added some appscan base

Author: nahsra

framework/codemodder-base/src/main/java/io/codemodder/DefaultSarifParser.java

@@ -1,5 +1,6 @@
 package io.codemodder;
 
+import com.contrastsecurity.sarif.ReportingDescriptor;
 import com.contrastsecurity.sarif.Result;
 import com.contrastsecurity.sarif.Run;
 import com.contrastsecurity.sarif.SarifSchema210;
@@ -8,7 +9,6 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.*;
-import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -52,7 +52,7 @@ private String extractRuleId(final Result result, final Run run) {
               .skip(toolIndex)
               .findFirst()
               .flatMap(tool -> tool.getRules().stream().skip(ruleIndex).findFirst())
-              .map(rd -> rd.getId());
+              .map(ReportingDescriptor::getId);
       if (maybeRule.isPresent()) {
         return maybeRule.get();
       } else {
@@ -70,7 +70,7 @@ private Stream<Map.Entry<String, RuleSarif>> fromSarif(
     final List<RuleSarifFactory> factories =
         ServiceLoader.load(RuleSarifFactory.class).stream()
             .map(ServiceLoader.Provider::get)
-            .collect(Collectors.toUnmodifiableList());
+            .toList();
     final var runResults = run.getResults();
     final var allResults =
         runResults != null

plugins/codemodder-plugin-appscan/build.gradle.kts

@@ -0,0 +1,17 @@
+plugins {
+    id("io.codemodder.java-library")
+    id("io.codemodder.maven-publish")
+}
+
+description = "Plugin to enable the use of appscan in codemods"
+
+dependencies {
+    compileOnly(libs.jetbrains.annotations)
+    implementation(project(":framework:codemodder-base"))
+    testImplementation(testlibs.bundles.junit.jupiter)
+    testImplementation(testlibs.bundles.hamcrest)
+    testImplementation(testlibs.assertj)
+    testImplementation(testlibs.jgit)
+    testImplementation(testlibs.mockito)
+    testRuntimeOnly(testlibs.junit.jupiter.engine)
+}

plugins/codemodder-plugin-appscan/src/main/java/io/codemodder/providers/sarif/appscan/AppScanModule.java

@@ -0,0 +1,50 @@
+package io.codemodder.providers.sarif.appscan;
+
+import com.google.inject.AbstractModule;
+import io.codemodder.CodeChanger;
+import io.codemodder.RuleSarif;
+import java.lang.reflect.Constructor;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/** Responsible for distributing the SARIFS to AppSCan based codemods based on rules. */
+public final class AppScanModule extends AbstractModule {
+
+  private final List<Class<? extends CodeChanger>> codemodTypes;
+  private final List<RuleSarif> allAppScanRuleSarifs;
+
+  AppScanModule(
+      final List<Class<? extends CodeChanger>> codemodTypes, final List<RuleSarif> sarifs) {
+    this.codemodTypes = Objects.requireNonNull(codemodTypes);
+    this.allAppScanRuleSarifs = sarifs;
+  }
+
+  @Override
+  protected void configure() {
+    final Map<String, RuleSarif> map =
+        allAppScanRuleSarifs.stream()
+            .collect(Collectors.toUnmodifiableMap(RuleSarif::getRule, rs -> rs));
+
+    for (final Class<? extends CodeChanger> codemodType : codemodTypes) {
+      final Constructor<?>[] constructors = codemodType.getDeclaredConstructors();
+
+      final Optional<ProvidedAppScanScan> annotation =
+          Stream.of(constructors)
+              .filter(constructor -> constructor.getAnnotation(javax.inject.Inject.class) != null)
+              .flatMap(constructor -> Stream.of(constructor.getParameters()))
+              .map(parameter -> parameter.getAnnotation(ProvidedAppScanScan.class))
+              .filter(Objects::nonNull)
+              .findFirst();
+
+      annotation.ifPresent(
+          providedAppScanScan ->
+              bind(RuleSarif.class)
+                  .annotatedWith(providedAppScanScan)
+                  .toInstance(map.getOrDefault(providedAppScanScan.ruleId(), RuleSarif.EMPTY)));
+    }
+  }
+}

plugins/codemodder-plugin-appscan/src/main/java/io/codemodder/providers/sarif/appscan/AppScanProvider.java

