Update sonar-analyzer-commons, metadata and RSPEC-s (#242)

its/ruling/pom.xml

@@ -59,6 +59,12 @@
       <version>${analyzerCommons.version}</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.sonarsource.sonarqube</groupId>
+      <artifactId>sonar-ws</artifactId>
+      <version>${sonarqube.sonar.ws.version}</version>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
 </project>

its/ruling/src/test/java/org/sonar/web/it/WebRulingTest.java

@@ -17,33 +17,38 @@
  */
 package org.sonar.web.it;
 
-import com.google.gson.Gson;
 import com.sonar.orchestrator.Orchestrator;
 import com.sonar.orchestrator.build.BuildResult;
 import com.sonar.orchestrator.build.SonarScanner;
-import com.sonar.orchestrator.http.HttpMethod;
+import com.sonar.orchestrator.container.Server;
 import com.sonar.orchestrator.locator.FileLocation;
 import com.sonar.orchestrator.locator.MavenLocation;
 import java.io.File;
 import java.nio.file.Files;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
-import java.util.Map;
 import java.util.Optional;
 import java.util.stream.Collectors;
 import org.apache.commons.lang.StringUtils;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Test;
 import org.sonarsource.analyzer.commons.ProfileGenerator;
+import org.sonarqube.ws.Qualityprofiles;
+import org.sonarqube.ws.client.HttpConnector;
+import org.sonarqube.ws.client.WsClient;
+import org.sonarqube.ws.client.WsClientFactories;
+import org.sonarqube.ws.client.qualityprofiles.ActivateRuleRequest;
+import org.sonarqube.ws.client.qualityprofiles.SearchRequest;
+import org.sonarqube.ws.client.rules.CreateRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class WebRulingTest {
 
   private static final String LANGUAGE = "web";
   private static final String REPOSITORY_KEY = "Web";
-  private static final Gson GSON = new Gson();
 
   @ClassRule
   public static Orchestrator orchestrator = Orchestrator.builderEnv()
@@ -66,7 +71,7 @@ public void ruling() throws Exception {
     File litsDifferencesFile = FileLocation.of("target/differences").getFile();
     String projectKey = "project";
     orchestrator.getServer().provisionProject(projectKey, projectKey);
-    orchestrator.getServer().associateProjectToQualityProfile(projectKey, "web", "rules");
+    orchestrator.getServer().associateProjectToQualityProfile(projectKey, LANGUAGE, "rules");
     SonarScanner build = SonarScanner.create()
       .setProjectDir(FileLocation.of("../sources").getFile())
       .setProjectKey(projectKey)
@@ -86,58 +91,78 @@ public void ruling() throws Exception {
     // To prevent adding error or exception that may be unseen in the logs
     BuildResult result = orchestrator.executeBuild(build);
     List<String> errorList = result.getLogs().lines().filter(line -> line.startsWith("ERROR")).collect(Collectors.toList());
-    assertThat(errorList).hasSize(1);
-    assertThat(errorList.get(0)).contains("decoder-allow-null-chars.html");
+    assertThat(errorList).hasSize(0);
 
     String differences = Files.readString(litsDifferencesFile.toPath());
     assertThat(differences).isEmpty();
   }
 
   private static void instantiateTemplateRule(String ruleTemplateKey, String instantiationKey, String params) {
-    orchestrator.getServer()
-      .newHttpCall("/api/rules/create")
-      .setAdminCredentials()
-      .setMethod(HttpMethod.POST)
-      .setParams(
-        "name", instantiationKey,
-        "markdown_description", instantiationKey,
-        "severity", "INFO",
-        "status", "READY",
-        "template_key", REPOSITORY_KEY + ":" + ruleTemplateKey,
-        "custom_key", instantiationKey,
-        "prevent_reactivation", "true",
-        "params", "name=\"" + instantiationKey + "\";key=\"" + instantiationKey + "\";markdown_description=\"" + instantiationKey + "\";" + params)
-      .execute();
+    newAdminWsClient(orchestrator)
+      .rules()
+      .create(
+        new CreateRequest()
+          .setName(instantiationKey)
+          .setMarkdownDescription(instantiationKey)
+          .setSeverity("INFO")
+          .setStatus("READY")
+          .setTemplateKey(REPOSITORY_KEY + ":" + ruleTemplateKey)
+          .setCustomKey(instantiationKey)
+          .setPreventReactivation("true")
+          .setParams(
+            Arrays.asList(
+              (
+                "name=\"" +
+                instantiationKey +
+                "\";key=\"" +
+                instantiationKey +
+                "\";markdown_description=\"" +
+                instantiationKey +
+                "\";" +
+                params
+              ).split(";", 0)
+            )
+          )
+      );
 
