--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.hotspot.ws;
+
+import java.util.Optional;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
+import org.sonar.db.rule.RuleDefinitionDto;
+
+import static java.lang.Character.isWhitespace;
+import static java.util.Optional.ofNullable;
+
+public class HotspotRuleDescription {
+ private static final HotspotRuleDescription NO_DESCRIPTION = new HotspotRuleDescription(null, null, null);
+
+ @CheckForNull
+ private final String risk;
+ @CheckForNull
+ private final String vulnerable;
+ @CheckForNull
+ private final String fixIt;
+
+ private HotspotRuleDescription(@Nullable String risk, @Nullable String vulnerable, @Nullable String fixIt) {
+ this.risk = risk;
+ this.vulnerable = vulnerable;
+ this.fixIt = fixIt;
+ }
+
+ public static HotspotRuleDescription from(RuleDefinitionDto dto) {
+ String description = dto.getDescription();
+ if (description == null) {
+ return NO_DESCRIPTION;
+ }
+
+ String vulnerableTitle = "<h2>Ask Yourself Whether</h2>";
+ String fixItTitle = "<h2>Recommended Secure Coding Practices</h2>";
+ int vulnerableTitlePosition = description.indexOf(vulnerableTitle);
+ int fixItTitlePosition = description.indexOf(fixItTitle);
+ if (vulnerableTitlePosition == -1 && fixItTitlePosition == -1) {
+ return NO_DESCRIPTION;
+ }
+
+ if (vulnerableTitlePosition == -1) {
+ return new HotspotRuleDescription(
+ trimingSubstring(description, 0, fixItTitlePosition),
+ null,
+ trimingSubstring(description, fixItTitlePosition, description.length())
+ );
+ }
+ if (fixItTitlePosition == -1) {
+ return new HotspotRuleDescription(
+ trimingSubstring(description, 0, vulnerableTitlePosition),
+ trimingSubstring(description, vulnerableTitlePosition, description.length()),
+ null
+ );
+ }
+ return new HotspotRuleDescription(
+ trimingSubstring(description, 0, vulnerableTitlePosition),
+ trimingSubstring(description, vulnerableTitlePosition, fixItTitlePosition),
+ trimingSubstring(description, fixItTitlePosition, description.length())
+ );
+ }
+
+ @CheckForNull
+ private static String trimingSubstring(String description, int beginIndex, int endIndex) {
+ if (beginIndex == endIndex) {
+ return null;
+ }
+
+ int trimmedBeginIndex = beginIndex;
+ while (trimmedBeginIndex < endIndex && isWhitespace(description.charAt(trimmedBeginIndex))) {
+ trimmedBeginIndex++;
+ }
+ int trimmedEndIndex = endIndex;
+ while (trimmedEndIndex > 0 && trimmedEndIndex > trimmedBeginIndex && isWhitespace(description.charAt(trimmedEndIndex - 1))) {
+ trimmedEndIndex--;
+ }
+ if (trimmedBeginIndex == trimmedEndIndex) {
+ return null;
+ }
+
+ return description.substring(trimmedBeginIndex, trimmedEndIndex);
+ }
+
+ public Optional<String> getRisk() {
+ return ofNullable(risk);
+ }
+
+ public Optional<String> getVulnerable() {
+ return ofNullable(vulnerable);
+ }
+
+ public Optional<String> getFixIt() {
+ return ofNullable(fixIt);
+ }
+
+ @Override
+ public String toString() {
+ return "HotspotRuleDescription{" +
+ "risk='" + risk + '\'' +
+ ", vulnerable='" + vulnerable + '\'' +
+ ", fixIt='" + fixIt + '\'' +
+ '}';
+ }
+
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.hotspot.ws;
+
+import org.sonar.db.component.ComponentDto;
+import org.sonar.server.organization.DefaultOrganizationProvider;
+import org.sonarqube.ws.Hotspots;
+
+import static java.util.Optional.ofNullable;
+
+public class HotspotWsResponseFormatter {
+ private final DefaultOrganizationProvider defaultOrganizationProvider;
+
+ public HotspotWsResponseFormatter(DefaultOrganizationProvider defaultOrganizationProvider) {
+ this.defaultOrganizationProvider = defaultOrganizationProvider;
+ }
+
+ Hotspots.Component formatComponent(Hotspots.Component.Builder builder, ComponentDto component) {
+ builder
+ .clear()
+ .setOrganization(defaultOrganizationProvider.get().getKey())
+ .setKey(component.getKey())
+ .setQualifier(component.qualifier())
+ .setName(component.name())
+ .setLongName(component.longName());
+ ofNullable(component.path()).ifPresent(builder::setPath);
+ return builder.build();
+ }
+
+}
@Override
protected void configureModule() {
add(
+ HotspotWsResponseFormatter.class,
SearchAction.class,
- HotspotsWs.class
- );
+ ShowAction.class,
+ HotspotsWs.class);
}
}
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.issue.index.IssueIndex;
import org.sonar.server.issue.index.IssueQuery;
-import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.security.SecurityStandards;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Common;
import org.sonarqube.ws.Hotspots;
+import org.sonarqube.ws.Hotspots.SearchWsResponse;
-import static com.google.common.base.Strings.nullToEmpty;
import static java.util.Optional.ofNullable;
import static org.sonar.api.server.ws.WebService.Param.PAGE;
import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
import static org.sonar.server.security.SecurityStandards.fromSecurityStandards;
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
+import static org.sonarqube.ws.WsUtils.nullToEmpty;
public class SearchAction implements HotspotsWsAction {
private static final String PARAM_PROJECT_KEY = "projectKey";
private final DbClient dbClient;
private final UserSession userSession;
private final IssueIndex issueIndex;
- private final DefaultOrganizationProvider defaultOrganizationProvider;
+ private final HotspotWsResponseFormatter responseFormatter;
- public SearchAction(DbClient dbClient, UserSession userSession, IssueIndex issueIndex, DefaultOrganizationProvider defaultOrganizationProvider) {
+ public SearchAction(DbClient dbClient, UserSession userSession, IssueIndex issueIndex,
+ HotspotWsResponseFormatter responseFormatter) {
this.dbClient = dbClient;
this.userSession = userSession;
this.issueIndex = issueIndex;
- this.defaultOrganizationProvider = defaultOrganizationProvider;
+ this.responseFormatter = responseFormatter;
}
@Override
}
}
- private Hotspots.SearchWsResponse formatResponse(SearchResponseData searchResponseData) {
- Hotspots.SearchWsResponse.Builder responseBuilder = Hotspots.SearchWsResponse.newBuilder();
+ private SearchWsResponse formatResponse(SearchResponseData searchResponseData) {
+ SearchWsResponse.Builder responseBuilder = SearchWsResponse.newBuilder();
formatPaging(searchResponseData, responseBuilder);
if (!searchResponseData.isEmpty()) {
formatHotspots(searchResponseData, responseBuilder);
return responseBuilder.build();
}
- private void formatPaging(SearchResponseData searchResponseData, Hotspots.SearchWsResponse.Builder responseBuilder) {
+ private void formatPaging(SearchResponseData searchResponseData, SearchWsResponse.Builder responseBuilder) {
Paging paging = searchResponseData.getPaging();
Common.Paging.Builder pagingBuilder = Common.Paging.newBuilder()
.setPageIndex(paging.pageIndex())
responseBuilder.setPaging(pagingBuilder.build());
}
- private static void formatHotspots(SearchResponseData searchResponseData, Hotspots.SearchWsResponse.Builder responseBuilder) {
+ private void formatHotspots(SearchResponseData searchResponseData, SearchWsResponse.Builder responseBuilder) {
List<IssueDto> orderedHotspots = searchResponseData.getOrderedHotspots();
if (orderedHotspots.isEmpty()) {
return;
}
- Hotspots.Hotspot.Builder builder = Hotspots.Hotspot.newBuilder();
+ SearchWsResponse.Hotspot.Builder builder = SearchWsResponse.Hotspot.newBuilder();
for (IssueDto hotspot : orderedHotspots) {
RuleDefinitionDto rule = searchResponseData.getRule(hotspot.getRuleKey())
// due to join with table Rule when retrieving data from Issues, this can't happen
}
}
- private void formatComponents(SearchResponseData searchResponseData, Hotspots.SearchWsResponse.Builder responseBuilder) {
+ private void formatComponents(SearchResponseData searchResponseData, SearchWsResponse.Builder responseBuilder) {
Set<ComponentDto> components = searchResponseData.getComponents();
if (components.isEmpty()) {
return;
Hotspots.Component.Builder builder = Hotspots.Component.newBuilder();
for (ComponentDto component : components) {
- builder
- .clear()
- .setOrganization(defaultOrganizationProvider.get().getKey())
- .setKey(component.getKey())
- .setQualifier(component.qualifier())
- .setName(component.name())
- .setLongName(component.longName());
- ofNullable(component.path()).ifPresent(builder::setPath);
-
- responseBuilder.addComponents(builder.build());
+ responseBuilder.addComponents(responseFormatter.formatComponent(builder, component));
}
}
*/
package org.sonar.server.hotspot.ws;
+import java.util.Objects;
+import org.sonar.api.rule.RuleKey;
+import org.sonar.api.rules.RuleType;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.issue.IssueDto;
+import org.sonar.db.rule.RuleDefinitionDto;
import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.issue.TextRangeResponseFormatter;
+import org.sonar.server.security.SecurityStandards;
import org.sonar.server.user.UserSession;
+import org.sonarqube.ws.Hotspots;
+import org.sonarqube.ws.Hotspots.ShowWsResponse;
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Strings.nullToEmpty;
import static java.lang.String.format;
+import static java.util.Optional.ofNullable;
+import static org.sonar.api.utils.DateUtils.formatDateTime;
+import static org.sonar.server.ws.WsUtils.writeProtobuf;
public class ShowAction implements HotspotsWsAction {
private final DbClient dbClient;
private final UserSession userSession;
+ private final HotspotWsResponseFormatter responseFormatter;
+ private final TextRangeResponseFormatter textRangeFormatter;
- public ShowAction(DbClient dbClient, UserSession userSession) {
+ public ShowAction(DbClient dbClient, UserSession userSession, HotspotWsResponseFormatter responseFormatter, TextRangeResponseFormatter textRangeFormatter) {
this.dbClient = dbClient;
this.userSession = userSession;
+ this.responseFormatter = responseFormatter;
+ this.textRangeFormatter = textRangeFormatter;
}
@Override
WebService.NewAction action = controller
.createAction("show")
.setHandler(this)
- .setDescription("Provides the details of a Security Hotpot.")
