Improved use of SonarQube

* Since issues are paginated by the server, paginated retrieval add
* Set flags in analysis to skip some analysis steps we don't care about here
* Since issues aren't available from the server immediate after client-side analysis is "done" (analysis report must be integrated) added the same kind of wait loop used internally in automated situations

Author: ganntest

runSonarQube.sh

@@ -1,2 +1,7 @@
-mvn compile sonar:sonar -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=classes/out.csv
+mvn compile sonar:sonar -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=classes/out.csv -Dsonar.scm.disabled=true -Dsonar.skipDesign=true -Dsonar.cpd.exclusions=**/*.java -Dsonar.importSources=false -Dsonar.exclusions=**/*.xml
+done=false
+while [ "$done" != "true" ]
+do
+  done=$(curl -sb -H "Accept: application/json" http://localhost:9000/api/analysis_reports/is_queue_empty)
+done
 mvn validate -Ptime -Dexec.args="sonar"

src/main/java/org/owasp/benchmark/score/WriteTime.java

@@ -15,6 +15,7 @@
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
+import org.json.JSONArray;
 import org.json.JSONObject;
 import org.json.XML;
 import org.owasp.benchmark.helpers.PropertiesManager;
@@ -227,9 +228,27 @@ public void resultsFileName(String tool, String benchmarkVersion,
 	}
 
 	public void writeSonarResults() {
+
+		int page = 1;
+		int total = 1;
+		JSONArray issues = new JSONArray();
+		JSONObject json = null;
+
 		try {
-			JSONObject json = new JSONObject(
-					getSonarResults("http://localhost:9000"));
+
+			while (issues.length() < total) {
+				json = new JSONObject(getSonarResults("http://localhost:9000", page));
+				total = (int) json.get("total");
+
+				JSONArray issueSubset = json.getJSONArray("issues");
+				for (int i = 0; i < issueSubset.length(); i++) {
+					issues.put(issueSubset.get(i));
+				}
+				page++;
+			}
+
+			json.put("issues", issues);
+
 			String xml = XML.toString(json);
 			java.io.FileWriter fw = new java.io.FileWriter(SONAR_FILE);
 			fw.write(xml);
@@ -240,10 +259,10 @@ public void writeSonarResults() {
 		}
 	}
 
-	public static String getSonarResults(String sonarURL) {
+	public static String getSonarResults(String sonarURL, int page) {
 		StringBuffer response = new StringBuffer();
 		try {
-			String url = sonarURL + "/api/issues/search?resolved=false";
+			String url = sonarURL + "/api/issues/search?resolved=false&ps=500&p=" + page;
 			URL obj = new URL(url);
 			HttpURLConnection con = (HttpURLConnection) obj.openConnection();
 			con.setRequestMethod("GET");

src/main/java/org/owasp/benchmark/score/parsers/SonarReader.java

@@ -40,7 +40,7 @@ public TestResults parse(File f) throws Exception {
         String fixed = "<sonar>" + new String(bytes, "UTF-8") + "</sonar>";
         InputSource is = new InputSource(new ByteArrayInputStream( fixed.getBytes() ) );
         Document doc = docBuilder.parse(is);
- 
+
         TestResults tr = new TestResults( "SonarQube" ,false,TestResults.ToolType.SAST);
 
         NodeList rootList = doc.getDocumentElement().getChildNodes();
@@ -55,32 +55,32 @@ public TestResults parse(File f) throws Exception {
         }
         return tr;
     }
-    
+
     private TestCaseResult parseSonarIssue(Node flaw) {
         TestCaseResult tcr = new TestCaseResult();
         String rule = getNamedChild("rule", flaw).getTextContent();
         tcr.setCWE( cweLookup( rule.substring( "squid:".length() ) ) );
-        
+
         String cat = getNamedChild("message", flaw).getTextContent();
         tcr.setCategory( cat );
- 
+
         tcr.setConfidence( 5 );
 
         tcr.setEvidence( cat );
 
         String testfile = getNamedChild("component", flaw).getTextContent().trim();
         testfile = testfile.substring( testfile.lastIndexOf('/') +1 );
-        if ( testfile.startsWith( "Benchmark" ) ) {
+        if ( testfile.matches( "BenchmarkTest\\d+.java" ) ) {
             String testno = testfile.substring( "BenchmarkTest".length(), testfile.length() -5 );
             tcr.setNumber( Integer.parseInt( testno ) );
-            return tcr;       
+            return tcr;
         }
         return null;
     }
 
 
-    private int cweLookup(String squidNumber) {        
-        switch( squidNumber ) {       
+    private int cweLookup(String squidNumber) {
+        switch( squidNumber ) {
         case "S00105" : return 0000; //S00105-Replace all tab characters in this file by sequences of white-spaces.
         case "S106" : return 0000; //S00106-Replace this usage of System.out or System.err by a logger.
         case "S00112" : return 397; //S00112-Generic exceptions should never be thrown
@@ -130,7 +130,6 @@ private int cweLookup(String squidNumber) {
         // System.out.println( "Failed to translate " + squidNumber );
         return -1;
     }
-    
+
 }
-    
-    
+