nio.charset.StandardCharsets.UTF_8; 23 | import static org.assertj.core.api.Assertions.assertThat; 24 | 25 | public class ResourcesTest { 26 | 27 | @Test 28 | public void read_resource() throws Exception { 29 | assertThat(Resources.toString("org/sonarsource/analyzer/commons/ResourcesTest.txt", UTF_8)).isEqualTo("hello" + System.lineSeparator()); 30 | } 31 | 32 | @Test 33 | public void read_resource_with_absolute() throws Exception { 34 | assertThat(Resources.toString("/org/sonarsource/analyzer/commons/ResourcesTest.txt", UTF_8)).isEqualTo("hello" + System.lineSeparator()); 35 | } 36 | 37 | @Test(expected = IOException.class) 38 | public void read_invalid_resource() throws Exception { 39 | Resources.toString("invalid/path.txt", UTF_8); 40 | } 41 | 42 | } 43 | -------------------------------------------------------------------------------- /commons/src/test/java/org/sonarsource/analyzer/commons/collections/PCollectionsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.collections; 18 | 19 | import org.junit.Test; 20 | import static org.assertj.core.api.Assertions.assertThat; 21 | 22 | 23 | public class PCollectionsTest { 24 | 25 | @Test 26 | public void test_pcollections() { 27 | assertThat(PCollections.emptyMap()).isEqualTo(AVLTree.create()); 28 | assertThat(PCollections.emptySet()).isEqualTo(AVLTree.create()); 29 | assertThat(PCollections.emptyStack()).isEqualTo(SinglyLinkedList.EMPTY); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/InputFileContentExtractor.txt: -------------------------------------------------------------------------------- 1 | Hello! 2 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/ResourcesTest.txt: -------------------------------------------------------------------------------- 1 | hello 2 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S100.html: -------------------------------------------------------------------------------- 1 |

description S100

2 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S100.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Function names should comply with a naming convention", 3 | "type": "CODE_SMELL", 4 | "status": "ready", 5 | "remediation": { 6 | "func": "Constant\/Issue", 7 | "constantCost": "5min" 8 | }, 9 | "tags": [ 10 | "convention" 11 | ], 12 | "defaultSeverity": "Minor" 13 | } 14 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S102.html: -------------------------------------------------------------------------------- 1 | Intro 2 |

Why is this an issue?

3 | Explanation 4 |

How to fix it in Framework-1

5 | Details 6 |

How to fix it in Framework-2

7 | Details 8 |

Resources

9 | Links 10 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S102.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Avoid doing assignments in the condition part of if\/while\/for statements", 3 | "type": "CODE_SMELL", 4 | "status": "ready", 5 | "defaultSeverity": "Major", 6 | "educationPrinciples": [ 7 | "defense_in_depth", 8 | "never_trust_user_input" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S102_fallback.html: -------------------------------------------------------------------------------- 1 | Intro 2 |

Why is this an issue?

3 | Explanation 4 |

How to fix it in Framework-1

5 | Details 6 |

Resources

7 | Links -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S110.html: -------------------------------------------------------------------------------- 1 |

description S110

2 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S110.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Inheritance tree of classes should not be too deep", 3 | "type": "CODE_SMELL", 4 | "status": "ready", 5 | "remediation": { 6 | "func": "Linear with offset", 7 | "linearDesc": "Number of parents above the defined threshold", 8 | "linearOffset": "4h", 9 | "linearFactor": "30mn" 10 | }, 11 | "tags": [ 12 | "design" 13 | ], 14 | "defaultSeverity": "Major" 15 | } 16 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S112.html: -------------------------------------------------------------------------------- 1 |

If you throw a general exception type, such as ErrorException, RuntimeException, or Exception in a library or framework, it forces consumers to 2 | catch all exceptions, including unknown exceptions that they do not know how to handle.

3 |

Instead, either throw a subtype that already exists in the Standard PHP Library, or create your own type that derives from Exception.

4 |

Noncompliant Code Example

5 | 
 6 | throw new Exception();  // Noncompliant
 7 |
8 |

Compliant Solution

9 | 
10 | throw new InvalidArgumentException();
11 | // or
12 | throw new UnexpectedValueException();
13 |
14 |

See

15 |
    16 |
  • MITRE, CWE-397 - Declaration of Throws for Generic Exception
    • 17 |
  • CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable 18 |
    • 19 |
20 | 21 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S112.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Generic exceptions ErrorException, RuntimeException and Exception should not be thrown", 3 | "type": "CODE_SMELL", 4 | "status": "ready", 5 | "remediation": { 6 | "func": "Constant\/Issue", 7 | "constantCost": "20min" 8 | }, 9 | "tags": [ 10 | "cwe", 11 | "error-handling", 12 | "cert" 13 | ], 14 | "standards": [ 15 | "CWE" 16 | ], 17 | "defaultSeverity": "Major", 18 | "ruleSpecification": "RSPEC-112", 19 | "sqKey": "S112", 20 | "scope": "Main", 21 | "securityStandards": { 22 | "CWE": [ 23 | 397 24 | ] 25 | } 26 | } -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S123.html: -------------------------------------------------------------------------------- 1 |

description S123

2 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S123.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Avoid doing assignments in the condition part of if\/while\/for statements", 3 | "type": "CODE_SMELL", 4 | "status": "ready", 5 | "remediation": { 6 | "func": "Linear", 7 | "linearDesc": null, 8 | "linearFactor": "10mn" 9 | }, 10 | "tags": [ 11 | 12 | ], 13 | "defaultSeverity": "Major" 14 | } 15 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S2092.html: -------------------------------------------------------------------------------- 1 |

The "secure" attribute prevents cookies from being sent over plaintext connections such as HTTP, where they would be easily eavesdropped upon. 2 | Instead, cookies with the secure attribute are only sent over encrypted HTTPS connections.

3 |

Noncompliant Code Example

4 | 
 5 | Cookie c = new Cookie(SECRET, secret);  // Noncompliant; cookie is not secure
 6 | response.addCookie(c);
 7 |
8 |

Compliant Solution

9 | 
10 | Cookie c = new Cookie(SECRET, secret);
11 | c.setSecure(true);
12 | response.addCookie(c);
13 |
14 |

See

15 |
    16 |
  • MITRE, CWE-311 - Missing Encryption of Sensitive Data
    • 17 |
  • MITRE, CWE-315 - Cleartext Storage of Sensitive Information in a Cookie
    • 18 |
  • MITRE, CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
    • 19 |
  • OWASP Top 10 2017 Category A2 - Broken Authentication
    • 20 |
  • OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
    • 21 |
  • SANS Top 25 - Porous Defenses
    • 22 |
23 | 24 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/S2092.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Cookies should be \"secure\"", 3 | "type": "SECURITY_HOTSPOT", 4 | "status": "ready", 5 | "remediation": { 6 | "func": "Constant\/Issue", 7 | "constantCost": "5min" 8 | }, 9 | "tags": [ 10 | "cwe", 11 | "spring", 12 | "sans-top25-porous", 13 | "owasp-a2", 14 | "owasp-a3" 15 | ], 16 | "standards": [ 17 | "CWE", 18 | "OWASP Top Ten", 19 | "SANS Top 25" 20 | ], 21 | "defaultSeverity": "Minor", 22 | "ruleSpecification": "RSPEC-2092", 23 | "sqKey": "S2092", 24 | "scope": "Main", 25 | "securityStandards": { 26 | "CWE": [ 27 | 614, 28 | 311, 29 | 315 30 | ], 31 | "OWASP": [ 32 | "A2", 33 | "A3" 34 | ], 35 | "OWASP Top 10 2021": [ 36 | "A4", 37 | "A5" 38 | ], 39 | "OWASP Mobile Top 10 2024": [ 40 | "M3", 41 | "M4" 42 | ], 43 | "PCI DSS 3.2": [ 44 | "1.1.1", 45 | "1.1.2" 46 | ], 47 | "ASVS 4.0": [ 48 | "2.1.1", 49 | "2.1.2" 50 | ], 51 | "STIG ASD_V5R3": [ 52 | "V-222612" 53 | ] 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/Sonar_way_profile.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Sonar way", 3 | "ruleKeys": [ 4 | "S100", 5 | "S110" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/Sonar_way_profile_invalid.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Sonar way", 3 | "ruleKeys": [ 4 | "S100", 5 | "S110", 6 | "S666" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/Sonar_way_profile_no_rule_keys.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Sonar way" 3 | } 4 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/Sonar_way_profile_with_hotspots.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Sonar way", 3 | "ruleKeys": [ 4 | "S100", 5 | "S110", 6 | "S2092" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/invalid/S100.html: -------------------------------------------------------------------------------- 1 | Education content without section 2 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/invalid/S102.html: -------------------------------------------------------------------------------- 1 | Intro 2 |

Why is this an issue?

3 | Explanation 4 |

How to fix it

5 |

How to fix it in Framework-1

6 | Details 7 |

Resources

8 | Links 9 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/valid/S100.html: -------------------------------------------------------------------------------- 1 | Intro 2 |

Why is this an issue?

3 | Explanation 4 |

How to fix it in Framework-1

5 | Details 6 |

Resources

7 | Links 8 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/valid/S101.html: -------------------------------------------------------------------------------- 1 | Intro 2 |

Why is this an issue?

3 | Explanation 4 |

How to fix it in Framework With Space In The Name

5 | Details of framework with space in the name 6 |

How to fix it in a Framework.with.$pec!al.ch@r@cters.in.n@me!?

7 | Details of framework with special characters in the name 8 |

How to fix it in the Framework-name-with-trailing-spaces

9 | Details of framework with name with trailing spaces 10 |

How to fix it in an another FrameworkName

11 | Details of framework with simple name 12 |

Resources

13 | Links 14 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/valid/S101_fallback.html: -------------------------------------------------------------------------------- 1 | Intro 2 |

Why is this an issue?

3 | Explanation 4 |

How to fix it in Framework With Space In The Name

5 | Details of framework with space in the name 6 |

Resources

7 | Links 8 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/valid/S102.html: -------------------------------------------------------------------------------- 1 |

Why is this an issue?