- .setSince("8.1");
+ .setDescription("Provides the details of a Security Hotspot.")
+ .setSince("8.1")
+ .setInternal(true);
action.createParam(PARAM_HOTSPOT_KEY)
.setDescription("Key of the Security Hotspot")
String hotspotKey = request.mandatoryParam(PARAM_HOTSPOT_KEY);
try (DbSession dbSession = dbClient.openSession(false)) {
IssueDto hotspot = dbClient.issueDao().selectByKey(dbSession, hotspotKey)
- .orElseThrow(() -> new NotFoundException(format("Hotspot with key '%s' does not exist", hotspotKey)));
- ComponentDto project = dbClient.componentDao().selectByUuid(dbSession, hotspot.getProjectUuid())
- .orElseThrow(() -> new NotFoundException(format("Project with uuid '%s' does not exist", hotspot.getProjectUuid())));
- userSession.checkComponentPermission(UserRole.USER, project);
+ .filter(t -> t.getType() == RuleType.SECURITY_HOTSPOT.getDbConstant())
+ .orElseThrow(() -> new NotFoundException(format("Hotspot '%s' does not exist", hotspotKey)));
+ Components components = loadComponents(dbSession, hotspot);
+ RuleDefinitionDto rule = loadRule(dbSession, hotspot);
+ ShowWsResponse.Builder responseBuilder = ShowWsResponse.newBuilder();
+ formatHotspot(responseBuilder, hotspot);
+ formatComponents(components, responseBuilder);
+ formatRule(responseBuilder, rule);
+ formatTextRange(hotspot, responseBuilder);
+
+ writeProtobuf(responseBuilder.build(), request, response);
}
}
+
+ private void formatHotspot(ShowWsResponse.Builder builder, IssueDto hotspot) {
+ builder.setKey(hotspot.getKey());
+ ofNullable(hotspot.getStatus()).ifPresent(builder::setStatus);
+ // FIXME resolution field will be added later
+ // ofNullable(hotspot.getResolution()).ifPresent(builder::setResolution);
+ ofNullable(hotspot.getLine()).ifPresent(builder::setLine);
+ builder.setMessage(nullToEmpty(hotspot.getMessage()));
+ ofNullable(hotspot.getAssigneeUuid()).ifPresent(builder::setAssignee);
+ // FIXME Filter author only if user is member of the organization (as done in issues/search WS)
+ // if (data.getUserOrganizationUuids().contains(component.getOrganizationUuid())) {
+ builder.setAuthor(nullToEmpty(hotspot.getAuthorLogin()));
+ // }
+ builder.setCreationDate(formatDateTime(hotspot.getIssueCreationDate()));
+ builder.setUpdateDate(formatDateTime(hotspot.getIssueUpdateDate()));
+ }
+
+ private void formatComponents(Components components, ShowWsResponse.Builder responseBuilder) {
+ responseBuilder
+ .setProject(responseFormatter.formatComponent(Hotspots.Component.newBuilder(), components.getProject()))
+ .setComponent(responseFormatter.formatComponent(Hotspots.Component.newBuilder(), components.getComponent()));
+ }
+
+ private void formatRule(ShowWsResponse.Builder responseBuilder, RuleDefinitionDto ruleDefinitionDto) {
+ SecurityStandards securityStandards = SecurityStandards.fromSecurityStandards(ruleDefinitionDto.getSecurityStandards());
+ SecurityStandards.SQCategory sqCategory = securityStandards.getSqCategory();
+ HotspotRuleDescription hotspotRuleDescription = HotspotRuleDescription.from(ruleDefinitionDto);
+ Hotspots.Rule.Builder ruleBuilder = Hotspots.Rule.newBuilder()
+ .setKey(ruleDefinitionDto.getKey().toString())
+ .setName(nullToEmpty(ruleDefinitionDto.getName()))
+ .setSecurityCategory(sqCategory.getKey())
+ .setVulnerabilityProbability(sqCategory.getVulnerability().name());
+ hotspotRuleDescription.getVulnerable().ifPresent(ruleBuilder::setVulnerabilityDescription);
+ hotspotRuleDescription.getRisk().ifPresent(ruleBuilder::setRiskDescription);
+ hotspotRuleDescription.getFixIt().ifPresent(ruleBuilder::setFixRecommendations);
+ responseBuilder.setRule(ruleBuilder.build());
+ }
+
+ private void formatTextRange(IssueDto hotspot, ShowWsResponse.Builder responseBuilder) {
+ textRangeFormatter.formatTextRange(hotspot, responseBuilder::setTextRange);
+ }
+
+ private RuleDefinitionDto loadRule(DbSession dbSession, IssueDto hotspot) {
+ RuleKey ruleKey = hotspot.getRuleKey();
+ return dbClient.ruleDao().selectDefinitionByKey(dbSession, ruleKey)
+ .orElseThrow(() -> new NotFoundException(format("Rule '%s' does not exist", ruleKey)));
+ }
+
+ private Components loadComponents(DbSession dbSession, IssueDto hotspot) {
+ String projectUuid = hotspot.getProjectUuid();
+ String componentUuid = hotspot.getComponentUuid();
+ checkArgument(projectUuid != null, "Hotspot '%s' has no project", hotspot.getKee());
+ checkArgument(componentUuid != null, "Hotspot '%s' has no component", hotspot.getKee());
+
+ ComponentDto project = dbClient.componentDao().selectByUuid(dbSession, projectUuid)
+ .orElseThrow(() -> new NotFoundException(format("Project with uuid '%s' does not exist", projectUuid)));
+ userSession.checkComponentPermission(UserRole.USER, project);
+
+ boolean hotspotOnProject = Objects.equals(projectUuid, componentUuid);
+ ComponentDto component = hotspotOnProject ? project
+ : dbClient.componentDao().selectByUuid(dbSession, componentUuid)
+ .orElseThrow(() -> new NotFoundException(format("Component with uuid '%s' does not exist", componentUuid)));
+
+ return new Components(project, component);
+ }
+
+ private static final class Components {
+ private final ComponentDto project;
+ private final ComponentDto component;
+
+ private Components(ComponentDto project, ComponentDto component) {
+ this.project = project;
+ this.component = component;
+ }
+
+ public ComponentDto getProject() {
+ return project;
+ }
+
+ public ComponentDto getComponent() {
+ return component;
+ }
+ }
+
}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.issue;
+
+import java.util.Map;
+import java.util.function.Consumer;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.issue.IssueDto;
+import org.sonar.db.protobuf.DbCommons;
+import org.sonar.db.protobuf.DbIssues;
+import org.sonarqube.ws.Common;
+
+import static java.util.Optional.ofNullable;
+
+public class TextRangeResponseFormatter {
+
+ public void formatTextRange(IssueDto dto, Consumer<Common.TextRange> rangeConsumer) {
+ DbIssues.Locations locations = dto.parseLocations();
+ if (locations == null) {
+ return;
+ }
+ formatTextRange(locations, rangeConsumer);
+ }
+
+ public void formatTextRange(DbIssues.Locations locations, Consumer<Common.TextRange> rangeConsumer) {
+ if (locations.hasTextRange()) {
+ DbCommons.TextRange textRange = locations.getTextRange();
+ rangeConsumer.accept(convertTextRange(textRange).build());
+ }
+ }
+
+ public Common.Location formatLocation(DbIssues.Location source, String issueComponent, Map<String, ComponentDto> componentsByUuid) {
+ Common.Location.Builder target = Common.Location.newBuilder();
+ if (source.hasMsg()) {
+ target.setMsg(source.getMsg());
+ }
+ if (source.hasTextRange()) {
+ DbCommons.TextRange sourceRange = source.getTextRange();
+ Common.TextRange.Builder targetRange = convertTextRange(sourceRange);
+ target.setTextRange(targetRange);
+ }
+ if (source.hasComponentId()) {
+ ofNullable(componentsByUuid.get(source.getComponentId())).ifPresent(c -> target.setComponent(c.getKey()));
+ } else {
+ target.setComponent(issueComponent);
+ }
+ return target.build();
+ }
+
+ private static Common.TextRange.Builder convertTextRange(DbCommons.TextRange sourceRange) {
+ Common.TextRange.Builder targetRange = Common.TextRange.newBuilder();
+ if (sourceRange.hasStartLine()) {
+ targetRange.setStartLine(sourceRange.getStartLine());
+ }
