Fix issues with rules being run against examples from other rules. (#301)

jamie-anderson-sonarsource · web-flow · commit a92258b45768 · 2023-10-05T09:16:29.000+02:00
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -46,11 +46,11 @@ linux_image_template: &LINUX_IMAGE
   namespace: default
   use_in_memory_disk: true
 
-linux_1_cpu_1G_template: &LINUX_1_CPU_1G
+linux_1_cpu_1G_template: &LINUX_1_CPU_2G
   eks_container:
     <<: *LINUX_IMAGE
     cpu: 1
-    memory: 1G
+    memory: 2G
 
 linux_2_cpu_6G_java_17_template: &LINUX_2_CPU_6G_JAVA_17
   eks_container:
@@ -97,7 +97,7 @@ build_task:
 ws_scan_task:
   depends_on:
     - build
-  <<: *LINUX_1_CPU_1G
+  <<: *LINUX_1_CPU_2G
   # run only on master and long-term branches
   only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*")
   env:
@@ -143,7 +143,7 @@ promote_task:
     - qa_plugin
     - ws_scan
   <<: *ONLY_IF_SONARSOURCE_QA
-  <<: *LINUX_1_CPU_1G
+  <<: *LINUX_1_CPU_2G
   env:
     #promotion cloud function
     GCF_ACCESS_TOKEN: VAULT[development/kv/data/promote data.token]
diff --git a/sonar-text-plugin/src/main/java/org/sonar/plugins/secrets/api/SpecificationBasedCheck.java b/sonar-text-plugin/src/main/java/org/sonar/plugins/secrets/api/SpecificationBasedCheck.java
@@ -25,6 +25,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.stream.Collectors;
+import java.util.function.Predicate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.sonar.api.batch.fs.TextRange;
@@ -73,11 +74,21 @@ public void initialize(SpecificationLoader loader, Map<URI, List<TextRange>> rep
 
   @Override
   public void analyze(InputFileContext ctx) {
+    analyze(ctx, checkId -> true);
+  }
+
+  public void analyze(InputFileContext ctx, String ruleId) {
+    analyze(ctx, checkId -> checkId.equals(ruleId));
+  }
+
+  protected void analyze(InputFileContext ctx, Predicate<String> ruleFilter) {
     for (SecretMatcher secretMatcher : matcher) {
-      durationStatistics.timed(secretMatcher.getRuleId() + DurationStatistics.SUFFIX_TOTAL, () -> secretMatcher.findIn(ctx))
-        .stream()
-        .map(match -> ctx.newTextRangeFromFileOffsets(match.getFileStartOffset(), match.getFileEndOffset()))
-        .forEach(textRange -> reportIfNoOverlappingSecretAlreadyFound(ctx, textRange, secretMatcher));
+      if (ruleFilter.test(secretMatcher.getRuleId())) {
+        durationStatistics.timed(secretMatcher.getRuleId() + DurationStatistics.SUFFIX_TOTAL, () -> secretMatcher.findIn(ctx))
+          .stream()
+          .map(match -> ctx.newTextRangeFromFileOffsets(match.getFileStartOffset(), match.getFileEndOffset()))
+          .forEach(textRange -> reportIfNoOverlappingSecretAlreadyFound(ctx, textRange, secretMatcher));
+      }
     }
   }
 
diff --git a/sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/utils/AbstractRuleExampleTest.java b/sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/utils/AbstractRuleExampleTest.java
@@ -55,16 +55,16 @@ public abstract class AbstractRuleExampleTest {
 
   private static final Logger LOG = LoggerFactory.getLogger(AbstractRuleExampleTest.class);
   private static SpecificationLoader specificationLoader;
-  private final Check check;
+  private final SpecificationBasedCheck check;
   private final HashMap<URI, List<TextRange>> reportedIssuesForCtx = new HashMap<>();
 
-  protected AbstractRuleExampleTest(Check check) {
+  protected AbstractRuleExampleTest(SpecificationBasedCheck check) {
     if (specificationLoader == null) {
       specificationLoader = new SpecificationLoader();
     }
 
     this.check = check;
-    ((SpecificationBasedCheck) check).initialize(specificationLoader, reportedIssuesForCtx, mockDurationStatistics());
+    check.initialize(specificationLoader, reportedIssuesForCtx, mockDurationStatistics());
   }
 
   @TestFactory
@@ -85,7 +85,7 @@ private Executable analyzeExample(Rule rule, RuleExample ruleExample) {
       String exampleFileName = ruleExample.getFileName() != null ? ruleExample.getFileName() : "file.txt";
       InputFileContext inputFileContext = new InputFileContext(context, inputFile(Path.of(exampleFileName), ruleExample.getText()));
 
-      check.analyze(inputFileContext);
+      check.analyze(inputFileContext, rule.getId());
 
       Collection<Issue> issues = context.allIssues();
       if (ruleExample.isContainsSecret()) {
diff --git a/sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/utils/UpdatingSpecificationFilesGenerator.java b/sonar-text-plugin/src/test/java/org/sonar/plugins/secrets/utils/UpdatingSpecificationFilesGenerator.java
@@ -36,6 +36,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 import org.slf4j.Logger;
@@ -68,12 +69,14 @@ class UpdatingSpecificationFilesGenerator {
 
   // Suppress warning, as there are no assertions inside here
   @Test
+  @Disabled("Should only be triggered manually")
   @SuppressWarnings("java:S2699")
   void firstStep() {
     writeSpecificationFileDefinition();
   }
 
   @Test
+  @Disabled("Should only be triggered manually")
   void secondStep() {
     testDeserializationOfSpecificationFiles();
     SpecificationLoader specificationLoader = new SpecificationLoader();
