From 402255018b5b24e22688f3cd688e52aa6fe1fc94 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Fri, 28 Jun 2019 14:57:46 +0200 Subject: [PATCH] SONAR-12249 Update SonarSource Security categories with the latest definition --- .../db/migration/version/v79/DbVersion79.java | 3 +- .../version/v79/ReindexIssuesAndRules.java | 49 +++++++++++++++ .../version/v79/DbVersion79Test.java | 2 +- .../v79/ReindexIssuesAndRulesTest.java | 61 +++++++++++++++++++ .../security/SecurityStandardHelper.java | 13 ++-- 5 files changed, 119 insertions(+), 9 deletions(-) create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRules.java create mode 100644 server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRulesTest.java diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79.java index 94eff8f6dab..39f8bf26db1 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79.java @@ -30,6 +30,7 @@ public class DbVersion79 implements DbVersion { TruncateEnvAndSystemVarsFromScannerContext.class) .add(2801, "populate install version and install date internal properties", PopulateInstallDateAndVersion.class) .add(2802, "Migrate property 'sonar.pullrequest.provider' value from VSTS to Azure DevOps", MigrateVstsProviderToAzureDevOps.class) - .add(2803, "Remove quality gate conditions on Security Review Rating", RemoveQGConditionsOnSecurityReviewRating.class); + .add(2803, "Remove quality gate conditions on Security Review Rating", RemoveQGConditionsOnSecurityReviewRating.class) + .add(2804, "Reindex issues and rules to take into account latest categories definition", ReindexIssuesAndRules.class); } } diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRules.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRules.java new file mode 100644 index 00000000000..a9eefedfa63 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRules.java @@ -0,0 +1,49 @@ +/* + * SonarQube + * Copyright (C) 2009-2019 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v79; + +import java.sql.SQLException; +import org.sonar.api.config.Configuration; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.SupportsBlueGreen; +import org.sonar.server.platform.db.migration.es.MigrationEsClient; +import org.sonar.server.platform.db.migration.step.DataChange; + +@SupportsBlueGreen +public class ReindexIssuesAndRules extends DataChange { + + private final Configuration configuration; + private final MigrationEsClient esClient; + + public ReindexIssuesAndRules(Database db, Configuration configuration, MigrationEsClient esClient) { + super(db); + this.configuration = configuration; + this.esClient = esClient; + } + + @Override + public void execute(Context context) throws SQLException { + if (configuration.getBoolean("sonar.sonarcloud.enabled").orElse(false)) { + return; + } + esClient.deleteIndexes("issues", "rules"); + } + +} diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79Test.java index 5bb20f4ee3c..e5eba60177e 100644 --- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79Test.java +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/DbVersion79Test.java @@ -35,7 +35,7 @@ public class DbVersion79Test { @Test public void verify_migration_count() { - verifyMigrationCount(underTest, 4); + verifyMigrationCount(underTest, 5); } } diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRulesTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRulesTest.java new file mode 100644 index 00000000000..be656e9750a --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v79/ReindexIssuesAndRulesTest.java @@ -0,0 +1,61 @@ +/* + * SonarQube + * Copyright (C) 2009-2019 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v79; + +import java.sql.SQLException; +import org.junit.Rule; +import org.junit.Test; +import org.sonar.api.config.internal.MapSettings; +import org.sonar.db.CoreDbTester; +import org.sonar.server.platform.db.migration.es.MigrationEsClient; +import org.sonar.server.platform.db.migration.step.DataChange; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.verifyZeroInteractions; + +public class ReindexIssuesAndRulesTest { + + @Rule + public CoreDbTester db = CoreDbTester.createEmpty(); + + private MapSettings settings = new MapSettings(); + private MigrationEsClient esClient = mock(MigrationEsClient.class); + + private DataChange underTest = new ReindexIssuesAndRules(db.database(), settings.asConfig(), esClient); + + @Test + public void update_es_indexes() throws SQLException { + settings.setProperty("sonar.sonarcloud.enabled", "false"); + + underTest.execute(); + + verify(esClient).deleteIndexes("issues", "rules"); + } + + @Test + public void do_nothing_on_sonarcloud() throws SQLException { + settings.setProperty("sonar.sonarcloud.enabled", "true"); + + underTest.execute(); + + verifyZeroInteractions(esClient); + } +} diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandardHelper.java b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandardHelper.java index 8a7444798fa..4a821f7107f 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandardHelper.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandardHelper.java @@ -56,13 +56,12 @@ public class SecurityStandardHelper { public static final Map> SONARSOURCE_CWE_MAPPING = ImmutableMap.>builder() .put("sql-injection", ImmutableSet.of("89", "564")) - .put("command-injection", ImmutableSet.of("78", "77")) + .put("command-injection", ImmutableSet.of("77", "78", "88", "214")) .put("path-traversal-injection", ImmutableSet.of("22")) .put("ldap-injection", ImmutableSet.of("90")) .put("xpath-injection", ImmutableSet.of("643")) - .put("expression-lang-injection", ImmutableSet.of("917")) - .put("rce", ImmutableSet.of("94")) - .put("dos", ImmutableSet.of("400")) + .put("rce", ImmutableSet.of("94", "95")) + .put("dos", ImmutableSet.of("400", "624")) .put("ssrf", ImmutableSet.of("918")) .put("csrf", ImmutableSet.of("352")) .put("xss", ImmutableSet.of("79", "80", "81", "82", "83", "84", "85", "86", "87")) @@ -70,10 +69,10 @@ public class SecurityStandardHelper { .put("http-response-splitting", ImmutableSet.of("113")) .put("open-redirect", ImmutableSet.of("601")) .put("xxe", ImmutableSet.of("611", "827")) - .put("object-injection", ImmutableSet.of("470")) - .put("weak-cryptography", ImmutableSet.of("326", "295", "326", "327", "297", "780", "328", "327")) + .put("object-injection", ImmutableSet.of("134", "470", "502")) + .put("weak-cryptography", ImmutableSet.of("295", "297", "321", "322", "323", "324", "325", "326", "327", "328", "330", "780")) .put("auth", ImmutableSet.of("798", "640", "620", "549", "522", "521", "263", "262", "261", "259", "284")) - .put("insecure-conf", ImmutableSet.of("102", "489")) + .put("insecure-conf", ImmutableSet.of("102", "215", "311", "315", "346", "614", "489", "942")) .put("file-manipulation", ImmutableSet.of("97", "73")) .build(); public static final String SONARSOURCE_OTHER_CWES_CATEGORY = "others"; -- 2.39.5