]> source.dussan.org Git - sonarqube.git/blob
projects / sonarqube.git / blob
? search:


83aa9bf18366042664789b1bba06de6e285367a0
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2022 SonarSource SA
4  * mailto:info AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.ce.task.projectanalysis.pushevent;
21
22 import java.util.Date;
23 import java.util.List;
24 import org.junit.Before;
25 import org.junit.Rule;
26 import org.junit.Test;
27 import org.mockito.ArgumentMatcher;
28 import org.sonar.api.rule.RuleKey;
29 import org.sonar.api.rules.RuleType;
30 import org.sonar.api.utils.DateUtils;
31 import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolderRule;
32 import org.sonar.ce.task.projectanalysis.analysis.TestBranch;
33 import org.sonar.ce.task.projectanalysis.component.Component.Type;
34 import org.sonar.ce.task.projectanalysis.component.MutableTreeRootHolderRule;
35 import org.sonar.ce.task.projectanalysis.component.ReportComponent;
36 import org.sonar.core.issue.DefaultIssue;
37 import org.sonar.core.issue.FieldDiffs;
38 import org.sonar.db.protobuf.DbCommons;
39 import org.sonar.db.protobuf.DbIssues;
40 import org.sonar.db.pushevent.PushEventDto;
41 import org.sonar.server.issue.TaintChecker;
42
43 import static org.assertj.core.api.Assertions.assertThat;
44 import static org.mockito.ArgumentMatchers.any;
45 import static org.mockito.Mockito.mock;
46 import static org.mockito.Mockito.when;
47
48 public class PushEventFactoryTest {
49
50   private final TaintChecker taintChecker = mock(TaintChecker.class);
51   @Rule
52   public MutableTreeRootHolderRule treeRootHolder = new MutableTreeRootHolderRule();
53   @Rule
54   public AnalysisMetadataHolderRule analysisMetadataHolder = new AnalysisMetadataHolderRule()
55     .setBranch(new TestBranch("develop"));
56
57   private final PushEventFactory underTest = new PushEventFactory(treeRootHolder, analysisMetadataHolder, taintChecker);
58
59   @Before
60   public void setUp() {
61     when(taintChecker.getTaintRepositories()).thenReturn(List.of("roslyn.sonaranalyzer.security.cs",
62       "javasecurity", "jssecurity", "tssecurity", "phpsecurity", "pythonsecurity"));
63     when(taintChecker.isTaintVulnerability(any())).thenReturn(true);
64     buildComponentTree();
65   }
66
67   @Test
68   public void raise_event_to_repository_if_taint_vulnerability_is_new() {
69     DefaultIssue defaultIssue = createDefaultIssue()
70       .setNew(true);
71
72     assertThat(underTest.raiseEventOnIssue(defaultIssue))
73       .isNotEmpty()
74       .hasValueSatisfying(pushEventDto -> {
75         assertThat(pushEventDto.getName()).isEqualTo("TaintVulnerabilityRaised");
76         assertThat(pushEventDto.getPayload()).isNotNull();
77       });
78
79   }
80
81   @Test
82   public void raise_event_to_repository_if_taint_vulnerability_is_reopened() {
83     DefaultIssue defaultIssue = createDefaultIssue()
84       .setChanged(true)
85       .setNew(false)
86       .setCopied(false)
87       .setCurrentChange(new FieldDiffs().setDiff("status", "CLOSED", "OPEN"));
88
89     assertThat(underTest.raiseEventOnIssue(defaultIssue))
90       .isNotEmpty()
91       .hasValueSatisfying(pushEventDto -> {
92         assertThat(pushEventDto.getName()).isEqualTo("TaintVulnerabilityRaised");
93         assertThat(pushEventDto.getPayload()).isNotNull();
94       });
95   }
96
97   @Test
98   public void skip_event_if_taint_vulnerability_status_change() {
99     DefaultIssue defaultIssue = createDefaultIssue()
100         .setChanged(true)
101         .setNew(false)
102         .setCopied(false)
103         .setCurrentChange(new FieldDiffs().setDiff("status", "OPEN", "FIXED"));
104
105     assertThat(underTest.raiseEventOnIssue(defaultIssue)).isEmpty();
106   }
107
108   @Test
109   public void raise_event_to_repository_if_taint_vulnerability_is_copied() {
110     DefaultIssue defaultIssue = createDefaultIssue()
111       .setCopied(true);
112
113     assertThat(underTest.raiseEventOnIssue(defaultIssue))
114       .isNotEmpty()
115       .hasValueSatisfying(pushEventDto -> {
116         assertThat(pushEventDto.getName()).isEqualTo("TaintVulnerabilityRaised");
117         assertThat(pushEventDto.getPayload()).isNotNull();
118       });
119   }
120
121   @Test
122   public void raise_event_to_repository_if_taint_vulnerability_is_closed() {
123     DefaultIssue defaultIssue = createDefaultIssue()
124       .setComponentUuid("")
