mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30610 Commits
59 Branches
Tree: 9a4cafe8c6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9a4cafe8c6'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SettingValidations.java

SettingValidations.java 7.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2021 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.setting.ws;

  21. 

  22. import com.google.common.collect.ImmutableSet;

  23. import com.google.gson.Gson;

  24. import com.google.gson.JsonElement;

  25. 

  26. import java.io.IOException;

  27. import java.io.InputStream;

  28. import java.util.Collection;

  29. import java.util.List;

  30. import java.util.Locale;

  31. import java.util.Optional;

  32. import java.util.Set;

  33. import java.util.function.Consumer;

  34. import java.util.stream.Collectors;

  35. import javax.annotation.CheckForNull;

  36. import javax.annotation.Nullable;

  37. 

  38. import org.everit.json.schema.ValidationException;

  39. import org.everit.json.schema.loader.SchemaLoader;

  40. import org.json.JSONObject;

  41. import org.json.JSONTokener;

  42. import org.sonar.api.PropertyType;

  43. import org.sonar.api.config.PropertyDefinition;

  44. import org.sonar.api.config.PropertyDefinitions;

  45. import org.sonar.api.resources.Qualifiers;

  46. import org.sonar.api.resources.Scopes;

  47. import org.sonar.core.i18n.I18n;

  48. import org.sonar.db.DbClient;

  49. import org.sonar.db.DbSession;

  50. import org.sonar.db.component.ComponentDto;

  51. import org.sonar.db.metric.MetricDto;

  52. import org.sonar.db.user.UserDto;

  53. import org.sonar.server.exceptions.BadRequestException;

  54. 

  55. import static java.lang.String.format;

  56. import static java.util.Arrays.asList;

  57. import static java.util.Objects.requireNonNull;

  58. import static org.sonar.server.exceptions.BadRequestException.checkRequest;

  59. 

  60. public class SettingValidations {

  61.   private static final Collection<String> SECURITY_JSON_PROPERTIES = asList(

  62.     "sonar.security.config.javasecurity",

  63.     "sonar.security.config.phpsecurity",

  64.     "sonar.security.config.pythonsecurity",

  65.     "sonar.security.config.roslyn.sonaranalyzer.security.cs"

  66.   );

  67.   private final PropertyDefinitions definitions;

  68.   private final DbClient dbClient;

  69.   private final I18n i18n;

  70. 

  71.   public SettingValidations(PropertyDefinitions definitions, DbClient dbClient, I18n i18n) {

  72.     this.definitions = definitions;

  73.     this.dbClient = dbClient;

  74.     this.i18n = i18n;

  75.   }

  76. 

  77.   public Consumer<SettingData> scope() {

  78.     return data -> {

  79.       PropertyDefinition definition = definitions.get(data.key);

  80.       checkRequest(data.component != null || definition == null || definition.global() || isGlobal(definition),

  81.         "Setting '%s' cannot be global", data.key);

  82.     };

  83.   }

  84. 

  85.   private static final Set<String> SUPPORTED_QUALIFIERS = ImmutableSet.of(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP, Qualifiers.MODULE, Qualifiers.SUBVIEW);

  86. 

  87.   public Consumer<SettingData> qualifier() {

  88.     return data -> {

  89.       String qualifier = data.component == null ? "" : data.component.qualifier();

  90.       PropertyDefinition definition = definitions.get(data.key);

  91.       checkRequest(checkComponentScopeAndQualifier(data, definition),

  92.         "Setting '%s' cannot be set on a %s", data.key, i18n.message(Locale.ENGLISH, "qualifier." + qualifier, null));

  93.     };

  94.   }

  95. 

  96.   private static boolean checkComponentScopeAndQualifier(SettingData data, @Nullable PropertyDefinition definition) {

  97.     ComponentDto component = data.component;

  98.     if (component == null) {

  99.       return true;

  100.     }

  101.     if (!Scopes.PROJECT.equals(component.scope())) {

  102.       return false;

  103.     }

  104.     if (definition == null) {

  105.       return SUPPORTED_QUALIFIERS.contains(component.qualifier());

  106.     }

  107.     return definition.qualifiers().contains(component.qualifier());

  108.   }

  109. 

  110.   public Consumer<SettingData> valueType() {

  111.     return new ValueTypeValidation();

  112.   }

  113. 

