From c2077e970a1e9c136cbc80743b23167c657b6f6b Mon Sep 17 00:00:00 2001 From: belen-pruvost-sonarsource Date: Thu, 25 Nov 2021 11:14:00 +0100 Subject: [PATCH] SONAR-15681 - IT for Owasp Top 10 2021 support in sonar-plugin-api --- .../sonar/xoo/rule/XooRulesDefinition.java | 8 +++- .../xoo/rule/XooRulesDefinitionTest.java | 38 +++++++++++++------ .../sonar/server/rule/RegisterRulesTest.java | 23 ++++++----- 3 files changed, 45 insertions(+), 24 deletions(-) diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java index 77f087f4b5f..bba672d9e8f 100644 --- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java +++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java @@ -31,6 +31,8 @@ import org.sonar.xoo.Xoo; import org.sonar.xoo.Xoo2; import org.sonar.xoo.checks.Check; +import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.*; + /** * Define all the coding rules that are supported on the repositories named "xoo" and "xoo2" */ @@ -200,13 +202,15 @@ public class XooRulesDefinition implements RulesDefinition { hotspot .setDebtRemediationFunction(hotspot.debtRemediationFunctions().constantPerIssue("2min")); - if (version != null && version.isGreaterThanOrEqual(Version.create(7, 3))) { + if (version != null && version.isGreaterThanOrEqual(Version.create(9, 3))) { hotspot .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3) + .addOwaspTop10(Y2021, OwaspTop10.A3, OwaspTop10.A2) .addCwe(1, 89, 123, 863); oneVulnerabilityIssuePerModule - .addOwaspTop10(OwaspTop10.A9, OwaspTop10.A10) + .addOwaspTop10(Y2017, OwaspTop10.A9, OwaspTop10.A10) + .addOwaspTop10(Y2021, OwaspTop10.A6, OwaspTop10.A9) .addCwe(250, 564, 546, 943); } diff --git a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java index 2160c1bc0e5..ce0101b1831 100644 --- a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java +++ b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java @@ -33,7 +33,7 @@ import static org.assertj.core.api.Assertions.assertThat; public class XooRulesDefinitionTest { - private XooRulesDefinition def = new XooRulesDefinition(SonarRuntimeImpl.forSonarQube(Version.create(7, 3), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY)); + private XooRulesDefinition def = new XooRulesDefinition(SonarRuntimeImpl.forSonarQube(Version.create(9, 3), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY)); private RulesDefinition.Context context = new RulesDefinitionContext(); @@ -44,11 +44,7 @@ public class XooRulesDefinitionTest { @Test public void define_xoo_rules() { - RulesDefinition.Repository repo = context.repository("xoo"); - assertThat(repo).isNotNull(); - assertThat(repo.name()).isEqualTo("Xoo"); - assertThat(repo.language()).isEqualTo("xoo"); - assertThat(repo.rules()).hasSize(23); + RulesDefinition.Repository repo = getRepository(); RulesDefinition.Rule rule = repo.rule(OneIssuePerLineSensor.RULE_KEY); assertThat(rule.name()).isNotEmpty(); @@ -60,17 +56,26 @@ public class XooRulesDefinitionTest { @Test public void define_xoo_hotspot_rule() { - RulesDefinition.Repository repo = context.repository("xoo"); - assertThat(repo).isNotNull(); - assertThat(repo.name()).isEqualTo("Xoo"); - assertThat(repo.language()).isEqualTo("xoo"); - assertThat(repo.rules()).hasSize(23); + RulesDefinition.Repository repo = getRepository(); RulesDefinition.Rule rule = repo.rule(HotspotSensor.RULE_KEY); assertThat(rule.name()).isNotEmpty(); assertThat(rule.securityStandards()) .isNotEmpty() - .containsExactlyInAnyOrder("cwe:1", "cwe:89", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3"); + .containsExactlyInAnyOrder("cwe:1", "cwe:89", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3", + "owaspTop10-2021:a3", "owaspTop10-2021:a2"); + } + + @Test + public void define_xoo_vulnerability_rule() { + RulesDefinition.Repository repo = getRepository(); + + RulesDefinition.Rule rule = repo.rule(OneVulnerabilityIssuePerModuleSensor.RULE_KEY); + assertThat(rule.name()).isNotEmpty(); + assertThat(rule.securityStandards()) + .isNotEmpty() + .containsExactlyInAnyOrder("cwe:250", "cwe:546", "cwe:564", "cwe:943", "owaspTop10-2021:a6", "owaspTop10-2021:a9", + "owaspTop10:a10", "owaspTop10:a9"); } @Test @@ -90,4 +95,13 @@ public class XooRulesDefinitionTest { assertThat(repo.language()).isEqualTo("xoo2"); assertThat(repo.rules()).hasSize(2); } + + private RulesDefinition.Repository getRepository() { + RulesDefinition.Repository repo = context.repository("xoo"); + assertThat(repo).isNotNull(); + assertThat(repo.name()).isEqualTo("Xoo"); + assertThat(repo.language()).isEqualTo("xoo"); + assertThat(repo.rules()).hasSize(23); + return repo; + } } diff --git a/server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java