SONARPY-2057: Markdown content should not leak in the generated file (#1922)

Author: joke1196

sonar-python-plugin/src/main/java/org/sonar/plugins/python/IpynbNotebookParser.java

@@ -24,7 +24,6 @@
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonToken;
 import java.io.IOException;
-import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Optional;
@@ -50,13 +49,8 @@ private IpynbNotebookParser(PythonInputFile inputFile) {
   }
 
   private final PythonInputFile inputFile;
-  private final StringBuilder aggregatedSource = new StringBuilder();
 
-  // Keys are the aggregated source line number
-  private final Map<Integer, IPythonLocation> locationMap = new HashMap<>();
-  private int aggregatedSourceLine = 0;
   private int lastPythonLine = 0;
-  private boolean isFirstCell = true;
 
   public Optional<GeneratedIPythonFile> parse() throws IOException {
     // If the language is not present, we assume it is a Python notebook
@@ -71,12 +65,9 @@ public Optional<String> parseLanguage() throws IOException {
     try (JsonParser jParser = factory.createParser(content)) {
       while (!jParser.isClosed()) {
         JsonToken jsonToken = jParser.nextToken();
-        if (JsonToken.FIELD_NAME.equals(jsonToken)) {
-          String fieldName = jParser.currentName();
-          if ("language".equals(fieldName)) {
-            jParser.nextToken();
-            return Optional.ofNullable(jParser.getValueAsString());
-          }
+        if (JsonToken.FIELD_NAME.equals(jsonToken) && "language".equals(jParser.currentName())) {
+          jParser.nextToken();
+          return Optional.ofNullable(jParser.getValueAsString());
         }
       }
     }
@@ -87,118 +78,128 @@ public GeneratedIPythonFile parseNotebook() throws IOException {
     String content = inputFile.wrappedFile().contents();
     JsonFactory factory = new JsonFactory();
     try (JsonParser jParser = factory.createParser(content)) {
-      while (!jParser.isClosed()) {
-        JsonToken jsonToken = jParser.nextToken();
-        if (JsonToken.FIELD_NAME.equals(jsonToken)) {
-          String fieldName = jParser.currentName();
-          if ("cell_type".equals(fieldName)) {
-            jParser.nextToken();
-            if ("code".equals(jParser.getValueAsString())) {
-              processCodeCell(jParser);
-            }
-          }
-        }
-      }
-      // Account for EOF token
-      addDefaultLocation(lastPythonLine, jParser.currentTokenLocation());
+      return parseCells(jParser).map(notebookData -> {
+        // Account for EOF token
+        JsonLocation location = jParser.currentTokenLocation();
+        notebookData.addDefaultLocation(lastPythonLine, location.getLineNr(), location.getColumnNr());
+        return new GeneratedIPythonFile(inputFile.wrappedFile(), notebookData.getAggregatedSource().toString(), notebookData.getLocationMap());
+      }).orElse(new GeneratedIPythonFile(inputFile.wrappedFile(), "", new LinkedHashMap<>()));
     }
 
-    return new GeneratedIPythonFile(inputFile.wrappedFile(), aggregatedSource.toString(), locationMap);
   }
 
-  private void processCodeCell(JsonParser jParser) throws IOException {
+  private Optional<NotebookParsingData> parseCells(JsonParser parser) throws IOException {
+    while (!parser.isClosed()) {
+      parser.nextToken();
+      String fieldName = parser.currentName();
+      if ("cells".equals(fieldName)) {
+        // consume array start token
+        parser.nextToken();
+        NotebookParsingData data = parseCellArray(parser);
+        parser.close();
+        return Optional.of(data);
+      }
+    }
+    return Optional.empty();
+  }
 
