Add parser for Semgrep.

SUPPORTED-FORMATS.md

@@ -1,4 +1,4 @@
-<!--- DO NOT EDIT -- Generated at 2023-01-18T12:11:04.893335 - Run the `main` method of `ParserRegistry` to regenerate after changing parsers -- DO NOT EDIT --->
+<!--- DO NOT EDIT -- Generated at 2023-01-30T23:02:52.943532 - Run the `main` method of `ParserRegistry` to regenerate after changing parsers -- DO NOT EDIT --->
 # Supported Report Formats
 
 The static analysis model supports the following report formats.
@@ -329,7 +329,7 @@ If your tool is supported, but some properties are missing (icon, URL, etc.), pl
                 checkstyle
             </td>
             <td>
-                <img src="https://github.com/checkstyle/checkstyle/blob/master/src/site/resources/images/checkstyle_logo_small_64.png" alt="CheckStyle" height="64" width="64">
+                <img src="https://raw.githubusercontent.com/checkstyle/checkstyle/master/src/site/resources/images/checkstyle_logo_small_64.png" alt="CheckStyle" height="64" width="64">
             </td>
             <td>
                 <a href="https://checkstyle.org">
@@ -611,7 +611,7 @@ If your tool is supported, but some properties are missing (icon, URL, etc.), pl
                 eslint
             </td>
             <td>
-                <img src="https://github.com/eslint/eslint/blob/main/docs/src/static/icon.svg" alt="ESLint" height="64" width="64">
+                <img src="https://raw.githubusercontent.com/eslint/eslint/main/docs/src/static/icon.svg" alt="ESLint" height="64" width="64">
             </td>
             <td>
                 <a href="https://eslint.org">
@@ -751,7 +751,7 @@ If your tool is supported, but some properties are missing (icon, URL, etc.), pl
                 flow
             </td>
             <td>
-                <img src="https://raw.githubusercontent.com/facebook/flow/main/website/favicon.svg" alt="Flow" height="64" width="64">
+                <img src="https://raw.githubusercontent.com/facebook/flow/main/website/static/img/logo.svg" alt="Flow" height="64" width="64">
             </td>
             <td>
                 <a href="https://flow.org/">
@@ -767,7 +767,7 @@ If your tool is supported, but some properties are missing (icon, URL, etc.), pl
                 foodcritic
             </td>
             <td>
-                <img src="https://github.com/Foodcritic/foodcritic-site/blob/master/source/images/foodcritic.png" alt="Foodcritic" height="64" width="64">
+                <img src="https://raw.githubusercontent.com/Foodcritic/foodcritic-site/master/source/images/foodcritic.png" alt="Foodcritic" height="64" width="64">
             </td>
             <td>
                 <a href="http://www.foodcritic.io/">
@@ -990,7 +990,7 @@ analyze - iccxxxxcompiler_opts cstat2.c</pre></code>For details check the IAR C-
                 infer
             </td>
             <td>
-                <img src="https://github.com/facebook/infer/blob/main/website/static/img/logo.png" alt="Infer" height="64" width="64">
+                <img src="https://raw.githubusercontent.com/facebook/infer/main/website/static/img/logo.png" alt="Infer" height="64" width="64">
             </td>
             <td>
                 <a href="https://fbinfer.com">
@@ -1462,7 +1462,7 @@ analyze - iccxxxxcompiler_opts cstat2.c</pre></code>For details check the IAR C-
                 pmd
             </td>
             <td>
-                <img src="https://github.com/pmd/pmd/blob/master/docs/images/logo/pmd_logo_small.png" alt="PMD" height="64" width="64">
+                <img src="https://raw.githubusercontent.com/pmd/pmd/master/docs/images/logo/pmd_logo_small.png" alt="PMD" height="64" width="64">
             </td>
             <td>
                 <a href="https://pmd.github.io">
@@ -1790,6 +1790,27 @@ analyze - iccxxxxcompiler_opts cstat2.c</pre></code>For details check the IAR C-
                 -
             </td>
         </tr>
+        <tr>
+            <td>
+                semgrep
+            </td>
+            <td>
+                <img src="https://raw.githubusercontent.com/returntocorp/semgrep/develop/semgrep.svg" alt="Semgrep" height="64" width="64">
+            </td>
+            <td>
+                <a href="https://semgrep.dev/">
+                    Semgrep
+                </a>
+            </td>
+            <td>
+                -
+            </td>
+        </tr>
+        <tr>
+            <td colspan="4">
+                :bulb: Use <code>--json</code>
+            </td>
+        </tr>
         <tr>
             <td>
                 simian
@@ -1858,7 +1879,7 @@ analyze - iccxxxxcompiler_opts cstat2.c</pre></code>For details check the IAR C-
                 spotbugs
             </td>
             <td>
-                <img src="https://github.com/spotbugs/spotbugs.github.io/blob/master/images/logos/spotbugs_icon_only_zoom_256px.png" alt="SpotBugs" height="64" width="64">
+                <img src="https://raw.githubusercontent.com/spotbugs/spotbugs.github.io/master/images/logos/spotbugs_icon_only_zoom_256px.png" alt="SpotBugs" height="64" width="64">
             </td>
             <td>
                 <a href="https://spotbugs.github.io">
@@ -1993,7 +2014,7 @@ analyze - iccxxxxcompiler_opts cstat2.c</pre></code>For details check the IAR C-
                 veracode-pipeline-scanner
             </td>
             <td>
-                <img src="https://github.com/jenkinsci/veracode-scan-plugin/blob/master/src/main/webapp/icons/veracode-48x48.png" alt="Veracode Pipeline Scanner" height="64" width="64">
+                <img src="https://raw.githubusercontent.com/jenkinsci/veracode-scan-plugin/master/src/main/webapp/icons/veracode-48x48.png" alt="Veracode Pipeline Scanner" height="64" width="64">
             </td>
             <td>
                 <a href="https://docs.veracode.com/r/c_about_pipeline_scan">

