From b841ee3277068a55836cf79b3d9208f2378ed587 Mon Sep 17 00:00:00 2001 From: Arshan Dabirsiaghi Date: Wed, 18 Dec 2024 14:07:25 -0500 Subject: [PATCH] Add several Sonar hotspot mappings (#486) --- .github/workflows/checks.yml | 2 +- .github/workflows/release.yml | 2 +- README.md | 2 +- .../integration/GitRepositoryTest.java | 7 +- .../codemodder/codemods/DefaultCodemods.java | 4 + .../AddMissingOverrideCodemod.java | 2 +- ...AvoidImplicitPublicConstructorCodemod.java | 2 +- .../ConstantNameStringGenerator.java | 2 +- .../{ => sonar}/CreateConstantForLiteral.java | 2 +- .../DeclareVariableOnSeparateLine.java | 2 +- .../DeclareVariableOnSeparateLineCodemod.java | 2 +- ...ableOnSeparateLineForFieldDeclaration.java | 2 +- ...eparateLineForVariableDeclarationExpr.java | 2 +- .../{ => sonar}/DefineConstantForLiteral.java | 2 +- .../DefineConstantForLiteralCodemod.java | 2 +- .../FixRedundantStaticOnEnumCodemod.java | 2 +- .../HardenStringParseToPrimitivesCodemod.java | 2 +- ...idesMatchParentSynchronizationCodemod.java | 2 +- .../RemoveCommentedCodeCodemod.java | 2 +- ...emoveRedundantVariableCreationCodemod.java | 2 +- .../RemoveUnusedImportCodemod.java | 2 +- .../RemoveUnusedLocalVariableCodemod.java | 2 +- .../RemoveUnusedPrivateMethodCodemod.java | 2 +- .../RemoveUselessParenthesesCodemod.java | 2 +- .../ReplaceStreamCollectorsToListCodemod.java | 2 +- ...plifyRestControllerAnnotationsCodemod.java | 2 +- .../SonarCookieMissingSecureFlagCodemod.java | 62 +++++++++ .../SonarJNDIInjectionCodemod.java | 2 +- .../SonarObjectDeserializationCodemod.java | 2 +- ...onarRemoveUnthrowableExceptionCodemod.java | 2 +- .../{ => sonar}/SonarSQLInjectionCodemod.java | 2 +- .../{ => sonar}/SonarSSRFCodemod.java | 2 +- ...narUnsafeReflectionRemediationCodemod.java | 2 +- .../SonarWeakHashingAlgorithmCodemod.java | 62 +++++++++ .../sonar/SonarWeakRandomCodemod.java | 62 +++++++++ .../codemods/{ => sonar}/SonarXXECodemod.java | 2 +- .../SubstituteReplaceAllCodemod.java | 2 +- .../UseExistingConstantForLiteral.java | 2 +- .../AddMissingOverrideCodemod/description.md | 0 .../AddMissingOverrideCodemod/report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../RemoveCommentedCodeCodemod/description.md | 0 .../RemoveCommentedCodeCodemod/report.json | 0 .../description.md | 0 .../report.json | 0 .../RemoveUnusedImportCodemod/description.md | 0 .../RemoveUnusedImportCodemod/report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../report.json | 0 .../description.md | 0 .../SubstituteReplaceAllCodemod/report.json | 0 .../codemods/integration/baseimage/Dockerfile | 2 +- .../SemgrepMissingSecureFlagCodemodTest.java | 1 + .../AddMissingOverrideCodemodTest.java | 2 +- ...dImplicitPublicConstructorCodemodTest.java | 2 +- .../ConstantNameStringGeneratorTest.java | 2 +- ...lareVariableOnSeparateLineCodemodTest.java | 2 +- .../DefineConstantForLiteralCodemodTest.java | 2 +- .../DefineConstantForLiteralCodemodTest2.java | 2 +- .../DefineConstantForLiteralCodemodTest3.java | 2 +- .../DefineConstantForLiteralCodemodTest4.java | 2 +- .../DefineConstantForLiteralCodemodTest5.java | 2 +- .../FixRedundantStaticOnEnumCodemodTest.java | 2 +- ...denStringParseToPrimitivesCodemodTest.java | 2 +- ...MatchParentSynchronizationCodemodTest.java | 2 +- .../RemoveCommentedCodeCodemodTest.java | 2 +- ...eRedundantVariableCreationCodemodTest.java | 2 +- .../RemoveUnusedImportCodemodTest.java | 2 +- .../RemoveUnusedLocalVariableCodemodTest.java | 2 +- .../RemoveUnusedPrivateMethodCodemodTest.java | 2 +- .../RemoveUselessParenthesesCodemodTest.java | 2 +- ...laceStreamCollectorsToListCodemodTest.java | 2 +- ...yRestControllerAnnotationsCodemodTest.java | 2 +- ...narCookieMissingSecureFlagCodemodTest.java | 19 +++ .../SonarJNDIInjectionCodemodTest.java | 2 +- ...SonarObjectDeserializationCodemodTest.java | 2 +- .../SonarRemoveUnthrowableCodemodTest.java | 2 +- .../SonarSQLInjectionCodemodTest.java | 2 +- .../{ => sonar}/SonarSSRFCodemodTest.java | 2 +- ...nsafeReflectionRemediationCodemodTest.java | 2 +- .../SonarWeakHashingAlgorithmCodemodTest.java | 19 +++ .../sonar/SonarWeakRandomCodemodTest.java | 18 +++ .../{ => sonar}/SonarXXECodemodTest.java | 2 +- .../SubstituteReplaceAllCodemodTest.java | 2 +- .../sonar-issues.json | 2 +- .../sonar-issues.json | 4 +- .../SpoofCookieAssignment.java.after | 126 ++++++++++++++++++ .../SpoofCookieAssignment.java.before | 125 +++++++++++++++++ .../sonar-hotspots.json | 48 +++++++ .../supported/sonar-hotspots.json | 2 +- .../unsupported/sonar-hotspots.json | 2 +- .../HashingAssignment.java.after | 105 +++++++++++++++ .../HashingAssignment.java.before | 105 +++++++++++++++ .../sonar-weak-hash-4790/sonar-hotspots.json | 48 +++++++ .../CSRFGetFlag.java.after | 86 ++++++++++++ .../CSRFGetFlag.java.before | 85 ++++++++++++ .../sonar-weak-prng-2245/sonar-hotspots.json | 48 +++++++ .../sonar-xxe-s2755/sonar-issues.json | 8 +- ...=> FixAtJakartaAddCookieCallStrategy.java} | 4 +- .../FixAtJakartaCookieCreationStrategy.java | 63 +++++++++ .../MissingSecureFlagRemediator.java | 19 ++- 122 files changed, 1183 insertions(+), 75 deletions(-) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/AddMissingOverrideCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/AvoidImplicitPublicConstructorCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/ConstantNameStringGenerator.java (99%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/CreateConstantForLiteral.java (99%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/DeclareVariableOnSeparateLine.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/DeclareVariableOnSeparateLineCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/DeclareVariableOnSeparateLineForFieldDeclaration.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/DeclareVariableOnSeparateLineForVariableDeclarationExpr.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteral.java (99%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteralCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/FixRedundantStaticOnEnumCodemod.java (97%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/HardenStringParseToPrimitivesCodemod.java (99%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/OverridesMatchParentSynchronizationCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/RemoveCommentedCodeCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/RemoveRedundantVariableCreationCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/RemoveUnusedImportCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/RemoveUnusedLocalVariableCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/RemoveUnusedPrivateMethodCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/RemoveUselessParenthesesCodemod.java (97%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/ReplaceStreamCollectorsToListCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SimplifyRestControllerAnnotationsCodemod.java (98%) create mode 100644 core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarCookieMissingSecureFlagCodemod.java rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SonarJNDIInjectionCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SonarObjectDeserializationCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SonarRemoveUnthrowableExceptionCodemod.java (97%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SonarSQLInjectionCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SonarSSRFCodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SonarUnsafeReflectionRemediationCodemod.java (98%) create mode 100644 core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarWeakHashingAlgorithmCodemod.java create mode 100644 core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarWeakRandomCodemod.java rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SonarXXECodemod.java (98%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/SubstituteReplaceAllCodemod.java (97%) rename core-codemods/src/main/java/io/codemodder/codemods/{ => sonar}/UseExistingConstantForLiteral.java (97%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/AddMissingOverrideCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/AddMissingOverrideCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/AvoidImplicitPublicConstructorCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/AvoidImplicitPublicConstructorCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/DeclareVariableOnSeparateLineCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/DeclareVariableOnSeparateLineCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteralCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteralCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/FixRedundantStaticOnEnumCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/FixRedundantStaticOnEnumCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/HardenStringParseToPrimitivesCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/HardenStringParseToPrimitivesCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/OverridesMatchParentSynchronizationCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/OverridesMatchParentSynchronizationCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveCommentedCodeCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveCommentedCodeCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveRedundantVariableCreationCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveRedundantVariableCreationCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveUnusedImportCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveUnusedImportCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveUnusedLocalVariableCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveUnusedLocalVariableCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveUnusedPrivateMethodCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveUnusedPrivateMethodCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveUselessParenthesesCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/RemoveUselessParenthesesCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/ReplaceStreamCollectorsToListCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/ReplaceStreamCollectorsToListCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/SimplifyRestControllerAnnotationsCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/SimplifyRestControllerAnnotationsCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/SonarRemoveUnthrowableExceptionCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/SonarRemoveUnthrowableExceptionCodemod/report.json (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/SubstituteReplaceAllCodemod/description.md (100%) rename core-codemods/src/main/resources/io/codemodder/codemods/{ => sonar}/SubstituteReplaceAllCodemod/report.json (100%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/AddMissingOverrideCodemodTest.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/AvoidImplicitPublicConstructorCodemodTest.java (91%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/ConstantNameStringGeneratorTest.java (99%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/DeclareVariableOnSeparateLineCodemodTest.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteralCodemodTest.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteralCodemodTest2.java (91%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteralCodemodTest3.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteralCodemodTest4.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/DefineConstantForLiteralCodemodTest5.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/FixRedundantStaticOnEnumCodemodTest.java (90%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/HardenStringParseToPrimitivesCodemodTest.java (91%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/OverridesMatchParentSynchronizationCodemodTest.