From 6a292a559b897adbaadde1ecd38303584f2382cd Mon Sep 17 00:00:00 2001 From: Teryk Bellahsene Date: Wed, 21 Jun 2017 17:02:15 +0200 Subject: [PATCH] SONAR-9448 Sanitize api/qualityprofiles/deactivate_rules --- .../ws/DeactivateRulesAction.java | 26 +++++++++---------- .../ws/DeactivateRulesActionTest.java | 11 +++++--- .../ws/QProfilesWsMediumTest.java | 14 +++++----- .../QualityProfileWsParameters.java | 7 ++--- 4 files changed, 29 insertions(+), 29 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeactivateRulesAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeactivateRulesAction.java index 1dfda65b8c6..243f8e7d196 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeactivateRulesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeactivateRulesAction.java @@ -19,7 +19,6 @@ */ package org.sonar.server.qualityprofile.ws; -import org.sonar.api.server.ServerSide; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -31,16 +30,15 @@ import org.sonar.server.qualityprofile.RuleActivator; import org.sonar.server.rule.ws.RuleQueryFactory; import org.sonar.server.user.UserSession; +import static org.sonar.core.util.Uuids.UUID_EXAMPLE_04; +import static org.sonar.server.qualityprofile.ws.BulkChangeWsResponse.writeResponse; import static org.sonar.server.rule.ws.SearchAction.defineRuleSearchParameters; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_DEACTIVATE_RULES; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_TARGET_PROFILE; -@ServerSide public class DeactivateRulesAction implements QProfileWsAction { - - public static final String PROFILE_KEY = "profile_key"; public static final String SEVERITY = "activation_severity"; - public static final String DEACTIVATE_RULES_ACTION = "deactivate_rules"; - private final RuleQueryFactory ruleQueryFactory; private final UserSession userSession; private final RuleActivator ruleActivator; @@ -57,23 +55,25 @@ public class DeactivateRulesAction implements QProfileWsAction { public void define(WebService.NewController controller) { WebService.NewAction deactivate = controller - .createAction(DEACTIVATE_RULES_ACTION) - .setDescription("Bulk deactivate rules on Quality profiles") + .createAction(ACTION_DEACTIVATE_RULES) + .setDescription("Bulk deactivate rules on Quality profiles.
" + + "Requires to be logged in and the 'Administer Quality Profiles' permission.") .setPost(true) .setSince("4.4") .setHandler(this); defineRuleSearchParameters(deactivate); - deactivate.createParam(PROFILE_KEY) - .setDescription("Quality Profile Key. To retrieve a profile key for a given language please see api/qualityprofiles/search") + deactivate.createParam(PARAM_TARGET_PROFILE) + .setDescription("Quality Profile key on which the rule deactivation is done. To retrieve a profile key please see api/qualityprofiles/search") + .setDeprecatedKey("profile_key", "6.5") .setRequired(true) - .setExampleValue("java:MyProfile"); + .setExampleValue(UUID_EXAMPLE_04); } @Override public void handle(Request request, Response response) throws Exception { - String qualityProfileKey = request.mandatoryParam(PROFILE_KEY); + String qualityProfileKey = request.mandatoryParam(PARAM_TARGET_PROFILE); userSession.checkLoggedIn(); BulkChangeResult result; try (DbSession dbSession = dbClient.openSession(false)) { @@ -82,6 +82,6 @@ public class DeactivateRulesAction implements QProfileWsAction { wsSupport.checkNotBuiltInt(profile); result = ruleActivator.bulkDeactivate(dbSession, ruleQueryFactory.createRuleQuery(dbSession, request), profile); } - BulkChangeWsResponse.writeResponse(result, response); + writeResponse(result, response); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeactivateRulesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeactivateRulesActionTest.java index f53472a4ddb..7936fb0387a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeactivateRulesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeactivateRulesActionTest.java @@ -43,6 +43,7 @@ import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.UUID_SIZE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_TARGET_PROFILE; public class DeactivateRulesActionTest { @@ -86,20 +87,22 @@ public class DeactivateRulesActionTest { "active_severities", "s", "repositories", - "profile_key", + "targetProfile", "statuses", "rule_key", "available_since", "activation", "severities", "organization"); + WebService.Param targetProfile = definition.param("targetProfile"); + assertThat(targetProfile.deprecatedKey()).isEqualTo("profile_key"); } @Test public void should_fail_if_not_logged_in() { TestRequest request = wsActionTester.newRequest() .setMethod("POST") - .setParam("profile_key", randomAlphanumeric(UUID_SIZE)); + .setParam(PARAM_TARGET_PROFILE, randomAlphanumeric(UUID_SIZE)); thrown.expect(UnauthorizedException.class); request.execute(); @@ -111,7 +114,7 @@ public class DeactivateRulesActionTest { QProfileDto qualityProfile = dbTester.qualityProfiles().insert(defaultOrganization, p -> p.setIsBuiltIn(true)); TestRequest request = wsActionTester.newRequest() .setMethod("POST") - .setParam("profile_key", qualityProfile.getKee()); + .setParam(PARAM_TARGET_PROFILE, qualityProfile.getKee()); thrown.expect(BadRequestException.class); @@ -124,7 +127,7 @@ public class DeactivateRulesActionTest { QProfileDto qualityProfile = dbTester.qualityProfiles().insert(organization); TestRequest request = wsActionTester.newRequest() .setMethod("POST") - .setParam("profile_key", qualityProfile.getKee()); + .setParam(PARAM_TARGET_PROFILE, qualityProfile.getKee()); thrown.expect(ForbiddenException.class); request.execute(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsMediumTest.java index aafab74035f..624c04de5fb 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsMediumTest.java @@ -52,7 +52,6 @@ import org.sonar.server.rule.index.RuleQuery; import org.sonar.server.tester.ServerTester; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsTester; -import org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ActivateActionParameters; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.fail; @@ -60,6 +59,7 @@ import static org.sonar.server.qualityprofile.ws.QProfilesWs.API_ENDPOINT; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_ACTIVATE_RULE; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_ACTIVATE_RULES; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_DEACTIVATE_RULE; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_DEACTIVATE_RULES; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_RESET; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_RULE; @@ -145,8 +145,8 @@ public class QProfilesWsMediumTest { assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, profile.getKee())).hasSize(4); // 1. Deactivate Rule - WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION); - request.setParam(ActivateActionParameters.PARAM_PROFILE_KEY, profile.getKee()); + WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, ACTION_DEACTIVATE_RULES); + request.setParam(PARAM_TARGET_PROFILE, profile.getKee()); WsTester.Result result = request.execute(); dbSession.clearCache(); @@ -171,8 +171,8 @@ public class QProfilesWsMediumTest { assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, profile.getKee())).hasSize(2); // 1. Deactivate Rule - WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION); - request.setParam(ActivateActionParameters.PARAM_PROFILE_KEY, profile.getKee()); + WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, ACTION_DEACTIVATE_RULES); + request.setParam(PARAM_TARGET_PROFILE, profile.getKee()); WsTester.Result result = request.execute(); dbSession.clearCache(); @@ -195,8 +195,8 @@ public class QProfilesWsMediumTest { assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, profile.getKee())).hasSize(2); // 1. Deactivate Rule - WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION); - request.setParam(ActivateActionParameters.PARAM_PROFILE_KEY, profile.getKee()); + WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, ACTION_DEACTIVATE_RULES); + request.setParam(PARAM_TARGET_PROFILE, profile.getKee()); request.setParam(Param.TEXT_QUERY, "hello"); WsTester.Result result = request.execute(); dbSession.clearCache(); diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java index 19fd430ca7f..69070091d51 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java @@ -23,11 +23,6 @@ public class QualityProfileWsParameters { public static final String CONTROLLER_QUALITY_PROFILES = "api/qualityprofiles"; - public interface ActivateActionParameters { - String PARAM_PROFILE_KEY = "profile_key"; - } - public static final String ACTION_RESTORE = "restore"; - public interface RestoreActionParameters { String PARAM_BACKUP = "backup"; } @@ -39,8 +34,10 @@ public class QualityProfileWsParameters { public static final String ACTION_COPY = "copy"; public static final String ACTION_CREATE = "create"; public static final String ACTION_DEACTIVATE_RULE = "deactivate_rule"; + public static final String ACTION_DEACTIVATE_RULES = "deactivate_rules"; public static final String ACTION_DELETE = "delete"; public static final String ACTION_REMOVE_PROJECT = "remove_project"; + public static final String ACTION_RESTORE = "restore"; public static final String ACTION_SEARCH = "search"; public static final String ACTION_SET_DEFAULT = "set_default"; -- 2.39.5