mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32112 Commits
59 Branches
Tree: b507c1c7bb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b507c1c7bb'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/ShowActionTest.java

ShowActionTest.java 52KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2022 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.hotspot.ws;

  21. 

  22. import com.google.common.collect.ImmutableSet;

  23. import com.google.common.collect.Sets;

  24. import com.tngtech.java.junit.dataprovider.DataProvider;

  25. import com.tngtech.java.junit.dataprovider.DataProviderRunner;

  26. import com.tngtech.java.junit.dataprovider.UseDataProvider;

  27. import java.util.Arrays;

  28. import java.util.Collections;

  29. import java.util.List;

  30. import java.util.Random;

  31. import java.util.Set;

  32. import java.util.function.Consumer;

  33. import java.util.function.Supplier;

  34. import java.util.stream.Collectors;

  35. import java.util.stream.IntStream;

  36. import java.util.stream.Stream;

  37. import javax.annotation.Nullable;

  38. import org.assertj.core.groups.Tuple;

  39. import org.junit.Rule;

  40. import org.junit.Test;

  41. import org.junit.runner.RunWith;

  42. import org.mockito.ArgumentMatcher;

  43. import org.mockito.Mockito;

  44. import org.sonar.api.issue.Issue;

  45. import org.sonar.api.rules.RuleType;

  46. import org.sonar.api.utils.System2;

  47. import org.sonar.api.web.UserRole;

  48. import org.sonar.core.util.UuidFactory;

  49. import org.sonar.core.util.UuidFactoryFast;

  50. import org.sonar.db.DbClient;

  51. import org.sonar.db.DbSession;

  52. import org.sonar.db.DbTester;

  53. import org.sonar.db.component.BranchType;

  54. import org.sonar.db.component.ComponentDto;

  55. import org.sonar.db.issue.IssueDto;

  56. import org.sonar.db.protobuf.DbCommons;

  57. import org.sonar.db.protobuf.DbIssues;

  58. import org.sonar.db.rule.RuleDescriptionSectionDto;

  59. import org.sonar.db.rule.RuleDto;

  60. import org.sonar.db.rule.RuleTesting;

  61. import org.sonar.db.user.UserDto;

  62. import org.sonar.db.user.UserTesting;

  63. import org.sonar.server.es.EsTester;

  64. import org.sonar.server.exceptions.ForbiddenException;

  65. import org.sonar.server.exceptions.NotFoundException;

  66. import org.sonar.server.issue.AvatarResolver;

  67. import org.sonar.server.issue.AvatarResolverImpl;

  68. import org.sonar.server.issue.IssueChangeWSSupport;

  69. import org.sonar.server.issue.IssueChangeWSSupport.FormattingContext;

  70. import org.sonar.server.issue.IssueChangeWSSupport.Load;

  71. import org.sonar.server.issue.TextRangeResponseFormatter;

  72. import org.sonar.server.issue.ws.UserResponseFormatter;

  73. import org.sonar.server.security.SecurityStandards;

  74. import org.sonar.server.security.SecurityStandards.SQCategory;

  75. import org.sonar.server.tester.UserSessionRule;

  76. import org.sonar.server.ws.TestRequest;

  77. import org.sonar.server.ws.WsActionTester;

  78. import org.sonarqube.ws.Common;

  79. import org.sonarqube.ws.Common.Changelog.Diff;

  80. import org.sonarqube.ws.Common.Location;

  81. import org.sonarqube.ws.Common.User;

  82. import org.sonarqube.ws.Hotspots;

  83. 

  84. import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic;

  85. import static org.assertj.core.api.Assertions.assertThat;

  86. import static org.assertj.core.api.Assertions.assertThatThrownBy;

  87. import static org.assertj.core.api.Assertions.tuple;

  88. import static org.mockito.ArgumentMatchers.any;

  89. import static org.mockito.ArgumentMatchers.anySet;

  90. import static org.mockito.ArgumentMatchers.argThat;

  91. import static org.mockito.ArgumentMatchers.eq;

  92. import static org.mockito.Mockito.verify;

  93. import static org.mockito.Mockito.when;

  94. import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;

  95. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.ASSESS_THE_PROBLEM_SECTION_KEY;

  96. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.HOW_TO_FIX_SECTION_KEY;

  97. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.INTRODUCTION_SECTION_KEY;

  98. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.RESOURCES_SECTION_KEY;

  99. import static org.sonar.api.server.rule.RuleDescriptionSection.RuleDescriptionSectionKeys.ROOT_CAUSE_SECTION_KEY;

  100. import static org.sonar.db.component.ComponentTesting.newFileDto;

  101. import static org.sonar.db.rule.RuleDescriptionSectionDto.DEFAULT_KEY;

  102. import static org.sonar.db.rule.RuleDto.Format.HTML;

  103. import static org.sonar.db.rule.RuleDto.Format.MARKDOWN;

  104. 

  105. @RunWith(DataProviderRunner.class)

  106. public class ShowActionTest {

  107.   private static final Random RANDOM = new Random();

  108. 

  109.   @Rule

  110.   public DbTester dbTester = DbTester.create(System2.INSTANCE);

  111.   @Rule

  112.   public EsTester es = EsTester.create();

  113.   @Rule

  114.   public UserSessionRule userSessionRule = UserSessionRule.standalone();

  115. 

  116.   private final DbClient dbClient = dbTester.getDbClient();

  117.   private final AvatarResolver avatarResolver = new AvatarResolverImpl();

  118.   private final HotspotWsResponseFormatter responseFormatter = new HotspotWsResponseFormatter();

  119.   private final IssueChangeWSSupport issueChangeSupport = Mockito.mock(IssueChangeWSSupport.class);

  120.   private final HotspotWsSupport hotspotWsSupport = new HotspotWsSupport(dbClient, userSessionRule, System2.INSTANCE);

  121.   private final UserResponseFormatter userFormatter = new UserResponseFormatter(new AvatarResolverImpl());

  122.   private final TextRangeResponseFormatter textRangeFormatter = new TextRangeResponseFormatter();

  123.   private final ShowAction underTest = new ShowAction(dbClient, hotspotWsSupport, responseFormatter, textRangeFormatter, userFormatter, issueChangeSupport);

  124.   private final WsActionTester actionTester = new WsActionTester(underTest);

  125.   private final UuidFactory uuidFactory = UuidFactoryFast.getInstance();

  126. 

  127.   @Test

  128.   public void ws_is_public() {

  129.     assertThat(actionTester.getDef().isInternal()).isFalse();

  130.   }

  131. 