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/RemoveCommentedCodeCodemodTest.java (91%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/RemoveRedundantVariableCreationCodemodTest.java (91%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/RemoveUnusedImportCodemodTest.java (91%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/RemoveUnusedLocalVariableCodemodTest.java (91%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/RemoveUnusedPrivateMethodCodemodTest.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/RemoveUselessParenthesesCodemodTest.java (91%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/ReplaceStreamCollectorsToListCodemodTest.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SimplifyRestControllerAnnotationsCodemodTest.java (92%) create mode 100644 core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarCookieMissingSecureFlagCodemodTest.java rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SonarJNDIInjectionCodemodTest.java (97%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SonarObjectDeserializationCodemodTest.java (93%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SonarRemoveUnthrowableCodemodTest.java (92%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SonarSQLInjectionCodemodTest.java (97%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SonarSSRFCodemodTest.java (94%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SonarUnsafeReflectionRemediationCodemodTest.java (95%) create mode 100644 core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarWeakHashingAlgorithmCodemodTest.java create mode 100644 core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarWeakRandomCodemodTest.java rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SonarXXECodemodTest.java (90%) rename core-codemods/src/test/java/io/codemodder/codemods/{ => sonar}/SubstituteReplaceAllCodemodTest.java (91%) create mode 100644 core-codemods/src/test/resources/sonar-missing-secure-flag-2092/SpoofCookieAssignment.java.after create mode 100644 core-codemods/src/test/resources/sonar-missing-secure-flag-2092/SpoofCookieAssignment.java.before create mode 100644 core-codemods/src/test/resources/sonar-missing-secure-flag-2092/sonar-hotspots.json create mode 100644 core-codemods/src/test/resources/sonar-weak-hash-4790/HashingAssignment.java.after create mode 100644 core-codemods/src/test/resources/sonar-weak-hash-4790/HashingAssignment.java.before create mode 100644 core-codemods/src/test/resources/sonar-weak-hash-4790/sonar-hotspots.json create mode 100644 core-codemods/src/test/resources/sonar-weak-prng-2245/CSRFGetFlag.java.after create mode 100644 core-codemods/src/test/resources/sonar-weak-prng-2245/CSRFGetFlag.java.before create mode 100644 core-codemods/src/test/resources/sonar-weak-prng-2245/sonar-hotspots.json rename framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/{MissingSecureFlagFixStrategy.java => FixAtJakartaAddCookieCallStrategy.java} (93%) create mode 100644 framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/FixAtJakartaCookieCreationStrategy.java diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 10452b9eb..74f2a1d72 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -64,7 +64,7 @@ jobs: python-version: '3.11' - name: Install Semgrep - run: python3 -m pip install semgrep + run: python3 -m pip install semgrep==1.84.1 - name: Run Check task uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 23cd0a58a..ebcf2af31 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: python-version: '3.11' - name: Install Semgrep - run: python3 -m pip install semgrep + run: python3 -m pip install semgrep==1.84.1 - uses: actions/setup-java@v3 with: diff --git a/README.md b/README.md index d3d1af42e..a085eb149 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Follow these instructions if you intend to modify and build this project from so [here](https://semgrep.dev/docs/getting-started/#installing-and-running-semgrep-locally) for instructions. It can usually be done via `pip`: ```shell - pip install semgrep + pip install semgrep==1.84.1 ``` If your python library paths contain your home directory as a root folder (i.e. diff --git a/core-codemods/src/intTest/java/io/codemodder/integration/GitRepositoryTest.java b/core-codemods/src/intTest/java/io/codemodder/integration/GitRepositoryTest.java index 1f9a91770..3b8f7c36e 100644 --- a/core-codemods/src/intTest/java/io/codemodder/integration/GitRepositoryTest.java +++ b/core-codemods/src/intTest/java/io/codemodder/integration/GitRepositoryTest.java @@ -97,7 +97,12 @@ protected void verifyNoFailedFiles(final CodeTFReport report) { .map(CodeTFResult::getFailedFiles) .flatMap(Collection::stream) .toList(); - assertThat(failedFiles.size(), is(0)); + if (!failedFiles.isEmpty()) { + System.out.println("Failed files during scan:"); + failedFiles.forEach(System.err::println); + } + int size = failedFiles.size(); + assertThat(size, is(0)); } protected void verifyStandardCodemodResults(final List fileChanges) { diff --git a/core-codemods/src/main/java/io/codemodder/codemods/DefaultCodemods.java b/core-codemods/src/main/java/io/codemodder/codemods/DefaultCodemods.java index ce515029e..7e3e663f6 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/DefaultCodemods.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/DefaultCodemods.java @@ -12,6 +12,7 @@ import io.codemodder.codemods.semgrep.SemgrepServletResponseWriterXSSCodemod; import io.codemodder.codemods.semgrep.SemgrepWeakRandomCodemod; import io.codemodder.codemods.semgrep.SemgrepXXECodemod; +import io.codemodder.codemods.sonar.*; import java.util.List; /** @@ -89,12 +90,15 @@ public static List> asList() { SemgrepOverlyPermissiveFilePermissionsCodemod.class, SimplifyRestControllerAnnotationsCodemod.class, SubstituteReplaceAllCodemod.class, + SonarCookieMissingSecureFlagCodemod.class, SonarJNDIInjectionCodemod.class, SonarObjectDeserializationCodemod.class, SonarRemoveUnthrowableExceptionCodemod.class, SonarSQLInjectionCodemod.class, SonarSSRFCodemod.class, SonarUnsafeReflectionRemediationCodemod.class, + SonarWeakHashingAlgorithmCodemod.class, + SonarWeakRandomCodemod.class, SonarXXECodemod.class, SQLParameterizerCodemod.class, SSRFCodemod.class, diff --git a/core-codemods/src/main/java/io/codemodder/codemods/AddMissingOverrideCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/AddMissingOverrideCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/AddMissingOverrideCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/AddMissingOverrideCodemod.java index d24e2033e..da75398c0 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/AddMissingOverrideCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/AddMissingOverrideCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.body.MethodDeclaration; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemod.java index f00deb837..f85d7ae3d 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.Modifier; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/ConstantNameStringGenerator.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/ConstantNameStringGenerator.java similarity index 99% rename from core-codemods/src/main/java/io/codemodder/codemods/ConstantNameStringGenerator.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/ConstantNameStringGenerator.java index f3d2d8044..c7b465fa9 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/ConstantNameStringGenerator.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/ConstantNameStringGenerator.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import java.util.Set; import java.util.regex.Matcher; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/CreateConstantForLiteral.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/CreateConstantForLiteral.java similarity index 99% rename from core-codemods/src/main/java/io/codemodder/codemods/CreateConstantForLiteral.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/CreateConstantForLiteral.java index a800883e5..54f153d7f 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/CreateConstantForLiteral.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/CreateConstantForLiteral.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.Modifier; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLine.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLine.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLine.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLine.java index fdcd51231..b821581d9 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLine.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLine.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.Node; import com.github.javaparser.ast.NodeList; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemod.java index 3e94f4e33..81c0e1f84 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.Node; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineForFieldDeclaration.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineForFieldDeclaration.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineForFieldDeclaration.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineForFieldDeclaration.java index 324c42146..6e25bd7e1 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineForFieldDeclaration.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineForFieldDeclaration.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.Node; import com.github.javaparser.ast.NodeList; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineForVariableDeclarationExpr.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineForVariableDeclarationExpr.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineForVariableDeclarationExpr.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineForVariableDeclarationExpr.java index 439edf110..49982a0ce 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/DeclareVariableOnSeparateLineForVariableDeclarationExpr.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineForVariableDeclarationExpr.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.Node; import com.github.javaparser.ast.NodeList; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/DefineConstantForLiteral.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DefineConstantForLiteral.java similarity index 99% rename from core-codemods/src/main/java/io/codemodder/codemods/DefineConstantForLiteral.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/DefineConstantForLiteral.java index 64f162c4b..5335be887 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/DefineConstantForLiteral.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DefineConstantForLiteral.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.Range; import com.github.javaparser.ast.CompilationUnit; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/DefineConstantForLiteralCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/DefineConstantForLiteralCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemod.java index 5cfd4ad06..7921dc218 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/DefineConstantForLiteralCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.expr.StringLiteralExpr; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/FixRedundantStaticOnEnumCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemod.java similarity index 97% rename from core-codemods/src/main/java/io/codemodder/codemods/FixRedundantStaticOnEnumCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemod.java index 9ac2fbec4..7858d00a5 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/FixRedundantStaticOnEnumCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.body.EnumDeclaration; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/HardenStringParseToPrimitivesCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemod.java similarity index 99% rename from core-codemods/src/main/java/io/codemodder/codemods/HardenStringParseToPrimitivesCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemod.java index adc4bc6ff..d0eaaf277 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/HardenStringParseToPrimitivesCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.Node; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemod.java index da2673efc..0b5c0c0a7 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.Node; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/RemoveCommentedCodeCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/RemoveCommentedCodeCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemod.java index 8cba43ee0..ee4c68f25 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/RemoveCommentedCodeCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.comments.Comment; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/RemoveRedundantVariableCreationCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/RemoveRedundantVariableCreationCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemod.java index 0b69f6d3a..26b867fcb 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/RemoveRedundantVariableCreationCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.expr.*; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedImportCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedImportCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedImportCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedImportCodemod.java index 821430366..51bc9f3d3 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedImportCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedImportCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.ImportDeclaration; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedLocalVariableCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedLocalVariableCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemod.java index 200790971..6422235b2 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedLocalVariableCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.Node; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemod.java index 7eb199dc4..d03f2f804 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.Node; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/RemoveUselessParenthesesCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemod.java similarity index 97% rename from core-codemods/src/main/java/io/codemodder/codemods/RemoveUselessParenthesesCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemod.java index 5cc18d35f..504f9e3f7 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/RemoveUselessParenthesesCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.expr.EnclosedExpr; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemod.java index a33d8c077..d09b112a2 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.Node; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemod.java index a7233314a..188eb8258 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import static io.codemodder.ast.ASTTransforms.addImportIfMissing; import static io.codemodder.ast.ASTTransforms.removeImportIfUnused; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarCookieMissingSecureFlagCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarCookieMissingSecureFlagCodemod.java new file mode 100644 index 000000000..7f075eb41 --- /dev/null +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarCookieMissingSecureFlagCodemod.java @@ -0,0 +1,62 @@ +package io.codemodder.codemods.sonar; + +import com.github.javaparser.ast.CompilationUnit; +import io.codemodder.*; +import io.codemodder.codetf.DetectorRule; +import io.codemodder.providers.sonar.ProvidedSonarScan; +import io.codemodder.providers.sonar.RuleHotspot; +import io.codemodder.providers.sonar.SonarRemediatingJavaParserChanger; +import io.codemodder.remediation.GenericRemediationMetadata; +import io.codemodder.remediation.Remediator; +import io.codemodder.remediation.missingsecureflag.MissingSecureFlagRemediator; +import io.codemodder.sonar.model.Hotspot; +import io.codemodder.sonar.model.SonarFinding; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.inject.Inject; + +@Codemod( + id = "sonar:java/cookie-missing-secure-flag-2092", + reviewGuidance = ReviewGuidance.MERGE_AFTER_CURSORY_REVIEW, + importance = Importance.HIGH, + executionPriority = CodemodExecutionPriority.HIGH) +public final class SonarCookieMissingSecureFlagCodemod extends SonarRemediatingJavaParserChanger { + + private final Remediator remediationStrategy; + private final RuleHotspot issues; + + @Inject + public SonarCookieMissingSecureFlagCodemod( + @ProvidedSonarScan(ruleId = "java:S2092") final RuleHotspot hotspots) { + super(GenericRemediationMetadata.MISSING_SECURE_FLAG.reporter(), hotspots); + this.issues = Objects.requireNonNull(hotspots); + this.remediationStrategy = new MissingSecureFlagRemediator<>(); + } + + @Override + public DetectorRule detectorRule() { + return new DetectorRule( + "java:S2092", + "Make sure creating this cookie without the \"secure\" flag is safe here.", + "https://rules.sonarsource.com/java/type/Security%20Hotspot/RSPEC-2092/"); + } + + @Override + public CodemodFileScanningResult visit( + final CodemodInvocationContext context, final CompilationUnit cu) { + List issuesForFile = issues.getResultsByPath(context.path()); + return remediationStrategy.remediateAll( + cu, + context.path().toString(), + detectorRule(), + issuesForFile, + SonarFinding::getKey, + i -> i.getTextRange() != null ? i.getTextRange().getStartLine() : i.getLine(), + i -> + i.getTextRange() != null + ? Optional.of(i.getTextRange().getEndLine()) + : Optional.empty(), + i -> Optional.empty()); + } +} diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SonarJNDIInjectionCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarJNDIInjectionCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/SonarJNDIInjectionCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarJNDIInjectionCodemod.java index 8b2a6f901..8882d7ed7 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SonarJNDIInjectionCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarJNDIInjectionCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import io.codemodder.*; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SonarObjectDeserializationCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarObjectDeserializationCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/SonarObjectDeserializationCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarObjectDeserializationCodemod.java index acc9ef4f9..089ac5832 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SonarObjectDeserializationCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarObjectDeserializationCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import io.codemodder.*; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SonarRemoveUnthrowableExceptionCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarRemoveUnthrowableExceptionCodemod.java similarity index 97% rename from core-codemods/src/main/java/io/codemodder/codemods/SonarRemoveUnthrowableExceptionCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarRemoveUnthrowableExceptionCodemod.java index 1eee3e762..0a957122b 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SonarRemoveUnthrowableExceptionCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarRemoveUnthrowableExceptionCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.type.ClassOrInterfaceType; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SonarSQLInjectionCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarSQLInjectionCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/SonarSQLInjectionCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarSQLInjectionCodemod.java index 0baf3b4c7..52f2abb12 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SonarSQLInjectionCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarSQLInjectionCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.expr.Expression; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SonarSSRFCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarSSRFCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/SonarSSRFCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarSSRFCodemod.java index 4a7f3b569..eb5b86ec5 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SonarSSRFCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarSSRFCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import io.codemodder.*; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SonarUnsafeReflectionRemediationCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarUnsafeReflectionRemediationCodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/SonarUnsafeReflectionRemediationCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarUnsafeReflectionRemediationCodemod.java index cfc57adeb..f895f54d7 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SonarUnsafeReflectionRemediationCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarUnsafeReflectionRemediationCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import io.codemodder.*; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarWeakHashingAlgorithmCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarWeakHashingAlgorithmCodemod.java new file mode 100644 index 000000000..1503d1c18 --- /dev/null +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarWeakHashingAlgorithmCodemod.java @@ -0,0 +1,62 @@ +package io.codemodder.codemods.sonar; + +import com.github.javaparser.ast.CompilationUnit; +import io.codemodder.*; +import io.codemodder.codetf.DetectorRule; +import io.codemodder.providers.sonar.ProvidedSonarScan; +import io.codemodder.providers.sonar.RuleHotspot; +import io.codemodder.providers.sonar.SonarRemediatingJavaParserChanger; +import io.codemodder.remediation.GenericRemediationMetadata; +import io.codemodder.remediation.Remediator; +import io.codemodder.remediation.weakcrypto.WeakCryptoAlgorithmRemediator; +import io.codemodder.sonar.model.Hotspot; +import io.codemodder.sonar.model.SonarFinding; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.inject.Inject; + +@Codemod( + id = "sonar:java/weak-hash-4790", + reviewGuidance = ReviewGuidance.MERGE_AFTER_CURSORY_REVIEW, + importance = Importance.HIGH, + executionPriority = CodemodExecutionPriority.HIGH) +public final class SonarWeakHashingAlgorithmCodemod extends SonarRemediatingJavaParserChanger { + + private final Remediator remediationStrategy; + private final RuleHotspot issues; + + @Inject + public SonarWeakHashingAlgorithmCodemod( + @ProvidedSonarScan(ruleId = "java:S4790") final RuleHotspot hotspots) { + super(GenericRemediationMetadata.WEAK_CRYPTO_ALGORITHM.reporter(), hotspots); + this.issues = Objects.requireNonNull(hotspots); + this.remediationStrategy = new WeakCryptoAlgorithmRemediator<>(); + } + + @Override + public DetectorRule detectorRule() { + return new DetectorRule( + "java:S4790", + "Using weak hashing algorithms is security-sensitive", + "https://rules.sonarsource.com/java/type/Security%20Hotspot/RSPEC-4790/"); + } + + @Override + public CodemodFileScanningResult visit( + final CodemodInvocationContext context, final CompilationUnit cu) { + List issuesForFile = issues.getResultsByPath(context.path()); + return remediationStrategy.remediateAll( + cu, + context.path().toString(), + detectorRule(), + issuesForFile, + SonarFinding::getKey, + i -> i.getTextRange() != null ? i.getTextRange().getStartLine() : i.getLine(), + i -> + i.getTextRange() != null + ? Optional.of(i.getTextRange().getEndLine()) + : Optional.empty(), + i -> Optional.empty()); + } +} diff --git a/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarWeakRandomCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarWeakRandomCodemod.java new file mode 100644 index 000000000..8412ac10d --- /dev/null +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarWeakRandomCodemod.java @@ -0,0 +1,62 @@ +package io.codemodder.codemods.sonar; + +import com.github.javaparser.ast.CompilationUnit; +import io.codemodder.