mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30604 Commits
59 Branches
Tree: ffaa8f3cd6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ffaa8f3cd6'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/ShowActionTest.java

ShowActionTest.java 44KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2021 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.hotspot.ws;

  21. 

  22. import com.google.common.collect.ImmutableSet;

  23. import com.google.common.collect.Sets;

  24. import com.tngtech.java.junit.dataprovider.DataProvider;

  25. import com.tngtech.java.junit.dataprovider.DataProviderRunner;

  26. import com.tngtech.java.junit.dataprovider.UseDataProvider;

  27. import java.util.Arrays;

  28. import java.util.Collections;

  29. import java.util.List;

  30. import java.util.Random;

  31. import java.util.Set;

  32. import java.util.function.Consumer;

  33. import java.util.stream.Collectors;

  34. import java.util.stream.IntStream;

  35. import java.util.stream.Stream;

  36. import javax.annotation.Nullable;

  37. import org.assertj.core.groups.Tuple;

  38. import org.junit.Before;

  39. import org.junit.Rule;

  40. import org.junit.Test;

  41. import org.junit.runner.RunWith;

  42. import org.mockito.ArgumentMatcher;

  43. import org.mockito.Mockito;

  44. import org.sonar.api.issue.Issue;

  45. import org.sonar.api.rules.RuleType;

  46. import org.sonar.api.utils.System2;

  47. import org.sonar.api.web.UserRole;

  48. import org.sonar.db.DbClient;

  49. import org.sonar.db.DbSession;

  50. import org.sonar.db.DbTester;

  51. import org.sonar.db.component.BranchType;

  52. import org.sonar.db.component.ComponentDto;

  53. import org.sonar.db.issue.IssueDto;

  54. import org.sonar.db.protobuf.DbCommons;

  55. import org.sonar.db.protobuf.DbIssues;

  56. import org.sonar.db.rule.RuleDefinitionDto;

  57. import org.sonar.db.rule.RuleTesting;

  58. import org.sonar.db.user.UserDto;

  59. import org.sonar.db.user.UserTesting;

  60. import org.sonar.server.es.EsTester;

  61. import org.sonar.server.exceptions.ForbiddenException;

  62. import org.sonar.server.exceptions.NotFoundException;

  63. import org.sonar.server.issue.AvatarResolver;

  64. import org.sonar.server.issue.AvatarResolverImpl;

  65. import org.sonar.server.issue.IssueChangeWSSupport;

  66. import org.sonar.server.issue.IssueChangeWSSupport.FormattingContext;

  67. import org.sonar.server.issue.IssueChangeWSSupport.Load;

  68. import org.sonar.server.issue.TextRangeResponseFormatter;

  69. import org.sonar.server.issue.ws.UserResponseFormatter;

  70. import org.sonar.server.security.SecurityStandards;

  71. import org.sonar.server.security.SecurityStandards.SQCategory;

  72. import org.sonar.server.tester.UserSessionRule;

  73. import org.sonar.server.text.MacroInterpreter;

  74. import org.sonar.server.ws.TestRequest;

  75. import org.sonar.server.ws.WsActionTester;

  76. import org.sonarqube.ws.Common;

  77. import org.sonarqube.ws.Common.Changelog.Diff;

  78. import org.sonarqube.ws.Common.User;

  79. import org.sonarqube.ws.Hotspots;

  80. 

  81. import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic;

  82. import static org.assertj.core.api.Assertions.assertThat;

  83. import static org.assertj.core.api.Assertions.assertThatThrownBy;

  84. import static org.assertj.core.api.Assertions.tuple;

  85. import static org.mockito.ArgumentMatchers.any;

  86. import static org.mockito.ArgumentMatchers.anySet;

  87. import static org.mockito.ArgumentMatchers.anyString;

  88. import static org.mockito.ArgumentMatchers.argThat;

  89. import static org.mockito.ArgumentMatchers.eq;

  90. import static org.mockito.Mockito.doReturn;

  91. import static org.mockito.Mockito.mock;

  92. import static org.mockito.Mockito.verify;

  93. import static org.mockito.Mockito.verifyNoInteractions;

  94. import static org.mockito.Mockito.when;

  95. import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;

  96. import static org.sonar.db.component.ComponentTesting.newFileDto;

  97. import static org.sonar.db.rule.RuleDto.Format.MARKDOWN;

  98. 

  99. @RunWith(DataProviderRunner.class)

  100. public class ShowActionTest {

  101.   private static final Random RANDOM = new Random();

  102.   private static final String INTERPRETED = "interpreted";

  103. 

  104.   @Rule

  105.   public DbTester dbTester = DbTester.create(System2.INSTANCE);

  106.   @Rule

  107.   public EsTester es = EsTester.create();

  108.   @Rule

  109.   public UserSessionRule userSessionRule = UserSessionRule.standalone();

  110. 

  111.   private final DbClient dbClient = dbTester.getDbClient();

  112.   private final MacroInterpreter macroInterpreter = mock(MacroInterpreter.class);

  113.   private final AvatarResolver avatarResolver = new AvatarResolverImpl();

  114.   private final HotspotWsResponseFormatter responseFormatter = new HotspotWsResponseFormatter();

  115.   private final IssueChangeWSSupport issueChangeSupport = Mockito.mock(IssueChangeWSSupport.class);

  116.   private final HotspotWsSupport hotspotWsSupport = new HotspotWsSupport(dbClient, userSessionRule, System2.INSTANCE);

  117.   private final UserResponseFormatter userFormatter = new UserResponseFormatter(new AvatarResolverImpl());

  118.   private final TextRangeResponseFormatter textRangeFormatter = new TextRangeResponseFormatter();

  119.   private final ShowAction underTest = new ShowAction(dbClient, hotspotWsSupport, responseFormatter, textRangeFormatter, userFormatter, issueChangeSupport, macroInterpreter);

  120.   private final WsActionTester actionTester = new WsActionTester(underTest);

  121. 

  122.   @Before

  123.   public void before() {

  124.     doReturn(INTERPRETED).when(macroInterpreter).interpret(anyString());

  125.   }

  126. 

  127.   @Test

  128.   public void ws_is_public() {

  129.     assertThat(actionTester.getDef().isInternal()).isFalse();

  130.   }

  131. 

  132.   @Test

  133.   public void fails_with_IAE_if_parameter_hotspot_is_missing() {

  134.     TestRequest request = actionTester.newRequest();

  135. 

  136.     assertThatThrownBy(request::execute)

  137.       .isInstanceOf(IllegalArgumentException.class)

  138.       .hasMessage("The 'hotspot' parameter is missing");

  139.   }

  140. 

  141.   @Test

  142.   public void fails_with_NotFoundException_if_hotspot_does_not_exist() {

  143.     String key = randomAlphabetic(12);

  144.     TestRequest request = actionTester.newRequest()

  145.       .setParam("hotspot", key);

  146. 

  147.     assertThatThrownBy(request::execute)

  148.       .isInstanceOf(NotFoundException.class)

  149.       .hasMessage("Hotspot '%s' does not exist", key);

  150.   }

  151. 

  152.   @Test

  153.   @UseDataProvider("ruleTypesButHotspot")

  154.   public void fails_with_NotFoundException_if_issue_is_not_a_hotspot(RuleType ruleType) {

  155.     ComponentDto project = dbTester.components().insertPublicProject();

  156.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  157.     RuleDefinitionDto rule = newRule(ruleType);

  158.     IssueDto notAHotspot = dbTester.issues().insertIssue(rule, project, file, i -> i.setType(ruleType));

  159.     TestRequest request = newRequest(notAHotspot);

  160. 

  161.     assertThatThrownBy(request::execute)

  162.       .isInstanceOf(NotFoundException.class)

  163.       .hasMessage("Hotspot '%s' does not exist", notAHotspot.getKey());

  164.   }

  165. 

  166.   @DataProvider

  167.   public static Object[][] ruleTypesButHotspot() {

  168.     return Arrays.stream(RuleType.values())

  169.       .filter(t -> t != SECURITY_HOTSPOT)

  170.       .map(t -> new Object[] {t})

  171.       .toArray(Object[][]::new);

  172.   }

  173. 

  174.   @Test

  175.   public void fails_with_NotFoundException_if_issue_is_hotspot_is_closed() {

  176.     ComponentDto project = dbTester.components().insertPublicProject();

  177.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  178.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  179.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(Issue.STATUS_CLOSED));

  180.     TestRequest request = newRequest(hotspot);

  181. 

  182.     assertThatThrownBy(request::execute)

  183.       .isInstanceOf(NotFoundException.class)

  184.       .hasMessage("Hotspot '%s' does not exist", hotspot.getKey());

  185.   }

  186. 

  187.   @Test

  188.   public void fails_with_ForbiddenException_if_project_is_private_and_not_allowed() {

  189.     ComponentDto project = dbTester.components().insertPrivateProject();

  190.     userSessionRule.registerComponents(project);

  191.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  192.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  193.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  194.     TestRequest request = newRequest(hotspot);

  195. 

  196.     assertThatThrownBy(request::execute)

  197.       .isInstanceOf(ForbiddenException.class)

  198.       .hasMessage("Insufficient privileges");

  199.   }

  200. 

  201.   @Test

  202.   public void succeeds_on_public_project() {

  203.     ComponentDto project = dbTester.components().insertPublicProject();

  204.     userSessionRule.registerComponents(project);

  205.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  206.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  207.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  208.     mockChangelogAndCommentsFormattingContext();

  209. 

  210.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  211.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  212. 

  213.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  214.   }

  215. 

  216.   @Test

  217.   public void succeeds_on_private_project_with_permission() {

  218.     ComponentDto project = dbTester.components().insertPrivateProject();

  219.     userSessionRule.registerComponents(project);

  220.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  221.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  222.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  223.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  224.     mockChangelogAndCommentsFormattingContext();

  225. 

  226.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  227.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  228. 

  229.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  230.   }

  231. 

  232.   @Test

  233.   public void return_canChangeStatus_false_on_public_project_when_anonymous() {

  234.     ComponentDto project = dbTester.components().insertPublicProject();

  235.     userSessionRule.registerComponents(project);

  236.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  237.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  238.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  239.     mockChangelogAndCommentsFormattingContext();

  240. 

  241.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  242.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  243. 

  244.     assertThat(response.getCanChangeStatus()).isFalse();

  245.   }

  246. 

  247.   @Test

  248.   @UseDataProvider("allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN")

  249.   public void return_canChangeStatus_false_on_public_project_when_authenticated_without_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  250.     ComponentDto project = dbTester.components().insertPublicProject();

  251.     userSessionRule.logIn().registerComponents(project);

  252.     if (permission != null) {

  253.       userSessionRule.addProjectPermission(permission, project);

  254.     }

  255.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  256.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  257.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  258.     mockChangelogAndCommentsFormattingContext();

  259. 

  260.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  261.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  262. 

  263.     assertThat(response.getCanChangeStatus()).isFalse();

  264.   }

  265. 

  266.   @Test

  267.   @UseDataProvider("allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN")

  268.   public void return_canChangeStatus_true_on_public_project_when_authenticated_with_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  269.     ComponentDto project = dbTester.components().insertPublicProject();

  270.     userSessionRule.registerComponents(project)

  271.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  272.     if (permission != null) {

  273.       userSessionRule.addProjectPermission(permission, project);

  274.     }

  275.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  276.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  277.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  278.     mockChangelogAndCommentsFormattingContext();

  279. 

  280.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  281.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  282. 

  283.     assertThat(response.getCanChangeStatus()).isTrue();

  284.   }

  285. 

  286.   @DataProvider

  287.   public static Object[][] allPublicProjectPermissionsButSECURITYHOTSPOT_ADMIN() {

  288.     return new Object[][] {

  289.       {null}, // no permission

  290.       {UserRole.ADMIN},

  291.       {UserRole.SCAN},

  292.       {UserRole.ISSUE_ADMIN}

  293.     };

  294.   }

  295. 

  296.   @Test

  297.   @UseDataProvider("allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER")

  298.   public void return_canChangeStatus_false_on_private_project_without_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  299.     ComponentDto project = dbTester.components().insertPrivateProject();

  300.     userSessionRule

  301.       .registerComponents(project)

  302.       .logIn()

  303.       .addProjectPermission(UserRole.USER, project);

  304.     if (permission != null) {

  305.       userSessionRule.addProjectPermission(permission, project);

  306.     }

  307.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  308.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  309.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  310.     mockChangelogAndCommentsFormattingContext();

  311. 

  312.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  313.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  314. 

  315.     assertThat(response.getCanChangeStatus()).isFalse();

  316.   }

  317. 

  318.   @Test

  319.   @UseDataProvider("allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER")

  320.   public void return_canChangeStatus_false_on_private_project_with_SECURITYHOTSPOT_ADMIN_permission(@Nullable String permission) {

  321.     ComponentDto project = dbTester.components().insertPrivateProject();

  322.     userSessionRule

  323.       .registerComponents(project)

  324.       .logIn()

  325.       .addProjectPermission(UserRole.USER, project)

  326.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  327.     if (permission != null) {

  328.       userSessionRule.addProjectPermission(permission, project);

  329.     }

  330.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  331.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  332.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  333.     mockChangelogAndCommentsFormattingContext();

  334. 

  335.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  336.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  337. 

  338.     assertThat(response.getCanChangeStatus()).isTrue();

  339.   }

  340. 

  341.   @DataProvider

  342.   public static Object[][] allPrivateProjectPermissionsButSECURITYHOTSPOT_ADMIN_and_USER() {

  343.     return new Object[][] {

  344.       {null}, // only USER permission

  345.       {UserRole.CODEVIEWER},

  346.       {UserRole.ADMIN},

  347.       {UserRole.SCAN},

  348.       {UserRole.ISSUE_ADMIN}

  349.     };

  350.   }

  351. 

  352.   @Test

  353.   @UseDataProvider("statusAndResolutionCombinations")

  354.   public void returns_status_and_resolution(String status, @Nullable String resolution) {

  355.     ComponentDto project = dbTester.components().insertPrivateProject();

  356.     userSessionRule.registerComponents(project);

  357.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  358.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  359.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  360.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(status).setResolution(resolution));

  361.     mockChangelogAndCommentsFormattingContext();

  362. 

  363.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  364.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  365. 

  366.     assertThat(response.getStatus()).isEqualTo(status);

  367.     if (resolution == null) {

  368.       assertThat(response.hasResolution()).isFalse();

  369.     } else {

  370.       assertThat(response.getResolution()).isEqualTo(resolution);

  371.     }

  372.   }

  373. 

  374.   @DataProvider

  375.   public static Object[][] statusAndResolutionCombinations() {

  376.     return new Object[][] {

  377.       {Issue.STATUS_TO_REVIEW, null},

  378.       {Issue.STATUS_REVIEWED, Issue.RESOLUTION_FIXED},

  379.       {Issue.STATUS_REVIEWED, Issue.RESOLUTION_SAFE}

  380.     };

  381.   }

  382. 

  383.   @Test

  384.   public void returns_html_description_for_custom_rules() {

  385.     ComponentDto project = dbTester.components().insertPrivateProject();

  386.     userSessionRule.registerComponents(project);

  387.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  388.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  389. 

  390.     String description = "== Title\n<div>line1\nline2</div>";

  391. 

  392.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT,

  393.       r -> r.setTemplateUuid("123")

  394.         .setDescription(description)

  395.         .setDescriptionFormat(MARKDOWN));

  396. 

  397.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  398.     mockChangelogAndCommentsFormattingContext();

  399. 

  400.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  401.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  402. 

  403.     assertThat(response.getRule().getRiskDescription()).isEqualTo("<h2>Title</h2>&lt;div&gt;line1<br/>line2&lt;/div&gt;");

  404.   }

  405. 

  406.   @Test

  407.   public void handles_null_description_for_custom_rules() {

  408.     ComponentDto project = dbTester.components().insertPrivateProject();

  409.     userSessionRule.registerComponents(project);

  410.     userSessionRule.logIn().addProjectPermission(UserRole.USER, project);

  411.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  412. 

  413.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT, r -> r.setTemplateUuid("123").setDescription(null));

  414. 

  415.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  416.     mockChangelogAndCommentsFormattingContext();

  417. 

  418.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  419.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  420. 

  421.     assertThat(response.getRule().getRiskDescription()).isNullOrEmpty();

  422. 

  423.     verifyNoInteractions(macroInterpreter);

  424.   }

  425. 

  426.   @Test

  427.   public void returns_hotspot_component_and_rule() {

  428.     ComponentDto project = dbTester.components().insertPublicProject();

  429.     userSessionRule.registerComponents(project);

  430.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  431.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  432.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  433.     mockChangelogAndCommentsFormattingContext();

  434. 

  435.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  436.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  437. 

  438.     assertThat(response.getKey()).isEqualTo(hotspot.getKey());

  439.     verifyComponent(response.getComponent(), file, null, null);

  440.     verifyComponent(response.getProject(), project, null, null);

  441.     verifyRule(response.getRule(), rule);

  442.     assertThat(response.hasTextRange()).isFalse();

  443.   }

  444. 

  445.   @Test

  446.   public void returns_no_textRange_when_locations_have_none() {

  447.     ComponentDto project = dbTester.components().insertPublicProject();

  448.     userSessionRule.registerComponents(project);

  449.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  450.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  451.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  452.       t -> t.setLocations(DbIssues.Locations.newBuilder().build()));

  453.     mockChangelogAndCommentsFormattingContext();

  454. 

  455.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  456.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  457. 

  458.     assertThat(response.hasTextRange()).isFalse();

  459.   }

  460. 

  461.   @Test

  462.   @UseDataProvider("randomTextRangeValues")

  463.   public void returns_textRange(int startLine, int endLine, int startOffset, int endOffset) {

  464.     ComponentDto project = dbTester.components().insertPublicProject();

  465.     userSessionRule.registerComponents(project);

  466.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  467.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  468.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  469.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  470.         .setTextRange(DbCommons.TextRange.newBuilder()

  471.           .setStartLine(startLine)

  472.           .setEndLine(endLine)

  473.           .setStartOffset(startOffset)

  474.           .setEndOffset(endOffset)

  475.           .build())

  476.         .build()));

  477.     mockChangelogAndCommentsFormattingContext();

  478. 

  479.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  480.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  481. 

  482.     assertThat(response.hasTextRange()).isTrue();

  483.     Common.TextRange textRange = response.getTextRange();

  484.     assertThat(textRange.getStartLine()).isEqualTo(startLine);

  485.     assertThat(textRange.getEndLine()).isEqualTo(endLine);

  486.     assertThat(textRange.getStartOffset()).isEqualTo(startOffset);

  487.     assertThat(textRange.getEndOffset()).isEqualTo(endOffset);

  488.   }

  489. 

  490.   @Test

  491.   public void returns_no_assignee_when_user_does_not_exist() {

  492.     ComponentDto project = dbTester.components().insertPublicProject();

  493.     userSessionRule.registerComponents(project);

  494.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  495.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  496.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(randomAlphabetic(10)));

  497.     mockChangelogAndCommentsFormattingContext();

  498. 

  499.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  500.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  501. 

  502.     assertThat(response.hasAssignee()).isFalse();

  503.   }

  504. 

  505.   @Test

  506.   public void returns_assignee_details_when_user_exists() {

  507.     ComponentDto project = dbTester.components().insertPublicProject();

  508.     userSessionRule.registerComponents(project);

  509.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  510.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  511.     UserDto assignee = dbTester.users().insertUser();

  512.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  513.     mockChangelogAndCommentsFormattingContext();

  514. 

  515.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  516.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  517. 

  518.     assertThat(response.getAssignee()).isEqualTo(assignee.getLogin());

  519.     assertThat(response.getUsersList()).hasSize(1);

  520.     User wsAssignee = response.getUsersList().iterator().next();

  521.     assertThat(wsAssignee.getLogin()).isEqualTo(assignee.getLogin());

  522.     assertThat(wsAssignee.getName()).isEqualTo(assignee.getName());

  523.     assertThat(wsAssignee.getActive()).isEqualTo(assignee.isActive());

  524.     assertThat(wsAssignee.getAvatar()).isEqualTo(avatarResolver.create(assignee));

  525.   }

  526. 

  527.   @Test

  528.   public void returns_no_avatar_if_assignee_has_no_email() {

  529.     ComponentDto project = dbTester.components().insertPublicProject();

  530.     userSessionRule.registerComponents(project);

  531.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  532.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  533.     UserDto assignee = dbTester.users().insertUser(t -> t.setEmail(null));

  534.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  535.     mockChangelogAndCommentsFormattingContext();

  536. 

  537.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  538.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  539. 

  540.     assertThat(response.getUsersList()).hasSize(1);

  541.     assertThat(response.getUsersList().iterator().next().hasAvatar()).isFalse();

  542.   }

  543. 

  544.   @Test

  545.   public void returns_inactive_when_assignee_is_inactive() {

  546.     ComponentDto project = dbTester.components().insertPublicProject();

  547.     userSessionRule.registerComponents(project);

  548.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  549.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  550.     UserDto assignee = dbTester.users().insertUser(t -> t.setActive(false));

  551.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAssigneeUuid(assignee.getUuid()));

  552.     mockChangelogAndCommentsFormattingContext();

  553. 

