Refactor scan rule implementation

[TharmiganK]

Purpose

Fixes:
ballerina-platform/ballerina-library#8354

Fixed issues:

• Previous implementation has the following issues and fixed with the new design,
  • Using complex and duplicated analysis to get argument values with parameter names
  • Does not use semantic information to resolve module name to filter the crypto module function
  • Using semantic model references API to check whether the value is modified. But this is not ideal since if the variable is even used without reassignment or modification, it can be referenced. Ideal solution would be navigate to the references and check the nodes. But this is a very complex process. Hence, used an analysis based on the global and local block scopes to find the modifications or reassignments. Yet, any blocks like if, match, etc. can change the values, so avoided to resolve the variable declaration finding if we encounter any block statements. This is the least intrusive option.
• With the new implementation, a new interface is introduce to implement any resource level static code rules and a context object is introduced which can contain all the required objects to perform the analysis
• Fixes several other bugs in the previous implementation
• Added a section in the specification regarding the static code rules. The section follows the following format:

  # Static Rule Title
  
  <!-- one line description of the static code rule -->
  
  ## Why this is an issue?
  
  ## What is the potential impact?
  
  ## How can I fix this?
  
  <!-- description -->
  
  **Non-complaint code:**
  <!-- code example -->
  
  **Complaint code:**
  <!-- code example -->
  
  ## Additional Resources

• Removed the rule 4. Check the comment in the issue for more information. Also IMO suggesting to use a external method call might not looks nice. We should consider this when we can a Ballerina level support for creating secure randoms

Examples

N/A

Checklist

• Linked to an issue
• Updated the changelog
• Added tests
• Updated the spec
• Checked native-image compatibility

[codecov]

Codecov Report

❌ Patch coverage is 78.98305% with 62 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.03%. Comparing base (7210fa2) to head (cbb204b).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...mpiler/staticcodeanalyzer/CryptoAnalyzerUtils.java	71.17%	7 Missing and 25 partials ⚠️
...o/compiler/staticcodeanalyzer/FunctionContext.java	79.31%	6 Missing and 6 partials ⚠️
...ctionrules/AvoidReusingCounterModeVectorsRule.java	77.14%	2 Missing and 6 partials ⚠️
...zer/functionrules/AvoidFastHashAlgorithmsRule.java	86.27%	2 Missing and 5 partials ⚠️
...ticcodeanalyzer/CryptoCipherAlgorithmAnalyzer.java	90.00%	0 Missing and 1 partial ⚠️
.../staticcodeanalyzer/CryptoFunctionRulesEngine.java	93.75%	0 Missing and 1 partial ⚠️
...r/functionrules/AvoidWeakCipherAlgorithmsRule.java	92.85%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #613      +/-   ##
============================================
- Coverage     82.32%   82.03%   -0.30%     
- Complexity      241      369     +128     
============================================
  Files            29       41      +12     
  Lines          1375     1714     +339     
  Branches        191      266      +75     
============================================
+ Hits           1132     1406     +274     
- Misses          196      215      +19     
- Partials         47       93      +46     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud