SONAR-20198 security hospot should not return cleancode attribute, and should not be indexed

author: Léo Geoffroy <leo.geoffroy@sonarsource.com> 2023-08-22 17:14:36 +0200
committer: sonartech <sonartech@sonarsource.com> 2023-08-22 20:03:06 +0000
commit: bd966450d95c7e98bc279f47e35b747e8cf3de3d (patch)
tree: cb8bd9c9f0fa8e1167f8d145fcdace2208fd00e1
parent: 5142c93dae376c45dcd3b0e1dfd3743c19fffce3 (diff)
download: sonarqube-bd966450d95c7e98bc279f47e35b747e8cf3de3d.tar.gz
sonarqube-bd966450d95c7e98bc279f47e35b747e8cf3de3d.zip
5 files changed, 44 insertions, 6 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/rule/index/RuleDoc.java b/server/sonar-server-common/src/main/java/org/sonar/server/rule/index/RuleDoc.java
index 766278e9bfd..440dce5017e 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/rule/index/RuleDoc.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/rule/index/RuleDoc.java
@@ -297,7 +297,7 @@ public class RuleDoc extends BaseDoc {
     return this;
   }
 
-  private RuleDoc setCleanCodeAttributeCategory(String cleanCodeAttributeCategory) {
+  public RuleDoc setCleanCodeAttributeCategory(@Nullable String cleanCodeAttributeCategory) {
     setField(RuleIndexDefinition.FIELD_RULE_CLEAN_CODE_ATTRIBUTE_CATEGORY, cleanCodeAttributeCategory);
     return this;
   }
@@ -343,7 +343,7 @@ public class RuleDoc extends BaseDoc {
       .setUpdatedAt(dto.getUpdatedAt())
       .setHtmlDescription(getConcatenatedSectionsInHtml(dto))
       .setTemplateKey(getRuleKey(dto))
-      .setCleanCodeAttributeCategory(dto.getCleanCodeAttributeCategory())
+      .setCleanCodeAttributeCategory(dto.getTypeAsRuleType() != RuleType.SECURITY_HOTSPOT ? dto.getCleanCodeAttributeCategory() : null)
       .setImpacts(dto.getImpacts().stream().collect(Collectors.toMap(ImpactDto::getSoftwareQuality, ImpactDto::getSeverity)));
   }
 
diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/rule/index/RuleDocTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/rule/index/RuleDocTest.java
index 0db875dd5e7..916153de5fa 100644
--- a/server/sonar-server-common/src/test/java/org/sonar/server/rule/index/RuleDocTest.java
+++ b/server/sonar-server-common/src/test/java/org/sonar/server/rule/index/RuleDocTest.java
@@ -19,7 +19,10 @@
  */
 package org.sonar.server.rule.index;
 
+import java.util.Set;
 import org.junit.Test;
+import org.sonar.api.rules.CleanCodeAttribute;
+import org.sonar.api.rules.RuleType;
 import org.sonar.db.rule.RuleDescriptionSectionContextDto;
 import org.sonar.db.rule.RuleDescriptionSectionDto;
 import org.sonar.db.rule.RuleDto;
@@ -122,6 +125,19 @@ public class RuleDocTest {
       .hasSameSizeAs(convertToHtml(section1.getContent()) + " " + convertToHtml(section2.getContent()));
   }
 
+  @Test
+  public void ruleDocOf_whenSecurityHotSpot_shouldNotPopulateCleanCodeAttribute() {
+    RuleDto ruleDto = newRule();
+    ruleDto.setCleanCodeAttribute(CleanCodeAttribute.CONVENTIONAL);
+    ruleDto.setType(RuleType.SECURITY_HOTSPOT.getDbConstant());
+
+    RuleForIndexingDto ruleForIndexingDto = RuleForIndexingDto.fromRuleDto(ruleDto);
+
+    SecurityStandards securityStandards = fromSecurityStandards(Set.of());
+    Object field = RuleDoc.createFrom(ruleForIndexingDto, securityStandards).getNullableField(RuleIndexDefinition.FIELD_RULE_CLEAN_CODE_ATTRIBUTE_CATEGORY);
+    assertThat(field).isNull();
+  }
+
   private static RuleDescriptionSectionDto buildRuleDescriptionSectionDto(String key, String content) {
     return RuleDescriptionSectionDto.builder().key(key).content(content).build();
   }
diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/rule/RuleCreatorIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/rule/RuleCreatorIT.java
index 6956212b195..99f7a64bbd9 100644
--- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/rule/RuleCreatorIT.java
+++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/rule/RuleCreatorIT.java
@@ -163,6 +163,24 @@ public class RuleCreatorIT {
   }
 
