SONAR-15681 - IT for Owasp Top 10 2021 support in sonar-plugin-api

author belen-pruvost-sonarsource <belen.pruvost@sonarsource.com>

Thu, 25 Nov 2021 10:14:00 +0000 (11:14 +0100)

committer sonartech <sonartech@sonarsource.com>

Thu, 25 Nov 2021 20:03:17 +0000 (20:03 +0000)
author belen-pruvost-sonarsource <belen.pruvost@sonarsource.com>
Thu, 25 Nov 2021 10:14:00 +0000 (11:14 +0100)
committer sonartech <sonartech@sonarsource.com>
Thu, 25 Nov 2021 20:03:17 +0000 (20:03 +0000)
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java

index 77f087f4b5fc65a29057533457c0c763a543a2d9..bba672d9e8fa684c25d8bdf0d2a67b0aa3c82720 100644 (file)
--- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
+++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java
@@ -31,6 +31,8 @@ import org.sonar.xoo.Xoo;
  import org.sonar.xoo.Xoo2;
  import org.sonar.xoo.checks.Check;
  
+import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.*;
+
  /**
   * Define all the coding rules that are supported on the repositories named "xoo" and "xoo2"
   */
@@ -200,13 +202,15 @@ public class XooRulesDefinition implements RulesDefinition {
      hotspot
        .setDebtRemediationFunction(hotspot.debtRemediationFunctions().constantPerIssue("2min"));
  
-    if (version != null && version.isGreaterThanOrEqual(Version.create(7, 3))) {
+    if (version != null && version.isGreaterThanOrEqual(Version.create(9, 3))) {
        hotspot
          .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)
+        .addOwaspTop10(Y2021, OwaspTop10.A3, OwaspTop10.A2)
          .addCwe(1, 89, 123, 863);
  
        oneVulnerabilityIssuePerModule
-        .addOwaspTop10(OwaspTop10.A9, OwaspTop10.A10)
+        .addOwaspTop10(Y2017, OwaspTop10.A9, OwaspTop10.A10)
+        .addOwaspTop10(Y2021, OwaspTop10.A6, OwaspTop10.A9)
          .addCwe(250, 564, 546, 943);
      }
  
diff --git a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java

index 2160c1bc0e53484ea45669a43e6b718a8da8c363..ce0101b1831317a063def9bfca31ae233a6f557b 100644 (file)
--- a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
+++ b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java
@@ -33,7 +33,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  
  public class XooRulesDefinitionTest {
  
-  private XooRulesDefinition def = new XooRulesDefinition(SonarRuntimeImpl.forSonarQube(Version.create(7, 3), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY));
+  private XooRulesDefinition def = new XooRulesDefinition(SonarRuntimeImpl.forSonarQube(Version.create(9, 3), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY));
  
    private RulesDefinition.Context context = new RulesDefinitionContext();
  
@@ -44,11 +44,7 @@ public class XooRulesDefinitionTest {
  
    @Test
    public void define_xoo_rules() {
-    RulesDefinition.Repository repo = context.repository("xoo");
-    assertThat(repo).isNotNull();
-    assertThat(repo.name()).isEqualTo("Xoo");
-    assertThat(repo.language()).isEqualTo("xoo");
-    assertThat(repo.rules()).hasSize(23);
+    RulesDefinition.Repository repo = getRepository();
  
      RulesDefinition.Rule rule = repo.rule(OneIssuePerLineSensor.RULE_KEY);
      assertThat(rule.name()).isNotEmpty();
@@ -60,17 +56,26 @@ public class XooRulesDefinitionTest {
  
    @Test
    public void define_xoo_hotspot_rule() {
-    RulesDefinition.Repository repo = context.repository("xoo");
-    assertThat(repo).isNotNull();
-    assertThat(repo.name()).isEqualTo("Xoo");
-    assertThat(repo.language()).isEqualTo("xoo");
-    assertThat(repo.rules()).hasSize(23);
+    RulesDefinition.Repository repo = getRepository();
  