-    // check that the rule has been created
-    String get = orchestrator.getServer()
-      .newHttpCall("api/qualityprofiles/search")
-      .execute()
-      .getBodyAsString();
+    String profileKey = newAdminWsClient(orchestrator)
+      .qualityprofiles()
+      .search(new SearchRequest().setLanguage(LANGUAGE))
+      .getProfilesList()
+      .stream()
+      .filter(qp -> "rules".equals(qp.getName()))
+      .map(Qualityprofiles.SearchWsResponse.QualityProfile::getKey)
+      .findFirst()
+      .orElse(null);
 
-    String profileKey = null;
-    Map map = GSON.fromJson(get, Map.class);
-    for (Map qp : ((List<Map>) map.get("profiles"))) {
-      if ("rules".equals(qp.get("name"))) {
-        profileKey = (String) qp.get("key");
-        break;
-      }
+    if (!StringUtils.isEmpty(profileKey)) {
+      newAdminWsClient(orchestrator)
+        .qualityprofiles()
+        .activateRule(
+          new ActivateRuleRequest()
+            .setKey(profileKey)
+            .setRule(REPOSITORY_KEY + ":" + instantiationKey)
+            .setSeverity("INFO")
+            .setParams(Collections.emptyList())
+        );
+    } else {
+      throw new IllegalStateException(
+        "Could not retrieve profile key : Template rule " +
+        ruleTemplateKey +
+        " has not been activated"
+      );
     }
-    if (StringUtils.isEmpty(profileKey)) {
-      throw new IllegalStateException("Could not retrieve profile key : Template rule " + ruleTemplateKey + " has not been activated");
-    }
-
-    // activate the rule
-    orchestrator.getServer()
-      .newHttpCall("api/qualityprofiles/activate_rule")
-      .setAdminCredentials()
-      .setMethod(HttpMethod.POST)
-      .setParams(
-        "key", profileKey,
-        "rule", REPOSITORY_KEY + ":" + instantiationKey,
-        "severity", "INFO",
-        "params", "")
-      .execute();
   }
 
+  static WsClient newAdminWsClient(Orchestrator orchestrator) {
+    return WsClientFactories
+      .getDefault()
+      .newClient(
+        HttpConnector
+          .newBuilder()
+          .credentials(Server.ADMIN_LOGIN, Server.ADMIN_PASSWORD)
+          .url(orchestrator.getServer().getUrl())
+          .build()
+      );
+  }
 }

its/ruling/src/test/resources/expected/Web-LongJavaScriptCheck.json

@@ -2648,8 +2648,6 @@
 'project:external_webkit-jb-mr1/Source/WebCore/manual-tests/submit-form-with-target-twice.html':[
 2,
 ],
-'project:external_webkit-jb-mr1/Source/WebCore/manual-tests/subview-click-assertion.html':[
-],
 'project:external_webkit-jb-mr1/Source/WebCore/manual-tests/svg-deep-clone-to-new-doc.html':[
 8,
 ],

its/ruling/src/test/resources/expected/Web-PageWithoutTitleCheck.json

@@ -888,6 +888,9 @@
 'project:external_webkit-jb-mr1/LayoutTests/fast/encoding/css-link-charset.html':[
 2,
 ],
+'project:external_webkit-jb-mr1/LayoutTests/fast/encoding/decoder-allow-null-chars.html':[
+1,
+],
 'project:external_webkit-jb-mr1/LayoutTests/fast/encoding/default-xhtml-encoding.xhtml':[
 1,
 ],

its/ruling/src/test/resources/expected/Web-UnclosedTagCheck.json

@@ -610,6 +610,9 @@
 'project:external_webkit-jb-mr1/LayoutTests/fast/encoding/bracket-in-tag.html':[
 3,
 ],
+'project:external_webkit-jb-mr1/LayoutTests/fast/encoding/decoder-allow-null-chars.html':[
+12,
+],
 'project:external_webkit-jb-mr1/LayoutTests/fast/encoding/escaped-bracket.html':[
 3,
 ],

pom.xml

@@ -65,12 +65,12 @@
 
     <jakarta.el.version>4.0.2</jakarta.el.version>
     <sslr.version>1.24.0.633</sslr.version>
-    <analyzerCommons.version>2.1.0.1111</analyzerCommons.version>
+    <analyzerCommons.version>2.5.0.1358</analyzerCommons.version>
     <sonar.plugin.api.version>7.9</sonar.plugin.api.version>
 
     <sonarlint.api.impl.version>6.3.0.36253</sonarlint.api.impl.version>
-    <sonarqube.api.impl.version>9.7.1.62043</sonarqube.api.impl.version>
-    <sonarqube.sonar.ws.version>9.7.1.62043</sonarqube.sonar.ws.version>
+    <sonarqube.api.impl.version>9.9.0.65466</sonarqube.api.impl.version>
+    <sonarqube.sonar.ws.version>9.9.0.65466</sonarqube.sonar.ws.version>
     <orchestrator.version>3.40.0.183</orchestrator.version>
     <junit.version>4.13.2</junit.version>
     <assertj.version>3.23.1</assertj.version>

