SONARARMOR-98 SonarArmor JS/TS rules should be in Sonar Way profile

sonar-plugin/sonar-javascript-plugin/src/main/java/org/sonar/plugins/javascript/JavaScriptProfilesDefinition.java

@@ -46,7 +46,8 @@ public class JavaScriptProfilesDefinition implements BuiltInQualityProfilesDefin
   public static final String SONAR_WAY_JSON = RESOURCE_PATH + "/Sonar_way_profile.json";
 
   private static final Map<String, String> PROFILES = new HashMap<>();
-  static final String SECURITY_RULES_CLASS_NAME = "com.sonar.plugins.security.api.JsRules";
+  static final String SONAR_SECURITY_RULES_CLASS_NAME = "com.sonar.plugins.security.api.JsRules";
+  static final String SONAR_ARMOR_RULES_CLASS_NAME = "com.sonar.plugins.armor.api.JsRules";
   public static final String SECURITY_RULE_KEYS_METHOD_NAME = "getSecurityRuleKeys";
 
   static {
@@ -95,20 +96,26 @@ private static void createProfile(
   }
 
   /**
-   * Security rules are added by reflectively invoking specific class from sonar-security-plugin, which provides
+   * Security rules are added by reflectively invoking specific class from SonarSecurity or Armor plugin, which provides
    * rule keys to add to the built-in profiles.
-   *
-   * It is expected for reflective call to fail in case sonar-security-plugin is not available, e.g. in SQ community
-   * edition
+   * It is expected for reflective call to fail in case any plugin is not available, e.g. in SQ community edition.
    */
   private static void addSecurityRules(NewBuiltInQualityProfile newProfile, String language) {
-    Set<RuleKey> ruleKeys = getSecurityRuleKeys(
-      SECURITY_RULES_CLASS_NAME,
+    Set<RuleKey> sonarSecurityRuleKeys = getSecurityRuleKeys(
+      SONAR_SECURITY_RULES_CLASS_NAME,
       SECURITY_RULE_KEYS_METHOD_NAME,
       language
     );
-    LOG.debug("Adding security ruleKeys {}", ruleKeys);
-    ruleKeys.forEach(r -> newProfile.activateRule(r.repository(), r.rule()));
+    LOG.debug("Adding security ruleKeys {}", sonarSecurityRuleKeys);
+    sonarSecurityRuleKeys.forEach(r -> newProfile.activateRule(r.repository(), r.rule()));
+
+    Set<RuleKey> sonarArmorRuleKeys = getSecurityRuleKeys(
+      SONAR_ARMOR_RULES_CLASS_NAME,
+      SECURITY_RULE_KEYS_METHOD_NAME,
+      language
+    );
+    LOG.debug("Adding security ruleKeys {}", sonarArmorRuleKeys);
+    sonarArmorRuleKeys.forEach(r -> newProfile.activateRule(r.repository(), r.rule()));
   }
 
   // Visible for testing

sonar-plugin/sonar-javascript-plugin/src/test/java/org/sonar/plugins/javascript/JavaScriptProfilesDefinitionTest.java

@@ -19,12 +19,6 @@
  */
 package org.sonar.plugins.javascript;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.SECURITY_RULES_CLASS_NAME;
-import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.SECURITY_RULE_KEYS_METHOD_NAME;
-import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.SONAR_WAY_JSON;
-import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.getSecurityRuleKeys;
-
 import com.sonar.plugins.security.api.JsRules;
 import java.lang.annotation.Annotation;
 import java.util.List;
@@ -46,6 +40,12 @@
 import org.sonar.plugins.javascript.rules.TypeScriptRulesDefinition;
 import org.sonarsource.analyzer.commons.BuiltInQualityProfileJsonLoader;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.SECURITY_RULE_KEYS_METHOD_NAME;
+import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.SONAR_SECURITY_RULES_CLASS_NAME;
+import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.SONAR_WAY_JSON;
+import static org.sonar.plugins.javascript.JavaScriptProfilesDefinition.getSecurityRuleKeys;
+
 class JavaScriptProfilesDefinitionTest {
 
   private static final SonarRuntime sonarRuntime = SonarRuntimeImpl.forSonarLint(
@@ -140,26 +140,26 @@ void no_legacy_Key_in_profile_json() {
   @Test
   void should_contains_security_rules_if_available() {
     // no security rule available
-    assertThat(getSecurityRuleKeys(SECURITY_RULES_CLASS_NAME, SECURITY_RULE_KEYS_METHOD_NAME, "js"))
+    assertThat(getSecurityRuleKeys(SONAR_SECURITY_RULES_CLASS_NAME, SECURITY_RULE_KEYS_METHOD_NAME, "js"))
       .isEmpty();
 
-    assertThat(getSecurityRuleKeys(SECURITY_RULES_CLASS_NAME, SECURITY_RULE_KEYS_METHOD_NAME, "ts"))
+    assertThat(getSecurityRuleKeys(SONAR_SECURITY_RULES_CLASS_NAME, SECURITY_RULE_KEYS_METHOD_NAME, "ts"))
       .isEmpty();
 
     JsRules.JS_RULES.add(RuleKey.parse("jssecurity:S3649"));
     // one security rule available
-    assertThat(getSecurityRuleKeys(SECURITY_RULES_CLASS_NAME, SECURITY_RULE_KEYS_METHOD_NAME, "js"))
+    assertThat(getSecurityRuleKeys(SONAR_SECURITY_RULES_CLASS_NAME, SECURITY_RULE_KEYS_METHOD_NAME, "js"))
       .containsOnly(RuleKey.of("jssecurity", "S3649"));
 
     JsRules.TS_RULES.add(RuleKey.parse("tssecurity:S3649"));
-    assertThat(getSecurityRuleKeys(SECURITY_RULES_CLASS_NAME, SECURITY_RULE_KEYS_METHOD_NAME, "ts"))
+    assertThat(getSecurityRuleKeys(SONAR_SECURITY_RULES_CLASS_NAME, SECURITY_RULE_KEYS_METHOD_NAME, "ts"))
       .containsOnly(RuleKey.of("tssecurity", "S3649"));
 
     // invalid class name
     assertThat(getSecurityRuleKeys("xxx", SECURITY_RULE_KEYS_METHOD_NAME, "js")).isEmpty();
 
     // invalid method name
-    assertThat(getSecurityRuleKeys(SECURITY_RULES_CLASS_NAME, "xxx", "js")).isEmpty();
+    assertThat(getSecurityRuleKeys(SONAR_SECURITY_RULES_CLASS_NAME, "xxx", "js")).isEmpty();
 
     JsRules.clear();
   }