      RulesDefinition.Rule rule = repo.rule(HotspotSensor.RULE_KEY);
      assertThat(rule.name()).isNotEmpty();
      assertThat(rule.securityStandards())
        .isNotEmpty()
-      .containsExactlyInAnyOrder("cwe:1", "cwe:89", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3");
+      .containsExactlyInAnyOrder("cwe:1", "cwe:89", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3",
+        "owaspTop10-2021:a3", "owaspTop10-2021:a2");
+  }
+
+  @Test
+  public void define_xoo_vulnerability_rule() {
+    RulesDefinition.Repository repo = getRepository();
+
+    RulesDefinition.Rule rule = repo.rule(OneVulnerabilityIssuePerModuleSensor.RULE_KEY);
+    assertThat(rule.name()).isNotEmpty();
+    assertThat(rule.securityStandards())
+      .isNotEmpty()
+      .containsExactlyInAnyOrder("cwe:250", "cwe:546", "cwe:564", "cwe:943", "owaspTop10-2021:a6", "owaspTop10-2021:a9",
+        "owaspTop10:a10", "owaspTop10:a9");
    }
  
    @Test
@@ -90,4 +95,13 @@ public class XooRulesDefinitionTest {
      assertThat(repo.language()).isEqualTo("xoo2");
      assertThat(repo.rules()).hasSize(2);
    }
+
+  private RulesDefinition.Repository getRepository() {
+    RulesDefinition.Repository repo = context.repository("xoo");
+    assertThat(repo).isNotNull();
+    assertThat(repo.name()).isEqualTo("Xoo");
+    assertThat(repo.language()).isEqualTo("xoo");
+    assertThat(repo.rules()).hasSize(23);
+    return repo;
+  }
  }
diff --git a/server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java b/server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java

index cbcaf854a7c494b205645072d77b735078c19d53..81650e27ca56de2618a0a826b9847cc5717baae0 100644 (file)
--- a/server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java
+++ b/server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java
@@ -83,8 +83,11 @@ import static org.sonar.api.rule.RuleStatus.READY;
  import static org.sonar.api.rule.RuleStatus.REMOVED;
  import static org.sonar.api.rule.Severity.BLOCKER;
  import static org.sonar.api.rule.Severity.INFO;
+import static org.sonar.api.server.rule.RulesDefinition.Context;
  import static org.sonar.api.server.rule.RulesDefinition.NewRepository;
  import static org.sonar.api.server.rule.RulesDefinition.NewRule;
+import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10;
+import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.Y2021;
  
  @RunWith(DataProviderRunner.class)
  public class RegisterRulesTest {
@@ -160,7 +163,7 @@ public class RegisterRulesTest {
      assertThat(hotspotRule.getCreatedAt()).isEqualTo(DATE1.getTime());
      assertThat(hotspotRule.getUpdatedAt()).isEqualTo(DATE1.getTime());
      assertThat(hotspotRule.getType()).isEqualTo(RuleType.SECURITY_HOTSPOT.getDbConstant());
-    assertThat(hotspotRule.getSecurityStandards()).containsExactly("cwe:1", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3");
+    assertThat(hotspotRule.getSecurityStandards()).containsExactly("cwe:1", "cwe:123", "cwe:863", "owaspTop10-2021:a1", "owaspTop10-2021:a3");
  
      List<RuleParamDto> params = dbClient.ruleDao().selectRuleParamsByRuleKey(db.getSession(), RULE_KEY1);
      assertThat(params).hasSize(2);
@@ -208,7 +211,7 @@ public class RegisterRulesTest {
      assertThat(hotspotRule.getCreatedAt()).isEqualTo(DATE1.getTime());
      assertThat(hotspotRule.getUpdatedAt()).isEqualTo(DATE1.getTime());
      assertThat(hotspotRule.getType()).isEqualTo(RuleType.SECURITY_HOTSPOT.getDbConstant());
-    assertThat(hotspotRule.getSecurityStandards()).containsExactly("cwe:1", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3");
+    assertThat(hotspotRule.getSecurityStandards()).containsExactly("cwe:1", "cwe:123", "cwe:863", "owaspTop10-2021:a1", "owaspTop10-2021:a3");
    }
  
