Add cnesreport and hadolint

.gitignore

@@ -3,6 +3,7 @@
 .scannerwork/
 __pycache__/
 .pytest_cache/
+.cache
 
 # Ignore results of tools
 tmp*results.*

Dockerfile

@@ -5,14 +5,15 @@ FROM sonarqube:7.9.4-community AS framac
 USER root
 WORKDIR /tmp/framac
 
-ADD https://frama-c.com/download/frama-c-20.0-Calcium.tar.gz \
-    /tmp/framac
+RUN cd /tmp/framac \
+    && curl -ksSLO https://frama-c.com/download/frama-c-20.0-Calcium.tar.gz
 
 RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >> /etc/apt/sources.list \
     && apt-get update \
     && apt-get install -y \
         make \
         unzip \
+        xz-utils \
         ocaml \
         ocaml-findlib \
         libfindlib-ocaml-dev \
@@ -42,34 +43,37 @@ COPY conf /tmp/conf
 ## ====================== DOWNLOAD DEPENDENCIES ===============================
 
 # Download SonarQube plugins
-ADD https://github.com/checkstyle/sonar-checkstyle/releases/download/4.21/checkstyle-sonar-plugin-4.21.jar \
-    https://github.com/galexandre/sonar-cobertura/releases/download/1.9.1/sonar-cobertura-plugin-1.9.1.jar \
-    https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.1/sonar-cxx-plugin-1.3.1.1807.jar \
-    https://github.com/spotbugs/sonar-findbugs/releases/download/3.11.0/sonar-findbugs-plugin-3.11.0.jar \
-    https://github.com/willemsrb/sonar-rci-plugin/releases/download/sonar-rci-plugin-1.0.1/sonar-rci-plugin-1.0.1.jar \
-    https://binaries.sonarsource.com/Distribution/sonar-flex-plugin/sonar-flex-plugin-2.5.1.1831.jar \
-    https://github.com/cnescatlab/sonar-cnes-cxx-plugin/releases/download/v1.1.0/sonar-cnes-cxx-plugin-1.1.jar \
-    https://github.com/cnescatlab/sonar-cnes-export-plugin/releases/download/v1.2.0/sonar-cnes-export-plugin-1.2.jar \
-    https://github.com/cnescatlab/sonar-cnes-python-plugin/releases/download/1.3/sonar-cnes-python-plugin-1.3.jar \
-    https://github.com/cnescatlab/sonar-icode-cnes-plugin/releases/download/2.0.2/sonar-icode-cnes-plugin-2.0.2.jar \
-    https://github.com/cnescatlab/sonar-frama-c-plugin/releases/download/V2.1.1/sonar-frama-c-plugin-2.1.1.jar \
-    https://github.com/cnescatlab/sonar-cnes-scan-plugin/releases/download/1.5.0/sonar-cnes-scan-plugin-1.5.jar \
-    https://github.com/cnescatlab/sonar-cnes-report/releases/download/3.2.2/sonar-cnes-report-3.2.2.jar \
-    https://github.com/jensgerdes/sonar-pmd/releases/download/3.2.1/sonar-pmd-plugin-3.2.1.jar \
-    /opt/sonarqube/extensions/plugins/
-
+RUN cd /opt/sonarqube/extensions/plugins \
+    && curl -ksSLO https://github.com/checkstyle/sonar-checkstyle/releases/download/4.21/checkstyle-sonar-plugin-4.21.jar \
+    && curl -ksSLO https://github.com/galexandre/sonar-cobertura/releases/download/1.9.1/sonar-cobertura-plugin-1.9.1.jar \
+    && curl -ksSLO https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.1/sonar-cxx-plugin-1.3.1.1807.jar \
+    && curl -ksSLO https://github.com/spotbugs/sonar-findbugs/releases/download/3.11.0/sonar-findbugs-plugin-3.11.0.jar \
+    && curl -ksSLO https://github.com/willemsrb/sonar-rci-plugin/releases/download/sonar-rci-plugin-1.0.1/sonar-rci-plugin-1.0.1.jar \
+    && curl -ksSLO https://binaries.sonarsource.com/Distribution/sonar-flex-plugin/sonar-flex-plugin-2.5.1.1831.jar \
+    && curl -ksSLO https://github.com/cnescatlab/sonar-cnes-cxx-plugin/releases/download/v1.1.0/sonar-cnes-cxx-plugin-1.1.jar \
+    && curl -ksSLO https://github.com/cnescatlab/sonar-cnes-export-plugin/releases/download/v1.2.0/sonar-cnes-export-plugin-1.2.jar \
+    && curl -ksSLO https://github.com/cnescatlab/sonar-cnes-python-plugin/releases/download/1.3/sonar-cnes-python-plugin-1.3.jar \
+    && curl -ksSLO https://github.com/cnescatlab/sonar-icode-cnes-plugin/releases/download/2.0.2/sonar-icode-cnes-plugin-2.0.2.jar \
+    && curl -ksSLO https://github.com/cnescatlab/sonar-frama-c-plugin/releases/download/V2.1.1/sonar-frama-c-plugin-2.1.1.jar \
+    && curl -ksSLO https://github.com/cnescatlab/sonar-cnes-scan-plugin/releases/download/1.5.0/sonar-cnes-scan-plugin-1.5.jar \
+    && curl -ksSLO https://github.com/cnescatlab/sonar-cnes-report/releases/download/3.3.0/sonar-cnes-report.jar \
+    && curl -ksSLO https://github.com/jensgerdes/sonar-pmd/releases/download/3.2.1/sonar-pmd-plugin-3.2.1.jar \
+    && curl -ksSLO https://github.com/cnescatlab/sonar-hadolint-plugin/releases/download/1.0.0/sonar-hadolint-plugin-1.0.0.jar
 
