[ZCodeScan] Targeting rules according to programs typologies

[FALLAI-Denis]

Description of the enhancement requested

Hi,

An application can consist of programs of different typologies, even if they are developed using the same programming language:

• batch programs vs. CICS programs
• older programs created before the implementation of control rules vs. new programs created after the implementation of control rules
• internally developed programs vs. programs developed externally

The control rules should be able to be applied according to discriminatory criteria on the programs:

• criteria external to the program, such as its path to a folder or its filename
• criteria internal to the program, such as the presence of specific information in the source code.

External criteria should be declarable in the zapp.yaml file for the zcodescan profile.
This implies:

• the ability to declare multiple zcodescan profiles (this doesn't seem to be a problem for declaration, but needs to be investigated for ZCodeScan execution)
• the ability to define the programming language targeted by the rules, or a list of file extensions, (currently not supported, and should be mandatory)
• the ability to define filtering based on the path and/or the name of the program's source file, (currently not supported)
• the ability to choose the zcodescan profile to use for an analysis request on the current program, or to the point that this profile can be automatically selected based on the criteria described in each zcodescan profile
• potentially select and apply multiple zcodescan profiles to the same program file, (combination of rules defined in multiple profiles)

A sample zcodescan multi profiles:

profiles:
  # ZCodeScan for all COBOL programs
  - name: zcodescan-cobol-all
    type: zcodescan
    language: cobol
    locations: 
      - "src/**/*.(cbl|cob)"
    settings:
      rules:
        - type: local
          locations:
            - "zcodescan/cobol-all-rules.yaml"
      customRuleModels:
        - type: local
          locations:
            - "zcodescan/cobol-all-rules-domains.yaml"
  # ZCodeScan for batch COBOL programs
  - name: zcodescan-cobol-batch
    type: zcodescan
    language: cobol
    locations: 
      - "src/**/??B*.(cbl|cob)"
    settings:
      rules:
        - type: local
          locations:
            - "zcodescan/cobol-batch-rules.yaml"
      customRuleModels:
        - type: local
          locations:
            - "zcodescan/cobol-batch-rules-domains.yaml"
  # ZCodeScan for CICS COBOL programs
  - name: zcodescan-cobol-cics
    type: zcodescan
    language: cobol
    locations: 
      - "src/**/??C*.(cbl|cob)"    
      - "src/**/??T*.(cbl|cob)"
    settings:
      rules:
        - type: local
          locations:
            - "zcodescan/cobol-cics-rules.yaml"
      customRuleModels:
        - type: local
          locations:
            - "zcodescan/cobol-cics-rules-domains.yaml"     

Internal criteria should be declarable in the rules themselves with a "when to apply" condition : if condition then validate rule.
This condition should be based on the presence or absence of an information in the source code, or even a combination of informations, (and / or).
Regarding builtin rules, this is already handled because multiple pieces of information can be combined (for example, zcodescan.cobol.rules.ExitParagraphRule rule : if section then validate an exit paragraph in this section).
However, this doesn't seem possible with custom rules, especially regex rules. It might be possible with custom Java rules, but at the moment the available documentation is not sufficient to form an opinion.

Thanks.