[PLUTO-1412] test init

zhamborova · zhamborova · commit b61325352cd8 · 2025-05-13T17:23:58.000+02:00
diff --git a/.codacy/codacy.yaml b/.codacy/codacy.yaml
@@ -1,13 +1,10 @@
 runtimes:
     - node@22.2.0
     - python@3.11.11
-    - dart@3.7.2
 tools:
     - eslint@8.57.0
     - trivy@0.59.1
     - pylint@3.3.6
     - pmd@6.55.0
     - semgrep@1.78.0
-    - dartanalyzer@3.7.2
     - lizard@1.17.19
-    - codacy-enigma-cli@0.0.1-main.8.49310c3
diff --git a/cmd/init.go b/cmd/init.go
@@ -275,6 +275,8 @@ func buildRepositoryConfigurationFiles(token string) error {
 		PyLint:       "pylint",
 		PMD:          "pmd",
 		DartAnalyzer: "dartanalyzer",
+		Lizard:       "lizard",
+		Semgrep:      "semgrep",
 	}
 
 	// Generate languages configuration based on API tools response
@@ -384,52 +386,56 @@ func createToolFileConfigurations(tool tools.Tool, patternConfiguration []domain
 			if err != nil {
 				return fmt.Errorf("failed to create Trivy config: %v", err)
 			}
+			fmt.Println("Trivy configuration created based on Codacy settings")
 		} else {
 			err := createDefaultTrivyConfigFile(toolsConfigDir)
 			if err != nil {
 				return fmt.Errorf("failed to create default Trivy config: %v", err)
 			}
 		}
-		fmt.Println("Trivy configuration created based on Codacy settings")
 	case PMD:
 		if len(patternConfiguration) > 0 {
 			err := createPMDConfigFile(patternConfiguration, toolsConfigDir)
 			if err != nil {
 				return fmt.Errorf("failed to create PMD config: %v", err)
 			}
+
+			fmt.Println("PMD configuration created based on Codacy settings")
 		} else {
 			err := createDefaultPMDConfigFile(toolsConfigDir)
 			if err != nil {
 				return fmt.Errorf("failed to create default PMD config: %v", err)
 			}
 		}
-		fmt.Println("PMD configuration created based on Codacy settings")
+
 	case PyLint:
 		if len(patternConfiguration) > 0 {
 			err := createPylintConfigFile(patternConfiguration, toolsConfigDir)
 			if err != nil {
 				return fmt.Errorf("failed to create Pylint config: %v", err)
 			}
+			fmt.Println("Pylint configuration created based on Codacy settings")
 		} else {
 			err := createDefaultPylintConfigFile(toolsConfigDir)
 			if err != nil {
 				return fmt.Errorf("failed to create default Pylint config: %v", err)
 			}
 		}
-		fmt.Println("Pylint configuration created based on Codacy settings")
 	case DartAnalyzer:
 		if len(patternConfiguration) > 0 {
 			err := createDartAnalyzerConfigFile(patternConfiguration, toolsConfigDir)
 			if err != nil {
 				return fmt.Errorf("failed to create Dart Analyzer config: %v", err)
 			}
+			fmt.Println("Dart configuration created based on Codacy settings")
 		}
 	case Semgrep:
 		if len(patternConfiguration) > 0 {
 			err := createSemgrepConfigFile(patternConfiguration, toolsConfigDir)
 			if err != nil {
 				return fmt.Errorf("failed to create Semgrep config: %v", err)
 			}
+			fmt.Println("Semgrep configuration created based on Codacy settings")
 		}
 	case Lizard:
 		createLizardConfigFile(toolsConfigDir, patternConfiguration)
diff --git a/integration-tests/init-with-token/expected/.gitignore b/integration-tests/init-with-token/expected/.gitignore
@@ -0,0 +1,5 @@
+# Codacy CLI
+tools-configs/
+.gitignore
+cli-config.yaml
+logs/
diff --git a/integration-tests/init-with-token/expected/cli-config.yaml b/integration-tests/init-with-token/expected/cli-config.yaml
