mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31334 Commits
59 Branches
Tree: 215f8403a6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '215f8403a6'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/ShowActionTest.java

ShowActionTest.java 44KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2021 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.hotspot.ws;

  21. 

  22. import com.google.common.collect.ImmutableSet;

  23. import com.google.common.collect.Sets;

  24. import com.tngtech.java.junit.dataprovider.DataProvider;

  25. import com.tngtech.java.junit.dataprovider.DataProviderRunner;

  26. import com.tngtech.java.junit.dataprovider.UseDataProvider;

  27. import java.util.Arrays;

  28. import java.util.Collections;

  29. import java.util.List;

  30. import java.util.Random;

  31. import java.util.Set;

  32. import java.util.function.Consumer;

  33. import java.util.stream.Collectors;

  34. import java.util.stream.IntStream;

  35. import java.util.stream.Stream;

  36. import javax.annotation.Nullable;

  37. import org.assertj.core.groups.Tuple;

  38. import org.junit.Rule;

  39. import org.junit.Test;

  40. import org.junit.runner.RunWith;

  41. import org.mockito.ArgumentMatcher;

  42. import org.mockito.Mockito;

  43. import org.sonar.api.issue.Issue;

  44. import org.sonar.api.rules.RuleType;

  45. import org.sonar.api.utils.System2;

  46. import org.sonar.api.web.UserRole;

  47. import org.sonar.db.DbClient;

  48. import org.sonar.db.DbSession;

  49. import org.sonar.db.DbTester;

  50. import org.sonar.db.component.BranchType;

  51. import org.sonar.db.component.ComponentDto;

  52. import org.sonar.db.issue.IssueDto;

  53. import org.sonar.db.protobuf.DbCommons;

  54. import org.sonar.db.protobuf.DbIssues;

  55. import org.sonar.db.rule.RuleDefinitionDto;

  56. import org.sonar.db.rule.RuleTesting;

  57. import org.sonar.db.user.UserDto;

  58. import org.sonar.db.user.UserTesting;

  59. import org.sonar.server.es.EsTester;

  60. import org.sonar.server.exceptions.ForbiddenException;

  61. import org.sonar.server.exceptions.NotFoundException;

  62. import org.sonar.server.issue.AvatarResolver;

  63. import org.sonar.server.issue.AvatarResolverImpl;

  64. import org.sonar.server.issue.IssueChangeWSSupport;

  65. import org.sonar.server.issue.IssueChangeWSSupport.FormattingContext;

  66. import org.sonar.server.issue.IssueChangeWSSupport.Load;

  67. import org.sonar.server.issue.TextRangeResponseFormatter;

  68. import org.sonar.server.issue.ws.UserResponseFormatter;

  69. import org.sonar.server.security.SecurityStandards;

  70. import org.sonar.server.security.SecurityStandards.SQCategory;

  71. import org.sonar.server.tester.UserSessionRule;

  72. import org.sonar.server.ws.TestRequest;

  73. import org.sonar.server.ws.WsActionTester;

  74. import org.sonarqube.ws.Common;

  75. import org.sonarqube.ws.Common.Changelog.Diff;

  76. import org.sonarqube.ws.Common.User;

  77. import org.sonarqube.ws.Hotspots;

  78. 

  79. import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic;

  80. import static org.assertj.core.api.Assertions.assertThat;

  81. import static org.assertj.core.api.Assertions.assertThatThrownBy;

  82. import static org.assertj.core.api.Assertions.tuple;

  83. import static org.mockito.ArgumentMatchers.any;

  84. import static org.mockito.ArgumentMatchers.anySet;

  85. import static org.mockito.ArgumentMatchers.argThat;

  86. import static org.mockito.ArgumentMatchers.eq;

  87. import static org.mockito.Mockito.verify;

  88. import static org.mockito.Mockito.when;

  89. import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;

  90. import static org.sonar.db.component.ComponentTesting.newFileDto;

  91. import static org.sonar.db.rule.RuleDto.Format.MARKDOWN;

  92. 

  93. @RunWith(DataProviderRunner.class)

  94. public class ShowActionTest {

  95.   private static final Random RANDOM = new Random();

  96. 

  97.   @Rule

  98.   public DbTester dbTester = DbTester.create(System2.INSTANCE);

  99.   @Rule

  100.   public EsTester es = EsTester.create();

  101.   @Rule

  102.   public UserSessionRule userSessionRule = UserSessionRule.standalone();

  103. 

  104.   private final DbClient dbClient = dbTester.getDbClient();

  105.   private final AvatarResolver avatarResolver = new AvatarResolverImpl();

  106.   private final HotspotWsResponseFormatter responseFormatter = new HotspotWsResponseFormatter();

  107.   private final IssueChangeWSSupport issueChangeSupport = Mockito.mock(IssueChangeWSSupport.class);

  108.   private final HotspotWsSupport hotspotWsSupport = new HotspotWsSupport(dbClient, userSessionRule, System2.INSTANCE);

  109.   private final UserResponseFormatter userFormatter = new UserResponseFormatter(new AvatarResolverImpl());

  110.   private final TextRangeResponseFormatter textRangeFormatter = new TextRangeResponseFormatter();

  111.   private final ShowAction underTest = new ShowAction(dbClient, hotspotWsSupport, responseFormatter, textRangeFormatter, userFormatter, issueChangeSupport);

  112.   private final WsActionTester actionTester = new WsActionTester(underTest);

  113. 

