SONARPY-234: Rule 1291: Track uses of 'NOSONAR' comments (#1089)

* Rule 1291: Track uses of 'NOSONAR' comments

* Rule 1291: Track uses of 'NOSONAR' comments

* Rule 1291: Fix coverage

* Add integration test for Rule 1291 and reduce redundancy in ITS

* Update python-checks/src/main/java/org/sonar/python/checks/NoSonarCommentCheck.java

Co-authored-by: pynicolas <[email protected]>

* Remove S1291 rule

* Update warning message

Co-authored-by: Nils Werner <[email protected]>

* Add message to test file

Co-authored-by: pynicolas <[email protected]>
Co-authored-by: Nils Werner <[email protected]>

Author: 3 people

its/plugin/it-python-plugin-test/profiles/nosonar.xml

@@ -7,5 +7,10 @@
       <key>PrintStatementUsage</key>
       <priority>INFO</priority>
     </rule>
+    <rule>
+      <repositoryKey>python</repositoryKey>
+      <key>NoSonar</key>
+      <priority>INFO</priority>
+    </rule>
   </rules>
 </profile>

its/plugin/it-python-plugin-test/src/test/java/com/sonar/python/it/plugin/BanditReportTest.java

@@ -27,10 +27,8 @@
 import org.junit.Test;
 import org.sonarqube.ws.Common;
 import org.sonarqube.ws.Issues;
-import org.sonarqube.ws.client.issues.SearchRequest;
 
-import static com.sonar.python.it.plugin.Tests.newWsClient;
-import static java.util.Collections.singletonList;
+import static com.sonar.python.it.plugin.Tests.issues;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class BanditReportTest {
@@ -48,7 +46,7 @@ public void import_report() {
       SonarScanner.create()
         .setProjectDir(new File("projects/bandit_project")));
 
-    List<Issues.Issue> issues = issues();
+    List<Issues.Issue> issues = issues(PROJECT);
     assertThat(issues).hasSize(1);
     Issues.Issue issue = issues.get(0);
     assertThat(issue.getComponent()).isEqualTo("bandit_project:src/file1.py");
@@ -59,8 +57,4 @@ public void import_report() {
     assertThat(issue.getEffort()).isEqualTo("5min");
   }
 
-  private static List<Issues.Issue> issues() {
-    return newWsClient().issues().search(new SearchRequest().setProjects(singletonList(PROJECT))).getIssuesList();
-  }
-
 }

its/plugin/it-python-plugin-test/src/test/java/com/sonar/python/it/plugin/Flake8ReportTest.java

@@ -27,10 +27,8 @@
 import org.junit.Test;
 import org.sonarqube.ws.Common;
 import org.sonarqube.ws.Issues;
-import org.sonarqube.ws.client.issues.SearchRequest;
 
-import static com.sonar.python.it.plugin.Tests.newWsClient;
-import static java.util.Collections.singletonList;
+import static com.sonar.python.it.plugin.Tests.issues;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class Flake8ReportTest {
@@ -48,7 +46,7 @@ public void import_report() {
       SonarScanner.create()
         .setProjectDir(new File("projects/flake8_project")));
 
-    List<Issues.Issue> issues = issues();
+    List<Issues.Issue> issues = issues(PROJECT);
     assertThat(issues).hasSize(5);
     Issues.Issue issue = issues.get(0);
     assertThat(issue.getComponent()).isEqualTo("flake8_project:src/file1.py");
@@ -68,7 +66,4 @@ public void import_report() {
     assertThat(issue.getEffort()).isEqualTo("5min");
   }
 
-  private static List<Issues.Issue> issues() {
-    return newWsClient().issues().search(new SearchRequest().setProjects(singletonList(PROJECT))).getIssuesList();
-  }
 }

its/plugin/it-python-plugin-test/src/test/java/com/sonar/python/it/plugin/NoSonarTest.java

@@ -22,11 +22,13 @@
 import com.sonar.orchestrator.Orchestrator;
 import com.sonar.orchestrator.build.SonarScanner;
 import java.io.File;
+import java.util.List;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Test;
+import org.sonarqube.ws.Issues;
 
-import static com.sonar.python.it.plugin.Tests.getMeasureAsInt;
+import static com.sonar.python.it.plugin.Tests.issues;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class NoSonarTest {
@@ -52,12 +54,11 @@ public static void startServer() {
 
   @Test
   public void test_nosonar() {
-    assertThat(getProjectMeasureAsInt("violations")).isEqualTo(1);
-  }
-
-  /* Helper methods */
-
-  private Integer getProjectMeasureAsInt(String metricKey) {
-    return getMeasureAsInt(PROJECT_KEY, metricKey);
+    List<Issues.Issue> issues = issues(PROJECT_KEY);
+    assertThat(issues).hasSize(2);
+    assertThat(issues.get(0).getRule()).isEqualTo("python:PrintStatementUsage");
+    assertThat(issues.get(0).getLine()).isEqualTo(1);
+    assertThat(issues.get(1).getRule()).isEqualTo("python:NoSonar");
+    assertThat(issues.get(1).getLine()).isEqualTo(2);
   }
 }

its/plugin/it-python-plugin-test/src/test/java/com/sonar/python/it/plugin/PylintReportTest.java

