Merge pull request #92 from cnescatlab/feature/add-hadolint-with-cnes…

…-scan-update

Added hadolint + new cnes-scan version

Dockerfile

@@ -14,12 +14,16 @@ USER root
 ADD https://github.com/cnescatlab/i-CodeCNES/releases/download/5.0.0/icode-5.0.0.zip \
     https://github.com/danmar/cppcheck/archive/refs/tags/2.14.2.tar.gz \
     https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006.zip \
-    https://github.com/cnescatlab/sonar-cnes-scan-plugin/releases/download/2.0.0/sonar-cnes-scan-plugin-2.0.jar \
+    https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \
+    https://github.com/cnescatlab/sonar-cnes-scan-plugin/releases/download/2.1.0/sonar-cnes-scan-plugin-2.1.0.jar \
     /tmp/
 
 # Add CNES pylintrc A_B, C, D
 COPY pylintrc.d/ /opt/python/
 
+#Add CNES hadolint config
+COPY hadolint.d/ /opt/hadolint/
+
 ## ====================== INSTALL DEPENDENCIES ===============================
 
 ENV PATH=/usr/local/bin:${PATH}
@@ -31,7 +35,7 @@ RUN apt-get update -y \
     && rm -rf /var/lib/apt/lists/*
 
 RUN apt-get update -y \
-    && apt-get install -y \
+    && apt-get install -y --no-install-recommends \
     unzip=6.0-* \
     python3=3.10.6-* \
     python3-pip=22.0.2* \
@@ -55,10 +59,14 @@ RUN apt-get update -y \
     ## Install Sonar Scanner
     && unzip /tmp/sonar-scanner-cli-5.0.1.3006.zip -d /opt/ \
     && mv /opt/sonar-scanner-5.0.1.3006 /opt/sonar-scanner \
-    && rm -rf /tmp/sonar-scanner-cli-5.0.1.3006.zip \
+    && rm -rf /tmp/sonar-scanner-cli-5.0.1.3006.zip\
+    ## Install Hadolint
+    && mv /tmp/hadolint-Linux-x86_64 /usr/bin/hadolint \
+    && chown sonarqube:sonarqube /usr/bin/hadolint \
+    && chmod +x /usr/bin/hadolint \
     ## Install Cnes Scan Plugin
-    && mv /tmp/sonar-cnes-scan-plugin-2.0.jar /opt/sonarqube/extensions/plugins/ \
-    && chown sonarqube:sonarqube /opt/sonarqube/extensions/plugins/sonar-cnes-scan-plugin-2.0.jar
+    && mv /tmp/sonar-cnes-scan-plugin-2.1.0.jar /opt/sonarqube/extensions/plugins/ \
+    && chown sonarqube:sonarqube /opt/sonarqube/extensions/plugins/sonar-cnes-scan-plugin-2.1.0.jar
 
 
 ## Python, Pylint & CNES Pylint setup
@@ -71,24 +79,25 @@ RUN pip install --no-cache-dir \
     mccabe==0.7.0 \
     isort==5.13.2 \
     typed-ast==1.5.5 \
-    astroid==3.2.3 \
-    pylint==3.2.5 \
+    astroid==3.2.4 \
+    pylint==3.2.6 \
     pylint_sonarjson_catlab==2.0.0 \
     cnes-pylint-extension==7.0.0
 
 ## C and C++ tools installation
-RUN cd /tmp \
-    && tar -zxvf 2.14.2.tar.gz \
+WORKDIR /tmp
+
+RUN tar -zxvf 2.14.2.tar.gz \
     && make -C cppcheck-2.14.2/ install MATCHCOMPILER="yes" FILESDIR="/usr/share/cppcheck" HAVE_RULES="yes" CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function -Wno-deprecated-declarations" \
-    && cd .. \
-    && rm -rf ./2.14.2.tar.gz ./cppcheck-2.14.2/ \
+    && rm -rf /2.14.2.tar.gz /cppcheck-2.14.2/ \
     && chown sonarqube:sonarqube -R /opt \
     && chown sonarqube:sonarqube -R /home \
     && apt-get autoremove -y \
     make \
     g\+\+ \
     libpcre3-dev
 
