SONARTEXT-45 Allow specifying maximum distance under matching -> context (#161)

Author: jonas-wielage-sonarsource

sonar-text-plugin/src/main/java/org/sonar/plugins/secrets/api/AuxiliaryMatcher.java

@@ -21,21 +21,29 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.function.BiPredicate;
+
 import org.sonar.plugins.secrets.configuration.model.matching.AuxiliaryPattern;
 import org.sonar.plugins.secrets.configuration.model.matching.AuxiliaryPatternType;
 
 public class AuxiliaryMatcher implements AuxiliaryPatternMatcher {
 
   private final AuxiliaryPatternType type;
   private final PatternMatcher auxiliaryPatternMatcher;
+  private final Integer maxDistance;
 
-  AuxiliaryMatcher(AuxiliaryPatternType type, PatternMatcher auxiliaryPatternMatcher) {
+  AuxiliaryMatcher(AuxiliaryPatternType type, PatternMatcher auxiliaryPatternMatcher, int maxDistance) {
     this.type = type;
     this.auxiliaryPatternMatcher = auxiliaryPatternMatcher;
+    this.maxDistance = maxDistance;
   }
 
   public static AuxiliaryMatcher build(AuxiliaryPattern auxiliaryPattern) {
-    return new AuxiliaryMatcher(auxiliaryPattern.getType(), PatternMatcher.build(auxiliaryPattern));
+    int maxDistance = Integer.MAX_VALUE;
+    if (auxiliaryPattern.getMaxCharacterDistance() != null) {
+      maxDistance = auxiliaryPattern.getMaxCharacterDistance();
+    }
+    return new AuxiliaryMatcher(auxiliaryPattern.getType(), PatternMatcher.build(auxiliaryPattern), maxDistance);
   }
 
   public List<Match> filter(List<Match> candidateMatches, String content) {
@@ -48,53 +56,35 @@ public List<Match> filter(List<Match> candidateMatches, String content) {
     if (auxiliaryMatches.isEmpty()) {
       return new ArrayList<>();
     }
-    return filterBasedOnType(candidateMatches, auxiliaryMatches);
+    BiPredicate<Match, Match> comparisonFunction = createComparisonFunction();
+    return filterBasedOnFunction(candidateMatches, auxiliaryMatches, comparisonFunction);
   }
 
-  private List<Match> filterBasedOnType(List<Match> candidateMatches, List<Match> auxiliaryMatches) {
+  private BiPredicate<Match, Match> createComparisonFunction() {
+    BiPredicate<Match, Match> result;
     if (AuxiliaryPatternType.PATTERN_BEFORE == type) {
-      return filterForBefore(candidateMatches, auxiliaryMatches);
+      result = Match::isBefore;
     } else if (AuxiliaryPatternType.PATTERN_AFTER == type) {
-      return filterForAfter(candidateMatches, auxiliaryMatches);
+      result = Match::isAfter;
     } else {
-      return filterForAround(candidateMatches, auxiliaryMatches);
-    }
-  }
-
-  private static List<Match> filterForAfter(List<Match> candidateMatches, List<Match> auxiliaryMatches) {
-    List<Match> filteredCandidates = new ArrayList<>();
-
-    for (Match regexMatch : candidateMatches) {
-      // since we are searching for after, the last one (position wise) is enough
-      Match lastAuxMatch = auxiliaryMatches.get(auxiliaryMatches.size() - 1);
-      if (lastAuxMatch.isAfter(regexMatch)) {
-        filteredCandidates.add(regexMatch);
-      }
+      result = (auxMatch, candidateMatch) -> auxMatch.isBefore(candidateMatch) || auxMatch.isAfter(candidateMatch);
     }
-    return filteredCandidates;
-  }
-
-  private static List<Match> filterForAround(List<Match> candidateMatches, List<Match> auxiliaryMatches) {
-    List<Match> filteredCandidates = new ArrayList<>();
 
