fix(sonarqube): bypass 10K result cap by fetching issues per-rule

Closes #33

The issues/search API enforces p*ps <= 10000. With PAGE_SIZE=500, page
21 returns HTTP 400. Fix: iterate per-rule instead of passing all ~600
rules in one query. Each single-rule query stays well under 10K.

Also fixes off-by-one in page count (ceiling division) and adds HTTP
status checking before reading response body.

Author: TheAuditorTool

src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java

@@ -35,16 +35,19 @@ public class SonarReport {
     private static final ObjectMapper objectMapper = new ObjectMapper();
 
     public static void main(String[] args) throws Exception {
-        String allJavaRules = String.join(",", allJavaRules());
+        Set<String> allJavaRules = allJavaRules();
         List<String> issues = new ArrayList<>();
         List<String> hotspots = new ArrayList<>();
 
-        forAllPagesAt(
-                "issues/search?componentKeys="
-                        + SONAR_PROJECT
-                        + "&types=VULNERABILITY&&rules="
-                        + allJavaRules,
-                (result -> issues.addAll(result.issues)));
+        for (String rule : allJavaRules) {
+            forAllPagesAt(
+                    "issues/search?componentKeys="
+                            + SONAR_PROJECT
+                            + "&types=VULNERABILITY&rules="
+                            + rule,
+                    (result -> issues.addAll(result.issues)));
+        }
+
         forAllPagesAt(
                 "hotspots/search?projectKey=" + SONAR_PROJECT,
                 (result -> hotspots.addAll(result.hotspots)));
@@ -91,7 +94,9 @@ private static void forAllPagesAt(String apiPath, Consumer<SonarQubeResult> page
                     objectMapper.readValue(
                             apiCall(apiPath + pagingSuffix(page, apiPath)), SonarQubeResult.class);
 
-            pages = (result.paging.resultCount / PAGE_SIZE) + 1;
+            pages =
+                    (result.paging.resultCount / PAGE_SIZE)
+                            + (result.paging.resultCount % PAGE_SIZE == 0 ? 0 : 1);
 
             pageHandlerCallback.accept(result);
 
@@ -110,6 +115,11 @@ private static String apiCall(String apiPath) throws IOException {
         connection.setDoOutput(true);
         connection.setRequestProperty("Authorization", "Basic " + sonarAuth);
 
+        int status = connection.getResponseCode();
+        if (status != 200) {
+            throw new IOException("SonarQube API returned HTTP " + status + " for " + apiPath);
+        }
+
         return join("\n", readLines(connection.getInputStream(), defaultCharset()));
     }