Sign upLogin

OtherDevOpsGene/zap-sonar-plugin

View on GitHub
Star

Showing 26 of 26 total issues

AlertItem has 35 methods (exceeds 20 allowed). Consider refactoring.
Open

public class AlertItem {

  private int pluginid;
  private String alert;
  private int riskcode;
Severity: Minor
Found in src/main/java/org/sonar/zaproxy/parser/element/AlertItem.java - About 4 hrs to fix

    Method processAlertItem has 66 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      private AlertItem processAlertItem(SMInputCursor alertItemCursor) throws XMLStreamException {
    AlertItem alertItem = new AlertItem();
    SMInputCursor childCursor = alertItemCursor.childCursor();
    while (childCursor.getNext() != null) {
      String nodeName = childCursor.getLocalName();
    Severity: Major
    Found in src/main/java/org/sonar/zaproxy/parser/ReportParser.java - About 2 hrs to fix

      Function setupCompiler has 40 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

      function setupCompiler(host, port, protocol) {
  // "Compiler" is a low-level interface to Webpack.
  // It lets us listen to some events and provide our own custom messages.
  compiler = webpack(config, handleCompile);
      Severity: Minor
      Found in scripts/start.js - About 1 hr to fix

        Method toString has 36 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          @Override
  public String toString() {
    StringBuilder instanceString = new StringBuilder();
    for (Instance instance : instances) {
      instanceString.append(instance.toString());
        Severity: Minor
        Found in src/main/java/org/sonar/zaproxy/parser/element/AlertItem.java - About 1 hr to fix

          Similar blocks of code found in 2 locations. Consider refactoring.
          Open

            @CheckForNull
  private File getReportFromProperty() {
    String path = configuration.getReportPath();
    if (path == null) {
      return null;
          Severity: Major
          Found in src/main/java/org/sonar/zaproxy/parser/XmlReportFile.java and 1 other location - About 1 hr to fix
          src/main/java/org/sonar/zaproxy/parser/HtmlReportFile.java on lines 59..77

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 93.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Similar blocks of code found in 2 locations. Consider refactoring.
          Open

            @CheckForNull
  private File getReportFromProperty() {
    String path = configuration.getHtmlReportPath();
    if (path == null) {
      return null;
          Severity: Major
          Found in src/main/java/org/sonar/zaproxy/parser/HtmlReportFile.java and 1 other location - About 1 hr to fix
          src/main/java/org/sonar/zaproxy/parser/XmlReportFile.java on lines 60..78

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 93.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Function onProxyError has 33 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

          function onProxyError(proxy) {
  return function(err, req, res) {
    const host = req.headers && req.headers.host;
    console.log(
      chalk.red("Proxy error:") +
          Severity: Minor
          Found in scripts/start.js - About 1 hr to fix

            Method loadDefaultZAProxyRules has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
            Open

              private void loadDefaultZAProxyRules(NewRepository repository) {
    xmlLoader.load(
        repository, getClass().getResourceAsStream(ZapPlugin.RULES_FILE), StandardCharsets.UTF_8);
    for (NewRule newRule : repository.rules()) {
      try {
            Severity: Minor
            Found in src/main/java/org/sonar/zaproxy/rule/ZapRuleDefinition.java - About 1 hr to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Similar blocks of code found in 2 locations. Consider refactoring.
            Open

                  for (Instance instance : alert.getInstances()) {
        sb.append(addValueToDescription("URI", instance.getUri(), false));
        sb.append(addValueToDescription("Method", instance.getMethod(), false));
        sb.append(addValueToDescription("Param", instance.getParam(), false));
        sb.append(addValueToDescription("Attack", instance.getAttack(), false));
            Severity: Major
            Found in src/main/java/org/sonar/zaproxy/ZapSensor.java and 1 other location - About 1 hr to fix
            src/main/java/org/sonar/zaproxy/ZapSensor.java on lines 89..95

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 82.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Similar blocks of code found in 2 locations. Consider refactoring.
            Open

                if (null == alert.getInstances() || alert.getInstances().isEmpty()) {
      sb.append(addValueToDescription("URI", alert.getUri(), false));
      sb.append(addValueToDescription("Param", alert.getParam(), false));
      sb.append(addValueToDescription("Attack", alert.getAttack(), false));
      sb.append(addValueToDescription("Evidence", alert.getEvidence(), true));
            Severity: Major
            Found in src/main/java/org/sonar/zaproxy/ZapSensor.java and 1 other location - About 1 hr to fix
            src/main/java/org/sonar/zaproxy/ZapSensor.java on lines 96..102

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 82.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Function build has 29 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

            function build() {
  console.log(chalk.cyan.bold("Creating optimized production build..."));
  console.log();

  webpack(config, (err, stats) => {
            Severity: Minor
            Found in scripts/build.js - About 1 hr to fix