-    for (Match candidate : candidateMatches) {
-      Match lastAuxMatch = auxiliaryMatches.get(auxiliaryMatches.size() - 1);
-      Match firstAuxMatch = auxiliaryMatches.get(0);
-      if (lastAuxMatch.isAfter(candidate) || firstAuxMatch.isBefore(candidate)) {
-        filteredCandidates.add(candidate);
-      }
+    if (maxDistance != Integer.MAX_VALUE) {
+      result = result.and((auxMatch, candidateMatch) -> auxMatch.inDistanceOf(candidateMatch, maxDistance));
     }
-    return filteredCandidates;
+    return result;
   }
 
-  private static List<Match> filterForBefore(List<Match> candidateMatches, List<Match> auxiliaryMatches) {
+  private static List<Match> filterBasedOnFunction(List<Match> candidateMatches, List<Match> auxiliaryMatches, BiPredicate<Match, Match> comparisonFunction) {
     List<Match> filteredCandidates = new ArrayList<>();
 
-    for (Match candidate : candidateMatches) {
-      // since we are searching for before, first one (position wise) is enough
-      Match firstAuxMatch = auxiliaryMatches.get(0);
-      if (firstAuxMatch.isBefore(candidate)) {
-        filteredCandidates.add(candidate);
+    for (Match regexMatch : candidateMatches) {
+      for (Match auxiliaryMatch : auxiliaryMatches) {
+        if (comparisonFunction.test(auxiliaryMatch, regexMatch)) {
+          filteredCandidates.add(regexMatch);
+          break;
+        }
       }
     }
     return filteredCandidates;

sonar-text-plugin/src/main/java/org/sonar/plugins/secrets/api/Match.java

@@ -49,4 +49,17 @@ public boolean isBefore(Match match) {
   public boolean isAfter(Match match) {
     return fileStartOffset > match.getFileEndOffset();
   }
+
+  public boolean inDistanceOf(Match match, int distance) {
+    int firstEndToSecondStartDistance = fileEndOffset - match.getFileStartOffset();
+    int firstStartToSecondEndDistance = fileStartOffset - match.getFileEndOffset();
+    boolean matchesOverlap = (firstEndToSecondStartDistance >= 0) && (firstStartToSecondEndDistance <= 0);
+
+    if (matchesOverlap) {
+      return true;
+    } else {
+      return Math.min(Math.abs(firstEndToSecondStartDistance), Math.abs(firstStartToSecondEndDistance)) <= distance;
+    }
+  }
+
 }

sonar-text-plugin/src/main/java/org/sonar/plugins/secrets/configuration/deserialization/AuxiliaryPatternDeserializer.java

@@ -28,6 +28,8 @@
 import java.io.IOException;
 import java.util.Iterator;
 import java.util.Map;
+
+import com.fasterxml.jackson.databind.node.TextNode;
 import org.sonar.plugins.secrets.configuration.model.matching.AuxiliaryPattern;
 import org.sonar.plugins.secrets.configuration.model.matching.AuxiliaryPatternType;
 
@@ -43,7 +45,12 @@ public AuxiliaryPattern deserialize(JsonParser jsonParser, DeserializationContex
 
     AuxiliaryPattern auxiliaryPattern = new AuxiliaryPattern();
     auxiliaryPattern.setType(AuxiliaryPatternType.valueOfLabel(node.getKey()));
-    auxiliaryPattern.setPattern(node.getValue().asText());
+    if (node.getValue() instanceof TextNode) {
+      auxiliaryPattern.setPattern(node.getValue().asText());
+    } else {
+      auxiliaryPattern.setPattern(node.getValue().get("pattern").asText());
+      auxiliaryPattern.setMaxCharacterDistance(node.getValue().get("maxDistance").asInt());
+    }
     return auxiliaryPattern;
   }
 }

sonar-text-plugin/src/main/java/org/sonar/plugins/secrets/configuration/model/matching/AuxiliaryPattern.java

@@ -21,13 +21,18 @@
 package org.sonar.plugins.secrets.configuration.model.matching;
 
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+import javax.annotation.Nullable;
+
 import org.sonar.plugins.secrets.configuration.deserialization.AuxiliaryPatternDeserializer;
 
