Merge branch 'develop' into 'master'

1.3.11 release

See merge request devopstoolkit/ContinuousCodeQuality/sonar-bw6!14

.gitignore

@@ -4,12 +4,16 @@
 /nbproject/
 .idea
 
-tests/zipcode/tibco.bwce.sample.binding.soap.http.ZipCodeServiceProvider/target/sonar/report-task.txt
+tests/.DS_Store
 
-tests/zipcode/tibco.bwce.sample.binding.soap.http.ZipCodeServiceProvider/target/sonar/.sonar_lock
+src/test/.DS_Store
 
-tests/.DS_Store
+src/.DS_Store
+
+src/test/java/.DS_Store
+
+src/test/java/com/.DS_Store
 
-docker/extensions/
+src/test/java/com/tibco/.DS_Store
 
 .DS_Store

.gitlab-ci.yml

@@ -15,10 +15,15 @@ cache:
   paths:
   - ".m2/repository/"
   - target/
+
+
+
 stages:
 - build
 - package
 - test
+- visualize
+
 maven-build:
   stage: build
   image: maven:3-jdk-11
@@ -28,8 +33,39 @@ maven-build:
     name: sonar-businessworks6-plugin-$CI_BUILD_ID-$CI_BUILD_REF
     expire_in: 1 day
     paths:
-    - "."
+    - "./target"
+
 sast:
   stage: test
+  variables:
+      SAST_EXCLUDED_PATHS: spec,test,tests,tmp,**/jacoco/jacoco-resources/**"
+      SECURE_LOG_LEVEL: "debug"
 include:
-- template: Security/SAST.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+
+
+
+test-jdk11:
+  stage: test
+  image: maven:3.6.3-jdk-11
+  script:
+    - mvn $MAVEN_CLI_OPTS clean org.jacoco:jacoco-maven-plugin:prepare-agent test jacoco:report
+  artifacts:
+    paths:
+      - target/site/jacoco/jacoco.xml
+
+coverage-jdk11:
+  # Must be in a stage later than test-jdk11's stage.
+  # The `visualize` stage does not exist by default.
+  # Please define it first, or choose an existing stage like `deploy`.
+  stage: visualize
+  image: registry.gitlab.com/haynes/jacoco2cobertura:1.0.9
+  script:
+    # convert report from jacoco to cobertura, using relative project path
+    - python /opt/cover2cover.py target/site/jacoco/jacoco.xml $CI_PROJECT_DIR/src/main/java/ > target/site/cobertura.xml
+  needs: ["test-jdk11"]
+  artifacts:
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: target/site/cobertura.xml

.semgrepignore

@@ -0,0 +1,26 @@
+# Common large paths
+node_modules/
+build/
+dist/
+vendor/
+.env/
+.venv/
+.tox/
+*.min.js
+.npm/
+.yarn/
+
+# Common test paths
+test/
+tests/
+*_test.go
+
+# Semgrep rules folder
+.semgrep
+
+# Semgrep-action log folder
+.semgrep_logs/
+
+# Project specific ignores
+/target/site/jacoco/*
+/target/jacoco-ut/*

pom.xml

@@ -3,19 +3,20 @@
     <groupId>com.tibco.sonar</groupId>
     <artifactId>sonar-bw-6-plugin</artifactId>
     <packaging>sonar-plugin</packaging>
-    <version>1.3.10</version>
+    <version>1.3.11</version>
     <name>Sonarqube BW6 Plugin</name>
     <description>SonarQube Plugin for Businessworks6, BWCE and TCI</description>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <sonar.apiVersion>7.4</sonar.apiVersion>
-        <jdk.min.version>1.8</jdk.min.version>
-        <sonar.version>7.4</sonar.version>        
+        <sonar.apiVersion>9.8.0.203</sonar.apiVersion>
+        <jdk.min.version>11</jdk.min.version>
+        <sonar.version>9.0</sonar.version>        
         <sonar.sources>src/main/java</sonar.sources>
         <sonar.language>java</sonar.language>
-        <sonar.analyzerCommons.version>1.10.2.456</sonar.analyzerCommons.version>
-        <jacoco.version>0.8.3</jacoco.version>
+        <sonar.analyzerCommons.version>2.9.0.2753</sonar.analyzerCommons.version>
+        <sonar.testingHarnessVersion>9.9.5.90363</sonar.testingHarnessVersion>
+        <jacoco.version>0.8.12</jacoco.version>
     </properties>
 