  132.   @Test

  133.   public void fails_with_IAE_if_parameter_hotspot_is_missing() {

  134.     TestRequest request = actionTester.newRequest();

  135. 

  136.     assertThatThrownBy(request::execute)

  137.       .isInstanceOf(IllegalArgumentException.class)

  138.       .hasMessage("The 'hotspot' parameter is missing");

  139.   }

  140. 

  141.   @Test

  142.   public void fails_with_NotFoundException_if_hotspot_does_not_exist() {

  143.     String key = randomAlphabetic(12);

  144.     TestRequest request = actionTester.newRequest()

  145.       .setParam("hotspot", key);

  146. 

  147.     assertThatThrownBy(request::execute)

  148.       .isInstanceOf(NotFoundException.class)

  149.       .hasMessage("Hotspot '%s' does not exist", key);

  150.   }

  151. 

  152.   @Test

  153.   @UseDataProvider("ruleTypesButHotspot")

  154.   public void fails_with_NotFoundException_if_issue_is_not_a_hotspot(RuleType ruleType) {

  155.     ComponentDto project = dbTester.components().insertPublicProject();

  156.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  157.     RuleDto rule = newRule(ruleType);

  158.     IssueDto notAHotspot = dbTester.issues().insertIssue(rule, project, file, i -> i.setType(ruleType));

  159.     TestRequest request = newRequest(notAHotspot);

  160. 

  161.     assertThatThrownBy(request::execute)

  162.       .isInstanceOf(NotFoundException.class)

  163.       .hasMessage("Hotspot '%s' does not exist", notAHotspot.getKey());

  164.   }

  165. 

  166.   @DataProvider

  167.   public static Object[][] ruleTypesButHotspot() {

  168.     return Arrays.stream(RuleType.values())

  169.       .filter(t -> t != SECURITY_HOTSPOT)

  170.       .map(t -> new Object[] {t})

  171.       .toArray(Object[][]::new);

  172.   }

  173. 

  174.   @Test

  175.   public void fails_with_NotFoundException_if_issue_is_hotspot_is_closed() {

  176.     ComponentDto project = dbTester.components().insertPublicProject();

  177.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  178.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  179.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(Issue.STATUS_CLOSED));

  180.     TestRequest request = newRequest(hotspot);

  181. 

  182.     assertThatThrownBy(request::execute)

  183.       .isInstanceOf(NotFoundException.class)

  184.       .hasMessage("Hotspot '%s' does not exist", hotspot.getKey());

  185.   }

  186. 

  187.   @Test

  188.   public void fails_with_ForbiddenException_if_project_is_private_and_not_allowed() {

  189.     ComponentDto project = dbTester.components().insertPrivateProject();

  190.     userSessionRule.registerComponents(project);

  191.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  192.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  193.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  194.     TestRequest request = newRequest(hotspot);

  195. 

  196.     assertThatThrownBy(request::execute)

  197.       .isInstanceOf(ForbiddenException.class)

  198.       .hasMessage("Insufficient privileges");

  199.   }

  200. 

  201.   @Test

  202.   public void succeeds_on_hotspot_with_flow() {

  203.     ComponentDto project = dbTester.components().insertPublicProject();

  204.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  205.     ComponentDto anotherFile = dbTester.components().insertComponent(newFileDto(project));

  206.     DbIssues.Locations.Builder locations = DbIssues.Locations.newBuilder().addFlow(DbIssues.Flow.newBuilder().addAllLocation(Arrays.asList(

  207.       DbIssues.Location.newBuilder()

  208.         .setComponentId(file.uuid())

  209.         .setMsg("FLOW MESSAGE")

  210.         .setTextRange(DbCommons.TextRange.newBuilder()

  211.           .setStartLine(1)

  212.           .setEndLine(1)

  213.           .setStartOffset(0)

  214.           .setEndOffset(12)

  215.           .build())

  216.         .build(),

  217.       DbIssues.Location.newBuilder()

  218.         .setComponentId(anotherFile.uuid())

  219.         .setMsg("ANOTHER FLOW MESSAGE")

  220.         .setTextRange(DbCommons.TextRange.newBuilder()

  221.           .setStartLine(1)

  222.           .setEndLine(1)

  223.           .setStartOffset(0)

  224.           .setEndOffset(12)

  225.           .build())

  226.         .build(),

  227.       DbIssues.Location.newBuilder()

  228.         .setMsg("FLOW MESSAGE WITHOUT FILE UUID")

  229.         .setTextRange(DbCommons.TextRange.newBuilder()

  230.           .setStartLine(1)

  231.           .setEndLine(1)

  232.           .setStartOffset(0)

  233.           .setEndOffset(12)

  234.           .build())

  235.         .build())));

  236.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  237.     var hotspot = dbTester.issues().insertHotspot(rule, project, file, i -> i.setLocations(locations.build()));

  238.     mockChangelogAndCommentsFormattingContext();

  239. 

  240.     userSessionRule.registerComponents(project);

  241. 

  242.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  243.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  244. 

  245.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  246.     assertThat(response.getFlowsCount()).isEqualTo(1);

  247.     assertThat(response.getFlows(0).getLocationsList())

  248.       .extracting(Location::getMsg, Location::getComponent)

  249.       .containsExactlyInAnyOrder(

  250.         tuple("FLOW MESSAGE", file.getKey()),

  251.         tuple("ANOTHER FLOW MESSAGE", anotherFile.getKey()),

  252.         tuple("FLOW MESSAGE WITHOUT FILE UUID", file.getKey()));

  253.   }

  254. 

  255.   @Test

  256.   public void succeeds_on_public_project() {

  257.     ComponentDto project = dbTester.components().insertPublicProject();

  258.     userSessionRule.registerComponents(project);

  259.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  260.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  261.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  262.     mockChangelogAndCommentsFormattingContext();

  263. 

  264.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  265.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  266. 

  267.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  268.   }

  269. 

  270.   @Test

  271.   public void succeeds_on_private_project_with_permission() {

  272.     ComponentDto project = dbTester.components().insertPrivateProject();

  273.     userSessionRule.registerComponents(project);

  274.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  275.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  276.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  277.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  278.     mockChangelogAndCommentsFormattingContext();

  279. 

  280.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  281.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  282. 

  283.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  284.   }

  285. 

