Sonar codemod for removing block of commented-out lines of code (#269)

Reference: https://rules.sonarsource.com/java/RSPEC-125/

Docs PR pixee/docs#120

---------

Co-authored-by: Arshan Dabirsiaghi <[email protected]>

Author: carlosu7

core-codemods/src/main/java/io/codemodder/codemods/RemoveCommentedCodeCodemod.java

@@ -0,0 +1,47 @@
+package io.codemodder.codemods;
+
+import com.github.javaparser.ast.CompilationUnit;
+import com.github.javaparser.ast.comments.Comment;
+import io.codemodder.*;
+import io.codemodder.providers.sonar.ProvidedSonarScan;
+import io.codemodder.providers.sonar.RuleIssues;
+import io.codemodder.providers.sonar.SonarPluginJavaParserChanger;
+import io.codemodder.providers.sonar.api.Issue;
+import javax.inject.Inject;
+
+/** A codemod for removing commented-out lines of code. */
+@Codemod(
+    id = "sonar:java/remove-commented-code-s125",
+    reviewGuidance = ReviewGuidance.MERGE_WITHOUT_REVIEW,
+    executionPriority = CodemodExecutionPriority.HIGH)
+public final class RemoveCommentedCodeCodemod extends SonarPluginJavaParserChanger<Comment> {
+
+  /**
+   * The reason behind this specific region node matcher is that in the reported column by
+   * sonarcloud (range.begin.colum) differs by minus one point that the column reported by the java
+   * parser (region.start().column())
+   */
+  private static final RegionNodeMatcher regionNodeMatcher =
+      (region, range) ->
+          region.start().line() == range.begin.line
+              && region.start().column() >= range.begin.column;
+
+  @Inject
+  public RemoveCommentedCodeCodemod(
+      @ProvidedSonarScan(ruleId = "java:S125") final RuleIssues issues) {
+
+    super(issues, Comment.class, regionNodeMatcher, NodeCollector.ALL_COMMENTS);
+  }
+
+  @Override
+  public boolean onIssueFound(
+      final CodemodInvocationContext context,
+      final CompilationUnit cu,
+      final Comment comment,
+      final Issue issue) {
+
+    comment.removeForced();
+
+    return true;
+  }
+}

core-codemods/src/main/resources/io/codemodder/codemods/RemoveCommentedCodeCodemod/description.md

@@ -0,0 +1,10 @@
+This change eliminates commented-out code that may impede readability and distract focus. Any deleted code can still be accessed through the source control history if needed.
+
+Our changes look something like this:
+
+```diff
+   catch (IOException e) { 
+-    // LOG.error("Unexpected problem ", ex);
+     return handleError(ex);
+   }
+```

core-codemods/src/main/resources/io/codemodder/codemods/RemoveCommentedCodeCodemod/report.json

@@ -0,0 +1,7 @@
+{
+  "summary" : "Removed block of commented-out lines of code (Sonar)",
+  "change" : "Removed block of commented-out lines of code",
+  "references" : [
+    "https://rules.sonarsource.com/java/RSPEC-125/"
+  ]
+}

core-codemods/src/test/java/io/codemodder/codemods/RemoveCommentedCodeCodemodTest.java

@@ -0,0 +1,11 @@
+package io.codemodder.codemods;
+
+import io.codemodder.testutils.CodemodTestMixin;
+import io.codemodder.testutils.Metadata;
+
+@Metadata(
+    codemodType = RemoveCommentedCodeCodemod.class,
+    testResourceDir = "remove-commented-code-s125",
+    renameTestFile = "src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java",
+    dependencies = {})
+final class RemoveCommentedCodeCodemodTest implements CodemodTestMixin {}

