mirrors
/
sonarqube
zrcadlo https://github.com/SonarSource/sonarqube.git
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Vydání 237 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
34358 Revize
59 Větve
Strom: 27fb5c0e4f
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „27fb5c0e4f“
${ noResults }
sonarqube/sonar-scanner-engine/src/test/java/org/sonar/scanner/externalissue/sarif/SarifIssuesImportSensorTest...

SarifIssuesImportSensorTest.java 13KB
Surový Blame Historie

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2023 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.scanner.externalissue.sarif;

  21. 

  22. import com.google.common.collect.MoreCollectors;

  23. import java.nio.file.NoSuchFileException;

  24. import java.nio.file.Path;

  25. import java.util.Optional;

  26. import org.junit.Before;

  27. import org.junit.Rule;

  28. import org.junit.Test;

  29. import org.junit.runner.RunWith;

  30. import org.mockito.Mock;

  31. import org.mockito.junit.MockitoJUnitRunner;

  32. import org.slf4j.event.Level;

  33. import org.sonar.api.batch.sensor.internal.SensorContextTester;

  34. import org.sonar.api.config.internal.MapSettings;

  35. import org.sonar.api.testfixtures.log.LogAndArguments;

  36. import org.sonar.api.testfixtures.log.LogTester;

  37. import org.sonar.api.utils.MessageException;

  38. import org.sonar.api.utils.log.LoggerLevel;

  39. import org.sonar.core.sarif.Sarif210;

  40. import org.sonar.core.sarif.SarifSerializer;

  41. 

  42. import static org.assertj.core.api.Assertions.assertThat;

  43. import static org.assertj.core.api.Assertions.assertThatThrownBy;

  44. import static org.mockito.Mockito.doThrow;

  45. import static org.mockito.Mockito.mock;

  46. import static org.mockito.Mockito.verify;

  47. import static org.mockito.Mockito.when;

  48. 

  49. @RunWith(MockitoJUnitRunner.class)

  50. public class SarifIssuesImportSensorTest {

  51. 

  52.   private static final String FILE_1 = "path/to/sarif/file.sarif";

  53.   private static final String FILE_2 = "path/to/sarif/file2.sarif";

  54.   private static final String SARIF_REPORT_PATHS_PARAM = FILE_1 + "," + FILE_2;

  55. 

  56.   @Mock

  57.   private SarifSerializer sarifSerializer;

  58.   @Mock

  59.   private Sarif210Importer sarifImporter;

  60. 

  61.   private MapSettings sensorSettings;

  62. 

  63.   @Before

  64.   public void before() {

  65.     sensorSettings = new MapSettings();

  66.   }

  67. 

  68.   @Rule

  69.   public final LogTester logTester = new LogTester();

  70. 

  71.   private final SensorContextTester sensorContext = SensorContextTester.create(Path.of("."));

  72. 

  73.   @Test

  74.   public void execute_whenSingleFileIsSpecified_shouldImportResults() throws NoSuchFileException {

  75.     sensorSettings.setProperty("sonar.sarifReportPaths", FILE_1);

  76. 

  77.     ReportAndResults reportAndResults = mockSuccessfulReportAndResults(FILE_1);

  78. 

  79.     SarifIssuesImportSensor sensor = new SarifIssuesImportSensor(sarifSerializer, sarifImporter, sensorSettings.asConfig());

  80.     sensor.execute(sensorContext);

  81. 

  82.     verify(sarifImporter).importSarif(reportAndResults.getSarifReport());

  83. 

  84.     assertThat(logTester.logs(Level.INFO)).hasSize(1);

  85.     assertSummaryIsCorrectlyDisplayedForSuccessfulFile(FILE_1, reportAndResults.getSarifImportResults());

  86.   }

  87. 

  88.   @Test

  89.   public void execute_whenMultipleFilesAreSpecified_shouldImportResults() throws NoSuchFileException {

  90.     sensorSettings.setProperty("sonar.sarifReportPaths", SARIF_REPORT_PATHS_PARAM);

  91.     ReportAndResults reportAndResults1 = mockSuccessfulReportAndResults(FILE_1);

  92.     ReportAndResults reportAndResults2 = mockSuccessfulReportAndResults(FILE_2);

  93. 