  114.   @Test

  115.   public void ws_is_public() {

  116.     assertThat(actionTester.getDef().isInternal()).isFalse();

  117.   }

  118. 

  119.   @Test

  120.   public void fails_with_IAE_if_parameter_hotspot_is_missing() {

  121.     TestRequest request = actionTester.newRequest();

  122. 

  123.     assertThatThrownBy(request::execute)

  124.       .isInstanceOf(IllegalArgumentException.class)

  125.       .hasMessage("The 'hotspot' parameter is missing");

  126.   }

  127. 

  128.   @Test

  129.   public void fails_with_NotFoundException_if_hotspot_does_not_exist() {

  130.     String key = randomAlphabetic(12);

  131.     TestRequest request = actionTester.newRequest()

  132.       .setParam("hotspot", key);

  133. 

  134.     assertThatThrownBy(request::execute)

  135.       .isInstanceOf(NotFoundException.class)

  136.       .hasMessage("Hotspot '%s' does not exist", key);

  137.   }

  138. 

  139.   @Test

  140.   @UseDataProvider("ruleTypesButHotspot")

  141.   public void fails_with_NotFoundException_if_issue_is_not_a_hotspot(RuleType ruleType) {

  142.     ComponentDto project = dbTester.components().insertPublicProject();

  143.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  144.     RuleDefinitionDto rule = newRule(ruleType);

  145.     IssueDto notAHotspot = dbTester.issues().insertIssue(rule, project, file, i -> i.setType(ruleType));

  146.     TestRequest request = newRequest(notAHotspot);

  147. 

  148.     assertThatThrownBy(request::execute)

  149.       .isInstanceOf(NotFoundException.class)

  150.       .hasMessage("Hotspot '%s' does not exist", notAHotspot.getKey());

  151.   }

  152. 

  153.   @DataProvider

  154.   public static Object[][] ruleTypesButHotspot() {

  155.     return Arrays.stream(RuleType.values())

  156.       .filter(t -> t != SECURITY_HOTSPOT)

  157.       .map(t -> new Object[] {t})

  158.       .toArray(Object[][]::new);

  159.   }

  160. 

  161.   @Test

  162.   public void fails_with_NotFoundException_if_issue_is_hotspot_is_closed() {

  163.     ComponentDto project = dbTester.components().insertPublicProject();

  164.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  165.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  166.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(Issue.STATUS_CLOSED));

  167.     TestRequest request = newRequest(hotspot);

  168. 

  169.     assertThatThrownBy(request::execute)

  170.       .isInstanceOf(NotFoundException.class)

  171.       .hasMessage("Hotspot '%s' does not exist", hotspot.getKey());

  172.   }

  173. 

  174.   @Test

  175.   public void fails_with_ForbiddenException_if_project_is_private_and_not_allowed() {

  176.     ComponentDto project = dbTester.components().insertPrivateProject();

  177.     userSessionRule.registerComponents(project);

  178.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  179.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  180.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  181.     TestRequest request = newRequest(hotspot);

  182. 

  183.     assertThatThrownBy(request::execute)

  184.       .isInstanceOf(ForbiddenException.class)

  185.       .hasMessage("Insufficient privileges");

  186.   }

  187. 

  188.   @Test

  189.   public void succeeds_on_public_project() {

  190.     ComponentDto project = dbTester.components().insertPublicProject();

  191.     userSessionRule.registerComponents(project);

  192.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  193.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  194.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  195.     mockChangelogAndCommentsFormattingContext();

  196. 

  197.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  198.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  199. 

  200.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  201.   }

  202. 

  203.   @Test

  204.   public void succeeds_on_private_project_with_permission() {

  205.     ComponentDto project = dbTester.components().insertPrivateProject();

  206.     userSessionRule.registerComponents(project);

  207.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  208.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  209.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  210.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  211.     mockChangelogAndCommentsFormattingContext();

  212. 

  213.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  214.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  215. 

  216.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  217.   }

  218. 

  219.   @Test

  220.   public void return_canChangeStatus_false_on_public_project_when_anonymous() {

  221.     ComponentDto project = dbTester.components().insertPublicProject();

  222.     userSessionRule.registerComponents(project);

  223.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  224.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  225.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  226.     mockChangelogAndCommentsFormattingContext();

  227. 

  228.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  229.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  230. 

  231.     assertThat(response.getCanChangeStatus()).isFalse();

  232.   }

  233. 

  234.   @Test

  235.   @UseDataProvider("allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN")

  236.   public void return_canChangeStatus_false_on_public_project_when_authenticated_without_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  237.     ComponentDto project = dbTester.components().insertPublicProject();

  238.     userSessionRule.logIn().registerComponents(project);

  239.     if (permission != null) {

  240.       userSessionRule.addProjectPermission(permission, project);

  241.     }

  242.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  243.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  244.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  245.     mockChangelogAndCommentsFormattingContext();

  246. 

  247.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  248.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  249. 

  250.     assertThat(response.getCanChangeStatus()).isFalse();

  251.   }

  252. 

