mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30604 Commits
59 Branches
Tree: ffaa8f3cd6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ffaa8f3cd6'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/ShowAction.java

ShowAction.java 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2021 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.hotspot.ws;

  21. 

  22. import com.google.common.collect.ImmutableSet;

  23. import java.util.Objects;

  24. import java.util.Optional;

  25. import java.util.Set;

  26. import java.util.stream.Stream;

  27. import javax.annotation.CheckForNull;

  28. import javax.annotation.Nullable;

  29. import org.sonar.api.rule.RuleKey;

  30. import org.sonar.api.server.ws.Request;

  31. import org.sonar.api.server.ws.Response;

  32. import org.sonar.api.server.ws.WebService;

  33. import org.sonar.api.web.UserRole;

  34. import org.sonar.core.util.Uuids;

  35. import org.sonar.db.DbClient;

  36. import org.sonar.db.DbSession;

  37. import org.sonar.db.component.ComponentDto;

  38. import org.sonar.db.issue.IssueDto;

  39. import org.sonar.db.rule.RuleDefinitionDto;

  40. import org.sonar.db.user.UserDto;

  41. import org.sonar.server.exceptions.NotFoundException;

  42. import org.sonar.server.issue.IssueChangeWSSupport;

  43. import org.sonar.server.issue.IssueChangeWSSupport.FormattingContext;

  44. import org.sonar.server.issue.IssueChangeWSSupport.Load;

  45. import org.sonar.server.issue.TextRangeResponseFormatter;

  46. import org.sonar.server.issue.ws.UserResponseFormatter;

  47. import org.sonar.server.rule.HotspotRuleDescription;

  48. import org.sonar.server.security.SecurityStandards;

  49. import org.sonar.server.text.MacroInterpreter;

  50. import org.sonarqube.ws.Common;

  51. import org.sonarqube.ws.Hotspots;

  52. import org.sonarqube.ws.Hotspots.ShowWsResponse;

  53. 

  54. import static com.google.common.base.Preconditions.checkArgument;

  55. import static com.google.common.base.Strings.emptyToNull;

  56. import static com.google.common.base.Strings.nullToEmpty;

  57. import static java.lang.String.format;

  58. import static java.util.Collections.singleton;

  59. import static java.util.Optional.ofNullable;

  60. import static org.sonar.api.utils.DateUtils.formatDateTime;

  61. import static org.sonar.core.util.stream.MoreCollectors.toSet;

  62. import static org.sonar.server.ws.WsUtils.writeProtobuf;

  63. 

  64. public class ShowAction implements HotspotsWsAction {

  65. 

  66.   private static final String PARAM_HOTSPOT_KEY = "hotspot";

  67. 

  68.   private final DbClient dbClient;

  69.   private final HotspotWsSupport hotspotWsSupport;

  70.   private final HotspotWsResponseFormatter responseFormatter;

  71.   private final TextRangeResponseFormatter textRangeFormatter;

  72.   private final UserResponseFormatter userFormatter;

  73.   private final IssueChangeWSSupport issueChangeSupport;

  74.   private final MacroInterpreter macroInterpreter;

  75. 

  76.   public ShowAction(DbClient dbClient, HotspotWsSupport hotspotWsSupport,

  77.     HotspotWsResponseFormatter responseFormatter, TextRangeResponseFormatter textRangeFormatter,

  78.     UserResponseFormatter userFormatter, IssueChangeWSSupport issueChangeSupport, MacroInterpreter macroInterpreter) {

  79.     this.dbClient = dbClient;

  80.     this.hotspotWsSupport = hotspotWsSupport;

  81.     this.responseFormatter = responseFormatter;

  82.     this.textRangeFormatter = textRangeFormatter;

  83.     this.userFormatter = userFormatter;

  84.     this.issueChangeSupport = issueChangeSupport;

  85.     this.macroInterpreter = macroInterpreter;

  86.   }

  87. 

  88.   @Override

  89.   public void define(WebService.NewController controller) {

  90.     WebService.NewAction action = controller

  91.       .createAction("show")

  92.       .setHandler(this)

  93.       .setDescription("Provides the details of a Security Hotspot.")

  94.       .setSince("8.1");

  95. 

  96.     action.createParam(PARAM_HOTSPOT_KEY)

  97.       .setDescription("Key of the Security Hotspot")

  98.       .setExampleValue(Uuids.UUID_EXAMPLE_03)

  99.       .setRequired(true);

  100. 

  101.     action.setResponseExample(getClass().getResource("show-example.json"));

  102.   }

  103. 

