mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36262 Commits
59 Branches
Tree: 412f42cb11
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '412f42cb11'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ce/queue/ReportSubmitter.java

ReportSubmitter.java 10KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2024 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.ce.queue;

  21. 

  22. import java.io.InputStream;

  23. import java.util.ArrayList;

  24. import java.util.List;

  25. import java.util.Map;

  26. import java.util.Optional;

  27. import javax.annotation.Nullable;

  28. import org.sonar.api.resources.Qualifiers;

  29. import org.sonar.api.resources.Scopes;

  30. import org.sonar.api.server.ServerSide;

  31. import org.sonar.api.web.UserRole;

  32. import org.sonar.ce.queue.CeQueue;

  33. import org.sonar.ce.queue.CeTaskSubmit;

  34. import org.sonar.ce.task.CeTask;

  35. import org.sonar.db.DbClient;

  36. import org.sonar.db.DbSession;

  37. import org.sonar.db.ce.CeTaskTypes;

  38. import org.sonar.db.component.BranchDto;

  39. import org.sonar.db.component.ComponentDto;

  40. import org.sonar.db.permission.GlobalPermission;

  41. import org.sonar.server.common.almsettings.DevOpsProjectCreator;

  42. import org.sonar.server.common.almsettings.DevOpsProjectCreatorFactory;

  43. import org.sonar.server.component.ComponentCreationData;

  44. import org.sonar.server.common.component.ComponentUpdater;

  45. import org.sonar.server.exceptions.BadRequestException;

  46. import org.sonar.server.management.ManagedInstanceService;

  47. import org.sonar.server.common.permission.PermissionTemplateService;

  48. import org.sonar.server.common.project.ProjectCreator;

  49. import org.sonar.server.user.UserSession;

  50. 

  51. import static java.lang.String.format;

  52. import static org.apache.commons.lang3.StringUtils.defaultIfBlank;

  53. import static org.sonar.db.permission.GlobalPermission.SCAN;

  54. import static org.sonar.db.project.CreationMethod.SCANNER_API;

  55. import static org.sonar.db.project.CreationMethod.SCANNER_API_DEVOPS_AUTO_CONFIG;

  56. import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;

  57. 

  58. @ServerSide

  59. public class ReportSubmitter {

  60. 

  61.   private final CeQueue queue;

  62.   private final UserSession userSession;

  63. 

  64.   private final ProjectCreator projectCreator;

  65.   private final ComponentUpdater componentUpdater;

  66.   private final PermissionTemplateService permissionTemplateService;

  67.   private final DbClient dbClient;

  68.   private final BranchSupport branchSupport;

  69.   private final DevOpsProjectCreatorFactory devOpsProjectCreatorFactory;

  70.   private final ManagedInstanceService managedInstanceService;

  71. 

  72.   public ReportSubmitter(CeQueue queue, UserSession userSession, ProjectCreator projectCreator, ComponentUpdater componentUpdater,

  73.     PermissionTemplateService permissionTemplateService, DbClient dbClient, BranchSupport branchSupport,

  74.     DevOpsProjectCreatorFactory devOpsProjectCreatorFactory, ManagedInstanceService managedInstanceService) {

  75.     this.queue = queue;

  76.     this.userSession = userSession;

  77.     this.projectCreator = projectCreator;

  78.     this.componentUpdater = componentUpdater;

  79.     this.permissionTemplateService = permissionTemplateService;

  80.     this.dbClient = dbClient;

  81.     this.branchSupport = branchSupport;

  82.     this.devOpsProjectCreatorFactory = devOpsProjectCreatorFactory;

  83.     this.managedInstanceService = managedInstanceService;

  84.   }

  85. 

  86.   public CeTask submit(String projectKey, @Nullable String projectName, Map<String, String> characteristics, InputStream reportInput) {

  87.     try (DbSession dbSession = dbClient.openSession(false)) {

  88.       ComponentCreationData componentCreationData = null;

  89.       // Note: when the main branch is analyzed, the characteristics may or may not have the branch name, so componentKey#isMainBranch is not

  90.       // reliable!

  91.       BranchSupport.ComponentKey componentKey = branchSupport.createComponentKey(projectKey, characteristics);

  92.       Optional<ComponentDto> mainBranchComponentOpt = dbClient.componentDao().selectByKey(dbSession, componentKey.getKey());

  93.       ComponentDto mainBranchComponent;

  94. 

  95.       if (mainBranchComponentOpt.isPresent()) {

  96.         mainBranchComponent = mainBranchComponentOpt.get();

  97.         validateProject(dbSession, mainBranchComponent, projectKey);

  98.       } else {

  99.         componentCreationData = createProject(projectKey, projectName, characteristics, dbSession, componentKey);

  100.         mainBranchComponent = componentCreationData.mainBranchComponent();

  101.       }

  102. 

  103.       BranchDto mainBranch = dbClient.branchDao().selectByUuid(dbSession, mainBranchComponent.branchUuid())

  104.         .orElseThrow(() -> new IllegalStateException("Couldn't find the main branch of the project"));

  105.       ComponentDto branchComponent;

  106.       if (isMainBranch(componentKey, mainBranch)) {

  107.         branchComponent = mainBranchComponent;

  108.       } else if (componentKey.getBranchName().isPresent()) {

  109.         branchComponent = dbClient.componentDao().selectByKeyAndBranch(dbSession, componentKey.getKey(), componentKey.getBranchName().get())

  110.           .orElseGet(() -> branchSupport.createBranchComponent(dbSession, componentKey, mainBranchComponent, mainBranch));

  111.       } else {

  112.         branchComponent = dbClient.componentDao().selectByKeyAndPullRequest(dbSession, componentKey.getKey(), componentKey.getPullRequestKey().get())

  113.           .orElseGet(() -> branchSupport.createBranchComponent(dbSession, componentKey, mainBranchComponent, mainBranch));

  114.       }

  115. 