b/server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java index cbcaf854a7c..81650e27ca5 100644 --- a/server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java +++ b/server/sonar-webserver-core/src/test/java/org/sonar/server/rule/RegisterRulesTest.java @@ -83,8 +83,11 @@ import static org.sonar.api.rule.RuleStatus.READY; import static org.sonar.api.rule.RuleStatus.REMOVED; import static org.sonar.api.rule.Severity.BLOCKER; import static org.sonar.api.rule.Severity.INFO; +import static org.sonar.api.server.rule.RulesDefinition.Context; import static org.sonar.api.server.rule.RulesDefinition.NewRepository; import static org.sonar.api.server.rule.RulesDefinition.NewRule; +import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10; +import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.Y2021; @RunWith(DataProviderRunner.class) public class RegisterRulesTest { @@ -160,7 +163,7 @@ public class RegisterRulesTest { assertThat(hotspotRule.getCreatedAt()).isEqualTo(DATE1.getTime()); assertThat(hotspotRule.getUpdatedAt()).isEqualTo(DATE1.getTime()); assertThat(hotspotRule.getType()).isEqualTo(RuleType.SECURITY_HOTSPOT.getDbConstant()); - assertThat(hotspotRule.getSecurityStandards()).containsExactly("cwe:1", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3"); + assertThat(hotspotRule.getSecurityStandards()).containsExactly("cwe:1", "cwe:123", "cwe:863", "owaspTop10-2021:a1", "owaspTop10-2021:a3"); List params = dbClient.ruleDao().selectRuleParamsByRuleKey(db.getSession(), RULE_KEY1); assertThat(params).hasSize(2); @@ -208,7 +211,7 @@ public class RegisterRulesTest { assertThat(hotspotRule.getCreatedAt()).isEqualTo(DATE1.getTime()); assertThat(hotspotRule.getUpdatedAt()).isEqualTo(DATE1.getTime()); assertThat(hotspotRule.getType()).isEqualTo(RuleType.SECURITY_HOTSPOT.getDbConstant()); - assertThat(hotspotRule.getSecurityStandards()).containsExactly("cwe:1", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3"); + assertThat(hotspotRule.getSecurityStandards()).containsExactly("cwe:1", "cwe:123", "cwe:863", "owaspTop10-2021:a1", "owaspTop10-2021:a3"); } @Test @@ -401,26 +404,26 @@ public class RegisterRulesTest { repo.createRule("rule1") .setName("Rule One") .setHtmlDescription("Description of Rule One") - .addOwaspTop10(RulesDefinition.OwaspTop10.A1) + .addOwaspTop10(Y2021, OwaspTop10.A1) .addCwe(123); repo.done(); }); RuleDto rule = dbClient.ruleDao().selectOrFailByKey(db.getSession(), RULE_KEY1); - assertThat(rule.getSecurityStandards()).containsOnly("cwe:123", "owaspTop10:a1"); + assertThat(rule.getSecurityStandards()).containsOnly("cwe:123", "owaspTop10-2021:a1"); execute(context -> { NewRepository repo = context.createRepository("fake", "java"); repo.createRule("rule1") .setName("Rule One") .setHtmlDescription("Description of Rule One") - .addOwaspTop10(RulesDefinition.OwaspTop10.A1, RulesDefinition.OwaspTop10.A3) + .addOwaspTop10(Y2021, OwaspTop10.A1, OwaspTop10.A3) .addCwe(1, 123, 863); repo.done(); }); rule = dbClient.ruleDao().selectOrFailByKey(db.getSession(), RULE_KEY1); - assertThat(rule.getSecurityStandards()).containsOnly("cwe:1", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3"); + assertThat(rule.getSecurityStandards()).containsOnly("cwe:1", "cwe:123", "cwe:863", "owaspTop10-2021:a1", "owaspTop10-2021:a3"); } @Test @@ -615,7 +618,7 @@ public class RegisterRulesTest { @DataProvider public static Object[][] allRenamingCases() { - return new Object[][] { + return new Object[][]{ {"repo1", "rule1", "repo1", "rule2"}, {"repo1", "rule1", "repo2", "rule1"}, {"repo1", "rule1", "repo2", "rule2"}, @@ -1000,7 +1003,7 @@ public class RegisterRulesTest { } @SafeVarargs - private void createRule(RulesDefinition.Context context, String language, String repositoryKey, String ruleKey, Consumer... consumers) { + private void createRule(Context context, String language, String repositoryKey, String ruleKey, Consumer... consumers) { NewRepository repo = context.createRepository(repositoryKey, language); NewRule newRule = repo.createRule(ruleKey) .setName(ruleKey) @@ -1055,7 +1058,7 @@ public class RegisterRulesTest { .setName("Hotspot") .setHtmlDescription("Minimal hotspot") .setType(RuleType.SECURITY_HOTSPOT) - .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3) + .addOwaspTop10(Y2021, OwaspTop10.A1, OwaspTop10.A3) .addCwe(1, 123, 863); repo.createRule(RULE_KEY2.rule()) @@ -1115,7 +1118,7 @@ public class RegisterRulesTest { .setName("Hotspot") .setHtmlDescription("Minimal hotspot") .setType(RuleType.SECURITY_HOTSPOT) - .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3) + .addOwaspTop10(Y2021, OwaspTop10.A1, OwaspTop10.A3) .addCwe(1, 123, 863); repo.done(); -- 2.39.5