2 | Explanation 3 |

How to fix it in Framework-1

4 | Details 5 |

Resources

6 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/valid/S103.html: -------------------------------------------------------------------------------- 1 | Intro 2 |

Why is this an issue?

3 | Explanation 4 |

How to fix it

5 | Generic how to fix it section without framework specific content 6 |

Resources

7 | Links 8 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/valid/S104.html: -------------------------------------------------------------------------------- 1 |

Why is this an issue?

2 | Explanation 3 |

How to fix it in Framework-1

4 | Content-1 5 |

How to fix it in Framework-2

6 | Content-2 7 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/valid/S105.html: -------------------------------------------------------------------------------- 1 | Intro 2 |

Why is this an issue?

3 | Explanation 4 |

How to fix it

5 |

Code examples

6 |

Noncompliant code example

7 | 
var a = 1;
8 |

Resources

9 | Links 10 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/education/valid/S106.html: -------------------------------------------------------------------------------- 1 |

Why is this an issue?

2 | Explanation 3 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/not_valid_taxonomy_rule.html: -------------------------------------------------------------------------------- 1 |

description not valid taxonomy rule

-------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/not_valid_taxonomy_rule.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Not valid taxonomy rule", 3 | "type": "CODE_SMELL", 4 | "code": { 5 | "attribute": "IDENTIFIABLE" 6 | }, 7 | "status": "ready", 8 | "remediation": { 9 | "func": "Constant\/Issue", 10 | "constantCost": "5min" 11 | }, 12 | "tags": [ 13 | "convention" 14 | ], 15 | "defaultSeverity": "Minor" 16 | } 17 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/not_valid_taxonomy_rule_2.html: -------------------------------------------------------------------------------- 1 |

description not valid taxonomy rule

-------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/not_valid_taxonomy_rule_2.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Not valid taxonomy rule", 3 | "type": "CODE_SMELL", 4 | "code": { 5 | "impacts": {}, 6 | "attribute": "IDENTIFIABLE" 7 | }, 8 | "status": "ready", 9 | "remediation": { 10 | "func": "Constant\/Issue", 11 | "constantCost": "5min" 12 | }, 13 | "tags": [ 14 | "convention" 15 | ], 16 | "defaultSeverity": "Minor" 17 | } 18 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/notvalid.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SonarSource/sonar-analyzer-commons/a591f4796d7f732387b9b8a091b8bf1e5fc55974/commons/src/test/resources/org/sonarsource/analyzer/commons/notvalid.html -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/notvalid.json: -------------------------------------------------------------------------------- 1 | {"" : } -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/profile_wrong_cwe.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Broken CWE", 3 | "ruleKeys": [ 4 | "rule_wrong_cwe" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/rule_missing_title.html: -------------------------------------------------------------------------------- 1 |

description

-------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/rule_missing_title.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "CODE_SMELL", 3 | "status": "ready", 4 | } 5 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/rule_wrong_cwe.html: -------------------------------------------------------------------------------- 1 |

description

-------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/rule_wrong_cwe.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "title", 3 | "type": "CODE_SMELL", 4 | "defaultSeverity": "Minor", 5 | "status": "ready", 6 | "tags": [], 7 | "securityStandards": { 8 | "CWE": "none" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/rule_wrong_tag.html: -------------------------------------------------------------------------------- 1 |

description

-------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/rule_wrong_tag.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "title", 3 | "type": "CODE_SMELL", 4 | "defaultSeverity": "Minor", 5 | "status": "ready", 6 | "tags": "wrong" 7 | } 8 | -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/scanner/dir/f1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SonarSource/sonar-analyzer-commons/a591f4796d7f732387b9b8a091b8bf1e5fc55974/commons/src/test/resources/org/sonarsource/analyzer/commons/scanner/dir/f1.txt -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/scanner/dir/subdir/f1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SonarSource/sonar-analyzer-commons/a591f4796d7f732387b9b8a091b8bf1e5fc55974/commons/src/test/resources/org/sonarsource/analyzer/commons/scanner/dir/subdir/f1.txt -------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/taxonomy_rule.html: -------------------------------------------------------------------------------- 1 |