  554.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  555.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  556. 

  557.     assertThat(response.getUsersList()).hasSize(1);

  558.     assertThat(response.getUsersList().iterator().next().getActive()).isFalse();

  559.   }

  560. 

  561.   @Test

  562.   public void returns_author_login_when_user_does_not_exist() {

  563.     ComponentDto project = dbTester.components().insertPublicProject();

  564.     userSessionRule.registerComponents(project);

  565.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  566.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  567.     String authorLogin = randomAlphabetic(10);

  568.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(authorLogin));

  569.     mockChangelogAndCommentsFormattingContext();

  570. 

  571.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  572.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  573. 

  574.     assertThat(response.getUsersList()).isEmpty();

  575.     assertThat(response.getAuthor()).isEqualTo(authorLogin);

  576.   }

  577. 

  578.   @Test

  579.   public void returns_author_details_when_user_exists() {

  580.     ComponentDto project = dbTester.components().insertPublicProject();

  581.     userSessionRule.registerComponents(project);

  582.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  583.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  584.     UserDto author = dbTester.users().insertUser();

  585.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  586.     mockChangelogAndCommentsFormattingContext();

  587. 

  588.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  589.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  590. 

  591.     assertThat(response.getAuthor()).isEqualTo(author.getLogin());

  592.     User wsAuthorFromList = response.getUsersList().iterator().next();

  593.     assertThat(wsAuthorFromList.getLogin()).isEqualTo(author.getLogin());

  594.     assertThat(wsAuthorFromList.getName()).isEqualTo(author.getName());

  595.     assertThat(wsAuthorFromList.getActive()).isEqualTo(author.isActive());

  596.     assertThat(wsAuthorFromList.getAvatar()).isEqualTo(avatarResolver.create(author));

  597.   }

  598. 

  599.   @Test

  600.   public void returns_no_avatar_if_author_has_no_email() {

  601.     ComponentDto project = dbTester.components().insertPublicProject();

  602.     userSessionRule.registerComponents(project);

  603.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  604.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  605.     UserDto author = dbTester.users().insertUser(t -> t.setEmail(null));

  606.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  607.     mockChangelogAndCommentsFormattingContext();

  608. 

  609.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  610.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  611. 

  612.     assertThat(response.getUsersList()).hasSize(1);

  613.     assertThat(response.getUsersList().iterator().next().hasAvatar()).isFalse();

  614.   }

  615. 

  616.   @Test

  617.   public void returns_inactive_if_author_is_inactive() {

  618.     ComponentDto project = dbTester.components().insertPublicProject();

  619.     userSessionRule.registerComponents(project);

  620.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  621.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  622.     UserDto author = dbTester.users().insertUser(t -> t.setActive(false));

  623.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setAuthorLogin(author.getLogin()));

  624.     mockChangelogAndCommentsFormattingContext();

  625. 

  626.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  627.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  628. 

  629.     assertThat(response.getUsersList()).hasSize(1);

  630.     assertThat(response.getUsersList().iterator().next().getActive()).isFalse();

  631.   }

  632. 

  633.   @DataProvider

  634.   public static Object[][] randomTextRangeValues() {

  635.     int startLine = RANDOM.nextInt(200);

  636.     int endLine = RANDOM.nextInt(200);

  637.     int startOffset = RANDOM.nextInt(200);

  638.     int endOffset = RANDOM.nextInt(200);

  639.     return new Object[][] {

  640.       {startLine, endLine, startOffset, endOffset}

  641.     };

  642.   }

  643. 

  644.   @Test

  645.   public void returns_textRange_missing_fields() {

  646.     ComponentDto project = dbTester.components().insertPublicProject();

  647.     userSessionRule.registerComponents(project);

  648.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  649.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  650.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  651.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  652.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  653.         .build()));

  654.     mockChangelogAndCommentsFormattingContext();

  655. 

  656.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  657.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  658. 

  659.     assertThat(response.hasTextRange()).isTrue();

  660.     Common.TextRange textRange = response.getTextRange();

  661.     assertThat(textRange.hasStartLine()).isFalse();

  662.     assertThat(textRange.hasEndLine()).isFalse();

  663.     assertThat(textRange.hasStartOffset()).isFalse();

  664.     assertThat(textRange.hasEndOffset()).isFalse();

  665.   }

  666. 

  667.   @Test

  668.   @UseDataProvider("allSQCategoryAndVulnerabilityProbability")

  669.   public void returns_securityCategory_and_vulnerabilityProbability_of_rule(Set<String> standards,

  670.     SQCategory expected) {

  671.     ComponentDto project = dbTester.components().insertPublicProject();

  672.     userSessionRule.registerComponents(project);

  673.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  674.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT, t -> t.setSecurityStandards(standards));

  675.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  676.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  677.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  678.         .build()));

  679.     mockChangelogAndCommentsFormattingContext();

  680. 

  681.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  682.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  683. 

  684.     Hotspots.Rule wsRule = response.getRule();

  685.     assertThat(wsRule.getSecurityCategory()).isEqualTo(expected.getKey());

  686.     assertThat(wsRule.getVulnerabilityProbability()).isEqualTo(expected.getVulnerability().name());

  687.   }

  688. 