+WORKDIR /opt/sonarqube
 
 ## ====================== CONFIGURATION ===============================
 
@@ -97,14 +106,11 @@ COPY configure-cat.bash \
     init.bash \
     /tmp/
 
+
 # Make sonarqube owner of it's installation directories
 RUN chmod 750 /tmp/init.bash \
     ###### Disable telemetry
     && sed -i 's/#sonar\.telemetry\.enable=true/sonar\.telemetry\.enable=false/' /opt/sonarqube/conf/sonar.properties \
-    ###### Set default report path for Cppcheck
-    && echo 'sonar.cxx.cppcheck.reportPaths=cppcheck-report.xml' >> /opt/sonar-scanner/conf/sonar-scanner.properties \
-    ###### Set default report path for Pylint
-    && echo 'sonar.python.pylint.reportPaths=pylint-report.txt' >> /opt/sonar-scanner/conf/sonar-scanner.properties \
     #### Set list of patterns matching Dockerfiles
     && echo 'sonar.lang.patterns.dockerfile=Dockerfile,Dockerfile.*' >> /opt/sonarqube/conf/sonar-scanner.properties \
     ###### Solve following error: https://github.com/cnescatlab/docker-cat/issues/30

hadolint.d/hadolint_RNC_A_B_C_D.yaml

@@ -0,0 +1,44 @@
+
+format: sonarqube                         # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy)
+ignored:                                  # list of rules
+  - DL3012                                 
+  - DL3045
+  - DL3047
+  - DL3049
+  - DL3050
+  - DL3051
+  - DL3052
+  - DL3053
+  - DL3054
+  - DL3055
+  - DL3056
+  - DL3057
+  - DL3058
+  - SC1000
+  - SC1001
+  - SC1010
+  - SC1018
+  - SC1045
+  - SC1065
+  - SC1066
+  - SC1077
+  - SC1078
+  - SC1079
+  - SC1081
+  - SC1083
+  - SC1086
+  - SC1087
+  - SC1097
+  - SC1098
+  - SC2002
+  - SC2026
+  - SC2028
+  - SC2035
+  - SC2046
+  - SC2086
+  - SC2140
+  - SC2154
+  - SC2155
+  - SC2164
+
+

tests/c_cpp/sonar-project.properties

@@ -2,4 +2,5 @@ sonar.projectKey=c-dummy-project
 sonar.projectName=C Dummy Project
 sonar.projectVersion=1.0
 sonar.sources=src
-sonar.cxx.file.suffixes=.cxx,.cpp,.cc,.c,.hxx,.hpp,.hh,.h
+sonar.cxx.file.suffixes=.cxx,.cpp,.cc,.c,.hxx,.hpp,.hh,.h
+sonar.cxx.cppcheck.reportPaths=cppcheck-report.xml