  286.   @Test

  287.   public void return_canChangeStatus_false_on_public_project_when_anonymous() {

  288.     ComponentDto project = dbTester.components().insertPublicProject();

  289.     userSessionRule.registerComponents(project);

  290.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  291.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  292.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  293.     mockChangelogAndCommentsFormattingContext();

  294. 

  295.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  296.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  297. 

  298.     assertThat(response.getCanChangeStatus()).isFalse();

  299.   }

  300. 

  301.   @Test

  302.   @UseDataProvider("allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN")

  303.   public void return_canChangeStatus_false_on_public_project_when_authenticated_without_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  304.     ComponentDto project = dbTester.components().insertPublicProject();

  305.     userSessionRule.logIn().registerComponents(project);

  306.     if (permission != null) {

  307.       userSessionRule.addProjectPermission(permission, project);

  308.     }

  309.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  310.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  311.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  312.     mockChangelogAndCommentsFormattingContext();

  313. 

  314.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  315.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  316. 

  317.     assertThat(response.getCanChangeStatus()).isFalse();

  318.   }

  319. 

  320.   @Test

  321.   @UseDataProvider("allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN")

  322.   public void return_canChangeStatus_true_on_public_project_when_authenticated_with_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  323.     ComponentDto project = dbTester.components().insertPublicProject();

  324.     userSessionRule.registerComponents(project)

  325.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  326.     if (permission != null) {

  327.       userSessionRule.addProjectPermission(permission, project);

  328.     }

  329.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  330.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  331.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  332.     mockChangelogAndCommentsFormattingContext();

  333. 

  334.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  335.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  336. 

  337.     assertThat(response.getCanChangeStatus()).isTrue();

  338.   }

  339. 

  340.   @DataProvider

  341.   public static Object[][] allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN() {

  342.     return new Object[][] {

  343.       {null}, // no permission

  344.       {UserRole.ADMIN},

  345.       {UserRole.SCAN},

  346.       {UserRole.ISSUE_ADMIN}

  347.     };

  348.   }

  349. 

  350.   @Test

  351.   @UseDataProvider("allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER")

  352.   public void return_canChangeStatus_false_on_private_project_without_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  353.     ComponentDto project = dbTester.components().insertPrivateProject();

  354.     userSessionRule

  355.       .registerComponents(project)

  356.       .logIn()

  357.       .addProjectPermission(UserRole.USER, project);

  358.     if (permission != null) {

  359.       userSessionRule.addProjectPermission(permission, project);

  360.     }

  361.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  362.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  363.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  364.     mockChangelogAndCommentsFormattingContext();

  365. 

  366.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  367.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  368. 

  369.     assertThat(response.getCanChangeStatus()).isFalse();

  370.   }

  371. 

  372.   @Test

  373.   @UseDataProvider("allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER")

  374.   public void return_canChangeStatus_false_on_private_project_with_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  375.     ComponentDto project = dbTester.components().insertPrivateProject();

  376.     userSessionRule

  377.       .registerComponents(project)

  378.       .logIn()

  379.       .addProjectPermission(UserRole.USER, project)

  380.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  381.     if (permission != null) {

  382.       userSessionRule.addProjectPermission(permission, project);

  383.     }

  384.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  385.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  386.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  387.     mockChangelogAndCommentsFormattingContext();

  388. 

  389.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  390.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  391. 

  392.     assertThat(response.getCanChangeStatus()).isTrue();

  393.   }

  394. 

  395.   @DataProvider

  396.   public static Object[][] allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER() {

  397.     return new Object[][] {

  398.       {null}, // only USER permission

  399.       {UserRole.CODEVIEWER},

  400.       {UserRole.ADMIN},

  401.       {UserRole.SCAN},

  402.       {UserRole.ISSUE_ADMIN}

  403.     };

  404.   }

  405. 

  406.   @Test

  407.   @UseDataProvider("statusAndResolutionCombinations")

  408.   public void returns_status_and_resolution(String status, @Nullable String resolution) {

  409.     ComponentDto project = dbTester.components().insertPrivateProject();

  410.     userSessionRule.registerComponents(project);

  411.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  412.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  413.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  414.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(status).setResolution(resolution));

  415.     mockChangelogAndCommentsFormattingContext();

  416. 

  417.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  418.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  419. 

  420.     assertThat(response.getStatus()).isEqualTo(status);

  421.     if (resolution == null) {

  422.       assertThat(response.hasResolution()).isFalse();

  423.     } else {

  424.       assertThat(response.getResolution()).isEqualTo(resolution);

  425.     }

  426.   }

  427. 

  428.   @DataProvider

  429.   public static Object[][] statusAndResolutionCombinations() {

  430.     return new Object[][] {

  431.       {Issue.STATUS_TO_REVIEW, null},

  432.       {Issue.STATUS_REVIEWED, Issue.RESOLUTION_FIXED},

  433.       {Issue.STATUS_REVIEWED, Issue.RESOLUTION_SAFE}

  434.     };

  435.   }

  436. 

  437. 

  438.   @Test

  439.   public void dispatch_description_sections_of_advanced_rule_in_relevant_field() {

  440.     ComponentDto project = dbTester.components().insertPrivateProject();

  441.     userSessionRule.registerComponents(project);

  442.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  443.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  444. 

  445.     RuleDescriptionSectionDto introductionSection = generateSectionWithKey(INTRODUCTION_SECTION_KEY);

  446.     RuleDescriptionSectionDto rootCauseSection = generateSectionWithKey(ROOT_CAUSE_SECTION_KEY);

  447.     RuleDescriptionSectionDto assesTheProblemSection = generateSectionWithKey(ASSESS_THE_PROBLEM_SECTION_KEY);

  448.     RuleDescriptionSectionDto resourcesSection = generateSectionWithKey(RESOURCES_SECTION_KEY);

  449.     RuleDescriptionSectionDto howToFixSection = generateSectionWithKey(HOW_TO_FIX_SECTION_KEY);

  450.     RuleDescriptionSectionDto dummySection = generateSectionWithKey("dummySection");

  451. 

  452.     RuleDto rule = newRuleWithoutSection(SECURITY_HOTSPOT,

  453.       r -> r.addRuleDescriptionSectionDto(introductionSection)

  454.         .addRuleDescriptionSectionDto(rootCauseSection)

  455.         .addRuleDescriptionSectionDto(assesTheProblemSection)

  456.         .addRuleDescriptionSectionDto(resourcesSection)

  457.         .addRuleDescriptionSectionDto(howToFixSection)

  458.         .addRuleDescriptionSectionDto(dummySection)

  459.         .setDescriptionFormat(HTML));

  460. 