  253.   @Test

  254.   @UseDataProvider("allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN")

  255.   public void return_canChangeStatus_true_on_public_project_when_authenticated_with_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  256.     ComponentDto project = dbTester.components().insertPublicProject();

  257.     userSessionRule.registerComponents(project)

  258.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  259.     if (permission != null) {

  260.       userSessionRule.addProjectPermission(permission, project);

  261.     }

  262.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  263.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  264.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  265.     mockChangelogAndCommentsFormattingContext();

  266. 

  267.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  268.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  269. 

  270.     assertThat(response.getCanChangeStatus()).isTrue();

  271.   }

  272. 

  273.   @DataProvider

  274.   public static Object[][] allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN() {

  275.     return new Object[][] {

  276.       {null}, // no permission

  277.       {UserRole.ADMIN},

  278.       {UserRole.SCAN},

  279.       {UserRole.ISSUE_ADMIN}

  280.     };

  281.   }

  282. 

  283.   @Test

  284.   @UseDataProvider("allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER")

  285.   public void return_canChangeStatus_false_on_private_project_without_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  286.     ComponentDto project = dbTester.components().insertPrivateProject();

  287.     userSessionRule

  288.       .registerComponents(project)

  289.       .logIn()

  290.       .addProjectPermission(UserRole.USER, project);

  291.     if (permission != null) {

  292.       userSessionRule.addProjectPermission(permission, project);

  293.     }

  294.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  295.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  296.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  297.     mockChangelogAndCommentsFormattingContext();

  298. 

  299.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  300.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  301. 

  302.     assertThat(response.getCanChangeStatus()).isFalse();

  303.   }

  304. 

  305.   @Test

  306.   @UseDataProvider("allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER")

  307.   public void return_canChangeStatus_false_on_private_project_with_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  308.     ComponentDto project = dbTester.components().insertPrivateProject();

  309.     userSessionRule

  310.       .registerComponents(project)

  311.       .logIn()

  312.       .addProjectPermission(UserRole.USER, project)

  313.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  314.     if (permission != null) {

  315.       userSessionRule.addProjectPermission(permission, project);

  316.     }

  317.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  318.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  319.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  320.     mockChangelogAndCommentsFormattingContext();

  321. 

  322.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  323.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  324. 

  325.     assertThat(response.getCanChangeStatus()).isTrue();

  326.   }

  327. 

  328.   @DataProvider

  329.   public static Object[][] allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER() {

  330.     return new Object[][] {

  331.       {null}, // only USER permission

  332.       {UserRole.CODEVIEWER},

  333.       {UserRole.ADMIN},

  334.       {UserRole.SCAN},

  335.       {UserRole.ISSUE_ADMIN}

  336.     };

  337.   }

  338. 

  339.   @Test

  340.   @UseDataProvider("statusAndResolutionCombinations")

  341.   public void returns_status_and_resolution(String status, @Nullable String resolution) {

  342.     ComponentDto project = dbTester.components().insertPrivateProject();

  343.     userSessionRule.registerComponents(project);

  344.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  345.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  346.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  347.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(status).setResolution(resolution));

  348.     mockChangelogAndCommentsFormattingContext();

  349. 

  350.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  351.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  352. 

  353.     assertThat(response.getStatus()).isEqualTo(status);

  354.     if (resolution == null) {

  355.       assertThat(response.hasResolution()).isFalse();

  356.     } else {

  357.       assertThat(response.getResolution()).isEqualTo(resolution);

  358.     }

  359.   }

  360. 

  361.   @DataProvider

  362.   public static Object[][] statusAndResolutionCombinations() {

  363.     return new Object[][] {

  364.       {Issue.STATUS_TO_REVIEW, null},

  365.       {Issue.STATUS_REVIEWED, Issue.RESOLUTION_FIXED},

  366.       {Issue.STATUS_REVIEWED, Issue.RESOLUTION_SAFE}

  367.     };

  368.   }

  369. 

  370.   @Test

  371.   public void returns_html_description_for_custom_rules() {

  372.     ComponentDto project = dbTester.components().insertPrivateProject();

  373.     userSessionRule.registerComponents(project);

  374.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  375.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  376. 

  377.     String description = "== Title\n<div>line1\nline2</div>";

  378. 

  379.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT,

  380.       r -> r.setTemplateUuid("123")

  381.         .setDescription(description)

  382.         .setDescriptionFormat(MARKDOWN));

  383. 

  384.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  385.     mockChangelogAndCommentsFormattingContext();

  386. 

  387.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  388.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  389. 

  390.     assertThat(response.getRule().getRiskDescription()).isEqualTo("<h2>Title</h2>&lt;div&gt;line1<br/>line2&lt;/div&gt;");

  391.   }

  392. 

  393.   @Test

  394.   public void handles_null_description_for_custom_rules() {

  395.     ComponentDto project = dbTester.components().insertPrivateProject();

  396.     userSessionRule.registerComponents(project);

  397.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  398.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  399. 

  400.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT, r -> r.setTemplateUuid("123").setDescription(null));

  401. 

  402.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  403.     mockChangelogAndCommentsFormattingContext();

  404. 

  405.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  406.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  407. 

  408.     assertThat(response.getRule().getRiskDescription()).isNullOrEmpty();

  409.   }

  410. 