  689.   @DataProvider

  690.   public static Object[][] allSQCategoryAndVulnerabilityProbability() {

  691.     Stream<Object[]> allButOthers = SecurityStandards.CWES_BY_SQ_CATEGORY

  692.       .entrySet()

  693.       .stream()

  694.       .map(t -> new Object[] {

  695.         t.getValue().stream().map(s -> "cwe:" + s).collect(Collectors.toSet()),

  696.         t.getKey()

  697.       });

  698.     Stream<Object[]> others = Stream.of(

  699.       new Object[] {Collections.emptySet(), SQCategory.OTHERS},

  700.       new Object[] {ImmutableSet.of("foo", "bar", "acme"), SQCategory.OTHERS});

  701.     return Stream.concat(allButOthers, others)

  702.       .toArray(Object[][]::new);

  703.   }

  704. 

  705.   @Test

  706.   public void returns_project_twice_when_hotspot_on_project() {

  707.     ComponentDto project = dbTester.components().insertPublicProject();

  708.     userSessionRule.registerComponents(project);

  709.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  710.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, project,

  711.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  712.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  713.         .build()));

  714.     mockChangelogAndCommentsFormattingContext();

  715. 

  716.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  717.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  718. 

  719.     verifyComponent(response.getProject(), project, null, null);

  720.     verifyComponent(response.getComponent(), project, null, null);

  721.   }

  722. 

  723.   @Test

  724.   public void returns_branch_but_no_pullRequest_on_component_and_project_on_non_main_branch() {

  725.     ComponentDto project = dbTester.components().insertPublicProject();

  726.     ComponentDto branch = dbTester.components().insertProjectBranch(project);

  727.     ComponentDto file = dbTester.components().insertComponent(newFileDto(branch));

  728.     userSessionRule.registerComponents(project);

  729.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  730.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, branch, file,

  731.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  732.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  733.         .build()));

  734.     mockChangelogAndCommentsFormattingContext();

  735. 

  736.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  737.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  738. 

  739.     verifyComponent(response.getProject(), branch, branch.getBranch(), null);

  740.     verifyComponent(response.getComponent(), file, branch.getBranch(), null);

  741.   }

  742. 

  743.   @Test

  744.   public void returns_pullRequest_but_no_branch_on_component_and_project_on_pullRequest() {

  745.     ComponentDto project = dbTester.components().insertPublicProject();

  746.     ComponentDto pullRequest = dbTester.components().insertProjectBranch(project,

  747.       t -> t.setBranchType(BranchType.PULL_REQUEST));

  748.     ComponentDto file = dbTester.components().insertComponent(newFileDto(pullRequest));

  749.     userSessionRule.registerComponents(project);

  750.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  751.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, pullRequest, file,

  752.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  753.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  754.         .build()));

  755.     mockChangelogAndCommentsFormattingContext();

  756. 

  757.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  758.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  759. 

  760.     verifyComponent(response.getProject(), pullRequest, null, pullRequest.getPullRequest());

  761.     verifyComponent(response.getComponent(), file, null, pullRequest.getPullRequest());

  762.   }

  763. 

  764.   @Test

  765.   public void returns_hotspot_changelog_and_comments() {

  766.     ComponentDto project = dbTester.components().insertPublicProject();

  767.     userSessionRule.registerComponents(project);

  768.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  769.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  770.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  771.       t -> t.setLocations(DbIssues.Locations.newBuilder()

  772.         .setTextRange(DbCommons.TextRange.newBuilder().build())

  773.         .build()));

  774.     List<Common.Changelog> changelog = IntStream.range(0, 1 + new Random().nextInt(12))

  775.       .mapToObj(i -> Common.Changelog.newBuilder().setUser("u" + i).build())

  776.       .collect(Collectors.toList());

  777.     List<Common.Comment> comments = IntStream.range(0, 1 + new Random().nextInt(12))

  778.       .mapToObj(i -> Common.Comment.newBuilder().setKey("u" + i).build())

  779.       .collect(Collectors.toList());

  780.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  781.     when(issueChangeSupport.formatChangelog(any(), any())).thenReturn(changelog.stream());

  782.     when(issueChangeSupport.formatComments(any(), any(), any())).thenReturn(comments.stream());

  783. 

  784.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  785.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  786. 

  787.     assertThat(response.getChangelogList())

  788.       .extracting(Common.Changelog::getUser)

  789.       .containsExactly(changelog.stream().map(Common.Changelog::getUser).toArray(String[]::new));

  790.     assertThat(response.getCommentList())

  791.       .extracting(Common.Comment::getKey)

  792.       .containsExactly(comments.stream().map(Common.Comment::getKey).toArray(String[]::new));

  793.     verify(issueChangeSupport).newFormattingContext(any(DbSession.class),

  794.       argThat(new IssueDtoSetArgumentMatcher(hotspot)),

  795.       eq(Load.ALL),

  796.       eq(Collections.emptySet()), eq(ImmutableSet.of(project, file)));

  797.     verify(issueChangeSupport).formatChangelog(argThat(new IssueDtoArgumentMatcher(hotspot)), eq(formattingContext));

  798.     verify(issueChangeSupport).formatComments(argThat(new IssueDtoArgumentMatcher(hotspot)), any(Common.Comment.Builder.class), eq(formattingContext));

  799.   }

  800. 

  801.   @Test

  802.   public void returns_user_details_of_users_from_ChangelogAndComments() {

  803.     ComponentDto project = dbTester.components().insertPublicProject();

  804.     userSessionRule.registerComponents(project);

  805.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  806.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  807.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);

  808.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  809.     Set<UserDto> changeLogAndCommentsUsers = IntStream.range(0, 1 + RANDOM.nextInt(14))

  810.       .mapToObj(i -> UserTesting.newUserDto())

  811.       .collect(Collectors.toSet());

  812.     when(formattingContext.getUsers()).thenReturn(changeLogAndCommentsUsers);

  813. 