-    while (!jParser.isClosed()) {
-      JsonToken jsonToken = jParser.nextToken();
-      if (JsonToken.FIELD_NAME.equals(jsonToken) && "source".equals(jParser.currentName())) {
-        jsonToken = jParser.nextToken();
-        if (parseSourceArray(jParser, jsonToken) || parseSourceMultilineString(jParser, jsonToken)) {
-          break;
-        } else {
-          throw new IllegalStateException("Unexpected token: " + jsonToken);
-        }
+  private NotebookParsingData parseCellArray(JsonParser jParser) throws IOException {
+    NotebookParsingData aggregatedNotebookData = NotebookParsingData.empty();
+
+    while (jParser.nextToken() != JsonToken.END_ARRAY) {
+      if (jParser.currentToken() == JsonToken.START_OBJECT) {
+        processCodeCell(aggregatedNotebookData.getAggregatedSourceLine(), jParser).ifPresent(aggregatedNotebookData::combine);
       }
     }
+    aggregatedNotebookData.removeTrailingExtraLine();
+    return aggregatedNotebookData;
   }
 
-  private void appendNewLineAfterPreviousCellDelimiter() {
-    if (!isFirstCell) {
-      aggregatedSource.append("\n");
-    } else {
-      isFirstCell = false;
+  private static void skipNestedObjects(JsonParser parser) throws IOException {
+    if (parser.currentToken() == JsonToken.START_OBJECT || parser.currentToken() == JsonToken.START_ARRAY) {
+      parser.skipChildren();
     }
   }
 
-  private boolean parseSourceArray(JsonParser jParser, JsonToken jsonToken) throws IOException {
-    if (jsonToken != JsonToken.START_ARRAY) {
-      return false;
+  private Optional<NotebookParsingData> processCodeCell(int startLine, JsonParser jParser) throws IOException {
+    boolean isCodeCell = false;
+    Optional<NotebookParsingData> notebookData = Optional.empty();
+    while (jParser.nextToken() != JsonToken.END_OBJECT) {
+
+      skipNestedObjects(jParser);
+
+      if (JsonToken.FIELD_NAME.equals(jParser.currentToken()) && "cell_type".equals(jParser.currentName())) {
+        jParser.nextToken();
+        String cellType = jParser.getValueAsString();
+        if ("code".equals(cellType)) {
+          isCodeCell = true;
+        }
+      }
+      if (JsonToken.FIELD_NAME.equals(jParser.currentToken()) && "source".equals(jParser.currentName())) {
+        jParser.nextToken();
+        switch (jParser.currentToken()) {
+          case START_ARRAY:
+            notebookData = Optional.of(parseSourceArray(startLine, jParser));
+            break;
+          case VALUE_STRING:
+            notebookData = Optional.of(parseSourceMultilineString(startLine, jParser));
+            break;
+          default:
+            throw new IllegalStateException("Unexpected token: " + jParser.currentToken());
+        }
+      }
+    }
+    if (isCodeCell && notebookData.isPresent()) {
+      lastPythonLine = notebookData.get().getAggregatedSourceLine();
+      return notebookData;
     }
-    appendNewLineAfterPreviousCellDelimiter();
+    return Optional.empty();
+  }
+
+
+  private static NotebookParsingData parseSourceArray(int startLine, JsonParser jParser) throws IOException {
+    NotebookParsingData cellData = NotebookParsingData.fromLine(startLine);
     JsonLocation tokenLocation = jParser.currentTokenLocation();
     // In case of an empty cell, we don't add an extra line
     var lastSourceLine = "\n";
     while (jParser.nextToken() != JsonToken.END_ARRAY) {
       String sourceLine = jParser.getValueAsString();
       tokenLocation = jParser.currentTokenLocation();
-      var countEscapedChar = countEscapeCharacters(sourceLine, new LinkedHashMap<>(), tokenLocation.getColumnNr());
-      addLineToSource(sourceLine, tokenLocation, countEscapedChar);
+      var countEscapedChar = countEscapeCharacters(sourceLine, tokenLocation.getColumnNr());
+      cellData.addLineToSource(sourceLine, tokenLocation.getLineNr(), tokenLocation.getColumnNr(), countEscapedChar);
       lastSourceLine = sourceLine;
     }
     if (!lastSourceLine.endsWith("\n")) {
-      aggregatedSource.append("\n");
+      cellData.appendToSource("\n");
     }
     // Account for the last cell delimiter
-    addDelimiterToSource(tokenLocation);
-    lastPythonLine = aggregatedSourceLine;
-    return true;
+    cellData.addDelimiterToSource(SONAR_PYTHON_NOTEBOOK_CELL_DELIMITER + "\n", tokenLocation.getLineNr(), tokenLocation.getColumnNr());
+    return cellData;
   }
 