*; +import io.codemodder.codetf.DetectorRule; +import io.codemodder.providers.sonar.ProvidedSonarScan; +import io.codemodder.providers.sonar.RuleHotspot; +import io.codemodder.providers.sonar.SonarRemediatingJavaParserChanger; +import io.codemodder.remediation.GenericRemediationMetadata; +import io.codemodder.remediation.Remediator; +import io.codemodder.remediation.weakrandom.WeakRandomRemediator; +import io.codemodder.sonar.model.Hotspot; +import io.codemodder.sonar.model.SonarFinding; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.inject.Inject; + +@Codemod( + id = "sonar:java/weak-prng-2245", + reviewGuidance = ReviewGuidance.MERGE_AFTER_CURSORY_REVIEW, + importance = Importance.HIGH, + executionPriority = CodemodExecutionPriority.HIGH) +public final class SonarWeakRandomCodemod extends SonarRemediatingJavaParserChanger { + + private final Remediator remediationStrategy; + private final RuleHotspot issues; + + @Inject + public SonarWeakRandomCodemod( + @ProvidedSonarScan(ruleId = "java:S2245") final RuleHotspot hotspots) { + super(GenericRemediationMetadata.WEAK_RANDOM.reporter(), hotspots); + this.issues = Objects.requireNonNull(hotspots); + this.remediationStrategy = new WeakRandomRemediator<>(); + } + + @Override + public DetectorRule detectorRule() { + return new DetectorRule( + "java:S2245", + "Make sure that using this pseudorandom number generator is safe here", + "https://rules.sonarsource.com/java/RSPEC-2245/?search=weak%20random"); + } + + @Override + public CodemodFileScanningResult visit( + final CodemodInvocationContext context, final CompilationUnit cu) { + List issuesForFile = issues.getResultsByPath(context.path()); + return remediationStrategy.remediateAll( + cu, + context.path().toString(), + detectorRule(), + issuesForFile, + SonarFinding::getKey, + i -> i.getTextRange() != null ? i.getTextRange().getStartLine() : i.getLine(), + i -> + i.getTextRange() != null + ? Optional.of(i.getTextRange().getEndLine()) + : Optional.empty(), + i -> Optional.empty()); + } +} diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SonarXXECodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarXXECodemod.java similarity index 98% rename from core-codemods/src/main/java/io/codemodder/codemods/SonarXXECodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarXXECodemod.java index c97d4c4c1..c686d4543 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SonarXXECodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SonarXXECodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import io.codemodder.*; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/SubstituteReplaceAllCodemod.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemod.java similarity index 97% rename from core-codemods/src/main/java/io/codemodder/codemods/SubstituteReplaceAllCodemod.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemod.java index 0dcc5c8b3..9f99e318f 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/SubstituteReplaceAllCodemod.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemod.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.expr.SimpleName; diff --git a/core-codemods/src/main/java/io/codemodder/codemods/UseExistingConstantForLiteral.java b/core-codemods/src/main/java/io/codemodder/codemods/sonar/UseExistingConstantForLiteral.java similarity index 97% rename from core-codemods/src/main/java/io/codemodder/codemods/UseExistingConstantForLiteral.java rename to core-codemods/src/main/java/io/codemodder/codemods/sonar/UseExistingConstantForLiteral.java index 80b62b10c..45c78c5db 100644 --- a/core-codemods/src/main/java/io/codemodder/codemods/UseExistingConstantForLiteral.java +++ b/core-codemods/src/main/java/io/codemodder/codemods/sonar/UseExistingConstantForLiteral.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.expr.StringLiteralExpr; diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/AddMissingOverrideCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/AddMissingOverrideCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/AddMissingOverrideCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/AddMissingOverrideCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/AddMissingOverrideCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/AddMissingOverrideCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/AddMissingOverrideCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/AddMissingOverrideCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/DefineConstantForLiteralCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/DefineConstantForLiteralCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/DefineConstantForLiteralCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/DefineConstantForLiteralCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/FixRedundantStaticOnEnumCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/FixRedundantStaticOnEnumCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/FixRedundantStaticOnEnumCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/FixRedundantStaticOnEnumCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/HardenStringParseToPrimitivesCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/HardenStringParseToPrimitivesCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/HardenStringParseToPrimitivesCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/HardenStringParseToPrimitivesCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveCommentedCodeCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveCommentedCodeCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveCommentedCodeCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveCommentedCodeCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveRedundantVariableCreationCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveRedundantVariableCreationCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveRedundantVariableCreationCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveRedundantVariableCreationCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedImportCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedImportCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedImportCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedImportCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedImportCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedImportCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedImportCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedImportCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedLocalVariableCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedLocalVariableCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedLocalVariableCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedLocalVariableCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveUselessParenthesesCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveUselessParenthesesCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/RemoveUselessParenthesesCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/RemoveUselessParenthesesCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/SonarRemoveUnthrowableExceptionCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/SonarRemoveUnthrowableExceptionCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/SonarRemoveUnthrowableExceptionCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/SonarRemoveUnthrowableExceptionCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/SonarRemoveUnthrowableExceptionCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/SonarRemoveUnthrowableExceptionCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/SonarRemoveUnthrowableExceptionCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/SonarRemoveUnthrowableExceptionCodemod/report.json diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/SubstituteReplaceAllCodemod/description.md b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemod/description.md similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/SubstituteReplaceAllCodemod/description.md rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemod/description.md diff --git a/core-codemods/src/main/resources/io/codemodder/codemods/SubstituteReplaceAllCodemod/report.json b/core-codemods/src/main/resources/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemod/report.json similarity index 100% rename from core-codemods/src/main/resources/io/codemodder/codemods/SubstituteReplaceAllCodemod/report.json rename to core-codemods/src/main/resources/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemod/report.json diff --git a/core-codemods/src/test/java/io/codemodder/codemods/integration/baseimage/Dockerfile b/core-codemods/src/test/java/io/codemodder/codemods/integration/baseimage/Dockerfile index 8a30701dc..5f965d543 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/integration/baseimage/Dockerfile +++ b/core-codemods/src/test/java/io/codemodder/codemods/integration/baseimage/Dockerfile @@ -20,7 +20,7 @@ RUN ln -s /usr/bin/python3 /usr/bin/python && \ java -version && \ python --version && \ gradle --version && \ - python3 -m pip install semgrep==1.15.0 + python3 -m pip install semgrep==1.84.1 # Generate tool executable WORKDIR /codemodder-java diff --git a/core-codemods/src/test/java/io/codemodder/codemods/semgrep/SemgrepMissingSecureFlagCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/semgrep/SemgrepMissingSecureFlagCodemodTest.java index 6548a3b8f..216190355 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/semgrep/SemgrepMissingSecureFlagCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/semgrep/SemgrepMissingSecureFlagCodemodTest.java @@ -8,5 +8,6 @@ testResourceDir = "semgrep-missing-secure-flag", expectingFixesAtLines = {131}, renameTestFile = "src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java", + doRetransformTest = false, dependencies = {}) final class SemgrepMissingSecureFlagCodemodTest implements CodemodTestMixin {} diff --git a/core-codemods/src/test/java/io/codemodder/codemods/AddMissingOverrideCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/AddMissingOverrideCodemodTest.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/AddMissingOverrideCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/AddMissingOverrideCodemodTest.java index 1c4a7e772..484bf6ba7 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/AddMissingOverrideCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/AddMissingOverrideCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemodTest.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemodTest.java index f8c077bab..ab566ca52 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/AvoidImplicitPublicConstructorCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/AvoidImplicitPublicConstructorCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/ConstantNameStringGeneratorTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/ConstantNameStringGeneratorTest.java similarity index 99% rename from core-codemods/src/test/java/io/codemodder/codemods/ConstantNameStringGeneratorTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/ConstantNameStringGeneratorTest.java index 4e1b3cfba..f5a1344a0 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/ConstantNameStringGeneratorTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/ConstantNameStringGeneratorTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import static org.assertj.core.api.Assertions.assertThat; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemodTest.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemodTest.java index 23534a8cd..37e8126be 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/DeclareVariableOnSeparateLineCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DeclareVariableOnSeparateLineCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest.java index 7d56edcc4..d01f85f2d 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest2.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest2.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest2.