 @JsonDeserialize(using = AuxiliaryPatternDeserializer.class)
 public class AuxiliaryPattern implements Match {
 
   private AuxiliaryPatternType type;
   private String pattern;
+  @Nullable
+  private Integer maxCharacterDistance;
 
   public AuxiliaryPatternType getType() {
     return type;
@@ -44,4 +49,13 @@ public String getPattern() {
   public void setPattern(String pattern) {
     this.pattern = pattern;
   }
+
+  @Nullable
+  public Integer getMaxCharacterDistance() {
+    return maxCharacterDistance;
+  }
+
+  public void setMaxCharacterDistance(@Nullable Integer maxCharacterDistance) {
+    this.maxCharacterDistance = maxCharacterDistance;
+  }
 }

sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/specifications/specification-json-schema.json

@@ -28,7 +28,26 @@
       "type": "object",
       "patternProperties": {
         "^pattern(After|Around|Before|Not)$": {
-          "type": "string"
+          "oneOf": [
+            {
+              "type": "object",
+              "properties": {
+                "pattern": {
+                  "type": "string"
+                },
+                "maxDistance": {
+                  "type": "integer"
+                }
+              },
+              "additionalProperties": false,
+              "required": [
+                "pattern"
+              ]
+            },
+            {
+              "type": "string"
+            }
+          ]
         }
       },
       "additionalProperties": false,

sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/api/AuxiliaryMatcherTest.java

@@ -21,6 +21,8 @@
 
 import java.util.List;
 import java.util.stream.Stream;
+
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
@@ -37,7 +39,7 @@ class AuxiliaryMatcherTest {
   void auxiliaryPatternShouldBeDetectedAndCandidateSecretShouldNotBeRemoved(AuxiliaryPatternType patternType, String content,
     String auxiliaryPattern) {
     AuxiliaryMatcher auxiliaryMatcher = new AuxiliaryMatcher(
-      patternType, new PatternMatcher("\\b(" + auxiliaryPattern + ")\\b"));
+      patternType, new PatternMatcher("\\b(" + auxiliaryPattern + ")\\b"), Integer.MAX_VALUE);
 
     List<Match> candidateSecrets = candidateSecretMatcher.findIn(content);
 
@@ -71,7 +73,7 @@ private static Stream<Arguments> auxiliaryPatternShouldBeDetectedAndCandidateSec
   @MethodSource
   void auxiliaryPatternShouldRemoveCandidateSecrets(AuxiliaryPatternType patternType, String content, String auxiliaryPattern) {
     AuxiliaryMatcher auxiliaryMatcher = new AuxiliaryMatcher(
-      patternType, new PatternMatcher("\\b(" + auxiliaryPattern + ")\\b"));
+      patternType, new PatternMatcher("\\b(" + auxiliaryPattern + ")\\b"), Integer.MAX_VALUE);
 
     List<Match> candidateSecrets = candidateSecretMatcher.findIn(content);
 
@@ -91,4 +93,43 @@ private static Stream<Arguments> auxiliaryPatternShouldRemoveCandidateSecrets()
       Arguments.of(AuxiliaryPatternType.PATTERN_AROUND, "something else and candidate secret and other word", "auxiliaryPattern"),
       Arguments.of(AuxiliaryPatternType.PATTERN_AROUND, "word and candidate secret", "didat"));
   }
+
+  @Test
+  void auxiliaryPatternShouldNotRemoveCandidateSecretsBecauseAuxPatternIsInDistance() {
+    AuxiliaryMatcher auxiliaryMatcher = new AuxiliaryMatcher(
+      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(auxPattern)\\b"), 200);
+
+    String content = "candidate secret and candidate secret and auxPattern";
+    List<Match> candidateSecrets = candidateSecretMatcher.findIn(content);
+
+    List<Match> result = auxiliaryMatcher.filter(candidateSecrets, content);
+
+    assertThat(result).containsExactlyElementsOf(candidateSecrets);
+  }
+
+  @Test
+  void auxiliaryPatternShouldRemoveCandidateSecretsBecauseAuxPatternIsOutOfDistance() {
+    AuxiliaryMatcher auxiliaryMatcher = new AuxiliaryMatcher(
+      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(auxPattern)\\b"), 2);
+
+    String content = "candidate secret and candidate secret and auxPattern";
+    List<Match> candidateSecrets = candidateSecretMatcher.findIn(content);
+
+    List<Match> result = auxiliaryMatcher.filter(candidateSecrets, content);
+
+    assertThat(result).isEmpty();
+  }
+
+  @Test
+  void auxiliaryPatternShouldRemoveOneCandidateSecretsBecauseItIsOutOfDistance() {
+    AuxiliaryMatcher auxiliaryMatcher = new AuxiliaryMatcher(
+      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(auxPattern)\\b"), 10);
+
+    String content = "candidate secret and candidate secret and auxPattern";
+    List<Match> candidateSecrets = candidateSecretMatcher.findIn(content);
+
+    List<Match> result = auxiliaryMatcher.filter(candidateSecrets, content);
+
+    assertThat(result).containsExactly(candidateSecrets.get(1));
+  }
 }

sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/api/AuxiliaryPatternMatcherFactoryTest.java

@@ -60,15 +60,19 @@ public static AuxiliaryPatternMatcher constructReferenceAuxiliaryMatcher() {
       "\\b");
     AuxiliaryPattern patternAround = ReferenceTestModel.constructAuxiliaryPattern(AuxiliaryPatternType.PATTERN_AROUND, "\\b(pattern" +
       "-around)\\b");
+    AuxiliaryPattern patternAroundWithDistance = ReferenceTestModel.constructAuxiliaryPattern(AuxiliaryPatternType.PATTERN_AROUND, "\\b(pattern" +
+      "-around-with-maxDistance)\\b");
+    patternAroundWithDistance.setMaxCharacterDistance(100);
     AuxiliaryPattern patternNot = ReferenceTestModel.constructAuxiliaryPattern(AuxiliaryPatternType.PATTERN_NOT, "\\b(pattern-not)\\b");
 
     AuxiliaryPatternMatcher matcherBefore = AuxiliaryMatcher.build(patternBefore);
     AuxiliaryPatternMatcher matcherAfter = AuxiliaryMatcher.build(patternAfter);
     AuxiliaryPatternMatcher matcherAround = AuxiliaryMatcher.build(patternAround);
+    AuxiliaryPatternMatcher matcherAroundWithMaxDistance = AuxiliaryMatcher.build(patternAroundWithDistance);
     AuxiliaryPatternMatcher matcherNot = AuxiliaryMatcher.build(patternNot);
 
     AuxiliaryPatternMatcher eachSecondLevel = matcherAfter.and(matcherAround);
-    AuxiliaryPatternMatcher eitherSecondLevel = matcherNot.or(matcherAround);
+    AuxiliaryPatternMatcher eitherSecondLevel = matcherNot.or(matcherAroundWithMaxDistance);
     return matcherBefore.or(eachSecondLevel).or(eitherSecondLevel);
   }
 }

sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/api/ConjunctionMatcherTest.java

@@ -34,10 +34,10 @@ class ConjunctionMatcherTest {
   @Test
   void conjunctionMatcherShouldNotRemoveCandidateSecret() {
     AuxiliaryMatcher auxiliaryMatcherBefore = new AuxiliaryMatcher(
-      AuxiliaryPatternType.PATTERN_BEFORE, new PatternMatcher("\\b(before)\\b"));
+      AuxiliaryPatternType.PATTERN_BEFORE, new PatternMatcher("\\b(before)\\b"), Integer.MAX_VALUE);
 
     AuxiliaryMatcher auxiliaryMatcherAfter = new AuxiliaryMatcher(
-      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(after)\\b"));
+      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(after)\\b"), Integer.MAX_VALUE);
     AuxiliaryPatternMatcher conjunctionMatcher = auxiliaryMatcherAfter.and(auxiliaryMatcherBefore);
 
     String content = "before candidate secret after";
@@ -53,10 +53,10 @@ void conjunctionMatcherShouldNotRemoveCandidateSecret() {
   @ValueSource(strings = {"candidate secret after", "before candidate secret", "candidate secret"})
   void conjunctionMatcherShouldRemoveCandidateSecret(String content) {
     AuxiliaryMatcher auxiliaryMatcherBefore = new AuxiliaryMatcher(
-      AuxiliaryPatternType.PATTERN_BEFORE, new PatternMatcher("\\b(before)\\b"));
+      AuxiliaryPatternType.PATTERN_BEFORE, new PatternMatcher("\\b(before)\\b"), Integer.MAX_VALUE);
 