-  private boolean parseSourceMultilineString(JsonParser jParser, JsonToken jsonToken) throws IOException {
-    if (jsonToken != JsonToken.VALUE_STRING) {
-      return false;
-    }
-    appendNewLineAfterPreviousCellDelimiter();
+  private static NotebookParsingData parseSourceMultilineString(int startLine, JsonParser jParser) throws IOException {
+    NotebookParsingData cellData = NotebookParsingData.fromLine(startLine);
     String sourceLine = jParser.getValueAsString();
     JsonLocation tokenLocation = jParser.currentTokenLocation();
     var previousLen = 0;
     var previousExtraChars = 0;
 
     for (String line : sourceLine.lines().toList()) {
-      var countEscapedChar = countEscapeCharacters(line, new LinkedHashMap<>(), previousLen + previousExtraChars + tokenLocation.getColumnNr());
+      var countEscapedChar = countEscapeCharacters(line, previousLen + previousExtraChars + tokenLocation.getColumnNr());
       var currentCount = countEscapedChar.get(-1);
-      addLineToSource(line, new IPythonLocation(tokenLocation.getLineNr(),
+      cellData.addLineToSource(line, new IPythonLocation(tokenLocation.getLineNr(),
         tokenLocation.getColumnNr() + previousLen + previousExtraChars, countEscapedChar));
-      aggregatedSource.append("\n");
+      cellData.appendToSource("\n");
       previousLen = previousLen + line.length() + 2;
       previousExtraChars = previousExtraChars + currentCount;
     }
     // Account for the last cell delimiter
-    addDelimiterToSource(tokenLocation);
-    lastPythonLine = aggregatedSourceLine;
-    return true;
-  }
-
-  private void addLineToSource(String sourceLine, JsonLocation tokenLocation, Map<Integer, Integer> colOffset) {
-    addLineToSource(sourceLine, new IPythonLocation(tokenLocation.getLineNr(), tokenLocation.getColumnNr(), colOffset));
-  }
-
-  private void addLineToSource(String sourceLine, IPythonLocation location) {
-    aggregatedSource.append(sourceLine);
-    aggregatedSourceLine++;
-    locationMap.put(aggregatedSourceLine, location);
-  }
-
-  private void addDelimiterToSource(JsonLocation tokenLocation) {
-    aggregatedSource.append(SONAR_PYTHON_NOTEBOOK_CELL_DELIMITER);
-    aggregatedSourceLine++;
-    addDefaultLocation(aggregatedSourceLine, tokenLocation);
-  }
-
-  private void addDefaultLocation(int line, JsonLocation tokenLocation) {
-    locationMap.putIfAbsent(line, new IPythonLocation(tokenLocation.getLineNr(), tokenLocation.getColumnNr(), Map.of(-1, 0)));
+    cellData.addDelimiterToSource(SONAR_PYTHON_NOTEBOOK_CELL_DELIMITER + "\n", tokenLocation.getLineNr(), tokenLocation.getColumnNr());
+    return cellData;
   }
 
