From feec45608a9ce79e2e8668a97b0d300b68eaba4e Mon Sep 17 00:00:00 2001 From: Teryk Bellahsene Date: Wed, 21 Jun 2017 17:45:12 +0200 Subject: [PATCH] SONAR-9448 Sanitize api/qualityprofiles/add_project --- .../qualityprofile/ws/AddProjectAction.java | 30 +++++++++++-------- .../qualityprofile/ws/QProfileReference.java | 21 ++++++++----- .../ws/AddProjectActionTest.java | 16 ++++++++-- .../qualityprofile/ws/BackupActionTest.java | 2 +- .../ws/ChangeParentActionTest.java | 2 +- .../ws/QProfileReferenceTest.java | 4 +-- .../qualityprofile/ws/QProfilesWsTest.java | 4 +-- .../ws/RemoveProjectActionTest.java | 2 +- .../QualityProfileWsParameters.java | 1 + 9 files changed, 52 insertions(+), 30 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/AddProjectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/AddProjectAction.java index d0aef49c54e..a36847023f8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/AddProjectAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/AddProjectAction.java @@ -34,9 +34,11 @@ import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.user.UserSession; +import static org.sonar.core.util.Uuids.UUID_EXAMPLE_08; +import static org.sonar.server.component.ComponentFinder.ParamNames.PROJECT_UUID_AND_KEY; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_ADD_PROJECT; -import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT_KEY; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT_UUID; public class AddProjectAction implements QProfileWsAction { @@ -59,24 +61,28 @@ public class AddProjectAction implements QProfileWsAction { public void define(WebService.NewController controller) { NewAction action = controller.createAction(ACTION_ADD_PROJECT) .setSince("5.2") - .setDescription("Associate a project with a quality profile.") + .setDescription("Associate a project with a quality profile.
" + + "Requires to be logged in and the 'Administer Quality Profiles' permission.") .setPost(true) .setHandler(this); QProfileReference.defineParams(action, languages); - QProfileWsSupport.createOrganizationParam(action).setSince("6.4"); + QProfileWsSupport.createOrganizationParam(action) + .setSince("6.4"); - action.createParam(PARAM_PROJECT_UUID) - .setDescription("A project UUID. Either this parameter, or projectKey must be set.") - .setExampleValue("69e57151-be0d-4157-adff-c06741d88879"); - action.createParam(PARAM_PROJECT_KEY) - .setDescription("A project key. Either this parameter, or projectUuid must be set.") + action.createParam(PARAM_PROJECT) + .setDescription("Project key") + .setDeprecatedKey("projectKey", "6.5") .setExampleValue(KEY_PROJECT_EXAMPLE_001); + + action.createParam(PARAM_PROJECT_UUID) + .setDescription("Project ID. Either this parameter or '%s' must be set.", PARAM_PROJECT) + .setDeprecatedSince("6.5") + .setExampleValue(UUID_EXAMPLE_08); } @Override public void handle(Request request, Response response) throws Exception { - // fail fast if not logged in userSession.checkLoggedIn(); try (DbSession dbSession = dbClient.openSession(false)) { @@ -84,7 +90,7 @@ public class AddProjectAction implements QProfileWsAction { QProfileDto profile = wsSupport.getProfile(dbSession, QProfileReference.from(request)); if (!profile.getOrganizationUuid().equals(project.getOrganizationUuid())) { - throw new IllegalArgumentException("Project and Quality profile must have same organization"); + throw new IllegalArgumentException("Project and quality profile must have the same organization"); } QProfileDto currentProfile = dbClient.qualityProfileDao().selectAssociatedToProjectAndLanguage(dbSession, project, profile.getLanguage()); @@ -102,9 +108,9 @@ public class AddProjectAction implements QProfileWsAction { } private ComponentDto loadProject(DbSession dbSession, Request request) { - String projectKey = request.param(PARAM_PROJECT_KEY); + String projectKey = request.param(PARAM_PROJECT); String projectUuid = request.param(PARAM_PROJECT_UUID); - ComponentDto project = componentFinder.getByUuidOrKey(dbSession, projectUuid, projectKey, ComponentFinder.ParamNames.PROJECT_UUID_AND_KEY); + ComponentDto project = componentFinder.getByUuidOrKey(dbSession, projectUuid, projectKey, PROJECT_UUID_AND_KEY); checkAdministrator(project); return project; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileReference.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileReference.java index f13794632bc..9d6d1f4fcee 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileReference.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileReference.java @@ -26,16 +26,16 @@ import org.sonar.api.resources.Language; import org.sonar.api.resources.Languages; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.WebService; -import org.sonar.core.util.Uuids; import org.sonar.core.util.stream.MoreCollectors; import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.base.Preconditions.checkState; import static java.util.Objects.requireNonNull; import static org.apache.commons.lang.StringUtils.isEmpty; +import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01; import static org.sonarqube.ws.client.component.ComponentsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_LANGUAGE; -import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_KEY; +import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE; import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_NAME; /** @@ -150,7 +150,7 @@ public class QProfileReference { } public static QProfileReference from(Request request) { - String key = request.param(PARAM_PROFILE_KEY); + String key = request.param(PARAM_PROFILE); String organizationKey = request.param(PARAM_ORGANIZATION); String lang = request.param(PARAM_LANGUAGE); String name = request.param(PARAM_PROFILE_NAME); @@ -175,14 +175,19 @@ public class QProfileReference { } public static void defineParams(WebService.NewAction action, Languages languages) { - action.createParam(PARAM_PROFILE_KEY) - .setDescription("A quality profile key. Either this parameter, or a combination of profileName + language must be set.") - .setExampleValue(Uuids.UUID_EXAMPLE_01); + action.createParam(PARAM_PROFILE) + .setDescription("Quality profile key") + .setDeprecatedKey("profileKey", "6.5") + .setExampleValue(UUID_EXAMPLE_01); + action.createParam(PARAM_PROFILE_NAME) - .setDescription("A quality profile name. If this parameter is set, profileKey must not be set and language must be set to disambiguate.") + .setDescription("Quality profile name. If this parameter is set, '%s' must not be set and '%s' must be set to disambiguate.", PARAM_PROFILE, PARAM_LANGUAGE) + .setDeprecatedSince("6.5") .setExampleValue("Sonar way"); + action.createParam(PARAM_LANGUAGE) - .setDescription("A quality profile language. If this parameter is set, profileKey must not be set and profileName must be set to disambiguate.") + .setDescription("Quality profile language. If this parameter is set, '%s' must not be set and '%s' must be set to disambiguate.", PARAM_PROFILE, PARAM_LANGUAGE) + .setDeprecatedSince("6.5") .setPossibleValues(Arrays.stream(languages.all()).map(Language::getKey).collect(MoreCollectors.toSet())); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java index 842f92cda66..d18e9bdaa16 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java @@ -70,10 +70,20 @@ public class AddProjectActionTest { assertThat(definition.isPost()).isTrue(); // parameters - assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profileKey", "profileName", "projectKey", "language", "projectUuid", "organization"); + assertThat(definition.params()).extracting(WebService.Param::key) + .containsExactlyInAnyOrder("profile", "profileName", "project", "language", "projectUuid", "organization"); + WebService.Param profile = definition.param("profile"); + assertThat(profile.deprecatedKey()).isEqualTo("profileKey"); + WebService.Param profileName = definition.param("profileName"); + assertThat(profileName.deprecatedSince()).isEqualTo("6.5"); WebService.Param languageParam = definition.param("language"); assertThat(languageParam.possibleValues()).containsOnly(LANGUAGE_1, LANGUAGE_2); assertThat(languageParam.exampleValue()).isNull(); + assertThat(languageParam.deprecatedSince()).isEqualTo("6.5"); + WebService.Param project = definition.param("project"); + assertThat(project.deprecatedKey()).isEqualTo("projectKey"); + WebService.Param projectUuid = definition.param("projectUuid"); + assertThat(projectUuid.deprecatedSince()).isEqualTo("6.5"); WebService.Param organizationParam = definition.param("organization"); assertThat(organizationParam.since()).isEqualTo("6.4"); assertThat(organizationParam.isInternal()).isTrue(); @@ -113,7 +123,7 @@ public class AddProjectActionTest { QProfileDto profileInOrg2 = db.qualityProfiles().insert(org2, p -> p.setLanguage(LANGUAGE_1)); expectedException.expect(IllegalArgumentException.class); - expectedException.expectMessage("Project and Quality profile must have same organization"); + expectedException.expectMessage("Project and quality profile must have the same organization"); call(org2, project, profileInOrg2); @@ -248,7 +258,7 @@ public class AddProjectActionTest { private TestResponse call(ComponentDto project, QProfileDto qualityProfile) { TestRequest request = tester.newRequest() .setParam("projectUuid", project.uuid()) - .setParam("profileKey", qualityProfile.getKee()); + .setParam("profile", qualityProfile.getKee()); return