From 2d66533d9b4e47cd15ff58441e7971da4f5257f9 Mon Sep 17 00:00:00 2001 From: Teryk Bellahsene Date: Thu, 22 Jun 2017 09:55:38 +0200 Subject: [PATCH] SONAR-9448 Sanitize api/qualityprofiles/changelog --- .../qualityprofile/ws/ChangelogAction.java | 9 ++- ...-changelog.json => changelog-example.json} | 0 .../ws/ChangelogActionDatabaseTest.java | 58 +++++++++++++------ .../ws/ChangelogActionMockTest.java | 29 +++++----- .../QualityProfileWsParameters.java | 2 + 5 files changed, 59 insertions(+), 39 deletions(-) rename server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/{example-changelog.json => changelog-example.json} (100%) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangelogAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangelogAction.java index 5578cbbc149..0b8c0d81f89 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangelogAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangelogAction.java @@ -37,12 +37,11 @@ import org.sonar.db.qualityprofile.QProfileDto; import static org.sonar.api.utils.DateUtils.parseEndingDateOrDateTime; import static org.sonar.api.utils.DateUtils.parseStartingDateOrDateTime; import static org.sonar.server.es.SearchOptions.MAX_LIMIT; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_SINCE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_TO; public class ChangelogAction implements QProfileWsAction { - static final String PARAM_SINCE = "since"; - static final String PARAM_TO = "to"; - private final ChangelogLoader changelogLoader; private final QProfileWsSupport wsSupport; private final Languages languages; @@ -62,7 +61,7 @@ public class ChangelogAction implements QProfileWsAction { .setDescription("Get the history of changes on a quality profile: rule activation/deactivation, change in parameters/severity. " + "Events are ordered by date in descending order (most recent first).") .setHandler(this) - .setResponseExample(getClass().getResource("example-changelog.json")); + .setResponseExample(getClass().getResource("changelog-example.json")); QProfileWsSupport.createOrganizationParam(wsAction) .setSince("6.4"); @@ -104,7 +103,7 @@ public class ChangelogAction implements QProfileWsAction { } } - private void writeResponse(JsonWriter json, int page, int pageSize, ChangelogLoader.Changelog changelog) { + private static void writeResponse(JsonWriter json, int page, int pageSize, ChangelogLoader.Changelog changelog) { json.beginObject(); json.prop("total", changelog.getTotal()); json.prop(Param.PAGE, page); diff --git a/server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/example-changelog.json b/server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/changelog-example.json similarity index 100% rename from server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/example-changelog.json rename to server/sonar-server/src/main/resources/org/sonar/server/qualityprofile/ws/changelog-example.json diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangelogActionDatabaseTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangelogActionDatabaseTest.java index 003501437d0..798a30f2206 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangelogActionDatabaseTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangelogActionDatabaseTest.java @@ -24,6 +24,7 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.resources.Languages; +import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -39,6 +40,10 @@ import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_LANGUAGE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_ORGANIZATION; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_NAME; public class ChangelogActionDatabaseTest { @@ -49,7 +54,7 @@ public class ChangelogActionDatabaseTest { @Rule public ExpectedException thrown = ExpectedException.none(); - private WsActionTester wsTester; + private WsActionTester ws; private ChangelogLoader changelogLoader; private QProfileWsSupport wsSupport; private OrganizationDto organization; @@ -60,18 +65,33 @@ public class ChangelogActionDatabaseTest { defaultOrganizationProvider = TestDefaultOrganizationProvider.from(dbTester); wsSupport = new QProfileWsSupport(dbTester.getDbClient(), userSession, defaultOrganizationProvider); changelogLoader = new ChangelogLoader(dbTester.getDbClient()); - wsTester = new WsActionTester( + ws = new WsActionTester( new ChangelogAction(changelogLoader, wsSupport, new Languages(), dbTester.getDbClient())); organization = dbTester.organizations().insert(); } + @Test + public void definition() { + WebService.Action definition = ws.getDef(); + + assertThat(definition.responseExampleAsString()).isNotEmpty(); + assertThat(definition.params()).extracting(WebService.Param::key) + .containsExactlyInAnyOrder("profile", "profileName", "language", "organization", "since", "to", "p", "ps"); + WebService.Param profile = definition.param("profile"); + assertThat(profile.deprecatedKey()).isEqualTo("profileKey"); + WebService.Param profileName = definition.param("profileName"); + assertThat(profileName.deprecatedSince()).isEqualTo("6.5"); + WebService.Param language = definition.param("language"); + assertThat(language.deprecatedSince()).isEqualTo("6.5"); + } + @Test public void find_changelog_by_profile_key() throws Exception { QProfileDto profile = dbTester.qualityProfiles().insert(organization); - String response = wsTester.newRequest() + String response = ws.newRequest() .setMethod("GET") - .setParam("profileKey", profile.getKee()) + .setParam(PARAM_PROFILE, profile.getKee()) .execute() .getInput(); @@ -82,10 +102,10 @@ public class ChangelogActionDatabaseTest { public void find_changelog_by_language_and_name() throws Exception { QProfileDto qualityProfile = dbTester.qualityProfiles().insert(dbTester.getDefaultOrganization()); - String response = wsTester.newRequest() + String response = ws.newRequest() .setMethod("GET") - .setParam("language", qualityProfile.getLanguage()) - .setParam("profileName", qualityProfile.getName()) + .setParam(PARAM_LANGUAGE, qualityProfile.getLanguage()) + .setParam(PARAM_PROFILE_NAME, qualityProfile.getName()) .execute() .getInput(); @@ -96,11 +116,11 @@ public class ChangelogActionDatabaseTest { public void find_changelog_by_organization_and_language_and_name() throws Exception { QProfileDto qualityProfile = dbTester.qualityProfiles().insert(organization); - String response = wsTester.newRequest() + String response = ws.newRequest() .setMethod("GET") - .setParam("language", qualityProfile.getLanguage()) - .setParam("profileName", qualityProfile.getName()) - .setParam("organization", organization.getKey()) + .setParam(PARAM_LANGUAGE, qualityProfile.getLanguage()) + .setParam(PARAM_PROFILE_NAME, qualityProfile.getName()) + .setParam(PARAM_ORGANIZATION, organization.getKey()) .execute() .getInput(); @@ -114,11 +134,11 @@ public class ChangelogActionDatabaseTest { QProfileDto qualityProfile = dbTester.qualityProfiles().insert(organization1); - TestRequest request = wsTester.newRequest() + TestRequest request = ws.newRequest() .setMethod("GET") - .setParam("language", qualityProfile.getLanguage()) - .setParam("profileName", qualityProfile.getName()) - .setParam("organization", organization2.getKey()); + .setParam(PARAM_LANGUAGE, qualityProfile.getLanguage()) + .setParam(PARAM_PROFILE_NAME, qualityProfile.getName()) + .setParam(PARAM_ORGANIZATION, organization2.getKey()); thrown.expect(NotFoundException.class); @@ -129,9 +149,9 @@ public class ChangelogActionDatabaseTest { public void changelog_empty() throws Exception { QProfileDto qualityProfile = dbTester.qualityProfiles().insert(organization); - String response = wsTester.newRequest() + String response = ws.newRequest() .setMethod("GET") - .setParam("profileKey", qualityProfile.getKee()) + .setParam(PARAM_PROFILE, qualityProfile.getKee()) .execute() .getInput(); @@ -150,9 +170,9 @@ public class ChangelogActionDatabaseTest { dbTester.getDbClient().qProfileChangeDao().insert(session, change); session.commit(); - String response = wsTester.newRequest() + String response = ws.newRequest() .setMethod("GET") - .setParam("profileKey", qualityProfile.getKee()) + .setParam(PARAM_PROFILE, qualityProfile.getKee()) .execute() .getInput(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangelogActionMockTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangelogActionMockTest.java index 4945738f1ad..022939bd9f6 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangelogActionMockTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangelogActionMockTest.java @@ -26,7 +26,6 @@ import org.junit.Rule; import org.junit.Test; import org.mockito.ArgumentCaptor; import org.sonar.api.resources.Languages; -import org.sonar.api.utils.System2; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; @@ -45,27 +44,27 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.sonar.api.utils.DateUtils.parseDate; import static org.sonar.server.qualityprofile.QProfileTesting.XOO_P1_KEY; -import static org.sonar.server.qualityprofile.ws.ChangelogAction.PARAM_SINCE; -import static