-  private static Map<Integer, Integer> countEscapeCharacters(String sourceLine, Map<Integer, Integer> colMap, int colOffSet) {
+  private static Map<Integer, Integer> countEscapeCharacters(String sourceLine, int colOffSet) {
+    Map<Integer, Integer> colMap = new LinkedHashMap<>();
     int count = 0;
     var numberOfExtraChars = 0;
     var arr = sourceLine.toCharArray();
@@ -221,5 +222,4 @@ private static Map<Integer, Integer> countEscapeCharacters(String sourceLine, Ma
     colMap.put(-1, numberOfExtraChars);
     return colMap;
   }
-
 }

sonar-python-plugin/src/main/java/org/sonar/plugins/python/NotebookParsingData.java

@@ -0,0 +1,119 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.plugins.python;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Objects;
+import org.sonar.python.IPythonLocation;
+
+public class NotebookParsingData {
+
+  private StringBuilder aggregatedSource;
+
+  private Map<Integer, IPythonLocation> locationMap;
+
+  private Integer aggregatedSourceLine;
+
+  public NotebookParsingData(StringBuilder aggregatedSource, Map<Integer, IPythonLocation> locationMap, Integer aggregatedSourceLine) {
+    this.aggregatedSource = aggregatedSource;
+    // Keys are the aggregated source line number
+    this.locationMap = locationMap;
+    this.aggregatedSourceLine = aggregatedSourceLine;
+  }
+
+  public static NotebookParsingData fromLine(int line) {
+    return new NotebookParsingData(new StringBuilder(), new LinkedHashMap<>(), line);
+  }
+
+  public static NotebookParsingData empty() {
+    return new NotebookParsingData(new StringBuilder(), new LinkedHashMap<>(), 0);
+  }
+
+  public StringBuilder getAggregatedSource() {
+    return aggregatedSource;
+  }
+
+  public Map<Integer, IPythonLocation> getLocationMap() {
+    return locationMap;
+  }
+
+  public Integer getAggregatedSourceLine() {
+    return aggregatedSourceLine;
+  }
+
+  public void combine(NotebookParsingData other) {
+    aggregatedSource.append(other.aggregatedSource);
+    aggregatedSourceLine = other.aggregatedSourceLine;
+    locationMap.putAll(other.locationMap);
+  }
+
+  public void appendToSource(String str) {
+    aggregatedSource.append(str);
+  }
+
+  public void addLineToSource(String sourceLine, int lineNr, int columnNr, Map<Integer, Integer> colOffset) {
+    addLineToSource(sourceLine, new IPythonLocation(lineNr, columnNr, colOffset));
+  }
+
+  private void appendLine(String line) {
+    aggregatedSource.append(line);
+    aggregatedSourceLine++;
+  }
+
+  public void addLineToSource(String sourceLine, IPythonLocation location) {
+    appendLine(sourceLine);
+    locationMap.put(aggregatedSourceLine, location);
+  }
+
+  public void addDelimiterToSource(String delimiter, int lineNr, int columnNr) {
+    appendLine(delimiter);
+    addDefaultLocation(aggregatedSourceLine, lineNr, columnNr);
+  }
+
+  public void addDefaultLocation(int line, int lineNr, int columnNr) {
+    locationMap.putIfAbsent(line, new IPythonLocation(lineNr, columnNr, Map.of(-1, 0)));
+  }
+
+  public void removeTrailingExtraLine() {
+    if (!aggregatedSource.isEmpty() && aggregatedSource.charAt(aggregatedSource.length() - 1) == '\n') {
+      aggregatedSource.deleteCharAt(aggregatedSource.length() - 1);
+    }
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    NotebookParsingData that = (NotebookParsingData) o;
+    return aggregatedSource.toString().contentEquals(that.aggregatedSource) &&
+      Objects.equals(locationMap, that.locationMap) &&
+      Objects.equals(aggregatedSourceLine, that.aggregatedSourceLine);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(aggregatedSource, locationMap, aggregatedSourceLine);
+  }
+}