From bd966450d95c7e98bc279f47e35b747e8cf3de3d Mon Sep 17 00:00:00 2001 From: =?utf8?q?L=C3=A9o=20Geoffroy?= Date: Tue, 22 Aug 2023 17:14:36 +0200 Subject: [PATCH] SONAR-20198 security hospot should not return cleancode attribute, and should not be indexed --- .../org/sonar/server/rule/index/RuleDoc.java | 4 ++-- .../sonar/server/rule/index/RuleDocTest.java | 16 ++++++++++++++++ .../org/sonar/server/rule/RuleCreatorIT.java | 18 ++++++++++++++++++ .../org/sonar/server/rule/RuleCreator.java | 9 ++++++--- .../org/sonar/server/rule/ws/RuleMapper.java | 3 ++- 5 files changed, 44 insertions(+), 6 deletions(-) diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/rule/index/RuleDoc.java b/server/sonar-server-common/src/main/java/org/sonar/server/rule/index/RuleDoc.java index 766278e9bfd..440dce5017e 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/rule/index/RuleDoc.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/rule/index/RuleDoc.java @@ -297,7 +297,7 @@ public class RuleDoc extends BaseDoc { return this; } - private RuleDoc setCleanCodeAttributeCategory(String cleanCodeAttributeCategory) { + public RuleDoc setCleanCodeAttributeCategory(@Nullable String cleanCodeAttributeCategory) { setField(RuleIndexDefinition.FIELD_RULE_CLEAN_CODE_ATTRIBUTE_CATEGORY, cleanCodeAttributeCategory); return this; } @@ -343,7 +343,7 @@ public class RuleDoc extends BaseDoc { .setUpdatedAt(dto.getUpdatedAt()) .setHtmlDescription(getConcatenatedSectionsInHtml(dto)) .setTemplateKey(getRuleKey(dto)) - .setCleanCodeAttributeCategory(dto.getCleanCodeAttributeCategory()) + .setCleanCodeAttributeCategory(dto.getTypeAsRuleType() != RuleType.SECURITY_HOTSPOT ? dto.getCleanCodeAttributeCategory() : null) .setImpacts(dto.getImpacts().stream().collect(Collectors.toMap(ImpactDto::getSoftwareQuality, ImpactDto::getSeverity))); } diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/rule/index/RuleDocTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/rule/index/RuleDocTest.java index 0db875dd5e7..916153de5fa 100644 --- a/server/sonar-server-common/src/test/java/org/sonar/server/rule/index/RuleDocTest.java +++ b/server/sonar-server-common/src/test/java/org/sonar/server/rule/index/RuleDocTest.java @@ -19,7 +19,10 @@ */ package org.sonar.server.rule.index; +import java.util.Set; import org.junit.Test; +import org.sonar.api.rules.CleanCodeAttribute; +import org.sonar.api.rules.RuleType; import org.sonar.db.rule.RuleDescriptionSectionContextDto; import org.sonar.db.rule.RuleDescriptionSectionDto; import org.sonar.db.rule.RuleDto; @@ -122,6 +125,19 @@ public class RuleDocTest { .hasSameSizeAs(convertToHtml(section1.getContent()) + " " + convertToHtml(section2.getContent())); } + @Test + public void ruleDocOf_whenSecurityHotSpot_shouldNotPopulateCleanCodeAttribute() { + RuleDto ruleDto = newRule(); + ruleDto.setCleanCodeAttribute(CleanCodeAttribute.CONVENTIONAL); + ruleDto.setType(RuleType.SECURITY_HOTSPOT.getDbConstant()); + + RuleForIndexingDto ruleForIndexingDto = RuleForIndexingDto.fromRuleDto(ruleDto); + + SecurityStandards securityStandards = fromSecurityStandards(Set.of()); + Object field = RuleDoc.createFrom(ruleForIndexingDto, securityStandards).getNullableField(RuleIndexDefinition.FIELD_RULE_CLEAN_CODE_ATTRIBUTE_CATEGORY); + assertThat(field).isNull(); + } + private static RuleDescriptionSectionDto buildRuleDescriptionSectionDto(String key, String content) { return RuleDescriptionSectionDto.builder().key(key).content(content).build(); } diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/rule/RuleCreatorIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/rule/RuleCreatorIT.java index 6956212b195..99f7a64bbd9 100644 --- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/rule/RuleCreatorIT.java +++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/rule/RuleCreatorIT.java @@ -162,6 +162,24 @@ public class RuleCreatorIT { assertThat(param.getDefaultValue()).isNull(); } + @Test + public void create_whenTypeIsHotspot_shouldNotComputeDefaultImpact() { + // insert template rule + RuleDto templateRule = createTemplateRule(); + NewCustomRule newRule = NewCustomRule.createForCustomRule("CUSTOM_RULE", templateRule.getKey()) + .setName("My custom") + .setMarkdownDescription("some description") + .setSeverity(Severity.MAJOR) + .setType(RuleType.SECURITY_HOTSPOT) + .setStatus(RuleStatus.READY) + .setParameters(ImmutableMap.of("regex", "")); + + RuleKey customRuleKey = underTest.create(dbSession, newRule); + + RuleDto rule = dbTester.getDbClient().ruleDao().selectOrFailByKey(dbSession, customRuleKey); + assertThat(rule.getDefaultImpacts()).isEmpty(); + } + @Test public void create_custom_rule_with_no_parameter_value() { // insert template rule diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java index d0cd5bca426..9674b9df9dd 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java @@ -190,8 +190,6 @@ public class RuleCreator { RuleDescriptionSectionDto ruleDescriptionSectionDto = createDefaultRuleDescriptionSection(uuidFactory.create(), requireNonNull(newRule.markdownDescription())); int type = newRule.type() == null ? templateRuleDto.getType() : newRule.type().getDbConstant(); String severity = newRule.severity(); - SoftwareQuality softwareQuality = ImpactMapper.convertToSoftwareQuality(RuleType.valueOf(type)); - org.sonar.api.issue.impact.Severity impactSeverity = ImpactMapper.convertToImpactSeverity(severity); RuleDto ruleDto = new RuleDto() .setUuid(uuidFactory.create()) @@ -203,7 +201,6 @@ public class RuleCreator { .setSeverity(severity) .setStatus(newRule.status()) .setType(type) - .addDefaultImpact(new ImpactDto().setUuid(uuidFactory.create()).setSoftwareQuality(softwareQuality).setSeverity(impactSeverity)) .setCleanCodeAttribute(CleanCodeAttribute.CONVENTIONAL) .setLanguage(templateRuleDto.getLanguage()) .setDefRemediationFunction(templateRuleDto.getDefRemediationFunction()) @@ -220,6 +217,12 @@ public class RuleCreator { .setDescriptionFormat(Format.MARKDOWN) .addRuleDescriptionSectionDto(ruleDescriptionSectionDto); + if (type != RuleType.SECURITY_HOTSPOT.getDbConstant()) { + SoftwareQuality softwareQuality = ImpactMapper.convertToSoftwareQuality(RuleType.valueOf(type)); + org.sonar.api.issue.impact.Severity impactSeverity = ImpactMapper.convertToImpactSeverity(severity); + ruleDto = ruleDto.addDefaultImpact(new ImpactDto().setUuid(uuidFactory.create()).setSoftwareQuality(softwareQuality).setSeverity(impactSeverity)); + } + Set tags = templateRuleDto.getTags(); if (!tags.isEmpty()) { ruleDto.setTags(tags); diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java index f9b8dbf7903..6910edaa6b0 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java @@ -32,6 +32,7 @@ import javax.annotation.Nullable; import org.sonar.api.resources.Language; import org.sonar.api.resources.Languages; import org.sonar.api.rule.RuleKey; +import org.sonar.api.rules.RuleType; import org.sonar.api.server.debt.DebtRemediationFunction; import org.sonar.api.server.debt.internal.DefaultDebtRemediationFunction; import org.sonar.db.issue.ImpactDto; @@ -222,7 +223,7 @@ public class RuleMapper { } private static void setCleanCodeAttributes(Rules.Rule.Builder ruleResponse, RuleDto ruleDto, Set fieldsToReturn) { - if(shouldReturnField(fieldsToReturn, FIELD_CLEAN_CODE_ATTRIBUTE)){ + if (shouldReturnField(fieldsToReturn, FIELD_CLEAN_CODE_ATTRIBUTE) && ruleDto.getType() != RuleType.SECURITY_HOTSPOT.getDbConstant()) { ruleResponse.setCleanCodeAttribute(Common.CleanCodeAttribute.valueOf(ruleDto.getCleanCodeAttribute().name())); ruleResponse.setCleanCodeAttributeCategory(Common.CleanCodeAttributeCategory.valueOf(ruleDto.getCleanCodeAttribute().getAttributeCategory().name())); } -- 2.39.5