@@ -0,0 +1 @@
+mode: remote
diff --git a/integration-tests/init-with-token/expected/codacy.yaml b/integration-tests/init-with-token/expected/codacy.yaml
@@ -2,9 +2,9 @@ runtimes:
     - node@22.2.0
     - python@3.11.11
 tools:
+    - eslint@8.57.0
     - trivy@0.59.1
     - pylint@3.3.6
     - pmd@6.55.0
     - semgrep@1.78.0
     - lizard@1.17.19
-    - eslint@8.57.0
diff --git a/integration-tests/init-with-token/expected/tools-configs/languages-config.yaml b/integration-tests/init-with-token/expected/tools-configs/languages-config.yaml
@@ -0,0 +1,19 @@
+tools:
+    - name: pylint
+      languages: [Python]
+      extensions: [.py]
+    - name: lizard
+      languages: [Java, JavaScript, Python]
+      extensions: [.java, .js, .jsm, .jsx, .mjs, .py, .vue]
+    - name: pmd
+      languages: [Java, JavaScript]
+      extensions: [.java, .js, .jsm, .jsx, .mjs, .vue]
+    - name: eslint
+      languages: [JavaScript]
+      extensions: [.js, .jsm, .jsx, .mjs, .vue]
+    - name: trivy
+      languages: [Multiple]
+      extensions: []
+    - name: semgrep
+      languages: [Java, JavaScript, JSON, Python]
+      extensions: [.java, .js, .jsm, .json, .jsx, .mjs, .py, .vue]
diff --git a/integration-tests/init-with-token/expected/tools-configs/lizard.yaml b/integration-tests/init-with-token/expected/tools-configs/lizard.yaml
@@ -0,0 +1,40 @@
+patterns:
+    Lizard_ccn-minor:
+        category: Complexity
+        description: Check the Cyclomatic Complexity value of a function or logic block. If the threshold is not met, raise a Minor issue. The default threshold is 5.
+        explanation: |-
+            # Minor Cyclomatic Complexity control
+
+            Check the Cyclomatic Complexity value of a function or logic block. If the threshold is not met, raise a Minor issue. The default threshold is 4.
+        id: Lizard_ccn-minor
+        level: Info
+        severityLevel: Info
+        threshold: 5
+        timeToFix: 5
+        title: Minor Cyclomatic Complexity control
+    Lizard_nloc-critical:
+        category: Complexity
+        description: Check the number of lines of code (without comments) in a function or logic block. If the threshold is not met, raise a Critical issue. The default threshold is 100.
+        explanation: |-
+            # Critical NLOC control - Number of Lines of Code (without comments)
+
+            Check the number of lines of code (without comments) in a function or logic block. If the threshold is not met, raise a Critical issue. The default threshold is 100.
+        id: Lizard_nloc-critical
+        level: Error
+        severityLevel: Error
+        threshold: 100
+        timeToFix: 5
+        title: Critical NLOC control - Number of Lines of Code (without comments)
+    Lizard_nloc-medium:
+        category: Complexity
+        description: Check the number of lines of code (without comments) in a function. If the threshold is not met, raise a Medium issue. The default threshold is 50.
+        explanation: |-
+            # Medium NLOC control - Number of Lines of Code (without comments)
+
+            Check the number of lines of code (without comments) in a function. If the threshold is not met, raise a Medium issue. The default threshold is 50.
