SONAR-12249 Update SonarSource Security categories with the latest definition

diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79.java
index 94eff8f6dab11fb0bbecee7fe15075a246dd5c8f..39f8bf26db1c860f536bb43532896558312a5cad 100644 (file)
--- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79.java
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79.java
@@ -30,6 +30,7 @@ public class DbVersion79 implements DbVersion {
         TruncateEnvAndSystemVarsFromScannerContext.class)
       .add(2801, "populate install version and install date internal properties", PopulateInstallDateAndVersion.class)
       .add(2802, "Migrate property 'sonar.pullrequest.provider' value from VSTS to Azure DevOps", MigrateVstsProviderToAzureDevOps.class)
-      .add(2803, "Remove quality gate conditions on Security Review Rating", RemoveQGConditionsOnSecurityReviewRating.class);
+      .add(2803, "Remove quality gate conditions on Security Review Rating", RemoveQGConditionsOnSecurityReviewRating.class)
+      .add(2804, "Reindex issues and rules to take into account latest categories definition", ReindexIssuesAndRules.class);
   }
 }

diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRules.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRules.java
new file mode 100644 (file)
index 0000000..a9eefed
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRules.java
@@ -0,0 +1,49 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2019 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v79;
+
+import java.sql.SQLException;
+import org.sonar.api.config.Configuration;
+import org.sonar.db.Database;
+import org.sonar.server.platform.db.migration.SupportsBlueGreen;
+import org.sonar.server.platform.db.migration.es.MigrationEsClient;
+import org.sonar.server.platform.db.migration.step.DataChange;
+
+@SupportsBlueGreen
+public class ReindexIssuesAndRules extends DataChange {
+
+  private final Configuration configuration;
+  private final MigrationEsClient esClient;
+
+  public ReindexIssuesAndRules(Database db, Configuration configuration, MigrationEsClient esClient) {
+    super(db);
+    this.configuration = configuration;
+    this.esClient = esClient;
+  }
+
+  @Override
+  public void execute(Context context) throws SQLException {
+    if (configuration.getBoolean("sonar.sonarcloud.enabled").orElse(false)) {
+      return;
+    }
+    esClient.deleteIndexes("issues", "rules");
+  }
+
+}

diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79Test.java
index 5bb20f4ee3c0e325521c4fa722b8135b649ae151..e5eba60177e8bcf91734f5426ae05c8566cc113f 100644 (file)
--- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79Test.java
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79Test.java
@@ -35,7 +35,7 @@ public class DbVersion79Test {
 
   @Test
   public void verify_migration_count() {
-    verifyMigrationCount(underTest, 4);
+    verifyMigrationCount(underTest, 5);
   }
 
 }

diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRulesTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRulesTest.java
new file mode 100644 (file)
index 0000000..be656e9
--- /dev/null
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRulesTest.java
@@ -0,0 +1,61 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2019 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v79;
+
+import java.sql.SQLException;
+import org.junit.Rule;
+import org.junit.Test;
+import org.sonar.api.config.internal.MapSettings;
+import org.sonar.db.CoreDbTester;
+import org.sonar.server.platform.db.migration.es.MigrationEsClient;
+import org.sonar.server.platform.db.migration.step.DataChange;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+
+public class ReindexIssuesAndRulesTest {
+
+  @Rule
+  public CoreDbTester db = CoreDbTester.createEmpty();
+
+  private MapSettings settings = new MapSettings();
+  private MigrationEsClient esClient = mock(MigrationEsClient.class);
+
+  private DataChange underTest = new ReindexIssuesAndRules(db.database(), settings.asConfig(), esClient);
+
+  @Test
+  public void update_es_indexes() throws SQLException {
+    settings.setProperty("sonar.sonarcloud.enabled", "false");
+
+    underTest.execute();
+
+    verify(esClient).deleteIndexes("issues", "rules");
+  }
+
+  @Test
+  public void do_nothing_on_sonarcloud() throws SQLException {
+    settings.setProperty("sonar.sonarcloud.enabled", "true");
+
+    underTest.execute();
+
+    verifyZeroInteractions(esClient);
+  }
+}

diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandardHelper.java b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandardHelper.java
index 8a7444798fa32826c9af6e6b1bef33183e3fc958..4a821f7107f546109ba0531bf665835e7d70f93a 100644 (file)
--- a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandardHelper.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandardHelper.java
@@ -56,13 +56,12 @@ public class SecurityStandardHelper {
 
   public static final Map<String, Set<String>> SONARSOURCE_CWE_MAPPING = ImmutableMap.<String, Set<String>>builder()
     .put("sql-injection", ImmutableSet.of("89", "564"))
-    .put("command-injection", ImmutableSet.of("78", "77"))
+    .put("command-injection", ImmutableSet.of("77", "78", "88", "214"))
     .put("path-traversal-injection", ImmutableSet.of("22"))
     .put("ldap-injection", ImmutableSet.of("90"))
     .put("xpath-injection", ImmutableSet.of("643"))
-    .put("expression-lang-injection", ImmutableSet.of("917"))
-    .put("rce", ImmutableSet.of("94"))
-    .put("dos", ImmutableSet.of("400"))
+    .put("rce", ImmutableSet.of("94", "95"))
+    .put("dos", ImmutableSet.of("400", "624"))
     .put("ssrf", ImmutableSet.of("918"))
     .put("csrf", ImmutableSet.of("352"))
     .put("xss", ImmutableSet.of("79", "80", "81", "82", "83", "84", "85", "86", "87"))
@@ -70,10 +69,10 @@ public class SecurityStandardHelper {
     .put("http-response-splitting", ImmutableSet.of("113"))
     .put("open-redirect", ImmutableSet.of("601"))
     .put("xxe", ImmutableSet.of("611", "827"))
-    .put("object-injection", ImmutableSet.of("470"))
-    .put("weak-cryptography", ImmutableSet.of("326", "295", "326", "327", "297", "780", "328", "327"))
+    .put("object-injection", ImmutableSet.of("134", "470", "502"))
+    .put("weak-cryptography", ImmutableSet.of("295", "297", "321", "322", "323", "324", "325", "326", "327", "328", "330", "780"))
     .put("auth", ImmutableSet.of("798", "640", "620", "549", "522", "521", "263", "262", "261", "259", "284"))
-    .put("insecure-conf", ImmutableSet.of("102", "489"))
+    .put("insecure-conf", ImmutableSet.of("102", "215", "311", "315", "346", "614", "489", "942"))
     .put("file-manipulation", ImmutableSet.of("97", "73"))
     .build();
   public static final String SONARSOURCE_OTHER_CWES_CATEGORY = "others";