  411.   @Test

  412.   public void returns_hotspot_component_and_rule() {

  413.     ComponentDto project = dbTester.components().insertPublicProject();

  414.     userSessionRule.registerComponents(project);

  415.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  416.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  417.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  418.     mockChangelogAndCommentsFormattingContext();

  419. 

  420.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  421.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  422. 

  423.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  424.     verifyComponent(response.getComponent(), file, null, null);

  425.     verifyComponent(response.getProject(), project, null, null);

  426.     verifyRule(response.getRule(), rule);

  427.     assertThat(response.hasTextRange()).isFalse();

  428.   }

  429. 

  430.   @Test

  431.   public void returns_no_textRange_when_locations_have_none() {

  432.     ComponentDto project = dbTester.components().insertPublicProject();

  433.     userSessionRule.registerComponents(project);

  434.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  435.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  436.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  437.       t -> t.setLocations(DbIssues.Locations.newBuilder().build()));

  438.     mockChangelogAndCommentsFormattingContext();

  439. 

  440.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  441.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  442. 

  443.     assertThat(response.hasTextRange()).isFalse();

  444.   }

  445. 

  446.   @Test

  447.   @UseDataProvider("randomTextRangeValues")

  448.   public void returns_textRange(int startLine, int endLine, int startOffset, int endOffset) {

  449.     ComponentDto project = dbTester.components().insertPublicProject();

  450.     userSessionRule.registerComponents(project);

  451.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  452.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  453.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  454.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  455.         .setTextRange(DbCommons.TextRange.newBuilder()

  456.           .setStartLine(startLine)

  457.           .setEndLine(endLine)

  458.           .setStartOffset(startOffset)

  459.           .setEndOffset(endOffset)

  460.           .build())

  461.         .build()));

  462.     mockChangelogAndCommentsFormattingContext();

  463. 

  464.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  465.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  466. 

  467.     assertThat(response.hasTextRange()).isTrue();

  468.     Common.TextRange textRange = response.getTextRange();

  469.     assertThat(textRange.getStartLine()).isEqualTo(startLine);

  470.     assertThat(textRange.getEndLine()).isEqualTo(endLine);

  471.     assertThat(textRange.getStartOffset()).isEqualTo(startOffset);

  472.     assertThat(textRange.getEndOffset()).isEqualTo(endOffset);

  473.   }

  474. 

  475.   @Test

  476.   public void returns_no_assignee_when_user_does_not_exist() {

  477.     ComponentDto project = dbTester.components().insertPublicProject();

  478.     userSessionRule.registerComponents(project);

  479.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  480.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  481.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(randomAlphabetic(10)));

  482.     mockChangelogAndCommentsFormattingContext();

  483. 

  484.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  485.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  486. 

  487.     assertThat(response.hasAssignee()).isFalse();

  488.   }

  489. 

  490.   @Test

  491.   public void returns_assignee_details_when_user_exists() {

  492.     ComponentDto project = dbTester.components().insertPublicProject();

  493.     userSessionRule.registerComponents(project);

  494.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  495.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  496.     UserDto assignee = dbTester.users().insertUser();

  497.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  498.     mockChangelogAndCommentsFormattingContext();

  499. 

  500.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  501.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  502. 

  503.     assertThat(response.getAssignee()).isEqualTo(assignee.getLogin());

  504.     assertThat(response.getUsersList()).hasSize(1);

  505.     User wsAssignee = response.getUsersList().iterator().next();

  506.     assertThat(wsAssignee.getLogin()).isEqualTo(assignee.getLogin());

  507.     assertThat(wsAssignee.getName()).isEqualTo(assignee.getName());

  508.     assertThat(wsAssignee.getActive()).isEqualTo(assignee.isActive());

  509.     assertThat(wsAssignee.getAvatar()).isEqualTo(avatarResolver.create(assignee));

  510.   }

  511. 

  512.   @Test

  513.   public void returns_no_avatar_if_assignee_has_no_email() {

  514.     ComponentDto project = dbTester.components().insertPublicProject();

  515.     userSessionRule.registerComponents(project);

  516.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  517.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  518.     UserDto assignee = dbTester.users().insertUser(t -> t.setEmail(null));

  519.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  520.     mockChangelogAndCommentsFormattingContext();

  521. 

  522.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  523.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  524. 

  525.     assertThat(response.getUsersList()).hasSize(1);

  526.     assertThat(response.getUsersList().iterator().next().hasAvatar()).isFalse();

  527.   }

  528. 

  529.   @Test

  530.   public void returns_inactive_when_assignee_is_inactive() {

  531.     ComponentDto project = dbTester.components().insertPublicProject();

  532.     userSessionRule.registerComponents(project);

  533.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  534.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  535.     UserDto assignee = dbTester.users().insertUser(t -> t.setActive(false));

  536.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  537.     mockChangelogAndCommentsFormattingContext();

  538. 

  539.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  540.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  541. 

  542.     assertThat(response.getUsersList()).hasSize(1);

  543.     assertThat(response.getUsersList().iterator().next().getActive()).isFalse();

  544.   }

  545. 

