From 49a43c2bcafa4b5af52c50b399c772f828d0f534 Mon Sep 17 00:00:00 2001 From: Jacek Date: Fri, 7 Feb 2020 10:40:56 +0100 Subject: [PATCH] SONAR-12966 Allow usage of new Security Review measures in Quality Gate - filter out 'security_hotspots', 'new_security_hotspots' - allow 'security_review_rating' --- .../QualityGateConditionsUpdater.java | 8 ++++---- .../server/qualitygate/ws/QualityGatesWs.java | 20 +++++++++++-------- .../QualityGateConditionsUpdaterTest.java | 6 ++++-- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/QualityGateConditionsUpdater.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/QualityGateConditionsUpdater.java index 809023702f6..bad67910b85 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/QualityGateConditionsUpdater.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/QualityGateConditionsUpdater.java @@ -47,18 +47,20 @@ import static java.lang.String.format; import static java.util.Arrays.stream; import static java.util.Objects.requireNonNull; import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY; -import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING_KEY; +import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_KEY; +import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_KEY; import static org.sonar.api.measures.Metric.DIRECTION_BETTER; import static org.sonar.api.measures.Metric.DIRECTION_NONE; import static org.sonar.api.measures.Metric.DIRECTION_WORST; import static org.sonar.api.measures.Metric.ValueType.RATING; +import static org.sonar.server.exceptions.BadRequestException.checkRequest; import static org.sonar.server.measure.Rating.E; import static org.sonar.server.qualitygate.Condition.Operator.GREATER_THAN; import static org.sonar.server.qualitygate.Condition.Operator.LESS_THAN; import static org.sonar.server.qualitygate.ValidRatingMetrics.isCoreRatingMetric; -import static org.sonar.server.exceptions.BadRequestException.checkRequest; public class QualityGateConditionsUpdater { + public static final Set INVALID_METRIC_KEYS = ImmutableSet.of(ALERT_STATUS_KEY, SECURITY_HOTSPOTS_KEY, NEW_SECURITY_HOTSPOTS_KEY); private static final Map> VALID_OPERATORS_BY_DIRECTION = ImmutableMap.>builder() .put(DIRECTION_NONE, ImmutableSet.of(GREATER_THAN, LESS_THAN)) @@ -77,8 +79,6 @@ public class QualityGateConditionsUpdater { private static final List RATING_VALID_INT_VALUES = stream(Rating.values()).map(r -> Integer.toString(r.getIndex())).collect(Collectors.toList()); - private static final Set INVALID_METRIC_KEYS = ImmutableSet.of(ALERT_STATUS_KEY, SECURITY_REVIEW_RATING_KEY); - private final DbClient dbClient; public QualityGateConditionsUpdater(DbClient dbClient) { diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/QualityGatesWs.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/QualityGatesWs.java index 8046e879659..bd947914d05 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/QualityGatesWs.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/QualityGatesWs.java @@ -29,12 +29,12 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.qualitygate.Condition; import org.sonar.server.ws.RemovedWebServiceHandler; +import static org.sonar.server.qualitygate.QualityGateConditionsUpdater.INVALID_METRIC_KEYS; import static org.sonar.server.qualitygate.ws.QualityGatesWsParameters.CONTROLLER_QUALITY_GATES; import static org.sonar.server.qualitygate.ws.QualityGatesWsParameters.PARAM_ERROR; import static org.sonar.server.qualitygate.ws.QualityGatesWsParameters.PARAM_METRIC; import static org.sonar.server.qualitygate.ws.QualityGatesWsParameters.PARAM_OPERATOR; - public class QualityGatesWs implements WebService { private static final int CONDITION_MAX_LENGTH = 64; @@ -63,8 +63,7 @@ public class QualityGatesWs implements WebService { .setHandler(RemovedWebServiceHandler.INSTANCE) .setResponseExample(RemovedWebServiceHandler.INSTANCE.getResponseExample()) .setChangelog( - new Change("7.0", "Unset a quality gate is no more authorized") - ); + new Change("7.0", "Unset a quality gate is no more authorized")); controller.done(); } @@ -81,17 +80,17 @@ public class QualityGatesWs implements WebService { "
  • WORK_DUR
  • " + "
  • FLOAT
  • " + "
  • PERCENT
  • " + - "
  • LEVEL
  • " + - "") + "
  • LEVEL
  • " + + "Following metrics are forbidden:" + + "
      " + getInvalidMetrics() + "
    ") .setRequired(true) - .setExampleValue("blocker_violations"); + .setExampleValue("blocker_violations, vulnerabilities, new_code_smells"); action.createParam(PARAM_OPERATOR) .setDescription("Condition operator:
    " + "
      " + "
    • LT = is lower than
    • " + - "
    • GT = is greater than
    • " + - "") + "
    • GT = is greater than
    ") .setExampleValue(Condition.Operator.GREATER_THAN.getDbValue()) .setPossibleValues(getPossibleOperators()); @@ -102,6 +101,11 @@ public class QualityGatesWs implements WebService { .setExampleValue("10"); } + private static String getInvalidMetrics() { + return INVALID_METRIC_KEYS.stream().map(s -> "
  • " + s + "
  • ") + .collect(Collectors.joining()); + } + static Long parseId(Request request, String paramName) { try { return Long.valueOf(request.mandatoryParam(paramName)); diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/QualityGateConditionsUpdaterTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/QualityGateConditionsUpdaterTest.java index f8b087af457..8d6e1eea1c4 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/QualityGateConditionsUpdaterTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/QualityGateConditionsUpdaterTest.java @@ -38,7 +38,8 @@ import org.sonar.server.exceptions.NotFoundException; import static java.lang.String.format; import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat; import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY; -import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING_KEY; +import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_KEY; +import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_KEY; import static org.sonar.api.measures.CoreMetrics.SQALE_RATING_KEY; import static org.sonar.api.measures.Metric.ValueType.BOOL; import static org.sonar.api.measures.Metric.ValueType.DATA; @@ -316,7 +317,8 @@ public class QualityGateConditionsUpdaterTest { public static Object[][] invalid_metrics() { return new Object[][] { {ALERT_STATUS_KEY, INT, false}, - {SECURITY_REVIEW_RATING_KEY, RATING, false}, + {SECURITY_HOTSPOTS_KEY, INT, false}, + {NEW_SECURITY_HOTSPOTS_KEY, INT, false}, {"boolean", BOOL, false}, {"string", STRING, false}, {"data_metric", DATA, false}, -- 2.39.5