@@ -0,0 +1,30 @@
+package io.codemodder.providers.sarif.appscan;
+
+import com.google.inject.AbstractModule;
+import io.codemodder.CodeChanger;
+import io.codemodder.CodemodProvider;
+import io.codemodder.RuleSarif;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.Set;
+
+/** Provides codemods that act on AppSCan results. */
+public final class AppScanProvider implements CodemodProvider {
+
+  @Override
+  public Set<AbstractModule> getModules(
+      final Path repository,
+      final List<Path> includedFiles,
+      final List<String> includePaths,
+      final List<String> excludePaths,
+      final List<Class<? extends CodeChanger>> codemodTypes,
+      final List<RuleSarif> sarifs,
+      final Path sonarIssuesJsonFile) {
+    return Set.of(new AppScanModule(codemodTypes, sarifs));
+  }
+
+  @Override
+  public List<String> wantsSarifToolNames() {
+    return List.of("HCL AppScan Static Analyzer");
+  }
+}

plugins/codemodder-plugin-appscan/src/main/java/io/codemodder/providers/sarif/appscan/ProvidedAppScanScan.java

@@ -0,0 +1,18 @@
+package io.codemodder.providers.sarif.appscan;
+
+import java.lang.annotation.*;
+import javax.inject.Qualifier;
+
+/**
+ * This tells the framework to inject the results of a AppScan scan into the following parameter.
+ * This can only inject {@link io.codemodder.RuleSarif} types.
+ */
+@Documented
+@Qualifier
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.PARAMETER)
+public @interface ProvidedAppScanScan {
+
+  /** The AppScan rule "id" field from the sarif. */
+  String ruleId();
+}

plugins/codemodder-plugin-appscan/src/main/resources/META-INF/services/io.codemodder.CodemodProvider

@@ -0,0 +1 @@
+io.codemodder.providers.sarif.appscan.AppScanProvider

plugins/codemodder-plugin-appscan/src/main/resources/META-INF/services/io.codemodder.RuleSarifFactory

@@ -0,0 +1 @@
+io.codemodder.providers.sarif.appscan.AppScanRuleSarifFactory

plugins/codemodder-plugin-appscan/src/test/resources/webgoat_2023_8_binary.sarif

@@ -78,8 +78,9 @@ public List<Result> getResultsByPath(Path path) {
                           .getArtifactLocation()
                           .getUri();
                   try {
-                    if (Files.exists(repositoryRoot.resolve(Path.of(uri)))) {
-                      return Files.isSameFile(path, repositoryRoot.resolve(Path.of(uri)));
+                    Path uriPath = Path.of(uri);
+                    if (Files.exists(repositoryRoot.resolve(uriPath))) {
+                      return Files.isSameFile(path, repositoryRoot.resolve(uriPath));
                     } else {
                       return false;
                     }
@@ -88,7 +89,7 @@ public List<Result> getResultsByPath(Path path) {
                     return false;
                   }
                 })
-            .collect(Collectors.toUnmodifiableList());
+            .toList();
     resultsCache.put(path, results);
     return results;
   }

plugins/codemodder-plugin-codeql/src/main/java/io/codemodder/providers/sarif/codeql/CodeQLRuleSarif.java

@@ -49,3 +49,4 @@ include("plugins:codemodder-plugin-maven")
 include("plugins:codemodder-plugin-pmd")
 include("plugins:codemodder-plugin-sonar")
 include("plugins:codemodder-plugin-semgrep")
+include("plugins:codemodder-plugin-appscan")