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest2.java index 10f8360ee..119f1c8e6 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest2.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest2.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest3.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest3.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest3.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest3.java index 11d96be7c..250d250fe 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest3.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest3.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest4.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest4.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest4.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest4.java index 1eeb12e1c..dd2c89629 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest4.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest4.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest5.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest5.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest5.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest5.java index d46c5ab42..8518d73cb 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/DefineConstantForLiteralCodemodTest5.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/DefineConstantForLiteralCodemodTest5.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/FixRedundantStaticOnEnumCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemodTest.java similarity index 90% rename from core-codemods/src/test/java/io/codemodder/codemods/FixRedundantStaticOnEnumCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemodTest.java index ed994c906..173fb9272 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/FixRedundantStaticOnEnumCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/FixRedundantStaticOnEnumCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/HardenStringParseToPrimitivesCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemodTest.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/HardenStringParseToPrimitivesCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemodTest.java index 98bdd507c..10187c5a6 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/HardenStringParseToPrimitivesCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/HardenStringParseToPrimitivesCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemodTest.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemodTest.java index e400859bb..404b93b49 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/OverridesMatchParentSynchronizationCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/OverridesMatchParentSynchronizationCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/RemoveCommentedCodeCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemodTest.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/RemoveCommentedCodeCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemodTest.java index a783a5371..7f5b835fa 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/RemoveCommentedCodeCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveCommentedCodeCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/RemoveRedundantVariableCreationCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemodTest.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/RemoveRedundantVariableCreationCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemodTest.java index 2915b0cd7..4ca6f213a 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/RemoveRedundantVariableCreationCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveRedundantVariableCreationCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedImportCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedImportCodemodTest.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedImportCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedImportCodemodTest.java index fc78eec75..179d461b0 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedImportCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedImportCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedLocalVariableCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemodTest.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedLocalVariableCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemodTest.java index 11130f9de..b9d5074c5 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedLocalVariableCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedLocalVariableCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemodTest.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemodTest.java index b6add1230..ec7e3daa8 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/RemoveUnusedPrivateMethodCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUnusedPrivateMethodCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/RemoveUselessParenthesesCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemodTest.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/RemoveUselessParenthesesCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemodTest.java index 80513eedc..4f0aad545 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/RemoveUselessParenthesesCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/RemoveUselessParenthesesCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemodTest.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemodTest.java index ed06d917b..454c7537d 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/ReplaceStreamCollectorsToListCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/ReplaceStreamCollectorsToListCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemodTest.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemodTest.java index 2cd8c2b11..80e9d1c36 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SimplifyRestControllerAnnotationsCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SimplifyRestControllerAnnotationsCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarCookieMissingSecureFlagCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarCookieMissingSecureFlagCodemodTest.java new file mode 100644 index 000000000..9408f1fff --- /dev/null +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarCookieMissingSecureFlagCodemodTest.java @@ -0,0 +1,19 @@ +package io.codemodder.codemods.sonar; + +import io.codemodder.testutils.CodemodTestMixin; +import io.codemodder.testutils.Metadata; +import org.junit.jupiter.api.Nested; + +final class SonarCookieMissingSecureFlagCodemodTest { + + @Nested + @Metadata( + codemodType = SonarCookieMissingSecureFlagCodemod.class, + testResourceDir = "sonar-missing-secure-flag-2092", + renameTestFile = + "src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java", + expectingFixesAtLines = {76}, + doRetransformTest = false, + dependencies = {}) + final class SpoofCookieAssignmentTest implements CodemodTestMixin {} +} diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SonarJNDIInjectionCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarJNDIInjectionCodemodTest.java similarity index 97% rename from core-codemods/src/test/java/io/codemodder/codemods/SonarJNDIInjectionCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarJNDIInjectionCodemodTest.java index c63022268..8ebaf6b7f 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SonarJNDIInjectionCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarJNDIInjectionCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.DependencyGAV; import io.codemodder.testutils.CodemodTestMixin; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SonarObjectDeserializationCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarObjectDeserializationCodemodTest.java similarity index 93% rename from core-codemods/src/test/java/io/codemodder/codemods/SonarObjectDeserializationCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarObjectDeserializationCodemodTest.java index 970c1d338..add9d8b26 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SonarObjectDeserializationCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarObjectDeserializationCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.DependencyGAV; import io.codemodder.testutils.CodemodTestMixin; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SonarRemoveUnthrowableCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarRemoveUnthrowableCodemodTest.java similarity index 92% rename from core-codemods/src/test/java/io/codemodder/codemods/SonarRemoveUnthrowableCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarRemoveUnthrowableCodemodTest.java index 926d417c4..70f431931 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SonarRemoveUnthrowableCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarRemoveUnthrowableCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SonarSQLInjectionCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarSQLInjectionCodemodTest.java similarity index 97% rename from core-codemods/src/test/java/io/codemodder/codemods/SonarSQLInjectionCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarSQLInjectionCodemodTest.java index 1891f8c90..9706bb02d 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SonarSQLInjectionCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarSQLInjectionCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SonarSSRFCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarSSRFCodemodTest.java similarity index 94% rename from core-codemods/src/test/java/io/codemodder/codemods/SonarSSRFCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarSSRFCodemodTest.java index a990e42c9..ccbc9e270 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SonarSSRFCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarSSRFCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.DependencyGAV; import io.codemodder.testutils.CodemodTestMixin; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SonarUnsafeReflectionRemediationCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarUnsafeReflectionRemediationCodemodTest.java similarity index 95% rename from core-codemods/src/test/java/io/codemodder/codemods/SonarUnsafeReflectionRemediationCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarUnsafeReflectionRemediationCodemodTest.java index 9cd1520b7..1773d4c5a 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SonarUnsafeReflectionRemediationCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarUnsafeReflectionRemediationCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.DependencyGAV; import io.codemodder.testutils.CodemodTestMixin; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarWeakHashingAlgorithmCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarWeakHashingAlgorithmCodemodTest.java new file mode 100644 index 000000000..deb428b05 --- /dev/null +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarWeakHashingAlgorithmCodemodTest.java @@ -0,0 +1,19 @@ +package io.codemodder.codemods.sonar; + +import io.codemodder.testutils.CodemodTestMixin; +import io.codemodder.testutils.Metadata; +import org.junit.jupiter.api.Nested; + +final class SonarWeakHashingAlgorithmCodemodTest { + + @Nested + @Metadata( + codemodType = SonarWeakHashingAlgorithmCodemod.class, + testResourceDir = "sonar-weak-hash-4790", + renameTestFile = + "src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java", + expectingFixesAtLines = {55}, + doRetransformTest = false, + dependencies = {}) + final class HashingAssignmentTest implements CodemodTestMixin {} +} diff --git a/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarWeakRandomCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarWeakRandomCodemodTest.java new file mode 100644 index 000000000..38dfab3b3 --- /dev/null +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarWeakRandomCodemodTest.java @@ -0,0 +1,18 @@ +package io.codemodder.codemods.sonar; + +import io.codemodder.testutils.CodemodTestMixin; +import io.codemodder.testutils.Metadata; +import