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/AvoidCommentedOutCodeCheck.html

@@ -1,3 +1,4 @@
+<h2>Why is this an issue?</h2>
 <p>Programmers should not comment out code as it bloats programs and reduces readability.</p>
 <p>Unused code should be deleted and can be retrieved from source control history if required.</p>
 

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/AvoidHtmlCommentCheck.json

@@ -8,8 +8,7 @@
   },
   "tags": [
     "cwe",
-    "jsp-jsf",
-    "owasp-a3"
+    "jsp-jsf"
   ],
   "defaultSeverity": "Minor",
   "ruleSpecification": "RSPEC-1876",

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/BoldAndItalicTagsCheck.html

@@ -1,3 +1,5 @@
+<p>This rule is deprecated, and will eventually be removed.</p>
+<h2>Why is this an issue?</h2>
 <p>The <code>&lt;strong&gt;</code>/<code>&lt;b&gt;</code> and <code>&lt;em&gt;</code>/<code>&lt;i&gt;</code> tags have exactly the same effect in most
 web browsers, but there is a fundamental difference between them: <code>&lt;strong&gt;</code> and <code>&lt;em&gt;</code> have a semantic meaning
 whereas <code>&lt;b&gt;</code> and <code>&lt;i&gt;</code> only convey styling information like CSS.</p>
@@ -13,22 +15,20 @@
   <li> in order to convey styling information, the <code>&lt;b&gt;</code> and <code>&lt;i&gt;</code> should be avoided and CSS should be used instead.
   </li>
 </ul>
-<h2>Noncompliant Code Example</h2>
+<h3>Noncompliant code example</h3>
 <pre>
 &lt;i&gt;car&lt;/i&gt;             &lt;!-- Noncompliant --&gt;
 &lt;b&gt;train&lt;/b&gt;         &lt;!-- Noncompliant --&gt;
 </pre>
-<h2>Compliant Solution</h2>
+<h3>Compliant solution</h3>
 <pre>
 &lt;em&gt;car&lt;/em&gt;
 &lt;strong&gt;train&lt;/strong&gt;
 </pre>
-<h2>Exceptions</h2>
+<h3>Exceptions</h3>
 <p>This rule is relaxed in case of <a href="https://www.w3.org/WAI/GL/wiki/Using_aria-hidden%3Dtrue_on_an_icon_font_that_AT_should_ignore">icon
 fonts</a> usage.</p>
 <pre>
 &lt;i class="..." aria-hidden="true" /&gt;    &lt;!-- Compliant icon fonts usage --&gt;
 </pre>
-<h2>Deprecated</h2>
-<p>This rule is deprecated, and will eventually be removed.</p>
 

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/ChildElementIllegalCheck.html

@@ -1,5 +1,6 @@
+<h2>Why is this an issue?</h2>
 <p>This rule checks that the specified child tag does not appear as a direct child of the specified parent.</p>
-<h2>Noncompliant Code Example</h2>
+<h3>Noncompliant code example</h3>
 <p>Assuming a parent/child combination of <code>head</code>/<code>body</code>:</p>
 <pre>
 &lt;head&gt;
@@ -9,7 +10,7 @@ <h2>Noncompliant Code Example</h2>
   &lt;/body&gt;
 &lt;/head&gt;
 </pre>
-<h2>Compliant Solution</h2>
+<h3>Compliant solution</h3>
 <pre>
 &lt;head&gt;
   ...

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/ChildElementRequiredCheck.html

@@ -1,5 +1,6 @@
+<h2>Why is this an issue?</h2>
 <p>This rule checks that the specified child elements are present inside the specified parent elements.</p>
-<h2>Noncompliant Code Example</h2>
+<h3>Noncompliant code example</h3>
 <p>Given a parent/child combination of <code>&lt;head&gt;</code>/<code>&lt;title&gt;</code>:</p>
 <pre>
 &lt;html&gt;
@@ -8,7 +9,7 @@ <h2>Noncompliant Code Example</h2>
   &lt;body&gt;
     ...
 </pre>
-<h2>Compliant Solution</h2>
+<h3>Compliant solution</h3>
 <pre>
 &lt;html&gt;
   &lt;head&gt;

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/ComplexityCheck.html

@@ -1,6 +1,6 @@
+<p>This rule is deprecated, and will eventually be removed.</p>
+<h2>Why is this an issue?</h2>
 <p>Checks cyclomatic complexity against a specified limit. The complexity is measured by counting decision tags (such as if and forEach) and boolean
 operators in expressions ("&amp;&amp;" and "||"), plus one for the body of the document. It is a measure of the minimum number of possible paths to
 render the page.</p>
-<h2>Deprecated</h2>
-<p>This rule is deprecated, and will eventually be removed.</p>
 

