From 26c24dcb4b2aca5d7d12750208318ecddc639d64 Mon Sep 17 00:00:00 2001 From: Teryk Bellahsene Date: Thu, 22 Jun 2017 09:22:37 +0200 Subject: [PATCH] SONAR-9448 Sanitize api/qualityprofiles/change_parent --- .../qualityprofile/ws/ChangeParentAction.java | 26 ++-- .../ws/ChangeParentActionTest.java | 117 +++++++++--------- .../QualityProfileWsParameters.java | 2 +- .../QualityProfilesService.java | 6 +- 4 files changed, 77 insertions(+), 74 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java index c5fa3ca4bfa..6ab45451fbb 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java @@ -24,7 +24,6 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; -import org.sonar.core.util.Uuids; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; @@ -33,12 +32,13 @@ import org.sonar.server.qualityprofile.RuleActivator; import org.sonar.server.user.UserSession; import static org.apache.commons.lang.StringUtils.isEmpty; +import static org.sonar.core.util.Uuids.UUID_EXAMPLE_02; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_LANGUAGE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PARENT_PROFILE; public class ChangeParentAction implements QProfileWsAction { - private static final String PARAM_PARENT_KEY = "parentKey"; private static final String PARAM_PARENT_NAME = "parentName"; private DbClient dbClient; @@ -61,22 +61,25 @@ public class ChangeParentAction implements QProfileWsAction { NewAction inheritance = context.createAction("change_parent") .setSince("5.2") .setPost(true) - .setDescription("Change a quality profile's parent.") + .setDescription("Change a quality profile's parent.
" + + "Requires to be logged in and the 'Administer Quality Profiles' permission.") .setHandler(this); QProfileWsSupport.createOrganizationParam(inheritance) .setSince("6.4"); QProfileReference.defineParams(inheritance, languages); - inheritance.createParam(PARAM_PARENT_KEY) - .setDescription("The key of the new parent profile. If this parameter is set, parentName must not be set. " + - "If both are left empty, the inheritance link with current parent profile (if any) is broken, which deactivates all rules " + - "which come from the parent and are not overridden. Require Administer Quality Profiles permission.") - .setExampleValue(Uuids.UUID_EXAMPLE_02); + inheritance.createParam(PARAM_PARENT_PROFILE) + .setDescription("New parent profile key.
" + + "If no profile is provided, the inheritance link with current parent profile (if any) is broken, which deactivates all rules " + + "which come from the parent and are not overridden.") + .setDeprecatedKey("parentKey", "6.5") + .setExampleValue(UUID_EXAMPLE_02); + inheritance.createParam(PARAM_PARENT_NAME) - .setDescription("A quality profile name. If this parameter is set, profileKey must not be set and language must be set to disambiguate.") + .setDescription("Quality profile name. If this parameter is set, '%s' must not be set and '%s' must be set to disambiguate.", PARAM_PARENT_PROFILE, PARAM_LANGUAGE) + .setDeprecatedSince("6.5") .setExampleValue("Sonar way"); - } @Override @@ -92,7 +95,7 @@ public class ChangeParentAction implements QProfileWsAction { userSession.checkPermission(ADMINISTER_QUALITY_PROFILES, organization); wsSupport.checkNotBuiltInt(profile); - String parentKey = request.param(PARAM_PARENT_KEY); + String parentKey = request.param(PARAM_PARENT_PROFILE); String parentName = request.param(PARAM_PARENT_NAME); if (isEmpty(parentKey) && isEmpty(parentName)) { ruleActivator.setParent(dbSession, profile, null); @@ -103,6 +106,7 @@ public class ChangeParentAction implements QProfileWsAction { QProfileDto parent = wsSupport.getProfile(dbSession, parentRef); ruleActivator.setParent(dbSession, profile, parent); } + response.noContent(); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java index 43681e40dcb..5de88bfbdd7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java @@ -64,8 +64,6 @@ import org.sonar.server.tester.UserSessionRule; import org.sonar.server.util.TypeValidations; import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; -import