src/main/java/edu/hm/hafner/analysis/parser/violations/SemgrepAdapter.java

@@ -0,0 +1,17 @@
+package edu.hm.hafner.analysis.parser.violations;
+
+import se.bjurr.violations.lib.parsers.SemgrepParser;
+
+/**
+ * Parses PyDocStyle results files.
+ *
+ * @author Ullrich Hafner
+ */
+public class SemgrepAdapter extends AbstractViolationAdapter {
+    private static final long serialVersionUID = 1119003057153007718L;
+
+    @Override
+    SemgrepParser createParser() {
+        return new SemgrepParser();
+    }
+}

src/main/java/edu/hm/hafner/analysis/registry/ParserRegistry.java

@@ -139,6 +139,7 @@ public class ParserRegistry {
             new RuboCopDescriptor(),
             new SarifDescriptor(),
             new ScalaDescriptor(),
+            new SemgrepDescriptor(),
             new SimianDescriptor(),
             new SimulinkCheckDescriptor(),
             new SonarQubeDescriptor(),

src/main/java/edu/hm/hafner/analysis/registry/SemgrepDescriptor.java

@@ -0,0 +1,38 @@
+package edu.hm.hafner.analysis.registry;
+
+import edu.hm.hafner.analysis.IssueParser;
+import edu.hm.hafner.analysis.parser.violations.SemgrepAdapter;
+
+/**
+ * A descriptor for Semgrep.
+ *
+ * @author Ullrich Hafner
+ */
+class SemgrepDescriptor extends ParserDescriptor {
+    private static final String ID = "semgrep";
+    private static final String NAME = "Semgrep";
+
+    SemgrepDescriptor() {
+        super(ID, NAME);
+    }
+
+    @Override
+    public IssueParser createParser(final Option... options) {
+        return new SemgrepAdapter();
+    }
+
+    @Override
+    public String getHelp() {
+        return "Use <code>--json</code>";
+    }
+
+    @Override
+    public String getUrl() {
+        return "https://semgrep.dev/";
+    }
+
+    @Override
+    public String getIconUrl() {
+        return "https://raw.githubusercontent.com/returntocorp/semgrep/develop/semgrep.svg";
+    }
+}

src/test/java/edu/hm/hafner/analysis/parser/violations/SemgrepAdapterTest.java

@@ -0,0 +1,39 @@
+package edu.hm.hafner.analysis.parser.violations;
+
+import edu.hm.hafner.analysis.AbstractParserTest;
+import edu.hm.hafner.analysis.Report;
+import edu.hm.hafner.analysis.Severity;
+import edu.hm.hafner.analysis.assertions.SoftAssertions;
+
+/**
+ * Tests the class {@link XmlLintAdapter}.
+ *
+ * @author Ullrich Hafner
+ */
+class SemgrepAdapterTest extends AbstractParserTest {
+    SemgrepAdapterTest() {
+        super("semgrep-report.json");
+    }
+
+    @Override
+    protected void assertThatIssuesArePresent(final Report report, final SoftAssertions softly) {
+        softly.assertThat(report).hasSize(1);
+        softly.assertThat(report.get(0))
+                .hasFileName("src/main/java/se/bjurr/violations/lib/parsers/JUnitParser.java")
+                .hasLineStart(33)
+                .hasColumnStart(24)
+                .hasColumnEnd(86)
+                .hasType("java.lang.security.audit.formatted-sql-string.formatted-sql-string")
+                .hasSeverity(Severity.WARNING_HIGH);
+
+        softly.assertThat(report.get(0).getMessage()).contains("Detected a formatted string in a SQL statement. This could lead to SQL"
+                + " injection if variables in the SQL statement are not properly sanitized."
+                + " Use a prepared statements (java.sql.PreparedStatement) instead. You can"
+                + " obtain a PreparedStatement using 'connection.prepareStatement'.");
+    }
+
+    @Override
+    protected SemgrepAdapter createParser() {
+        return new SemgrepAdapter();
+    }
+}

src/test/java/edu/hm/hafner/analysis/registry/ParsersTest.java

@@ -85,6 +85,12 @@ void shouldFindAllIssuesForCheckStyleAlias() {
         }
     }
 
+    /** Runs the Semgrep analysis parser on an output file that contains 1 issue. */
+    @Test
+    void shouldFindAllSemgrepIssues() {
+        findIssuesOfTool(1, "semgrep", "violations/semgrep-report.json");
+    }
+
     /** Runs the Dart analysis parser on an output file that contains 6 issues. */
     @Test
     void shouldFindAllDartIssues() {