+        id: Lizard_nloc-medium
+        level: Warning
+        severityLevel: Warning
+        threshold: 50
+        timeToFix: 5
+        title: Medium NLOC control - Number of Lines of Code (without comments)
diff --git a/integration-tests/init-with-token/expected/tools-configs/pylint.rc b/integration-tests/init-with-token/expected/tools-configs/pylint.rc
@@ -0,0 +1,9 @@
+[MASTER]
+ignore=CVS
+persistent=yes
+load-plugins=
+
+[MESSAGES CONTROL]
+disable=all
+enable=E1124,E1130,E1133
+
diff --git a/integration-tests/init-with-token/expected/tools-configs/ruleset.xml b/integration-tests/init-with-token/expected/tools-configs/ruleset.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+<ruleset name="Codacy PMD Ruleset"
+    xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd">
+    <description>Codacy PMD Ruleset</description>
+
+    <rule ref="category/apex/design.xml/ExcessivePublicCount"/>
+    <rule ref="category/java/bestpractices.xml/JUnitTestsShouldIncludeAssert"/>
+    <rule ref="category/java/codestyle.xml/ShortMethodName"/>
+    <rule ref="category/java/errorprone.xml/AssignmentToNonFinalStatic"/>
+</ruleset>
diff --git a/integration-tests/init-with-token/expected/tools-configs/semgrep.yaml b/integration-tests/init-with-token/expected/tools-configs/semgrep.yaml
@@ -0,0 +1,69 @@
+rules:
+    - id: apex.lang.security.ncino.endpoints.namedcredentialsconstantmatch.named-credentials-constant-match
+      languages:
+        - apex
+      message: Named Credentials (and callout endpoints) should be used instead of hard-coding credentials. 1. Hard-coded credentials are hard to maintain when mixed in with application code. 2. It is particularly hard to update hard-coded credentials when they are used amongst different classes. 3. Granting a developer access to the codebase means granting knowledge of credentials, and thus keeping a two-level access is not possible. 4. Using different credentials for different environments is troublesome and error-prone.
+      metadata:
+        category: security
+        confidence: HIGH
+        cwe:
+            - 'CWE-540: Inclusion of Sensitive Information in Source Code'
+        impact: HIGH
+        likelihood: LOW
+        references:
+            - https://cwe.mitre.org/data/definitions/540.html
+        subcategory:
+            - vuln
+        technology:
+            - salesforce
+      min-version: 1.44.0
+      mode: taint
+      pattern-sinks:
+        - patterns:
+            - pattern: req.setHeader($X, ...);
+            - focus-metavariable: $X
+      pattern-sources:
+        - pattern: '...String $X = ''Authorization'';'
+      severity: ERROR
+    - id: clojure.lang.security.use-of-md5.use-of-md5
+      languages:
+        - clojure
+      message: MD5 hash algorithm detected. This is not collision resistant and leads to easily-cracked password hashes. Replace with current recommended hashing algorithms.
+      metadata:
+        author: Gabriel Marquet <gab.marquet@gmail.com>
+        category: security
+        confidence: HIGH
+        cwe:
+            - 'CWE-328: Use of Weak Hash'
+        impact: HIGH
+        likelihood: MEDIUM
+        owasp:
+            - A03:2017 - Sensitive Data Exposure
+            - A02:2021 - Cryptographic Failures
+        references:
+            - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html
+            - https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
+        source-rule-url: https://github.com/clj-holmes/clj-holmes-rules/blob/main/security/weak-hash-function-md5.yml
+        subcategory:
+            - vuln
+        technology:
+            - clojure
+      pattern-either:
+        - pattern: (MessageDigest/getInstance "MD5")
+        - pattern: (MessageDigest/getInstance MessageDigestAlgorithms/MD5)
+        - pattern: (MessageDigest/getInstance org.apache.commons.codec.digest.MessageDigestAlgorithms/MD5)
+        - pattern: (java.security.MessageDigest/getInstance "MD5")
+        - pattern: (java.security.MessageDigest/getInstance MessageDigestAlgorithms/MD5)
+        - pattern: (java.security.MessageDigest/getInstance org.apache.commons.codec.digest.MessageDigestAlgorithms/MD5)
+      severity: WARNING
+    - id: codacy.generic.plsql.empty-strings
+      languages:
+        - generic
+      message: Empty strings can lead to unexpected behavior and should be handled carefully.
+      metadata:
+        category: security
+        confidence: MEDIUM
+        description: Detects empty strings in the code which might cause issues or bugs.
