From bb83311cddc3a143787e349f5eb8c7058bbc0869 Mon Sep 17 00:00:00 2001 From: Pascal Mugnier Date: Tue, 23 Oct 2018 10:21:59 +0200 Subject: [PATCH] Fix code flows --- .../apps/securityReports/components/App.tsx | 30 +- .../components/VulnerabilityList.tsx | 142 +- .../__tests__/__snapshots__/App-test.tsx.snap | 52 +- .../VulnerabilityList-test.tsx.snap | 1402 ++++++++--------- .../resources/org/sonar/l10n/core.properties | 5 +- 5 files changed, 765 insertions(+), 866 deletions(-) diff --git a/server/sonar-web/src/main/js/apps/securityReports/components/App.tsx b/server/sonar-web/src/main/js/apps/securityReports/components/App.tsx index 32a19880013..58f78b0526d 100755 --- a/server/sonar-web/src/main/js/apps/securityReports/components/App.tsx +++ b/server/sonar-web/src/main/js/apps/securityReports/components/App.tsx @@ -21,11 +21,10 @@ import * as React from 'react'; import * as PropTypes from 'prop-types'; import Helmet from 'react-helmet'; import { Link } from 'react-router'; -import { FormattedMessage } from 'react-intl'; import VulnerabilityList from './VulnerabilityList'; import Suggestions from '../../../app/components/embed-docs-modal/Suggestions'; import { translate } from '../../../helpers/l10n'; -import { Component, BranchLike, SecurityHotspot, RuleType } from '../../../app/types'; +import { Component, BranchLike, SecurityHotspot } from '../../../app/types'; import DeferredSpinner from '../../../components/common/DeferredSpinner'; import Checkbox from '../../../components/controls/Checkbox'; import { RawQuery } from '../../../helpers/query'; @@ -33,8 +32,6 @@ import NotFound from '../../../app/components/NotFound'; import { getSecurityHotspots } from '../../../api/security-reports'; import { isLongLivingBranch } from '../../../helpers/branches'; import DocTooltip from '../../../components/docs/DocTooltip'; -import { getRulesUrl } from '../../../helpers/urls'; -import { isSonarCloud } from '../../../helpers/system'; import { StandardType } from '../utils'; import '../style.css'; @@ -127,39 +124,20 @@ export default class App extends React.PureComponent { }; renderAdditionalRulesMessage = () => { - const { component } = this.props; - const { findings, type } = this.state; + const { findings } = this.state; if (findings.length === 0) { return null; } const total = findings.map(f => f.totalRules).reduce((sum, count) => sum + count); const active = findings.map(f => f.activeRules).reduce((sum, count) => sum + count); - if (active === total) { + if (active >= total) { return null; } - const standard = translate('security_reports', type, 'page'); return (
- - {translate('security_reports.info.link')} - - ), - standard, - total: total - active - }} - /> + {translate('security_reports.more_rules')}
); }; diff --git a/server/sonar-web/src/main/js/apps/securityReports/components/VulnerabilityList.tsx b/server/sonar-web/src/main/js/apps/securityReports/components/VulnerabilityList.tsx index 5cde1c6db30..28cbd625f14 100755 --- a/server/sonar-web/src/main/js/apps/securityReports/components/VulnerabilityList.tsx +++ b/server/sonar-web/src/main/js/apps/securityReports/components/VulnerabilityList.tsx @@ -20,7 +20,7 @@ import * as React from 'react'; import * as classNames from 'classnames'; import { Link } from 'react-router'; -import { translate, translateWithParameters } from '../../../helpers/l10n'; +import { translate } from '../../../helpers/l10n'; import { SecurityHotspot, Component, BranchLike, IssueType } from '../../../app/types'; import Rating from '../../../components/ui/Rating'; import { getComponentIssuesUrl, getRulesUrl } from '../../../helpers/urls'; @@ -86,7 +86,7 @@ export default class VulnerabilityList extends React.PureComponent ); }; - getName(finding: SecurityHotspot, type: StandardType, activeRules: number, totalRules: number) { + getName(finding: SecurityHotspot, type: StandardType) { const category = finding.category || finding.cwe || 'unknown'; const renderers = { owaspTop10: renderOwaspTop10Category, @@ -103,12 +103,13 @@ export default class VulnerabilityList extends React.PureComponent overlay={this.renderOverlay(this.state.standards[type][category].description)} /> )} - {activeRules === 0 && - totalRules > 0 && + {finding.activeRules === 0 && + finding.totalRules > 0 && + category !