              Method processInstance has 27 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                private Instance processInstance(SMInputCursor childInstanceCursor) throws XMLStreamException {
    Instance instance = new Instance();
    while (childInstanceCursor.getNext() != null) {
      String instanceNodeName = childInstanceCursor.getLocalName();
      if (instanceNodeName != null) {
              Severity: Minor
              Found in src/main/java/org/sonar/zaproxy/parser/ReportParser.java - About 1 hr to fix

                Method execute has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  @Override
  public void execute(SensorContext context) {
    Profiler profiler = Profiler.create(LOGGER);
    profiler.startInfo("Process ZAP report");
    try {
                Severity: Minor
                Found in src/main/java/org/sonar/zaproxy/ZapSensor.java - About 1 hr to fix

                  Method processAlertItem has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
                  Open

                    private AlertItem processAlertItem(SMInputCursor alertItemCursor) throws XMLStreamException {
    AlertItem alertItem = new AlertItem();
    SMInputCursor childCursor = alertItemCursor.childCursor();
    while (childCursor.getNext() != null) {
      String nodeName = childCursor.getLocalName();
                  Severity: Minor
                  Found in src/main/java/org/sonar/zaproxy/parser/ReportParser.java - About 55 mins to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Similar blocks of code found in 2 locations. Consider refactoring.
                  Open

                    private Collection<AlertItem> processAlerts(SMInputCursor alertsCursor)
      throws XMLStreamException {
    Collection<AlertItem> alertItemCollection = new ArrayList<>();
    SMInputCursor alertItemCursor = alertsCursor.childElementCursor("alertitem");
                  Severity: Minor
                  Found in src/main/java/org/sonar/zaproxy/parser/ReportParser.java and 1 other location - About 40 mins to fix
                  src/main/java/org/sonar/zaproxy/rule/ZapProfile.java on lines 48..56

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 50.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Similar blocks of code found in 2 locations. Consider refactoring.
                  Open

                    private Collection<String> processRules(SMInputCursor rulesCursor) throws XMLStreamException {
    Collection<String> ruleKeysCollection = new ArrayList<>();
    SMInputCursor ruleCursor = rulesCursor.childElementCursor("rule");
    while (ruleCursor.getNext() != null) {
      ruleKeysCollection.add(processKey(ruleCursor));
                  Severity: Minor
                  Found in src/main/java/org/sonar/zaproxy/rule/ZapProfile.java and 1 other location - About 40 mins to fix
                  src/main/java/org/sonar/zaproxy/parser/ReportParser.java on lines 88..97

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 50.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Similar blocks of code found in 5 locations. Consider refactoring.
                  Open

                    public static final Metric TOTAL_ALERTS =
      new Metric.Builder(TOTAL_ALERTS_KEY, "Total Alerts", Metric.ValueType.INT)
          .setDescription("Total Alerts")
          .setDirection(Metric.DIRECTION_WORST)
          .setQualitative(false)
                  Severity: Major
                  Found in src/main/java/org/sonar/zaproxy/base/ZapMetrics.java and 4 other locations - About 35 mins to fix
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 52..60
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 61..69
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 70..78
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 79..87

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 46.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Similar blocks of code found in 5 locations. Consider refactoring.
                  Open

                    public static final Metric LOW_RISK_ALERTS =
      new Metric.Builder(LOW_RISK_ALERTS_KEY, "Low Risk Alerts", Metric.ValueType.INT)
          .setDescription("Low Risk Alerts")
          .setDirection(Metric.DIRECTION_WORST)
          .setQualitative(false)
                  Severity: Major
                  Found in src/main/java/org/sonar/zaproxy/base/ZapMetrics.java and 4 other locations - About 35 mins to fix
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 52..60
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 61..69
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 79..87
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 88..96

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 46.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Similar blocks of code found in 5 locations. Consider refactoring.
                  Open

                    public static final Metric HIGH_RISK_ALERTS =
      new Metric.Builder(HIGH_RISK_ALERTS_KEY, "High Risk Alerts", Metric.ValueType.INT)
          .setDescription("High Risk Alerts")
          .setDirection(Metric.DIRECTION_WORST)
          .setQualitative(false)
                  Severity: Major
                  Found in src/main/java/org/sonar/zaproxy/base/ZapMetrics.java and 4 other locations - About 35 mins to fix
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 61..69
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 70..78
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 79..87
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 88..96

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 46.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Similar blocks of code found in 5 locations. Consider refactoring.
                  Open

                    public static final Metric MEDIUM_RISK_ALERTS =
      new Metric.Builder(MEDIUM_RISK_ALERTS_KEY, "Medium Risk Alerts", Metric.ValueType.INT)
          .setDescription("Medium Risk Alerts")
          .setDirection(Metric.DIRECTION_WORST)
          .setQualitative(false)
                  Severity: Major
                  Found in src/main/java/org/sonar/zaproxy/base/ZapMetrics.java and 4 other locations - About 35 mins to fix
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 52..60
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 70..78
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 79..87
                  src/main/java/org/sonar/zaproxy/base/ZapMetrics.java on lines 88..96

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 46.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Severity
                  Category
                  Status
                  Source
                  Language