+        impact: MEDIUM
+      pattern: $VAR VARCHAR2($LENGTH) := '';
+      severity: WARNING
diff --git a/integration-tests/init-with-token/expected/tools-configs/trivy.yaml b/integration-tests/init-with-token/expected/tools-configs/trivy.yaml
@@ -0,0 +1,10 @@
+severity:
+  - LOW
+  - MEDIUM
+  - HIGH
+  - CRITICAL
+
+scan:
+  scanners:
+    - vuln
+    - secret
diff --git a/integration-tests/run.sh b/integration-tests/run.sh
@@ -24,16 +24,16 @@ compare_files() {
       filename=$(basename "$file")
       if [ "$filename" = "codacy.yaml" ]; then
         # For codacy.yaml, sort the tools section before comparing
-        if diff <(yq e '.tools | sort_by(.name)' "$file") <(yq e '.tools | sort_by(.name)' "$actual_dir/$filename") >/dev/null 2>&1; then
+        if diff <(yq e '.tools | sort' "$file") <(yq e '.tools | sort' "$actual_dir/$filename") >/dev/null 2>&1; then
           echo "✅ $label/$filename matches expected"
         else
           echo "❌ $label/$filename does not match expected"
           echo "=== Expected file content (sorted) ==="
-          yq e '.tools | sort_by(.name)' "$file"
+          yq e '.tools | sort' "$file"
           echo "=== Actual file content (sorted) ==="
-          yq e '.tools | sort_by(.name)' "$actual_dir/$filename"
+          yq e '.tools | sort' "$actual_dir/$filename"
           echo "=== Diff output ==="
-          diff <(yq e '.tools | sort_by(.name)' "$file") <(yq e '.tools | sort_by(.name)' "$actual_dir/$filename") || true
+          diff <(yq e '.tools | sort' "$file") <(yq e '.tools | sort' "$actual_dir/$filename") || true
           echo "==================="
           exit 1
         fi
diff --git a/tools/language_config.go b/tools/language_config.go
@@ -64,6 +64,16 @@ func CreateLanguagesConfigFile(apiTools []Tool, toolsConfigDir string, toolIDMap
 			Languages:  []string{"Dart"},
 			Extensions: []string{".dart"},
 		},
+		"lizard": {
+			Name:       "lizard",
+			Languages:  []string{"C", "CPP", "Java", "C#", "JavaScript", "TypeScript", "VueJS", "Objective-C", "Swift", "Python", "Ruby", "TTCN-3", "PHP", "Scala", "GDScript", "Golang", "Lua", "Rust", "Fortran", "Kotlin", "Solidity", "Erlang", "Zig", "Perl"},
+			Extensions: []string{".c", ".cpp", ".cc", ".h", ".hpp", ".java", ".cs", ".js", ".jsx", ".ts", ".tsx", ".vue", ".m", ".swift", ".py", ".rb", ".ttcn", ".php", ".scala", ".gd", ".go", ".lua", ".rs", ".f", ".f90", ".kt", ".sol", ".erl", ".zig", ".pl"},
+		},
+		"semgrep": {
+			Name:       "semgrep",
+			Languages:  []string{"C", "CPP", "C#", "Generic", "Go", "Java", "JavaScript", "JSON", "Kotlin", "Python", "TypeScript", "Ruby", "Rust", "JSX", "PHP", "Scala", "Swift", "Terraform"},
+			Extensions: []string{".c", ".cpp", ".h", ".hpp", ".cs", ".go", ".java", ".js", ".json", ".kt", ".py", ".ts", ".rb", ".rs", ".jsx", ".php", ".scala", ".swift", ".tf", ".tfvars"},
+		},
 	}
 
 	// Build a list of tool language info for enabled tools

-Original file line number
+Diff line change
@@ @@ -1,13 +1,10 @@ @@
 runtimes:
     - [email protected]
     - [email protected]
 -    - [email protected]
 tools:
     - [email protected]
     - [email protected]
     - [email protected]
     - [email protected]
     - [email protected]
 -    - [email protected]
     - [email protected]