org.junit.jupiter.api.Nested; + +final class SonarWeakRandomCodemodTest { + + @Nested + @Metadata( + codemodType = SonarWeakRandomCodemod.class, + testResourceDir = "sonar-weak-prng-2245", + renameTestFile = "src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java", + expectingFixesAtLines = {59}, + doRetransformTest = false, + dependencies = {}) + final class CSRFGetFlagTest implements CodemodTestMixin {} +} diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SonarXXECodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarXXECodemodTest.java similarity index 90% rename from core-codemods/src/test/java/io/codemodder/codemods/SonarXXECodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarXXECodemodTest.java index 7d01f25ec..dffee81ba 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SonarXXECodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SonarXXECodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/java/io/codemodder/codemods/SubstituteReplaceAllCodemodTest.java b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemodTest.java similarity index 91% rename from core-codemods/src/test/java/io/codemodder/codemods/SubstituteReplaceAllCodemodTest.java rename to core-codemods/src/test/java/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemodTest.java index 89098a28f..066c16e2f 100644 --- a/core-codemods/src/test/java/io/codemodder/codemods/SubstituteReplaceAllCodemodTest.java +++ b/core-codemods/src/test/java/io/codemodder/codemods/sonar/SubstituteReplaceAllCodemodTest.java @@ -1,4 +1,4 @@ -package io.codemodder.codemods; +package io.codemodder.codemods.sonar; import io.codemodder.testutils.CodemodTestMixin; import io.codemodder.testutils.Metadata; diff --git a/core-codemods/src/test/resources/remove-redundant-static-s2786/sonar-issues.json b/core-codemods/src/test/resources/remove-redundant-static-s2786/sonar-issues.json index cdb402711..d33f16b4c 100644 --- a/core-codemods/src/test/resources/remove-redundant-static-s2786/sonar-issues.json +++ b/core-codemods/src/test/resources/remove-redundant-static-s2786/sonar-issues.json @@ -44,7 +44,7 @@ "effort": "2min", "debt": "2min", "assignee": "nahsra@github", - "author": "arshan.dabirsiaghi@gmail.com", + "author": "foo@gmail.com", "tags": [ "redundant" ], diff --git a/core-codemods/src/test/resources/replace-collectors-toList-s6204/sonar-issues.json b/core-codemods/src/test/resources/replace-collectors-toList-s6204/sonar-issues.json index 1918de1f4..a229fce38 100644 --- a/core-codemods/src/test/resources/replace-collectors-toList-s6204/sonar-issues.json +++ b/core-codemods/src/test/resources/replace-collectors-toList-s6204/sonar-issues.json @@ -29,8 +29,8 @@ "message": "Replace this usage of 'Stream.collect(Collectors.toList())' with 'Stream.toList()'", "effort": "5min", "debt": "5min", - "assignee": "nahsra@github", - "author": "arshan.dabirsiaghi@gmail.com", + "assignee": "foo@github", + "author": "foo@gmail.com", "tags": [ "java16" ], diff --git a/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/SpoofCookieAssignment.java.after b/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/SpoofCookieAssignment.java.after new file mode 100644 index 000000000..029a28cdd --- /dev/null +++ b/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/SpoofCookieAssignment.java.after @@ -0,0 +1,126 @@ +/* + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2021 Bruce Mayhew + * + * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + * + * Getting Source ============== + * + * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. + */ + +package org.owasp.webgoat.lessons.spoofcookie; + +import java.util.Map; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.spoofcookie.encoders.EncDec; +import org.springframework.web.bind.UnsatisfiedServletRequestParameterException; +import org.springframework.web.bind.annotation.CookieValue; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +/*** + * + * @author Angel Olle Blazquez + * + */ + +@RestController +public class SpoofCookieAssignment extends AssignmentEndpoint { + + private static final String COOKIE_NAME = "spoof_auth"; + private static final String COOKIE_INFO = + "Cookie details for user %s:
" + COOKIE_NAME + "=%s"; + private static final String ATTACK_USERNAME = "tom"; + + private static final Map users = + Map.of("webgoat", "webgoat", "admin", "admin", ATTACK_USERNAME, "apasswordfortom"); + + @PostMapping(path = "/SpoofCookie/login") + @ResponseBody + @ExceptionHandler(UnsatisfiedServletRequestParameterException.class) + public AttackResult login( + @RequestParam String username, + @RequestParam String password, + @CookieValue(value = COOKIE_NAME, required = false) String cookieValue, + HttpServletResponse response) { + + if (StringUtils.isEmpty(cookieValue)) { + return credentialsLoginFlow(username, password, response); + } else { + return cookieLoginFlow(cookieValue); + } + } + + @GetMapping(path = "/SpoofCookie/cleanup") + public void cleanup(HttpServletResponse response) { + Cookie cookie = new Cookie(COOKIE_NAME, ""); + cookie.setSecure(true); + cookie.setMaxAge(0); + response.addCookie(cookie); + } + + private AttackResult credentialsLoginFlow( + String username, String password, HttpServletResponse response) { + String lowerCasedUsername = username.toLowerCase(); + if (ATTACK_USERNAME.equals(lowerCasedUsername) + && users.get(lowerCasedUsername).equals(password)) { + return informationMessage(this).feedback("spoofcookie.cheating").build(); + } + + String authPassword = users.getOrDefault(lowerCasedUsername, ""); + if (!authPassword.isBlank() && authPassword.equals(password)) { + String newCookieValue = EncDec.encode(lowerCasedUsername); + Cookie newCookie = new Cookie(COOKIE_NAME, newCookieValue); + newCookie.setPath("/WebGoat"); + newCookie.setSecure(true); + response.addCookie(newCookie); + return informationMessage(this) + .feedback("spoofcookie.login") + .output(String.format(COOKIE_INFO, lowerCasedUsername, newCookie.getValue())) + .build(); + } + + return informationMessage(this).feedback("spoofcookie.wrong-login").build(); + } + + private AttackResult cookieLoginFlow(String cookieValue) { + String cookieUsername; + try { + cookieUsername = EncDec.decode(cookieValue).toLowerCase(); + } catch (Exception e) { + // for providing some instructive guidance, we won't return 4xx error here + return failed(this).output(e.getMessage()).build(); + } + if (users.containsKey(cookieUsername)) { + if (cookieUsername.equals(ATTACK_USERNAME)) { + return success(this).build(); + } + return failed(this) + .feedback("spoofcookie.cookie-login") + .output(String.format(COOKIE_INFO, cookieUsername, cookieValue)) + .build(); + } + + return failed(this).feedback("spoofcookie.wrong-cookie").build(); + } +} diff --git a/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/SpoofCookieAssignment.java.before b/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/SpoofCookieAssignment.java.before new file mode 100644 index 000000000..2efc739f6 --- /dev/null +++ b/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/SpoofCookieAssignment.java.before @@ -0,0 +1,125 @@ +/* + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2021 Bruce Mayhew + * + * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + * + * Getting Source ============== + * + * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. + */ + +package org.owasp.webgoat.lessons.spoofcookie; + +import java.util.Map; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.spoofcookie.encoders.EncDec; +import org.springframework.web.bind.UnsatisfiedServletRequestParameterException; +import org.springframework.web.bind.annotation.CookieValue; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +/*** + * + * @author Angel Olle Blazquez + * + */ + +@RestController +public class SpoofCookieAssignment extends AssignmentEndpoint { + + private static final String COOKIE_NAME = "spoof_auth"; + private static final String COOKIE_INFO = + "Cookie details for user %s:
" + COOKIE_NAME + "=%s"; + private static final String ATTACK_USERNAME = "tom"; + + private static final Map users = + Map.of("webgoat", "webgoat", "admin", "admin", ATTACK_USERNAME, "apasswordfortom"); + + @PostMapping(path = "/SpoofCookie/login") + @ResponseBody + @ExceptionHandler(UnsatisfiedServletRequestParameterException.class) + public AttackResult login( + @RequestParam String username, + @RequestParam String password, + @CookieValue(value = COOKIE_NAME, required = false) String cookieValue, + HttpServletResponse response) { + + if (StringUtils.isEmpty(cookieValue)) { + return credentialsLoginFlow(username, password, response); + } else { + return cookieLoginFlow(cookieValue); + } + } + + @GetMapping(path = "/SpoofCookie/cleanup") + public void cleanup(HttpServletResponse response) { + Cookie cookie = new Cookie(COOKIE_NAME, ""); + cookie.setMaxAge(0); + response.addCookie(cookie); + } + + private AttackResult credentialsLoginFlow( + String username, String password, HttpServletResponse response) { + String lowerCasedUsername = username.toLowerCase(); + if (ATTACK_USERNAME.equals(lowerCasedUsername) + && users.get(lowerCasedUsername).equals(password)) { + return informationMessage(this).feedback("spoofcookie.cheating").build(); + } + + String authPassword = users.getOrDefault(lowerCasedUsername, ""); + if (!authPassword.isBlank() && authPassword.equals(password)) { + String newCookieValue = EncDec.encode(lowerCasedUsername); + Cookie newCookie = new Cookie(COOKIE_NAME, newCookieValue); + newCookie.setPath("/WebGoat"); + newCookie.setSecure(true); + response.addCookie(newCookie); + return informationMessage(this) + .feedback("spoofcookie.login") + .output(String.format(COOKIE_INFO, lowerCasedUsername, newCookie.getValue())) + .build(); + } + + return informationMessage(this).feedback("spoofcookie.wrong-login").build(); + } + + private AttackResult cookieLoginFlow(String cookieValue) { + String cookieUsername; + try { + cookieUsername = EncDec.decode(cookieValue).toLowerCase(); + } catch (Exception e) { + // for providing some instructive guidance, we won't return 4xx error here + return failed(this).output(e.getMessage()).build(); + } + if (users.containsKey(cookieUsername)) { + if (cookieUsername.equals(ATTACK_USERNAME)) { + return success(this).build(); + } + return failed(this) + .feedback("spoofcookie.cookie-login") + .output(String.format(COOKIE_INFO, cookieUsername, cookieValue)) + .build(); + } + + return failed(this).feedback("spoofcookie.wrong-cookie").build(); + } +} diff --git a/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/sonar-hotspots.json b/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/sonar-hotspots.json new file mode 100644 index 000000000..e77c16264 --- /dev/null +++ b/core-codemods/src/test/resources/sonar-missing-secure-flag-2092/sonar-hotspots.json @@ -0,0 +1,48 @@ +{ + "paging": { + "pageIndex": 1, + "pageSize": 100, + "total": 1 + }, + "hotspots": [ + { + "key": "AZPB23bawGhA7VQ2Ui-U", + "component": "nahsra_WebGoatSonarDemo:src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java", + "project": "nahsra_WebGoatSonarDemo", + "securityCategory": "insecure-conf", + "vulnerabilityProbability": "LOW", + "status": "TO_REVIEW", + "line": 76, + "message": "Make sure creating this cookie without the \"secure\" flag is safe here.", + "assignee": "AYu2RswFLuhbfWU895e4", + "author": "foo@gmail.com", + "creationDate": "2024-12-13T22:06:37+0100", + "updateDate": "2024-12-13T22:09:25+0100", + "textRange": { + "startLine": 76, + "endLine": 76, + "startOffset": 24, + "endOffset": 30 + }, + "flows": [], + "ruleKey": "java:S2092" + } + ], + "components": [ + { + "organization": "nahsra", + "key": "nahsra_WebGoatSonarDemo:src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java", + "qualifier": "FIL", + "name": "SpoofCookieAssignment.java", + "longName": "src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java", + "path": "src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java" + }, + { + "organization": "nahsra", + "key": "nahsra_WebGoatSonarDemo", + "qualifier": "TRK", + "name": "WebGoatSonarDemo", + "longName": "WebGoatSonarDemo" + } + ] +} diff --git a/core-codemods/src/test/resources/sonar-sql-injection-s2077/supported/sonar-hotspots.json b/core-codemods/src/test/resources/sonar-sql-injection-s2077/supported/sonar-hotspots.json index 309c0e5da..3670379f5 100644 --- a/core-codemods/src/test/resources/sonar-sql-injection-s2077/supported/sonar-hotspots.json +++ b/core-codemods/src/test/resources/sonar-sql-injection-s2077/supported/sonar-hotspots.json @@ -15,7 +15,7 @@ "line": 69, "message": "Make sure using a dynamically formatted SQL query is safe here.", "assignee": "AYu2RswFLuhbfWU895e4", - "author": "arshan.dabirsiaghi@gmail.com", + "author": "foo@gmail.com", "creationDate": "2023-12-06T18:40:23+0100", "updateDate": "2023-12-06T18:48:19+0100", "textRange": { diff --git a/core-codemods/src/test/resources/sonar-sql-injection-s2077/unsupported/sonar-hotspots.json b/core-codemods/src/test/resources/sonar-sql-injection-s2077/unsupported/sonar-hotspots.json index 84acaee60..b3a58dbf5 100644 --- a/core-codemods/src/test/resources/sonar-sql-injection-s2077/unsupported/sonar-hotspots.json +++ b/core-codemods/src/test/resources/sonar-sql-injection-s2077/unsupported/sonar-hotspots.json @@ -14,7 +14,7 @@ "status": "TO_REVIEW", "line": 52, "message": "Make sure using a dynamically formatted SQL query is safe here.", - "author": "arshan.dabirsiaghi@gmail.com", + "author": "foo@gmail.com", "creationDate": "2023-12-06T18:40:23+0100", "updateDate": "2024-04-25T23:46:59+0200", "textRange": { diff --git a/core-codemods/src/test/resources/sonar-weak-hash-4790/HashingAssignment.java.after b/core-codemods/src/test/resources/sonar-weak-hash-4790/HashingAssignment.java.after new file mode 100644 index 000000000..33cda182d --- /dev/null +++ b/core-codemods/src/test/resources/sonar-weak-hash-4790/HashingAssignment.java.after @@ -0,0 +1,105 @@ +/* + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2019 Bruce Mayhew + * + * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + * + * Getting Source ============== + * + * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. + */ + +package org.owasp.webgoat.lessons.cryptography; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Random; +import javax.servlet.http.HttpServletRequest; +import javax.xml.bind.DatatypeConverter; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.springframework.http.MediaType; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@AssignmentHints({"crypto-hashing.hints.1", "crypto-hashing.hints.2"}) +public class HashingAssignment extends AssignmentEndpoint { + + public static final String[] SECRETS = {"secret", "admin", "password", "123456", "passw0rd"}; + + @RequestMapping(path = "/crypto/hashing/md5", produces = MediaType.TEXT_HTML_VALUE) + @ResponseBody + public String getMd5(HttpServletRequest request) throws NoSuchAlgorithmException { + + String md5Hash = (String) request.getSession().getAttribute("md5Hash"); + if (md5Hash == null) { + + String secret = SECRETS[new Random().nextInt(SECRETS.length)]; + + MessageDigest md = MessageDigest.getInstance("SHA-256"); + md.update(secret.getBytes()); + byte[] digest = md.digest(); + md5Hash = DatatypeConverter.printHexBinary(digest).toUpperCase(); + request.getSession().setAttribute("md5Hash", md5Hash); + request.getSession().setAttribute("md5Secret", secret); + } + return md5Hash; + } + + @RequestMapping(path = "/crypto/hashing/sha256", produces = MediaType.TEXT_HTML_VALUE) + @ResponseBody + public String getSha256(HttpServletRequest request) throws NoSuchAlgorithmException { + + String sha256 = (String) request.getSession().getAttribute("sha256"); + if (sha256 == null) { + String secret = SECRETS[new Random().nextInt(SECRETS.length)]; + sha256 = getHash(secret, "SHA-256"); + request.getSession().setAttribute("sha256Hash", sha256); + request.getSession().setAttribute("sha256Secret", secret); + } + return sha256; + } + + @PostMapping("/crypto/hashing") + @ResponseBody + public AttackResult completed( + HttpServletRequest request, + @RequestParam String answer_pwd1, + @RequestParam String answer_pwd2) { + + String md5Secret = (String) request.getSession().getAttribute("md5Secret"); + String sha256Secret = (String) request.getSession().getAttribute("sha256Secret"); + + if (answer_pwd1 != null && answer_pwd2 != null) { + if (answer_pwd1.equals(md5Secret) && answer_pwd2.equals(sha256Secret)) { + return success(this).feedback("crypto-hashing.success").build(); + } else if (answer_pwd1.equals(md5Secret) || answer_pwd2.equals(sha256Secret)) { + return failed(this).feedback("crypto-hashing.oneok").build(); + } + } + return failed(this).feedback("crypto-hashing.empty").build(); + } + + public static String getHash(String secret, String algorithm) throws NoSuchAlgorithmException { + MessageDigest md = MessageDigest.getInstance(algorithm); + md.update(secret.getBytes()); + byte[] digest = md.digest(); + return DatatypeConverter.printHexBinary(digest).toUpperCase(); + } +} diff --git a/core-codemods/src/test/resources/sonar-weak-hash-4790/HashingAssignment.java.before b/core-codemods/src/test/resources/sonar-weak-hash-4790/HashingAssignment.java.before new file mode 100644 index 000000000..b83f931a8 --- /dev/null +++ b/core-codemods/src/test/resources/sonar-weak-hash-4790/HashingAssignment.java.before @@ -0,0 +1,105 @@ +/* + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2019 Bruce Mayhew + * + * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + * + * Getting Source ============== + * + * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. + */ + +package org.owasp.webgoat.lessons.cryptography; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Random; +import javax.servlet.http.HttpServletRequest; +import javax.xml.bind.DatatypeConverter; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.springframework.http.MediaType; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@AssignmentHints({"crypto-hashing.hints.1", "crypto-hashing.hints.2"}) +public class HashingAssignment extends AssignmentEndpoint { + + public static final String[] SECRETS = {"secret", "admin", "password", "123456", "passw0rd"}; + + @RequestMapping(path = "/crypto/hashing/md5", produces = MediaType.TEXT_HTML_VALUE) + @ResponseBody + public String getMd5(HttpServletRequest request) throws NoSuchAlgorithmException { + + String md5Hash = (String) request.getSession().getAttribute("md5Hash"); + if (md5Hash == null) { + + String secret = SECRETS[new Random().nextInt(SECRETS.length)]; + + MessageDigest md = MessageDigest.getInstance("MD5"); + md.update(secret.getBytes()); + byte[] digest = md.digest(); + md5Hash = DatatypeConverter.printHexBinary(digest).toUpperCase(); + request.getSession().setAttribute("md5Hash", md5Hash); + request.getSession().setAttribute("md5Secret", secret); + } + return md5Hash; + } + + @RequestMapping(path = "/crypto/hashing/sha256", produces = MediaType.TEXT_HTML_VALUE) + @ResponseBody + public String getSha256(HttpServletRequest request) throws NoSuchAlgorithmException { + + String sha256 = (String) request.getSession().getAttribute("sha256"); + if (sha256 == null) { + String secret = SECRETS[new Random().nextInt(SECRETS.length)]; + sha256 = getHash(secret, "SHA-256"); + request.getSession().setAttribute("sha256Hash", sha256); + request.getSession().setAttribute("sha256Secret", secret); + } + return sha256; + } + + @PostMapping("/crypto/hashing") + @ResponseBody + public AttackResult completed( + HttpServletRequest request, + @RequestParam String answer_pwd1, + @RequestParam String answer_pwd2) { + + String md5Secret = (String) request.getSession().getAttribute("md5Secret"); + String sha256Secret = (String) request.getSession().getAttribute("sha256Secret"); + + if (answer_pwd1 != null && answer_pwd2 != null) { + if (answer_pwd1.equals(md5Secret) && answer_pwd2.equals(sha256Secret)) { + return success(this).feedback("crypto-hashing.success").build(); + } else if (answer_pwd1.equals(md5Secret) || answer_pwd2.equals(sha256Secret)) { + return failed(this).feedback("crypto-hashing.oneok").build(); + } + } + return failed(this).feedback("crypto-hashing.empty").build(); + } + + public static String getHash(String secret, String algorithm) throws NoSuchAlgorithmException { + MessageDigest md = MessageDigest.getInstance(algorithm); + md.update(secret.getBytes()); + byte[] digest = md.digest(); + return DatatypeConverter.printHexBinary(digest).toUpperCase(); + } +} diff --git a/core-codemods/src/test/resources/sonar-weak-hash-4790/sonar-hotspots.json b/core-codemods/src/test/resources/sonar-weak-hash-4790/sonar-hotspots.json new file mode 100644 index 000000000..f07660310 --- /dev/null +++ b/core-codemods/src/test/resources/sonar-weak-hash-4790/sonar-hotspots.json @@ -0,0 +1,48 @@ +{ + "paging": { + "pageIndex": 1, + "pageSize": 100, + "total": 1 + }, + "hotspots": [ + { + "key": "AZPB23cAwGhA7VQ2Ui-j", + "component": "nahsra_WebGoatSonarDemo:src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java", + "project": "nahsra_WebGoatSonarDemo", + "securityCategory": "others", + "vulnerabilityProbability": "LOW", + "status": "TO_REVIEW", + "line": 55, + "message": "Make sure this weak hash algorithm is not used in a sensitive context here.", + "assignee": "AYu2RswFLuhbfWU895e4", + "author": "foo@gmail.com", + "creationDate": "2024-12-13T22:06:37+0100", + "updateDate": "2024-12-13T22:09:25+0100", + "textRange": { + "startLine": 55, + "endLine": 55, + "startOffset": 39, + "endOffset": 50 + }, + "flows": [], + "ruleKey": "java:S4790" + } + ], + "components": [ + { + "organization": "nahsra", + "key": "nahsra_WebGoatSonarDemo:src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java", + "qualifier": "FIL", + "name": "HashingAssignment.java", + "longName": "src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java", + "path": "src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java" + }, + { + "organization": "nahsra", + "key": "nahsra_WebGoatSonarDemo", + "qualifier": "TRK", + "name": "WebGoatSonarDemo", + "longName": "WebGoatSonarDemo" + } + ] +} diff --git a/core-codemods/src/test/resources/sonar-weak-prng-2245/CSRFGetFlag.java.after b/core-codemods/src/test/resources/sonar-weak-prng-2245/CSRFGetFlag.java.after new file mode 100644 index 000000000..1ff14540f --- /dev/null +++ b/core-codemods/src/test/resources/sonar-weak-prng-2245/CSRFGetFlag.java.after @@ -0,0 +1,86 @@ +/* + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2019 Bruce Mayhew + * + * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + * + * Getting Source ============== + * + * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. + */ + +package org.owasp.webgoat.lessons.csrf; + +import java.security.SecureRandom; +import java.util.HashMap; +import java.util.Map; +import java.util.Random; +import javax.servlet.http.HttpServletRequest; +import org.owasp.webgoat.container.i18n.PluginMessages; +import org.owasp.webgoat.container.session.UserSessionData; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +/** Created by jason on 9/30/17. */ +@RestController +public class CSRFGetFlag { + + @Autowired UserSessionData userSessionData; + @Autowired private PluginMessages pluginMessages; + + @RequestMapping( + path = "/csrf/basic-get-flag", + produces = {"application/json"}, + method = RequestMethod.POST) + @ResponseBody + public Map invoke(HttpServletRequest req) { + + Map response = new HashMap<>(); + + String host = (req.getHeader("host") == null) ? "NULL" : req.getHeader("host"); + String referer = (req.getHeader("referer") == null) ? "NULL" : req.getHeader("referer"); + String[] refererArr = referer.split("/"); + + if (referer.equals("NULL")) { + if ("true".equals(req.getParameter("csrf"))) { + Random random = new