125       .setNew(false)
126       .setCopied(false)
127       .setBeingClosed(true);
128
129     assertThat(underTest.raiseEventOnIssue(defaultIssue))
130       .isNotEmpty()
131       .hasValueSatisfying(pushEventDto -> {
132         assertThat(pushEventDto.getName()).isEqualTo("TaintVulnerabilityClosed");
133         assertThat(pushEventDto.getPayload()).isNotNull();
134       });
135   }
136
137   @Test
138   public void skip_issue_if_issue_changed() {
139     DefaultIssue defaultIssue = new DefaultIssue()
140       .setComponentUuid("issue-component-uuid")
141       .setNew(false)
142       .setCopied(false)
143       .setChanged(true)
144       .setType(RuleType.VULNERABILITY)
145       .setCreationDate(DateUtils.parseDate("2022-01-01"))
146       .setRuleKey(RuleKey.of("javasecurity", "S123"));
147
148     assertThat(underTest.raiseEventOnIssue(defaultIssue)).isEmpty();
149   }
150
151   @Test
152   public void skip_if_issue_not_from_taint_vulnerability_repository() {
153     DefaultIssue defaultIssue = new DefaultIssue()
154       .setComponentUuid("issue-component-uuid")
155       .setChanged(true)
156       .setType(RuleType.VULNERABILITY)
157       .setRuleKey(RuleKey.of("weirdrepo", "S123"));
158
159     when(taintChecker.isTaintVulnerability(any())).thenReturn(false);
160
161     assertThat(underTest.raiseEventOnIssue(defaultIssue)).isEmpty();
162
163     defaultIssue = new DefaultIssue()
164       .setComponentUuid("issue-component-uuid")
165       .setChanged(false)
166       .setNew(false)
167       .setBeingClosed(true)
168       .setType(RuleType.VULNERABILITY)
169       .setRuleKey(RuleKey.of("weirdrepo", "S123"));
170
171     assertThat(underTest.raiseEventOnIssue(defaultIssue)).isEmpty();
172   }
173
174   @Test
175   public void skip_if_issue_is_a_hotspot() {
176     DefaultIssue defaultIssue = new DefaultIssue()
177       .setComponentUuid("issue-component-uuid")
178       .setChanged(true)
179       .setType(RuleType.SECURITY_HOTSPOT)
180       .setRuleKey(RuleKey.of("javasecurity", "S123"));
181
182     when(taintChecker.isTaintVulnerability(any())).thenReturn(false);
183
184     assertThat(underTest.raiseEventOnIssue(defaultIssue)).isEmpty();
185   }
186
187   @Test
188   public void skip_if_issue_does_not_have_locations() {
189     DefaultIssue defaultIssue = new DefaultIssue()
190       .setComponentUuid("issue-component-uuid")
191       .setChanged(true)
192       .setType(RuleType.VULNERABILITY)
193       .setRuleKey(RuleKey.of("javasecurity", "S123"));
194
195     when(taintChecker.isTaintVulnerability(any())).thenReturn(false);
196
197     assertThat(underTest.raiseEventOnIssue(defaultIssue)).isEmpty();
198   }
199
200   private void buildComponentTree() {
201     treeRootHolder.setRoot(ReportComponent.builder(Type.PROJECT, 1)
202       .setUuid("uuid_1")
203       .addChildren(ReportComponent.builder(Type.FILE, 2)
204         .setUuid("issue-component-uuid")
205         .build())
206       .addChildren(ReportComponent.builder(Type.FILE, 3)
207         .setUuid("location-component-uuid")
208         .build())
209       .build());
210   }
211
212   private DefaultIssue createDefaultIssue() {
213     return new DefaultIssue()
214       .setComponentUuid("issue-component-uuid")
215       .setType(RuleType.VULNERABILITY)
216       .setCreationDate(new Date())
217       .setLocations(DbIssues.Locations.newBuilder()
218         .addFlow(DbIssues.Flow.newBuilder()
219           .addLocation(DbIssues.Location.newBuilder()
220             .setChecksum("checksum")
221             .setComponentId("location-component-uuid")
222             .build())
223           .build())
224         .setTextRange(DbCommons.TextRange.newBuilder()
225           .setStartLine(1)
226           .build())
227         .build())
228       .setRuleKey(RuleKey.of("javasecurity", "S123"));
229   }
230
231   private static class PushEventMatcher implements ArgumentMatcher<PushEventDto> {
232
233     private final PushEventDto left;
234
235     static PushEventMatcher eq(PushEventDto left) {
236       return new PushEventMatcher(left);
237     }
238
239     private PushEventMatcher(PushEventDto left) {
240       this.left = left;
241     }
242
243     @Override
244     public boolean matches(PushEventDto right) {
245       return left.getName().equals(right.getName());
246     }
247   }
248
249 }
Continuous Inspection: https://github.com/SonarSource/sonarqube