     <repositories>
@@ -38,11 +39,11 @@
 
     <dependencies>
         <dependency>
-            <groupId>org.sonarsource.sonarqube</groupId>
+            <groupId>org.sonarsource.api.plugin</groupId>
             <artifactId>sonar-plugin-api</artifactId>
             <!-- minimal version of SonarQube to support. Note that the groupId was "org.codehaus.sonar" before version 5.2 -->
-            <version>7.4</version>
-            <scope>provided</scope>
+            <version>${sonar.apiVersion}</version>
+            <scope>provided</scope> 
             <!-- mandatory scope -->
             <exclusions>
                 <exclusion>
@@ -60,7 +61,7 @@
         <dependency>
             <groupId>org.sonarsource.analyzer-commons</groupId>
             <artifactId>sonar-xml-parsing</artifactId>
-            <version>${sonar.analyzerCommons.version}</version>
+            <version>2.11.0.2861</version>
         </dependency>
         <dependency>
             <!-- packaged with the plugin -->
@@ -93,7 +94,7 @@
         <dependency>
             <groupId>org.sonarsource.sonarqube</groupId>
             <artifactId>sonar-testing-harness</artifactId>
-            <version>${sonar.apiVersion}</version>
+            <version>${sonar.testingHarnessVersion}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -105,8 +106,8 @@
         <!-- https://mvnrepository.com/artifact/org.mockito/mockito-all -->
         <dependency>
             <groupId>org.mockito</groupId>
-            <artifactId>mockito-all</artifactId>
-            <version>1.9.5</version>
+            <artifactId>mockito-core</artifactId>
+            <version>2.23.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -160,7 +161,7 @@
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.8.5</version>
+            <version>2.10.1</version>
             <type>jar</type>
         </dependency>
     </dependencies>
@@ -212,7 +213,7 @@
             <plugin>
                 <groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
                 <artifactId>sonar-packaging-maven-plugin</artifactId>
-                <version>1.18.0.372</version>
+                <version>1.23.0.740</version>
                 <extensions>true</extensions>
                 <configuration>
                     <skipDependenciesPackaging>true</skipDependenciesPackaging>
@@ -245,8 +246,9 @@
                 </executions>
             </plugin>
             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>3.2.1</version>
+                <version>3.5.3</version>
                 <executions>
                     <execution>
                         <phase>package</phase>
@@ -302,7 +304,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>2.21.0</version>
+                    <version>3.2.5</version>
                 </plugin>
             </plugins>
         </pluginManagement>

src/main/java/com/tibco/sonar/plugins/bw6/widget/BusinessWorksMetricsWidget.java

@@ -7,10 +7,9 @@
 
 @UserRole(UserRole.USER)
 @WidgetCategory({"BusinessWorks"})
-@WidgetScope("GLOBAL")
 @Description("BusinessWorks 6 Project Statistics")
 @WidgetProperties({
-	  @WidgetProperty(key = "max", type = WidgetPropertyType.INTEGER, defaultValue = "80")
+		@WidgetProperty(key = "max", type = WidgetPropertyType.INTEGER, defaultValue = "80")
 	})
 public class BusinessWorksMetricsWidget extends AbstractRubyTemplate implements
 		RubyRailsWidget {

tests/zipcode/tibco.bwce.sample.binding.soap.http.ZipCodeServiceProvider/target/sonar/report-task.txt

@@ -0,0 +1,6 @@
+projectKey=tibco.bwce.sample.binding.soap.http.ZipCodeServiceProvider
+serverUrl=http://localhost:9000
+serverVersion=10.4.1.88267
+dashboardUrl=http://localhost:9000/dashboard?id=tibco.bwce.sample.binding.soap.http.ZipCodeServiceProvider
+ceTaskId=e9f56b03-ab49-4fff-b6f5-39c92102b6e3
+ceTaskUrl=http://localhost:9000/api/ce/task?id=e9f56b03-ab49-4fff-b6f5-39c92102b6e3