  116.       if (componentCreationData != null) {

  117.         componentUpdater.commitAndIndex(dbSession, componentCreationData);

  118.       } else {

  119.         dbSession.commit();

  120.       }

  121. 

  122.       checkScanPermission(branchComponent);

  123.       return submitReport(dbSession, reportInput, branchComponent, mainBranch, characteristics);

  124.     }

  125.   }

  126. 

  127.   private static boolean isMainBranch(BranchSupport.ComponentKey componentKey, BranchDto mainBranch) {

  128.     if (componentKey.isMainBranch()) {

  129.       return true;

  130.     }

  131. 

  132.     return componentKey.getBranchName().isPresent() && componentKey.getBranchName().get().equals(mainBranch.getKey());

  133.   }

  134. 

  135.   private void checkScanPermission(ComponentDto project) {

  136.     // this is a specific and inconsistent behavior. For legacy reasons, "technical users"

  137.     // defined with global scan permission should be able to analyze a project even if

  138.     // they don't have the direct permission on the project.

  139.     // That means that dropping the permission on the project does not have any effects

  140.     // if user has still the global permission

  141.     if (!userSession.hasComponentPermission(UserRole.SCAN, project) && !userSession.hasPermission(GlobalPermission.SCAN)) {

  142.       throw insufficientPrivilegesException();

  143.     }

  144.   }

  145. 

  146.   private void validateProject(DbSession dbSession, ComponentDto component, String rawProjectKey) {

  147.     List<String> errors = new ArrayList<>();

  148. 

  149.     if (!Qualifiers.PROJECT.equals(component.qualifier()) || !Scopes.PROJECT.equals(component.scope())) {

  150.       errors.add(format("Component '%s' is not a project", rawProjectKey));

  151.     }

  152.     if (!component.branchUuid().equals(component.uuid())) {

  153.       // Project key is already used as a module of another project

  154.       ComponentDto anotherBaseProject = dbClient.componentDao().selectOrFailByUuid(dbSession, component.branchUuid());

  155.       errors.add(format("The project '%s' is already defined in SonarQube but as a module of project '%s'. "

  156.         + "If you really want to stop directly analysing project '%s', please first delete it from SonarQube and then relaunch the analysis of project '%s'.",

  157.         rawProjectKey, anotherBaseProject.getKey(), anotherBaseProject.getKey(), rawProjectKey));

  158.     }

  159.     if (!errors.isEmpty()) {

  160.       throw BadRequestException.create(errors);

  161.     }

  162.   }

  163. 

  164.   private ComponentCreationData createProject(String projectKey, @Nullable String projectName, Map<String, String> characteristics,

  165.     DbSession dbSession, BranchSupport.ComponentKey componentKey) {

  166.     userSession.checkPermission(GlobalPermission.PROVISION_PROJECTS);

  167. 

  168.     DevOpsProjectCreator devOpsProjectCreator = devOpsProjectCreatorFactory.getDevOpsProjectCreator(dbSession, characteristics).orElse(null);

  169. 

  170.     throwIfCurrentUserWouldNotHaveScanPermission(projectKey, dbSession, devOpsProjectCreator);

  171. 

  172.     if (devOpsProjectCreator != null) {

  173.       return devOpsProjectCreator.createProjectAndBindToDevOpsPlatform(dbSession, SCANNER_API_DEVOPS_AUTO_CONFIG, false, projectKey, projectName);

  174.     }

  175.     return projectCreator.createProject(dbSession, componentKey.getKey(), defaultIfBlank(projectName, projectKey), null, SCANNER_API);

  176.   }

  177. 

  178.   private void throwIfCurrentUserWouldNotHaveScanPermission(String projectKey, DbSession dbSession, @Nullable DevOpsProjectCreator devOpsProjectCreator) {

  179.     if (!wouldCurrentUserHaveScanPermission(projectKey, dbSession, devOpsProjectCreator)) {

  180.       throw insufficientPrivilegesException();

  181.     }

  182.   }

  183. 

  184.   private boolean wouldCurrentUserHaveScanPermission(String projectKey, DbSession dbSession, @Nullable DevOpsProjectCreator devOpsProjectCreator) {

  185.     if (userSession.hasPermission(SCAN)) {

  186.       return true;

  187.     }

  188.     if (managedInstanceService.isInstanceExternallyManaged() && devOpsProjectCreator != null) {

  189.       return devOpsProjectCreator.isScanAllowedUsingPermissionsFromDevopsPlatform();

  190.     }

  191.     return permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(dbSession, userSession.getUuid(), projectKey);

  192.   }

  193. 

  194.   private CeTask submitReport(DbSession dbSession, InputStream reportInput, ComponentDto branch, BranchDto mainBranch, Map<String, String> characteristics) {

  195.     CeTaskSubmit.Builder submit = queue.prepareSubmit();

  196. 

  197.     // the report file must be saved before submitting the task

  198.     dbClient.ceTaskInputDao().insert(dbSession, submit.getUuid(), reportInput);

  199.     dbSession.commit();

  200.     submit.setType(CeTaskTypes.REPORT);

  201.     submit.setComponent(CeTaskSubmit.Component.fromDto(branch.uuid(), mainBranch.getProjectUuid()));

  202.     submit.setSubmitterUuid(userSession.getUuid());

  203.     submit.setCharacteristics(characteristics);

  204.     return queue.submit(submit.build());

  205.   }

  206. 

  207. }