request.execute(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/BackupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/BackupActionTest.java index e7a7f0b9a95..e34f3644aee 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/BackupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/BackupActionTest.java @@ -69,7 +69,7 @@ public class BackupActionTest { // parameters assertThat(definition.params()).hasSize(4); assertThat(definition.param("language")).isNotNull(); - assertThat(definition.param("profileKey")).isNotNull(); + assertThat(definition.param("profile")).isNotNull(); assertThat(definition.param("profileName")).isNotNull(); WebService.Param orgParam = definition.param("organization"); assertThat(orgParam).isNotNull(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java index ef74435972e..43681e40dcb 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java @@ -148,7 +148,7 @@ public class ChangeParentActionTest { assertThat(changeParent).isNotNull(); assertThat(changeParent.isPost()).isTrue(); assertThat(changeParent.params()).extracting("key").containsExactlyInAnyOrder( - "organization", "profileKey", "profileName", "language", "parentKey", "parentName"); + "organization", "profile", "profileName", "language", "parentKey", "parentName"); assertThat(changeParent.param("organization").since()).isEqualTo("6.4"); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfileReferenceTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfileReferenceTest.java index aaab8950800..18b8aa9e2af 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfileReferenceTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfileReferenceTest.java @@ -101,7 +101,7 @@ public class QProfileReferenceTest { @Test public void from_reads_request_parameters_and_creates_reference_by_key() { SimpleGetRequest req = new SimpleGetRequest(); - req.setParam("profileKey", "foo"); + req.setParam("profile", "foo"); QProfileReference ref = QProfileReference.from(req); assertThat(ref.getKey()).isEqualTo("foo"); @@ -165,7 +165,7 @@ public class QProfileReferenceTest { WebService.Action action = wsTester.controller("api/qualityprofiles").action("do"); assertThat(action.param("language")).isNotNull(); assertThat(action.param("language").possibleValues()).containsOnly("java", "js"); - assertThat(action.param("profileKey")).isNotNull(); + assertThat(action.param("profile")).isNotNull(); assertThat(action.param("profileName")).isNotNull(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsTest.java index b5766f98172..8414f13a89c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsTest.java @@ -171,7 +171,7 @@ public class QProfilesWsTest { assertThat(delete).isNotNull(); assertThat(delete.isPost()).isTrue(); assertThat(delete.params()).hasSize(4).extracting("key").containsOnly( - "organization", "profileKey", "language", "profileName"); + "organization", "profile", "language", "profileName"); } @Test @@ -189,7 +189,7 @@ public class QProfilesWsTest { assertThat(inheritance).isNotNull(); assertThat(inheritance.isPost()).isFalse(); assertThat(inheritance.params()).hasSize(4).extracting("key").containsExactlyInAnyOrder( - "organization", "profileKey", "language", "profileName"); + "organization", "profile", "language", "profileName"); assertThat(inheritance.responseExampleAsString()).isNotEmpty(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java index 0c0aba001a8..a17b31e4459 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java @@ -71,7 +71,7 @@ public class RemoveProjectActionTest { assertThat(definition.isPost()).isTrue(); // parameters - assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profileKey", "profileName", "projectKey", "language", "projectUuid", "organization"); + assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profile", "profileName", "projectKey", "language", "projectUuid", "organization"); WebService.Param languageParam = definition.param("language"); assertThat(languageParam.possibleValues()).containsOnly(LANGUAGE_1, LANGUAGE_2); assertThat(languageParam.exampleValue()).isNull(); diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java index 69070091d51..279045bd171 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/qualityprofile/QualityProfileWsParameters.java @@ -51,6 +51,7 @@ public class QualityProfileWsParameters { public static final String PARAM_PROFILE = "profile"; public static final String PARAM_PROFILE_KEY = "profileKey"; public static final String PARAM_PROFILE_NAME = "profileName"; + public static final String PARAM_PROJECT = "project"; public static final String PARAM_PROJECT_KEY = "projectKey"; public static final String PARAM_PROJECT_UUID = "projectUuid"; public static final String PARAM_RESET = "reset"; -- 2.39.5