  461.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  462.     mockChangelogAndCommentsFormattingContext();

  463. 

  464.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  465.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  466. 

  467.     assertThat(response.getRule().getVulnerabilityDescription()).isEqualTo(rootCauseSection.getContent());

  468.     assertThat(response.getRule().getRiskDescription()).isEqualTo(assesTheProblemSection.getContent());

  469.     assertThat(response.getRule().getFixRecommendations()).isEqualTo(howToFixSection.getContent());

  470.   }

  471. 

  472.   @Test

  473.   public void fallbacks_to_default_section_in_case_of_legacy_rule() {

  474.     ComponentDto project = dbTester.components().insertPrivateProject();

  475.     userSessionRule.registerComponents(project);

  476.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  477.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  478. 

  479.     RuleDescriptionSectionDto introductionSection = generateSectionWithKey(DEFAULT_KEY);

  480. 

  481.     RuleDto rule = newRuleWithoutSection(SECURITY_HOTSPOT,

  482.       r -> r.addRuleDescriptionSectionDto(introductionSection)

  483.        .setDescriptionFormat(HTML));

  484. 

  485.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  486.     mockChangelogAndCommentsFormattingContext();

  487. 

  488.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  489.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  490. 

  491.     assertThat(response.getRule().getVulnerabilityDescription()).isEqualTo(introductionSection.getContent());

  492.     assertThat(response.getRule().getRiskDescription()).isEmpty();

  493.     assertThat(response.getRule().getFixRecommendations()).isEmpty();

  494.   }

  495. 

  496.   @Test

  497.   public void ignore_default_section_if_root_cause_provided() {

  498.     ComponentDto project = dbTester.components().insertPrivateProject();

  499.     userSessionRule.registerComponents(project);

  500.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  501.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  502. 

  503.     RuleDescriptionSectionDto introductionSection = generateSectionWithKey(INTRODUCTION_SECTION_KEY);

  504.     RuleDescriptionSectionDto rootCauseSection = generateSectionWithKey(ROOT_CAUSE_SECTION_KEY);

  505.     RuleDescriptionSectionDto assesTheProblemSection = generateSectionWithKey(ASSESS_THE_PROBLEM_SECTION_KEY);

  506. 

  507.     RuleDto rule = newRuleWithoutSection(SECURITY_HOTSPOT,

  508.       r -> r.addRuleDescriptionSectionDto(introductionSection)

  509.         .addRuleDescriptionSectionDto(rootCauseSection)

  510.         .addRuleDescriptionSectionDto(assesTheProblemSection)

  511.         .setDescriptionFormat(HTML));

  512. 

  513.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  514.     mockChangelogAndCommentsFormattingContext();

  515. 

  516.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  517.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  518. 

  519.     assertThat(response.getRule().getVulnerabilityDescription()).isEqualTo(rootCauseSection.getContent());

  520.     assertThat(response.getRule().getRiskDescription()).isEqualTo(assesTheProblemSection.getContent());

  521.     assertThat(response.getRule().getFixRecommendations()).isEmpty();

  522.   }

  523. 

  524.   private RuleDescriptionSectionDto generateSectionWithKey(String assessTheProblemSectionKey) {

  525.     return RuleDescriptionSectionDto.builder()

  526.       .uuid(uuidFactory.create())

  527.       .key(assessTheProblemSectionKey)

  528.       .content(randomAlphabetic(200))

  529.       .build();

  530.   }

  531. 

  532.   @Test

  533.   public void returns_html_description_for_custom_rules() {

  534.     ComponentDto project = dbTester.components().insertPrivateProject();

  535.     userSessionRule.registerComponents(project);

  536.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  537.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  538. 

  539.     String description = "== Title\n<div>line1\nline2</div>";

  540. 

  541.     RuleDescriptionSectionDto sectionDto = RuleDescriptionSectionDto.builder()

  542.       .uuid(uuidFactory.create())

  543.       .key(ASSESS_THE_PROBLEM_SECTION_KEY)

  544.       .content(description)

  545.       .build();

  546. 

  547.     RuleDto rule = newRuleWithoutSection(SECURITY_HOTSPOT,

  548.       r -> r.setTemplateUuid("123")

  549.         .addRuleDescriptionSectionDto(sectionDto)

  550.         .setDescriptionFormat(MARKDOWN));

  551. 

  552.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  553.     mockChangelogAndCommentsFormattingContext();

  554. 

  555.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  556.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  557. 

  558.     assertThat(response.getRule().getRiskDescription()).isEqualTo("<h2>Title</h2>&lt;div&gt;line1<br/>line2&lt;/div&gt;");

  559.   }

  560. 

  561. 

  562.   @Test

  563.   public void handles_null_description_for_custom_rules() {

  564.     ComponentDto project = dbTester.components().insertPrivateProject();

  565.     userSessionRule.registerComponents(project);

  566.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  567.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  568. 

  569.     RuleDto rule = newRuleWithoutSection(SECURITY_HOTSPOT, r -> r.setTemplateUuid("123"));

  570. 

  571.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  572.     mockChangelogAndCommentsFormattingContext();

  573. 

  574.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  575.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  576. 

  577.     assertThat(response.getRule().getRiskDescription()).isNullOrEmpty();

  578.   }

  579. 

  580.   @Test

  581.   public void returns_hotspot_component_and_rule() {

  582.     ComponentDto project = dbTester.components().insertPublicProject();

  583.     userSessionRule.registerComponents(project);

  584.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  585.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  586.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  587.     mockChangelogAndCommentsFormattingContext();

  588. 

  589.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  590.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  591. 

  592.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  593.     verifyComponent(response.getComponent(), file, null, null);

  594.     verifyComponent(response.getProject(), project, null, null);

  595.     verifyRule(response.getRule(), rule);

  596.     assertThat(response.hasTextRange()).isFalse();

  597.   }

  598. 

  599.   @Test

  600.   public void returns_no_textRange_when_locations_have_none() {

  601.     ComponentDto project = dbTester.components().insertPublicProject();

  602.     userSessionRule.registerComponents(project);

  603.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  604.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  605.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  606.       t -> t.setLocations(DbIssues.Locations.newBuilder().build()));

  607.     mockChangelogAndCommentsFormattingContext();

  608. 

  609.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  610.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  611. 

  612.     assertThat(response.hasTextRange()).isFalse();

  613.   }

  614. 