  546.   @Test

  547.   public void returns_author_login_when_user_does_not_exist() {

  548.     ComponentDto project = dbTester.components().insertPublicProject();

  549.     userSessionRule.registerComponents(project);

  550.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  551.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  552.     String authorLogin = randomAlphabetic(10);

  553.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(authorLogin));

  554.     mockChangelogAndCommentsFormattingContext();

  555. 

  556.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  557.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  558. 

  559.     assertThat(response.getUsersList()).isEmpty();

  560.     assertThat(response.getAuthor()).isEqualTo(authorLogin);

  561.   }

  562. 

  563.   @Test

  564.   public void returns_author_details_when_user_exists() {

  565.     ComponentDto project = dbTester.components().insertPublicProject();

  566.     userSessionRule.registerComponents(project);

  567.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  568.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  569.     UserDto author = dbTester.users().insertUser();

  570.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  571.     mockChangelogAndCommentsFormattingContext();

  572. 

  573.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  574.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  575. 

  576.     assertThat(response.getAuthor()).isEqualTo(author.getLogin());

  577.     User wsAuthorFromList = response.getUsersList().iterator().next();

  578.     assertThat(wsAuthorFromList.getLogin()).isEqualTo(author.getLogin());

  579.     assertThat(wsAuthorFromList.getName()).isEqualTo(author.getName());

  580.     assertThat(wsAuthorFromList.getActive()).isEqualTo(author.isActive());

  581.     assertThat(wsAuthorFromList.getAvatar()).isEqualTo(avatarResolver.create(author));

  582.   }

  583. 

  584.   @Test

  585.   public void returns_no_avatar_if_author_has_no_email() {

  586.     ComponentDto project = dbTester.components().insertPublicProject();

  587.     userSessionRule.registerComponents(project);

  588.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  589.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  590.     UserDto author = dbTester.users().insertUser(t -> t.setEmail(null));

  591.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  592.     mockChangelogAndCommentsFormattingContext();

  593. 

  594.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  595.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  596. 

  597.     assertThat(response.getUsersList()).hasSize(1);

  598.     assertThat(response.getUsersList().iterator().next().hasAvatar()).isFalse();

  599.   }

  600. 

  601.   @Test

  602.   public void returns_inactive_if_author_is_inactive() {

  603.     ComponentDto project = dbTester.components().insertPublicProject();

  604.     userSessionRule.registerComponents(project);

  605.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  606.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  607.     UserDto author = dbTester.users().insertUser(t -> t.setActive(false));

  608.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  609.     mockChangelogAndCommentsFormattingContext();

  610. 

  611.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  612.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  613. 

  614.     assertThat(response.getUsersList()).hasSize(1);

  615.     assertThat(response.getUsersList().iterator().next().getActive()).isFalse();

  616.   }

  617. 

  618.   @DataProvider

  619.   public static Object[][] randomTextRangeValues() {

  620.     int startLine = RANDOM.nextInt(200);

  621.     int endLine = RANDOM.nextInt(200);

  622.     int startOffset = RANDOM.nextInt(200);

  623.     int endOffset = RANDOM.nextInt(200);

  624.     return new Object[][] {

  625.       {startLine, endLine, startOffset, endOffset}

  626.     };

  627.   }

  628. 

  629.   @Test

  630.   public void returns_textRange_missing_fields() {

  631.     ComponentDto project = dbTester.components().insertPublicProject();

  632.     userSessionRule.registerComponents(project);

  633.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  634.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  635.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  636.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  637.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  638.         .build()));

  639.     mockChangelogAndCommentsFormattingContext();

  640. 

  641.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  642.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  643. 

  644.     assertThat(response.hasTextRange()).isTrue();

  645.     Common.TextRange textRange = response.getTextRange();

  646.     assertThat(textRange.hasStartLine()).isFalse();

  647.     assertThat(textRange.hasEndLine()).isFalse();

  648.     assertThat(textRange.hasStartOffset()).isFalse();

  649.     assertThat(textRange.hasEndOffset()).isFalse();

  650.   }

  651. 

  652.   @Test

  653.   @UseDataProvider("allSQCategoryAndVulnerabilityProbability")

  654.   public void returns_securityCategory_and_vulnerabilityProbability_of_rule(Set<String> standards,

  655.     SQCategory expected) {

  656.     ComponentDto project = dbTester.components().insertPublicProject();

  657.     userSessionRule.registerComponents(project);

  658.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  659.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT, t -> t.setSecurityStandards(standards));

  660.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  661.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  662.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  663.         .build()));

  664.     mockChangelogAndCommentsFormattingContext();

  665. 

  666.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  667.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  668. 

  669.     Hotspots.Rule wsRule = response.getRule();

  670.     assertThat(wsRule.getSecurityCategory()).isEqualTo(expected.getKey());

  671.     assertThat(wsRule.getVulnerabilityProbability()).isEqualTo(expected.getVulnerability().name());

  672.   }

  673. 

