appscan basics

Author: nahsra

core-codemods/src/main/java/io/codemodder/codemods/SQLParameterizerCodemod.java

@@ -8,28 +8,26 @@
 import java.util.Optional;
 import java.util.stream.Collectors;
 
-/** Parameterizes SQL statements in the java JDBC api. */
+/** Parameterizes SQL statements in the JDBC API. */
 @Codemod(
     id = "pixee:java/sql-parameterizer",
     importance = Importance.HIGH,
     reviewGuidance = ReviewGuidance.MERGE_AFTER_REVIEW)
 public final class SQLParameterizerCodemod extends JavaParserChanger {
 
-  private Optional<CodemodChange> onNodeFound(
-      final CodemodInvocationContext context,
-      final MethodCallExpr methodCallExpr,
-      final CompilationUnit cu) {
+  private Optional<CodemodChange> onNodeFound(final MethodCallExpr methodCallExpr) {
     if (new SQLParameterizer(methodCallExpr).checkAndFix()) {
       return Optional.of(CodemodChange.from(methodCallExpr.getBegin().get().line));
     } else {
       return Optional.empty();
     }
   }
 
+  @Override
   public List<CodemodChange> visit(
       final CodemodInvocationContext context, final CompilationUnit cu) {
     return cu.findAll(MethodCallExpr.class).stream()
-        .flatMap(mce -> onNodeFound(context, mce, cu).stream())
+        .flatMap(mce -> onNodeFound(mce).stream())
         .collect(Collectors.toList());
   }
 }

plugins/codemodder-plugin-appscan/src/main/java/io/codemodder/providers/sarif/appscan/AppScanRuleSarif.java

@@ -0,0 +1,55 @@
+package io.codemodder.providers.sarif.appscan;
+
+import com.contrastsecurity.sarif.Region;
+import com.contrastsecurity.sarif.Result;
+import com.contrastsecurity.sarif.SarifSchema210;
+import io.codemodder.RuleSarif;
+import java.nio.file.Path;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+/** A {@link RuleSarif} for AppScan results. */
+final class AppScanRuleSarif implements RuleSarif {
+
+  private final SarifSchema210 sarif;
+  private final String ruleId;
+  private final Map<Path, List<Result>> resultsCache;
+  private final Path repositoryRoot;
+
+  public AppScanRuleSarif(
+      final String ruleId, final SarifSchema210 sarif, final Path repositoryRoot) {
+    this.sarif = Objects.requireNonNull(sarif);
+    this.ruleId = Objects.requireNonNull(ruleId);
+    this.repositoryRoot = repositoryRoot;
+    this.resultsCache = new HashMap<>();
+  }
+
+  @Override
+  public List<Region> getRegionsFromResultsByRule(final Path path) {
+    return List.of();
+  }
+
+  @Override
+  public List<Result> getResultsByPath(final Path path) {
+    return List.of();
+  }
+
+  @Override
+  public SarifSchema210 rawDocument() {
+    return sarif;
+  }
+
+  @Override
+  public String getRule() {
+    return ruleId;
+  }
+
+  @Override
+  public String getDriver() {
+    return toolName;
+  }
+
+  static final String toolName = "HCL AppScan Static Analyzer";
+}

plugins/codemodder-plugin-appscan/src/main/java/io/codemodder/providers/sarif/appscan/AppScanRuleSarifFactory.java

@@ -0,0 +1,20 @@
+package io.codemodder.providers.sarif.appscan;
+
+import com.contrastsecurity.sarif.SarifSchema210;
+import io.codemodder.RuleSarif;
+import io.codemodder.RuleSarifFactory;
+import java.nio.file.Path;
+import java.util.Optional;
+
+/** A factory for building {@link AppScanRuleSarif}s. */
+public final class AppScanRuleSarifFactory implements RuleSarifFactory {
+
+  @Override
+  public Optional<RuleSarif> build(
+      String toolName, String rule, SarifSchema210 sarif, Path repositoryRoot) {
+    if (AppScanRuleSarif.toolName.equals(toolName)) {
+      return Optional.of(new AppScanRuleSarif(rule, sarif, repositoryRoot));
+    }
+    return Optional.empty();
+  }
+}

plugins/codemodder-plugin-codeql/src/main/java/io/codemodder/providers/sarif/codeql/CodeQLModule.java

@@ -29,7 +29,7 @@ protected void configure() {
     // We can safely ignore this case for now.
     final Map<String, RuleSarif> map =
         allCodeqlRuleSarifs.stream()
-            .collect(Collectors.toUnmodifiableMap(rs -> rs.getRule(), rs -> rs));
+            .collect(Collectors.toUnmodifiableMap(RuleSarif::getRule, rs -> rs));
 
     for (final Class<? extends CodeChanger> codemodType : codemodTypes) {
       final Constructor<?>[] constructors = codemodType.getDeclaredConstructors();
@@ -42,11 +42,11 @@ protected void configure() {
               .filter(Objects::nonNull)
               .findFirst();
 
-      if (annotation.isPresent()) {
-        bind(RuleSarif.class)
-            .annotatedWith(annotation.get())
-            .toInstance(map.getOrDefault(annotation.get().ruleId(), RuleSarif.EMPTY));
-      }
+      annotation.ifPresent(
+          providedCodeQLScan ->
+              bind(RuleSarif.class)
+                  .annotatedWith(providedCodeQLScan)
+                  .toInstance(map.getOrDefault(providedCodeQLScan.ruleId(), RuleSarif.EMPTY)));
     }
   }
 }

plugins/codemodder-plugin-codeql/src/main/java/io/codemodder/providers/sarif/codeql/CodeQLRuleSarif.java

@@ -24,7 +24,8 @@ public final class CodeQLRuleSarif implements RuleSarif {
   private final Map<Path, List<Result>> resultsCache;
   private final Path repositoryRoot;
 
-  public CodeQLRuleSarif(final String ruleId, final SarifSchema210 sarif, Path repositoryRoot) {
+  public CodeQLRuleSarif(
+      final String ruleId, final SarifSchema210 sarif, final Path repositoryRoot) {
     this.sarif = Objects.requireNonNull(sarif);
     this.ruleId = Objects.requireNonNull(ruleId);
     this.repositoryRoot = repositoryRoot;

plugins/codemodder-plugin-codeql/src/main/java/io/codemodder/providers/sarif/codeql/CodeQLRuleSarifFactory.java

@@ -7,7 +7,7 @@
 import java.util.Optional;
 
 /** A factory for building {@link CodeQLRuleSarif}s. */
-public class CodeQLRuleSarifFactory implements RuleSarifFactory {
+public final class CodeQLRuleSarifFactory implements RuleSarifFactory {
 
   @Override
   public Optional<RuleSarif> build(