3 * Copyright (C) 2009-2023 SonarSource SA
4 * mailto:info AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.issue.index;
23 import org.elasticsearch.action.search.SearchResponse;
24 import org.junit.Test;
25 import org.sonar.api.rule.Severity;
26 import org.sonar.db.component.ComponentDto;
27 import org.sonar.server.es.Facets;
28 import org.sonar.server.es.SearchOptions;
29 import org.sonar.server.permission.index.IndexPermissions;
31 import static java.util.Arrays.asList;
32 import static java.util.Arrays.stream;
33 import static java.util.Collections.singletonList;
34 import static java.util.stream.Collectors.toList;
35 import static org.assertj.core.api.Assertions.assertThat;
36 import static org.assertj.core.api.Assertions.entry;
37 import static org.sonar.api.resources.Qualifiers.PROJECT;
38 import static org.sonar.api.rule.Severity.INFO;
39 import static org.sonar.api.rule.Severity.MAJOR;
40 import static org.sonar.api.rules.RuleType.BUG;
41 import static org.sonar.api.rules.RuleType.CODE_SMELL;
42 import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
43 import static org.sonar.api.rules.RuleType.VULNERABILITY;
44 import static org.sonar.db.component.ComponentTesting.newFileDto;
45 import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
46 import static org.sonar.server.issue.IssueDocTesting.newDoc;
48 public class IssueIndexSecurityHotspotsTest extends IssueIndexTestCommon {
51 public void filter_by_security_hotspots_type() {
52 ComponentDto project = newPrivateProjectDto();
53 ComponentDto file = newFileDto(project, null);
56 newDoc("I1", project.uuid(), file).setType(BUG),
57 newDoc("I2", project.uuid(), file).setType(CODE_SMELL),
58 newDoc("I3", project.uuid(), file).setType(VULNERABILITY),
59 newDoc("I4", project.uuid(), file).setType(VULNERABILITY),
60 newDoc("I5", project.uuid(), file).setType(SECURITY_HOTSPOT),
61 newDoc("I6", project.uuid(), file).setType(SECURITY_HOTSPOT));
63 assertThatSearchReturnsOnly(IssueQuery.builder().types(singletonList(SECURITY_HOTSPOT.name())), "I5", "I6");
64 assertThatSearchReturnsOnly(IssueQuery.builder().types(asList(SECURITY_HOTSPOT.name(), VULNERABILITY.name())), "I3", "I4", "I5", "I6");
65 assertThatSearchReturnsOnly(IssueQuery.builder(), "I1", "I2", "I3", "I4", "I5", "I6");
69 public void filter_by_severities_ignore_hotspots() {
70 ComponentDto project = newPrivateProjectDto();
71 ComponentDto file = newFileDto(project, null);
74 newDoc("I1", project.uuid(), file).setSeverity(Severity.INFO).setType(BUG),
75 newDoc("I2", project.uuid(), file).setSeverity(Severity.MAJOR).setType(CODE_SMELL),
76 newDoc("I3", project.uuid(), file).setSeverity(Severity.MAJOR).setType(VULNERABILITY),
77 newDoc("I4", project.uuid(), file).setSeverity(Severity.CRITICAL).setType(VULNERABILITY),
78 // This entry should be ignored
79 newDoc("I5", project.uuid(), file).setSeverity(Severity.MAJOR).setType(SECURITY_HOTSPOT));
81 assertThatSearchReturnsOnly(IssueQuery.builder().severities(asList(Severity.INFO, Severity.MAJOR)), "I1", "I2", "I3");
82 assertThatSearchReturnsOnly(IssueQuery.builder().severities(asList(Severity.INFO, Severity.MAJOR)).types(singletonList(VULNERABILITY.name())), "I3");
83 assertThatSearchReturnsEmpty(IssueQuery.builder().severities(singletonList(Severity.MAJOR)).types(singletonList(SECURITY_HOTSPOT.name())));
87 public void facet_on_severities_ignore_hotspots() {
88 ComponentDto project = newPrivateProjectDto();
89 ComponentDto file = newFileDto(project, null);
92 newDoc("I1", project.uuid(), file).setSeverity(INFO).setType(BUG),
93 newDoc("I2", project.uuid(), file).setSeverity(INFO).setType(CODE_SMELL),
94 newDoc("I3", project.uuid(), file).setSeverity(INFO).setType(VULNERABILITY),
95 newDoc("I4", project.uuid(), file).setSeverity(MAJOR).setType(VULNERABILITY),
96 // These 2 entries should be ignored
97 newDoc("I5", project.uuid(), file).setSeverity(INFO).setType(SECURITY_HOTSPOT),
98 newDoc("I6", project.uuid(), file).setSeverity(MAJOR).setType(SECURITY_HOTSPOT));
100 assertThatFacetHasOnly(IssueQuery.builder(), "severities", entry("INFO", 3L), entry("MAJOR", 1L));
101 assertThatFacetHasOnly(IssueQuery.builder().types(singletonList(VULNERABILITY.name())), "severities", entry("INFO", 1L), entry("MAJOR", 1L));
102 assertThatFacetHasOnly(IssueQuery.builder().types(asList(BUG.name(), CODE_SMELL.name(), VULNERABILITY.name())), "severities", entry("INFO", 3L), entry("MAJOR", 1L));
103 assertThatFacetHasOnly(IssueQuery.builder().types(singletonList(SECURITY_HOTSPOT.name())), "severities");
107 private final void assertThatFacetHasOnly(IssueQuery.Builder query, String facet, Map.Entry<String, Long>... expectedEntries) {
108 SearchResponse result = underTest.search(query.build(), new SearchOptions().addFacets(singletonList(facet)));
109 Facets facets = new Facets(result, system2.getDefaultTimeZone().toZoneId());
110 assertThat(facets.getNames()).containsOnly(facet, "effort");
111 assertThat(facets.get(facet)).containsOnly(expectedEntries);
projects / sonarqube.git / blob