+ if (sourceRange.hasStartOffset()) {
+ targetRange.setStartOffset(sourceRange.getStartOffset());
+ }
+ if (sourceRange.hasEndLine()) {
+ targetRange.setEndLine(sourceRange.getEndLine());
+ }
+ if (sourceRange.hasEndOffset()) {
+ targetRange.setEndOffset(sourceRange.getEndOffset());
+ }
+ return targetRange;
+ }
+}
import org.sonar.core.platform.Module;
import org.sonar.server.issue.AvatarResolverImpl;
+import org.sonar.server.issue.TextRangeResponseFormatter;
import org.sonar.server.issue.IssueFieldsSetter;
import org.sonar.server.issue.IssueFinder;
import org.sonar.server.issue.TransitionService;
IssuesWs.class,
AvatarResolverImpl.class,
SearchResponseLoader.class,
+ TextRangeResponseFormatter.class,
SearchResponseFormat.class,
OperationResponseWriter.class,
AddCommentAction.class,
return componentsByUuid.get(uuid);
}
+ public Map<String, ComponentDto> getComponentsByUuid() {
+ return componentsByUuid;
+ }
+
public List<UserDto> getUsers() {
return new ArrayList<>(usersByUuid.values());
}
import org.sonar.db.component.ComponentDto;
import org.sonar.db.issue.IssueChangeDto;
import org.sonar.db.issue.IssueDto;
-import org.sonar.db.protobuf.DbCommons;
import org.sonar.db.protobuf.DbIssues;
-import org.sonar.db.protobuf.DbIssues.Location;
import org.sonar.db.rule.RuleDefinitionDto;
import org.sonar.db.user.UserDto;
import org.sonar.markdown.Markdown;
import org.sonar.server.es.Facets;
import org.sonar.server.issue.AvatarResolver;
+import org.sonar.server.issue.TextRangeResponseFormatter;
import org.sonar.server.issue.workflow.Transition;
import org.sonarqube.ws.Common;
import org.sonarqube.ws.Issues;
private final Durations durations;
private final Languages languages;
private final AvatarResolver avatarFactory;
+ private final TextRangeResponseFormatter textRangeFormatter;
- public SearchResponseFormat(Durations durations, Languages languages, AvatarResolver avatarFactory) {
+ public SearchResponseFormat(Durations durations, Languages languages, AvatarResolver avatarFactory,
+ TextRangeResponseFormatter textRangeFormatter) {
this.durations = durations;
this.languages = languages;
this.avatarFactory = avatarFactory;
+ this.textRangeFormatter = textRangeFormatter;
}
SearchWsResponse formatSearch(Set<SearchAdditionalField> fields, SearchResponseData data, Paging paging, Facets facets) {
return ruleKey.repository().replace(EXTERNAL_RULE_REPO_PREFIX, "");
}
- private static void completeIssueLocations(IssueDto dto, Issue.Builder issueBuilder, SearchResponseData data) {
+ private void completeIssueLocations(IssueDto dto, Issue.Builder issueBuilder, SearchResponseData data) {
DbIssues.Locations locations = dto.parseLocations();
if (locations == null) {
return;
}
- if (locations.hasTextRange()) {
- DbCommons.TextRange textRange = locations.getTextRange();
- issueBuilder.setTextRange(convertTextRange(textRange));
- }
+ textRangeFormatter.formatTextRange(locations, issueBuilder::setTextRange);
for (DbIssues.Flow flow : locations.getFlowList()) {
Common.Flow.Builder targetFlow = Common.Flow.newBuilder();
- for (Location flowLocation : flow.getLocationList()) {
- targetFlow.addLocations(convertLocation(issueBuilder, flowLocation, data));
+ for (DbIssues.Location flowLocation : flow.getLocationList()) {
+ targetFlow.addLocations(textRangeFormatter.formatLocation(flowLocation, issueBuilder.getComponent(), data.getComponentsByUuid()));
}
- issueBuilder.addFlows(targetFlow);
- }
- }
-
- private static Common.Location convertLocation(Issue.Builder issueBuilder, Location source, SearchResponseData data) {
- Common.Location.Builder target = Common.Location.newBuilder();
- if (source.hasMsg()) {
- target.setMsg(source.getMsg());
- }
- if (source.hasTextRange()) {
- DbCommons.TextRange sourceRange = source.getTextRange();
- Common.TextRange.Builder targetRange = convertTextRange(sourceRange);
- target.setTextRange(targetRange);
- }
- if (source.hasComponentId()) {
- ofNullable(data.getComponentByUuid(source.getComponentId())).ifPresent(c -> target.setComponent(c.getKey()));
- } else {
- target.setComponent(issueBuilder.getComponent());
- }
- return target.build();
- }
-
- private static Common.TextRange.Builder convertTextRange(DbCommons.TextRange sourceRange) {
- Common.TextRange.Builder targetRange = Common.TextRange.newBuilder();
- if (sourceRange.hasStartLine()) {
- targetRange.setStartLine(sourceRange.getStartLine());
- }
- if (sourceRange.hasStartOffset()) {
- targetRange.setStartOffset(sourceRange.getStartOffset());
- }
- if (sourceRange.hasEndLine()) {
- targetRange.setEndLine(sourceRange.getEndLine());
- }
- if (sourceRange.hasEndOffset()) {
- targetRange.setEndOffset(sourceRange.getEndOffset());
+ issueBuilder.addFlows(targetFlow.build());
}
- return targetRange;
}
private static void formatIssueTransitions(SearchResponseData data, Issue.Builder wsIssue, IssueDto dto) {
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.hotspot.ws;
+
+import com.tngtech.java.junit.dataprovider.DataProvider;
+import com.tngtech.java.junit.dataprovider.DataProviderRunner;
+import com.tngtech.java.junit.dataprovider.UseDataProvider;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.sonar.db.rule.RuleDefinitionDto;
+import org.sonar.db.rule.RuleTesting;
+
+import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic;
+import static org.assertj.core.api.Assertions.assertThat;
+
+@RunWith(DataProviderRunner.class)
+public class HotspotRuleDescriptionTest {
+ @Test
+ public void parse_returns_all_empty_fields_when_no_description() {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(null);
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk()).isEmpty();
+ assertThat(result.getVulnerable()).isEmpty();
+ assertThat(result.getFixIt()).isEmpty();
+ }
+
+ @Test
+ @UseDataProvider("noContentVariants")
+ public void parse_returns_all_empty_fields_when_empty_description(String noContent) {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription("");
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk()).isEmpty();
+ assertThat(result.getVulnerable()).isEmpty();
+ assertThat(result.getFixIt()).isEmpty();
+ }
+
+ @Test
+ public void parse_ignores_titles_if_not_h2() {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(
+ "acme\" +" +
+ "<h1>Ask Yourself Whether</h1>\n" +
+ "bar\n" +
+ "<h1>Recommended Secure Coding Practices</h1>\n" +
+ "foo");
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk()).isEmpty();
+ assertThat(result.getVulnerable()).isEmpty();
+ assertThat(result.getFixIt()).isEmpty();
+ }
+
+ @Test
+ @UseDataProvider("whiteSpaceBeforeAndAfterCombinations")
+ public void parse_does_not_trim_content_of_h2_titles(String whiteSpaceBefore, String whiteSpaceAfter) {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(
+ "acme\" +" +
+ "<h2>" + whiteSpaceBefore + "Ask Yourself Whether" + whiteSpaceAfter + "</h2>\n" +
+ "bar\n" +
+ "<h2>" + whiteSpaceBefore + "Recommended Secure Coding Practices\" + whiteSpaceAfter + \"</h2>\n" +
+ "foo");
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk()).isEmpty();
+ assertThat(result.getVulnerable()).isEmpty();
+ assertThat(result.getFixIt()).isEmpty();
+ }
+
+ @DataProvider
+ public static Object[][] whiteSpaceBeforeAndAfterCombinations() {
+ String whiteSpace = " ";
+ String noWithSpace = "";
+ return new Object[][] {
+ {noWithSpace, whiteSpace},
+ {whiteSpace, noWithSpace},
