Reactivate sonar

[ptrovatelli]

List of changes:

• Reactivate sonarQube parser. (more info: see DefectDojo SonarQube Integration #810)
• Fix it for python3
• add file_path and line_number
• fix an issue with the logic for finding the vulnerabilities and the rules
  • before it was finding all the "tbody" and expect to find data always at the same nth tbody.
  • However sometimes there are more "tbody" in the rules description, and when there are no vulnerabilities found, one of the tbody disappears so it didn't work. Fix by using xpath instead to locate the list of vuln and the rules.
• force the findings as static findings (they were dynamic before)
• add unit tests

Beware that you'll need the last version of the sonar html export for this to work. it's here https://github.com/soprasteria/sonar-report but the npm registry is not up to date yet.

See also

• a sample report here update sonar report with file_path and line_number sample-scan-files#32
• updated documentation: add link to sonar-report project that generates the html sonar report Documentation#57

[ptrovatelli]

I have an idea for a perf improvment: that get_rule_details function has a complexity of number of findings * (number of rules/2).
It could be lowered to number of findings + number of rules if we go through the rules just once and put them in a hashmap.
@praveendvd also found a issue when importing non-vulnerability findings. i'll check this too

[Maffooch]

Hey @ptrovatelli please reactivate here as well. Thanks.

[ptrovatelli]

Hey @ptrovatelli please reactivate here as well. Thanks.

Nice catch thanks! done.