     AuxiliaryMatcher auxiliaryMatcherAfter = new AuxiliaryMatcher(
-      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(after)\\b"));
+      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(after)\\b"), Integer.MAX_VALUE);
     AuxiliaryPatternMatcher conjunctionMatcher = auxiliaryMatcherAfter.and(auxiliaryMatcherBefore);
 
     List<Match> candidateSecrets = candidateSecretMatcher.findIn(content);

sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/api/DisjunctionMatcherTest.java

@@ -36,10 +36,10 @@ class DisjunctionMatcherTest {
   @ValueSource(strings = {"candidate secret after"})
   void conjunctionMatcherShouldNotRemoveCandidateSecret(String content) {
     AuxiliaryMatcher auxiliaryMatcherBefore = new AuxiliaryMatcher(
-      AuxiliaryPatternType.PATTERN_BEFORE, new PatternMatcher("\\b(before)\\b"));
+      AuxiliaryPatternType.PATTERN_BEFORE, new PatternMatcher("\\b(before)\\b"), Integer.MAX_VALUE);
 
     AuxiliaryMatcher auxiliaryMatcherAfter = new AuxiliaryMatcher(
-      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(after)\\b"));
+      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(after)\\b"), Integer.MAX_VALUE);
     AuxiliaryPatternMatcher disjunctionMatcher = auxiliaryMatcherAfter.or(auxiliaryMatcherBefore);
 
     List<Match> candidateSecrets = candidateSecretMatcher.findIn(content);
@@ -53,10 +53,10 @@ void conjunctionMatcherShouldNotRemoveCandidateSecret(String content) {
   @Test
   void conjunctionMatcherShouldRemoveCandidateSecret() {
     AuxiliaryMatcher auxiliaryMatcherBefore = new AuxiliaryMatcher(
-      AuxiliaryPatternType.PATTERN_BEFORE, new PatternMatcher("\\b(before)\\b"));
+      AuxiliaryPatternType.PATTERN_BEFORE, new PatternMatcher("\\b(before)\\b"), Integer.MAX_VALUE);
 
     AuxiliaryMatcher auxiliaryMatcherAfter = new AuxiliaryMatcher(
-      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(after)\\b"));
+      AuxiliaryPatternType.PATTERN_AFTER, new PatternMatcher("\\b(after)\\b"), Integer.MAX_VALUE);
     AuxiliaryPatternMatcher disjunctionMatcher = auxiliaryMatcherAfter.or(auxiliaryMatcherBefore);
 
     String content = "candidate secret";

sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/api/MatchTest.java

@@ -58,4 +58,30 @@ private static Stream<Arguments> matchesShouldNotBeBeforeAndAfter() {
       Arguments.of("Enclosed Match", 15, 17),
       Arguments.of("Sharing one character", 20, 25));
   }
+
+  @ParameterizedTest(name = "{0}")
+  @MethodSource
+  void testInRangeIsCalculatedCorrect(String testName, int secondMatchStartOffset, int secondMatchEndOffset, boolean isInRange) {
+    Match first = new Match("text", 10, 20);
+    Match second = new Match("text", secondMatchStartOffset, secondMatchEndOffset);
+
+    int maxDistance = 3;
+    assertThat(first.inDistanceOf(second, maxDistance)).isEqualTo(isInRange);
+  }
+
+  private static Stream<Arguments> testInRangeIsCalculatedCorrect() {
+    return Stream.of(
+      Arguments.of("Second Match after first out of range", 23, 30, true),
+      Arguments.of("Second Match after first in range", 24, 30, false),
+      Arguments.of("Second Match before first out of range", 0, 6, false),
+      Arguments.of("Second Match before first in range", 0, 7, true),
+      Arguments.of("Second Match wrapping first", 0, 30, true),
+      Arguments.of("Second Match wrapping first", 9, 21, true),
+      Arguments.of("Second Match overlapping first", 5, 15, true),
+      Arguments.of("Second Match overlapping first", 9, 15, true),
+      Arguments.of("Second Match overlapping first", 15, 21, true),
+      Arguments.of("Second Match overlapping first", 15, 25, true),
+      Arguments.of("First Match wrapping second", 15, 15, true),
+      Arguments.of("First Match wrapping second", 11, 29, true));
+  }
 }