tests/docker/hadolint-report.json

@@ -0,0 +1,132 @@
+{
+    "issues": [
+        {
+            "engineId": "Hadolint",
+            "primaryLocation": {
+                "filePath": "src/Dockerfile",
+                "message": "Always tag the version of an image explicitly",
+                "textRange": {
+                    "endColumn": 1,
+                    "endLine": 4,
+                    "startColumn": 0,
+                    "startLine": 4
+                }
+            },
+            "ruleId": "DL3006",
+            "severity": "MAJOR",
+            "type": "CODE_SMELL"
+        },
+        {
+            "engineId": "Hadolint",
+            "primaryLocation": {
+                "filePath": "src/Dockerfile",
+                "message": "Avoid additional packages by specifying `--no-install-recommends`",
+                "textRange": {
+                    "endColumn": 1,
+                    "endLine": 6,
+                    "startColumn": 0,
+                    "startLine": 6
+                }
+            },
+            "ruleId": "DL3015",
+            "severity": "MINOR",
+            "type": "CODE_SMELL"
+        },
+        {
+            "engineId": "Hadolint",
+            "primaryLocation": {
+                "filePath": "src/Dockerfile",
+                "message": "Delete the apt-get lists after installing something",
+                "textRange": {
+                    "endColumn": 1,
+                    "endLine": 6,
+                    "startColumn": 0,
+                    "startLine": 6
+                }
+            },
+            "ruleId": "DL3009",
+            "severity": "MINOR",
+            "type": "CODE_SMELL"
+        },
+        {
+            "engineId": "Hadolint",
+            "primaryLocation": {
+                "filePath": "src/Dockerfile",
+                "message": "node_verion is referenced but not assigned (did you mean 'node_version'?).",
+                "textRange": {
+                    "endColumn": 1,
+                    "endLine": 6,
+                    "startColumn": 0,
+                    "startLine": 6
+                }
+            },
+            "ruleId": "SC2154",
+            "severity": "MAJOR",
+            "type": "CODE_SMELL"
+        },
+        {
+            "engineId": "Hadolint",
+            "primaryLocation": {
+                "filePath": "src/Dockerfile",
+                "message": "`COPY` to a relative destination without `WORKDIR` set.",
+                "textRange": {
+                    "endColumn": 1,
+                    "endLine": 9,
+                    "startColumn": 0,
+                    "startLine": 9
+                }
+            },
+            "ruleId": "DL3045",
+            "severity": "MAJOR",
+            "type": "CODE_SMELL"
+        },
+        {
+            "engineId": "Hadolint",
+            "primaryLocation": {
+                "filePath": "src/Dockerfile",
+                "message": "Use WORKDIR to switch to a directory",
+                "textRange": {
+                    "endColumn": 1,
+                    "endLine": 11,
+                    "startColumn": 0,
+                    "startLine": 11
+                }
+            },
+            "ruleId": "DL3003",
+            "severity": "MAJOR",
+            "type": "CODE_SMELL"
+        },
+        {
+            "engineId": "Hadolint",
+            "primaryLocation": {
+                "filePath": "src/Dockerfile",
+                "message": "Pin versions in npm. Instead of `npm install <package>` use `npm install <package>@<version>`",
+                "textRange": {
+                    "endColumn": 1,
+                    "endLine": 11,
+                    "startColumn": 0,
+                    "startLine": 11
+                }
+            },
+            "ruleId": "DL3016",
+            "severity": "MAJOR",
+            "type": "CODE_SMELL"
+        },
+        {
+            "engineId": "Hadolint",
+            "primaryLocation": {
+                "filePath": "src/Dockerfile",
+                "message": "Valid UNIX ports range from 0 to 65535",
+                "textRange": {
+                    "endColumn": 1,
+                    "endLine": 14,
+                    "startColumn": 0,
+                    "startLine": 14
+                }
+            },
+            "ruleId": "DL3011",
+            "severity": "CRITICAL",
+            "type": "BUG"
+        }
+    ]
+}

tests/docker/reference-hadolint-results.json

@@ -0,0 +1 @@
+{"issues":[{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Always tag the version of an image explicitly","textRange":{"endColumn":1,"endLine":4,"startColumn":0,"startLine":4}},"ruleId":"DL3006","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Avoid additional packages by specifying `--no-install-recommends`","textRange":{"endColumn":1,"endLine":6,"startColumn":0,"startLine":6}},"ruleId":"DL3015","severity":"MINOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Delete the apt-get lists after installing something","textRange":{"endColumn":1,"endLine":6,"startColumn":0,"startLine":6}},"ruleId":"DL3009","severity":"MINOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"node_verion is referenced but not assigned (did you mean 'node_version'?).","textRange":{"endColumn":1,"endLine":6,"startColumn":0,"startLine":6}},"ruleId":"SC2154","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"`COPY` to a relative destination without `WORKDIR` set.","textRange":{"endColumn":1,"endLine":9,"startColumn":0,"startLine":9}},"ruleId":"DL3045","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Use WORKDIR to switch to a directory","textRange":{"endColumn":1,"endLine":11,"startColumn":0,"startLine":11}},"ruleId":"DL3003","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Pin versions in npm. Instead of `npm install <package>` use `npm install <package>@<version>`","textRange":{"endColumn":1,"endLine":11,"startColumn":0,"startLine":11}},"ruleId":"DL3016","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Valid UNIX ports range from 0 to 65535","textRange":{"endColumn":1,"endLine":14,"startColumn":0,"startLine":14}},"ruleId":"DL3011","severity":"CRITICAL","type":"BUG"}]}

tests/docker/sonar-project.properties

@@ -0,0 +1,6 @@
+#SonarQube Properties
+sonar.projectKey=hadolint-dummy-project
+sonar.projectName=Hadolint Dummy Project
+sonar.projectVersion=1.0
+sonar.sources=src
+sonar.externalIssuesReportPaths=hadolint-report.json

tests/docker/src/Dockerfile

@@ -0,0 +1,15 @@
+# Example from Hadlint website
+# https://hadolint.github.io/hadolint/
+
+FROM debian
+
+RUN export node_version="0.10" \
+&& apt-get update && apt-get -y install nodejs="$node_verion"
+
+COPY package.json usr/src/app
+
+RUN cd /usr/src/app \
+&& npm install node-static
+
+EXPOSE 80000
+CMD ["npm", "start"]