 # Download software
-ADD https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/rough-auditing-tool-for-security/rats-2.4.tgz \
-    http://downloads.sourceforge.net/project/expat/expat/2.0.1/expat-2.0.1.tar.gz \
-    https://github.com/cnescatlab/i-CodeCNES/releases/download/v4.1.0/icode-4.1.0.zip \
-    https://netix.dl.sourceforge.net/project/cppcheck/cppcheck/1.90/cppcheck-1.90.tar.gz \
-    https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170.zip \
-    /tmp/
+RUN cd /tmp \
+    && curl -ksSLO https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/rough-auditing-tool-for-security/rats-2.4.tgz \
+    && curl -ksSLO https://sourceforge.net/projects/expat/files/expat/2.4.1/expat-2.4.1.tar.gz \
+    && curl -ksSLO https://github.com/cnescatlab/i-CodeCNES/releases/download/v4.1.0/icode-4.1.0.zip \
+    && curl -ksSLO https://netix.dl.sourceforge.net/project/cppcheck/cppcheck/1.90/cppcheck-1.90.tar.gz \
+    && curl -ksSLO https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170.zip \
+    && curl -ksSLO https://github.com/facebook/infer/releases/download/v0.17.0/infer-linux64-v0.17.0.tar.xz \
+    && curl -ksSLO https://github.com/hadolint/hadolint/releases/download/v2.7.0/hadolint-Linux-x86_64
 
 # CNES Pylint extension
-ADD https://github.com/cnescatlab/cnes-pylint-extension/archive/v5.0.0.tar.gz \
-    /tmp/python/
+RUN mkdir -p /tmp/python \
+    && cd /tmp/python \
+    && curl -ksSLO https://github.com/cnescatlab/cnes-pylint-extension/archive/v5.0.0.tar.gz
 
