From 4286d7315d2161185e2708720193ed88569be41a Mon Sep 17 00:00:00 2001 From: Pierre Date: Wed, 14 Dec 2022 14:43:13 +0100 Subject: [PATCH] SONAR-4043 deprecate sonar.password for analysis --- .../DeprecatedPropertiesWarningGenerator.java | 53 +++++++++++++++ .../scan/SpringProjectScanContainer.java | 4 ++ ...recatedPropertiesWarningGeneratorTest.java | 67 +++++++++++++++++++ 3 files changed, 124 insertions(+) create mode 100644 sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGenerator.java create mode 100644 sonar-scanner-engine/src/test/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGeneratorTest.java diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGenerator.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGenerator.java new file mode 100644 index 00000000000..ae207a1081f --- /dev/null +++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGenerator.java @@ -0,0 +1,53 @@ +/* + * SonarQube + * Copyright (C) 2009-2022 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.scanner.scan; + +import com.google.common.annotations.VisibleForTesting; +import java.util.Optional; +import org.sonar.api.CoreProperties; +import org.sonar.api.config.Configuration; +import org.sonar.api.notifications.AnalysisWarnings; +import org.sonar.api.utils.log.Logger; +import org.sonar.api.utils.log.Loggers; + +public class DeprecatedPropertiesWarningGenerator { + private static final Logger LOG = Loggers.get(DeprecatedPropertiesWarningGenerator.class); + + @VisibleForTesting + public static final String PASSWORD_WARN_MESSAGE = "Property '" + CoreProperties.PASSWORD + "' is deprecated. It will not be supported " + + "in the future. Please instead use the 'sonar.login' parameter with a token."; + + private final Configuration configuration; + private final AnalysisWarnings analysisWarnings; + + public DeprecatedPropertiesWarningGenerator(Configuration configuration, AnalysisWarnings analysisWarnings) { + this.configuration = configuration; + this.analysisWarnings = analysisWarnings; + } + + public void execute() { + Optional password = configuration.get(CoreProperties.PASSWORD); + if (password.isPresent()) { + LOG.warn(PASSWORD_WARN_MESSAGE); + analysisWarnings.addUnique(PASSWORD_WARN_MESSAGE); + } + } + +} diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/SpringProjectScanContainer.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/SpringProjectScanContainer.java index cd20aa1f1e3..e314e421fc3 100644 --- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/SpringProjectScanContainer.java +++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/SpringProjectScanContainer.java @@ -173,6 +173,7 @@ public class SpringProjectScanContainer extends SpringComponentContainer { ProjectRepositoriesProvider.class, new ProjectServerSettingsProvider(), AnalysisCacheEnabled.class, + DeprecatedPropertiesWarningGenerator.class, // temp new AnalysisTempFolderProvider(), @@ -354,6 +355,9 @@ public class SpringProjectScanContainer extends SpringComponentContainer { LOG.info("Branch name: {}", branchConfig.branchName()); } + getComponentByType(DeprecatedPropertiesWarningGenerator.class).execute(); + + getComponentByType(ProjectFileIndexer.class).index(); // Log detected languages and their profiles after FS is indexed and languages detected diff --git a/sonar-scanner-engine/src/test/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGeneratorTest.java b/sonar-scanner-engine/src/test/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGeneratorTest.java new file mode 100644 index 00000000000..5063bd2971b --- /dev/null +++ b/sonar-scanner-engine/src/test/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGeneratorTest.java @@ -0,0 +1,67 @@ +/* + * SonarQube + * Copyright (C) 2009-2022 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.scanner.scan; + +import org.assertj.core.api.Assertions; +import org.junit.Rule; +import org.junit.Test; +import org.mockito.Mockito; +import org.sonar.api.CoreProperties; +import org.sonar.api.config.internal.MapSettings; +import org.sonar.api.notifications.AnalysisWarnings; +import org.sonar.api.utils.log.LogTester; +import org.sonar.api.utils.log.LoggerLevel; + +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.verifyNoInteractions; +import static org.sonar.scanner.scan.DeprecatedPropertiesWarningGenerator.PASSWORD_WARN_MESSAGE; + +public class DeprecatedPropertiesWarningGeneratorTest { + + @Rule + public LogTester logger = new LogTester(); + + private final MapSettings settings = new MapSettings(); + + private final AnalysisWarnings analysisWarnings = Mockito.spy(AnalysisWarnings.class); + private final DeprecatedPropertiesWarningGenerator underTest = new DeprecatedPropertiesWarningGenerator(settings.asConfig(), analysisWarnings); + + @Test + public void verify_warning_when_using_password() { + settings.setProperty(CoreProperties.PASSWORD, "winner winner chicken dinner"); + + underTest.execute(); + + verify(analysisWarnings, times(1)).addUnique(PASSWORD_WARN_MESSAGE); + Assertions.assertThat(logger.logs(LoggerLevel.WARN)).contains(PASSWORD_WARN_MESSAGE); + } + + @Test + public void verify_no_warning_when_not_using_password() { + settings.removeProperty(CoreProperties.PASSWORD); + + underTest.execute(); + + verifyNoInteractions(analysisWarnings); + Assertions.assertThat(logger.logs(LoggerLevel.WARN)).isEmpty(); + } + +} \ No newline at end of file -- 2.39.5