== 'cwe' && category !== 'unknown' && ( + overlay={this.renderMoreRulesOverlay(type, category)}> )} @@ -118,18 +119,18 @@ export default class VulnerabilityList extends React.PureComponent // We redirect the user to the rules page, using languages, types, keywords and tags filters // to display the correct list of rules - renderMoreRulesOverlay = (totalRules: number, type: StandardType, category: string) => { + renderMoreRulesOverlay = (type: StandardType, category: string) => { const languages = this.props.component.qualityProfiles ? this.props.component.qualityProfiles.map(qp => qp.language).join(',') : ''; - let tags; - let q; - if (type === 'cwe') { - q = `${STANDARDS_TAGS[type]}:${category.toLowerCase()}`; - tags = 'cwe'; - } else { - tags = `${STANDARDS_TAGS[type]}-${category.toLowerCase()}`; - } + const sansTopCategoryTags: { [key: string]: string } = { + 'insecure-interaction': 'insecure', + 'porous-defenses': 'porous', + 'risky-resource': 'risky' + }; + const tags = `${STANDARDS_TAGS[type]}-${ + type === 'sansTop25' ? sansTopCategoryTags[category.toLowerCase()] : category.toLowerCase() + }`; return ( <>

{translate('security_reports.activate_rules')}

@@ -137,10 +138,10 @@ export default class VulnerabilityList extends React.PureComponent - {translateWithParameters('security_reports.activate_rules.link', totalRules)} + {translate('security_reports.activate_rules.link')} ); @@ -166,6 +167,28 @@ export default class VulnerabilityList extends React.PureComponent ); }; + renderComponentIssuesLink = ( + activeRules: number, + query: { [x: string]: string | undefined }, + value: number, + tooltip?: JSX.Element + ) => { + if (activeRules === 0) { + return '-'; + } + return value === 0 ? ( + <> + {value} + {tooltip} + + ) : ( + <> + {value} + {tooltip} + + ); + }; + renderFinding( finding: SecurityHotspot, isCWE?: boolean, @@ -189,25 +212,22 @@ export default class VulnerabilityList extends React.PureComponent : null; const title = getRatingTooltip('security_rating', finding.vulnerabilityRating || 1); - const hasActiveRules = finding.activeRules > 0; return ( - {this.getName(finding, isCWE ? 'cwe' : type, finding.activeRules, finding.totalRules)} + {this.getName(finding, isCWE ? 'cwe' : type)} - {!hasActiveRules && '-'} - {hasActiveRules && ( -
- - {finding.vulnerabilities} - +
+ {this.renderComponentIssuesLink( + finding.activeRules, + { + ...params, + types: IssueType.Vulnerability, + resolved: 'false' + }, + finding.vulnerabilities, -
- )} + )} +
- {!hasActiveRules && '-'} - {hasActiveRules && ( - - {finding.openSecurityHotspots} - + {this.renderComponentIssuesLink( + finding.activeRules, + { + ...params, + types: IssueType.Hotspot, + resolved: 'false', + statuses: 'OPEN,REOPENED' + }, + finding.openSecurityHotspots )} - {!hasActiveRules && '-'} - {hasActiveRules && ( - - {finding.toReviewSecurityHotspots} - + {this.renderComponentIssuesLink( + finding.activeRules, + { + ...params, + types: IssueType.Hotspot, + resolutions: 'FIXED', + statuses: 'RESOLVED' + }, + finding.toReviewSecurityHotspots )} - {!hasActiveRules && '-'} - {hasActiveRules && ( - - {finding.wontFixSecurityHotspots} - + {this.renderComponentIssuesLink( + finding.activeRules, + { + ...params, + types: IssueType.Hotspot, + resolutions: 'WONTFIX', + statuses: 'RESOLVED' + }, + finding.wontFixSecurityHotspots )} diff --git a/server/sonar-web/src/main/js/apps/securityReports/components/__tests__/__snapshots__/App-test.tsx.snap b/server/sonar-web/src/main/js/apps/securityReports/components/__tests__/__snapshots__/App-test.tsx.snap index 7f23c59af71..ace4a652592 100644 --- a/server/sonar-web/src/main/js/apps/securityReports/components/__tests__/__snapshots__/App-test.tsx.snap +++ b/server/sonar-web/src/main/js/apps/securityReports/components/__tests__/__snapshots__/App-test.tsx.snap @@ -124,31 +124,7 @@ exports[`handle checkbox for cwe display 2`] = `
- - security_reports.info.link - , - "standard": "security_reports.owaspTop10.page", - "total": 1, - } - } - /> + security_reports.more_rules