  674.   @DataProvider

  675.   public static Object[][] allSQCategoryAndVulnerabilityProbability() {

  676.     Stream<Object[]> allButOthers = SecurityStandards.CWES_BY_SQ_CATEGORY

  677.       .entrySet()

  678.       .stream()

  679.       .map(t -> new Object[] {

  680.         t.getValue().stream().map(s -> "cwe:" + s).collect(Collectors.toSet()),

  681.         t.getKey()

  682.       });

  683.     Stream<Object[]> others = Stream.of(

  684.       new Object[] {Collections.emptySet(), SQCategory.OTHERS},

  685.       new Object[] {ImmutableSet.of("foo", "bar", "acme"), SQCategory.OTHERS});

  686.     return Stream.concat(allButOthers, others)

  687.       .toArray(Object[][]::new);

  688.   }

  689. 

  690.   @Test

  691.   public void returns_project_twice_when_hotspot_on_project() {

  692.     ComponentDto project = dbTester.components().insertPublicProject();

  693.     userSessionRule.registerComponents(project);

  694.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  695.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, project,

  696.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  697.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  698.         .build()));

  699.     mockChangelogAndCommentsFormattingContext();

  700. 

  701.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  702.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  703. 

  704.     verifyComponent(response.getProject(), project, null, null);

  705.     verifyComponent(response.getComponent(), project, null, null);

  706.   }

  707. 

  708.   @Test

  709.   public void returns_branch_but_no_pullRequest_on_component_and_project_on_non_main_branch() {

  710.     ComponentDto project = dbTester.components().insertPublicProject();

  711.     ComponentDto branch = dbTester.components().insertProjectBranch(project);

  712.     ComponentDto file = dbTester.components().insertComponent(newFileDto(branch));

  713.     userSessionRule.registerComponents(project);

  714.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  715.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, branch, file,

  716.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  717.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  718.         .build()));

  719.     mockChangelogAndCommentsFormattingContext();

  720. 

  721.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  722.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  723. 

  724.     verifyComponent(response.getProject(), branch, branch.getBranch(), null);

  725.     verifyComponent(response.getComponent(), file, branch.getBranch(), null);

  726.   }

  727. 

  728.   @Test

  729.   public void returns_pullRequest_but_no_branch_on_component_and_project_on_pullRequest() {

  730.     ComponentDto project = dbTester.components().insertPublicProject();

  731.     ComponentDto pullRequest = dbTester.components().insertProjectBranch(project,

  732.       t -> t.setBranchType(BranchType.PULL_REQUEST));

  733.     ComponentDto file = dbTester.components().insertComponent(newFileDto(pullRequest));

  734.     userSessionRule.registerComponents(project);

  735.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  736.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, pullRequest, file,

  737.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  738.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  739.         .build()));

  740.     mockChangelogAndCommentsFormattingContext();

  741. 

  742.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  743.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  744. 

  745.     verifyComponent(response.getProject(), pullRequest, null, pullRequest.getPullRequest());

  746.     verifyComponent(response.getComponent(), file, null, pullRequest.getPullRequest());

  747.   }

  748. 

  749.   @Test

  750.   public void returns_hotspot_changelog_and_comments() {

  751.     ComponentDto project = dbTester.components().insertPublicProject();

  752.     userSessionRule.registerComponents(project);

  753.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  754.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  755.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  756.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  757.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  758.         .build()));

  759.     List<Common.Changelog> changelog = IntStream.range(0, 1 + new Random().nextInt(12))

  760.       .mapToObj(i -> Common.Changelog.newBuilder().setUser("u" + i).build())

  761.       .collect(Collectors.toList());

  762.     List<Common.Comment> comments = IntStream.range(0, 1 + new Random().nextInt(12))

  763.       .mapToObj(i -> Common.Comment.newBuilder().setKey("u" + i).build())

  764.       .collect(Collectors.toList());

  765.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  766.     when(issueChangeSupport.formatChangelog(any(), any())).thenReturn(changelog.stream());

  767.     when(issueChangeSupport.formatComments(any(), any(), any())).thenReturn(comments.stream());

  768. 

  769.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  770.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  771. 

  772.     assertThat(response.getChangelogList())

  773.       .extracting(Common.Changelog::getUser)

  774.       .containsExactly(changelog.stream().map(Common.Changelog::getUser).toArray(String[]::new));

  775.     assertThat(response.getCommentList())

  776.       .extracting(Common.Comment::getKey)

  777.       .containsExactly(comments.stream().map(Common.Comment::getKey).toArray(String[]::new));

  778.     verify(issueChangeSupport).newFormattingContext(any(DbSession.class),

  779.       argThat(new IssueDtoSetArgumentMatcher(hotspot)),

  780.       eq(Load.ALL),

  781.       eq(Collections.emptySet()), eq(ImmutableSet.of(project, file)));

  782.     verify(issueChangeSupport).formatChangelog(argThat(new IssueDtoArgumentMatcher(hotspot)), eq(formattingContext));

  783.     verify(issueChangeSupport).formatComments(argThat(new IssueDtoArgumentMatcher(hotspot)), any(Common.Comment.Builder.class), eq(formattingContext));

  784.   }

  785. 

  786.   @Test

  787.   public void returns_user_details_of_users_from_ChangelogAndComments() {

  788.     ComponentDto project = dbTester.components().insertPublicProject();

  789.     userSessionRule.registerComponents(project);

  790.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  791.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  792.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  793.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  794.     Set<UserDto> changeLogAndCommentsUsers = IntStream.range(0, 1 + RANDOM.nextInt(14))

  795.       .mapToObj(i -> UserTesting.newUserDto())

  796.       .collect(Collectors.toSet());

  797.     when(formattingContext.getUsers()).thenReturn(changeLogAndCommentsUsers);

  798. 

