|
| 1 | +## General rules |
| 2 | +1. Add only new files to git. Do not modify the existing staging unless explicitly required. |
| 3 | + |
| 4 | +## Verification development stages |
| 5 | + |
| 6 | +1. Implement everything in pure Kotlin, making full use of IDE-assisted language features and inspections. |
| 7 | +2. Add inspection messages and tooltips to [SecurityPluginBundle.properties](src/main/resources/messages/SecurityPluginBundle.properties). |
| 8 | +3. Create the inspection draft in the technology-specific folder under [securityLinter](src/main/kotlin/dev/protsenko/securityLinter). |
| 9 | +4. Add tests covering the inspection: |
| 10 | + - Example of a Docker inspection: [DS003SshPortExposed.kt](src/test/kotlin/dev/protsenko/securityLinter/docker/DS003SshPortExposed.kt) |
| 11 | + - Example of test data for Docker inspections: [DS003](src/test/testData/docker/DS003) |
| 12 | + - Example of extended test data with additional cases: [DS029](src/test/testData/docker/DS029) |
| 13 | +5. Create an inspection description in HTML using the same filename as the inspection class in [inspectionDescriptions](src/main/resources/inspectionDescriptions). |
| 14 | +6. Register the inspection in XML: |
| 15 | + - For YAML-based inspections: [dev.protsenko.security-linter-yaml.xml](src/main/resources/META-INF/dev.protsenko.security-linter-yaml.xml) |
| 16 | + - For general and Docker-based inspections: [plugin.xml](src/main/resources/META-INF/plugin.xml) |
| 17 | +7. If the inspection validates Docker RUN commands, follow the rules defined in [RunCommandValidator.kt](src/main/kotlin/dev/protsenko/securityLinter/docker/checker/core/RunCommandValidator.kt). |
| 18 | + - Register the required extension points in [plugin.xml](src/main/resources/META-INF/plugin.xml). |
| 19 | +8. If the inspection is YAML-based, use the bundled helper classes such as [YamlPath.kt](src/main/kotlin/dev/protsenko/securityLinter/utils/YamlPath.kt). |
| 20 | +9. Ensure that all tests pass. |
| 21 | +10. If the plugin version has not been updated in [gradle.properties](gradle.properties), update it. |
| 22 | +11. Update the changelog in [CHANGELOG.md](CHANGELOG.md). |
| 23 | +12. Perform a full build and run the complete test suite for the plugin. |
| 24 | + |
| 25 | +## Summary for verification development |
| 26 | + |
| 27 | +1. All inspections must be registered and covered by tests. |
| 28 | +2. All inspections must leverage Kotlin and IDE capabilities effectively. |
| 29 | +3. All reusable helper utilities should be covered by JUnit 3 tests. |
| 30 | +4. All inspections must cover corner cases and include extended test scenarios. |
0 commit comments