From 22d454fb965c58c3e175f61611b443c8c1e49c00 Mon Sep 17 00:00:00 2001 From: Teryk Bellahsene Date: Thu, 22 Jun 2017 11:41:54 +0200 Subject: [PATCH] SONAR-9448 Sanitize api/qualityprofiles/create --- .../qualityprofile/ws/CreateAction.java | 15 ++-- ...xample-create.json => create-example.json} | 0 .../qualityprofile/ws/CreateActionTest.java | 70 +++++++++++-------- 3 files changed, 49 insertions(+), 36 deletions(-) rename server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/{example-create.json => create-example.json} (100%) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java index 7f9884ce30d..8dc6bf90b30 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java @@ -41,6 +41,7 @@ import org.sonarqube.ws.QualityProfiles.CreateWsResponse; import org.sonarqube.ws.client.qualityprofile.CreateRequest; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; +import static org.sonar.server.qualityprofile.ws.QProfileWsSupport.createOrganizationParam; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_CREATE; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_LANGUAGE; @@ -49,7 +50,6 @@ import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters. public class CreateAction implements QProfileWsAction { - private static final String DEPRECATED_PARAM_PROFILE_NAME = "name"; private static final String PARAM_BACKUP_FORMAT = "backup_%s"; private final DbClient dbClient; @@ -82,20 +82,19 @@ public class CreateAction implements QProfileWsAction { public void define(WebService.NewController controller) { NewAction create = controller.createAction(ACTION_CREATE) .setSince("5.2") - .setDescription("Create a quality profile.
" + - "Require Administer Quality Profiles permission.") + .setDescription("Create a quality profile.
" + + "Requires to be logged in and the 'Administer Quality Profiles' permission.") .setPost(true) - .setResponseExample(getClass().getResource("example-create.json")) + .setResponseExample(getClass().getResource("create-example.json")) .setHandler(this); - QProfileWsSupport - .createOrganizationParam(create) + createOrganizationParam(create) .setSince("6.4"); create.createParam(PARAM_PROFILE_NAME) - .setDescription("The name for the new quality profile. Since 6.1, this parameter has been renamed from '%s' to '%s'", DEPRECATED_PARAM_PROFILE_NAME, PARAM_PROFILE_NAME) + .setDescription("Name for the new quality profile") .setExampleValue("My Sonar way") - .setDeprecatedKey(DEPRECATED_PARAM_PROFILE_NAME, "6.3") + .setDeprecatedKey("name", "6.1") .setRequired(true); create.createParam(PARAM_LANGUAGE) diff --git a/server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/example-create.json b/server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/create-example.json similarity index 100% rename from server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/example-create.json rename to server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/create-example.json diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java index bb59a6dcf81..17fdd6b12da 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java @@ -31,6 +31,8 @@ import org.sonar.api.config.MapSettings; import org.sonar.api.profiles.ProfileImporter; import org.sonar.api.profiles.RulesProfile; import org.sonar.api.rules.RulePriority; +import org.sonar.api.server.ws.WebService; +import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.System2; import org.sonar.api.utils.ValidationMessages; import org.sonar.core.util.UuidFactoryFast; @@ -77,37 +79,49 @@ public class CreateActionTest { .setSeverity("MINOR") .setLanguage(XOO_LANGUAGE) .getDefinition(); - private System2 system2 = System2.INSTANCE; @Rule public ExpectedException expectedException = ExpectedException.none(); @Rule - public DbTester dbTester = DbTester.create(system2); + public DbTester db = DbTester.create(); @Rule - public EsTester esTester = new EsTester(new RuleIndexDefinition(new MapSettings())); + public EsTester es = new EsTester(new RuleIndexDefinition(new MapSettings())); @Rule public UserSessionRule userSession = UserSessionRule.standalone(); - private DbClient dbClient = dbTester.getDbClient(); - private DbSession dbSession = dbTester.getSession(); - private RuleIndex ruleIndex = new RuleIndex(esTester.client()); - private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(dbTester); - private RuleIndexer ruleIndexer = new RuleIndexer(esTester.client(), dbClient); - private ActiveRuleIndexer activeRuleIndexer = new ActiveRuleIndexer(dbClient, esTester.client(), new ActiveRuleIteratorFactory(dbClient)); + private DbClient dbClient = db.getDbClient(); + private DbSession dbSession = db.getSession(); + private RuleIndex ruleIndex = new RuleIndex(es.client()); + private RuleIndexer ruleIndexer = new RuleIndexer(es.client(), dbClient); + private ActiveRuleIndexer activeRuleIndexer = new ActiveRuleIndexer(dbClient, es.client(), new ActiveRuleIteratorFactory(dbClient)); private ProfileImporter[] profileImporters = createImporters(); private QProfileExporters qProfileExporters = new QProfileExporters(dbClient, null, new RuleActivator(mock(System2.class), dbClient, ruleIndex, new RuleActivatorContextFactory(dbClient), null, activeRuleIndexer, userSession), profileImporters); - private OrganizationDto organization; + private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); + + private CreateAction underTest = new CreateAction(dbClient, new QProfileFactoryImpl(dbClient, UuidFactoryFast.getInstance(), System2.INSTANCE, activeRuleIndexer), + qProfileExporters, newLanguages(XOO_LANGUAGE), new QProfileWsSupport(dbClient, userSession, defaultOrganizationProvider), userSession, activeRuleIndexer, profileImporters); - private CreateAction underTest = new CreateAction(dbClient, new QProfileFactoryImpl(dbClient, UuidFactoryFast.getInstance(), system2, activeRuleIndexer), qProfileExporters, - newLanguages(XOO_LANGUAGE), new QProfileWsSupport(dbClient, userSession, defaultOrganizationProvider), - userSession, activeRuleIndexer, profileImporters); - private WsActionTester wsTester = new WsActionTester(underTest); + private WsActionTester ws = new WsActionTester(underTest); + + private OrganizationDto organization; @Before - public void before() { - organization = dbTester.organizations().insert(); + public void setUp() { + organization = db.organizations().insert(); + } + + @Test + public void definition() { + WebService.Action definition = ws.getDef(); + + assertThat(definition.responseExampleAsString()).isNotEmpty(); + assertThat(definition.params()).extracting(Param::key) + .containsExactlyInAnyOrder("language", "organization", "profileName", "backup_with_messages", "backup_with_errors", "backup_xoo_lint"); + Param profileName = definition.param("profileName"); + assertThat(profileName.deprecatedKey()).isEqualTo("name"); + assertThat(profileName.deprecatedKeySince()).isEqualTo("6.1"); } @Test @@ -161,7 +175,7 @@ public class CreateActionTest { String orgKey = organization.getKey(); - TestRequest request = wsTester.newRequest() + TestRequest request = ws.newRequest() .setParam("organization", orgKey) .setParam("name", "Profile with messages") .setParam("language", XOO_LANGUAGE) @@ -177,18 +191,18 @@ public class CreateActionTest { // this name will be used twice String profileName = "Profile123"; - OrganizationDto organization1 = dbTester.organizations().insert(); + OrganizationDto organization1 = db.organizations().insert(); logInAsQProfileAdministrator(organization1); - TestRequest request1 = wsTester.newRequest() + TestRequest request1 = ws.newRequest() .setParam("organization", organization1.getKey()) .setParam("name", profileName) .setParam("language", XOO_LANGUAGE); assertThat(executeRequest(request1).getProfile().getOrganization()) .isEqualTo(organization1.getKey()); - OrganizationDto organization2 = dbTester.organizations().insert(); + OrganizationDto organization2 = db.organizations().insert(); logInAsQProfileAdministrator(organization2); - TestRequest request2 = wsTester.newRequest() + TestRequest request2 = ws.newRequest() .setParam("organization", organization2.getKey()) .setParam("name", profileName) .setParam("language", XOO_LANGUAGE); @@ -198,15 +212,15 @@ public class CreateActionTest { @Test public void fail_if_unsufficient_privileges() { - OrganizationDto organizationX = dbTester.organizations().insert(); - OrganizationDto organizationY = dbTester.organizations().insert(); + OrganizationDto organizationX = db.organizations().insert(); + OrganizationDto organizationY = db.organizations().insert(); logInAsQProfileAdministrator(organizationX); expectedException.expect(ForbiddenException.class); expectedException.expectMessage("Insufficient privileges"); - executeRequest(wsTester.newRequest() + executeRequest(ws.newRequest() .setParam("organization", organizationY.getKey()) .setParam("name", "some Name") .setParam("language", XOO_LANGUAGE)); @@ -222,9 +236,9 @@ public class CreateActionTest { @Test public void test_json() throws Exception { - logInAsQProfileAdministrator(dbTester.getDefaultOrganization()); + logInAsQProfileAdministrator(db.getDefaultOrganization()); - TestResponse response = wsTester.newRequest() + TestResponse response = ws.newRequest() .setMethod("POST") .setMediaType(MediaTypes.JSON) .setParam("language", XOO_LANGUAGE) @@ -246,7 +260,7 @@ public class CreateActionTest { } private CreateWsResponse executeRequest(String name, String language, Map xmls) { - TestRequest request = wsTester.newRequest() + TestRequest request = ws.newRequest() .setParam("organization", organization.getKey()) .setParam("name", name) .setParam("language", language); @@ -310,7 +324,7 @@ public class CreateActionTest { } private void logInAsQProfileAdministrator() { - logInAsQProfileAdministrator(this.organization); + logInAsQProfileAdministrator(organization); } private void logInAsQProfileAdministrator(OrganizationDto organization) { -- 2.39.5