  94.     SarifIssuesImportSensor sensor = new SarifIssuesImportSensor(sarifSerializer, sarifImporter, sensorSettings.asConfig());

  95.     sensor.execute(sensorContext);

  96. 

  97.     verify(sarifImporter).importSarif(reportAndResults1.getSarifReport());

  98.     verify(sarifImporter).importSarif(reportAndResults2.getSarifReport());

  99. 

  100.     assertSummaryIsCorrectlyDisplayedForSuccessfulFile(FILE_1, reportAndResults1.getSarifImportResults());

  101.     assertSummaryIsCorrectlyDisplayedForSuccessfulFile(FILE_2, reportAndResults2.getSarifImportResults());

  102.   }

  103. 

  104.   @Test

  105.   public void execute_whenFileContainsOnlySuccessfulRuns_shouldLogCorrectMessage() throws NoSuchFileException {

  106.     sensorSettings.setProperty("sonar.sarifReportPaths", FILE_1);

  107.     ReportAndResults reportAndResults = mockSuccessfulReportAndResults(FILE_1);

  108. 

  109.     SarifIssuesImportSensor sensor = new SarifIssuesImportSensor(sarifSerializer, sarifImporter, sensorSettings.asConfig());

  110.     sensor.execute(sensorContext);

  111. 

  112.     assertSummaryIsCorrectlyDisplayedForSuccessfulFile(FILE_1, reportAndResults.getSarifImportResults());

  113.   }

  114. 

  115.   @Test

  116.   public void execute_whenFileContainsOnlyFailedRuns_shouldLogCorrectMessage() throws NoSuchFileException {

  117. 

  118.     sensorSettings.setProperty("sonar.sarifReportPaths", FILE_1);

  119.     ReportAndResults reportAndResults = mockFailedReportAndResults(FILE_1);

  120. 

  121.     SarifIssuesImportSensor sensor = new SarifIssuesImportSensor(sarifSerializer, sarifImporter, sensorSettings.asConfig());

  122.     sensor.execute(sensorContext);

  123. 

  124.     assertSummaryIsCorrectlyDisplayedForFailedFile(FILE_1, reportAndResults.getSarifImportResults());

  125.   }

  126. 

  127.   @Test

  128.   public void execute_whenFileContainsFailedAndSuccessfulRuns_shouldLogCorrectMessage() throws NoSuchFileException {

  129. 

  130.     sensorSettings.setProperty("sonar.sarifReportPaths", FILE_1);

  131. 

  132.     ReportAndResults reportAndResults = mockMixedReportAndResults(FILE_1);

  133. 

  134.     SarifIssuesImportSensor sensor = new SarifIssuesImportSensor(sarifSerializer, sarifImporter, sensorSettings.asConfig());

  135.     sensor.execute(sensorContext);

  136. 

  137.     verify(sarifImporter).importSarif(reportAndResults.getSarifReport());

  138. 

  139.     assertSummaryIsCorrectlyDisplayedForMixedFile(FILE_1, reportAndResults.getSarifImportResults());

  140.   }

  141. 

  142.   @Test

  143.   public void execute_whenImportFails_shouldSkipReport() throws NoSuchFileException {

  144.     sensorSettings.setProperty("sonar.sarifReportPaths", SARIF_REPORT_PATHS_PARAM);

  145. 

  146.     ReportAndResults reportAndResults1 = mockFailedReportAndResults(FILE_1);

  147.     ReportAndResults reportAndResults2 = mockSuccessfulReportAndResults(FILE_2);

  148. 

  149.     doThrow(new NullPointerException("import failed")).when(sarifImporter).importSarif(reportAndResults1.getSarifReport());

  150. 

  151.     SarifIssuesImportSensor sensor = new SarifIssuesImportSensor(sarifSerializer, sarifImporter, sensorSettings.asConfig());

  152.     sensor.execute(sensorContext);

  153. 