core-codemods/src/test/resources/remove-commented-code-s125/Test.java.after

@@ -0,0 +1,128 @@
+/*
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 2017 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ */
+
+package org.owasp.webgoat.container.assignments;
+
+import static org.apache.commons.text.StringEscapeUtils.escapeJson;
+
+import lombok.Getter;
+import org.owasp.webgoat.container.i18n.PluginMessages;
+
+public class AttackResult {
+
+  public static class AttackResultBuilder {
+
+    private boolean lessonCompleted;
+    private PluginMessages messages;
+    private Object[] feedbackArgs;
+    private String feedbackResourceBundleKey;
+    private String output;
+    private Object[] outputArgs;
+    private AssignmentEndpoint assignment;
+    private boolean attemptWasMade = false;
+
+    public AttackResultBuilder(PluginMessages messages) {
+      this.messages = messages;
+    }
+
+    public AttackResultBuilder lessonCompleted(boolean lessonCompleted) {
+      this.lessonCompleted = lessonCompleted;
+      this.feedbackResourceBundleKey = "lesson.completed";
+      // return 0;
+      return this;
+    }
+
+    public AttackResultBuilder lessonCompleted(boolean lessonCompleted, String resourceBundleKey) {
+      return this;
+    }
+
+    public AttackResultBuilder feedbackArgs(Object... args) {
+      this.feedbackArgs = args;
+      return this;
+    }
+
+    public AttackResultBuilder feedback(String resourceBundleKey) {
+      this.feedbackResourceBundleKey = resourceBundleKey;
+      return this;
+    }
+
+
+    public AttackResultBuilder output(String output) {
+      this.output = output;
+      return this;
+    }
+
+    public AttackResultBuilder outputArgs(Object... args) {
+      this.outputArgs = args;
+      return this;
+    }
+
+    public AttackResultBuilder attemptWasMade() {
+      this.attemptWasMade = true;
+      return this;
+    }
+
+    public AttackResult build() {
+      return new AttackResult(
+          lessonCompleted,
+          messages.getMessage(feedbackResourceBundleKey, feedbackArgs),
+          messages.getMessage(output, output, outputArgs),
+          assignment.getClass().getSimpleName(),
+          attemptWasMade);
+    }
+
+    public AttackResultBuilder assignment(AssignmentEndpoint assignment) {
+      this.assignment = assignment;
+      return this;
+    }
+  }
+
+  @Getter private boolean lessonCompleted;
+  @Getter private String feedback;
+  @Getter private String output;
+  @Getter private final String assignment;
+  @Getter private boolean attemptWasMade;
+
+  public AttackResult(
+      boolean lessonCompleted,
+      String feedback,
+      String output,
+      String assignment,
+      boolean attemptWasMade) {
+    this.lessonCompleted = lessonCompleted;
+    this.feedback = escapeJson(feedback);
+    this.output = escapeJson(output);
+    this.assignment = assignment;
+    this.attemptWasMade = attemptWasMade;
+  }
+
+  public static AttackResultBuilder builder(PluginMessages messages) {
+    return new AttackResultBuilder(messages);
+  }
+
+  public boolean assignmentSolved() {
+    return lessonCompleted;
+  }
+}

core-codemods/src/test/resources/remove-commented-code-s125/Test.java.before

@@ -0,0 +1,136 @@
+/*
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 2017 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ */
+
+package org.owasp.webgoat.container.assignments;
+
+import static org.apache.commons.text.StringEscapeUtils.escapeJson;
+
+import lombok.Getter;
+import org.owasp.webgoat.container.i18n.PluginMessages;
+
+public class AttackResult {
+
+  public static class AttackResultBuilder {
+
+    private boolean lessonCompleted;
+    private PluginMessages messages;
+    private Object[] feedbackArgs;
+    private String feedbackResourceBundleKey;
+    private String output;
+    private Object[] outputArgs;
+    private AssignmentEndpoint assignment;
+    private boolean attemptWasMade = false;
+
+    public AttackResultBuilder(PluginMessages messages) {
+      this.messages = messages;
+    }
+
+    public AttackResultBuilder lessonCompleted(boolean lessonCompleted) {
+      this.lessonCompleted = lessonCompleted;
+      this.feedbackResourceBundleKey = "lesson.completed";
+      //System.out.println("hola");
+      // return 0;
+      return this;
+    }
+
+    public AttackResultBuilder lessonCompleted(boolean lessonCompleted, String resourceBundleKey) {
+      /*this.lessonCompleted = lessonCompleted;
+      this.feedbackResourceBundleKey = resourceBundleKey;*/
+      return this;
+    }
+
+    public AttackResultBuilder feedbackArgs(Object... args) {
+      this.feedbackArgs = args;
+      return this;
+    }
+
+    public AttackResultBuilder feedback(String resourceBundleKey) {
+      this.feedbackResourceBundleKey = resourceBundleKey;
+      return this;
+    }
+
+      /*public AttackResultBuilder feedback(String resourceBundleKey) {
+          this.feedbackResourceBundleKey = resourceBundleKey;
+          return this;
+      }*/
+
+    public AttackResultBuilder output(String output) {
+      this.output = output;
+      return this;
+    }
+
+    public AttackResultBuilder outputArgs(Object... args) {
+      this.outputArgs = args;
+      return this;
+    }
+
+    public AttackResultBuilder attemptWasMade() {
+      this.attemptWasMade = true;
+      return this;
+    }
+
+    public AttackResult build() {
+      return new AttackResult(
+          lessonCompleted,
+          messages.getMessage(feedbackResourceBundleKey, feedbackArgs),
+          messages.getMessage(output, output, outputArgs),
+          assignment.getClass().getSimpleName(),
+          attemptWasMade);
+    }
+
+    public AttackResultBuilder assignment(AssignmentEndpoint assignment) {
+      this.assignment = assignment;
+      return this;
+    }
+  }
+
+  @Getter private boolean lessonCompleted;
+  @Getter private String feedback;
+  @Getter private String output;
+  @Getter private final String assignment;
+  @Getter private boolean attemptWasMade;
+  //@Getter private boolean comment;
+
+  public AttackResult(
+      boolean lessonCompleted,
+      String feedback,
+      String output,
+      String assignment,
+      boolean attemptWasMade) {
+    this.lessonCompleted = lessonCompleted;
+    this.feedback = escapeJson(feedback);
+    this.output = escapeJson(output);
+    this.assignment = assignment;
+    this.attemptWasMade = attemptWasMade;
+  }
+
+  public static AttackResultBuilder builder(PluginMessages messages) {
+    return new AttackResultBuilder(messages);
+  }
+
+  public boolean assignmentSolved() {
+    return lessonCompleted;
+  }
+}