  814.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  815.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  816. 

  817.     assertThat(response.getUsersList())

  818.       .extracting(User::getLogin, User::getName, User::getActive)

  819.       .containsExactlyInAnyOrder(

  820.         changeLogAndCommentsUsers.stream()

  821.           .map(t -> tuple(t.getLogin(), t.getName(), t.isActive()))

  822.           .toArray(Tuple[]::new));

  823.   }

  824. 

  825.   @Test

  826.   public void returns_user_of_users_from_ChangelogAndComments_and_assignee_and_author() {

  827.     ComponentDto project = dbTester.components().insertPublicProject();

  828.     userSessionRule.registerComponents(project);

  829.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  830.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  831.     UserDto author = dbTester.users().insertUser();

  832.     UserDto assignee = dbTester.users().insertUser();

  833.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  834.       t -> t.setAuthorLogin(author.getLogin())

  835.         .setAssigneeUuid(assignee.getUuid()));

  836.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  837.     Set<UserDto> changeLogAndCommentsUsers = IntStream.range(0, 1 + RANDOM.nextInt(14))

  838.       .mapToObj(i -> UserTesting.newUserDto())

  839.       .collect(Collectors.toSet());

  840.     when(formattingContext.getUsers()).thenReturn(changeLogAndCommentsUsers);

  841. 

  842.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  843.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  844. 

  845.     assertThat(response.getUsersList())

  846.       .extracting(User::getLogin, User::getName, User::getActive)

  847.       .containsExactlyInAnyOrder(

  848.         Stream.concat(

  849.           Stream.of(author, assignee),

  850.           changeLogAndCommentsUsers.stream())

  851.           .map(t -> tuple(t.getLogin(), t.getName(), t.isActive()))

  852.           .toArray(Tuple[]::new));

  853.   }

  854. 

  855.   @Test

  856.   public void do_not_duplicate_user_if_author_assignee_ChangeLogComment_user() {

  857.     ComponentDto project = dbTester.components().insertPublicProject();

  858.     userSessionRule.registerComponents(project);

  859.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);

  860.     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));

  861.     UserDto author = dbTester.users().insertUser();

  862.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,

  863.       t -> t.setAuthorLogin(author.getLogin())

  864.         .setAssigneeUuid(author.getUuid()));

  865.     FormattingContext formattingContext = mockChangelogAndCommentsFormattingContext();

  866.     when(formattingContext.getUsers()).thenReturn(ImmutableSet.of(author));

  867. 

  868.     Hotspots.ShowWsResponse response = newRequest(hotspot)

  869.       .executeProtobuf(Hotspots.ShowWsResponse.class);

  870. 

  871.     assertThat(response.getUsersList())

  872.       .extracting(User::getLogin, User::getName, User::getActive)

  873.       .containsOnly(tuple(author.getLogin(), author.getName(), author.isActive()));

  874.   }

  875. 

  876.   @Test

  877.   public void verify_response_example() {

  878.     ComponentDto project = dbTester.components().insertPublicProject(componentDto -> componentDto

  879.       .setName("test-project")

  880.       .setLongName("test-project")

  881.       .setDbKey("com.sonarsource:test-project"));

  882.     userSessionRule.registerComponents(project)

  883.       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);

  884. 

  885.     ComponentDto file = dbTester.components().insertComponent(

  886.       newFileDto(project)

  887.         .setDbKey("com.sonarsource:test-project:src/main/java/com/sonarsource/FourthClass.java")

  888.         .setName("FourthClass.java")

  889.         .setLongName("src/main/java/com/sonarsource/FourthClass.java")

  890.         .setPath("src/main/java/com/sonarsource/FourthClass.java"));

  891.     UserDto author = dbTester.users().insertUser(u -> u.setLogin("joe")

  892.       .setName("Joe"));

  893. 

  894.     long time = 1577976190000L;

  895.     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT, r -> r.setRuleKey("S4787")

  896.       .setRepositoryKey("java")

  897.       .setName("rule-name")

  898.       .setSecurityStandards(Sets.newHashSet(SQCategory.WEAK_CRYPTOGRAPHY.getKey())));

  899.     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, h -> h

  900.       .setAssigneeUuid("assignee-uuid")

  901.       .setAuthorLogin("joe")

  902.       .setMessage("message")

  903.       .setLine(10)

  904.       .setChecksum("a227e508d6646b55a086ee11d63b21e9")

  905.       .setIssueCreationTime(time)

  906.       .setIssueUpdateTime(time)

  907.       .setAuthorLogin(author.getLogin())

  908.       .setAssigneeUuid(author.getUuid())

  909.       .setKee("AW9mgJw6eFC3pGl94Wrf"));

  910. 