  615.   @Test

  616.   @UseDataProvider("randomTextRangeValues")

  617.   public void returns_textRange(int startLine, int endLine, int startOffset, int endOffset) {

  618.     ComponentDto project = dbTester.components().insertPublicProject();

  619.     userSessionRule.registerComponents(project);

  620.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  621.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  622.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  623.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  624.         .setTextRange(DbCommons.TextRange.newBuilder()

  625.           .setStartLine(startLine)

  626.           .setEndLine(endLine)

  627.           .setStartOffset(startOffset)

  628.           .setEndOffset(endOffset)

  629.           .build())

  630.         .build()));

  631.     mockChangelogAndCommentsFormattingContext();

  632. 

  633.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  634.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  635. 

  636.     assertThat(response.hasTextRange()).isTrue();

  637.     Common.TextRange textRange = response.getTextRange();

  638.     assertThat(textRange.getStartLine()).isEqualTo(startLine);

  639.     assertThat(textRange.getEndLine()).isEqualTo(endLine);

  640.     assertThat(textRange.getStartOffset()).isEqualTo(startOffset);

  641.     assertThat(textRange.getEndOffset()).isEqualTo(endOffset);

  642.   }

  643. 

  644.   @Test

  645.   public void returns_no_assignee_when_user_does_not_exist() {

  646.     ComponentDto project = dbTester.components().insertPublicProject();

  647.     userSessionRule.registerComponents(project);

  648.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  649.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  650.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(randomAlphabetic(10)));

  651.     mockChangelogAndCommentsFormattingContext();

  652. 

  653.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  654.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  655. 

  656.     assertThat(response.hasAssignee()).isFalse();

  657.   }

  658. 

  659.   @Test

  660.   public void returns_assignee_details_when_user_exists() {

  661.     ComponentDto project = dbTester.components().insertPublicProject();

  662.     userSessionRule.registerComponents(project);

  663.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  664.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  665.     UserDto assignee = dbTester.users().insertUser();

  666.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  667.     mockChangelogAndCommentsFormattingContext();

  668. 

  669.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  670.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  671. 

  672.     assertThat(response.getAssignee()).isEqualTo(assignee.getLogin());

  673.     assertThat(response.getUsersList()).hasSize(1);

  674.     User wsAssignee = response.getUsersList().iterator().next();

  675.     assertThat(wsAssignee.getLogin()).isEqualTo(assignee.getLogin());

  676.     assertThat(wsAssignee.getName()).isEqualTo(assignee.getName());

  677.     assertThat(wsAssignee.getActive()).isEqualTo(assignee.isActive());

  678.     assertThat(wsAssignee.getAvatar()).isEqualTo(avatarResolver.create(assignee));

  679.   }

  680. 

  681.   @Test

  682.   public void returns_no_avatar_if_assignee_has_no_email() {

  683.     ComponentDto project = dbTester.components().insertPublicProject();

  684.     userSessionRule.registerComponents(project);

  685.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  686.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  687.     UserDto assignee = dbTester.users().insertUser(t -> t.setEmail(null));

  688.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  689.     mockChangelogAndCommentsFormattingContext();

  690. 

  691.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  692.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  693. 

  694.     assertThat(response.getUsersList()).hasSize(1);

  695.     assertThat(response.getUsersList().iterator().next().hasAvatar()).isFalse();

  696.   }

  697. 

  698.   @Test

  699.   public void returns_inactive_when_assignee_is_inactive() {

  700.     ComponentDto project = dbTester.components().insertPublicProject();

  701.     userSessionRule.registerComponents(project);

  702.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  703.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  704.     UserDto assignee = dbTester.users().insertUser(t -> t.setActive(false));

  705.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  706.     mockChangelogAndCommentsFormattingContext();

  707. 

  708.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  709.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  710. 

  711.     assertThat(response.getUsersList()).hasSize(1);

  712.     assertThat(response.getUsersList().iterator().next().getActive()).isFalse();

  713.   }

  714. 

  715.   @Test

  716.   public void returns_author_login_when_user_does_not_exist() {

  717.     ComponentDto project = dbTester.components().insertPublicProject();

  718.     userSessionRule.registerComponents(project);

  719.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  720.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  721.     String authorLogin = randomAlphabetic(10);

  722.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(authorLogin));

  723.     mockChangelogAndCommentsFormattingContext();

  724. 

  725.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  726.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  727. 

  728.     assertThat(response.getUsersList()).isEmpty();

  729.     assertThat(response.getAuthor()).isEqualTo(authorLogin);

  730.   }

  731. 

  732.   @Test

  733.   public void returns_author_details_when_user_exists() {

  734.     ComponentDto project = dbTester.components().insertPublicProject();

  735.     userSessionRule.registerComponents(project);

  736.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  737.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  738.     UserDto author = dbTester.users().insertUser();

  739.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  740.     mockChangelogAndCommentsFormattingContext();

  741. 

  742.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  743.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  744. 

  745.     assertThat(response.getAuthor()).isEqualTo(author.getLogin());

  746.     User wsAuthorFromList = response.getUsersList().iterator().next();

  747.     assertThat(wsAuthorFromList.getLogin()).isEqualTo(author.getLogin());

  748.     assertThat(wsAuthorFromList.getName()).isEqualTo(author.getName());

  749.     assertThat(wsAuthorFromList.getActive()).isEqualTo(author.isActive());

  750.     assertThat(wsAuthorFromList.getAvatar()).isEqualTo(avatarResolver.create(author));

  751.   }

  752. 

  753.   @Test

  754.   public void returns_no_avatar_if_author_has_no_email() {

  755.     ComponentDto project = dbTester.components().insertPublicProject();

  756.     userSessionRule.registerComponents(project);

  757.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  758.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  759.     UserDto author = dbTester.users().insertUser(t -> t.setEmail(null));

  760.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  761.     mockChangelogAndCommentsFormattingContext();

  762. 

  763.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  764.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  765. 

  766.     assertThat(response.getUsersList()).hasSize(1);

  767.     assertThat(response.getUsersList().iterator().next().hasAvatar()).isFalse();

  768.   }

  769. 

  770.   @Test

  771.   public void returns_inactive_if_author_is_inactive() {

  772.     ComponentDto project = dbTester.components().insertPublicProject();

  773.     userSessionRule.registerComponents(project);

  774.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  775.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  776.     UserDto author = dbTester.users().insertUser(t -> t.setActive(false));

  777.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  778.     mockChangelogAndCommentsFormattingContext();

  779. 

  780.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  781.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  782. 

