Add Sonar codemod and first rule (#240)

This change introduces a Sonar plugin and fixes the first thing that
Sonar finds - S1161/missing `@Override`.

Author: nahsra

core-codemods/build.gradle.kts

@@ -21,6 +21,7 @@ dependencies {
     implementation(project(":plugins:codemodder-plugin-llm"))
     implementation(project(":plugins:codemodder-plugin-aws"))
     implementation(project(":plugins:codemodder-plugin-pmd"))
+    implementation(project(":plugins:codemodder-plugin-sonar"))
     implementation(libs.juniversalchardet)
     implementation(libs.dom4j)
     implementation(libs.commons.jexl)

core-codemods/src/main/java/io/codemodder/codemods/AddMissingOverrideCodemod.java

@@ -0,0 +1,45 @@
+package io.codemodder.codemods;
+
+import com.github.javaparser.ast.CompilationUnit;
+import com.github.javaparser.ast.Node;
+import com.github.javaparser.ast.body.MethodDeclaration;
+import com.github.javaparser.ast.expr.SimpleName;
+import io.codemodder.*;
+import io.codemodder.providers.sonar.ProvidedSonarScan;
+import io.codemodder.providers.sonar.RuleIssues;
+import io.codemodder.providers.sonar.SonarPluginJavaParserChanger;
+import io.codemodder.providers.sonar.api.Issue;
+import java.util.Optional;
+import javax.inject.Inject;
+
+/** A codemod for automatically fixing missing @Override annotations. */
+@Codemod(
+    id = "sonar:java/add-missing-override-s1161",
+    reviewGuidance = ReviewGuidance.MERGE_WITHOUT_REVIEW,
+    executionPriority = CodemodExecutionPriority.HIGH)
+public final class AddMissingOverrideCodemod extends SonarPluginJavaParserChanger<SimpleName> {
+
+  @Inject
+  public AddMissingOverrideCodemod(
+      @ProvidedSonarScan(ruleId = "java:S1161") final RuleIssues issues) {
+    super(issues, SimpleName.class, RegionNodeMatcher.MATCHES_START);
+  }
+
+  @Override
+  public boolean onIssueFound(
+      final CodemodInvocationContext context,
+      final CompilationUnit cu,
+      final SimpleName methodName,
+      final Issue issue) {
+
+    Optional<Node> parentNodeRef = methodName.getParentNode();
+    if (parentNodeRef.isPresent()) {
+      Node parentNode = parentNodeRef.get();
+      if (parentNode instanceof MethodDeclaration method) {
+        method.addAnnotation(Override.class);
+        return true;
+      }
+    }
+    return true;
+  }
+}

core-codemods/src/main/java/io/codemodder/codemods/DisableAutomaticDirContextDeserializationCodemod.java

@@ -18,7 +18,7 @@ public final class DisableAutomaticDirContextDeserializationCodemod
   @Inject
   public DisableAutomaticDirContextDeserializationCodemod(
       @SemgrepScan(ruleId = "disable-dircontext-deserialization") final RuleSarif sarif) {
-    super(sarif, ObjectCreationExpr.class, RegionExtractor.FROM_FIRST_LOCATION);
+    super(sarif, ObjectCreationExpr.class, SourceCodeRegionExtractor.FROM_SARIF_FIRST_LOCATION);
   }
 
   @Override

core-codemods/src/main/java/io/codemodder/codemods/InputResourceLeakCodemod.java

@@ -20,7 +20,7 @@ public final class InputResourceLeakCodemod extends SarifPluginJavaParserChanger
   @Inject
   public InputResourceLeakCodemod(
       @ProvidedCodeQLScan(ruleId = "java/input-resource-leak") final RuleSarif sarif) {
-    super(sarif, Expression.class, RegionExtractor.FROM_FIRST_LOCATION);
+    super(sarif, Expression.class, SourceCodeRegionExtractor.FROM_SARIF_FIRST_LOCATION);
   }
 
   @Override

core-codemods/src/main/java/io/codemodder/codemods/InsecureCookieCodemod.java

@@ -24,7 +24,7 @@ public class InsecureCookieCodemod extends SarifPluginJavaParserChanger<MethodCa
   @Inject
   public InsecureCookieCodemod(
       @ProvidedCodeQLScan(ruleId = "java/insecure-cookie") final RuleSarif sarif) {
-    super(sarif, MethodCallExpr.class, RegionExtractor.FROM_FIRST_LOCATION);
+    super(sarif, MethodCallExpr.class, SourceCodeRegionExtractor.FROM_SARIF_FIRST_LOCATION);
   }
 