+ {whiteSpace, whiteSpace}
+ };
+ }
+
+ @Test
+ @UseDataProvider("descriptionsWithoutTitles")
+ public void parse_return_null_fields_when_desc_contains_neither_title(String description) {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(description);
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk()).isEmpty();
+ assertThat(result.getVulnerable()).isEmpty();
+ assertThat(result.getFixIt()).isEmpty();
+ }
+
+ @DataProvider
+ public static Object[][] descriptionsWithoutTitles() {
+ return new Object[][] {
+ {""},
+ {randomAlphabetic(123)},
+ {"bar\n" +
+ "acme\n" +
+ "foo"}
+ };
+ }
+
+ @Test
+ public void parse_return_null_risk_when_desc_starts_with_ask_yourself_title() {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(
+ "<h2>Ask Yourself Whether</h2>\n" +
+ "bar\n" +
+ "<h2>Recommended Secure Coding Practices</h2>\n" +
+ "foo");
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk()).isEmpty();
+ assertThat(result.getVulnerable().get()).isEqualTo("<h2>Ask Yourself Whether</h2>\nbar");
+ assertThat(result.getFixIt().get()).isEqualTo("<h2>Recommended Secure Coding Practices</h2>\nfoo");
+ }
+
+ @Test
+ public void parse_return_null_vulnerable_when_no_ask_yourself_whether_title() {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(
+ "bar\n" +
+ "<h2>Recommended Secure Coding Practices</h2>\n" +
+ "foo");
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk().get()).isEqualTo("bar");
+ assertThat(result.getVulnerable()).isEmpty();
+ assertThat(result.getFixIt().get()).isEqualTo("<h2>Recommended Secure Coding Practices</h2>\nfoo");
+ }
+
+ @Test
+ @UseDataProvider("noContentVariants")
+ public void parse_returns_vulnerable_with_only_title_when_no_content_between_titles(String noContent) {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(
+ "bar\n" +
+ "<h2>Ask Yourself Whether</h2>\n" +
+ noContent +
+ "<h2>Recommended Secure Coding Practices</h2>\n" +
+ "foo");
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk().get()).isEqualTo("bar");
+ assertThat(result.getVulnerable().get()).isEqualTo("<h2>Ask Yourself Whether</h2>");
+ assertThat(result.getFixIt().get()).isEqualTo("<h2>Recommended Secure Coding Practices</h2>\nfoo");
+ }
+
+ @Test
+ @UseDataProvider("noContentVariants")
+ public void parse_returns_fixIt_with_only_title_when_no_content_after_Recommended_Secure_Coding_Practices_title(String noContent) {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(
+ "bar\n" +
+ "<h2>Ask Yourself Whether</h2>\n" +
+ "bar" +
+ "<h2>Recommended Secure Coding Practices</h2>\n" +
+ noContent);
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk().get()).isEqualTo("bar");
+ assertThat(result.getVulnerable().get()).isEqualTo("<h2>Ask Yourself Whether</h2>\nbar");
+ assertThat(result.getFixIt().get()).isEqualTo("<h2>Recommended Secure Coding Practices</h2>");
+ }
+
+ @DataProvider
+ public static Object[][] noContentVariants() {
+ return new Object[][] {
+ {""},
+ {"\n"},
+ {" \n "},
+ {"\t\n \n"},
+ };
+ }
+
+ @Test
+ public void parse_return_null_fixIt_when_desc_has_no_Recommended_Secure_Coding_Practices_title() {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(
+ "bar\n" +
+ "<h2>Ask Yourself Whether</h2>\n" +
+ "foo");
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk().get()).isEqualTo("bar");
+ assertThat(result.getVulnerable().get()).isEqualTo("<h2>Ask Yourself Whether</h2>\nfoo");
+ assertThat(result.getFixIt()).isEmpty();
+ }
+
+ @Test
+ public void parse_returns_regular_description() {
+ RuleDefinitionDto dto = RuleTesting.newRule().setDescription(
+ "<p>Enabling Cross-Origin Resource Sharing (CORS) is security-sensitive. For example, it has led in the past to the following vulnerabilities:</p>\n" +
+ "<ul>\n" +
+ " <li> <a href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0269\">CVE-2018-0269</a> </li>\n" +
+ " <li> <a href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14460\">CVE-2017-14460</a> </li>\n" +
+ "</ul>\n" +
+ "<p>Applications that enable CORS will effectively relax the same-origin policy in browsers, which is in place to prevent AJAX requests to hosts other\n" +
+ "than the one showing in the browser address bar. Being too permissive, CORS can potentially allow an attacker to gain access to sensitive\n" +
+ "information.</p>\n" +
+ "<p>This rule flags code that enables CORS or specifies any HTTP response headers associated with CORS. The goal is to guide security code reviews.</p>\n" +
+ "<h2>Ask Yourself Whether</h2>\n" +
+ "<ul>\n" +
+ " <li> Any URLs responding with <code>Access-Control-Allow-Origin: *</code> include sensitive content. </li>\n" +
+ " <li> Any domains specified in <code>Access-Control-Allow-Origin</code> headers are checked against a whitelist. </li>\n" +
+ "</ul>\n" +
+ "<h2>Recommended Secure Coding Practices</h2>\n" +
+ "<ul>\n" +
+ " <li> The <code>Access-Control-Allow-Origin</code> header should be set only on specific URLs that require access from other domains. Don't enable\n" +
+ " the header on the entire domain. </li>\n" +
+ " <li> Don't rely on the <code>Origin</code> header blindly without validation as it could be spoofed by an attacker. Use a whitelist to check that\n" +
+ " the <code>Origin</code> domain (including protocol) is allowed before returning it back in the <code>Access-Control-Allow-Origin</code> header.\n" +
+ " </li>\n" +
+ " <li> Use <code>Access-Control-Allow-Origin: *</code> only if your application absolutely requires it, for example in the case of an open/public API.\n" +
+ " For such endpoints, make sure that there is no sensitive content or information included in the response. </li>\n" +
+ "</ul>\n" +
+ "<h2>Sensitive Code Example</h2>\n" +
+ "<pre>\n" +
+ "// === Java Servlet ===\n" +
+ "@Override\n" +
+ "protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {\n" +
+ " resp.setHeader(\"Content-Type\", \"text/plain; charset=utf-8\");\n" +
+ " resp.setHeader(\"Access-Control-Allow-Origin\", \"http://localhost:8080\"); // Questionable\n" +
+ " resp.setHeader(\"Access-Control-Allow-Credentials\", \"true\"); // Questionable\n" +
+ " resp.setHeader(\"Access-Control-Allow-Methods\", \"GET\"); // Questionable\n" +
+ " resp.getWriter().write(\"response\");\n" +
+ "}\n" +
+ "</pre>\n" +
+ "<pre>\n" +
+ "// === Spring MVC Controller annotation ===\n" +
+ "@CrossOrigin(origins = \"http://domain1.com\") // Questionable\n" +
+ "@RequestMapping(\"\")\n" +
+ "public class TestController {\n" +
+ " public String home(ModelMap model) {\n" +
+ " model.addAttribute(\"message\", \"ok \");\n" +
+ " return \"view\";\n" +
+ " }\n" +
+ "\n" +
+ " @CrossOrigin(origins = \"http://domain2.com\") // Questionable\n" +
+ " @RequestMapping(value = \"/test1\")\n" +
+ " public ResponseEntity<String> test1() {\n" +
+ " return ResponseEntity.ok().body(\"ok\");\n" +
+ " }\n" +
+ "}\n" +
+ "</pre>\n" +
+ "<h2>See</h2>\n" +
+ "<ul>\n" +
+ " <li> <a href=\"https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration\">OWASP Top 10 2017 Category A6</a> - Security\n" +
+ " Misconfiguration </li>\n" +
+ " <li> <a href=\"https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Cross_Origin_Resource_Sharing\">OWASP HTML5 Security Cheat Sheet</a> - Cross\n" +
+ " Origin Resource Sharing </li>\n" +
+ " <li> <a href=\"https://www.owasp.org/index.php/CORS_OriginHeaderScrutiny\">OWASP CORS OriginHeaderScrutiny</a> </li>\n" +
