From: Julien Lancelot Date: Tue, 25 Jun 2019 12:31:34 +0000 (+0200) Subject: SONAR-12233 Prevent using Security Review Rating in quality gates X-Git-Tag: 8.0~459 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=acdce05683ff1d5904258cf16a88aef306290e13;p=sonarqube.git SONAR-12233 Prevent using Security Review Rating in quality gates --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGateConditionsUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGateConditionsUpdater.java index be80c7906d4..e4fd0b477c0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGateConditionsUpdater.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGateConditionsUpdater.java @@ -27,9 +27,9 @@ import java.util.EnumSet; import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Set; import java.util.stream.Collectors; import javax.annotation.Nullable; -import org.sonar.api.measures.CoreMetrics; import org.sonar.api.measures.Metric.ValueType; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -44,9 +44,10 @@ import static java.lang.Double.parseDouble; import static java.lang.Integer.parseInt; import static java.lang.Long.parseLong; import static java.lang.String.format; -import static java.lang.String.valueOf; import static java.util.Arrays.stream; import static java.util.Objects.requireNonNull; +import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY; +import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING_KEY; import static org.sonar.api.measures.Metric.DIRECTION_BETTER; import static org.sonar.api.measures.Metric.DIRECTION_NONE; import static org.sonar.api.measures.Metric.DIRECTION_WORST; @@ -72,11 +73,12 @@ public class QualityGateConditionsUpdater { ValueType.MILLISEC, ValueType.LEVEL, ValueType.RATING, - ValueType.WORK_DUR - ); + ValueType.WORK_DUR); private static final List RATING_VALID_INT_VALUES = stream(Rating.values()).map(r -> Integer.toString(r.getIndex())).collect(Collectors.toList()); + private static final Set INVALID_METRIC_KEYS = ImmutableSet.of(ALERT_STATUS_KEY, SECURITY_REVIEW_RATING_KEY); + private final DbClient dbClient; public QualityGateConditionsUpdater(DbClient dbClient) { @@ -133,21 +135,20 @@ public class QualityGateConditionsUpdater { } private static void validateMetric(MetricDto metric, List errors) { - check(isAlertable(metric), errors, "Metric '%s' cannot be used to define a condition.", metric.getKey()); + check(isValid(metric), errors, "Metric '%s' cannot be used to define a condition.", metric.getKey()); } - private static boolean isAlertable(MetricDto metric) { + private static boolean isValid(MetricDto metric) { return !metric.isHidden() && VALID_METRIC_TYPES.contains(ValueType.valueOf(metric.getValueType())) - && !CoreMetrics.ALERT_STATUS_KEY.equals(metric.getKey()); + && !INVALID_METRIC_KEYS.contains(metric.getKey()); } private static void checkOperator(MetricDto metric, String operator, List errors) { check( Condition.Operator.isValid(operator) && isAllowedOperator(operator, metric), errors, - "Operator %s is not allowed for this metric.", operator - ); + "Operator %s is not allowed for this metric.", operator); } private static void checkErrorThreshold(MetricDto metric, String errorThreshold, List errors) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGateConditionsUpdaterTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGateConditionsUpdaterTest.java index d9c67647ab1..a3da151ae34 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGateConditionsUpdaterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGateConditionsUpdaterTest.java @@ -36,9 +36,9 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.NotFoundException; import static java.lang.String.format; -import static java.lang.String.valueOf; import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat; import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY; +import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING_KEY; import static org.sonar.api.measures.CoreMetrics.SQALE_RATING_KEY; import static org.sonar.api.measures.Metric.ValueType.BOOL; import static org.sonar.api.measures.Metric.ValueType.DATA; @@ -162,7 +162,7 @@ public class QualityGateConditionsUpdaterTest { } @Test - public void fail_to_create_condition_on_greater_than_E() { + public void fail_to_create_condition_on_rating_greater_than_E() { MetricDto metric = insertMetric(RATING, SQALE_RATING_KEY); QualityGateDto qualityGate = db.qualityGates().insertQualityGate(db.getDefaultOrganization()); @@ -316,6 +316,7 @@ public class QualityGateConditionsUpdaterTest { public static Object[][] invalid_metrics() { return new Object[][] { {ALERT_STATUS_KEY, INT, false}, + {SECURITY_REVIEW_RATING_KEY, RATING, false}, {"boolean", BOOL, false}, {"string", STRING, false}, {"data_metric", DATA, false}, @@ -385,8 +386,7 @@ public class QualityGateConditionsUpdaterTest { .setKey(key) .setValueType(type.name()) .setHidden(false) - .setDirection(0) - ); + .setDirection(0)); } private void verifyCondition(QualityGateConditionDto dto, QualityGateDto qualityGate, MetricDto metric, String operator, String error) {