org.sonar.server.qualityprofile.ws.ChangelogAction.PARAM_TO; -import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_KEY; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_SINCE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_TO; public class ChangelogActionMockTest { private static final long A_DATE = 1_500_000_000_000L; @Rule - public DbTester dbTester = DbTester.create(System2.INSTANCE); + public DbTester db = DbTester.create(); - private WsTester wsTester; + private WsTester ws; private ChangelogLoader changelogLoader = mock(ChangelogLoader.class); private QProfileWsSupport wsSupport = mock(QProfileWsSupport.class); private OrganizationDto organization; @Before public void before() { - wsTester = new WsTester(new QProfilesWs(mock(ActivateRulesAction.class), - new ChangelogAction(changelogLoader, wsSupport, new Languages(), dbTester.getDbClient()))); - organization = dbTester.organizations().insert(); + ws = new WsTester(new QProfilesWs(mock(ActivateRulesAction.class), + new ChangelogAction(changelogLoader, wsSupport, new Languages(), db.getDbClient()))); + organization = db.organizations().insert(); } @Test @@ -73,7 +72,7 @@ public class ChangelogActionMockTest { when(wsSupport.getProfile(any(DbSession.class), eq(QProfileReference.fromKey(XOO_P1_KEY)))).thenReturn(QProfileTesting.newXooP1(organization)); when(changelogLoader.load(any(DbSession.class), any(QProfileChangeQuery.class))).thenReturn(new ChangelogLoader.Changelog(0, Collections.emptyList())); - wsTester.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog").setParam(PARAM_PROFILE_KEY, XOO_P1_KEY) + ws.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog").setParam(PARAM_PROFILE, XOO_P1_KEY) .execute().assertJson(getClass(), "changelog_empty.json"); } @@ -85,7 +84,7 @@ public class ChangelogActionMockTest { List changes = asList(change1, change2); when(changelogLoader.load(any(DbSession.class), any(QProfileChangeQuery.class))).thenReturn(new ChangelogLoader.Changelog(10, changes)); - wsTester.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog").setParam(PARAM_PROFILE_KEY, XOO_P1_KEY) + ws.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog").setParam(PARAM_PROFILE, XOO_P1_KEY) .execute().assertJson(getClass(), "changelog_nominal.json"); } @@ -98,7 +97,7 @@ public class ChangelogActionMockTest { List changes = asList(change1); when(changelogLoader.load(any(DbSession.class), any(QProfileChangeQuery.class))).thenReturn(new ChangelogLoader.Changelog(10, changes)); - wsTester.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog").setParam(PARAM_PROFILE_KEY, XOO_P1_KEY) + ws.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog").setParam(PARAM_PROFILE, XOO_P1_KEY) .execute().assertJson(getClass(), "changelog_full.json"); } @@ -107,8 +106,8 @@ public class ChangelogActionMockTest { when(wsSupport.getProfile(any(DbSession.class), eq(QProfileReference.fromKey(XOO_P1_KEY)))).thenReturn(QProfileTesting.newXooP1(organization)); when(changelogLoader.load(any(DbSession.class), any(QProfileChangeQuery.class))).thenReturn(new ChangelogLoader.Changelog(0, Collections.emptyList())); - wsTester.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog") - .setParam(PARAM_PROFILE_KEY, XOO_P1_KEY) + ws.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog") + .setParam(PARAM_PROFILE, XOO_P1_KEY) .setParam(PARAM_SINCE, "2016-09-01") .setParam(PARAM_TO, "2016-09-01") .execute(); @@ -123,6 +122,6 @@ public class ChangelogActionMockTest { public void fail_on_unknown_profile() throws Exception { when(wsSupport.getProfile(any(DbSession.class), eq(QProfileReference.fromKey(XOO_P1_KEY)))).thenThrow(new NotFoundException("Profile not found")); - wsTester.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog").setParam(PARAM_PROFILE_KEY, XOO_P1_KEY).execute(); + ws.newGetRequest(QProfilesWs.API_ENDPOINT, "changelog").setParam(PARAM_PROFILE, XOO_P1_KEY).execute(); } } diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java index 43850f02c2b..59f30a4ceb0 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java @@ -57,8 +57,10 @@ public class QualityProfileWsParameters { public static final String PARAM_RESET = "reset"; public static final String PARAM_RULE = "rule"; public static final String PARAM_SEVERITY = "severity"; + public static final String PARAM_SINCE = "since"; public static final String PARAM_TARGET_PROFILE = "targetProfile"; public static final String PARAM_TARGET_SEVERITY = "targetSeverity"; + public static final String PARAM_TO = "to"; public static final String PARAM_TO_NAME = "toName"; private QualityProfileWsParameters() { -- 2.39.5