description taxonomy rule

-------------------------------------------------------------------------------- /commons/src/test/resources/org/sonarsource/analyzer/commons/taxonomy_rule.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Taxonomy rule with code block properties", 3 | "type": "CODE_SMELL", 4 | "code": { 5 | "impacts": { 6 | "MAINTAINABILITY": "HIGH", 7 | "RELIABILITY": "BLOCKER", 8 | "SECURITY": "INFO" 9 | }, 10 | "attribute": "IDENTIFIABLE" 11 | }, 12 | "status": "ready", 13 | "remediation": { 14 | "func": "Constant\/Issue", 15 | "constantCost": "5min" 16 | }, 17 | "tags": [ 18 | "convention" 19 | ], 20 | "defaultSeverity": "Minor" 21 | } 22 | -------------------------------------------------------------------------------- /performance-measure/src/main/java/org/sonarsource/performance/measure/log/JavaLoggerBridge.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Performance Measure Library 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.performance.measure.log; 18 | 19 | import java.util.function.Supplier; 20 | import java.util.logging.Level; 21 | 22 | public class JavaLoggerBridge extends Logger { 23 | 24 | @SuppressWarnings("java:S1312") 25 | private final java.util.logging.Logger delegate; 26 | 27 | public JavaLoggerBridge(Class cls) { 28 | delegate = java.util.logging.Logger.getLogger(cls.getName()); 29 | } 30 | 31 | @Override 32 | public void debug(Supplier messageSupplier) { 33 | delegate.log(Level.FINE, messageSupplier); 34 | } 35 | 36 | @Override 37 | public void info(Supplier messageSupplier) { 38 | delegate.log(Level.INFO, messageSupplier); 39 | } 40 | 41 | @Override 42 | public void warning(Supplier messageSupplier) { 43 | delegate.log(Level.WARNING, messageSupplier); 44 | } 45 | 46 | @Override 47 | public void error(Supplier messageSupplier) { 48 | delegate.log(Level.SEVERE, messageSupplier); 49 | } 50 | 51 | } 52 | -------------------------------------------------------------------------------- /performance-measure/src/main/java/org/sonarsource/performance/measure/log/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Performance Measure Library 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.performance.measure.log; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /performance-measure/src/main/java/org/sonarsource/performance/measure/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Performance Measure Library 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.performance.measure; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /performance-measure/src/test/resources/events/6.14.0.25321/apache-tika/2021-04-01-02h23m15.537/sonar.java.performance.measure.json: -------------------------------------------------------------------------------- 1 | { "name": "JavaSquidSensor", "calls": 1, "durationNanos": 0, "children": [ 2 | { "name": "#MeasurementCost_v1", "calls": 1, "durationNanos": 0, "children": [ 3 | { "name": "createChild", "calls": 1, "durationNanos": 0 }, 4 | { "name": "incrementChild", "calls": 1, "durationNanos": 0 }, 5 | { "name": "nanoTime", "calls": 1, "durationNanos": 0 }, 6 | { "name": "observationCost", "calls": 1, "durationNanos": 0 } 7 | ] 8 | }, 9 | { "name": "Main", "calls": 1, "durationNanos": 0 }, 10 | { "name": "Test", "calls": 1, "durationNanos": 0 } 11 | ] 12 | } -------------------------------------------------------------------------------- /performance-measure/src/test/resources/events/6.14.0.25463/apache-tika/2021-03-19-15h33m00.000/sonar.java.performance.measure.json: -------------------------------------------------------------------------------- 1 | { "name": "JavaSquidSensor", "calls": 1, "durationNanos": 202572834163 } -------------------------------------------------------------------------------- /performance-measure/src/test/resources/events/6.14.0.25463/buck/2021-03-19-15h33m00.000/sonar.java.performance.measure.json: -------------------------------------------------------------------------------- 1 | { "name": "JavaSquidSensor", "calls": 1, "durationNanos": 1652789345678 } -------------------------------------------------------------------------------- /performance-measure/src/test/resources/events/6.15.0.25600/performance.score.json: -------------------------------------------------------------------------------- 1 | { 2 | "scoreOverstepThreshold": false, 3 | "score": "93.5%", 4 | "durationRatioCompareToRelease": 0.9353, 5 | "comparedWithRelease": "6.14.0.25463", 6 | "releaseAnalysisDuration": "0h30m55s", 7 | "latestAnalysisDuration": "0h28m55s", 8 | "releaseAnalysisDurationNanos": 1855362179841, 9 | "latestAnalysisDurationNanos": 1735411533152, 10 | "projectsMissingInRelease": [ 11 | "AltoroJ" 12 | ], 13 | "projectsMissingInLatest": [], 14 | "comparedProjects": [ 15 | "apache-tika", 16 | "buck" 17 | ] 18 | } -------------------------------------------------------------------------------- /performance-measure/src/test/resources/events/6.15.0.25780/performance.score.json: -------------------------------------------------------------------------------- 1 | { 2 | "scoreOverstepThreshold": true, 3 | "score": "105.1%", 4 | "durationRatioCompareToRelease": 1.0507, 5 | "comparedWithRelease": "6.15.0.25600", 6 | "releaseAnalysisDuration": "0h28m55s", 7 | "latestAnalysisDuration": "0h30m23s", 8 | "releaseAnalysisDurationNanos": 1735411533152, 9 | "latestAnalysisDurationNanos": 1823352565243, 10 | "projectsMissingInRelease": [ 11 | "com.mpatric-mp3agic" 12 | ], 13 | "projectsMissingInLatest": [ 14 | "AltoroJ" 15 | ], 16 | "comparedProjects": [ 17 | "apache-tika", 18 | "buck" 19 | ] 20 | } -------------------------------------------------------------------------------- /performance-measure/src/test/resources/performance.score.json: -------------------------------------------------------------------------------- 1 | { 2 | "scoreOverstepThreshold": true, 3 | "score": "105.1%", 4 | "link": "https://github.com/SonarSource/peachee-languages-statistics/blob/sonar-java/events/6.15.0.25780/performance.score.json" 5 | } -------------------------------------------------------------------------------- /recognizers/README.md: -------------------------------------------------------------------------------- 1 | SonarSource Analyzers Recognizers 2 | ========================= 3 | Classes required to detect code-like strings (e.g. for commented out code) 4 | 5 | ### License 6 | Copyright 2009-2023 SonarSource. 7 | Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt) 8 | -------------------------------------------------------------------------------- /recognizers/src/main/java/org/sonarsource/analyzer/commons/recognizers/CamelCaseDetector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | 20 | public class CamelCaseDetector extends Detector { 21 | 22 | public CamelCaseDetector(double probability) { 23 | super(probability); 24 | } 25 | 26 | @Override 27 | public int scan(String line) { 28 | char previousChar = ' '; 29 | char indexChar; 30 | for (int i = 0; i < line.length(); i++) { 31 | indexChar = line.charAt(i); 32 | if (isLowerCaseThenUpperCase(previousChar, indexChar)) { 33 | return 1; 34 | } 35 | previousChar = indexChar; 36 | } 37 | return 0; 38 | } 39 | 40 | private static boolean isLowerCaseThenUpperCase(char previousChar, char indexChar) { 41 | return Character.getType(previousChar) == Character.LOWERCASE_LETTER && Character.getType(indexChar) == Character.UPPERCASE_LETTER; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /recognizers/src/main/java/org/sonarsource/analyzer/commons/recognizers/ContainsDetector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | import java.util.Arrays; 20 | import java.util.List; 21 | 22 | import static org.sonarsource.analyzer.commons.recognizers.StringUtils.countMatches; 23 | 24 | public class ContainsDetector extends Detector { 25 | 26 | private final List strs; 27 | 28 | public ContainsDetector(double probability, String... strs) { 29 | super(probability); 30 | this.strs = Arrays.asList(strs); 31 | } 32 | 33 | @Override 34 | public int scan(String line) { 35 | String lineWithoutWhitespaces = line.replaceAll("\\s+", ""); 36 | int matchers = 0; 37 | for (String str : strs) { 38 | matchers += countMatches(lineWithoutWhitespaces, str); 39 | } 40 | return matchers; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /recognizers/src/main/java/org/sonarsource/analyzer/commons/recognizers/Detector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | public abstract class Detector { 20 | 21 | private final double probability; 22 | 23 | protected Detector(double probability) { 24 | if (probability < 0 || probability > 1) { 25 | throw new IllegalArgumentException("probability should be between [0 .. 1]"); 26 | } 27 | this.probability = probability; 28 | } 29 | 30 | public abstract int scan(String line); 31 | 32 | public final double recognition(String line) { 33 | int matchers = scan(line); 34 | if (matchers == 0) { 35 | return 0; 36 | } 37 | return 1 - Math.pow(1 - probability, matchers); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /recognizers/src/main/java/org/sonarsource/analyzer/commons/recognizers/EndWithDetector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | 20 | public class EndWithDetector extends Detector { 21 | 22 | private final char[] endOfLines; 23 | 24 | public EndWithDetector(double probability, char... endOfLines) { 25 | super(probability); 26 | this.endOfLines = endOfLines; 27 | } 28 | 29 | @Override 30 | public int scan(String line) { 31 | for (int index = line.length() - 1; index >= 0; index--) { 32 | char character = line.charAt(index); 33 | for (char endOfLine : endOfLines) { 34 | if (character == endOfLine) { 35 | return 1; 36 | } 37 | } 38 | if (!Character.isWhitespace(character) && character != '*' && character != '/') { 39 | return 0; 40 | } 41 | } 42 | return 0; 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /recognizers/src/main/java/org/sonarsource/analyzer/commons/recognizers/LanguageFootprint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | import java.util.Set; 20 | 21 | public interface LanguageFootprint { 22 | 23 | Set getDetectors(); 24 | } 25 | -------------------------------------------------------------------------------- /recognizers/src/main/java/org/sonarsource/analyzer/commons/recognizers/RegexDetector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | import java.util.regex.Matcher; 20 | import java.util.regex.Pattern; 21 | 22 | public class RegexDetector extends Detector { 23 | 24 | private final Pattern regex; 25 | 26 | public RegexDetector(String regex, double probability) { 27 | super(probability); 28 | this.regex = Pattern.compile(regex); 29 | } 30 | 31 | @Override 32 | public int scan(String line) { 33 | Matcher matcher = regex.matcher(line); 34 | int matchers = 0; 35 | while (matcher.find()) { 36 | matchers++; 37 | } 38 | return matchers; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /recognizers/src/main/java/org/sonarsource/analyzer/commons/recognizers/StringUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | public class StringUtils { 20 | 21 | private StringUtils() { 22 | // utility class 23 | } 24 | 25 | public static int countMatches(String str, String sub) { 26 | if (str.isEmpty() || sub.isEmpty()) { 27 | return 0; 28 | } 29 | int count = 0; 30 | for (int idx = 0; (idx = str.indexOf(sub, idx)) != -1; idx += sub.length()) { 31 | ++count; 32 | } 33 | return count; 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /recognizers/src/main/java/org/sonarsource/analyzer/commons/recognizers/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @javax.annotation.ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.recognizers; 19 | -------------------------------------------------------------------------------- /recognizers/src/test/java/org/sonarsource/analyzer/commons/recognizers/CamelCaseDetectorTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | import org.junit.Test; 20 | 21 | import static org.assertj.core.api.Assertions.assertThat; 22 | 23 | public class CamelCaseDetectorTest { 24 | 25 | @Test 26 | public void scan() { 27 | CamelCaseDetector detector = new CamelCaseDetector(0.3); 28 | assertThat(detector.scan("isDog() or isCat()")).isOne(); 29 | assertThat(detector.scan("String name;")).isZero(); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /recognizers/src/test/java/org/sonarsource/analyzer/commons/recognizers/ContainsDetectorTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | import org.junit.Test; 20 | 21 | import static org.assertj.core.api.Assertions.assertThat; 22 | 23 | public class ContainsDetectorTest { 24 | 25 | @Test 26 | public void scan() { 27 | ContainsDetector detector = new ContainsDetector(0.3, "++", "for("); 28 | assertThat(detector.scan("for (int i =0; i++; i<4) {")).isEqualTo(2); 29 | assertThat(detector.scan("String name;")).isZero(); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /recognizers/src/test/java/org/sonarsource/analyzer/commons/recognizers/EndWithDetectorTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | import org.junit.Test; 20 | 21 | import static org.assertj.core.api.Assertions.assertThat; 22 | 23 | public class EndWithDetectorTest { 24 | 25 | @Test 26 | public void scan() { 27 | EndWithDetector detector = new EndWithDetector(0.3, '}'); 28 | assertThat(detector.scan(" return true; }")).isOne(); 29 | assertThat(detector.scan("} catch(NullPointerException e) {")).isZero(); 30 | assertThat(detector.scan("} ")).isOne(); 31 | assertThat(detector.scan("}*")).isOne(); 32 | assertThat(detector.scan("}/")).isOne(); 33 | assertThat(detector.scan("")).isZero(); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /recognizers/src/test/java/org/sonarsource/analyzer/commons/recognizers/KeywordsDetectorTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | import org.junit.Test; 20 | 21 | import static org.assertj.core.api.Assertions.assertThat; 22 | 23 | public class KeywordsDetectorTest { 24 | 25 | @Test 26 | public void scan() { 27 | KeywordsDetector detector = new KeywordsDetector(0.3, "public", "static"); 28 | assertThat(detector.scan("public static void main")).isEqualTo(2); 29 | assertThat(detector.scan("private(static} String name;")).isOne(); 30 | assertThat(detector.scan("publicstatic")).isZero(); 31 | assertThat(detector.scan("i++;")).isZero(); 32 | detector = new KeywordsDetector(0.3, true, "PUBLIC"); 33 | assertThat(detector.scan("Public static pubLIC")).isEqualTo(2); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /recognizers/src/test/java/org/sonarsource/analyzer/commons/recognizers/StringUtilsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Recognizers 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.recognizers; 18 | 19 | import org.junit.Test; 20 | 21 | import static org.assertj.core.api.Assertions.assertThat; 22 | 23 | public class StringUtilsTest { 24 | 25 | @Test 26 | public void test_countMatches() { 27 | assertThat(StringUtils.countMatches("", "aaa")).isZero(); 28 | assertThat(StringUtils.countMatches("aaa", "")).isZero(); 29 | assertThat(StringUtils.countMatches("aaa", "a")).isEqualTo(3); 30 | } 31 | 32 | } 33 | -------------------------------------------------------------------------------- /regex-parsing/README.md: -------------------------------------------------------------------------------- 1 | SonarSource Analyzers Regular Expressions (REGEX) parser 2 | ========================= 3 | Classes required to parse regular expressions from Java code 4 | 5 | ### License 6 | Copyright 2009-2023 SonarSource. 7 | Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt) 8 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/CharacterParser.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex; 18 | 19 | import org.sonarsource.analyzer.commons.regex.ast.SourceCharacter; 20 | 21 | public interface CharacterParser { 22 | void moveNext(); 23 | 24 | SourceCharacter getCurrent(); 25 | 26 | boolean isAtEnd(); 27 | 28 | default boolean isNotAtEnd() { 29 | return !isAtEnd(); 30 | } 31 | 32 | void resetTo(int index); 33 | } 34 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/MatchType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex; 18 | 19 | public enum MatchType { 20 | FULL, PARTIAL, BOTH, UNKNOWN, NOT_SUPPORTED 21 | } 22 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/RegexIssueLocation.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex; 18 | 19 | import java.util.Collections; 20 | import java.util.List; 21 | import org.sonarsource.analyzer.commons.regex.ast.RegexSyntaxElement; 22 | 23 | public class RegexIssueLocation { 24 | 25 | private final List syntaxElements; 26 | private final String message; 27 | 28 | public RegexIssueLocation(RegexSyntaxElement syntaxElement, String message) { 29 | this(Collections.singletonList(syntaxElement), message); 30 | } 31 | 32 | public RegexIssueLocation(List syntaxElements, String message) { 33 | this.syntaxElements = syntaxElements; 34 | this.message = message; 35 | } 36 | 37 | public List syntaxElements() { 38 | return syntaxElements; 39 | } 40 | 41 | public String message() { 42 | return message; 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/RegexIssueReporter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex; 18 | 19 | import java.util.List; 20 | import javax.annotation.Nullable; 21 | import org.sonarsource.analyzer.commons.regex.ast.RegexSyntaxElement; 22 | 23 | public final class RegexIssueReporter { 24 | 25 | @FunctionalInterface 26 | public interface ElementIssue { 27 | void report(RegexSyntaxElement syntaxElement, String message, @Nullable Integer cost, List secondaries); 28 | } 29 | 30 | @FunctionalInterface 31 | public interface InvocationIssue { 32 | void report(String message, @Nullable Integer cost, List secondaries); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/RegexSource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex; 18 | 19 | import java.util.Set; 20 | import org.sonarsource.analyzer.commons.regex.ast.IndexRange; 21 | 22 | public abstract class RegexSource { 23 | 24 | protected final String source; 25 | 26 | protected RegexSource(String source) { 27 | this.source = source; 28 | } 29 | 30 | public String getSourceText() { 31 | return this.source; 32 | } 33 | 34 | public String substringAt(IndexRange range) { 35 | return getSourceText().substring(range.getBeginningOffset(), Math.min(range.getEndingOffset(), length())); 36 | } 37 | 38 | public int length() { 39 | return getSourceText().length(); 40 | } 41 | 42 | public abstract CharacterParser createCharacterParser(); 43 | 44 | public RegexLexer createLexer() { 45 | return new RegexLexer(this, createCharacterParser()); 46 | } 47 | 48 | public abstract Set features(); 49 | 50 | public boolean supportsFeature(RegexFeature feature) { 51 | return features().contains(feature); 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/SyntaxError.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex; 18 | 19 | import org.sonarsource.analyzer.commons.regex.ast.IndexRange; 20 | import org.sonarsource.analyzer.commons.regex.ast.RegexSyntaxElement; 21 | 22 | public class SyntaxError { 23 | 24 | private final RegexSyntaxElement offendingSyntaxElement; 25 | 26 | private final String message; 27 | 28 | public SyntaxError(RegexSyntaxElement offendingSyntaxElement, String message) { 29 | this.offendingSyntaxElement = offendingSyntaxElement; 30 | this.message = message; 31 | } 32 | 33 | public IndexRange range() { 34 | return offendingSyntaxElement.getRange(); 35 | } 36 | 37 | public RegexSyntaxElement getOffendingSyntaxElement() { 38 | return offendingSyntaxElement; 39 | } 40 | 41 | public String getMessage() { 42 | return message; 43 | } 44 | 45 | @Override 46 | public String toString() { 47 | return message; 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/AbstractRegexSyntaxElement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import org.sonarsource.analyzer.commons.regex.RegexSource; 20 | 21 | public abstract class AbstractRegexSyntaxElement implements RegexSyntaxElement { 22 | 23 | private final RegexSource source; 24 | 25 | private final IndexRange range; 26 | 27 | protected AbstractRegexSyntaxElement(RegexSource source, IndexRange range) { 28 | this.source = source; 29 | this.range = range; 30 | } 31 | 32 | @Override 33 | public String getText() { 34 | return source.substringAt(range); 35 | } 36 | 37 | @Override 38 | public IndexRange getRange() { 39 | return range; 40 | } 41 | 42 | @Override 43 | public RegexSource getSource() { 44 | return source; 45 | } 46 | 47 | } 48 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/ActiveFlagsState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.Nonnull; 20 | 21 | public abstract class ActiveFlagsState implements AutomatonState { 22 | 23 | private final FlagSet activeFlags; 24 | 25 | protected ActiveFlagsState(FlagSet activeFlags) { 26 | this.activeFlags = activeFlags; 27 | } 28 | 29 | @Nonnull 30 | @Override 31 | public FlagSet activeFlags() { 32 | return activeFlags; 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/AtomicGroupTree.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.Nonnull; 20 | import org.sonarsource.analyzer.commons.regex.RegexSource; 21 | 22 | public class AtomicGroupTree extends GroupTree { 23 | 24 | public AtomicGroupTree(RegexSource source, IndexRange range, RegexTree element, FlagSet activeFlags) { 25 | super(source, RegexTree.Kind.ATOMIC_GROUP, element, range, activeFlags); 26 | } 27 | 28 | @Override 29 | public void accept(RegexVisitor visitor) { 30 | visitor.visitAtomicGroup(this); 31 | } 32 | 33 | @Nonnull 34 | @Override 35 | public RegexTree getElement() { 36 | return element; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/AutomatonState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import java.util.Collections; 20 | import java.util.List; 21 | import java.util.Optional; 22 | import javax.annotation.Nonnull; 23 | import javax.annotation.Nullable; 24 | 25 | public interface AutomatonState { 26 | 27 | /** 28 | * This will only return null when called on the end-of-regex state 29 | */ 30 | @Nullable 31 | AutomatonState continuation(); 32 | 33 | @Nonnull 34 | default List successors() { 35 | return Collections.singletonList(continuation()); 36 | } 37 | 38 | default Optional toRegexTree() { 39 | return Optional.empty(); 40 | } 41 | 42 | @Nonnull 43 | TransitionType incomingTransitionType(); 44 | 45 | @Nonnull 46 | FlagSet activeFlags(); 47 | 48 | enum TransitionType { 49 | EPSILON, CHARACTER, BACK_REFERENCE, LOOKAROUND_BACKTRACKING, NEGATION 50 | } 51 | 52 | } 53 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/BranchState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import java.util.List; 20 | import javax.annotation.Nonnull; 21 | 22 | public class BranchState extends ActiveFlagsState { 23 | 24 | private final RegexTree parent; 25 | 26 | private final List successors; 27 | 28 | public BranchState(RegexTree parent, List successors, FlagSet activeFlags) { 29 | super(activeFlags); 30 | this.parent = parent; 31 | this.successors = successors; 32 | } 33 | 34 | @Nonnull 35 | @Override 36 | public AutomatonState continuation() { 37 | return parent.continuation(); 38 | } 39 | 40 | @Nonnull 41 | @Override 42 | public List successors() { 43 | return successors; 44 | } 45 | 46 | @Nonnull 47 | @Override 48 | public TransitionType incomingTransitionType() { 49 | return TransitionType.EPSILON; 50 | } 51 | 52 | } 53 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/CharacterClassElementTree.