  799.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  800.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  801. 

  802.     assertThat(response.getUsersList())

  803.       .extracting(User::getLogin, User::getName, User::getActive)

  804.       .containsExactlyInAnyOrder(

  805.         changeLogAndCommentsUsers.stream()

  806.           .map(t -> tuple(t.getLogin(), t.getName(), t.isActive()))

  807.           .toArray(Tuple[]::new));

  808.   }

  809. 

  810.   @Test

  811.   public void returns_user_of_users_from_ChangelogAndComments_and_assignee_and_author() {

  812.     ComponentDto project = dbTester.components().insertPublicProject();

  813.     userSessionRule.registerComponents(project);

  814.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  815.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  816.     UserDto author = dbTester.users().insertUser();

  817.     UserDto assignee = dbTester.users().insertUser();

  818.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  819.       t -> t.setAuthorLogin(author.getLogin())

  820.         .setAssigneeUuid(assignee.getUuid()));

  821.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  822.     Set<UserDto> changeLogAndCommentsUsers = IntStream.range(0, 1 + RANDOM.nextInt(14))

  823.       .mapToObj(i -> UserTesting.newUserDto())

  824.       .collect(Collectors.toSet());

  825.     when(formattingContext.getUsers()).thenReturn(changeLogAndCommentsUsers);

  826. 

  827.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  828.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  829. 

  830.     assertThat(response.getUsersList())

  831.       .extracting(User::getLogin, User::getName, User::getActive)

  832.       .containsExactlyInAnyOrder(

  833.         Stream.concat(

  834.           Stream.of(author, assignee),

  835.           changeLogAndCommentsUsers.stream())

  836.           .map(t -> tuple(t.getLogin(), t.getName(), t.isActive()))

  837.           .toArray(Tuple[]::new));

  838.   }

  839. 

  840.   @Test

  841.   public void do_not_duplicate_user_if_author_assignee_ChangeLogComment_user() {

  842.     ComponentDto project = dbTester.components().insertPublicProject();

  843.     userSessionRule.registerComponents(project);

  844.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  845.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  846.     UserDto author = dbTester.users().insertUser();

  847.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  848.       t -> t.setAuthorLogin(author.getLogin())

  849.         .setAssigneeUuid(author.getUuid()));

  850.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  851.     when(formattingContext.getUsers()).thenReturn(ImmutableSet.of(author));

  852. 

  853.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  854.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  855. 

  856.     assertThat(response.getUsersList())

  857.       .extracting(User::getLogin, User::getName, User::getActive)

  858.       .containsOnly(tuple(author.getLogin(), author.getName(), author.isActive()));

  859.   }

  860. 

  861.   @Test

  862.   public void verify_response_example() {

  863.     ComponentDto project = dbTester.components().insertPublicProject(componentDto -> componentDto

  864.       .setName("test-project")

  865.       .setLongName("test-project")

  866.       .setDbKey("com.sonarsource:test-project"));

  867.     userSessionRule.registerComponents(project)

  868.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  869. 

  870.     ComponentDto file = dbTester.components().insertComponent(

  871.       newFileDto(project)

  872.         .setDbKey("com.sonarsource:test-project:src/main/java/com/sonarsource/FourthClass.java")

  873.         .setName("FourthClass.java")

  874.         .setLongName("src/main/java/com/sonarsource/FourthClass.java")

  875.         .setPath("src/main/java/com/sonarsource/FourthClass.java"));

  876.     UserDto author = dbTester.users().insertUser(u -> u.setLogin("joe")

  877.       .setName("Joe"));

  878. 

  879.     long time = 1577976190000L;

  880.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT, r -> r.setRuleKey("S4787")

  881.       .setRepositoryKey("java")

  882.       .setName("rule-name")

  883.       .setSecurityStandards(Sets.newHashSet(SQCategory.WEAK_CRYPTOGRAPHY.getKey())));

  884.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, h -> h

  885.       .setAssigneeUuid("assignee-uuid")

  886.       .setAuthorLogin("joe")

  887.       .setMessage("message")

  888.       .setLine(10)

  889.       .setChecksum("a227e508d6646b55a086ee11d63b21e9")

  890.       .setIssueCreationTime(time)

  891.       .setIssueUpdateTime(time)

  892.       .setAuthorLogin(author.getLogin())

  893.       .setAssigneeUuid(author.getUuid())

  894.       .setKee("AW9mgJw6eFC3pGl94Wrf"));

  895. 

  896.     List<Common.Changelog> changelog = IntStream.range(0, 3)

  897.       .mapToObj(i -> Common.Changelog.newBuilder()

  898.         .setUser("joe")

  899.         .setCreationDate("2020-01-02T14:44:55+0100")

  900.         .addDiffs(Diff.newBuilder().setKey("diff-key-" + i).setNewValue("new-value-" + i).setOldValue("old-value-" + i))

  901.         .setIsUserActive(true)

  902.         .setUserName("Joe")

  903.         .setAvatar("my-avatar")

  904.         .build())

  905.       .collect(Collectors.toList());

  906.     List<Common.Comment> comments = IntStream.range(0, 3)

  907.       .mapToObj(i -> Common.Comment.newBuilder()

  908.         .setKey("comment-" + i)

  909.         .setHtmlText("html text " + i)

  910.         .setLogin("Joe")

  911.         .setMarkdown("markdown " + i)

  912.         .setCreatedAt("2020-01-02T14:47:47+0100")

  913.         .build())

  914.       .collect(Collectors.toList());

  915. 