+ " <li> <a href=\"https://www.owasp.org/index.php/CORS_RequestPreflighScrutiny\">OWASP CORS RequestPreflighScrutiny</a> </li>\n" +
+ " <li> <a href=\"https://cwe.mitre.org/data/definitions/346.html\">MITRE, CWE-346</a> - Origin Validation Error </li>\n" +
+ " <li> <a href=\"https://cwe.mitre.org/data/definitions/942.html\">MITRE, CWE-942</a> - Overly Permissive Cross-domain Whitelist </li>\n" +
+ " <li> <a href=\"https://www.sans.org/top25-software-errors/#cat3\">SANS Top 25</a> - Porous Defenses </li>\n" +
+ "</ul>");
+
+ HotspotRuleDescription result = HotspotRuleDescription.from(dto);
+
+ assertThat(result.getRisk().get()).isEqualTo(
+ "<p>Enabling Cross-Origin Resource Sharing (CORS) is security-sensitive. For example, it has led in the past to the following vulnerabilities:</p>\n" +
+ "<ul>\n" +
+ " <li> <a href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0269\">CVE-2018-0269</a> </li>\n" +
+ " <li> <a href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14460\">CVE-2017-14460</a> </li>\n" +
+ "</ul>\n" +
+ "<p>Applications that enable CORS will effectively relax the same-origin policy in browsers, which is in place to prevent AJAX requests to hosts other\n" +
+ "than the one showing in the browser address bar. Being too permissive, CORS can potentially allow an attacker to gain access to sensitive\n" +
+ "information.</p>\n" +
+ "<p>This rule flags code that enables CORS or specifies any HTTP response headers associated with CORS. The goal is to guide security code reviews.</p>");
+ assertThat(result.getVulnerable().get()).isEqualTo(
+ "<h2>Ask Yourself Whether</h2>\n" +
+ "<ul>\n" +
+ " <li> Any URLs responding with <code>Access-Control-Allow-Origin: *</code> include sensitive content. </li>\n" +
+ " <li> Any domains specified in <code>Access-Control-Allow-Origin</code> headers are checked against a whitelist. </li>\n" +
+ "</ul>");
+ assertThat(result.getFixIt().get()).isEqualTo(
+ "<h2>Recommended Secure Coding Practices</h2>\n" +
+ "<ul>\n" +
+ " <li> The <code>Access-Control-Allow-Origin</code> header should be set only on specific URLs that require access from other domains. Don't enable\n" +
+ " the header on the entire domain. </li>\n" +
+ " <li> Don't rely on the <code>Origin</code> header blindly without validation as it could be spoofed by an attacker. Use a whitelist to check that\n" +
+ " the <code>Origin</code> domain (including protocol) is allowed before returning it back in the <code>Access-Control-Allow-Origin</code> header.\n" +
+ " </li>\n" +
+ " <li> Use <code>Access-Control-Allow-Origin: *</code> only if your application absolutely requires it, for example in the case of an open/public API.\n" +
+ " For such endpoints, make sure that there is no sensitive content or information included in the response. </li>\n" +
+ "</ul>\n" +
+ "<h2>Sensitive Code Example</h2>\n" +
+ "<pre>\n" +
+ "// === Java Servlet ===\n" +
+ "@Override\n" +
+ "protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {\n" +
+ " resp.setHeader(\"Content-Type\", \"text/plain; charset=utf-8\");\n" +
+ " resp.setHeader(\"Access-Control-Allow-Origin\", \"http://localhost:8080\"); // Questionable\n" +
+ " resp.setHeader(\"Access-Control-Allow-Credentials\", \"true\"); // Questionable\n" +
+ " resp.setHeader(\"Access-Control-Allow-Methods\", \"GET\"); // Questionable\n" +
+ " resp.getWriter().write(\"response\");\n" +
+ "}\n" +
+ "</pre>\n" +
+ "<pre>\n" +
+ "// === Spring MVC Controller annotation ===\n" +
+ "@CrossOrigin(origins = \"http://domain1.com\") // Questionable\n" +
+ "@RequestMapping(\"\")\n" +
+ "public class TestController {\n" +
+ " public String home(ModelMap model) {\n" +
+ " model.addAttribute(\"message\", \"ok \");\n" +
+ " return \"view\";\n" +
+ " }\n" +
+ "\n" +
+ " @CrossOrigin(origins = \"http://domain2.com\") // Questionable\n" +
+ " @RequestMapping(value = \"/test1\")\n" +
+ " public ResponseEntity<String> test1() {\n" +
+ " return ResponseEntity.ok().body(\"ok\");\n" +
+ " }\n" +
+ "}\n" +
+ "</pre>\n" +
+ "<h2>See</h2>\n" +
+ "<ul>\n" +
+ " <li> <a href=\"https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration\">OWASP Top 10 2017 Category A6</a> - Security\n" +
+ " Misconfiguration </li>\n" +
+ " <li> <a href=\"https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Cross_Origin_Resource_Sharing\">OWASP HTML5 Security Cheat Sheet</a> - Cross\n" +
+ " Origin Resource Sharing </li>\n" +
+ " <li> <a href=\"https://www.owasp.org/index.php/CORS_OriginHeaderScrutiny\">OWASP CORS OriginHeaderScrutiny</a> </li>\n" +
+ " <li> <a href=\"https://www.owasp.org/index.php/CORS_RequestPreflighScrutiny\">OWASP CORS RequestPreflighScrutiny</a> </li>\n" +
+ " <li> <a href=\"https://cwe.mitre.org/data/definitions/346.html\">MITRE, CWE-346</a> - Origin Validation Error </li>\n" +
+ " <li> <a href=\"https://cwe.mitre.org/data/definitions/942.html\">MITRE, CWE-942</a> - Overly Permissive Cross-domain Whitelist </li>\n" +
+ " <li> <a href=\"https://www.sans.org/top25-software-errors/#cat3\">SANS Top 25</a> - Porous Defenses </li>\n" +
+ "</ul>");
+ }
+}
public void verify_count_of_added_components() {
ComponentContainer container = new ComponentContainer();
new HotspotsWsModule().configure(container);
- assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 2);
+ assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 4);
}
}
private IssueIndex issueIndex = new IssueIndex(es.client(), System2.INSTANCE, userSessionRule, new WebAuthorizationTypeSupport(userSessionRule));
private IssueIndexer issueIndexer = new IssueIndexer(es.client(), dbClient, new IssueIteratorFactory(dbClient));
private StartupIndexer permissionIndexer = new PermissionIndexer(dbClient, es.client(), issueIndexer);
+ private HotspotWsResponseFormatter responseFormatter = new HotspotWsResponseFormatter(defaultOrganizationProvider);
- private SearchAction underTest = new SearchAction(dbClient, userSessionRule, issueIndex, defaultOrganizationProvider);
+ private SearchAction underTest = new SearchAction(dbClient, userSessionRule, issueIndex, responseFormatter);
private WsActionTester actionTester = new WsActionTester(underTest);
@Test
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(Hotspots.SearchWsResponse.Hotspot::getKey)
.containsOnly(Arrays.stream(hotspots)
.filter(t -> !t.getKey().equals(hotspotWithoutRule.getKey()))
.map(IssueDto::getKey)
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsOnly(Arrays.stream(hotspots).map(IssueDto::getKey).toArray(String[]::new));
assertThat(response.getComponentsList())
.extracting(Component::getKey)
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(Hotspots.SearchWsResponse.Hotspot::getKey)
.containsOnly(Arrays.stream(hotspots).map(IssueDto::getKey).toArray(String[]::new));
assertThat(response.getComponentsList())
.extracting(Component::getKey)
.executeProtobuf(SearchWsResponse.class);
assertThat(responseProject1.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.doesNotContainAnyElementsOf(Arrays.stream(hotspots2).map(IssueDto::getKey).collect(Collectors.toList()));
assertThat(responseProject1.getComponentsList())
.extracting(Component::getKey)
.executeProtobuf(SearchWsResponse.class);
assertThat(responseProject2.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsOnly(Arrays.stream(hotspots2).map(IssueDto::getKey).toArray(String[]::new));