  783.     assertThat(response.getUsersList()).hasSize(1);

  784.     assertThat(response.getUsersList().iterator().next().getActive()).isFalse();

  785.   }

  786. 

  787.   @DataProvider

  788.   public static Object[][] randomTextRangeValues() {

  789.     int startLine = RANDOM.nextInt(200);

  790.     int endLine = RANDOM.nextInt(200);

  791.     int startOffset = RANDOM.nextInt(200);

  792.     int endOffset = RANDOM.nextInt(200);

  793.     return new Object[][] {

  794.       {startLine, endLine, startOffset, endOffset}

  795.     };

  796.   }

  797. 

  798.   @Test

  799.   public void returns_textRange_missing_fields() {

  800.     ComponentDto project = dbTester.components().insertPublicProject();

  801.     userSessionRule.registerComponents(project);

  802.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  803.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  804.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  805.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  806.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  807.         .build()));

  808.     mockChangelogAndCommentsFormattingContext();

  809. 

  810.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  811.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  812. 

  813.     assertThat(response.hasTextRange()).isTrue();

  814.     Common.TextRange textRange = response.getTextRange();

  815.     assertThat(textRange.hasStartLine()).isFalse();

  816.     assertThat(textRange.hasEndLine()).isFalse();

  817.     assertThat(textRange.hasStartOffset()).isFalse();

  818.     assertThat(textRange.hasEndOffset()).isFalse();

  819.   }

  820. 

  821.   @Test

  822.   @UseDataProvider("allSQCategoryAndVulnerabilityProbability")

  823.   public void returns_securityCategory_and_vulnerabilityProbability_of_rule(Set<String> standards,

  824.     SQCategory expected) {

  825.     ComponentDto project = dbTester.components().insertPublicProject();

  826.     userSessionRule.registerComponents(project);

  827.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  828.     RuleDto rule = newRule(SECURITY_HOTSPOT, t -> t.setSecurityStandards(standards));

  829.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  830.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  831.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  832.         .build()));

  833.     mockChangelogAndCommentsFormattingContext();

  834. 

  835.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  836.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  837. 

  838.     Hotspots.Rule wsRule = response.getRule();

  839.     assertThat(wsRule.getSecurityCategory()).isEqualTo(expected.getKey());

  840.     assertThat(wsRule.getVulnerabilityProbability()).isEqualTo(expected.getVulnerability().name());

  841.   }

  842. 

  843.   @DataProvider

  844.   public static Object[][] allSQCategoryAndVulnerabilityProbability() {

  845.     Stream<Object[]> allButOthers = SecurityStandards.CWES_BY_SQ_CATEGORY

  846.       .entrySet()

  847.       .stream()

  848.       .map(t -> new Object[] {

  849.         t.getValue().stream().map(s -> "cwe:" + s).collect(Collectors.toSet()),

  850.         t.getKey()

  851.       });

  852.     Stream<Object[]> others = Stream.of(

  853.       new Object[] {Collections.emptySet(), SQCategory.OTHERS},

  854.       new Object[] {ImmutableSet.of("foo", "bar", "acme"), SQCategory.OTHERS});

  855.     return Stream.concat(allButOthers, others)

  856.       .toArray(Object[][]::new);

  857.   }

  858. 

  859.   @Test

  860.   public void returns_project_twice_when_hotspot_on_project() {

  861.     ComponentDto project = dbTester.components().insertPublicProject();

  862.     userSessionRule.registerComponents(project);

  863.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  864.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, project,

  865.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  866.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  867.         .build()));

  868.     mockChangelogAndCommentsFormattingContext();

  869. 

  870.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  871.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  872. 

  873.     verifyComponent(response.getProject(), project, null, null);

  874.     verifyComponent(response.getComponent(), project, null, null);

  875.   }

  876. 

  877.   @Test

  878.   public void returns_branch_but_no_pullRequest_on_component_and_project_on_non_main_branch() {

  879.     ComponentDto project = dbTester.components().insertPublicProject();

  880.     ComponentDto branch = dbTester.components().insertProjectBranch(project);

  881.     ComponentDto file = dbTester.components().insertComponent(newFileDto(branch));

  882.     userSessionRule.registerComponents(project);

  883.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  884.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, branch, file,

  885.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  886.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  887.         .build()));

  888.     mockChangelogAndCommentsFormattingContext();

  889. 

  890.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  891.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  892. 

  893.     verifyComponent(response.getProject(), branch, branch.getBranch(), null);

  894.     verifyComponent(response.getComponent(), file, branch.getBranch(), null);

  895.   }

  896. 

  897.   @Test

  898.   public void returns_pullRequest_but_no_branch_on_component_and_project_on_pullRequest() {

  899.     ComponentDto project = dbTester.components().insertPublicProject();

  900.     ComponentDto pullRequest = dbTester.components().insertProjectBranch(project,

  901.       t -> t.setBranchType(BranchType.PULL_REQUEST));

  902.     ComponentDto file = dbTester.components().insertComponent(newFileDto(pullRequest));

  903.     userSessionRule.registerComponents(project);

  904.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  905.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, pullRequest, file,

  906.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  907.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  908.         .build()));

  909.     mockChangelogAndCommentsFormattingContext();

  910. 

  911.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  912.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  913. 

  914.     verifyComponent(response.getProject(), pullRequest, null, pullRequest.getPullRequest());

  915.     verifyComponent(response.getComponent(), file, null, pullRequest.getPullRequest());

  916.   }

  917. 

  918.   @Test

  919.   public void returns_hotspot_changelog_and_comments() {

  920.     ComponentDto project = dbTester.components().insertPublicProject();

  921.     userSessionRule.registerComponents(project);

  922.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  923.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  924.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  925.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  926.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  927.         .build()));

  928.     List<Common.Changelog> changelog = IntStream.range(0, 1 + new Random().nextInt(12))

  929.       .mapToObj(i -> Common.Changelog.newBuilder().setUser("u" + i).build())

  930.       .collect(Collectors.toList());

  931.     List<Common.Comment> comments = IntStream.range(0, 1 + new Random().nextInt(12))

  932.       .mapToObj(i -> Common.Comment.newBuilder().setKey("u" + i).build())

  933.       .collect(Collectors.toList());

  934.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  935.     when(issueChangeSupport.formatChangelog(any(), any())).thenReturn(changelog.stream());

  936.     when(issueChangeSupport.formatComments(any(), any(), any())).thenReturn(comments.stream());

  937. 

  938.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  939.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  940. 