   @Override

core-codemods/src/main/java/io/codemodder/codemods/JDBCResourceLeakCodemod.java

@@ -20,7 +20,7 @@ public final class JDBCResourceLeakCodemod extends SarifPluginJavaParserChanger<
   @Inject
   public JDBCResourceLeakCodemod(
       @ProvidedCodeQLScan(ruleId = "java/database-resource-leak") final RuleSarif sarif) {
-    super(sarif, MethodCallExpr.class, RegionExtractor.FROM_FIRST_LOCATION);
+    super(sarif, MethodCallExpr.class, SourceCodeRegionExtractor.FROM_SARIF_FIRST_LOCATION);
   }
 
   @Override

core-codemods/src/main/java/io/codemodder/codemods/JEXLInjectionCodemod.java

@@ -39,7 +39,7 @@ public final class JEXLInjectionCodemod extends SarifPluginJavaParserChanger<Exp
   @Inject
   public JEXLInjectionCodemod(
       @ProvidedCodeQLScan(ruleId = "java/jexl-expression-injection") final RuleSarif sarif) {
-    super(sarif, Expression.class, RegionExtractor.FROM_FIRST_LOCATION);
+    super(sarif, Expression.class, SourceCodeRegionExtractor.FROM_SARIF_FIRST_LOCATION);
   }
 
   @Override

core-codemods/src/main/java/io/codemodder/codemods/OptimizeJacksonStringUsageCodemod.java

@@ -25,7 +25,10 @@ public final class OptimizeJacksonStringUsageCodemod
   @Inject
   public OptimizeJacksonStringUsageCodemod(
       @SemgrepScan(ruleId = "optimize-jackson-string-usage") RuleSarif semgrepSarif) {
-    super(semgrepSarif, ExpressionStmt.class, RegionExtractor.FROM_FIRST_THREADFLOW_EVENT);
+    super(
+        semgrepSarif,
+        ExpressionStmt.class,
+        SourceCodeRegionExtractor.FROM_SARIF_FIRST_THREADFLOW_EVENT);
   }
 
   /**
@@ -38,8 +41,8 @@ public OptimizeJacksonStringUsageCodemod(
    *   <li>The resulting String is used nowhere else besides the readValue() call.
    * </ol>
    *
-   * We've configured the {@link RegionExtractor} to pull the first data flow event, which is the
-   * IOUtils#toString() call.
+   * We've configured the {@link SourceCodeRegionExtractor} to pull the first data flow event, which
+   * is the IOUtils#toString() call.
    */
   @Override
   public boolean onResultFound(
@@ -71,7 +74,10 @@ public boolean onResultFound(
     Optional<MethodCallExpr> readValueCallOpt =
         ASTs.findMethodBodyFrom(varDeclStmt).get().findAll(ExpressionStmt.class).stream()
             .filter(stmt -> stmt.getRange().isPresent())
-            .filter(stmt -> EXACT_MATCH.matches(lastRegion, stmt.getRange().get()))
+            .filter(
+                stmt ->
+                    EXACT_MATCH.matches(
+                        SourceCodeRegion.fromSarif(lastRegion), stmt.getRange().get()))
             .map(stmt -> stmt.getExpression().asVariableDeclarationExpr())
             .map(vde -> vde.getVariable(0).getInitializer().get().asMethodCallExpr())
             .findFirst();

core-codemods/src/main/java/io/codemodder/codemods/OutputResourceLeakCodemod.java

@@ -20,7 +20,7 @@ public final class OutputResourceLeakCodemod extends SarifPluginJavaParserChange
   @Inject
   public OutputResourceLeakCodemod(
       @ProvidedCodeQLScan(ruleId = "java/output-resource-leak") final RuleSarif sarif) {
-    super(sarif, Expression.class, RegionExtractor.FROM_FIRST_LOCATION);
+    super(sarif, Expression.class, SourceCodeRegionExtractor.FROM_SARIF_FIRST_LOCATION);
   }
 
   @Override

core-codemods/src/main/java/io/codemodder/codemods/SanitizeApacheMultipartFilenameCodemod.java

@@ -21,7 +21,10 @@ public final class SanitizeApacheMultipartFilenameCodemod
   @Inject
   public SanitizeApacheMultipartFilenameCodemod(
       @SemgrepScan(ruleId = "sanitize-apache-multipart-filename") RuleSarif semgrepSarif) {
-    super(semgrepSarif, MethodCallExpr.class, RegionExtractor.FROM_FIRST_THREADFLOW_EVENT);
+    super(
+        semgrepSarif,
+        MethodCallExpr.class,
+        SourceCodeRegionExtractor.FROM_SARIF_FIRST_THREADFLOW_EVENT);
   }
 
   @Override