assertThat(responseProject2.getComponentsList())
.extracting(Component::getKey)
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsOnly(unresolvedHotspot.getKey(), badlyClosedHotspot.getKey());
}
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).hasSize(1);
- Hotspots.Hotspot actual = response.getHotspots(0);
+ SearchWsResponse.Hotspot actual = response.getHotspots(0);
assertThat(actual.getComponent()).isEqualTo(file.getKey());
assertThat(actual.getProject()).isEqualTo(project.getKey());
assertThat(actual.getStatus()).isEqualTo(hotspot.getStatus());
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).hasSize(1);
- Hotspots.Hotspot actual = response.getHotspots(0);
+ Hotspots.SearchWsResponse.Hotspot actual = response.getHotspots(0);
assertThat(actual.getSecurityCategory()).isEqualTo(expected.getKey());
assertThat(actual.getVulnerabilityProbability()).isEqualTo(expected.getVulnerability().name());
}
assertThat(response.getHotspotsList())
.hasSize(1);
- Hotspots.Hotspot actual = response.getHotspots(0);
+ SearchWsResponse.Hotspot actual = response.getHotspots(0);
assertThat(actual.hasStatus()).isFalse();
// FIXME resolution field will be added later
// assertThat(actual.hasResolution()).isFalse();
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsOnly(fileHotspot.getKey(), dirHotspot.getKey(), projectHotspot.getKey());
assertThat(response.getComponentsList()).hasSize(3);
assertThat(response.getComponentsList())
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsExactly(expectedHotspotKeys);
}
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsExactly(expectedHotspotKeys);
}
SearchWsResponse response = request.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsExactly(hotspots.stream().limit(100).map(IssueDto::getKey).toArray(String[]::new));
assertThat(response.getPaging().getTotal()).isEqualTo(hotspots.size());
assertThat(response.getPaging().getPageIndex()).isEqualTo(1);
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsExactly(hotspots.stream().skip(2 * pageSize).limit(pageSize).map(IssueDto::getKey).toArray(String[]::new));
assertThat(response.getPaging().getTotal()).isEqualTo(hotspots.size());
assertThat(response.getPaging().getPageIndex()).isEqualTo(3);
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.containsExactly(hotspots.stream().skip(3 * pageSize).limit(pageSize).map(IssueDto::getKey).toArray(String[]::new));
assertThat(response.getPaging().getTotal()).isEqualTo(hotspots.size());
assertThat(response.getPaging().getPageIndex()).isEqualTo(4);
.executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList())
- .extracting(Hotspots.Hotspot::getKey)
+ .extracting(SearchWsResponse.Hotspot::getKey)
.isEmpty();
assertThat(response.getPaging().getTotal()).isEqualTo(hotspots.size());
assertThat(response.getPaging().getPageIndex()).isEqualTo(emptyPage);
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.hotspot.ws;
+
+import com.google.common.collect.ImmutableSet;
+import com.tngtech.java.junit.dataprovider.DataProvider;
+import com.tngtech.java.junit.dataprovider.DataProviderRunner;
+import com.tngtech.java.junit.dataprovider.UseDataProvider;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Random;
+import java.util.Set;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.sonar.api.rules.RuleType;
+import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbTester;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.issue.IssueDto;
+import org.sonar.db.issue.IssueTesting;
+import org.sonar.db.protobuf.DbCommons;
+import org.sonar.db.protobuf.DbIssues;
+import org.sonar.db.rule.RuleDefinitionDto;
+import org.sonar.db.rule.RuleTesting;
+import org.sonar.server.issue.TextRangeResponseFormatter;
+import org.sonar.server.es.EsTester;
+import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.organization.TestDefaultOrganizationProvider;
+import org.sonar.server.security.SecurityStandards;
+import org.sonar.server.security.SecurityStandards.SQCategory;
+import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.ws.TestRequest;
+import org.sonar.server.ws.WsActionTester;
+import org.sonarqube.ws.Common;
+import org.sonarqube.ws.Hotspots;
+
+import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
+import static org.sonar.db.component.ComponentTesting.newFileDto;
+
+@RunWith(DataProviderRunner.class)
+public class ShowActionTest {
+ private static final Random RANDOM = new Random();
+
+ @Rule
+ public DbTester dbTester = DbTester.create(System2.INSTANCE);
+ @Rule
+ public EsTester es = EsTester.create();
+ @Rule
+ public UserSessionRule userSessionRule = UserSessionRule.standalone();
+
+ private DbClient dbClient = dbTester.getDbClient();
+ private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(dbTester);
+
+ private TextRangeResponseFormatter commonFormatter = new TextRangeResponseFormatter();
+ private HotspotWsResponseFormatter responseFormatter = new HotspotWsResponseFormatter(defaultOrganizationProvider);
+
+ private ShowAction underTest = new ShowAction(dbClient, userSessionRule, responseFormatter, commonFormatter);
+ private WsActionTester actionTester = new WsActionTester(underTest);
+
+ @Test
+ public void ws_is_internal() {
+ assertThat(actionTester.getDef().isInternal()).isTrue();
+ }
+
+ @Test
+ public void fails_with_IAE_if_parameter_hotspot_is_missing() {
+ TestRequest request = actionTester.newRequest();
+
+ assertThatThrownBy(request::execute)
+ .isInstanceOf(IllegalArgumentException.class)
+ .hasMessage("The 'hotspot' parameter is missing");
+ }
+
+ @Test
+ public void fails_with_NotFoundException_if_hotspot_does_not_exist() {
+ String key = randomAlphabetic(12);
+ TestRequest request = actionTester.newRequest()
+ .setParam("hotspot", key);
+
+ assertThatThrownBy(request::execute)
+ .isInstanceOf(NotFoundException.class)
+ .hasMessage("Hotspot '%s' does not exist", key);
+ }
+
+ @Test
+ @UseDataProvider("ruleTypesButHotspot")
+ public void fails_with_NotFoundException_if_issue_is_not_a_hotspot(RuleType ruleType) {
+ ComponentDto project = dbTester.components().insertPublicProject();
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(ruleType);
+ IssueDto notAHotspot = dbTester.issues().insertIssue(IssueTesting.newIssue(rule, project, file).setType(ruleType));
+ TestRequest request = newRequest(notAHotspot);
+
+ assertThatThrownBy(request::execute)
+ .isInstanceOf(NotFoundException.class)
+ .hasMessage("Hotspot '%s' does not exist", notAHotspot.getKey());
+ }
+
+ @DataProvider
+ public static Object[][] ruleTypesButHotspot() {
+ return Arrays.stream(RuleType.values())
+ .filter(t -> t != SECURITY_HOTSPOT)
+ .map(t -> new Object[] {t})
+ .toArray(Object[][]::new);
+ }
+
+ @Test
+ public void fails_with_ForbiddenException_if_project_is_private_and_not_allowed() {
+ ComponentDto project = dbTester.components().insertPrivateProject();
+ userSessionRule.registerComponents(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, file, rule));
+ TestRequest request = newRequest(hotspot);
+
+ assertThatThrownBy(request::execute)
+ .isInstanceOf(ForbiddenException.class)
+ .hasMessage("Insufficient privileges");
+ }
+
+ @Test
+ public void succeeds_on_public_project() {
+ ComponentDto project = dbTester.components().insertPublicProject();
+ userSessionRule.registerComponents(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, file, rule));