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/DoctypePresenceCheck.html

@@ -1,14 +1,15 @@
+<h2>Why is this an issue?</h2>
 <p>The <code>&lt;!DOCTYPE&gt;</code> declaration tells the web browser which (X)HTML version is being used on the page, and therefore how to interpret
 the various elements.</p>
 <p>Validators also rely on it to know which rules to enforce.</p>
 <p>It should always preceed the <code>&lt;html&gt;</code> tag.</p>
-<h2>Noncompliant Code Example</h2>
+<h3>Noncompliant code example</h3>
 <pre>
 &lt;html&gt;  &lt;!-- Noncompliant --&gt;
 ...
 &lt;/html&gt;
 </pre>
-<h2>Compliant Solution</h2>
+<h3>Compliant solution</h3>
 <pre>
 &lt;!DOCTYPE html&gt;
 &lt;html&gt;  &lt;!-- Compliant --&gt;

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/DoubleQuotesCheck.html

@@ -1,9 +1,10 @@
+<h2>Why is this an issue?</h2>
 <p>Checker to find use of single quote where double quote is preferred.</p>
-<h2>Noncompliant Code Example</h2>
+<h3>Noncompliant code example</h3>
 <pre>
 &lt;div id='header'&gt;&lt;/div&gt;
 </pre>
-<h2>Compliant Solution</h2>
+<h3>Compliant solution</h3>
 <pre>
 &lt;div id="header"&gt;&lt;/div&gt;
 </pre>

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/DynamicJspIncludeCheck.html

@@ -1,11 +1,12 @@
+<h2>Why is this an issue?</h2>
 <p>Content that doesn’t change or that doesn’t change often should be included using a mechanism which won’t try to interpret it. Specifically,
 <code>&lt;%@ include file="..." %&gt;</code>, which includes the file in the JSP servlet translation phase (i.e. it happens once), should be used
 instead of <code>&lt;jsp:include page="..." /&gt;</code>, which includes the page on the file, when the content is being served to the user.</p>
-<h2>Noncompliant Code Example</h2>
+<h3>Noncompliant code example</h3>
 <pre>
 &lt;jsp:include page="header.jsp"&gt;  &lt;!-- Noncompliant --&gt;
 </pre>
-<h2>Compliant Solution</h2>
+<h3>Compliant solution</h3>
 <pre>
 &lt;%@ include file="header.jsp" %&gt;
 </pre>

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/FieldsetWithoutLegendCheck.html

@@ -1,17 +1,18 @@
+<h2>Why is this an issue?</h2>
 <p>For users of assistive technology such as screen readers, it may be challenging to know what is expected in each form’s input. The input’s label
 alone might not be sufficient: 'street' could be part of a billing or a shipping address for instance.</p>
 <p>Fieldset legends are read out loud by screen readers before the label each time the focus is set on an input. For example, a legend 'Billing
 address' with a label 'Street' will read 'Billing address street'. Legends should be short, and 'Your' should not be repeated in both the legend and
 the label, as it would result in 'Your address Your City' being read.</p>
-<h2>Noncompliant Code Example</h2>
+<h3>Noncompliant code example</h3>
 <pre>
 &lt;fieldset&gt;                                 &lt;!-- Noncompliant --&gt;
   Street: &lt;input type="text"&gt;&lt;br /&gt;
   Town: &lt;input type="text"&gt;&lt;br /&gt;
   Country: &lt;input type="text"&gt;&lt;br /&gt;
 &lt;/fieldset&gt;
 </pre>
-<h2>Compliant Solution</h2>
+<h3>Compliant solution</h3>
 <pre>
 &lt;fieldset&gt;
   &lt;legend&gt;Billing address&lt;/legend&gt;

sonar-html-plugin/src/main/resources/org/sonar/l10n/web/rules/Web/FileLengthCheck.html

@@ -1,4 +1,6 @@
-<p>A source file that grows too much tends to aggregate too many responsibilities and inevitably becomes harder to understand and therefore to
-maintain. Above a specific threshold, it is strongly advised to refactor it into smaller pieces of code which focus on well defined tasks. Those
-smaller files will not only be easier to understand but also probably easier to test.</p>
+<h2>Why is this an issue?</h2>
+<p>A source file that grows too much tends to aggregate too many responsibilities and inevitably becomes harder to understand and, therefore, to
+maintain.</p>
+<p>Above a specific threshold, refactor the file into smaller files whose code focuses on well-defined tasks. Those smaller files will be easier to
+understand and easier to test.</p>