 # Add CNES pylintrc A_B, C, D
 COPY pylintrc.d/ /opt/python/
@@ -84,20 +88,30 @@ RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >
     && apt-get update -y \
     && apt-get install -y \
        unzip \
+       # Needed by Pylint
        python3 \
        python3-pip \
+       # Needed by Vera++
        vera\+\+=1.2.1-* \
+       # Needed by Shellcheck
        shellcheck=0.7.1-* \
-       gcc=4:10.2.0-* \
+       gcc=4:10.2.1-* \
        make=4.3-* \
        g\+\+ \
        libpcre3 \
        libpcre3-dev \
+       # Needed by Frama-C
        libfindlib-ocaml \
        libocamlgraph-ocaml-dev \
        libzarith-ocaml \
        libyojson-ocaml \
        jq \
+       # Needed by Infer
+       libsqlite3-0=3.34.1-* \
+       libtinfo5=6.2* \
+       python2.7=2.7.18-* \
+       # Compilation tools needed by Infer
+       clang=1:11.0-* \
     && rm -rf /var/lib/apt/lists/* \
     && mkdir /home/sonarqube \
     ## Install i-Code CNES
@@ -124,15 +138,18 @@ RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >
        typed-ast==1.4.1 \
        astroid==2.4.0 \
        pylint==2.5.0 \
-    ## C and C++ tools installation
+    ## C and C++, and hadolint tools installation
     && cd /tmp \
-    && tar -xvzf expat-2.0.1.tar.gz \
-    && cd expat-2.0.1 \
+    && mv hadolint-Linux-x86_64 hadolint \
+    && chmod 777 hadolint \
+    && mv hadolint /usr/local/bin \
+    && tar -xvzf expat-2.4.1.tar.gz \
+    && cd expat-2.4.1 \
     && ./configure \
     && make \
     && make install \
     && cd .. \
-    && rm -rf ./expat-2.0.1.tar.gz ./expat-2.0.1 \
+    && rm -rf ./expat-2.4.1.tar.gz ./expat-2.4.1 \
     && tar -xzvf rats-2.4.tgz \
     && cd rats-2.4 \
     && ./configure --with-expat-lib=/usr/local/lib \
@@ -146,6 +163,7 @@ RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >
     && make install MATCHCOMPILER="yes" FILESDIR="/usr/share/cppcheck" HAVE_RULES="yes" CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function -Wno-deprecated-declarations" \
     && cd .. \
     && rm -rf ./cppcheck-1.90.tar.gz ./cppcheck-1.90/ \
+    && tar -C /opt -Jxvf infer-linux64-v0.17.0.tar.xz \
     && chown sonarqube:sonarqube -R /opt \
     && chown sonarqube:sonarqube -R /home \
     && apt-get autoremove -y \
@@ -166,8 +184,11 @@ RUN chmod 750 /tmp/init.bash \
     && chown sonarqube:sonarqube -R /tmp/conf \
     && mkdir -p /opt/sonarqube/frama-c/ \
     && ln -s /usr/local/bin/frama-c /opt/sonarqube/frama-c/frama-c \
+    && ln -s "/opt/infer-linux64-v0.17.0/bin/infer" /usr/local/bin/infer \
 ###### Disable telemetry
     && sed -i 's/#sonar\.telemetry\.enable=true/sonar\.telemetry\.enable=false/' /opt/sonarqube/conf/sonar.properties \
+###### Set list of patterns matching Dockerfiles for hadolint
+    && echo 'sonar.lang.patterns.dockerfile=Dockerfile,Dockerfile.*' >> /opt/sonarqube/conf/sonar-scanner.properties \
 ###### Set default report path for Cppcheck
     && echo 'sonar.cxx.cppcheck.reportPath=cppcheck-report.xml' >> /opt/sonar-scanner/conf/sonar-scanner.properties \
 ###### Set default report path for Vera++

README.md

@@ -118,6 +118,7 @@ You can run an analysis with the classic method by using one of scanners provide
 | Frama-C                                           | 20.0                     |
 | expat                                             | 2.0.1                    |
 | rats                                              | 2.4                      |
+| hadolint                                          | 2.7.0                    |
 | python3                                           | 3.8.3                    |
 | pip                                               | 20.1.1                   |
 | setuptools                                        | 46.1.3                   |
@@ -132,6 +133,7 @@ You can run an analysis with the classic method by using one of scanners provide
 | astroid                                           | 2.4.0                    |
 | pylint                                            | 2.5.0                    |
 | cnes-pylint-extension                             | 5.0.0                    |
+| Infer                                             | 0.17.0                   |
 
 | SonarQube plugins                                 | Versions                 |
 |---------------------------------------------------|--------------------------|
@@ -161,7 +163,8 @@ You can run an analysis with the classic method by using one of scanners provide
 | SonarQube CNES CXX Plugin                         | 1.1                      |
 | SonarQube CNES Export Plugin                      | 1.2                      |
 | SonarQube CNES Python Plugin                      | 1.3                      |
-| SonarQube CNES Report                             | 3.2.2                    |
+| SonarQube CNES Report                             | 3.3.0                    |
+| SonarQube Hadolint Plugin                         | 1.0.0                    |
 | SonarQube CNES Scan Plugin                        | 1.5                      |
 | SonarRuby                                         | 1.5.0 (build 315)        |
 | SonarScala                                        | 1.5.0 (build 315)        |