  911.     List<Common.Changelog> changelog = IntStream.range(0, 3)

  912.       .mapToObj(i -> Common.Changelog.newBuilder()

  913.         .setUser("joe")

  914.         .setCreationDate("2020-01-02T14:44:55+0100")

  915.         .addDiffs(Diff.newBuilder().setKey("diff-key-" + i).setNewValue("new-value-" + i).setOldValue("old-value-" + i))

  916.         .setIsUserActive(true)

  917.         .setUserName("Joe")

  918.         .setAvatar("my-avatar")

  919.         .build())

  920.       .collect(Collectors.toList());

  921.     List<Common.Comment> comments = IntStream.range(0, 3)

  922.       .mapToObj(i -> Common.Comment.newBuilder()

  923.         .setKey("comment-" + i)

  924.         .setHtmlText("html text " + i)

  925.         .setLogin("Joe")

  926.         .setMarkdown("markdown " + i)

  927.         .setCreatedAt("2020-01-02T14:47:47+0100")

  928.         .build())

  929.       .collect(Collectors.toList());

  930. 

  931.     mockChangelogAndCommentsFormattingContext();

  932.     when(issueChangeSupport.formatChangelog(any(), any())).thenReturn(changelog.stream());

  933.     when(issueChangeSupport.formatComments(any(), any(), any())).thenReturn(comments.stream());

  934. 

  935.     assertThat(actionTester.getDef().responseExampleAsString()).isNotNull();

  936.     newRequest(hotspot)

  937.       .execute()

  938.       .assertJson(actionTester.getDef().responseExampleAsString());

  939.   }

  940. 

  941.   private FormattingContext mockChangelogAndCommentsFormattingContext() {

  942.     FormattingContext formattingContext = Mockito.mock(FormattingContext.class);

  943.     when(issueChangeSupport.newFormattingContext(any(), any(), any(), anySet(), anySet())).thenReturn(formattingContext);

  944.     return formattingContext;

  945.   }

  946. 

  947.   private void verifyRule(Hotspots.Rule wsRule, RuleDefinitionDto dto) {

  948.     assertThat(wsRule.getKey()).isEqualTo(dto.getKey().toString());

  949.     assertThat(wsRule.getName()).isEqualTo(dto.getName());

  950.     assertThat(wsRule.getSecurityCategory()).isEqualTo(SQCategory.OTHERS.getKey());

  951.     assertThat(wsRule.getVulnerabilityProbability()).isEqualTo(SQCategory.OTHERS.getVulnerability().name());

  952.   }

  953. 

  954.   private static void verifyComponent(Hotspots.Component wsComponent, ComponentDto dto, @Nullable String branch, @Nullable String pullRequest) {

  955.     assertThat(wsComponent.getKey()).isEqualTo(dto.getKey());

  956.     if (dto.path() == null) {

  957.       assertThat(wsComponent.hasPath()).isFalse();

  958.     } else {

  959.       assertThat(wsComponent.getPath()).isEqualTo(dto.path());

  960.     }

  961.     assertThat(wsComponent.getQualifier()).isEqualTo(dto.qualifier());

  962.     assertThat(wsComponent.getName()).isEqualTo(dto.name());

  963.     assertThat(wsComponent.getLongName()).isEqualTo(dto.longName());

  964.     if (branch == null) {

  965.       assertThat(wsComponent.hasBranch()).isFalse();

  966.     } else {

  967.       assertThat(wsComponent.getBranch()).isEqualTo(branch);

  968.     }

  969.     if (pullRequest == null) {

  970.       assertThat(wsComponent.hasPullRequest()).isFalse();

  971.     } else {

  972.       assertThat(wsComponent.getPullRequest()).isEqualTo(pullRequest);

  973.     }

  974.   }

  975. 

  976.   private TestRequest newRequest(IssueDto hotspot) {

  977.     return actionTester.newRequest()

  978.       .setParam("hotspot", hotspot.getKey());

  979.   }

  980. 

  981.   private RuleDefinitionDto newRule(RuleType ruleType) {

  982.     return newRule(ruleType, t -> {

  983.     });

  984.   }

  985. 

  986.   private RuleDefinitionDto newRule(RuleType ruleType, Consumer<RuleDefinitionDto> populate) {

  987.     RuleDefinitionDto ruleDefinition = RuleTesting.newRule()

  988.       .setType(ruleType);

  989.     populate.accept(ruleDefinition);

  990.     dbTester.rules().insert(ruleDefinition);

  991.     return ruleDefinition;

  992.   }

  993. 

  994.   private static class IssueDtoSetArgumentMatcher implements ArgumentMatcher<Set<IssueDto>> {

  995.     private final IssueDto expected;

  996. 

  997.     private IssueDtoSetArgumentMatcher(IssueDto expected) {

  998.       this.expected = expected;

  999.     }

  1000. 

  1001.     @Override

  1002.     public boolean matches(Set<IssueDto> argument) {

  1003.       return argument != null && argument.size() == 1 && argument.iterator().next().getKey().equals(expected.getKey());

  1004.     }

  1005. 

  1006.     @Override

  1007.     public String toString() {

  1008.       return "Set<IssueDto>[" + expected.getKey() + "]";

  1009.     }

  1010.   }

  1011. 

  1012.   private static class IssueDtoArgumentMatcher implements ArgumentMatcher<IssueDto> {

  1013.     private final IssueDto expected;

  1014. 

  1015.     private IssueDtoArgumentMatcher(IssueDto expected) {

  1016.       this.expected = expected;

  1017.     }

  1018. 

  1019.     @Override

  1020.     public boolean matches(IssueDto argument) {

  1021.       return argument != null && argument.getKey().equals(expected.getKey());

  1022.     }

  1023. 

  1024.     @Override

  1025.     public String toString() {

  1026.       return "IssueDto[key=" + expected.getKey() + "]";

  1027.     }

  1028.   }

  1029. 

  1030. }