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.Nonnull; 20 | 21 | public interface CharacterClassElementTree extends RegexSyntaxElement { 22 | 23 | enum Kind { 24 | INTERSECTION, 25 | UNION, 26 | NEGATION, 27 | CHARACTER_RANGE, 28 | ESCAPED_CHARACTER_CLASS, 29 | PLAIN_CHARACTER, 30 | UNICODE_CODE_POINT, 31 | MISC_ESCAPE_SEQUENCE, 32 | NESTED_CHARACTER_CLASS, 33 | POSIX_CLASS 34 | } 35 | 36 | @Nonnull 37 | Kind characterClassElementKind(); 38 | 39 | void accept(RegexVisitor visitor); 40 | 41 | default boolean is(Kind... kinds) { 42 | Kind thisKind = characterClassElementKind(); 43 | for (Kind kind : kinds) { 44 | if (thisKind == kind) { 45 | return true; 46 | } 47 | } 48 | return false; 49 | } 50 | 51 | @Nonnull 52 | FlagSet activeFlags(); 53 | 54 | } 55 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/DotTree.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.Nonnull; 20 | import org.sonarsource.analyzer.commons.regex.RegexSource; 21 | 22 | public class DotTree extends RegexTree { 23 | 24 | public DotTree(RegexSource source, IndexRange range, FlagSet activeFlags) { 25 | super(source, range, activeFlags); 26 | } 27 | 28 | @Override 29 | public void accept(RegexVisitor visitor) { 30 | visitor.visitDot(this); 31 | } 32 | 33 | @Override 34 | public Kind kind() { 35 | return RegexTree.Kind.DOT; 36 | } 37 | 38 | @Nonnull 39 | @Override 40 | public TransitionType incomingTransitionType() { 41 | return TransitionType.CHARACTER; 42 | } 43 | 44 | } 45 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/EndOfCapturingGroupState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.CheckForNull; 20 | import javax.annotation.Nonnull; 21 | 22 | public class EndOfCapturingGroupState extends ActiveFlagsState { 23 | 24 | private final CapturingGroupTree group; 25 | 26 | public EndOfCapturingGroupState(CapturingGroupTree group, FlagSet activeFlags) { 27 | super(activeFlags); 28 | this.group = group; 29 | } 30 | 31 | public CapturingGroupTree group() { 32 | return group; 33 | } 34 | 35 | @CheckForNull 36 | @Override 37 | public AutomatonState continuation() { 38 | return group.continuation(); 39 | } 40 | 41 | @Nonnull 42 | @Override 43 | public TransitionType incomingTransitionType() { 44 | return TransitionType.EPSILON; 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/EndOfConditionalSubpatternsState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.Nonnull; 20 | 21 | public class EndOfConditionalSubpatternsState extends ActiveFlagsState { 22 | private final ConditionalSubpatternTree parent; 23 | 24 | public EndOfConditionalSubpatternsState(ConditionalSubpatternTree parent, FlagSet activeFlags) { 25 | super(activeFlags); 26 | this.parent = parent; 27 | } 28 | 29 | @Nonnull 30 | @Override 31 | public AutomatonState continuation() { 32 | return parent.continuation(); 33 | } 34 | 35 | @Nonnull 36 | @Override 37 | public TransitionType incomingTransitionType() { 38 | return TransitionType.EPSILON; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/EndOfLookaroundState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.Nonnull; 20 | 21 | public class EndOfLookaroundState extends ActiveFlagsState { 22 | 23 | private final LookAroundTree parent; 24 | 25 | public EndOfLookaroundState(LookAroundTree parent, FlagSet activeFlags) { 26 | super(activeFlags); 27 | this.parent = parent; 28 | } 29 | 30 | @Nonnull 31 | @Override 32 | public AutomatonState continuation() { 33 | return parent.continuation(); 34 | } 35 | 36 | @Nonnull 37 | @Override 38 | public TransitionType incomingTransitionType() { 39 | if (parent.getDirection() == LookAroundTree.Direction.BEHIND) { 40 | return TransitionType.EPSILON; 41 | } else { 42 | return TransitionType.LOOKAROUND_BACKTRACKING; 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/EndOfRepetitionState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.CheckForNull; 20 | import javax.annotation.Nonnull; 21 | 22 | public class EndOfRepetitionState implements AutomatonState { 23 | 24 | private final RepetitionTree parent; 25 | private final AutomatonState continuation; 26 | 27 | public EndOfRepetitionState(RepetitionTree parent, AutomatonState continuation) { 28 | this.parent = parent; 29 | this.continuation = continuation; 30 | } 31 | 32 | @Nonnull 33 | @Override 34 | public FlagSet activeFlags() { 35 | return parent.activeFlags(); 36 | } 37 | 38 | @CheckForNull 39 | @Override 40 | public AutomatonState continuation() { 41 | return continuation; 42 | } 43 | 44 | @Nonnull 45 | @Override 46 | public TransitionType incomingTransitionType() { 47 | return TransitionType.EPSILON; 48 | } 49 | 50 | } 51 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/FinalState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import java.util.Collections; 20 | import java.util.List; 21 | import javax.annotation.CheckForNull; 22 | import javax.annotation.Nonnull; 23 | 24 | public class FinalState extends ActiveFlagsState { 25 | 26 | public FinalState(FlagSet activeFlags) { 27 | super(activeFlags); 28 | } 29 | 30 | @CheckForNull 31 | @Override 32 | public AutomatonState continuation() { 33 | return null; 34 | } 35 | 36 | @Nonnull 37 | @Override 38 | public TransitionType incomingTransitionType() { 39 | return TransitionType.EPSILON; 40 | } 41 | 42 | @Nonnull 43 | @Override 44 | public List successors() { 45 | return Collections.emptyList(); 46 | } 47 | 48 | } 49 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/NegationState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.Nonnull; 20 | 21 | public class NegationState extends ActiveFlagsState { 22 | 23 | private final AutomatonState continuation; 24 | 25 | public NegationState(AutomatonState continuation, FlagSet activeFlags) { 26 | super(activeFlags); 27 | this.continuation = continuation; 28 | } 29 | 30 | @Nonnull 31 | @Override 32 | public AutomatonState continuation() { 33 | return continuation; 34 | } 35 | 36 | @Nonnull 37 | @Override 38 | public TransitionType incomingTransitionType() { 39 | return TransitionType.NEGATION; 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/OpeningQuote.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import org.sonarsource.analyzer.commons.regex.RegexSource; 20 | 21 | /** 22 | * This class should only be instantiated by RegexParseResult.openingQuote() and only used when using 23 | * the opening quote of a regex as an issue location. It should never appear within a regex AST. 24 | */ 25 | public class OpeningQuote extends AbstractRegexSyntaxElement { 26 | 27 | public OpeningQuote(RegexSource source) { 28 | super(source, new IndexRange(-1, 0)); 29 | } 30 | 31 | @Override 32 | public String getText() { 33 | throw new UnsupportedOperationException("getText should not be called on OpeningQuote objects."); 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/Quantifier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.CheckForNull; 20 | import org.sonarsource.analyzer.commons.regex.RegexSource; 21 | 22 | public abstract class Quantifier extends AbstractRegexSyntaxElement { 23 | 24 | public enum Modifier { 25 | GREEDY, RELUCTANT, POSSESSIVE 26 | } 27 | 28 | private final Modifier modifier; 29 | 30 | protected Quantifier(RegexSource source, IndexRange range, Modifier modifier) { 31 | super(source, range); 32 | this.modifier = modifier; 33 | } 34 | 35 | public abstract int getMinimumRepetitions(); 36 | 37 | @CheckForNull 38 | public abstract Integer getMaximumRepetitions(); 39 | 40 | public Modifier getModifier() { 41 | return modifier; 42 | } 43 | 44 | public boolean isOpenEnded() { 45 | return getMaximumRepetitions() == null; 46 | } 47 | 48 | public abstract boolean isFixed(); 49 | 50 | } 51 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/ReferenceConditionTree.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import org.sonarsource.analyzer.commons.regex.RegexSource; 20 | 21 | // TODO should be merged this BackReferenceTree 22 | public class ReferenceConditionTree extends GroupTree { 23 | 24 | private final String reference; 25 | 26 | public ReferenceConditionTree(RegexSource source, IndexRange range, String reference, FlagSet activeFlags) { 27 | super(source, Kind.BACK_REFERENCE, null, range, activeFlags); 28 | this.reference = reference; 29 | } 30 | 31 | @Override 32 | public void accept(RegexVisitor visitor) { 33 | // do nothing 34 | } 35 | 36 | public String getReference() { 37 | return reference; 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/RegexSyntaxElement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import org.sonarsource.analyzer.commons.regex.RegexSource; 20 | 21 | public interface RegexSyntaxElement { 22 | 23 | String getText(); 24 | 25 | IndexRange getRange(); 26 | 27 | RegexSource getSource(); 28 | 29 | } 30 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/RegexToken.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import org.sonarsource.analyzer.commons.regex.RegexSource; 20 | 21 | public class RegexToken extends AbstractRegexSyntaxElement { 22 | public RegexToken(RegexSource source, IndexRange range) { 23 | super(source, range); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/SourceCharacter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import org.sonarsource.analyzer.commons.regex.RegexSource; 20 | 21 | public class SourceCharacter extends AbstractRegexSyntaxElement { 22 | 23 | private final char character; 24 | private final boolean isEscapeSequence; 25 | 26 | public SourceCharacter(RegexSource source, IndexRange range, char character) { 27 | this(source, range, character, false); 28 | } 29 | 30 | public SourceCharacter(RegexSource source, IndexRange range, char character, boolean isEscapeSequence) { 31 | super(source, range); 32 | this.character = character; 33 | this.isEscapeSequence = isEscapeSequence; 34 | } 35 | 36 | public char getCharacter() { 37 | return character; 38 | } 39 | 40 | public boolean isEscapeSequence() { 41 | return isEscapeSequence; 42 | } 43 | 44 | } 45 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/StartOfLookBehindState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.Nonnull; 20 | 21 | public class StartOfLookBehindState extends ActiveFlagsState { 22 | 23 | private final AutomatonState content; 24 | 25 | public StartOfLookBehindState(AutomatonState content, FlagSet activeFlags) { 26 | super(activeFlags); 27 | this.content = content; 28 | } 29 | 30 | @Nonnull 31 | @Override 32 | public AutomatonState continuation() { 33 | return content; 34 | } 35 | 36 | @Nonnull 37 | @Override 38 | public TransitionType incomingTransitionType() { 39 | return TransitionType.LOOKAROUND_BACKTRACKING; 40 | } 41 | 42 | } 43 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/StartState.