tests/python/sonar-project.properties

@@ -3,3 +3,4 @@ sonar.projectKey=python-dummy-project
 sonar.projectName=Python Dummy Project
 sonar.projectVersion=1.0
 sonar.sources=src
+sonar.python.pylint.reportPaths=pylint-report.txt

tests/test_docker_cat.py

@@ -307,6 +307,7 @@ def import_analysis_results(cls, project_name: str, project_key: str,
             -Dsonar.projectVersion=1.0 -Dsonar.sources={source_folder} \
             -Dsonar.login={cls._SONARQUBE_TOKEN}",
             workdir=f"/media/sf_Shared/{language_folder}").output.decode("utf-8")
+        print(analysis_output)
         for line in (expected_sensor, expected_import):
             # Hint: if this test fails, the sensor for the tool or for the importation was not launched
             assert line in analysis_output
@@ -319,9 +320,9 @@ def import_analysis_results(cls, project_name: str, project_key: str,
         # Hint: an issue must be raised by the rule violated
         assert nb_issues == 1
         # Delete the project
-        requests.post(f"{cls.CAT_URL}/api/projects/delete",
-            auth=("admin", cls.SONARQUBE_ADMIN_PASSWORD),
-            data={"project": project_key})
+        # requests.post(f"{cls.CAT_URL}/api/projects/delete",
+        #     auth=("admin", cls.SONARQUBE_ADMIN_PASSWORD),
+        #     data={"project": project_key})
         if activate_rule:
             # Deactivate the rule in the Quality Profile
             requests.post(f"{cls.CAT_URL}/api/qualityprofiles/deactivate_rule",
@@ -487,6 +488,15 @@ def test_tool_shellcheck(self):
         """
         cmd = "bash -c 'shellcheck -s sh -f checkstyle tests/shell/src/script.sh || true'"
         self.analysis_tool("shellcheck", cmd, "tests/shell/reference-shellcheck-results.xml", "tests/shell/tmp-shellcheck-results.xml")
+
+    def test_tool_hadolint(self):
+        """
+        As a user of this image, I want to run hadolint from within a container
+        so that it produces a report.
+        """
+        cmd = "hadolint -f sonarqube --no-fail tests/docker/src/Dockerfile"
+        self.analysis_tool("hadolint", cmd, "tests/docker/reference-hadolint-results.json", "tests/docker/tmp-hadolint-results.json")
+
 
     # Test importation of analysis results
     def test_import_cppcheck_results(self):
@@ -495,8 +505,8 @@ def test_import_cppcheck_results(self):
         of a CppCheck analysis to SonarQube.
         """
         rule_violated = "cppcheck:arrayIndexOutOfBounds"
-        expected_sensor = "INFO: Sensor CXX [cxx]"
-        expected_import = "INFO: Sensor CXX Cppcheck report import"
+        expected_sensor = "INFO: Sensor CXX Cppcheck report import [cxx]"
+        expected_import = "INFO: Sensor CXX Cppcheck report import [cxx] (done)"
         self.import_analysis_results("CppCheck Dummy Project", "cppcheck-dummy-project",
             "RNC CPP A", "cxx", "tests/c_cpp", "cppcheck", rule_violated, expected_sensor, expected_import)
 
@@ -506,7 +516,18 @@ def test_import_pylint_results(self):
         of a pylint analysis to SonarQube.
         """
         rule_violated = "external_pylint:C0326"
-        expected_sensor = "INFO: Sensor Python Sensor [python]"
-        expected_import = "INFO: Sensor Import of Pylint issues [python]"
+        expected_sensor = "INFO: Sensor Import of Pylint issues [python]"
+        expected_import = "INFO: Sensor Import of Pylint issues [python] (done)"
         self.import_analysis_results("Pylint Dummy Project", "pylint-dummy-project",
-            "Sonar way", "py", "tests/python", "src", rule_violated, expected_sensor, expected_import)
+            "Sonar way", "py", "tests/python", "src", rule_violated, expected_sensor, expected_import)
+
+    def test_import_hadolint_results(self):
+        """
+        As a user of this image, I want to be able to import the results
+        of a hadolint analysis to SonarQube.
+        """
+        rule_violated = "external_Hadolint:DL3003"
+        expected_sensor = "INFO: Sensor Import external issues report"
+        expected_import = "INFO: Sensor Import external issues report (done)"
+        self.import_analysis_results("Hadolint Dummy Project", "hadolint-dummy-project",
+            "Sonar way", "docker", "tests/docker", "src", rule_violated, expected_sensor, expected_import)