From dc7088ecb1cea8b9d308f413cc651fd265cefd13 Mon Sep 17 00:00:00 2001 From: Julien HENRY Date: Wed, 23 May 2018 09:50:37 +0200 Subject: [PATCH] SONAR-10658 Prevent Scanner Context from being too big --- .../AnalysisContextReportPublisher.java | 5 +- .../AnalysisContextReportPublisherTest.java | 50 ++++++++++++++----- 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/report/AnalysisContextReportPublisher.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/report/AnalysisContextReportPublisher.java index 0ff003378b4..adff490afaf 100644 --- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/report/AnalysisContextReportPublisher.java +++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/report/AnalysisContextReportPublisher.java @@ -29,7 +29,7 @@ import java.util.HashMap; import java.util.Map; import java.util.Properties; import java.util.TreeSet; - +import org.apache.commons.lang.StringUtils; import org.sonar.api.CoreProperties; import org.sonar.api.batch.AnalysisMode; import org.sonar.api.batch.ScannerSide; @@ -53,6 +53,7 @@ public class AnalysisContextReportPublisher { private static final String ENV_PROP_PREFIX = "env."; private static final String SONAR_PROP_PREFIX = "sonar."; + private static final int MAX_WIDTH = 1000; private final ScannerPluginRepository pluginRepo; private final AnalysisMode mode; private final System2 system; @@ -145,7 +146,7 @@ public class AnalysisContextReportPublisher { } private static void dumpPropIfNotSensitive(BufferedWriter fileWriter, String prop, String value) throws IOException { - fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : value)).append('\n'); + fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : StringUtils.abbreviate(value, MAX_WIDTH))).append('\n'); } /** diff --git a/sonar-scanner-engine/src/test/java/org/sonar/scanner/report/AnalysisContextReportPublisherTest.java b/sonar-scanner-engine/src/test/java/org/sonar/scanner/report/AnalysisContextReportPublisherTest.java index 68a39bf1f1f..c95a5a4e59c 100644 --- a/sonar-scanner-engine/src/test/java/org/sonar/scanner/report/AnalysisContextReportPublisherTest.java +++ b/sonar-scanner-engine/src/test/java/org/sonar/scanner/report/AnalysisContextReportPublisherTest.java @@ -20,11 +20,14 @@ package org.sonar.scanner.report; import com.google.common.collect.ImmutableMap; -import java.util.Arrays; +import java.io.File; +import java.nio.charset.StandardCharsets; +import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.Properties; import org.apache.commons.io.FileUtils; +import org.apache.commons.lang.StringUtils; import org.junit.Before; import org.junit.Rule; import org.junit.Test; @@ -70,7 +73,7 @@ public class AnalysisContextReportPublisherTest { private InputModuleHierarchy hierarchy; @Before - public void prepare() throws Exception { + public void prepare() { logTester.setLevel(LoggerLevel.INFO); system2 = mock(System2.class); when(system2.properties()).thenReturn(new Properties()); @@ -82,13 +85,13 @@ public class AnalysisContextReportPublisherTest { @Test public void shouldOnlyDumpPluginsByDefault() throws Exception { - when(pluginRepo.getPluginInfos()).thenReturn(Arrays.asList(new PluginInfo("xoo").setName("Xoo").setVersion(Version.create("1.0")))); + when(pluginRepo.getPluginInfos()).thenReturn(Collections.singletonList(new PluginInfo("xoo").setName("Xoo").setVersion(Version.create("1.0")))); ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder()); publisher.init(writer); assertThat(writer.getFileStructure().analysisLog()).exists(); - assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog())).contains("Xoo 1.0 (xoo)"); + assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8)).contains("Xoo 1.0 (xoo)"); verifyZeroInteractions(system2); } @@ -112,7 +115,7 @@ public class AnalysisContextReportPublisherTest { publisher.init(writer); - String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog()); + String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8); assertThat(content).containsOnlyOnce(COM_FOO); assertThat(content).containsOnlyOnce(SONAR_SKIP); } @@ -128,7 +131,7 @@ public class AnalysisContextReportPublisherTest { publisher.dumpModuleSettings(new DefaultInputModule(ProjectDefinition.create().setKey("foo").setBaseDir(temp.newFolder()).setWorkDir(temp.newFolder()))); - String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog()); + String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8); assertThat(content).doesNotContain(COM_FOO); assertThat(content).containsOnlyOnce(SONAR_SKIP); } @@ -143,7 +146,7 @@ public class AnalysisContextReportPublisherTest { when(system2.properties()).thenReturn(props); publisher.init(writer); - String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog()); + String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8); assertThat(content).containsOnlyOnce(COM_FOO); assertThat(content).doesNotContain(SONAR_SKIP); @@ -154,7 +157,7 @@ public class AnalysisContextReportPublisherTest { .setProperty(COM_FOO, "bar") .setProperty(SONAR_SKIP, "true"))); - content = FileUtils.readFileToString(writer.getFileStructure().analysisLog()); + content = FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8); assertThat(content).containsOnlyOnce(COM_FOO); assertThat(content).containsOnlyOnce(SONAR_SKIP); } @@ -170,7 +173,7 @@ public class AnalysisContextReportPublisherTest { when(system2.envVariables()).thenReturn(env); publisher.init(writer); - String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog()); + String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8); assertThat(content).containsOnlyOnce(FOO); assertThat(content).containsOnlyOnce(BIZ); assertThat(content).containsSequence(BIZ, FOO); @@ -181,7 +184,7 @@ public class AnalysisContextReportPublisherTest { .setProperty("sonar.projectKey", "foo") .setProperty("env." + FOO, "BAR"))); - content = FileUtils.readFileToString(writer.getFileStructure().analysisLog()); + content = FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8); assertThat(content).containsOnlyOnce(FOO); assertThat(content).containsOnlyOnce(BIZ); assertThat(content).doesNotContain("env." + FOO); @@ -203,13 +206,34 @@ public class AnalysisContextReportPublisherTest { .setProperty("sonar.password", "azerty") .setProperty("sonar.cpp.license.secured", "AZERTY"))); - assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog())).containsSequence( + assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8)).containsSequence( "sonar.cpp.license.secured=******", "sonar.login=******", "sonar.password=******", "sonar.projectKey=foo"); } + @Test + public void shouldShortenModuleProperties() throws Exception { + File baseDir = temp.newFolder(); + ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder()); + publisher.init(writer); + + assertThat(writer.getFileStructure().analysisLog()).exists(); + + publisher.dumpModuleSettings(new DefaultInputModule(ProjectDefinition.create() + .setBaseDir(baseDir) + .setWorkDir(temp.newFolder()) + .setProperty("sonar.projectKey", "foo") + .setProperty("sonar.projectBaseDir", baseDir.toString()) + .setProperty("sonar.aVeryLongProp", StringUtils.repeat("abcde", 1000)))); + + assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8)).containsSubsequence( + "sonar.aVeryLongProp=" + StringUtils.repeat("abcde", 199) + "ab...", + "sonar.projectBaseDir=" + baseDir.toString(), + "sonar.projectKey=foo"); + } + // SONAR-7598 @Test public void shouldNotDumpSensitiveGlobalProperties() throws Exception { @@ -218,7 +242,7 @@ public class AnalysisContextReportPublisherTest { publisher.init(writer); - assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog())).containsSequence( + assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8)).containsSequence( "sonar.cpp.license.secured=******", "sonar.login=******", "sonar.password=******"); @@ -247,7 +271,7 @@ public class AnalysisContextReportPublisherTest { publisher.dumpModuleSettings(module); - String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog()); + String content = FileUtils.readFileToString(writer.getFileStructure().analysisLog(), StandardCharsets.UTF_8); assertThat(content).doesNotContain(SONAR_SKIP); } } -- 2.39.5