  916.     mockChangelogAndCommentsFormattingContext();

  917.     when(issueChangeSupport.formatChangelog(any(), any())).thenReturn(changelog.stream());

  918.     when(issueChangeSupport.formatComments(any(), any(), any())).thenReturn(comments.stream());

  919. 

  920.     assertThat(actionTester.getDef().responseExampleAsString()).isNotNull();

  921.     newRequest(hotspot)

  922.       .execute()

  923.       .assertJson(actionTester.getDef().responseExampleAsString());

  924.   }

  925. 

  926.   private FormattingContext mockChangelogAndCommentsFormattingContext() {

  927.     FormattingContext formattingContext = Mockito.mock(FormattingContext.class);

  928.     when(issueChangeSupport.newFormattingContext(any(), any(), any(), anySet(), anySet())).thenReturn(formattingContext);

  929.     return formattingContext;

  930.   }

  931. 

  932.   private void verifyRule(Hotspots.Rule wsRule, RuleDefinitionDto dto) {

  933.     assertThat(wsRule.getKey()).isEqualTo(dto.getKey().toString());

  934.     assertThat(wsRule.getName()).isEqualTo(dto.getName());

  935.     assertThat(wsRule.getSecurityCategory()).isEqualTo(SQCategory.OTHERS.getKey());

  936.     assertThat(wsRule.getVulnerabilityProbability()).isEqualTo(SQCategory.OTHERS.getVulnerability().name());

  937.   }

  938. 

  939.   private static void verifyComponent(Hotspots.Component wsComponent, ComponentDto dto, @Nullable String branch, @Nullable String pullRequest) {

  940.     assertThat(wsComponent.getKey()).isEqualTo(dto.getKey());

  941.     if (dto.path() == null) {

  942.       assertThat(wsComponent.hasPath()).isFalse();

  943.     } else {

  944.       assertThat(wsComponent.getPath()).isEqualTo(dto.path());

  945.     }

  946.     assertThat(wsComponent.getQualifier()).isEqualTo(dto.qualifier());

  947.     assertThat(wsComponent.getName()).isEqualTo(dto.name());

  948.     assertThat(wsComponent.getLongName()).isEqualTo(dto.longName());

  949.     if (branch == null) {

  950.       assertThat(wsComponent.hasBranch()).isFalse();

  951.     } else {

  952.       assertThat(wsComponent.getBranch()).isEqualTo(branch);

  953.     }

  954.     if (pullRequest == null) {

  955.       assertThat(wsComponent.hasPullRequest()).isFalse();

  956.     } else {

  957.       assertThat(wsComponent.getPullRequest()).isEqualTo(pullRequest);

  958.     }

  959.   }

  960. 

  961.   private TestRequest newRequest(IssueDto hotspot) {

  962.     return actionTester.newRequest()

  963.       .setParam("hotspot", hotspot.getKey());

  964.   }

  965. 

  966.   private RuleDefinitionDto newRule(RuleType ruleType) {

  967.     return newRule(ruleType, t -> {

  968.     });

  969.   }

  970. 

  971.   private RuleDefinitionDto newRule(RuleType ruleType, Consumer<RuleDefinitionDto> populate) {

  972.     RuleDefinitionDto ruleDefinition = RuleTesting.newRule()

  973.       .setType(ruleType);

  974.     populate.accept(ruleDefinition);

  975.     dbTester.rules().insert(ruleDefinition);

  976.     return ruleDefinition;

  977.   }

  978. 

  979.   private static class IssueDtoSetArgumentMatcher implements ArgumentMatcher<Set<IssueDto>> {

  980.     private final IssueDto expected;

  981. 

  982.     private IssueDtoSetArgumentMatcher(IssueDto expected) {

  983.       this.expected = expected;

  984.     }

  985. 

  986.     @Override

  987.     public boolean matches(Set<IssueDto> argument) {

  988.       return argument != null && argument.size() == 1 && argument.iterator().next().getKey().equals(expected.getKey());

  989.     }

  990. 

  991.     @Override

  992.     public String toString() {

  993.       return "Set<IssueDto>[" + expected.getKey() + "]";

  994.     }

  995.   }

  996. 

  997.   private static class IssueDtoArgumentMatcher implements ArgumentMatcher<IssueDto> {

  998.     private final IssueDto expected;

  999. 

  1000.     private IssueDtoArgumentMatcher(IssueDto expected) {

  1001.       this.expected = expected;

  1002.     }

  1003. 

  1004.     @Override

  1005.     public boolean matches(IssueDto argument) {

  1006.       return argument != null && argument.getKey().equals(expected.getKey());

  1007.     }

  1008. 

  1009.     @Override

  1010.     public String toString() {

  1011.       return "IssueDto[key=" + expected.getKey() + "]";

  1012.     }

  1013.   }

  1014. 

  1015. }