  104.   @Override

  105.   public void handle(Request request, Response response) throws Exception {

  106.     String hotspotKey = request.mandatoryParam(PARAM_HOTSPOT_KEY);

  107.     try (DbSession dbSession = dbClient.openSession(false)) {

  108.       IssueDto hotspot = hotspotWsSupport.loadHotspot(dbSession, hotspotKey);

  109. 

  110.       Components components = loadComponents(dbSession, hotspot);

  111.       Users users = loadUsers(dbSession, hotspot);

  112.       RuleDefinitionDto rule = loadRule(dbSession, hotspot);

  113. 

  114.       ShowWsResponse.Builder responseBuilder = ShowWsResponse.newBuilder();

  115.       formatHotspot(responseBuilder, hotspot, users);

  116.       formatComponents(components, responseBuilder);

  117.       formatRule(responseBuilder, rule);

  118.       formatTextRange(responseBuilder, hotspot);

  119.       FormattingContext formattingContext = formatChangeLogAndComments(dbSession, hotspot, users, components, responseBuilder);

  120.       formatUsers(responseBuilder, users, formattingContext);

  121. 

  122.       writeProtobuf(responseBuilder.build(), request, response);

  123.     }

  124.   }

  125. 

  126.   private Users loadUsers(DbSession dbSession, IssueDto hotspot) {

  127.     UserDto assignee = ofNullable(hotspot.getAssigneeUuid())

  128.       .map(uuid -> dbClient.userDao().selectByUuid(dbSession, uuid))

  129.       .orElse(null);

  130.     UserDto author = ofNullable(hotspot.getAuthorLogin())

  131.       .map(login -> {

  132.         if (assignee != null && assignee.getLogin().equals(login)) {

  133.           return assignee;

  134.         }

  135.         return dbClient.userDao().selectByLogin(dbSession, login);

  136.       })

  137.       .orElse(null);

  138.     return new Users(assignee, author);

  139.   }

  140. 

  141.   private static void formatHotspot(ShowWsResponse.Builder builder, IssueDto hotspot, Users users) {

  142.     builder.setKey(hotspot.getKey());

  143.     ofNullable(hotspot.getStatus()).ifPresent(builder::setStatus);

  144.     ofNullable(hotspot.getResolution()).ifPresent(builder::setResolution);

  145.     ofNullable(hotspot.getLine()).ifPresent(builder::setLine);

  146.     ofNullable(emptyToNull(hotspot.getChecksum())).ifPresent(builder::setHash);

  147.     builder.setMessage(nullToEmpty(hotspot.getMessage()));

  148.     builder.setCreationDate(formatDateTime(hotspot.getIssueCreationDate()));

  149.     builder.setUpdateDate(formatDateTime(hotspot.getIssueUpdateDate()));

  150.     users.getAssignee().map(UserDto::getLogin).ifPresent(builder::setAssignee);

  151.     Optional.ofNullable(hotspot.getAuthorLogin()).ifPresent(builder::setAuthor);

  152.   }

  153. 

  154.   private void formatComponents(Components components, ShowWsResponse.Builder responseBuilder) {

  155.     responseBuilder

  156.       .setProject(responseFormatter.formatComponent(Hotspots.Component.newBuilder(), components.getProject()))

  157.       .setComponent(responseFormatter.formatComponent(Hotspots.Component.newBuilder(), components.getComponent()));

  158.     responseBuilder.setCanChangeStatus(hotspotWsSupport.canChangeStatus(components.getProject()));

  159.   }

  160. 

  161.   private void formatRule(ShowWsResponse.Builder responseBuilder, RuleDefinitionDto ruleDefinitionDto) {

  162.     SecurityStandards securityStandards = SecurityStandards.fromSecurityStandards(ruleDefinitionDto.getSecurityStandards());

  163.     SecurityStandards.SQCategory sqCategory = securityStandards.getSqCategory();

  164. 

  165.     Hotspots.Rule.Builder ruleBuilder = Hotspots.Rule.newBuilder()

  166.       .setKey(ruleDefinitionDto.getKey().toString())

  167.       .setName(nullToEmpty(ruleDefinitionDto.getName()))

  168.       .setSecurityCategory(sqCategory.getKey())

  169.       .setVulnerabilityProbability(sqCategory.getVulnerability().name());

  170. 

  171.     HotspotRuleDescription hotspotRuleDescription = HotspotRuleDescription.from(ruleDefinitionDto);

  172.     hotspotRuleDescription.getVulnerable().ifPresent(ruleBuilder::setVulnerabilityDescription);

  173.     hotspotRuleDescription.getRisk().ifPresent(ruleBuilder::setRiskDescription);

  174.     hotspotRuleDescription.getFixIt().ifPresent(ruleBuilder::setFixRecommendations);

  175. 

