return getNullableField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_40);
}
+ public IssueDoc setOwaspAsvs40(@Nullable Collection<String> o) {
+ setField(IssueIndexDefinition.FIELD_ISSUE_OWASP_ASVS_40, o);
+ return this;
+ }
+
+ @CheckForNull
+ public Collection<String> getOwaspAsvs40() {
+ return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_ASVS_40);
+ }
+
@CheckForNull
public Collection<String> getOwaspTop10() {
return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10);
public static final String FIELD_ISSUE_TYPE = "type";
public static final String FIELD_ISSUE_PCI_DSS_32 = "pciDss-3.2";
public static final String FIELD_ISSUE_PCI_DSS_40 = "pciDss-4.0";
+ public static final String FIELD_ISSUE_OWASP_ASVS_40 = "owaspAsvs-4.0";
public static final String FIELD_ISSUE_OWASP_TOP_10 = "owaspTop10";
public static final String FIELD_ISSUE_OWASP_TOP_10_2021 = "owaspTop10-2021";
public static final String FIELD_ISSUE_SANS_TOP_25 = "sansTop25";
mapping.keywordFieldBuilder(FIELD_ISSUE_TYPE).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_PCI_DSS_32).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_PCI_DSS_40).disableNorms().build();
+ mapping.keywordFieldBuilder(FIELD_ISSUE_OWASP_ASVS_40).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_OWASP_TOP_10).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_OWASP_TOP_10_2021).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_SANS_TOP_25).disableNorms().build();
doc.setOwaspTop10For2021(securityStandards.getOwaspTop10For2021());
doc.setPciDss32(securityStandards.getPciDss32());
doc.setPciDss40(securityStandards.getPciDss40());
+ doc.setOwaspAsvs40(securityStandards.getOwaspAsvs40());
doc.setCwe(securityStandards.getCwe());
doc.setSansTop25(securityStandards.getSansTop25());
doc.setSonarSourceSecurityCategory(sqCategory);
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
+import org.sonar.api.server.rule.RulesDefinition.OwaspAsvsVersion;
+import org.sonar.api.server.rule.RulesDefinition.PciDssVersion;
import static java.util.Arrays.asList;
import static java.util.Arrays.stream;
import static java.util.Collections.singleton;
import static java.util.Collections.singletonList;
import static org.sonar.api.server.rule.RulesDefinition.PciDssVersion.V3_2;
-import static org.sonar.api.server.rule.RulesDefinition.PciDssVersion.V4_0;
import static org.sonar.core.util.stream.MoreCollectors.toList;
import static org.sonar.core.util.stream.MoreCollectors.toSet;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
private static final String OWASP_TOP10_PREFIX = "owaspTop10:";
private static final String OWASP_TOP10_2021_PREFIX = "owaspTop10-2021:";
private static final String PCI_DSS_32_PREFIX = V3_2.prefix() + ":";
- private static final String PCI_DSS_40_PREFIX = V4_0.prefix() + ":";
+ private static final String PCI_DSS_40_PREFIX = PciDssVersion.V4_0.prefix() + ":";
+ private static final String OWASP_ASVS_40_PREFIX = OwaspAsvsVersion.V4_0.prefix() + ":";
private static final String CWE_PREFIX = "cwe:";
// See https://www.sans.org/top25-software-errors
private static final Set<String> INSECURE_CWE = new HashSet<>(asList("89", "78", "79", "434", "352", "601"));
}
}
+ public enum OwaspAsvs {
+ C1("1"), C2("2"), C3("3"), C4("4"), C5("5"), C6("6"), C7("7"), C8("8"), C9("9"), C10("10"), C11("11"), C12("12"), C13("13"), C14("14");
+
+ private final String category;
+
+ OwaspAsvs(String category) {
+ this.category = category;
+ }
+
+ public String category() {
+ return category;
+ }
+ }
+
public static final Map<SQCategory, Set<String>> CWES_BY_SQ_CATEGORY = ImmutableMap.<SQCategory, Set<String>>builder()