org.sonar.server.ws.WsTester; -import org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters; import static java.util.Collections.emptySet; import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric; @@ -73,7 +71,9 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonarqube.ws.client.component.ComponentsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_LANGUAGE; -import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_KEY; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PARENT_NAME; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PARENT_PROFILE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_NAME; public class ChangeParentActionTest { @@ -92,12 +92,11 @@ public class ChangeParentActionTest { private RuleIndex ruleIndex; private RuleIndexer ruleIndexer; private ActiveRuleIndexer activeRuleIndexer; - private WsActionTester wsActionTester; + private WsActionTester ws; private OrganizationDto organization; private RuleActivator ruleActivator; private Language language = LanguageTesting.newLanguage(randomAlphanumeric(20)); private String ruleRepository = randomAlphanumeric(5); - private ChangeParentAction underTest; @Before public void setUp() { @@ -105,22 +104,13 @@ public class ChangeParentActionTest { dbSession = dbTester.getSession(); EsClient esClient = esTester.client(); ruleIndex = new RuleIndex(esClient); - ruleIndexer = new RuleIndexer( - esClient, - dbClient); - activeRuleIndexer = new ActiveRuleIndexer( - dbClient, esClient, new ActiveRuleIteratorFactory(dbClient)); + ruleIndexer = new RuleIndexer(esClient, dbClient); + activeRuleIndexer = new ActiveRuleIndexer(dbClient, esClient, new ActiveRuleIteratorFactory(dbClient)); RuleActivatorContextFactory ruleActivatorContextFactory = new RuleActivatorContextFactory(dbClient); TypeValidations typeValidations = new TypeValidations(Collections.emptyList()); - ruleActivator = new RuleActivator( - System2.INSTANCE, - dbClient, - ruleIndex, - ruleActivatorContextFactory, - typeValidations, - activeRuleIndexer, - userSessionRule); - underTest = new ChangeParentAction( + ruleActivator = new RuleActivator(System2.INSTANCE, dbClient, ruleIndex, ruleActivatorContextFactory, typeValidations, activeRuleIndexer, userSessionRule); + + ChangeParentAction underTest = new ChangeParentAction( dbClient, new RuleActivator( System2.INSTANCE, @@ -136,20 +126,29 @@ public class ChangeParentActionTest { userSessionRule, TestDefaultOrganizationProvider.from(dbTester)), userSessionRule); - wsActionTester = new WsActionTester(underTest); + + ws = new WsActionTester(underTest); organization = dbTester.organizations().insert(); userSessionRule.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, organization.getUuid()); } @Test - public void define_change_parent_action() { - WebService.Action changeParent = new WsTester(new QProfilesWs(underTest)) - .action(QualityProfileWsParameters.CONTROLLER_QUALITY_PROFILES, "change_parent"); - assertThat(changeParent).isNotNull(); - assertThat(changeParent.isPost()).isTrue(); - assertThat(changeParent.params()).extracting("key").containsExactlyInAnyOrder( - "organization", "profile", "profileName", "language", "parentKey", "parentName"); - assertThat(changeParent.param("organization").since()).isEqualTo("6.4"); + public void definition() { + WebService.Action definition = ws.getDef(); + assertThat(definition.isPost()).isTrue(); + assertThat(definition.params()).extracting("key").containsExactlyInAnyOrder( + "organization", "profile", "profileName", "language", "parentProfile", "parentName"); + assertThat(definition.param("organization").since()).isEqualTo("6.4"); + WebService.Param profile = definition.param("profile"); + assertThat(profile.deprecatedKey()).isEqualTo("profileKey"); + WebService.Param parentProfile = definition.param("parentProfile"); + assertThat(parentProfile.deprecatedKey()).isEqualTo("parentKey"); + WebService.Param profileName = definition.param("profileName"); + assertThat(profileName.deprecatedSince()).isEqualTo("6.5"); + WebService.Param language = definition.param("language"); + assertThat(language.deprecatedSince()).isEqualTo("6.5"); + WebService.Param parentName = definition.param("parentName"); + assertThat(parentName.deprecatedSince()).isEqualTo("6.5"); } @Test @@ -165,10 +164,10 @@ public class ChangeParentActionTest { assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, child.getKee())).isEmpty(); // Set parent - wsActionTester.newRequest() + ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()) - .setParam("parentKey", parent1.getKee()) + .setParam(PARAM_PROFILE, child.getKee()) + .setParam(PARAM_PARENT_PROFILE, parent1.getKee()) .execute(); // Check rule 1 enabled @@ -196,10 +195,10 @@ public class ChangeParentActionTest { ruleActivator.setParent(dbSession, child, parent1); // Set parent 2 through WS - wsActionTester.newRequest() + ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()) - .setParam("parentKey", parent2.getKee()) + .setParam(PARAM_PROFILE, child.getKee()) + .setParam(PARAM_PARENT_PROFILE, parent2.getKee()) .execute(); // Check rule 2 enabled @@ -224,9 +223,9 @@ public class ChangeParentActionTest { ruleActivator.setParent(dbSession, child, parent); // Remove parent through WS - wsActionTester.newRequest() + ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()) + .setParam(PARAM_PROFILE, child.getKee()) .execute(); // Check no rule enabled @@ -254,12 +253,12 @@ public class ChangeParentActionTest { System.out.println("org key: " + organization.getKey()); // 1. Set parent 1 - wsActionTester.newRequest() + ws.newRequest() .setMethod("POST") .setParam(PARAM_LANGUAGE, child.getLanguage()) .setParam(PARAM_PROFILE_NAME, child.getName()) .setParam(PARAM_ORGANIZATION, organization.getKey()) - .setParam("parentName", parent1.getName()) + .setParam(PARAM_PARENT_NAME, parent1.getName()) .execute(); // 1. check rule 1 enabled @@ -269,12 +268,12 @@ public class ChangeParentActionTest { assertThat(ruleIndex.search(new RuleQuery().setActivation(true).setQProfile(child), new SearchOptions()).getIds()).hasSize(1); // 2. Set parent 2 - wsActionTester.newRequest() + ws.newRequest() .setMethod("POST") .setParam(PARAM_LANGUAGE, child.getLanguage()) .setParam(PARAM_PROFILE_NAME, child.getName()) .setParam(PARAM_ORGANIZATION, organization.getKey()) - .setParam("parentName", parent2.getName()) + .setParam(PARAM_PARENT_NAME, parent2.getName()) .execute(); // 2. check rule 2 enabled @@ -283,12 +282,12 @@ public class ChangeParentActionTest { assertThat(activeRules2.get(0).getKey().getRuleKey().rule()).isEqualTo(rule2.getRuleKey()); // 3. Remove parent - wsActionTester.newRequest() + ws.newRequest() .setMethod("POST") .setParam(PARAM_LANGUAGE, child.getLanguage()) .setParam(PARAM_PROFILE_NAME, child.getName()) .setParam(PARAM_ORGANIZATION, organization.getKey()) - .setParam("parentName", "") + .setParam(PARAM_PARENT_NAME, "") .execute(); // 3. check no rule enabled @@ -313,10 +312,10 @@ public class ChangeParentActionTest { ruleActivator.setParent(dbSession, child, parent); // Remove parent - wsActionTester.newRequest() + ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()) - .setParam("parentKey", "") + .setParam(PARAM_PROFILE, child.getKee()) + .setParam(PARAM_PARENT_PROFILE, "") .execute(); // Check no rule enabled @@ -333,10 +332,10 @@ public class ChangeParentActionTest { assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, child.getKee())).isEmpty(); assertThat(ruleIndex.search(new RuleQuery().setActivation(true).setQProfile(child), new SearchOptions()).getIds()).isEmpty(); - TestRequest request = wsActionTester.newRequest() + TestRequest request = ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()) - .setParam("parentKey", "palap"); + .setParam(PARAM_PROFILE, child.getKee()) + .setParam(PARAM_PARENT_PROFILE, "palap"); thrown.expect(BadRequestException.class); @@ -350,11 +349,11 @@ public class ChangeParentActionTest { assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, child.getKee())).isEmpty(); assertThat(ruleIndex.search(new RuleQuery().setActivation(true).setQProfile(child), new SearchOptions()).getIds()).isEmpty(); - TestRequest