@@ -23,14 +23,10 @@
 import com.sonar.orchestrator.build.BuildResult;
 import com.sonar.orchestrator.build.SonarScanner;
 import java.io.File;
-import java.util.List;
 import org.junit.ClassRule;
 import org.junit.Test;
-import org.sonarqube.ws.Issues.Issue;
-import org.sonarqube.ws.client.issues.SearchRequest;
 
-import static com.sonar.python.it.plugin.Tests.newWsClient;
-import static java.util.Collections.singletonList;
+import static com.sonar.python.it.plugin.Tests.issues;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class PylintReportTest {
@@ -84,10 +80,6 @@ public void multiple_reports() {
     assertThat(issues(projectKey)).hasSize(8);
   }
 
-  private static List<Issue> issues(String projectKey) {
-    return newWsClient().issues().search(new SearchRequest().setProjects(singletonList(projectKey))).getIssuesList();
-  }
-
   private static BuildResult analyseProjectWithReport(String projectKey, String property, String reportPaths) {
     ORCHESTRATOR.getServer().provisionProject(projectKey, projectKey);
     ORCHESTRATOR.getServer().associateProjectToQualityProfile(projectKey, "py", "no_rule");

its/plugin/it-python-plugin-test/src/test/java/com/sonar/python/it/plugin/Tests.java

@@ -31,15 +31,15 @@
 import org.junit.ClassRule;
 import org.junit.runner.RunWith;
 import org.junit.runners.Suite;
+import org.sonarqube.ws.Issues;
 import org.sonarqube.ws.Measures.ComponentWsResponse;
 import org.sonarqube.ws.Measures.Measure;
 import org.sonarqube.ws.client.HttpConnector;
 import org.sonarqube.ws.client.WsClient;
 import org.sonarqube.ws.client.WsClientFactories;
+import org.sonarqube.ws.client.issues.SearchRequest;
 import org.sonarqube.ws.client.measures.ComponentRequest;
 
-import static com.sonar.orchestrator.container.Server.ADMIN_LOGIN;
-import static com.sonar.orchestrator.container.Server.ADMIN_PASSWORD;
 import static java.lang.Double.parseDouble;
 import static java.util.Collections.singletonList;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -123,15 +123,14 @@ static WsClient newWsClient() {
     return newWsClient(null, null);
   }
 
-  static WsClient newAdminWsClient() {
-    return newWsClient(ADMIN_LOGIN, ADMIN_PASSWORD);
-  }
-
   static WsClient newWsClient(String login, String password) {
     return WsClientFactories.getDefault().newClient(HttpConnector.newBuilder()
       .url(ORCHESTRATOR.getServer().getUrl())
       .credentials(login, password)
       .build());
   }
 
+  static List<Issues.Issue> issues(String projectKey) {
+    return newWsClient().issues().search(new SearchRequest().setProjects(singletonList(projectKey))).getIssuesList();
+  }
 }

python-checks/src/main/java/org/sonar/python/checks/CheckList.java

@@ -186,6 +186,7 @@ public static Iterable<Class> getChecks() {
       NonStringInAllPropertyCheck.class,
       NoPersonReferenceInTodoCheck.class,
       NoReRaiseInExitCheck.class,
+      NoSonarCommentCheck.class,
       NotImplementedErrorInOperatorMethodsCheck.class,
       OneStatementPerLineCheck.class,
       OsExecCheck.class,

python-checks/src/main/java/org/sonar/python/checks/NoSonarCommentCheck.java

@@ -0,0 +1,49 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.tree.Token;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.tree.Trivia;
+
+import static org.sonar.python.metrics.FileLinesVisitor.containsNoSonarComment;
+
+
+@Rule(key = "NoSonar")
+
+public class NoSonarCommentCheck extends PythonSubscriptionCheck {
+
+  private static final String MESSAGE = "Is #NOSONAR used to exclude false-positive or to hide real quality flaw?";
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.TOKEN, ctx -> {
+      Token token = (Token) ctx.syntaxNode();
+      for (Trivia trivia : token.trivia()) {
+        if (containsNoSonarComment(trivia)) {
+          ctx.addIssue(trivia.token(), MESSAGE);
+        }
+      }
+    });
+  }
+}
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/NoSonar.html

@@ -0,0 +1,4 @@
+<p>Any issue to quality rule can be deactivated with the <code>NOSONAR</code> marker. This marker is pretty useful to exclude false-positive results
+but it can also be used abusively to hide real quality flaws.</p>
+<p>This rule raises an issue when <code>NOSONAR</code> is used.</p>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/NoSonar.json

@@ -0,0 +1,17 @@
+{
+  "title": "Track uses of \"NOSONAR\" comments",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "1min"
+  },
+  "tags": [
+    "bad-practice"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-1291",
+  "sqKey": "NoSonar",
+  "scope": "All",
+  "quickfix": "unknown"
+}