@@ -293,31 +269,7 @@ exports[`renders owaspTop10 1`] = `
- - security_reports.info.link - , - "standard": "security_reports.owaspTop10.page", - "total": 1, - } - } - /> + security_reports.more_rules
diff --git a/server/sonar-web/src/main/js/apps/securityReports/components/__tests__/__snapshots__/VulnerabilityList-test.tsx.snap b/server/sonar-web/src/main/js/apps/securityReports/components/__tests__/__snapshots__/VulnerabilityList-test.tsx.snap index ddee9f669d3..bdd6fa5d8eb 100644 --- a/server/sonar-web/src/main/js/apps/securityReports/components/__tests__/__snapshots__/VulnerabilityList-test.tsx.snap +++ b/server/sonar-web/src/main/js/apps/securityReports/components/__tests__/__snapshots__/VulnerabilityList-test.tsx.snap @@ -81,28 +81,8 @@ exports[`renders 1`] = `
- - 2 - - + - + 2 - + + + + + +
- + - 10 - + > + 10 + + - + - 2 - + > + 2 + + - + 0 - + @@ -209,28 +200,8 @@ exports[`renders 1`] = `
- - 2 - - + - + 2 - + + + + + +
- + - 10 - + > + 10 + + - + - 2 - + > + 2 + + - + 0 - + @@ -348,14 +330,13 @@ exports[`renders 1`] = ` "pathname": "/coding_rules", "query": Object { "languages": "", - "q": undefined, "tags": "owasp-a3", "types": "SECURITY_HOTSPOT,VULNERABILITY", }, } } > - security_reports.activate_rules.link.1 + security_reports.activate_rules.link } @@ -371,7 +352,11 @@ exports[`renders 1`] = ` - - +
+ - +
- - 3 - - + - + 3 - + + + + + + - + - 100 - + > + 100 + + - + - 8 - + > + 8 + + - - 10 - - - + + + 10 + + + + @@ -604,28 +597,8 @@ exports[`renders with cwe 1`] = `
- - 2 - - + - + 2 - + + + + + +
- + - 10 - + > + 10 + + - + - 2 - + > + 2 + + - + 0 - + + + + 1 + + + + + + + + + + + + + 10 + + + + + + 2 + + + + + + 0 + + + + + + + + + + A2 + + + +
+ + - 1 + 2 -
- - + + + + + 10 - - + + + + 2 - + + + + + 0 + + + + + - - 0 - - - - - - - - - - A2 - - - -
- - 2 - - - - - - -
- - - - 10 - - - - - 2 - - - - - 0 - - - - - - CWE-42 @@ -992,29 +957,8 @@ exports[`renders with cwe 1`] = `
- - 1 - - + - + 1 - + + + + + +
- + - 10 - + > + 10 + + - + - 2 - + > + 2 + + - + 0 - + @@ -1137,14 +1092,13 @@ exports[`renders with cwe 1`] = ` "pathname": "/coding_rules", "query": Object { "languages": "", - "q": undefined, "tags": "owasp-a3", "types": "SECURITY_HOTSPOT,VULNERABILITY", }, } } > - security_reports.activate_rules.link.1 + security_reports.activate_rules.link } @@ -1160,7 +1114,11 @@ exports[`renders with cwe 1`] = ` - - +
+ - +
+ + + 1 + + + + + + + + + + + + 10 + + + + + + + 2 + + + + + + 0 + + + + + + + + + + UNKNOWN + + + +
+ + - 1 + 3 -
- - + + + + + - 10 + 100 - - + + + + - 2 + 8 - - - - 0 - - - - - - - - - - UNKNOWN -
+ - 3 + 10 - - - - - -
- - - - 100 - - - - - 8 - - - - - 10 - + diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties index 5b3b5b031e6..aaeadbb45f8 100644 --- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties +++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties @@ -2044,8 +2044,7 @@ organizations_permissions.provisioning.desc=Ability to initialize a project so i # SECURITY REPORTS PAGE # #------------------------------------------------------------------------------ -security_reports.info={total} additional rules related to {standard} Security Standards {link} but not used in this project's profiles. -security_reports.info.link=are available +security_reports.more_rules=Additional security-related rules are available but not active in your profiles. security_reports.owaspTop10.page=OWASP Top 10 security_reports.sansTop25.page=SANS Top 25 security_reports.owaspTop10.description=Track Vulnerabilities and Security Hotspots conforming to OWASP Top 10 standard. @@ -2058,7 +2057,7 @@ security_reports.line.wont_fix=Won't Fix security_reports.line.in_review=In Review security_reports.cwe.show=Show CWE distribution security_reports.activate_rules=Activate rules in this category to detect more security hotspots -security_reports.activate_rules.link=See all {0} rules related to this category +security_reports.activate_rules.link=See all rules related to this category #------------------------------------------------------------------------------ # -- 2.39.5