+
+ Hotspots.ShowWsResponse response = newRequest(hotspot)
+ .executeProtobuf(Hotspots.ShowWsResponse.class);
+
+ assertThat(response.getKey()).isEqualTo(hotspot.getKey());
+ }
+
+ @Test
+ public void succeeds_on_private_project_with_permission() {
+ ComponentDto project = dbTester.components().insertPrivateProject();
+ userSessionRule.registerComponents(project);
+ userSessionRule.logIn().addProjectPermission(UserRole.USER, project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, file, rule));
+
+ Hotspots.ShowWsResponse response = newRequest(hotspot)
+ .executeProtobuf(Hotspots.ShowWsResponse.class);
+
+ assertThat(response.getKey()).isEqualTo(hotspot.getKey());
+ }
+
+ @Test
+ public void returns_hotspot_component_and_rule() {
+ ComponentDto project = dbTester.components().insertPublicProject();
+ userSessionRule.registerComponents(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, file, rule));
+
+ Hotspots.ShowWsResponse response = newRequest(hotspot)
+ .executeProtobuf(Hotspots.ShowWsResponse.class);
+
+ assertThat(response.getKey()).isEqualTo(hotspot.getKey());
+ verifyComponent(response.getComponent(), file);
+ verifyComponent(response.getProject(), project);
+ verifyRule(response.getRule(), rule);
+ assertThat(response.hasTextRange()).isFalse();
+ }
+
+ @Test
+ public void returns_no_textrange_when_locations_have_none() {
+ ComponentDto project = dbTester.components().insertPublicProject();
+ userSessionRule.registerComponents(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, file, rule)
+ .setLocations(DbIssues.Locations.newBuilder().build()));
+
+ Hotspots.ShowWsResponse response = newRequest(hotspot)
+ .executeProtobuf(Hotspots.ShowWsResponse.class);
+
+ assertThat(response.hasTextRange()).isFalse();
+ }
+
+ @Test
+ @UseDataProvider("randomTextRangeValues")
+ public void returns_textRange(int startLine, int endLine, int startOffset, int endOffset) {
+ ComponentDto project = dbTester.components().insertPublicProject();
+ userSessionRule.registerComponents(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, file, rule)
+ .setLocations(DbIssues.Locations.newBuilder()
+ .setTextRange(DbCommons.TextRange.newBuilder()
+ .setStartLine(startLine)
+ .setEndLine(endLine)
+ .setStartOffset(startOffset)
+ .setEndOffset(endOffset)
+ .build())
+ .build()));
+
+ Hotspots.ShowWsResponse response = newRequest(hotspot)
+ .executeProtobuf(Hotspots.ShowWsResponse.class);
+ assertThat(response.hasTextRange()).isTrue();
+ Common.TextRange textRange = response.getTextRange();
+ assertThat(textRange.getStartLine()).isEqualTo(startLine);
+ assertThat(textRange.getEndLine()).isEqualTo(endLine);
+ assertThat(textRange.getStartOffset()).isEqualTo(startOffset);
+ assertThat(textRange.getEndOffset()).isEqualTo(endOffset);
+ }
+
+ @DataProvider
+ public static Object[][] randomTextRangeValues() {
+ int startLine = RANDOM.nextInt(200);
+ int endLine = RANDOM.nextInt(200);
+ int startOffset = RANDOM.nextInt(200);
+ int endOffset = RANDOM.nextInt(200);
+ return new Object[][] {
+ {startLine, endLine, startOffset, endOffset}
+ };
+ }
+
+ @Test
+ public void returns_textRange_missing_fields() {
+ ComponentDto project = dbTester.components().insertPublicProject();
+ userSessionRule.registerComponents(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, file, rule)
+ .setLocations(DbIssues.Locations.newBuilder()
+ .setTextRange(DbCommons.TextRange.newBuilder().build())
+ .build()));
+
+ Hotspots.ShowWsResponse response = newRequest(hotspot)
+ .executeProtobuf(Hotspots.ShowWsResponse.class);
+
+ assertThat(response.hasTextRange()).isTrue();
+ Common.TextRange textRange = response.getTextRange();
+ assertThat(textRange.hasStartLine()).isFalse();
+ assertThat(textRange.hasEndLine()).isFalse();
+ assertThat(textRange.hasStartOffset()).isFalse();
+ assertThat(textRange.hasEndOffset()).isFalse();
+ }
+
+ @Test
+ @UseDataProvider("allSQCategoryAndVulnerabilityProbability")
+ public void returns_securityCategory_and_vulnerabilityProbability_of_rule(Set<String> standards,
+ SQCategory expected) {
+ ComponentDto project = dbTester.components().insertPublicProject();
+ userSessionRule.registerComponents(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT, t -> t.setSecurityStandards(standards));
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, file, rule)
+ .setLocations(DbIssues.Locations.newBuilder()
+ .setTextRange(DbCommons.TextRange.newBuilder().build())
+ .build()));
+
+ Hotspots.ShowWsResponse response = newRequest(hotspot)
+ .executeProtobuf(Hotspots.ShowWsResponse.class);
+ Hotspots.Rule wsRule = response.getRule();
+ assertThat(wsRule.getSecurityCategory()).isEqualTo(expected.getKey());
+ assertThat(wsRule.getVulnerabilityProbability()).isEqualTo(expected.getVulnerability().name());
+ }
+
+ @DataProvider
+ public static Object[][] allSQCategoryAndVulnerabilityProbability() {
+ Stream<Object[]> allButOthers = SecurityStandards.CWES_BY_SQ_CATEGORY
+ .entrySet()
+ .stream()
+ .map(t -> new Object[] {
+ t.getValue().stream().map(s -> "cwe:" + s).collect(Collectors.toSet()),
+ t.getKey()
+ });
+ Stream<Object[]> others = Stream.of(
+ new Object[] {Collections.emptySet(), SQCategory.OTHERS},
+ new Object[] {ImmutableSet.of("foo", "bar", "acme"), SQCategory.OTHERS});
+ return Stream.concat(allButOthers, others)
+ .toArray(Object[][]::new);
+ }
+
+ @Test
+ public void returns_project_twice_when_hotspot_on_project() {
+ ComponentDto project = dbTester.components().insertPublicProject();
+ userSessionRule.registerComponents(project);
+ RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+ IssueDto hotspot = dbTester.issues().insertIssue(newHotspot(project, project, rule)
+ .setLocations(DbIssues.Locations.newBuilder()
+ .setTextRange(DbCommons.TextRange.newBuilder().build())
+ .build()));
+
+ Hotspots.ShowWsResponse response = newRequest(hotspot)
+ .executeProtobuf(Hotspots.ShowWsResponse.class);
+
+ verifyComponent(response.getProject(), project);
+ verifyComponent(response.getComponent(), project);
+ }
+
+ public void verifyRule(Hotspots.Rule wsRule, RuleDefinitionDto dto) {
+ assertThat(wsRule.getKey()).isEqualTo(dto.getKey().toString());
+ assertThat(wsRule.getName()).isEqualTo(dto.getName());
+ assertThat(wsRule.getSecurityCategory()).isEqualTo(SQCategory.OTHERS.getKey());
+ assertThat(wsRule.getVulnerabilityProbability()).isEqualTo(SQCategory.OTHERS.getVulnerability().name());
+ }
+
+ private static void verifyComponent(Hotspots.Component wsComponent, ComponentDto dto) {
+ assertThat(wsComponent.getKey()).isEqualTo(dto.getKey());
+ if (dto.path() == null) {
+ assertThat(wsComponent.hasPath()).isFalse();
+ } else {
+ assertThat(wsComponent.getPath()).isEqualTo(dto.path());
+ }
+ assertThat(wsComponent.getQualifier()).isEqualTo(dto.qualifier());
+ assertThat(wsComponent.getName()).isEqualTo(dto.name());
+ assertThat(wsComponent.getLongName()).isEqualTo(dto.longName());
+ }
+
+ private static IssueDto newHotspot(ComponentDto project, ComponentDto file, RuleDefinitionDto rule) {
+ return IssueTesting.newIssue(rule, project, file).setType(SECURITY_HOTSPOT);
+ }
+
+ private TestRequest newRequest(IssueDto hotspot) {
+ return actionTester.newRequest()
+ .setParam("hotspot", hotspot.getKey());
+ }
+
+ private RuleDefinitionDto newRule(RuleType ruleType) {