  154.     verify(sarifImporter).importSarif(reportAndResults2.getSarifReport());

  155.     assertThat(logTester.logs(Level.WARN)).contains("Failed to process SARIF report from file 'path/to/sarif/file.sarif', error: 'import failed'");

  156.     assertSummaryIsCorrectlyDisplayedForSuccessfulFile(FILE_2, reportAndResults2.getSarifImportResults());

  157.   }

  158. 

  159.   @Test

  160.   public void execute_whenDeserializationFails_shouldSkipReport() throws NoSuchFileException {

  161.     sensorSettings.setProperty("sonar.sarifReportPaths", SARIF_REPORT_PATHS_PARAM);

  162. 

  163.     failDeserializingReport(FILE_1);

  164.     ReportAndResults reportAndResults2 = mockSuccessfulReportAndResults(FILE_2);

  165. 

  166.     SarifIssuesImportSensor sensor = new SarifIssuesImportSensor(sarifSerializer, sarifImporter, sensorSettings.asConfig());

  167.     sensor.execute(sensorContext);

  168. 

  169.     verify(sarifImporter).importSarif(reportAndResults2.getSarifReport());

  170.     assertThat(logTester.logs(Level.WARN)).contains("Failed to process SARIF report from file 'path/to/sarif/file.sarif', error: 'deserialization failed'");

  171.     assertSummaryIsCorrectlyDisplayedForSuccessfulFile(FILE_2, reportAndResults2.getSarifImportResults());

  172.   }

  173. 

  174.   @Test

  175.   public void execute_whenDeserializationThrowsMessageException_shouldRethrow() throws NoSuchFileException {

  176.     sensorSettings.setProperty("sonar.sarifReportPaths", FILE_1);

  177. 

  178.     NoSuchFileException e = new NoSuchFileException("non-existent");

  179.     failDeserializingReportWithException(FILE_1, e);

  180. 

  181.     SarifIssuesImportSensor sensor = new SarifIssuesImportSensor(sarifSerializer, sarifImporter, sensorSettings.asConfig());

  182.     assertThatThrownBy(() -> sensor.execute(sensorContext))

  183.       .isInstanceOf(MessageException.class)

  184.       .hasMessage("SARIF report file not found: non-existent");

  185. 

  186.   }

  187. 

  188.   private void failDeserializingReport(String path) throws NoSuchFileException {

  189.     Path reportFilePath = sensorContext.fileSystem().resolvePath(path).toPath();

  190.     when(sarifSerializer.deserialize(reportFilePath)).thenThrow(new NullPointerException("deserialization failed"));

  191.   }

  192. 

  193.   private void failDeserializingReportWithException(String path, Exception exception) throws NoSuchFileException {

  194.     Path reportFilePath = sensorContext.fileSystem().resolvePath(path).toPath();

  195.     when(sarifSerializer.deserialize(reportFilePath)).thenThrow(exception);

  196.   }

  197. 

  198.   private ReportAndResults mockSuccessfulReportAndResults(String path) throws NoSuchFileException {

  199.     Sarif210 report = mockSarifReport(path);

  200. 

  201.     SarifImportResults sarifImportResults = mock(SarifImportResults.class);

  202.     when(sarifImportResults.getSuccessFullyImportedIssues()).thenReturn(10);

  203.     when(sarifImportResults.getSuccessFullyImportedRuns()).thenReturn(3);

  204.     when(sarifImportResults.getFailedRuns()).thenReturn(0);

  205. 

  206.     when(sarifImporter.importSarif(report)).thenReturn(sarifImportResults);

  207.     return new ReportAndResults(report, sarifImportResults);

  208.   }

  209. 

  210.   private Sarif210 mockSarifReport(String path) throws NoSuchFileException {

  211.     Sarif210 report = mock(Sarif210.class);

  212.     Path reportFilePath = sensorContext.fileSystem().resolvePath(path).toPath();

  213.     when(sarifSerializer.deserialize(reportFilePath)).thenReturn(report);

  214.     return report;

  215.   }

  216. 

  217.   private ReportAndResults mockFailedReportAndResults(String path) throws NoSuchFileException {

  218.     Sarif210 report = mockSarifReport(path);

  219. 

