Fix vulnerabilty (#42)

don't use printStackTrace() when catching exception

Author: elegoff

community-rust-plugin/src/main/java/org/elegoff/plugins/communityrust/RustTokensVisitor.java

@@ -3,17 +3,17 @@
  * Copyright (C) 2021 Eric Le Goff
  * mailto:community-rust AT pm DOT me
  * http://github.com/elegoff/sonar-rust
- * <p>
+ *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
  * version 3 of the License, or (at your option) any later version.
- * <p>
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Lesser General Public License for more details.
- * <p>
+ *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

community-rust-plugin/src/main/java/org/elegoff/plugins/communityrust/xunit/StaxParser.java

@@ -20,69 +20,52 @@
  */
 package org.elegoff.plugins.communityrust.xunit;
 
-import org.apache.commons.lang.StringUtils;
 import org.codehaus.staxmate.SMInputFactory;
 import org.codehaus.staxmate.in.SMHierarchicCursor;
 
 import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLResolver;
 import javax.xml.stream.XMLStreamException;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-public class StaxParser {
 
-  private SMInputFactory inf;
+public class StaxParser {
 
-  private XmlStreamHandler streamHandler;
+    private SMInputFactory inf;
 
-  public StaxParser(XmlStreamHandler streamHandler) {
-    this.streamHandler = streamHandler;
-    XMLInputFactory xmlFactory = XMLInputFactory.newInstance();
+    private XmlStreamHandler streamHandler;
 
-    inf = new SMInputFactory(xmlFactory);
-  }
+    public StaxParser(XmlStreamHandler streamHandler) {
+        this.streamHandler = streamHandler;
+        XMLInputFactory xmlFactory = XMLInputFactory.newInstance();
 
-  public void parse(File xmlFile) throws XMLStreamException {
-    try (FileInputStream input = new FileInputStream(xmlFile)) {
-      parse(input);
-    } catch (IOException e) {
-      throw new XMLStreamException(e);
+        inf = new SMInputFactory(xmlFactory);
     }
-  }
 
-  public void parse(InputStream xmlInput) throws XMLStreamException {
-    SMHierarchicCursor rootCursor = inf.rootElementCursor(xmlInput);
-    try {
-      streamHandler.stream(rootCursor);
-    } finally {
-      rootCursor.getStreamReader().closeCompletely();
+    public void parse(File xmlFile) throws XMLStreamException {
+        try (FileInputStream input = new FileInputStream(xmlFile)) {
+            parse(input);
+        } catch (IOException e) {
+            throw new XMLStreamException(e);
+        }
     }
-  }
 
-  private static class UndeclaredEntitiesXMLResolver implements XMLResolver {
-
-    @Override
-    public Object resolveEntity(String arg0, String arg1, String fileName, String undeclaredEntity) throws XMLStreamException {
-      String undeclared = undeclaredEntity;
-      // avoid problems with XML docs containing undeclared entities.. return the entity under its raw form if not a Unicode expression
-      if (StringUtils.startsWithIgnoreCase(undeclaredEntity, "u") && undeclaredEntity.length() == 5) {
-        int unicodeCharHexValue = Integer.parseInt(undeclaredEntity.substring(1), 16);
-        if (Character.isDefined(unicodeCharHexValue)) {
-          undeclared = new String(new char[] {(char) unicodeCharHexValue});
+    public void parse(InputStream xmlInput) throws XMLStreamException {
+        SMHierarchicCursor rootCursor = inf.rootElementCursor(xmlInput);
+        try {
+            streamHandler.stream(rootCursor);
+        } finally {
+            rootCursor.getStreamReader().closeCompletely();
         }
-      }
-      return undeclared;
     }
-  }
 
-  /**
-   * Simple interface for handling XML stream to parse.
-   */
-  @FunctionalInterface
-  public interface XmlStreamHandler {
-    void stream(SMHierarchicCursor rootCursor) throws XMLStreamException;
-  }
+    /**
+     * Simple interface for handling XML stream to parse.
+     */
+    @FunctionalInterface
+    public interface XmlStreamHandler {
+        void stream(SMHierarchicCursor rootCursor) throws XMLStreamException;
+    }
 
 }

community-rust-plugin/src/main/java/org/elegoff/plugins/communityrust/xunit/TestCase.java

@@ -37,15 +37,11 @@ public class TestCase {
 
     /**
      * Constructs a testcase instance out of following parameters
-     * @param name  The name of this testcase
      * @param status The execution status of the testcase
-     * @param stackTrace The stack trace occurred while executing of this testcase; pass "" if the testcase passed/skipped.
-     * @param errorMessage The error message associated with this testcase of the execution was erroneous; pass "" if not.
      * @param time The execution time in milliseconds
      * @param file The optional file to which this test case applies.
-     * @param testClassname The classname of the test.
      */
-    public TestCase(String name, TestCaseStatus status, String stackTrace, String errorMessage, int time, @Nullable String file, @Nullable  String testClassname) {
+    public TestCase(String name, TestCaseStatus status, String stackTrace, String errorMessage, int time, @Nullable String file, @Nullable String testClassname) {
         this.name = name;
         this.status = status;
         this.stackTrace = stackTrace;
@@ -54,16 +50,18 @@ public TestCase(String name, TestCaseStatus status, String stackTrace, String er
         this.file = file;
         this.testClassname = testClassname;
     }
+
     /**
      * Returns true if this testcase is an error, false otherwise
      */
-    public boolean isError(){
+    public boolean isError() {
         return TestCaseStatus.ERROR.equals(status);
     }
+
     /**
      * Returns true if this testcase is a failure, false otherwise
      */
-    public boolean isFailure(){
+    public boolean isFailure() {
         return TestCaseStatus.FAILURE.equals(status);
     }
 
@@ -82,6 +80,22 @@ public String getFile() {
         return file;
     }
 
+    public String getName() {
+        return name;
+    }
+
+    public TestCaseStatus getStatus() {
+        return status;
+    }
+
+    public String getStackTrace() {
+        return stackTrace;
+    }
+
+    public String getErrorMessage() {
+        return errorMessage;
+    }
+
     public String getTestClassname() {
         return testClassname;
     }

community-rust-plugin/src/main/java/org/elegoff/plugins/communityrust/xunit/XUnitSensor.java

@@ -50,7 +50,6 @@ public void describe(SensorDescriptor descriptor) {
                 .name("XUnit Sensor for Rust")
                 .onlyOnLanguage(RustLanguage.KEY)
                 .onlyOnFileType(InputFile.Type.MAIN);
-        ;
     }
 
     @Override
@@ -64,7 +63,6 @@ public void execute(SensorContext context) {
             processReports(context, reports);
         } catch (Exception e) {
             LOG.warn("Cannot read report '{}', the following exception occurred: {}", reportPath, e.getMessage());
-            e.printStackTrace();
         }
     }
 

community-rust-plugin/src/test/java/org/elegoff/plugins/communityrust/xunit/XUnitSensorTest.java

@@ -46,9 +46,6 @@ public class XUnitSensorTest {
     @Rule
     public LogTester logTester = new LogTester();
 
-    @Rule
-    public TemporaryFolder tmpDir = new TemporaryFolder();
-
     @Before
     public void init() {