+ return newRule(ruleType, t -> {
+ });
+ }
+
+ private RuleDefinitionDto newRule(RuleType ruleType, Consumer<RuleDefinitionDto> populate) {
+ RuleDefinitionDto ruleDefinition = RuleTesting.newRule()
+ .setType(ruleType);
+ populate.accept(ruleDefinition);
+ dbTester.rules().insert(ruleDefinition);
+ return ruleDefinition;
+ }
+
+}
public void verify_count_of_added_components() {
ComponentContainer container = new ComponentContainer();
new IssueWsModule().configure(container);
- assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 28);
+ assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 29);
}
}
import org.sonar.db.issue.IssueDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.rule.RuleDefinitionDto;
+import org.sonar.server.issue.TextRangeResponseFormatter;
import org.sonar.server.es.EsTester;
import org.sonar.server.issue.AvatarResolverImpl;
import org.sonar.server.issue.IssueFieldsSetter;
private IssueWorkflow issueWorkflow = new IssueWorkflow(new FunctionExecutor(issueFieldsSetter), issueFieldsSetter);
private SearchResponseLoader searchResponseLoader = new SearchResponseLoader(userSession, dbClient, new TransitionService(userSession, issueWorkflow));
private Languages languages = new Languages();
- private SearchResponseFormat searchResponseFormat = new SearchResponseFormat(new Durations(), languages, new AvatarResolverImpl());
+ private SearchResponseFormat searchResponseFormat = new SearchResponseFormat(new Durations(), languages, new AvatarResolverImpl(), new TextRangeResponseFormatter());
private PermissionIndexerTester permissionIndexer = new PermissionIndexerTester(es, issueIndexer);
private WsActionTester ws = new WsActionTester(new SearchAction(userSession, issueIndex, issueQueryFactory, searchResponseLoader, searchResponseFormat,
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.rule.RuleDefinitionDto;
import org.sonar.db.user.UserDto;
+import org.sonar.server.issue.TextRangeResponseFormatter;
import org.sonar.server.es.EsTester;
import org.sonar.server.es.StartupIndexer;
import org.sonar.server.issue.AvatarResolverImpl;
private IssueQueryFactory issueQueryFactory = new IssueQueryFactory(db.getDbClient(), Clock.systemUTC(), userSession);
private SearchResponseLoader searchResponseLoader = new SearchResponseLoader(userSession, db.getDbClient(), new TransitionService(userSession, null));
private Languages languages = new Languages();
- private SearchResponseFormat searchResponseFormat = new SearchResponseFormat(new Durations(), languages, new AvatarResolverImpl());
+ private SearchResponseFormat searchResponseFormat = new SearchResponseFormat(new Durations(), languages, new AvatarResolverImpl(), new TextRangeResponseFormatter());
private WsActionTester ws = new WsActionTester(
new SearchAction(userSession, issueIndex, issueQueryFactory, searchResponseLoader, searchResponseFormat,
import org.sonar.db.rule.RuleDto;
import org.sonar.db.rule.RuleTesting;
import org.sonar.db.user.UserDto;
+import org.sonar.server.issue.TextRangeResponseFormatter;
import org.sonar.server.es.EsTester;
import org.sonar.server.es.SearchOptions;
import org.sonar.server.es.StartupIndexer;
private IssueWorkflow issueWorkflow = new IssueWorkflow(new FunctionExecutor(issueFieldsSetter), issueFieldsSetter);
private SearchResponseLoader searchResponseLoader = new SearchResponseLoader(userSession, dbClient, new TransitionService(userSession, issueWorkflow));
private Languages languages = new Languages();
- private SearchResponseFormat searchResponseFormat = new SearchResponseFormat(new Durations(), languages, new AvatarResolverImpl());
+ private SearchResponseFormat searchResponseFormat = new SearchResponseFormat(new Durations(), languages, new AvatarResolverImpl(), new TextRangeResponseFormatter());
private WsActionTester ws = new WsActionTester(new SearchAction(userSession, issueIndex, issueQueryFactory, searchResponseLoader, searchResponseFormat,
new MapSettings().asConfig(), System2.INSTANCE, dbClient));
private StartupIndexer permissionIndexer = new PermissionIndexer(dbClient, es.client(), issueIndexer);
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.rule.RuleDefinitionDto;
import org.sonar.db.user.UserDto;
+import org.sonar.server.issue.TextRangeResponseFormatter;
import org.sonar.server.es.EsTester;
import org.sonar.server.issue.AvatarResolverImpl;
import org.sonar.server.issue.IssueFieldsSetter;
private IssueWorkflow issueWorkflow = new IssueWorkflow(new FunctionExecutor(issueFieldsSetter), issueFieldsSetter);
private SearchResponseLoader searchResponseLoader = new SearchResponseLoader(userSession, dbClient, new TransitionService(userSession, issueWorkflow));
private Languages languages = new Languages();
- private SearchResponseFormat searchResponseFormat = new SearchResponseFormat(new Durations(), languages, new AvatarResolverImpl());
+ private SearchResponseFormat searchResponseFormat = new SearchResponseFormat(new Durations(), languages, new AvatarResolverImpl(), new TextRangeResponseFormatter());
private PermissionIndexerTester permissionIndexer = new PermissionIndexerTester(es, issueIndexer);
private SearchAction underTest = new SearchAction(userSession, issueIndex, issueQueryFactory, searchResponseLoader, searchResponseFormat,
optional sonarqube.ws.commons.Paging paging = 1;
repeated Hotspot hotspots = 2;
repeated Component components = 3;
+
+ message Hotspot {
+ optional string key = 1;
+ optional string component = 2;
+ optional string project = 3;
+ optional string securityCategory = 4;
+ optional string vulnerabilityProbability = 5;
+ optional string status = 6;
+ // FIXME resolution field will be added later
+ // optional string resolution = 7;
+ optional int32 line = 8;
+ optional string message = 9;
+ optional string assignee = 10;
+ optional string author = 11;
+ optional string creationDate = 12;
+ optional string updateDate = 13;
+ }
}
-message Hotspot {
+// Response of GET api/hotspots/show
+message ShowWsResponse {
optional string key = 1;
- optional string component = 2;
- optional string project = 3;
- optional string securityCategory = 4;
- optional string vulnerabilityProbability = 5;
- optional string status = 6;
+ optional Component component = 2;
+ optional Component project = 3;
+ optional Rule rule = 4;
+ optional string status = 5;
// FIXME resolution field will be added later
-// optional string resolution = 7;
- optional int32 line = 8;
- optional string message = 9;
- optional string assignee = 10;
- optional string author = 11;
- optional string creationDate = 12;
- optional string updateDate = 13;
+// optional string resolution = 6;
+ optional int32 line = 7;
+ optional string message = 8;
+ optional string assignee = 9;
+ // SCM login of the committer who introduced the issue
+ optional string author = 10;
+ optional string creationDate = 11;
+ optional string updateDate = 12;
+ optional sonarqube.ws.commons.TextRange textRange = 13;
}
message Component {
optional string longName = 5;
optional string path = 6;
}
+
+message Rule {
+ optional string key = 1;
+ optional string name = 2;
+ optional string securityCategory = 3;
+ optional string vulnerabilityProbability = 4;
+ optional string riskDescription = 5;
+ optional string vulnerabilityDescription = 6;
+ optional string fixRecommendations = 7;
+}
projects / sonarqube.git / commitdiff