  176.     responseBuilder.setRule(ruleBuilder.build());

  177.   }

  178. 

  179.   private void formatTextRange(ShowWsResponse.Builder responseBuilder, IssueDto hotspot) {

  180.     textRangeFormatter.formatTextRange(hotspot, responseBuilder::setTextRange);

  181.   }

  182. 

  183.   private FormattingContext formatChangeLogAndComments(DbSession dbSession, IssueDto hotspot, Users users, Components components, ShowWsResponse.Builder responseBuilder) {

  184.     Set<UserDto> preloadedUsers = Stream.of(users.getAssignee(), users.getAuthor())

  185.       .filter(Optional::isPresent)

  186.       .map(Optional::get)

  187.       .collect(toSet());

  188.     Set<ComponentDto> preloadedComponents = ImmutableSet.of(components.project, components.component);

  189.     FormattingContext formattingContext = issueChangeSupport

  190.       .newFormattingContext(dbSession, singleton(hotspot), Load.ALL, preloadedUsers, preloadedComponents);

  191. 

  192.     issueChangeSupport.formatChangelog(hotspot, formattingContext)

  193.       .forEach(responseBuilder::addChangelog);

  194.     issueChangeSupport.formatComments(hotspot, Common.Comment.newBuilder(), formattingContext)

  195.       .forEach(responseBuilder::addComment);

  196. 

  197.     return formattingContext;

  198.   }

  199. 

  200.   private void formatUsers(ShowWsResponse.Builder responseBuilder, Users users, FormattingContext formattingContext) {

  201.     Common.User.Builder userBuilder = Common.User.newBuilder();

  202.     Stream.concat(

  203.       Stream.of(users.getAssignee(), users.getAuthor())

  204.         .filter(Optional::isPresent)

  205.         .map(Optional::get),

  206.       formattingContext.getUsers().stream())

  207.       .distinct()

  208.       .map(user -> userFormatter.formatUser(userBuilder, user))

  209.       .forEach(responseBuilder::addUsers);

  210.   }

  211. 

  212.   private RuleDefinitionDto loadRule(DbSession dbSession, IssueDto hotspot) {

  213.     RuleKey ruleKey = hotspot.getRuleKey();

  214.     return dbClient.ruleDao().selectDefinitionByKey(dbSession, ruleKey)

  215.       .orElseThrow(() -> new NotFoundException(format("Rule '%s' does not exist", ruleKey)));

  216.   }

  217. 

  218.   private Components loadComponents(DbSession dbSession, IssueDto hotspot) {

  219.     String componentUuid = hotspot.getComponentUuid();

  220. 

  221.     ComponentDto project = hotspotWsSupport.loadAndCheckProject(dbSession, hotspot, UserRole.USER);

  222. 

  223.     checkArgument(componentUuid != null, "Hotspot '%s' has no component", hotspot.getKee());

  224.     boolean hotspotOnProject = Objects.equals(project.uuid(), componentUuid);

  225.     ComponentDto component = hotspotOnProject ? project

  226.       : dbClient.componentDao().selectByUuid(dbSession, componentUuid)

  227.       .orElseThrow(() -> new NotFoundException(format("Component with uuid '%s' does not exist", componentUuid)));

  228. 

  229.     return new Components(project, component);

  230.   }

  231. 

  232.   private static final class Components {

  233.     private final ComponentDto project;

  234.     private final ComponentDto component;

  235. 

  236.     private Components(ComponentDto project, ComponentDto component) {

  237.       this.project = project;

  238.       this.component = component;

  239.     }

  240. 

  241.     public ComponentDto getProject() {

  242.       return project;

  243.     }

  244. 

  245.     public ComponentDto getComponent() {

  246.       return component;

  247.     }

  248.   }

  249. 

  250.   private static final class Users {

  251.     @CheckForNull

  252.     private final UserDto assignee;

  253.     @CheckForNull

  254.     private final UserDto author;

  255. 

  256.     private Users(@Nullable UserDto assignee, @Nullable UserDto author) {

  257.       this.assignee = assignee;

  258.       this.author = author;

  259.     }

  260. 

  261.     public Optional<UserDto> getAssignee() {

  262.       return ofNullable(assignee);

  263.     }

  264. 

  265.     public Optional<UserDto> getAuthor() {

  266.       return ofNullable(author);

  267.     }

  268.   }

  269. }