  941.     assertThat(response.getChangelogList())

  942.       .extracting(Common.Changelog::getUser)

  943.       .containsExactly(changelog.stream().map(Common.Changelog::getUser).toArray(String[]::new));

  944.     assertThat(response.getCommentList())

  945.       .extracting(Common.Comment::getKey)

  946.       .containsExactly(comments.stream().map(Common.Comment::getKey).toArray(String[]::new));

  947.     verify(issueChangeSupport).newFormattingContext(any(DbSession.class),

  948.       argThat(new IssueDtoSetArgumentMatcher(hotspot)),

  949.       eq(Load.ALL),

  950.       eq(Collections.emptySet()), eq(ImmutableSet.of(project, file)));

  951.     verify(issueChangeSupport).formatChangelog(argThat(new IssueDtoArgumentMatcher(hotspot)), eq(formattingContext));

  952.     verify(issueChangeSupport).formatComments(argThat(new IssueDtoArgumentMatcher(hotspot)), any(Common.Comment.Builder.class), eq(formattingContext));

  953.   }

  954. 

  955.   @Test

  956.   public void returns_user_details_of_users_from_ChangelogAndComments() {

  957.     ComponentDto project = dbTester.components().insertPublicProject();

  958.     userSessionRule.registerComponents(project);

  959.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  960.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  961.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  962.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  963.     Set<UserDto> changeLogAndCommentsUsers = IntStream.range(0, 1 + RANDOM.nextInt(14))

  964.       .mapToObj(i -> UserTesting.newUserDto())

  965.       .collect(Collectors.toSet());

  966.     when(formattingContext.getUsers()).thenReturn(changeLogAndCommentsUsers);

  967. 

  968.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  969.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  970. 

  971.     assertThat(response.getUsersList())

  972.       .extracting(User::getLogin, User::getName, User::getActive)

  973.       .containsExactlyInAnyOrder(

  974.         changeLogAndCommentsUsers.stream()

  975.           .map(t -> tuple(t.getLogin(), t.getName(), t.isActive()))

  976.           .toArray(Tuple[]::new));

  977.   }

  978. 

  979.   @Test

  980.   public void returns_user_of_users_from_ChangelogAndComments_and_assignee_and_author() {

  981.     ComponentDto project = dbTester.components().insertPublicProject();

  982.     userSessionRule.registerComponents(project);

  983.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  984.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  985.     UserDto author = dbTester.users().insertUser();

  986.     UserDto assignee = dbTester.users().insertUser();

  987.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  988.       t -> t.setAuthorLogin(author.getLogin())

  989.         .setAssigneeUuid(assignee.getUuid()));

  990.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  991.     Set<UserDto> changeLogAndCommentsUsers = IntStream.range(0, 1 + RANDOM.nextInt(14))

  992.       .mapToObj(i -> UserTesting.newUserDto())

  993.       .collect(Collectors.toSet());

  994.     when(formattingContext.getUsers()).thenReturn(changeLogAndCommentsUsers);

  995. 

  996.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  997.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  998. 

  999.     assertThat(response.getUsersList())

  1000.       .extracting(User::getLogin, User::getName, User::getActive)

  1001.       .containsExactlyInAnyOrder(

  1002.         Stream.concat(

  1003.           Stream.of(author, assignee),

  1004.           changeLogAndCommentsUsers.stream())

  1005.           .map(t -> tuple(t.getLogin(), t.getName(), t.isActive()))

  1006.           .toArray(Tuple[]::new));

  1007.   }

  1008. 

  1009.   @Test

  1010.   public void do_not_duplicate_user_if_author_assignee_ChangeLogComment_user() {

  1011.     ComponentDto project = dbTester.components().insertPublicProject();

  1012.     userSessionRule.registerComponents(project);

  1013.     RuleDto rule = newRule(SECURITY_HOTSPOT);

  1014.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  1015.     UserDto author = dbTester.users().insertUser();

  1016.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  1017.       t -> t.setAuthorLogin(author.getLogin())

  1018.         .setAssigneeUuid(author.getUuid()));

  1019.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  1020.     when(formattingContext.getUsers()).thenReturn(ImmutableSet.of(author));

  1021. 

  1022.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  1023.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  1024. 

  1025.     assertThat(response.getUsersList())

  1026.       .extracting(User::getLogin, User::getName, User::getActive)

  1027.       .containsOnly(tuple(author.getLogin(), author.getName(), author.isActive()));

  1028.   }

  1029. 

  1030.   @Test

  1031.   public void verify_response_example() {

  1032.     ComponentDto project = dbTester.components().insertPublicProject(componentDto -> componentDto

  1033.       .setName("test-project")

  1034.       .setLongName("test-project")

  1035.       .setDbKey("com.sonarsource:test-project"));

  1036.     userSessionRule.registerComponents(project)

  1037.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  1038. 

  1039.     ComponentDto file = dbTester.components().insertComponent(

  1040.       newFileDto(project)

  1041.         .setDbKey("com.sonarsource:test-project:src/main/java/com/sonarsource/FourthClass.java")

  1042.         .setName("FourthClass.java")

  1043.         .setLongName("src/main/java/com/sonarsource/FourthClass.java")

  1044.         .setPath("src/main/java/com/sonarsource/FourthClass.java"));

  1045.     UserDto author = dbTester.users().insertUser(u -> u.setLogin("joe")

  1046.       .setName("Joe"));

  1047. 

  1048.     long time = 1577976190000L;

  1049.     RuleDto rule = newRule(SECURITY_HOTSPOT, r -> r.setRuleKey("S4787")

  1050.       .setRepositoryKey("java")

  1051.       .setName("rule-name")

  1052.       .setSecurityStandards(Sets.newHashSet(SQCategory.WEAK_CRYPTOGRAPHY.getKey())));

  1053.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, h -> h

  1054.       .setAssigneeUuid("assignee-uuid")

  1055.       .setAuthorLogin("joe")

  1056.       .setMessage("message")

  1057.       .setLine(10)

  1058.       .setChecksum("a227e508d6646b55a086ee11d63b21e9")

  1059.       .setIssueCreationTime(time)

  1060.       .setIssueUpdateTime(time)

  1061.       .setAuthorLogin(author.getLogin())

  1062.       .setAssigneeUuid(author.getUuid())

  1063.       .setKee("AW9mgJw6eFC3pGl94Wrf"));

  1064. 