.put(SQCategory.BUFFER_OVERFLOW, Set.of("119", "120", "131", "676", "788"))
.put(SQCategory.SQL_INJECTION, Set.of("89", "564", "943"))
}
public Set<String> getPciDss32() {
- return toPciDss(standards, PCI_DSS_32_PREFIX);
+ return getMatchingStandards(standards, PCI_DSS_32_PREFIX);
}
public Set<String> getPciDss40() {
- return toPciDss(standards, PCI_DSS_40_PREFIX);
+ return getMatchingStandards(standards, PCI_DSS_40_PREFIX);
+ }
+
+ public Set<String> getOwaspAsvs40() {
+ return getMatchingStandards(standards, OWASP_ASVS_40_PREFIX);
}
public Set<String> getOwaspTop10() {
- return toOwaspTop10(standards, OWASP_TOP10_PREFIX);
+ return getMatchingStandards(standards, OWASP_TOP10_PREFIX);
}
public Set<String> getOwaspTop10For2021() {
- return toOwaspTop10(standards, OWASP_TOP10_2021_PREFIX);
+ return getMatchingStandards(standards, OWASP_TOP10_2021_PREFIX);
}
/**
return new SecurityStandards(standards, cwe, sqCategory, ignoredSQCategories);
}
- private static Set<String> toPciDss(Set<String> securityStandards, String prefix) {
- return securityStandards.stream()
- .filter(s -> s.startsWith(prefix))
- .map(s -> s.substring(prefix.length()))
- .collect(toSet());
- }
-
- private static Set<String> toOwaspTop10(Set<String> securityStandards, String prefix) {
+ private static Set<String> getMatchingStandards(Set<String> securityStandards, String prefix) {
return securityStandards.stream()
.filter(s -> s.startsWith(prefix))
.map(s -> s.substring(prefix.length()))
import java.util.Set;
import java.util.stream.Collectors;
import org.junit.Test;
+import org.sonar.server.security.SecurityStandards.OwaspAsvs;
import org.sonar.server.security.SecurityStandards.PciDss;
import org.sonar.server.security.SecurityStandards.SQCategory;
assertThat(pciDssCategories).hasSize(12).containsExactly("1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12");
}
+
+ @Test
+ public void owaspAsvs_categories_check() {
+ List<String> owaspAsvsCategories = Arrays.stream(OwaspAsvs.values()).map(OwaspAsvs::category).collect(Collectors.toList());
+
+ assertThat(owaspAsvsCategories).hasSize(14).containsExactly("1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14");
+ }
}
import static org.sonar.server.issue.index.IssueIndex.Facet.DIRECTORIES;
import static org.sonar.server.issue.index.IssueIndex.Facet.FILES;
import static org.sonar.server.issue.index.IssueIndex.Facet.LANGUAGES;
+import static org.sonar.server.issue.index.IssueIndex.Facet.OWASP_ASVS_40;
import static org.sonar.server.issue.index.IssueIndex.Facet.OWASP_TOP_10;
import static org.sonar.server.issue.index.IssueIndex.Facet.OWASP_TOP_10_2021;
import static org.sonar.server.issue.index.IssueIndex.Facet.PCI_DSS_32;
import static org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_LINE;
import static org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_MODULE_PATH;
import static org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_NEW_CODE_REFERENCE;
+import static org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_OWASP_ASVS_40;
import static org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10;
import static org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10_2021;
import static org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_32;
import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_DIRECTORIES;
import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_FILES;
import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_LANGUAGES;
+import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_OWASP_ASVS_40;
import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_OWASP_TOP_10;
import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_OWASP_TOP_10_2021;