    @Test
@@ -401,26 +404,26 @@ public class RegisterRulesTest {
        repo.createRule("rule1")
          .setName("Rule One")
          .setHtmlDescription("Description of Rule One")
-        .addOwaspTop10(RulesDefinition.OwaspTop10.A1)
+        .addOwaspTop10(Y2021, OwaspTop10.A1)
          .addCwe(123);
        repo.done();
      });
  
      RuleDto rule = dbClient.ruleDao().selectOrFailByKey(db.getSession(), RULE_KEY1);
-    assertThat(rule.getSecurityStandards()).containsOnly("cwe:123", "owaspTop10:a1");
+    assertThat(rule.getSecurityStandards()).containsOnly("cwe:123", "owaspTop10-2021:a1");
  
      execute(context -> {
        NewRepository repo = context.createRepository("fake", "java");
        repo.createRule("rule1")
          .setName("Rule One")
          .setHtmlDescription("Description of Rule One")
-        .addOwaspTop10(RulesDefinition.OwaspTop10.A1, RulesDefinition.OwaspTop10.A3)
+        .addOwaspTop10(Y2021, OwaspTop10.A1, OwaspTop10.A3)
          .addCwe(1, 123, 863);
        repo.done();
      });
  
      rule = dbClient.ruleDao().selectOrFailByKey(db.getSession(), RULE_KEY1);
-    assertThat(rule.getSecurityStandards()).containsOnly("cwe:1", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3");
+    assertThat(rule.getSecurityStandards()).containsOnly("cwe:1", "cwe:123", "cwe:863", "owaspTop10-2021:a1", "owaspTop10-2021:a3");
    }
  
    @Test
@@ -615,7 +618,7 @@ public class RegisterRulesTest {
  
    @DataProvider
    public static Object[][] allRenamingCases() {
-    return new Object[][] {
+    return new Object[][]{
        {"repo1", "rule1", "repo1", "rule2"},
        {"repo1", "rule1", "repo2", "rule1"},
        {"repo1", "rule1", "repo2", "rule2"},
@@ -1000,7 +1003,7 @@ public class RegisterRulesTest {
    }
  
    @SafeVarargs
-  private void createRule(RulesDefinition.Context context, String language, String repositoryKey, String ruleKey, Consumer<NewRule>... consumers) {
+  private void createRule(Context context, String language, String repositoryKey, String ruleKey, Consumer<NewRule>... consumers) {
      NewRepository repo = context.createRepository(repositoryKey, language);
      NewRule newRule = repo.createRule(ruleKey)
        .setName(ruleKey)
@@ -1055,7 +1058,7 @@ public class RegisterRulesTest {
          .setName("Hotspot")
          .setHtmlDescription("Minimal hotspot")
          .setType(RuleType.SECURITY_HOTSPOT)
-        .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)
+        .addOwaspTop10(Y2021, OwaspTop10.A1, OwaspTop10.A3)
          .addCwe(1, 123, 863);
  
        repo.createRule(RULE_KEY2.rule())
@@ -1115,7 +1118,7 @@ public class RegisterRulesTest {
          .setName("Hotspot")
          .setHtmlDescription("Minimal hotspot")
          .setType(RuleType.SECURITY_HOTSPOT)
-        .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)
+        .addOwaspTop10(Y2021, OwaspTop10.A1, OwaspTop10.A3)
          .addCwe(1, 123, 863);
  
        repo.done();
author	belen-pruvost-sonarsource <belen.pruvost@sonarsource.com>
	Thu, 25 Nov 2021 10:14:00 +0000 (11:14 +0100)
committer	sonartech <sonartech@sonarsource.com>
	Thu, 25 Nov 2021 20:03:17 +0000 (20:03 +0000)
plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java		patch \| blob \| history
plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java		patch \| blob \| history
server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java		patch \| blob \| history