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import javax.annotation.CheckForNull; 20 | import javax.annotation.Nonnull; 21 | 22 | public class StartState extends ActiveFlagsState { 23 | 24 | private final AutomatonState continuation; 25 | 26 | public StartState(AutomatonState continuation, FlagSet activeFlags) { 27 | super(activeFlags); 28 | this.continuation = continuation; 29 | } 30 | 31 | @CheckForNull 32 | @Override 33 | public AutomatonState continuation() { 34 | return continuation; 35 | } 36 | 37 | @Nonnull 38 | @Override 39 | public TransitionType incomingTransitionType() { 40 | return TransitionType.EPSILON; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/ast/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.regex.ast; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | 22 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/finders/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.regex.finders; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/helpers/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.regex.helpers; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/java/JavaRegexSource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.java; 18 | 19 | import java.util.EnumSet; 20 | import java.util.Set; 21 | import org.sonarsource.analyzer.commons.regex.CharacterParser; 22 | import org.sonarsource.analyzer.commons.regex.RegexFeature; 23 | import org.sonarsource.analyzer.commons.regex.RegexSource; 24 | 25 | public class JavaRegexSource extends RegexSource { 26 | 27 | private static final Set FEATURES = EnumSet.of( 28 | RegexFeature.JAVA_SYNTAX_GROUP_NAME, 29 | RegexFeature.ATOMIC_GROUP, 30 | RegexFeature.POSSESSIVE_QUANTIFIER, 31 | RegexFeature.ESCAPED_CHARACTER_CLASS, 32 | RegexFeature.BACKSLASH_ESCAPING, 33 | RegexFeature.NESTED_CHARTER_CLASS 34 | ); 35 | 36 | public JavaRegexSource(String sourceText) { 37 | super(sourceText); 38 | } 39 | 40 | @Override 41 | public CharacterParser createCharacterParser() { 42 | return new JavaCharacterParser(this); 43 | } 44 | 45 | @Override 46 | public Set features() { 47 | return FEATURES; 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/java/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.regex.java; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.regex; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | 22 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/php/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.regex.php; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/python/PythonRegexSource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.python; 18 | 19 | import java.util.EnumSet; 20 | import java.util.Set; 21 | import org.sonarsource.analyzer.commons.regex.RegexFeature; 22 | import org.sonarsource.analyzer.commons.regex.RegexSource; 23 | 24 | public abstract class PythonRegexSource extends RegexSource { 25 | 26 | private static final Set FEATURES = EnumSet.of( 27 | RegexFeature.RECURSION, 28 | RegexFeature.CONDITIONAL_SUBPATTERN, 29 | RegexFeature.PYTHON_SYNTAX_GROUP_NAME, 30 | RegexFeature.PYTHON_OCTAL_ESCAPE, 31 | RegexFeature.UNESCAPED_CURLY_BRACKET, 32 | RegexFeature.ONLY_UPPER_BOUND_QUANTIFIER, 33 | RegexFeature.POSSESSIVE_QUANTIFIER, 34 | RegexFeature.ATOMIC_GROUP 35 | ); 36 | 37 | protected PythonRegexSource(String source) { 38 | super(source); 39 | } 40 | 41 | @Override 42 | public Set features() { 43 | return FEATURES; 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /regex-parsing/src/main/java/org/sonarsource/analyzer/commons/regex/python/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.regex.python; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/ast/OpeningQuoteTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.ast; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 21 | 22 | import static org.junit.jupiter.api.Assertions.assertEquals; 23 | import static org.junit.jupiter.api.Assertions.assertThrows; 24 | import static org.sonarsource.analyzer.commons.regex.RegexParserTestUtils.assertSuccessfulParseResult; 25 | 26 | class OpeningQuoteTest { 27 | 28 | @Test 29 | void testLocation() { 30 | RegexParseResult result = assertSuccessfulParseResult("abc"); 31 | assertEquals(new IndexRange(-1, 0), result.openingQuote().getRange()); 32 | } 33 | 34 | @Test 35 | void testGetTextException() { 36 | RegexParseResult result = assertSuccessfulParseResult("abc"); 37 | RegexSyntaxElement openingQuote = result.openingQuote(); 38 | assertThrows(UnsupportedOperationException.class, openingQuote::getText); 39 | } 40 | 41 | } 42 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/AnchorPrecedenceFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class AnchorPrecedenceFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new AnchorPrecedenceFinderCheck(), "AnchorPrecedenceFinder.yml"); 28 | } 29 | 30 | static class AnchorPrecedenceFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new AnchorPrecedenceFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/ComplexRegexFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class ComplexRegexFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new ComplexityCalculatorCheck(), "ComplexRegexFinder.yml"); 28 | } 29 | 30 | static class ComplexityCalculatorCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new ComplexRegexFinder(regexElementIssueReporter, 20).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/DuplicatesInCharacterClassFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class DuplicatesInCharacterClassFinderTest { 24 | @Test 25 | void test() { 26 | Verifier.verify(new DuplicatesInCharacterClassFinderCheck(), "DuplicatesInCharacterClassFinder.yml"); 27 | } 28 | 29 | static class DuplicatesInCharacterClassFinderCheck extends FinderCheck { 30 | @Override 31 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 32 | new DuplicatesInCharacterClassFinder(regexElementIssueReporter).visit(parseResult); 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/EmptyAlternativeFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class EmptyAlternativeFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new EmptyAlternativeFinderCheck(), "EmptyAlternativeFinder.yml"); 28 | } 29 | 30 | static class EmptyAlternativeFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new EmptyAlternativeFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/EmptyGroupFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class EmptyGroupFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new EmptyGroupFinderCheck(), "EmptyGroupFinder.yml"); 28 | } 29 | 30 | static class EmptyGroupFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new EmptyGroupFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/EmptyStringRepetitionFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class EmptyStringRepetitionFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new EmptyStringRepetitionFinderCheck(), "EmptyStringRepetitionFinder.yml"); 28 | } 29 | 30 | static class EmptyStringRepetitionFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new EmptyStringRepetitionFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/FinderCheck.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 20 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 21 | 22 | public abstract class FinderCheck { 23 | abstract void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter); 24 | } 25 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/GraphemeInClassFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class GraphemeInClassFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new GraphemeInClassFinderCheck(), "GraphemeInClassFinder.yml"); 28 | } 29 | 30 | static class GraphemeInClassFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new GraphemeInClassFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/ImpossibleBackReferenceFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class ImpossibleBackReferenceFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new ImpossibleBackReferenceFinderCheck(), "ImpossibleBackReferenceFinder.yml"); 28 | } 29 | 30 | static class ImpossibleBackReferenceFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new ImpossibleBackReferenceFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/ImpossibleBoundaryFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class ImpossibleBoundaryFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new ImpossibleBoundaryFinderCheck(), "ImpossibleBoundaryFinder.yml"); 28 | } 29 | 30 | static class ImpossibleBoundaryFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new ImpossibleBoundaryFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/MultipleWhitespaceFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class MultipleWhitespaceFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new MultipleWhitespaceFinderCheck(), "MultipleWhitespaceFinder.yml"); 28 | } 29 | 30 | static class MultipleWhitespaceFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new MultipleWhitespaceFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/PossessiveQuantifierContinuationFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class PossessiveQuantifierContinuationFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new PossessiveQuantifierContinuationFinderCheck(), "PossessiveQuantifierContinuationFinder.yml"); 28 | } 29 | 30 | static class PossessiveQuantifierContinuationFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new PossessiveQuantifierContinuationFinder(regexElementIssueReporter, parseResult.getFinalState()).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/RedundantRegexAlternativesFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class RedundantRegexAlternativesFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new RedundantRegexAlternativesFinderCheck(), "RedundantRegexAlternativesFinder.yml"); 28 | } 29 | 30 | static class RedundantRegexAlternativesFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new RedundantRegexAlternativesFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/ReluctantQuantifierFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class ReluctantQuantifierFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new ReluctantQuantifierFinderCheck(), "ReluctantQuantifierFinder.yml"); 28 | } 29 | 30 | static class ReluctantQuantifierFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new ReluctantQuantifierFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/SingleCharCharacterClassFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class SingleCharCharacterClassFinderTest { 24 | @Test 25 | void test() { 26 | Verifier.verify(new SingleCharCharacterClassFinderTest.SingleCharCharacterClassFinderCheck(), "SingleCharCharacterClassFinder.yml"); 27 | } 28 | 29 | static class SingleCharCharacterClassFinderCheck extends FinderCheck { 30 | @Override 31 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 32 | new SingleCharCharacterClassFinder(regexElementIssueReporter).visit(parseResult); 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/SingleCharacterAlternationFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class SingleCharacterAlternationFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new SingleCharacterAlternationFinderCheck(), "SingleCharacterAlternationFinder.yml"); 28 | } 29 | 30 | static class SingleCharacterAlternationFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new SingleCharacterAlternationFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/SuperfluousCurlyBraceFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class SuperfluousCurlyBraceFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new SuperfluousCurlyBraceFinderTest.SuperfluousCurlyBraceFinderCheck(), "SuperfluousCurlyBraceFinder.yml"); 28 | } 29 | 30 | static class SuperfluousCurlyBraceFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new SuperfluousCurlyBraceFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/UnicodeUnawareCharClassFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class UnicodeUnawareCharClassFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new UnicodeUnawareCharClassFinderCheck(), "UnicodeUnawareCharClassFinder.yml"); 28 | } 29 | 30 | static class UnicodeUnawareCharClassFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new UnicodeUnawareCharClassFinder(regexElementIssueReporter, invocationIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/UnquantifiedNonCapturingGroupFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class UnquantifiedNonCapturingGroupFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new UnquantifiedNonCapturingGroupFinderCheck(), "UnquantifiedNonCapturingGroupFinder.yml"); 28 | } 29 | 30 | static class UnquantifiedNonCapturingGroupFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new UnquantifiedNonCapturingGroupFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/VerboseRegexFinderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import org.junit.jupiter.api.Test; 20 | import org.sonarsource.analyzer.commons.regex.RegexIssueReporter; 21 | import org.sonarsource.analyzer.commons.regex.RegexParseResult; 22 | 23 | class VerboseRegexFinderTest { 24 | 25 | @Test 26 | void test() { 27 | Verifier.verify(new VerboseRegexFinderCheck(), "VerboseRegexFinder.yml"); 28 | } 29 | 30 | static class VerboseRegexFinderCheck extends FinderCheck { 31 | @Override 32 | public void checkRegex(RegexParseResult parseResult, RegexIssueReporter.ElementIssue regexElementIssueReporter, RegexIssueReporter.InvocationIssue invocationIssueReporter) { 33 | new VerboseRegexFinder(regexElementIssueReporter).visit(parseResult); 34 | } 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /regex-parsing/src/test/java/org/sonarsource/analyzer/commons/regex/finders/Verifier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Regex Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.regex.finders; 18 | 19 | import java.nio.file.Path; 20 | import java.nio.file.Paths; 21 | 22 | public class Verifier { 23 | 24 | private static final Path BASE_DIR = Paths.get("src", "test", "resources", "finders"); 25 | 26 | public static void verify(FinderCheck check, String relativePath) { 27 | new RegexFinderVerifier().verify(check, BASE_DIR.resolve(relativePath)); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /regex-parsing/src/test/resources/finders/AnchorPrecedenceFinder.yml: -------------------------------------------------------------------------------- 1 | - '^a|b|c$' # Noncompliant {{Group parts of the regex together to make the intended operator precedence explicit.