 -    - [email protected]
Original file line number	Diff line number	Diff line change
`@@ -275,6 +275,8 @@ func buildRepositoryConfigurationFiles(token string) error {`
`275`	`275`	`PyLint: "pylint",`
`276`	`276`	`PMD: "pmd",`
`277`	`277`	`DartAnalyzer: "dartanalyzer",`
	`278`	`+ Lizard: "lizard",`
	`279`	`+ Semgrep: "semgrep",`
`278`	`280`	`}`
`279`	`281`
`280`	`282`	`// Generate languages configuration based on API tools response`
`@@ -384,52 +386,56 @@ func createToolFileConfigurations(tool tools.Tool, patternConfiguration []domain`
`384`	`386`	`if err != nil {`
`385`	`387`	`return fmt.Errorf("failed to create Trivy config: %v", err)`
`386`	`388`	`}`
	`389`	`+ fmt.Println("Trivy configuration created based on Codacy settings")`
`387`	`390`	`} else {`
`388`	`391`	`err := createDefaultTrivyConfigFile(toolsConfigDir)`
`389`	`392`	`if err != nil {`
`390`	`393`	`return fmt.Errorf("failed to create default Trivy config: %v", err)`
`391`	`394`	`}`
`392`	`395`	`}`
`393`		`- fmt.Println("Trivy configuration created based on Codacy settings")`
`394`	`396`	`case PMD:`
`395`	`397`	`if len(patternConfiguration) > 0 {`
`396`	`398`	`err := createPMDConfigFile(patternConfiguration, toolsConfigDir)`
`397`	`399`	`if err != nil {`
`398`	`400`	`return fmt.Errorf("failed to create PMD config: %v", err)`
`399`	`401`	`}`
	`402`	`+`
	`403`	`+ fmt.Println("PMD configuration created based on Codacy settings")`
`400`	`404`	`} else {`
`401`	`405`	`err := createDefaultPMDConfigFile(toolsConfigDir)`
`402`	`406`	`if err != nil {`
`403`	`407`	`return fmt.Errorf("failed to create default PMD config: %v", err)`
`404`	`408`	`}`
`405`	`409`	`}`
`406`		`- fmt.Println("PMD configuration created based on Codacy settings")`
	`410`	`+`
`407`	`411`	`case PyLint:`
`408`	`412`	`if len(patternConfiguration) > 0 {`
`409`	`413`	`err := createPylintConfigFile(patternConfiguration, toolsConfigDir)`
`410`	`414`	`if err != nil {`
`411`	`415`	`return fmt.Errorf("failed to create Pylint config: %v", err)`
`412`	`416`	`}`
	`417`	`+ fmt.Println("Pylint configuration created based on Codacy settings")`
`413`	`418`	`} else {`
`414`	`419`	`err := createDefaultPylintConfigFile(toolsConfigDir)`
`415`	`420`	`if err != nil {`
`416`	`421`	`return fmt.Errorf("failed to create default Pylint config: %v", err)`
`417`	`422`	`}`
`418`	`423`	`}`
`419`		`- fmt.Println("Pylint configuration created based on Codacy settings")`
`420`	`424`	`case DartAnalyzer:`
`421`	`425`	`if len(patternConfiguration) > 0 {`
`422`	`426`	`err := createDartAnalyzerConfigFile(patternConfiguration, toolsConfigDir)`
`423`	`427`	`if err != nil {`
`424`	`428`	`return fmt.Errorf("failed to create Dart Analyzer config: %v", err)`
`425`	`429`	`}`
	`430`	`+ fmt.Println("Dart configuration created based on Codacy settings")`
`426`	`431`	`}`
`427`	`432`	`case Semgrep:`
`428`	`433`	`if len(patternConfiguration) > 0 {`
`429`	`434`	`err := createSemgrepConfigFile(patternConfiguration, toolsConfigDir)`
`430`	`435`	`if err != nil {`
`431`	`436`	`return fmt.Errorf("failed to create Semgrep config: %v", err)`
`432`	`437`	`}`
	`438`	`+ fmt.Println("Semgrep configuration created based on Codacy settings")`
`433`	`439`	`}`
`434`	`440`	`case Lizard:`
`435`	`441`	`createLizardConfigFile(toolsConfigDir, patternConfiguration)`