  114.   private static boolean isGlobal(PropertyDefinition definition) {

  115.     return !definition.global() && definition.qualifiers().isEmpty();

  116.   }

  117. 

  118.   static class SettingData {

  119.     private final String key;

  120.     private final List<String> values;

  121.     @CheckForNull

  122.     private final ComponentDto component;

  123. 

  124.     SettingData(String key, List<String> values, @Nullable ComponentDto component) {

  125.       this.key = requireNonNull(key);

  126.       this.values = requireNonNull(values);

  127.       this.component = component;

  128.     }

  129.   }

  130. 

  131.   private class ValueTypeValidation implements Consumer<SettingData> {

  132. 

  133.     @Override

  134.     public void accept(SettingData data) {

  135.       PropertyDefinition definition = definitions.get(data.key);

  136.       if (definition == null) {

  137.         return;

  138.       }

  139. 

  140.       if (definition.type() == PropertyType.METRIC) {

  141.         validateMetric(data);

  142.       } else if (definition.type() == PropertyType.USER_LOGIN) {

  143.         validateLogin(data);

  144.       } else if (definition.type() == PropertyType.JSON) {

  145.         validateJson(data, definition);

  146.       } else {

  147.         validateOtherTypes(data, definition);

  148.       }

  149.     }

  150. 

  151.     private void validateOtherTypes(SettingData data, PropertyDefinition definition) {

  152.       data.values.stream()

  153.         .map(definition::validate)

  154.         .filter(result -> !result.isValid())

  155.         .findAny()

  156.         .ifPresent(result -> {

  157.           throw BadRequestException.create(i18n.message(Locale.ENGLISH, "property.error." + result.getErrorKey(),

  158.             format("Error when validating setting with key '%s' and value [%s]", data.key, data.values.stream().collect(Collectors.joining(", ")))));

  159.         });

  160.     }

  161. 

  162.     private void validateMetric(SettingData data) {

  163.       try (DbSession dbSession = dbClient.openSession(false)) {

  164.         List<MetricDto> metrics = dbClient.metricDao().selectByKeys(dbSession, data.values).stream().filter(MetricDto::isEnabled).collect(Collectors.toList());

  165.         checkRequest(data.values.size() == metrics.size(), "Error when validating metric setting with key '%s' and values [%s]. A value is not a valid metric key.",

  166.           data.key, data.values.stream().collect(Collectors.joining(", ")));

  167.       }

  168.     }

  169. 

  170.     private void validateLogin(SettingData data) {

  171.       try (DbSession dbSession = dbClient.openSession(false)) {

  172.         List<UserDto> users = dbClient.userDao().selectByLogins(dbSession, data.values).stream().filter(UserDto::isActive).collect(Collectors.toList());

  173.         checkRequest(data.values.size() == users.size(), "Error when validating login setting with key '%s' and values [%s]. A value is not a valid login.",

  174.           data.key, data.values.stream().collect(Collectors.joining(", ")));

  175.       }

  176.     }

  177. 

  178.     private void validateJson(SettingData data, PropertyDefinition definition) {

  179.       Optional<String> jsonContent = data.values.stream().findFirst();

  180.       if (jsonContent.isPresent()) {

  181.         try {

  182.           new Gson().getAdapter(JsonElement.class).fromJson(jsonContent.get());

  183.           validateJsonSchema(jsonContent.get(), definition);

  184.         } catch (ValidationException e) {

  185.           throw new IllegalArgumentException(String.format("Provided JSON is invalid [%s]", e.getMessage()));

  186.         } catch (IOException e){

  187.           throw new IllegalArgumentException("Provided JSON is invalid");

  188.         }

  189.       }

  190.     }

  191. 

  192.     private void validateJsonSchema(String json, PropertyDefinition definition) {

  193.       if(SECURITY_JSON_PROPERTIES.contains(definition.key())){

  194.         InputStream jsonSchemaInputStream = this.getClass().getClassLoader().getResourceAsStream("json-schemas/security.json");

  195.         if(jsonSchemaInputStream != null){

  196.           JSONObject jsonSchema = new JSONObject(new JSONTokener(jsonSchemaInputStream));

  197.           JSONObject jsonSubject = new JSONObject(new JSONTokener(json));

  198.           SchemaLoader.load(jsonSchema).validate(jsonSubject);

  199.         }

  200.       }

  201. 

  202.     }

  203.   }

  204. }