tests/README.md

@@ -62,6 +62,13 @@
 1. Import Frama-C results
     * function: test_import_framac_results
     * purpose: Check that issues revealed by Frama-C and activated in the Quality Profile can be imported in SonarQube.
+1. Hadolint
+    * function: test_tool_hadolint
+    * purpose: Check that hadolint can be launched from within the container to analyze Dockerfiles.
+1. Infer
+    * function: test_tool_infer
+    * purpose: Check that Infer can be launched from within the container to analyze C/C++ projects.
+
 
 ## How to run all the tests
 

tests/docker/Dockerfile

@@ -0,0 +1,11 @@
+# Code taken from hadolint manual
+# https://hadolint.github.io/hadolint/
+FROM debian
+RUN export node_version="0.10" \
+&& apt-get update && apt-get -y install nodejs="$node_verion"
+COPY package.json usr/src/app
+RUN cd /usr/src/app \
+&& npm install node-static
+
+EXPOSE 80000
+CMD ["npm", "start"]

tests/docker/reference-hadolint-results

@@ -0,0 +1,8 @@
+tests/docker/Dockerfile:3 DL3006 warning: Always tag the version of an image explicitly
+tests/docker/Dockerfile:4 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
+tests/docker/Dockerfile:4 DL3009 info: Delete the apt-get lists after installing something
+tests/docker/Dockerfile:4 SC2154 warning: node_verion is referenced but not assigned (did you mean 'node_version'?).
+tests/docker/Dockerfile:6 DL3045 warning: `COPY` to a relative destination without `WORKDIR` set.
+tests/docker/Dockerfile:7 DL3003 warning: Use WORKDIR to switch to a directory
+tests/docker/Dockerfile:7 DL3016 warning: Pin versions in npm. Instead of `npm install <package>` use `npm install <package>@<version>`
+tests/docker/Dockerfile:10 DL3011 error: Valid UNIX ports range from 0 to 65535

tests/test_docker_cat.py

@@ -333,7 +333,8 @@ def test_check_plugins(self):
             ("SonarQube CNES CXX Plugin", "1.1"),
             ("SonarQube CNES Export Plugin", "1.2"),
             ("SonarQube CNES Python Plugin", "1.3"),
-            ("SonarQube CNES Report", "3.2.2"),
+            ("SonarQube CNES Report", "3.3.0"),
+            ("SonarQube Hadolint Plugin", "1.0.0"),
             ("SonarQube CNES Scan Plugin", "1.5"),
             ("SonarRuby", "1.5.0 (build 315)"),
             ("SonarScala", "1.5.0 (build 315)"),
@@ -478,6 +479,24 @@ def test_tool_frama_c(self):
         cmd = f"frama-c tests/c_cpp/framac/CruiseControl.c tests/c_cpp/framac/CruiseControl_const.c -rte -metrics -report-csv {report}"
         self.analysis_tool("Frama-C", cmd, ref, output)
 
+    def test_tool_hadolint(self):
+        """
+        As a user of this image, I want to run hadolint to lint my Dockerfile
+        so that I can see if my Dockerfile respect best pratices.
+        """
+        ref = "tests/docker/reference-hadolint-results"
+        output = "tests/docker/tmp-hadolint-results"
+        cmd =  "hadolint --no-fail tests/docker/Dockerfile"
+        self.analysis_tool("hadolint", cmd, ref, output)
+
+    def test_tool_infer(self):
+        """
+        As a user of this image, I want to run Infer from within a container
+        so that it produces results.
+        """
+        cmd = "infer -q run -- gcc -c tests/c_cpp/infer/hello.c -o tests/c_cpp/infer/hello.o"
+        self.analysis_tool("Infer", cmd, "tests/c_cpp/reference-infer-results.json", "infer-out/report.json", False)
+
     def test_tool_pylint(self):
         """
         As a user of this image, I want to run pylint from within a container