SONAR-12456 Add Security Hotspots to project badges.

author Wojciech Wajerowicz <wojciech.wajerowicz@sonarsource.com>

Tue, 11 Oct 2022 12:40:11 +0000 (14:40 +0200)

committer sonartech <sonartech@sonarsource.com>

Wed, 12 Oct 2022 20:03:42 +0000 (20:03 +0000)
author Wojciech Wajerowicz <wojciech.wajerowicz@sonarsource.com>
Tue, 11 Oct 2022 12:40:11 +0000 (14:40 +0200)
committer sonartech <sonartech@sonarsource.com>
Wed, 12 Oct 2022 20:03:42 +0000 (20:03 +0000)
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/MeasureAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/MeasureAction.java

index 2369ace6df104a1143dd11d9b201933fb08a8822..058363dc165626b6236642e2ebb1d8311469d1d5 100644 (file)
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/MeasureAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/MeasureAction.java
@@ -53,6 +53,7 @@ import static org.sonar.api.measures.CoreMetrics.COVERAGE_KEY;
  import static org.sonar.api.measures.CoreMetrics.DUPLICATED_LINES_DENSITY_KEY;
  import static org.sonar.api.measures.CoreMetrics.NCLOC_KEY;
  import static org.sonar.api.measures.CoreMetrics.RELIABILITY_RATING_KEY;
+import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_KEY;
  import static org.sonar.api.measures.CoreMetrics.SECURITY_RATING_KEY;
  import static org.sonar.api.measures.CoreMetrics.SQALE_RATING_KEY;
  import static org.sonar.api.measures.CoreMetrics.TECHNICAL_DEBT_KEY;
@@ -88,22 +89,23 @@ public class MeasureAction implements ProjectBadgesWsAction {
      .put(SQALE_RATING_KEY, "maintainability")
      .put(ALERT_STATUS_KEY, "quality gate")
      .put(RELIABILITY_RATING_KEY, "reliability")
+    .put(SECURITY_HOTSPOTS_KEY, "security hotspots")
      .put(SECURITY_RATING_KEY, "security")
      .put(TECHNICAL_DEBT_KEY, "technical debt")
      .put(VULNERABILITIES_KEY, "vulnerabilities")
      .build();
  
-  private static final Map<Level, String> QUALITY_GATE_MESSAGE_BY_STATUS = new EnumMap<>(ImmutableMap.of(
+  private static final Map<Level, String> QUALITY_GATE_MESSAGE_BY_STATUS = new EnumMap<>(Map.of(
      OK, "passed",
      WARN, "warning",
      ERROR, "failed"));
  
-  private static final Map<Level, Color> COLOR_BY_QUALITY_GATE_STATUS = new EnumMap<>(ImmutableMap.of(
+  private static final Map<Level, Color> COLOR_BY_QUALITY_GATE_STATUS = new EnumMap<>(Map.of(
      OK, Color.QUALITY_GATE_OK,
      WARN, Color.QUALITY_GATE_WARN,
      ERROR, Color.QUALITY_GATE_ERROR));
  
-  private static final Map<Rating, Color> COLOR_BY_RATING = new EnumMap<>(ImmutableMap.of(
+  private static final Map<Rating, Color> COLOR_BY_RATING = new EnumMap<>(Map.of(
      A, Color.RATING_A,
      B, Color.RATING_B,
      C, Color.RATING_C,
@@ -200,8 +202,8 @@ public class MeasureAction implements ProjectBadgesWsAction {
      return svgGenerator.generateBadge(METRIC_NAME_BY_KEY.get(metric.getKey()), value, color);
    }
  
-  private static <PARAM> PARAM getNonNullValue(LiveMeasureDto measure, Function<LiveMeasureDto, PARAM> function) {
-    PARAM value = function.apply(measure);
+  private static <P> P getNonNullValue(LiveMeasureDto measure, Function<LiveMeasureDto, P> function) {
+    P value = function.apply(measure);
      checkState(value != null, "Measure has not been found");
      return value;
    }
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/MeasureActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/MeasureActionTest.java

index f5d070570d896a86f068c7d40c51ed05c6d1a9bd..811dc5c69fdc183c4181a276c6cce02e79edc645 100644 (file)
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/MeasureActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/MeasureActionTest.java
@@ -49,6 +49,7 @@ import org.sonar.server.badge.ws.SvgGenerator.Color;
  import org.sonar.server.component.ComponentFinder;
  import org.sonar.server.measure.Rating;
  import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.ws.TestRequest;
  import org.sonar.server.ws.TestResponse;
  import org.sonar.server.ws.WsActionTester;
  
