CloudformationRulesDefinition.java

/*
 * Cloudformation Plugin for SonarQube
 * Copyright (C) 2019 James Pether Sörling
 * james@hack23.com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 */
package com.hack23.sonar.cloudformation;

import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Set;

import org.apache.commons.lang3.reflect.FieldUtils;
import org.sonar.api.server.rule.RulesDefinition;
import org.sonar.api.server.rule.RulesDefinitionXmlLoader;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;

/**
 * The Class CloudformationRulesDefinition.
 */
public final class CloudformationRulesDefinition implements RulesDefinition {

    /** The Constant LOGGER. */
    private static final Logger LOGGER = Loggers.get(CloudformationRulesDefinition.class);

    /** The Constant PATH_TO_RULES_XML. */
    private static final String PATH_TO_RULES_XML = "/cloudformation-rules.xml";

    /** The Constant PATH_TO_CHECKOV_CLOUDFORMATION_RULES_XML. */
    private static final String PATH_TO_CHECKOV_CLOUDFORMATION_RULES_XML = "/cloudformation-checkov-cloudformation-rules.xml";

    /** The Constant PATH_TO_CHECKOV_TERRAFOM_RULES_XML. */
    private static final String PATH_TO_CHECKOV_TERRAFOM_RULES_XML = "/cloudformation-checkov-terraform-rules.xml";


    /** The Constant KEY. */
    public static final String KEY = "repo";

    /** The Constant NAME. */
    public static final String NAME = "repository";

    /** The context. */
    private Context context;

    /** The xml loader. */
    private final RulesDefinitionXmlLoader xmlLoader;

    /**
     * Instantiates a new cloudformation rules definition.
     *
     * @param xmlLoader the xml loader
     */
    public CloudformationRulesDefinition(final RulesDefinitionXmlLoader xmlLoader) {
        super();
        this.xmlLoader = xmlLoader;
    }

    /**
     * Gets the context.
     *
     * @return the context
     */
    public Context getContext() {
        return context;
    }

    /**
     * Define rules for cloudformation.
     *
     * @param context the context
     * @param repositoryKey the repository key
     * @param repositoryName the repository name
     * @param languageKey the language key
     */
    private void defineRulesForCloudformation(final Context context, final String repositoryKey, final String repositoryName,
            final String languageKey) {
        final NewRepository repository = context.createRepository(repositoryKey, languageKey).setName(repositoryName);

        addRules(repository, this.getClass().getResourceAsStream(PATH_TO_RULES_XML));
        addRules(repository, this.getClass().getResourceAsStream(PATH_TO_CHECKOV_CLOUDFORMATION_RULES_XML));
        repository.done();
    }


    /**
     * Define rules for terraform.
     *
     * @param context the context
     * @param repositoryKey the repository key
     * @param repositoryName the repository name
     * @param languageKey the language key
     */
    private void defineRulesForTerraform(final Context context, final String repositoryKey, final String repositoryName,
            final String languageKey) {
        final NewRepository repository = context.createRepository(repositoryKey, languageKey).setName(repositoryName);
        addRules(repository, this.getClass().getResourceAsStream(PATH_TO_CHECKOV_TERRAFOM_RULES_XML));
        repository.done();
    }


    /**
     * Adds the rules.
     *
     * @param repository the repository
     * @param rulesXml the rules xml
     */
    private void addRules(final NewRepository repository, final InputStream rulesXml) {
        if (rulesXml != null) {
            xmlLoader.load(repository, new InputStreamReader(rulesXml,StandardCharsets.UTF_8));
            for (final NewRule newRule : repository.rules()) {
                addNewRule(newRule);
            }
        }
    }

    /**
     * Adds the new rule.
     *
     * @param newRule the new rule
     */
    private static void addNewRule(final NewRule newRule) {
        try {
            final Set<String> tags = (Set<String>) FieldUtils.readField(newRule, "tags", true);
            for (final String tag : tags) {

                if (tag.contains("cweid-")) {
                    newRule.addCwe(Integer.parseInt(tag.replace("cweid-", "")));
                }

                if (tag.contains("owasp-")) {
                    newRule.addOwaspTop10(OwaspTop10.valueOf(tag.replace("owasp-", "").toUpperCase()));
                }
            }
        } catch (final IllegalAccessException e) {
            LOGGER.warn("Problem parsing security tags", e);
        }
    }

    /**
     * Define.
     *
     * @param context the context
     */
    @Override
    public void define(final Context context) {
        this.context = context;
        defineRulesForCloudformation(context, "cloudformation-plugin-cfn" ,"Cloudformation plugin(cfn) rules", "cloudformation");
        defineRulesForTerraform(context, "cloudformation-plugin-terraform" ,"Cloudformation plugin(terrraform) Rules", "terraform");
    }

}