}} 2 | - '^a|b|cd' # Noncompliant 3 | - '(?i)^a|b|cd' # Noncompliant 4 | - '(?i:^a|b|cd)' # Noncompliant 5 | - 'a|b|c$' # Noncompliant 6 | - '\\Aa|b|c\\Z' # Noncompliant 7 | - '\\Aa|b|c\\z' # Noncompliant 8 | 9 | - '^(?:a|b|c)$' 10 | - '(?:^a)|b|(?:c$)' 11 | - '^abc$' 12 | - 'a|b|c' 13 | - '^a$|^b$|^c$' 14 | - '^a$|b|c' 15 | - 'a|b|^c$' 16 | - '^a|^b$|c$' 17 | - '^a|^b|c$' 18 | - '^a|b$|c$' 19 | # Only beginning and end of line/input boundaries are considered - not word boundaries 20 | - '\\ba|b|c\\b' 21 | - '\\ba\\b|\\bb\\b|\\bc\\b' 22 | # If multiple alternatives are anchored, but not all, that's more likely to be intentional than if only the first 23 | # one were anchored, so we won't report an issue for the following line: 24 | - '^a|^b|c' 25 | - 'aa|bb|cc' 26 | - '^' 27 | - '^[abc]$' 28 | - '|' 29 | - '[' 30 | - '(?i:^)a|b|c' # False negative; we don't find the anchor if it's hidden inside a sub-expression 31 | -------------------------------------------------------------------------------- /regex-parsing/src/test/resources/finders/EmptyAlternativeFinder.yml: -------------------------------------------------------------------------------- 1 | - '(mandatory||optional)' # Noncompliant {{Remove this empty alternative.}} 2 | - '(|mandatory|optional|)' # Noncompliant 3 | - 'mandatory|-optional|' # Noncompliant 4 | - '|mandatory|-optional' # Noncompliant 5 | - '(mandatory|(|O|o|)ptional|)' # Noncompliant 6 | - '(|mandatory|optional)?' # Noncompliant 7 | - 'mandatory(-optional|){2}' # Noncompliant 8 | 9 | - '(?:mandatory)|optional' 10 | - '(mandatory|optional|)' 11 | - '(mandatory|(O|o)ptional|)' 12 | - '(mandatory|(O|o|)ptional|)' 13 | - '(mandatory|(|O|o)ptional|)' 14 | - '(|mandatory|optional)' 15 | - 'mandatory(|-optional)' 16 | - 'mandatory(-optional|)' 17 | - '(mandatory(|-optional))?' 18 | 19 | - 'foo(?:)bar' 20 | - 'foo(?>)bar' 21 | - 'foo(?=)bar' 22 | 23 | -------------------------------------------------------------------------------- /regex-parsing/src/test/resources/finders/EmptyGroupFinder.yml: -------------------------------------------------------------------------------- 1 | - 'foo()bar' # Noncompliant {{Remove this empty group.}} 2 | - 'foo(?:)bar' # Noncompliant 3 | - 'foo(?>)bar' # Noncompliant 4 | - 'foo(?=)bar' # Noncompliant 5 | - 'foo(?!)bar' # Noncompliant 6 | - 'foo(?<=)bar' # Noncompliant 7 | - 'foo(?)bar)' # Noncompliant 12 | - '(foo(?=)bar)' # Noncompliant 13 | - '(foo(?!)bar)' # Noncompliant 14 | - '(foo(?<=)bar)' # Noncompliant 15 | - '(foo(?x)bar' # Compliant 25 | - 'foo(?=x)bar' # Compliant 26 | - 'foo(?!x)bar' # Compliant 27 | - 'foo(?<=x)bar' # Compliant 28 | - 'foo(?)bar]' # Compliant 34 | - '[foo(?=x)bar]' # Compliant 35 | - '[foo(?!x)bar]' # Compliant 36 | - '[foo(?<=x)bar]' # Compliant 37 | - '[foo(?|)bar)' # Compliant 43 | - '(foo(?=|)bar)' # Compliant 44 | - '(foo(?!|)bar)' # Compliant 45 | - '(foo(?<=|)bar)' # Compliant 46 | - '(foo(? 2 | 3 | 4.0.0 4 | 5 | 6 | org.sonarsource.analyzer-commons 7 | sonar-analyzer-commons-parent 8 | 2.18.0-SNAPSHOT 9 | 10 | 11 | sonar-analyzer-test-commons 12 | SonarSource Analyzers Test Commons 13 | Logic useful to test a language analyzer 14 | 15 | 16 | 17 | com.google.code.findbugs 18 | jsr305 19 | 20 | 21 | junit 22 | junit 23 | compile 24 | 25 | 26 | org.assertj 27 | assertj-core 28 | test 29 | 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /test-commons/src/main/java/org/sonarsource/analyzer/commons/checks/coverage/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.checks.coverage; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /test-commons/src/main/java/org/sonarsource/analyzer/commons/checks/verifier/internal/Comment.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.checks.verifier.internal; 18 | 19 | import java.nio.file.Path; 20 | import java.util.List; 21 | import org.sonarsource.analyzer.commons.checks.verifier.FileContent; 22 | 23 | public class Comment { 24 | public final Path path; 25 | public final int line; 26 | public final int column; 27 | public final int contentColumn; 28 | public final String content; 29 | 30 | public Comment(Path path, int line, int column, int contentColumn, String content) { 31 | this.path = path; 32 | this.line = line; 33 | this.column = column; 34 | this.contentColumn = contentColumn; 35 | this.content = content; 36 | } 37 | 38 | @Override 39 | public String toString() { 40 | return "(" + path.getFileName() + "," + line + "," + column + "," + contentColumn + "," + content + ")"; 41 | } 42 | 43 | public interface Parser { 44 | 45 | List parse(FileContent file); 46 | 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /test-commons/src/main/java/org/sonarsource/analyzer/commons/checks/verifier/internal/FlowLocation.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.checks.verifier.internal; 18 | 19 | import javax.annotation.Nullable; 20 | 21 | public class FlowLocation extends SecondaryLocation { 22 | 23 | public final int flowIndex; 24 | 25 | public final int indexInTheFlow; 26 | 27 | public FlowLocation(UnderlinedRange range, boolean primaryIsBefore, int flowIndex, int indexInTheFlow, @Nullable String message) { 28 | super(range, primaryIsBefore, flowIndex, message); 29 | this.flowIndex = flowIndex; 30 | this.indexInTheFlow = indexInTheFlow; 31 | } 32 | 33 | @Override 34 | public void write(int indent, StringBuilder out, boolean primaryIsWritten) { 35 | range.underline(indent, out); 36 | out.append(primaryIsWritten ? '<' : '>'); 37 | out.append(' ').append(flowIndex).append('.').append(indexInTheFlow); 38 | if (message != null) { 39 | out.append(" {{").append(message).append("}}"); 40 | } 41 | } 42 | 43 | } 44 | -------------------------------------------------------------------------------- /test-commons/src/main/java/org/sonarsource/analyzer/commons/checks/verifier/internal/PreciseLocation.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.checks.verifier.internal; 18 | 19 | public abstract class PreciseLocation { 20 | 21 | public final UnderlinedRange range; 22 | 23 | protected PreciseLocation(UnderlinedRange range) { 24 | this.range = range; 25 | } 26 | 27 | public abstract void write(int indent, StringBuilder line, boolean primaryIsWritten); 28 | 29 | } 30 | -------------------------------------------------------------------------------- /test-commons/src/main/java/org/sonarsource/analyzer/commons/checks/verifier/internal/SecondaryLocation.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.checks.verifier.internal; 18 | 19 | import javax.annotation.Nullable; 20 | 21 | public class SecondaryLocation extends PreciseLocation { 22 | 23 | public final boolean primaryIsBefore; 24 | 25 | @Nullable 26 | public Integer index; 27 | 28 | @Nullable 29 | public String message; 30 | 31 | public SecondaryLocation(UnderlinedRange range, boolean primaryIsBefore, @Nullable Integer index, @Nullable String message) { 32 | super(range); 33 | this.primaryIsBefore = primaryIsBefore; 34 | this.index = index; 35 | this.message = message; 36 | } 37 | 38 | @Override 39 | public void write(int indent, StringBuilder out, boolean primaryIsWritten) { 40 | range.underline(indent, out); 41 | out.append(primaryIsWritten ? '<' : '>'); 42 | if (index != null) { 43 | out.append(" ").append(index); 44 | } 45 | if (message != null) { 46 | out.append(" {{").append(message).append("}}"); 47 | } 48 | } 49 | 50 | } 51 | -------------------------------------------------------------------------------- /test-commons/src/main/java/org/sonarsource/analyzer/commons/checks/verifier/internal/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.checks.verifier.internal; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /test-commons/src/main/java/org/sonarsource/analyzer/commons/checks/verifier/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.checks.verifier; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /test-commons/src/main/java/org/sonarsource/analyzer/commons/checks/verifier/quickfix/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.checks.verifier.quickfix; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /test-commons/src/test/java/org/sonarsource/analyzer/commons/checks/verifier/internal/CommentTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.checks.verifier.internal; 18 | 19 | import java.nio.file.Paths; 20 | import org.junit.Test; 21 | 22 | import static org.assertj.core.api.Assertions.assertThat; 23 | 24 | public class CommentTest { 25 | @Test 26 | public void constructor() throws Exception { 27 | Comment comment = new Comment(Paths.get("dir/file.js"),1, 2, 3, "Error"); 28 | assertThat(comment.path).isEqualTo(Paths.get("dir/file.js")); 29 | assertThat(comment.line).isOne(); 30 | assertThat(comment.column).isEqualTo(2); 31 | assertThat(comment.contentColumn).isEqualTo(3); 32 | assertThat(comment.content).isEqualTo("Error"); 33 | assertThat(comment).hasToString("(file.js,1,2,3,Error)"); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /test-commons/src/test/resources/code.js: -------------------------------------------------------------------------------- 1 | // ignored comment 2 | /* multiline comment */ 3 | 4 | function test() { // Noncompliant 2 5 | 6 | var msg = "Hello"; 7 | // ^^^> 8 | 9 | alert(msg); // Noncompliant 10 | // ^^^ 1 11 | 12 | alert("Hello");// Noncompliant {{Rule message}} 13 | // ^^^^^ 2 14 | // ^^^^^^^^^@-1< {{Secondary location message1}} 15 | 16 | alert("Hello"); 17 | // ^^^^^< {{Secondary location message2}} 18 | 19 | alert(msg); // Noncompliant {{Error}} [[effortToFix=2.5]] 20 | // ^^^^^ 21 | 22 | alert("Hello"); // Noncompliant 23 | // ^^^^^ ^^^^^< 24 | 25 | // there's one "tab character" at the beginning of the following two lines 26 | alert(msg); // Noncompliant 27 | // ^^^ 28 | 29 | } 30 | 31 | // Noncompliant@0 {{Issue on file}} 32 | -------------------------------------------------------------------------------- /test-commons/src/test/resources/code.js.issues.txt: -------------------------------------------------------------------------------- 1 | 2 | 000: Noncompliant {{Issue on file}} 3 | 000: 4 | 5 | 004: Noncompliant 2 6 | 004: function test() { 7 | 8 | 009: Noncompliant 9 | 006: var msg = "Hello"; 10 | 006: ^^^> 11 | 009: alert(msg); 12 | 009: ^^^ 1 13 | 14 | 15 | 012: Noncompliant {{Rule message}} 16 | 012: alert("Hello"); 17 | 012: ^^^^^ 2 18 | 012: ^^^^^^^^^< {{Secondary location message1}} 19 | 016: alert("Hello"); 20 | 016: ^^^^^< {{Secondary location message2}} 21 | 22 | 23 | 019: Noncompliant {{Error}} [[effortToFix=2.5]] 24 | 019: alert(msg); 25 | 019: ^^^^^ 26 | 27 | 28 | 022: Noncompliant 29 | 022: alert("Hello"); 30 | 022: ^^^^^ 1^^^^^< 31 | 32 | 33 | 026: Noncompliant 34 | 026: ➞alert(msg); 35 | 026: ^^^ 36 | 37 | -------------------------------------------------------------------------------- /test-commons/src/test/resources/empty.js: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /test-commons/src/test/resources/main.js: -------------------------------------------------------------------------------- 1 | function main() { 2 | alert('Hello'); // Noncompliant 3 | } 4 | -------------------------------------------------------------------------------- /test-commons/src/test/resources/quickfixes/JavaCodeWithQuickFix.java: -------------------------------------------------------------------------------- 1 | class QuickFixes{ 2 | void foo() { 3 | "foo".equals("bar"); // Noncompliant [[sc=18;ec=23;quickfixes=qf1]] 4 | // fix@qf1 {{Move "bar" on the left side of .equals}} 5 | // edit@qf1 [[sc=18;ec=23]] {{"foo\n"}} 6 | // edit@qf1 [[sc=5;ec=10]] {{"bar"}} 7 | 8 | foo(); // Noncompliant {{Without quickfix}} 9 | 10 | } 11 | 12 | } 13 | -------------------------------------------------------------------------------- /test-commons/src/test/resources/same-location.js: -------------------------------------------------------------------------------- 1 | function test() { 2 | var x = 0; // Noncompliant {{Primary1}} 3 | // ^^^ 4 | // ^^^@-1< {{Secondary1}} 5 | 6 | var y = 0; // Noncompliant {{Primary2}} 7 | // ^^^> {{Secondary2}} 8 | // ^^^@-1 9 | } 10 | -------------------------------------------------------------------------------- /test-commons/src/test/resources/several-issues-on-the-same-line.js: -------------------------------------------------------------------------------- 1 | function test() { 2 | var x = 0; // Noncompliant {{Error1}} 3 | // Noncompliant@-1 {{Error2}} 4 | // Noncompliant@-2 {{Error3}} 5 | } 6 | -------------------------------------------------------------------------------- /test-commons/src/test/resources/simple.js: -------------------------------------------------------------------------------- 1 | function test(msg) { 2 | alert(msg); // Noncompliant {{Rule message}} 3 | // ^^^ 4 | } 5 | -------------------------------------------------------------------------------- /test-xml-parsing/README.md: -------------------------------------------------------------------------------- 1 | SonarSource Analyzers XML Parsing Test Commons 2 | ========================= 3 | 4 | * [Testing a check for XML file](#testingCheck) 5 | 6 | ## To test a check for XML file 7 | Use `SonarXmlCheckVerifier`: 8 | ``` 9 | SonarXmlCheckVerifier.verifyIssueOnFile("file.xml", new FileTestCheck(), "File level message", 1, 2); 10 | ``` 11 | 12 | You can use comments notation from [test-commons](../test-commons) to assert issues information. 13 | ``` 14 | SonarXmlCheckVerifier.verifyIssues("checkTestFile.xml", testCheck); 15 | ``` 16 | 17 | > :exclamation: Tested XML files should be in directory `src/test/java/resources/checks/` 18 | 19 | ### License 20 | Copyright 2009-2023 SonarSource. 21 | Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt) 22 | -------------------------------------------------------------------------------- /test-xml-parsing/src/main/java/org/sonarsource/analyzer/commons/xml/checks/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers XML Parsing Test Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.xml.checks; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /test-xml-parsing/src/test/resources/checks/FileTestCheck/file.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /test-xml-parsing/src/test/resources/checks/SilentTestCheck/file.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /test-xml-parsing/src/test/resources/checks/SilentTestCheck/malformedFile.xml: -------------------------------------------------------------------------------- 1 | hello 2 | -------------------------------------------------------------------------------- /test-xml-parsing/src/test/resources/checks/TestCheck/checkTestFile.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Hello 9 | World! 10 | 11 | -------------------------------------------------------------------------------- /test-xml-parsing/src/test/resources/checks/file.xml: -------------------------------------------------------------------------------- 1 | Hello 2 | -------------------------------------------------------------------------------- /test-xml-parsing/src/test/resources/file.xml: -------------------------------------------------------------------------------- 1 | Hello 2 | -------------------------------------------------------------------------------- /wss-unified-agent.config: -------------------------------------------------------------------------------- 1 | # WhiteSource documentation https://whitesource.atlassian.net/wiki/spaces/WD/pages/1544880156/Unified+Agent+Configuration+Parameters 2 | 3 | excludes=**/*sources.jar **/*javadoc.jar 4 | fileSystemScan=False 5 | resolveAllDependencies=False 6 | 7 | maven.aggregateModules=True 8 | maven.downloadMissingDependencies=False 9 | maven.m2RepositoryPath=.m2/repository 10 | maven.resolveDependencies=True 11 | maven.runPreStep=False 12 | 13 | wss.url=https://saas-eu.whitesourcesoftware.com/agent 14 | 15 | forceUpdate=true 16 | checkPolicies=true 17 | forceUpdate.failBuildOnPolicyViolation=true 18 | -------------------------------------------------------------------------------- /xml-parsing/src/main/java/org/sonarsource/analyzer/commons/xml/ParseException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers XML Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.xml; 18 | 19 | public class ParseException extends RuntimeException { 20 | 21 | private static final long serialVersionUID = -3118758075218569915L; 22 | 23 | public ParseException(Exception cause) { 24 | super(cause); 25 | } 26 | 27 | } 28 | 29 | -------------------------------------------------------------------------------- /xml-parsing/src/main/java/org/sonarsource/analyzer/commons/xml/SafeStaxParserFactory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers XML Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.xml; 18 | 19 | import javax.xml.stream.XMLInputFactory; 20 | 21 | public class SafeStaxParserFactory { 22 | 23 | private SafeStaxParserFactory() { 24 | // class with static methods only 25 | } 26 | 27 | public static XMLInputFactory createXMLInputFactory() { 28 | // forcing the XMLInputFactory implementation class, in order to be sure that we are going to use the adequate 29 | // stream reader while retrieving locations 30 | XMLInputFactory factory = new com.ctc.wstx.stax.WstxInputFactory(); 31 | 32 | factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); 33 | factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, false); 34 | factory.setProperty(XMLInputFactory.IS_VALIDATING, false); 35 | factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); 36 | return factory; 37 | } 38 | 39 | } 40 | -------------------------------------------------------------------------------- /xml-parsing/src/main/java/org/sonarsource/analyzer/commons/xml/SafetyFactory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers XML Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.xml; 18 | 19 | import javax.xml.parsers.DocumentBuilder; 20 | import javax.xml.stream.XMLInputFactory; 21 | 22 | public class SafetyFactory { 23 | 24 | private SafetyFactory(){ 25 | // class with static methods only 26 | } 27 | 28 | /** 29 | * @deprecated Use {@link SafeStaxParserFactory#createXMLInputFactory()} instead. 30 | */ 31 | @Deprecated 32 | public static XMLInputFactory createXMLInputFactory() { 33 | return SafeStaxParserFactory.createXMLInputFactory(); 34 | } 35 | 36 | /** 37 | * @deprecated Use {@link SafeDomParserFactory#createDocumentBuilder(boolean)} instead. 38 | */ 39 | @Deprecated 40 | public static DocumentBuilder createDocumentBuilder(boolean namespaceAware) { 41 | return SafeDomParserFactory.createDocumentBuilder(namespaceAware); 42 | } 43 | 44 | } 45 | -------------------------------------------------------------------------------- /xml-parsing/src/main/java/org/sonarsource/analyzer/commons/xml/checks/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers XML Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.xml.checks; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /xml-parsing/src/main/java/org/sonarsource/analyzer/commons/xml/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers XML Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | @ParametersAreNonnullByDefault 18 | package org.sonarsource.analyzer.commons.xml; 19 | 20 | import javax.annotation.ParametersAreNonnullByDefault; 21 | -------------------------------------------------------------------------------- /xml-parsing/src/test/java/org/sonarsource/analyzer/commons/xml/SafetyFactoryTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers XML Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.xml; 18 | 19 | import org.junit.Test; 20 | 21 | import static org.assertj.core.api.Assertions.assertThat; 22 | 23 | public class SafetyFactoryTest { 24 | 25 | @Test 26 | public void test_createXMLInputFactory() { 27 | assertThat(SafetyFactory.createXMLInputFactory()).isNotNull(); 28 | } 29 | 30 | @Test 31 | public void test_createDocumentBuilder() { 32 | assertThat(SafetyFactory.createDocumentBuilder(true)).isNotNull(); 33 | assertThat(SafetyFactory.createDocumentBuilder(false)).isNotNull(); 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /xml-parsing/src/test/java/org/sonarsource/analyzer/commons/xml/checks/SonarXmlCheckTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * SonarSource Analyzers XML Parsing Commons 3 | * Copyright (C) 2009-2025 SonarSource SA 4 | * mailto:info AT sonarsource DOT com 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the Sonar Source-Available License for more details. 13 | * 14 | * You should have received a copy of the Sonar Source-Available License 15 | * along with this program; if not, see https://sonarsource.com/license/ssal/ 16 | */ 17 | package org.sonarsource.analyzer.commons.xml.checks; 18 | 19 | import org.junit.Test; 20 | import org.sonarsource.analyzer.commons.xml.XmlFile; 21 | 22 | import static org.assertj.core.api.Assertions.assertThat; 23 | 24 | 25 | public class SonarXmlCheckTest { 26 | 27 | @Test 28 | public void check_context_null() { 29 | DummyCheck check = new DummyCheck(); 30 | assertThat(check.getContext()).isNull(); 31 | } 32 | 33 | static class DummyCheck extends SonarXmlCheck { 34 | @Override 35 | public void scanFile(XmlFile file) { 36 | reportIssueOnFile("message", null); 37 | } 38 | } 39 | 40 | } -------------------------------------------------------------------------------- /xml-parsing/src/test/resources/checks/SimpleXPathBasedCheck/simple.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /xml-parsing/src/test/resources/checks/SimpleXPathBasedCheck/xPathFailure.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | ]> 6 | 7 | &xxe; 8 | -------------------------------------------------------------------------------- /xml-parsing/src/test/resources/file.xml: -------------------------------------------------------------------------------- 1 | Hello 2 | --------------------------------------------------------------------------------