request = wsActionTester.newRequest() + TestRequest request = ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()) - .setParam("parentName", "polop") - .setParam("parentKey", "palap"); + .setParam(PARAM_PROFILE, child.getKee()) + .setParam(PARAM_PARENT_NAME, "polop") + .setParam(PARAM_PARENT_PROFILE, "palap"); thrown.expect(IllegalArgumentException.class); request .execute(); @@ -367,12 +366,12 @@ public class ChangeParentActionTest { assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, child.getKee())).isEmpty(); assertThat(ruleIndex.search(new RuleQuery().setActivation(true).setQProfile(child), new SearchOptions()).getIds()).isEmpty(); - TestRequest request = wsActionTester.newRequest() + TestRequest request = ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()) + .setParam(PARAM_PROFILE, child.getKee()) .setParam(PARAM_PROFILE_NAME, child.getName()) .setParam(PARAM_ORGANIZATION, organization.getKey()) - .setParam("parentKey", "palap"); + .setParam(PARAM_PARENT_PROFILE, "palap"); thrown.expect(IllegalArgumentException.class); request.execute(); @@ -384,9 +383,9 @@ public class ChangeParentActionTest { QProfileDto child = createProfile(); - TestRequest request = wsActionTester.newRequest() + TestRequest request = ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()); + .setParam(PARAM_PROFILE, child.getKee()); thrown.expect(ForbiddenException.class); thrown.expectMessage("Insufficient privileges"); @@ -400,9 +399,9 @@ public class ChangeParentActionTest { QProfileDto child = createProfile(); - TestRequest request = wsActionTester.newRequest() + TestRequest request = ws.newRequest() .setMethod("POST") - .setParam(PARAM_PROFILE_KEY, child.getKee()); + .setParam(PARAM_PROFILE, child.getKee()); thrown.expect(ForbiddenException.class); thrown.expectMessage("Insufficient privileges"); diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java index 279045bd171..43850f02c2b 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java @@ -46,8 +46,8 @@ public class QualityProfileWsParameters { public static final String PARAM_ORGANIZATION = "organization"; public static final String PARAM_LANGUAGE = "language"; public static final String PARAM_PARAMS = "params"; - public static final String PARAM_PARENT_KEY = "parentKey"; public static final String PARAM_PARENT_NAME = "parentName"; + public static final String PARAM_PARENT_PROFILE = "parentProfile"; public static final String PARAM_PROFILE = "profile"; public static final String PARAM_PROFILE_KEY = "profileKey"; public static final String PARAM_PROFILE_NAME = "profileName"; diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfilesService.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfilesService.java index 1c958ccfce9..46e327963ee 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfilesService.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfilesService.java @@ -45,8 +45,8 @@ import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters. import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_LANGUAGE; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PARAMS; -import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PARENT_KEY; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PARENT_NAME; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PARENT_PROFILE; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_KEY; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_NAME; @@ -138,9 +138,9 @@ public class QualityProfilesService extends BaseService { public void changeParent(ChangeParentRequest request) { call(new PostRequest(path(ACTION_CHANGE_PARENT)) .setParam(PARAM_LANGUAGE, request.getLanguage()) - .setParam(PARAM_PARENT_KEY, request.getParentKey()) + .setParam(PARAM_PARENT_PROFILE, request.getParentKey()) .setParam(PARAM_PARENT_NAME, request.getParentName()) - .setParam(PARAM_PROFILE_KEY, request.getProfileKey()) + .setParam(PARAM_PROFILE, request.getProfileKey()) .setParam(PARAM_PROFILE_NAME, request.getProfileName()) .setParam(PARAM_ORGANIZATION, request.getOrganization())); } -- 2.39.5