SecureRandom(); + userSessionData.setValue("csrf-get-success", random.nextInt(65536)); + response.put("success", true); + response.put("message", pluginMessages.getMessage("csrf-get-null-referer.success")); + response.put("flag", userSessionData.getValue("csrf-get-success")); + } else { + Random random = new Random(); + userSessionData.setValue("csrf-get-success", random.nextInt(65536)); + response.put("success", true); + response.put("message", pluginMessages.getMessage("csrf-get-other-referer.success")); + response.put("flag", userSessionData.getValue("csrf-get-success")); + } + } else if (refererArr[2].equals(host)) { + response.put("success", false); + response.put("message", "Appears the request came from the original host"); + response.put("flag", null); + } else { + Random random = new Random(); + userSessionData.setValue("csrf-get-success", random.nextInt(65536)); + response.put("success", true); + response.put("message", pluginMessages.getMessage("csrf-get-other-referer.success")); + response.put("flag", userSessionData.getValue("csrf-get-success")); + } + + return response; + } +} diff --git a/core-codemods/src/test/resources/sonar-weak-prng-2245/CSRFGetFlag.java.before b/core-codemods/src/test/resources/sonar-weak-prng-2245/CSRFGetFlag.java.before new file mode 100644 index 000000000..e2cbc90c7 --- /dev/null +++ b/core-codemods/src/test/resources/sonar-weak-prng-2245/CSRFGetFlag.java.before @@ -0,0 +1,85 @@ +/* + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2019 Bruce Mayhew + * + * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + * + * Getting Source ============== + * + * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. + */ + +package org.owasp.webgoat.lessons.csrf; + +import java.util.HashMap; +import java.util.Map; +import java.util.Random; +import javax.servlet.http.HttpServletRequest; +import org.owasp.webgoat.container.i18n.PluginMessages; +import org.owasp.webgoat.container.session.UserSessionData; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +/** Created by jason on 9/30/17. */ +@RestController +public class CSRFGetFlag { + + @Autowired UserSessionData userSessionData; + @Autowired private PluginMessages pluginMessages; + + @RequestMapping( + path = "/csrf/basic-get-flag", + produces = {"application/json"}, + method = RequestMethod.POST) + @ResponseBody + public Map invoke(HttpServletRequest req) { + + Map response = new HashMap<>(); + + String host = (req.getHeader("host") == null) ? "NULL" : req.getHeader("host"); + String referer = (req.getHeader("referer") == null) ? "NULL" : req.getHeader("referer"); + String[] refererArr = referer.split("/"); + + if (referer.equals("NULL")) { + if ("true".equals(req.getParameter("csrf"))) { + Random random = new Random(); + userSessionData.setValue("csrf-get-success", random.nextInt(65536)); + response.put("success", true); + response.put("message", pluginMessages.getMessage("csrf-get-null-referer.success")); + response.put("flag", userSessionData.getValue("csrf-get-success")); + } else { + Random random = new Random(); + userSessionData.setValue("csrf-get-success", random.nextInt(65536)); + response.put("success", true); + response.put("message", pluginMessages.getMessage("csrf-get-other-referer.success")); + response.put("flag", userSessionData.getValue("csrf-get-success")); + } + } else if (refererArr[2].equals(host)) { + response.put("success", false); + response.put("message", "Appears the request came from the original host"); + response.put("flag", null); + } else { + Random random = new Random(); + userSessionData.setValue("csrf-get-success", random.nextInt(65536)); + response.put("success", true); + response.put("message", pluginMessages.getMessage("csrf-get-other-referer.success")); + response.put("flag", userSessionData.getValue("csrf-get-success")); + } + + return response; + } +} diff --git a/core-codemods/src/test/resources/sonar-weak-prng-2245/sonar-hotspots.json b/core-codemods/src/test/resources/sonar-weak-prng-2245/sonar-hotspots.json new file mode 100644 index 000000000..dc76bd7a8 --- /dev/null +++ b/core-codemods/src/test/resources/sonar-weak-prng-2245/sonar-hotspots.json @@ -0,0 +1,48 @@ +{ + "paging": { + "pageIndex": 1, + "pageSize": 100, + "total": 1 + }, + "hotspots": [ + { + "key": "AZPB23jjwGhA7VQ2UjF_", + "component": "nahsra_WebGoatSonarDemo:src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java", + "project": "nahsra_WebGoatSonarDemo", + "securityCategory": "weak-cryptography", + "vulnerabilityProbability": "MEDIUM", + "status": "TO_REVIEW", + "line": 59, + "message": "Make sure that using this pseudorandom number generator is safe here.", + "assignee": "AYu2RswFLuhbfWU895e4", + "author": "foo@foo.com", + "creationDate": "2024-12-13T22:06:37+0100", + "updateDate": "2024-12-13T22:09:25+0100", + "textRange": { + "startLine": 59, + "endLine": 59, + "startOffset": 28, + "endOffset": 34 + }, + "flows": [], + "ruleKey": "java:S2245" + } + ], + "components": [ + { + "organization": "nahsra", + "key": "nahsra_WebGoatSonarDemo:src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java", + "qualifier": "FIL", + "name": "CSRFGetFlag.java", + "longName": "src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java", + "path": "src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java" + }, + { + "organization": "nahsra", + "key": "nahsra_WebGoatSonarDemo", + "qualifier": "TRK", + "name": "WebGoatSonarDemo", + "longName": "WebGoatSonarDemo" + } + ] +} diff --git a/core-codemods/src/test/resources/sonar-xxe-s2755/sonar-issues.json b/core-codemods/src/test/resources/sonar-xxe-s2755/sonar-issues.json index 2138ef5fc..f9b08d710 100644 --- a/core-codemods/src/test/resources/sonar-xxe-s2755/sonar-issues.json +++ b/core-codemods/src/test/resources/sonar-xxe-s2755/sonar-issues.json @@ -30,7 +30,7 @@ "effort": "15min", "debt": "15min", "assignee": "nahsra@github", - "author": "arshan.dabirsiaghi@gmail.com", + "author": "foo@foo.com", "tags": [ "cwe", "symbolic-execution" @@ -68,7 +68,7 @@ "effort": "15min", "debt": "15min", "assignee": "nahsra@github", - "author": "arshan.dabirsiaghi@gmail.com", + "author": "foo@gmail.com", "tags": [ "cwe", "symbolic-execution" @@ -106,7 +106,7 @@ "effort": "15min", "debt": "15min", "assignee": "nahsra@github", - "author": "arshan.dabirsiaghi@gmail.com", + "author": "foo@gmail.com", "tags": [ "cwe", "symbolic-execution" @@ -144,7 +144,7 @@ "effort": "15min", "debt": "15min", "assignee": "nahsra@github", - "author": "arshan.dabirsiaghi@gmail.com", + "author": "foo@gmail.com", "tags": [ "cwe", "symbolic-execution" diff --git a/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/MissingSecureFlagFixStrategy.java b/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/FixAtJakartaAddCookieCallStrategy.java similarity index 93% rename from framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/MissingSecureFlagFixStrategy.java rename to framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/FixAtJakartaAddCookieCallStrategy.java index cd319c152..29bb5854f 100644 --- a/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/MissingSecureFlagFixStrategy.java +++ b/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/FixAtJakartaAddCookieCallStrategy.java @@ -13,8 +13,8 @@ import io.codemodder.remediation.SuccessOrReason; import java.util.Optional; -/** Default strategy to add missing secure flags in cookies. */ -public final class MissingSecureFlagFixStrategy implements RemediationStrategy { +/** Adds flags based on being found at the "addCookie" in Jakarta API. */ +final class FixAtJakartaAddCookieCallStrategy implements RemediationStrategy { @Override public SuccessOrReason fix(final CompilationUnit cu, final Node node) { diff --git a/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/FixAtJakartaCookieCreationStrategy.java b/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/FixAtJakartaCookieCreationStrategy.java new file mode 100644 index 000000000..cd08b2d3f --- /dev/null +++ b/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/FixAtJakartaCookieCreationStrategy.java @@ -0,0 +1,63 @@ +package io.codemodder.remediation.missingsecureflag; + +import com.github.javaparser.ast.CompilationUnit; +import com.github.javaparser.ast.Node; +import com.github.javaparser.ast.NodeList; +import com.github.javaparser.ast.body.VariableDeclarator; +import com.github.javaparser.ast.expr.BooleanLiteralExpr; +import com.github.javaparser.ast.expr.MethodCallExpr; +import com.github.javaparser.ast.expr.ObjectCreationExpr; +import com.github.javaparser.ast.nodeTypes.NodeWithSimpleName; +import com.github.javaparser.ast.stmt.ExpressionStmt; +import com.github.javaparser.ast.stmt.Statement; +import io.codemodder.ast.ASTTransforms; +import io.codemodder.ast.ASTs; +import io.codemodder.remediation.RemediationStrategy; +import io.codemodder.remediation.SuccessOrReason; +import java.util.Optional; + +/** Adds flags based on being found at the "Cookie" instantiation in Jakarta API. */ +final class FixAtJakartaCookieCreationStrategy implements RemediationStrategy { + + @Override + public SuccessOrReason fix(final CompilationUnit cu, final Node node) { + var cookieCreationExpression = + Optional.of(node).map(n -> n instanceof ObjectCreationExpr ? (ObjectCreationExpr) n : null); + + if (cookieCreationExpression.isPresent()) { + // make sure this is part of a simple assignment statement, e.g., "Cookie cookie = new + // Cookie(...)" + var maybeStmt = + ASTs.findParentStatementFrom(cookieCreationExpression.get()) + .filter(Statement::isExpressionStmt); + + if (maybeStmt.isEmpty()) { + return SuccessOrReason.reason("Could not find expression statement containing call"); + } + + // get the variable declaration info so we can use it + var maybeCookieName = + cookieCreationExpression + .get() + .getParentNode() + .map(vd -> vd instanceof VariableDeclarator ? (VariableDeclarator) vd : null) + .map(NodeWithSimpleName::getNameAsExpression); + + if (maybeCookieName.isEmpty()) { + return SuccessOrReason.reason("Could not find variable declaration expression"); + } + + final var newStatement = + new ExpressionStmt( + new MethodCallExpr( + maybeCookieName.get(), + "setSecure", + new NodeList<>(new BooleanLiteralExpr(true)))); + + ASTTransforms.addStatementAfterStatement(maybeStmt.get(), newStatement); + + return SuccessOrReason.success(); + } + return SuccessOrReason.reason("Not a method call with scope."); + } +} diff --git a/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/MissingSecureFlagRemediator.java b/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/MissingSecureFlagRemediator.java index 5ba9998dc..a46a1462c 100644 --- a/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/MissingSecureFlagRemediator.java +++ b/framework/codemodder-base/src/main/java/io/codemodder/remediation/missingsecureflag/MissingSecureFlagRemediator.java @@ -2,6 +2,7 @@ import com.github.javaparser.ast.CompilationUnit; import com.github.javaparser.ast.expr.MethodCallExpr; +import com.github.javaparser.ast.expr.ObjectCreationExpr; import io.codemodder.CodemodFileScanningResult; import io.codemodder.codetf.DetectorRule; import io.codemodder.remediation.*; @@ -9,6 +10,7 @@ import java.util.Optional; import java.util.function.Function; +/** Remediator for missing secure flag in cookies. */ public final class MissingSecureFlagRemediator implements Remediator { private final SearcherStrategyRemediator searchStrategyRemediator; @@ -26,7 +28,22 @@ public MissingSecureFlagRemediator() { .filter(mce -> mce.getArguments().size() == 1) .isPresent()) .build(), - new MissingSecureFlagFixStrategy()) + new FixAtJakartaAddCookieCallStrategy()) + .withSearcherStrategyPair( + new FixCandidateSearcher.Builder() + .withMatcher( + node -> + Optional.of(node) + .map( + n -> + n instanceof ObjectCreationExpr + ? (ObjectCreationExpr) n + : null) + .filter(oce -> "Cookie".equals(oce.getTypeAsString())) + .filter(oce -> oce.getArguments().size() == 2) + .isPresent()) + .build(), + new FixAtJakartaCookieCreationStrategy()) .build(); }