@@ -57,6 +58,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
  import static org.assertj.core.api.Assertions.tuple;
  import static org.sonar.api.measures.CoreMetrics.BUGS_KEY;
  import static org.sonar.api.measures.CoreMetrics.COVERAGE_KEY;
+import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_KEY;
  import static org.sonar.api.measures.CoreMetrics.SQALE_RATING_KEY;
  import static org.sonar.api.measures.CoreMetrics.TECHNICAL_DEBT_KEY;
  import static org.sonar.api.measures.Metric.Level.ERROR;
@@ -92,7 +94,7 @@ public class MeasureActionTest {
        new SvgGenerator()));
  
    @Before
-  public void before(){
+  public void before() {
      mapSettings.setProperty(CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY, false);
    }
  
@@ -100,8 +102,7 @@ public class MeasureActionTest {
    public void int_measure() {
      ComponentDto project = db.components().insertPublicProject();
      userSession.registerComponents(project);
-    MetricDto metric = db.measures().insertMetric(m -> m.setKey(BUGS_KEY).setValueType(INT.name()));
-    db.measures().insertLiveMeasure(project, metric, m -> m.setValue(10_000d));
+    MetricDto metric = createIntMetricAndMeasure(project, BUGS_KEY, 10_000);
  
      TestResponse response = ws.newRequest()
        .setParam("project", project.getKey())
@@ -207,6 +208,24 @@ public class MeasureActionTest {
      checkWithIfNoneMatchHeader(project, metric, response);
    }
  
+  @Test
+  public void security_hotspots() {
+    ComponentDto project = db.components().insertPublicProject();
+    userSession.registerComponents(project);
+    MetricDto metric = createIntMetricAndMeasure(project, SECURITY_HOTSPOTS_KEY, 42);
+
+    TestResponse response = ws.newRequest()
+      .setParam("project", project.getKey())
+      .setParam("metric", metric.getKey())
+      .execute();
+
+    checkSvg(response, "security hotspots", "42", DEFAULT);
+
+    // Second call with If-None-Match must return 304
+    checkWithIfNoneMatchHeader(project, metric, response);
+
+  }
+
    @Test
    public void display_deprecated_warning_quality_gate() {
      ComponentDto project = db.components().insertPublicProject();
@@ -226,8 +245,8 @@ public class MeasureActionTest {
    public void measure_on_non_main_branch() {
      ComponentDto project = db.components().insertPublicProject(p -> p.setPrivate(false));
      userSession.registerComponents(project);
-    MetricDto metric = db.measures().insertMetric(m -> m.setKey(BUGS_KEY).setValueType(INT.name()));
-    db.measures().insertLiveMeasure(project, metric, m -> m.setValue(5_000d));
+    MetricDto metric = createIntMetricAndMeasure(project, BUGS_KEY, 5_000);
+
      ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setBranchType(BRANCH));
      db.measures().insertLiveMeasure(branch, metric, m -> m.setValue(10_000d));
  
@@ -255,8 +274,7 @@ public class MeasureActionTest {
    public void measure_on_application() {
      ComponentDto application = db.components().insertPublicApplication();
      userSession.registerComponents(application);
-    MetricDto metric = db.measures().insertMetric(m -> m.setKey(BUGS_KEY).setValueType(INT.name()));
-    db.measures().insertLiveMeasure(application, metric, m -> m.setValue(10_000d));
+    MetricDto metric = createIntMetricAndMeasure(application, BUGS_KEY, 10_000);
  
      TestResponse response = ws.newRequest()
        .setParam("project", application.getKey())
@@ -342,7 +360,7 @@ public class MeasureActionTest {
    }
  
