diff options
author | Antoine Vigneau <antoine.vigneau@sonarsource.com> | 2024-06-08 11:05:24 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2024-06-14 20:02:40 +0000 |
commit | 03ad2c680af7fe81ab75070fffdf38533ffc4faf (patch) | |
tree | 4f5af19bcb2a1c5497523d1473115affd10011fd | |
parent | f3246d7c98801e66523110ceddd237858e63c738 (diff) | |
download | sonarqube-03ad2c680af7fe81ab75070fffdf38533ffc4faf.tar.gz sonarqube-03ad2c680af7fe81ab75070fffdf38533ffc4faf.zip |
SONAR-22364 Fix SSF-572 on LTS
2 files changed, 45 insertions, 0 deletions
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java index 66caf51d5b9..db24bf1629d 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java @@ -57,6 +57,7 @@ import org.sonar.server.setting.ws.SettingValidations.SettingData; import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; +import static java.lang.String.format; import static org.sonar.server.exceptions.BadRequestException.checkRequest; import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_COMPONENT; import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_FIELD_VALUES; @@ -69,6 +70,9 @@ public class SetAction implements SettingsWsAction { private static final Collector<CharSequence, ?, String> COMMA_JOINER = Collectors.joining(","); private static final String MSG_NO_EMPTY_VALUE = "A non empty value must be provided"; private static final int VALUE_MAXIMUM_LENGTH = 4000; + static final Map<String, String> KEY_CONSTRAINTS = Map.of( + "sonar.auth.gitlab.url", "sonar.auth.gitlab.secret.secured" + ); private final PropertyDefinitions propertyDefinitions; private final DbClient dbClient; @@ -136,12 +140,27 @@ public class SetAction implements SettingsWsAction { public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { SetRequest wsRequest = toWsRequest(request); + throwIfUnmatchedConstraintOnGlobalKey(wsRequest.getKey()); SettingsWsSupport.validateKey(wsRequest.getKey()); doHandle(dbSession, wsRequest); } response.noContent(); } + private void throwIfUnmatchedConstraintOnGlobalKey(String key) { + if (KEY_CONSTRAINTS.containsKey(key)) { + String keyConstrained = KEY_CONSTRAINTS.get(key); + checkRequest(!isGlobalKeySet(keyConstrained), format("Setting '%s' must be empty to set '%s'", keyConstrained, key)); + } + } + + private boolean isGlobalKeySet(String keyConstrained) { + try (DbSession dbSession = dbClient.openSession(false)) { + PropertyDto propertyDto = dbClient.propertiesDao().selectGlobalProperty(dbSession, keyConstrained); + return propertyDto != null && !StringUtils.isBlank(propertyDto.getValue()); + } + } + private void doHandle(DbSession dbSession, SetRequest request) { Optional<ComponentDto> component = searchComponent(dbSession, request); String projectKey = component.isPresent() ? component.get().getKey() : null; diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java index 3e9ecf1cad8..1cf965a2fc3 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java @@ -1191,6 +1191,26 @@ public class SetActionTest { } @Test + public void fail_when_key_constraints_are_not_met() { + propertyDb.insertProperty(newGlobalPropertyDto("sonar.auth.gitlab.secret.secured", "secret"), null, null, null, null); + + assertThatThrownBy(() -> { + callForGlobalSetting("sonar.auth.gitlab.url", "http://new.url"); + }) + .isInstanceOf(BadRequestException.class) + .hasMessage("Setting 'sonar.auth.gitlab.secret.secured' must be empty to set 'sonar.auth.gitlab.url'"); + } + + @Test + public void succeed_when_key_constraints_are_met() { + assertGlobalSettingIsNotSet("sonar.auth.gitlab.secret.secured"); + + callForGlobalSetting("sonar.auth.gitlab.url", "http://new.url"); + + assertGlobalSetting("sonar.auth.gitlab.url", "http://new.url"); + } + + @Test public void definition() { WebService.Action definition = ws.getDef(); @@ -1210,6 +1230,12 @@ public class SetActionTest { .containsExactly(key, value, null); } + private void assertGlobalSettingIsNotSet(String key) { + PropertyDto result = dbClient.propertiesDao().selectGlobalProperty(key); + + assertThat(result).isNull(); + } + private void assertUserSetting(String key, String value, String userUuid) { List<PropertyDto> result = dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setKey(key).setUserUuid(userUuid).build(), dbSession); |