  220.     SarifImportResults sarifImportResults = mock(SarifImportResults.class);

  221.     when(sarifImportResults.getSuccessFullyImportedRuns()).thenReturn(0);

  222.     when(sarifImportResults.getFailedRuns()).thenReturn(1);

  223. 

  224.     when(sarifImporter.importSarif(report)).thenReturn(sarifImportResults);

  225.     return new ReportAndResults(report, sarifImportResults);

  226.   }

  227. 

  228.   private ReportAndResults mockMixedReportAndResults(String path) throws NoSuchFileException {

  229.     Sarif210 report = mockSarifReport(path);

  230. 

  231.     SarifImportResults sarifImportResults = mock(SarifImportResults.class);

  232.     when(sarifImportResults.getSuccessFullyImportedIssues()).thenReturn(10);

  233.     when(sarifImportResults.getSuccessFullyImportedRuns()).thenReturn(3);

  234.     when(sarifImportResults.getFailedRuns()).thenReturn(1);

  235. 

  236.     when(sarifImporter.importSarif(report)).thenReturn(sarifImportResults);

  237.     return new ReportAndResults(report, sarifImportResults);

  238.   }

  239. 

  240.   private void assertSummaryIsCorrectlyDisplayedForSuccessfulFile(String filePath, SarifImportResults sarifImportResults) {

  241.     verifyLogContainsLine(LoggerLevel.INFO, filePath, "File {}: {} run(s) successfully imported ({} vulnerabilities in total).",

  242.       filePath, sarifImportResults.getSuccessFullyImportedRuns(), sarifImportResults.getSuccessFullyImportedIssues());

  243.   }

  244. 

  245.   private void assertSummaryIsCorrectlyDisplayedForFailedFile(String filePath, SarifImportResults sarifImportResults) {

  246.     verifyLogContainsLine(LoggerLevel.WARN, filePath, "File {}: {} run(s) could not be imported (see warning above).",

  247.       filePath, sarifImportResults.getFailedRuns());

  248.   }

  249. 

  250.   private void assertSummaryIsCorrectlyDisplayedForMixedFile(String filePath, SarifImportResults sarifImportResults) {

  251.     verifyLogContainsLine(LoggerLevel.WARN, filePath,

  252.       "File {}: {} run(s) could not be imported (see warning above) and {} run(s) successfully imported ({} vulnerabilities in total).",

  253.       filePath, sarifImportResults.getFailedRuns(), sarifImportResults.getSuccessFullyImportedRuns(), sarifImportResults.getSuccessFullyImportedIssues());

  254.   }

  255. 

  256.   private void verifyLogContainsLine(LoggerLevel level, String filePath, String rawMsg, Object... arguments) {

  257.     LogAndArguments logAndArguments = findLogEntry(level, filePath);

  258.     assertThat(logAndArguments.getRawMsg())

  259.       .isEqualTo(rawMsg);

  260.     assertThat(logAndArguments.getArgs()).isPresent()

  261.       .contains(arguments);

  262.   }

  263. 

  264.   private LogAndArguments findLogEntry(LoggerLevel level, String filePath) {

  265.     Optional<LogAndArguments> optLogAndArguments = logTester.getLogs(level).stream()

  266.       .filter(log -> log.getFormattedMsg().contains(filePath))

  267.       .collect(MoreCollectors.toOptional());

  268.     assertThat(optLogAndArguments).as("Log entry missing for file %s", filePath).isPresent();

  269.     return optLogAndArguments.get();

  270.   }

  271. 

  272.   private static class ReportAndResults {

  273.     private final Sarif210 sarifReport;

  274.     private final SarifImportResults sarifImportResults;

  275. 

  276.     private ReportAndResults(Sarif210 sarifReport, SarifImportResults sarifImportResults) {

  277.       this.sarifReport = sarifReport;

  278.       this.sarifImportResults = sarifImportResults;

  279.     }

  280. 

  281.     private Sarif210 getSarifReport() {

  282.       return sarifReport;

  283.     }

  284. 

  285.     private SarifImportResults getSarifImportResults() {

  286.       return sarifImportResults;

  287.     }

  288.   }

  289. }