import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_PCI_DSS_32;
ASSIGNED_TO_ME(FACET_ASSIGNED_TO_ME, FIELD_ISSUE_ASSIGNEE_UUID, STICKY, 1),
PCI_DSS_32(PARAM_PCI_DSS_32, FIELD_ISSUE_PCI_DSS_32, STICKY, DEFAULT_FACET_SIZE),
PCI_DSS_40(PARAM_PCI_DSS_40, FIELD_ISSUE_PCI_DSS_40, STICKY, DEFAULT_FACET_SIZE),
+ OWASP_ASVS_40(PARAM_OWASP_ASVS_40, FIELD_ISSUE_OWASP_ASVS_40, STICKY, DEFAULT_FACET_SIZE),
OWASP_TOP_10(PARAM_OWASP_TOP_10, FIELD_ISSUE_OWASP_TOP_10, STICKY, DEFAULT_FACET_SIZE),
OWASP_TOP_10_2021(PARAM_OWASP_TOP_10_2021, FIELD_ISSUE_OWASP_TOP_10_2021, STICKY, DEFAULT_FACET_SIZE),
SANS_TOP_25(PARAM_SANS_TOP_25, FIELD_ISSUE_SANS_TOP_25, STICKY, DEFAULT_FACET_SIZE),
addSecurityCategoryFacetIfNeeded(PARAM_PCI_DSS_32, PCI_DSS_32, options, aggregationHelper, esRequest, query.pciDss32().toArray());
addSecurityCategoryFacetIfNeeded(PARAM_PCI_DSS_40, PCI_DSS_40, options, aggregationHelper, esRequest, query.pciDss40().toArray());
+ addSecurityCategoryFacetIfNeeded(PARAM_OWASP_ASVS_40, OWASP_ASVS_40, options, aggregationHelper, esRequest, query.owaspAsvs40().toArray());
addSecurityCategoryFacetIfNeeded(PARAM_OWASP_TOP_10, OWASP_TOP_10, options, aggregationHelper, esRequest, query.owaspTop10().toArray());
addSecurityCategoryFacetIfNeeded(PARAM_OWASP_TOP_10_2021, OWASP_TOP_10_2021, options, aggregationHelper, esRequest, query.owaspTop10For2021().toArray());
addSecurityCategoryFacetIfNeeded(PARAM_SANS_TOP_25, SANS_TOP_25, options, aggregationHelper, esRequest, query.sansTop25().toArray());
private final Collection<String> owaspTop10;
private final Collection<String> pciDss32;
private final Collection<String> pciDss40;
+ private final Collection<String> owaspAsvs40;
private final Collection<String> owaspTop10For2021;
private final Collection<String> sansTop25;
private final Collection<String> cwe;
this.types = defaultCollection(builder.types);
this.pciDss32 = defaultCollection(builder.pciDss32);
this.pciDss40 = defaultCollection(builder.pciDss40);
+ this.owaspAsvs40 = defaultCollection(builder.owaspAsvs40);
this.owaspTop10 = defaultCollection(builder.owaspTop10);
this.owaspTop10For2021 = defaultCollection(builder.owaspTop10For2021);
this.sansTop25 = defaultCollection(builder.sansTop25);
return pciDss40;
}
+ public Collection<String> owaspAsvs40() {
+ return owaspAsvs40;
+ }
public Collection<String> owaspTop10() {
return owaspTop10;
}
private Collection<String> types;
private Collection<String> pciDss32;
private Collection<String> pciDss40;
+ private Collection<String> owaspAsvs40;
private Collection<String> owaspTop10;
private Collection<String> owaspTop10For2021;
private Collection<String> sansTop25;
return this;
}
+ public Builder owaspAsvs40(@Nullable Collection<String> o) {
+ this.owaspAsvs40 = o;
+ return this;
+ }
+
public Builder owaspTop10(@Nullable Collection<String> o) {
this.owaspTop10 = o;
return this;
assertThat(query.pciDss40()).containsOnly("3.4.5", "5.6");
}
+ @Test
+ public void build_owasp_asvs_query() {
+ IssueQuery query = IssueQuery.builder()
+ .owaspAsvs40(List.of("1.2.3", "3.2.1"))
+ .build();
+
+ assertThat(query.owaspAsvs40()).containsOnly("1.2.3", "3.2.1");
+ }
+
@Test
public void build_owasp_query() {
IssueQuery query = IssueQuery.builder()
public static final String PARAM_PCI_DSS = "pciDss";
public static final String PARAM_PCI_DSS_32 = "pciDss-3.2";
public static final String PARAM_PCI_DSS_40 = "pciDss-4.0";
+ public static final String PARAM_OWASP_ASVS_40 = "owaspAsvs-4.0";
public static final String PARAM_OWASP_TOP_10 = "owaspTop10";
public static final String PARAM_OWASP_TOP_10_2021 = "owaspTop10-2021";
@Deprecated
projects / sonarqube.git / commitdiff