    @DataProvider
-  public static Object[][] publicProject_forceAuth_accessGranted(){
+  public static Object[][] publicProject_forceAuth_accessGranted() {
      return new Object[][] {
        // public project, force auth : works depending on token's validity
        {true, true, true, true},
@@ -363,12 +381,11 @@ public class MeasureActionTest {
    @Test
    @UseDataProvider("publicProject_forceAuth_accessGranted")
    public void badge_accessible_on_private_project_with_token(boolean publicProject, boolean forceAuth,
-                                                               boolean validToken, boolean accessGranted) throws ParseException {
+    boolean validToken, boolean accessGranted) throws ParseException {
      ComponentDto projectAsComponent = publicProject ? db.components().insertPublicProject() : db.components().insertPrivateProject();
      userSession.registerComponents(projectAsComponent);
-    MetricDto metric = db.measures().insertMetric(m -> m.setKey(BUGS_KEY).setValueType(INT.name()));
+    MetricDto metric = createIntMetricAndMeasure(projectAsComponent, BUGS_KEY, 10_000);
  
-    db.measures().insertLiveMeasure(projectAsComponent, metric, m -> m.setValue(10_000d));
      ProjectDto project = db.getDbClient().projectDao().selectProjectByKey(db.getSession(), projectAsComponent.getKey())
        .orElseThrow(() -> new IllegalStateException("project not found"));
  
@@ -385,9 +402,9 @@ public class MeasureActionTest {
        .setParam("token", validToken ? token : "invalid-token")
        .execute();
  
-    if(accessGranted){
+    if (accessGranted) {
        checkSvg(response, "bugs", "10k", DEFAULT);
-    }else{
+    } else {
        checkError(response, "Project has not been found");
      }
    }
@@ -413,10 +430,11 @@ public class MeasureActionTest {
      MetricDto metric = createQualityGateMetric();
      db.measures().insertLiveMeasure(project, metric, m -> m.setData("UNKNOWN"));
  
+    TestRequest request = ws.newRequest()
+      .setParam("project", project.getKey())
+      .setParam("metric", metric.getKey());
      assertThatThrownBy(() -> {
-      ws.newRequest()
-        .setParam("project", project.getKey())
-        .setParam("metric", metric.getKey())
+      request
          .execute();
      })
        .isInstanceOf(IllegalArgumentException.class)
@@ -430,10 +448,12 @@ public class MeasureActionTest {
      MetricDto metric = db.measures().insertMetric(m -> m.setKey(BUGS_KEY).setValueType(INT.name()));
      db.measures().insertLiveMeasure(project, metric, m -> m.setValue(null));
  
+    TestRequest request = ws.newRequest()
+      .setParam("project", project.getKey())
+      .setParam("metric", metric.getKey());
+
      assertThatThrownBy(() -> {
-      ws.newRequest()
-        .setParam("project", project.getKey())
-        .setParam("metric", metric.getKey())
+      request
          .execute();
      })
        .isInstanceOf(IllegalStateException.class)
@@ -445,10 +465,12 @@ public class MeasureActionTest {
      ComponentDto project = db.components().insertPublicProject();
      userSession.registerComponents(project);
  
+    TestRequest request = ws.newRequest()
+      .setParam("project", project.getKey())
+      .setParam("metric", BUGS_KEY);
+
      assertThatThrownBy(() -> {
-      ws.newRequest()
-        .setParam("project", project.getKey())
-        .setParam("metric", BUGS_KEY)
+      request
          .execute();
      })
        .isInstanceOf(IllegalStateException.class)
@@ -507,4 +529,10 @@ public class MeasureActionTest {
    private MetricDto createQualityGateMetric() {
      return db.measures().insertMetric(m -> m.setKey(CoreMetrics.ALERT_STATUS_KEY).setValueType(LEVEL.name()));
    }
+
+  private MetricDto createIntMetricAndMeasure(ComponentDto project, String key, Integer value) {
+    MetricDto metric = db.measures().insertMetric(m -> m.setKey(key).setValueType(INT.name()));
+    db.measures().insertLiveMeasure(project, metric, m -> m.setValue(value.doubleValue()));
+    return metric;
+  }
  }
author	Wojciech Wajerowicz <wojciech.wajerowicz@sonarsource.com>
	Tue, 11 Oct 2022 12:40:11 +0000 (14:40 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Wed, 12 Oct 2022 20:03:42 +0000 (20:03 +0000)
server/sonar-webserver-webapi/src/main/java/org/sonar/server/badge/ws/MeasureAction.java		patch \| blob \| history
server/sonar-webserver-webapi/src/test/java/org/sonar/server/badge/ws/MeasureActionTest.java		patch \| blob \| history