From a921ee8db85cdea463a802fe2a1bacacefd08002 Mon Sep 17 00:00:00 2001 From: Janos Gyerik Date: Mon, 9 Jul 2018 12:35:54 +0200 Subject: [PATCH] SONAR-10992 Set default value for types of issues/search: bug, vulnerability, code smell --- .../java/org/sonar/db/issue/IssueTesting.java | 3 +- .../java/org/sonar/db/rule/RuleTesting.java | 3 +- .../sonar/server/issue/ws/SearchAction.java | 2 + .../server/issue/ws/SearchActionTest.java | 67 +++++++++++++++++-- 4 files changed, 66 insertions(+), 9 deletions(-) diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueTesting.java b/server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueTesting.java index 7eaebeb4eb5..4c08abc9295 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueTesting.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueTesting.java @@ -51,7 +51,8 @@ public class IssueTesting { return new IssueDto() .setKee("uuid_" + randomAlphabetic(5)) .setRule(rule) - .setType(RuleType.values()[nextInt(RuleType.values().length)]) + // exclude security hotspots + .setType(RuleType.values()[nextInt(RuleType.values().length - 1)]) .setProject(project) .setComponent(file) .setStatus(Issue.STATUS_OPEN) diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/rule/RuleTesting.java b/server/sonar-db-dao/src/test/java/org/sonar/db/rule/RuleTesting.java index b979f66f953..2828c0e8ce2 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/rule/RuleTesting.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/rule/RuleTesting.java @@ -72,7 +72,8 @@ public class RuleTesting { .setName("name_" + randomAlphanumeric(5)) .setDescription("description_" + randomAlphanumeric(5)) .setDescriptionFormat(Format.HTML) - .setType(RuleType.values()[nextInt(RuleType.values().length)]) + // exclude security hotspots + .setType(RuleType.values()[nextInt(RuleType.values().length - 1)]) .setStatus(RuleStatus.READY) .setConfigKey("configKey_" + randomAlphanumeric(5)) .setSeverity(Severity.ALL.get(nextInt(Severity.ALL.size()))) diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java index 400424b7c39..a2cbf329ebc 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java @@ -39,6 +39,7 @@ import org.elasticsearch.search.SearchHit; import org.sonar.api.issue.Issue; import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.Severity; +import org.sonar.api.rules.Rule; import org.sonar.api.rules.RuleType; import org.sonar.api.server.ws.Change; import org.sonar.api.server.ws.Request; @@ -230,6 +231,7 @@ public class SearchAction implements IssuesWsAction { .setDescription("Comma-separated list of types.") .setSince("5.5") .setPossibleValues((Object[]) RuleType.values()) + .setDefaultValue(format("%s,%s,%s", RuleType.BUG, RuleType.VULNERABILITY, RuleType.CODE_SMELL)) .setExampleValue(format("%s,%s", RuleType.CODE_SMELL, RuleType.BUG)); action.createParam(PARAM_OWASP_TOP_10) .setDescription("Comma-separated list of OWASP Top 10 lowercase categories. Use '" + UNKNOWN_STANDARD + "' to select issues not associated to any OWASP Top 10 category.") diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionTest.java index f830a6a02df..8a55f127529 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionTest.java @@ -29,6 +29,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.resources.Languages; import org.sonar.api.rule.RuleStatus; +import org.sonar.api.rules.RuleType; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.DateUtils; import org.sonar.api.utils.Durations; @@ -47,6 +48,7 @@ import org.sonar.db.organization.OrganizationTesting; import org.sonar.db.permission.GroupPermissionDto; import org.sonar.db.protobuf.DbCommons; import org.sonar.db.protobuf.DbIssues; +import org.sonar.db.rule.RuleDefinitionDto; import org.sonar.db.rule.RuleDto; import org.sonar.db.rule.RuleTesting; import org.sonar.db.user.UserDto; @@ -68,6 +70,7 @@ import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.TestResponse; import org.sonar.server.ws.WsActionTester; import org.sonar.server.ws.WsResponseCommonFormat; +import org.sonarqube.ws.Common; import org.sonarqube.ws.Issues; import static java.util.Arrays.asList; @@ -187,10 +190,64 @@ public class SearchActionTest { result.assertJson(this.getClass(), "empty_result.json"); } + @Test + public void security_hotspot_type_excluded_by_default() { + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setDbKey("PROJECT_KEY")); + ComponentDto file = insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY")); + + RuleDefinitionDto rule = newRule().getDefinition(); + db.issues().insert(rule, project, file, i -> i.setType(RuleType.BUG)); + db.issues().insert(rule, project, file, i -> i.setType(RuleType.VULNERABILITY)); + db.issues().insert(rule, project, file, i -> i.setType(RuleType.CODE_SMELL)); + db.issues().insert(rule, project, file, i -> i.setType(RuleType.SECURITY_HOTSPOT)); + + indexPermissions(); + indexIssues(); + + Issues.SearchWsResponse result = ws.newRequest().executeProtobuf(Issues.SearchWsResponse.class); + + assertThat(result.getIssuesCount()).isEqualTo(3); + assertThat(result.getIssuesList()) + .extracting(Issues.Issue::getType) + .containsExactlyInAnyOrder(Common.RuleType.BUG, Common.RuleType.VULNERABILITY, Common.RuleType.CODE_SMELL); + } + + @Test + public void security_hotspot_type_included_when_explicitly_selected() { + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setDbKey("PROJECT_KEY")); + ComponentDto file = insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY")); + + RuleDefinitionDto rule = newRule().getDefinition(); + db.issues().insert(rule, project, file, i -> i.setType(RuleType.BUG)); + db.issues().insert(rule, project, file, i -> i.setType(RuleType.VULNERABILITY)); + db.issues().insert(rule, project, file, i -> i.setType(RuleType.CODE_SMELL)); + db.issues().insert(rule, project, file, i -> i.setType(RuleType.SECURITY_HOTSPOT)); + + indexPermissions(); + indexIssues(); + + Issues.SearchWsResponse result = ws.newRequest() + .setParam("types", RuleType.SECURITY_HOTSPOT.toString()) + .executeProtobuf(Issues.SearchWsResponse.class); + + assertThat(result.getIssuesCount()).isEqualTo(1); + assertThat(result.getIssuesList()) + .extracting(Issues.Issue::getType) + .containsExactly(Common.RuleType.SECURITY_HOTSPOT); + + Issues.SearchWsResponse result2 = ws.newRequest() + .setParam("types", String.format("%s,%s", RuleType.BUG, RuleType.SECURITY_HOTSPOT)) + .executeProtobuf(Issues.SearchWsResponse.class); + + assertThat(result2.getIssuesCount()).isEqualTo(2); + assertThat(result2.getIssuesList()) + .extracting(Issues.Issue::getType) + .containsExactlyInAnyOrder(Common.RuleType.BUG, Common.RuleType.SECURITY_HOTSPOT); + } + @Test public void response_contains_all_fields_except_additional_fields() { UserDto simon = db.users().insertUser(u -> u.setLogin("simon").setName("Simon").setEmail("simon@email.com")); - UserDto fabrice = db.users().insertUser(u -> u.setLogin("fabrice").setName("Fabrice").setEmail("fabrice@email.com")); ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setDbKey("PROJECT_KEY")); indexPermissions(); @@ -209,9 +266,8 @@ public class SearchActionTest { .setTags(asList("bug", "owasp")) .setIssueCreationDate(DateUtils.parseDateTime("2014-09-04T00:00:00+0100")) .setIssueUpdateDate(DateUtils.parseDateTime("2017-12-04T00:00:00+0100")); - dbClient.issueDao().insert(session, issue); - session.commit(); - issueIndexer.indexOnStartup(issueIndexer.getIndexTypes()); + db.issues().insertIssue(issue); + indexIssues(); ws.newRequest().execute().assertJson(this.getClass(), "response_contains_all_fields_except_additional_fields.json"); } @@ -537,7 +593,6 @@ public class SearchActionTest { public void display_zero_valued_facets_for_selected_items() { UserDto john = db.users().insertUser(u -> u.setLogin("john").setName("John").setEmail("john@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setDbKey("PROJECT_KEY")); indexPermissions(); ComponentDto file = insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY")); @@ -583,7 +638,6 @@ public class SearchActionTest { UserDto john = db.users().insertUser(u -> u.setLogin("john").setName("John").setEmail("john@email.com")); UserDto alice = db.users().insertUser(u -> u.setLogin("alice").setName("Alice").setEmail("alice@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "PROJECT_ID").setDbKey("PROJECT_KEY")); indexPermissions(); ComponentDto file = insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY")); @@ -682,7 +736,6 @@ public class SearchActionTest { // TODO : check test title w julien - UserDto alice = db.users().insertUser(u -> u.setLogin("alice").setName("Alice").setEmail("alice@email.com")); UserDto john = db.users().insertUser(u -> u.setLogin("john").setName("John").setEmail("john@email.com")); -- 2.39.5