  1065.     List<Common.Changelog> changelog = IntStream.range(0, 3)

  1066.       .mapToObj(i -> Common.Changelog.newBuilder()

  1067.         .setUser("joe")

  1068.         .setCreationDate("2020-01-02T14:44:55+0100")

  1069.         .addDiffs(Diff.newBuilder().setKey("diff-key-" + i).setNewValue("new-value-" + i).setOldValue("old-value-" + i))

  1070.         .setIsUserActive(true)

  1071.         .setUserName("Joe")

  1072.         .setAvatar("my-avatar")

  1073.         .build())

  1074.       .collect(Collectors.toList());

  1075.     List<Common.Comment> comments = IntStream.range(0, 3)

  1076.       .mapToObj(i -> Common.Comment.newBuilder()

  1077.         .setKey("comment-" + i)

  1078.         .setHtmlText("html text " + i)

  1079.         .setLogin("Joe")

  1080.         .setMarkdown("markdown " + i)

  1081.         .setCreatedAt("2020-01-02T14:47:47+0100")

  1082.         .build())

  1083.       .collect(Collectors.toList());

  1084. 

  1085.     mockChangelogAndCommentsFormattingContext();

  1086.     when(issueChangeSupport.formatChangelog(any(), any())).thenReturn(changelog.stream());

  1087.     when(issueChangeSupport.formatComments(any(), any(), any())).thenReturn(comments.stream());

  1088. 

  1089.     assertThat(actionTester.getDef().responseExampleAsString()).isNotNull();

  1090.     newRequest(hotspot)

  1091.       .execute()

  1092.       .assertJson(actionTester.getDef().responseExampleAsString());

  1093.   }

  1094. 

  1095.   private FormattingContext mockChangelogAndCommentsFormattingContext() {

  1096.     FormattingContext formattingContext = Mockito.mock(FormattingContext.class);

  1097.     when(issueChangeSupport.newFormattingContext(any(), any(), any(), anySet(), anySet())).thenReturn(formattingContext);

  1098.     return formattingContext;

  1099.   }

  1100. 

  1101.   private void verifyRule(Hotspots.Rule wsRule, RuleDto dto) {

  1102.     assertThat(wsRule.getKey()).isEqualTo(dto.getKey().toString());

  1103.     assertThat(wsRule.getName()).isEqualTo(dto.getName());

  1104.     assertThat(wsRule.getSecurityCategory()).isEqualTo(SQCategory.OTHERS.getKey());

  1105.     assertThat(wsRule.getVulnerabilityProbability()).isEqualTo(SQCategory.OTHERS.getVulnerability().name());

  1106.   }

  1107. 

  1108.   private static void verifyComponent(Hotspots.Component wsComponent, ComponentDto dto, @Nullable String branch, @Nullable String pullRequest) {

  1109.     assertThat(wsComponent.getKey()).isEqualTo(dto.getKey());

  1110.     if (dto.path() == null) {

  1111.       assertThat(wsComponent.hasPath()).isFalse();

  1112.     } else {

  1113.       assertThat(wsComponent.getPath()).isEqualTo(dto.path());

  1114.     }

  1115.     assertThat(wsComponent.getQualifier()).isEqualTo(dto.qualifier());

  1116.     assertThat(wsComponent.getName()).isEqualTo(dto.name());

  1117.     assertThat(wsComponent.getLongName()).isEqualTo(dto.longName());

  1118.     if (branch == null) {

  1119.       assertThat(wsComponent.hasBranch()).isFalse();

  1120.     } else {

  1121.       assertThat(wsComponent.getBranch()).isEqualTo(branch);

  1122.     }

  1123.     if (pullRequest == null) {

  1124.       assertThat(wsComponent.hasPullRequest()).isFalse();

  1125.     } else {

  1126.       assertThat(wsComponent.getPullRequest()).isEqualTo(pullRequest);

  1127.     }

  1128.   }

  1129. 

  1130.   private TestRequest newRequest(IssueDto hotspot) {

  1131.     return actionTester.newRequest()

  1132.       .setParam("hotspot", hotspot.getKey());

  1133.   }

  1134. 

  1135.   private RuleDto newRule(RuleType ruleType) {

  1136.     return newRule(ruleType, t -> {

  1137.     });

  1138.   }

  1139. 

  1140.   private RuleDto newRule(RuleType ruleType, Consumer<RuleDto> populate) {

  1141.     return newRule(ruleType, RuleTesting::newRule, populate);

  1142.   }

  1143. 

  1144.   private RuleDto newRuleWithoutSection(RuleType ruleType, Consumer<RuleDto> populate) {

  1145.     return newRule(ruleType, RuleTesting::newRuleWithoutDescriptionSection, populate);

  1146.   }

  1147. 

  1148.   private RuleDto newRule(RuleType ruleType, Supplier<RuleDto> ruleDefinitionDtoSupplier, Consumer<RuleDto> populate) {

  1149.     RuleDto ruleDefinitionDto = ruleDefinitionDtoSupplier.get().setType(ruleType);

  1150.     populate.accept(ruleDefinitionDto);

  1151.     dbTester.rules().insert(ruleDefinitionDto);

  1152.     return ruleDefinitionDto;

  1153.   }

  1154. 

  1155.   private static class IssueDtoSetArgumentMatcher implements ArgumentMatcher<Set<IssueDto>> {

  1156.     private final IssueDto expected;

  1157. 

  1158.     private IssueDtoSetArgumentMatcher(IssueDto expected) {

  1159.       this.expected = expected;

  1160.     }

  1161. 

  1162.     @Override

  1163.     public boolean matches(Set<IssueDto> argument) {

  1164.       return argument != null && argument.size() == 1 && argument.iterator().next().getKey().equals(expected.getKey());

  1165.     }

  1166. 

  1167.     @Override

  1168.     public String toString() {

  1169.       return "Set<IssueDto>[" + expected.getKey() + "]";

  1170.     }

  1171.   }

  1172. 

  1173.   private static class IssueDtoArgumentMatcher implements ArgumentMatcher<IssueDto> {

  1174.     private final IssueDto expected;

  1175. 

  1176.     private IssueDtoArgumentMatcher(IssueDto expected) {

  1177.       this.expected = expected;

  1178.     }

  1179. 

  1180.     @Override

  1181.     public boolean matches(IssueDto argument) {

  1182.       return argument != null && argument.getKey().equals(expected.getKey());

  1183.     }

  1184. 

  1185.     @Override

  1186.     public String toString() {

  1187.       return "IssueDto[key=" + expected.getKey() + "]";

  1188.     }

  1189.   }

  1190. 

  1191. }