   @Test
+  public void create_whenTypeIsHotspot_shouldNotComputeDefaultImpact() {
+    // insert template rule
+    RuleDto templateRule = createTemplateRule();
+    NewCustomRule newRule = NewCustomRule.createForCustomRule("CUSTOM_RULE", templateRule.getKey())
+      .setName("My custom")
+      .setMarkdownDescription("some description")
+      .setSeverity(Severity.MAJOR)
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setStatus(RuleStatus.READY)
+      .setParameters(ImmutableMap.of("regex", ""));
+
+    RuleKey customRuleKey = underTest.create(dbSession, newRule);
+
+    RuleDto rule = dbTester.getDbClient().ruleDao().selectOrFailByKey(dbSession, customRuleKey);
+    assertThat(rule.getDefaultImpacts()).isEmpty();
+  }
+
+  @Test
   public void create_custom_rule_with_no_parameter_value() {
     // insert template rule
     RuleDto templateRule = createTemplateRuleWithIntArrayParam();
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java
index d0cd5bca426..9674b9df9dd 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java
@@ -190,8 +190,6 @@ public class RuleCreator {
     RuleDescriptionSectionDto ruleDescriptionSectionDto = createDefaultRuleDescriptionSection(uuidFactory.create(), requireNonNull(newRule.markdownDescription()));
     int type = newRule.type() == null ? templateRuleDto.getType() : newRule.type().getDbConstant();
     String severity = newRule.severity();
-    SoftwareQuality softwareQuality = ImpactMapper.convertToSoftwareQuality(RuleType.valueOf(type));
-    org.sonar.api.issue.impact.Severity impactSeverity = ImpactMapper.convertToImpactSeverity(severity);
 
     RuleDto ruleDto = new RuleDto()
       .setUuid(uuidFactory.create())
@@ -203,7 +201,6 @@ public class RuleCreator {
       .setSeverity(severity)
       .setStatus(newRule.status())
       .setType(type)
-      .addDefaultImpact(new ImpactDto().setUuid(uuidFactory.create()).setSoftwareQuality(softwareQuality).setSeverity(impactSeverity))
       .setCleanCodeAttribute(CleanCodeAttribute.CONVENTIONAL)
       .setLanguage(templateRuleDto.getLanguage())
       .setDefRemediationFunction(templateRuleDto.getDefRemediationFunction())
@@ -220,6 +217,12 @@ public class RuleCreator {
       .setDescriptionFormat(Format.MARKDOWN)
       .addRuleDescriptionSectionDto(ruleDescriptionSectionDto);
 
+    if (type != RuleType.SECURITY_HOTSPOT.getDbConstant()) {
+      SoftwareQuality softwareQuality = ImpactMapper.convertToSoftwareQuality(RuleType.valueOf(type));
+      org.sonar.api.issue.impact.Severity impactSeverity = ImpactMapper.convertToImpactSeverity(severity);
+      ruleDto = ruleDto.addDefaultImpact(new ImpactDto().setUuid(uuidFactory.create()).setSoftwareQuality(softwareQuality).setSeverity(impactSeverity));
+    }
+
     Set<String> tags = templateRuleDto.getTags();
     if (!tags.isEmpty()) {
       ruleDto.setTags(tags);
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java
index f9b8dbf7903..6910edaa6b0 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java
@@ -32,6 +32,7 @@ import javax.annotation.Nullable;
 import org.sonar.api.resources.Language;
 import org.sonar.api.resources.Languages;
 import org.sonar.api.rule.RuleKey;
+import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.debt.DebtRemediationFunction;
 import org.sonar.api.server.debt.internal.DefaultDebtRemediationFunction;
 import org.sonar.db.issue.ImpactDto;
@@ -222,7 +223,7 @@ public class RuleMapper {
   }
 
   private static void setCleanCodeAttributes(Rules.Rule.Builder ruleResponse, RuleDto ruleDto, Set<String> fieldsToReturn) {
-    if(shouldReturnField(fieldsToReturn, FIELD_CLEAN_CODE_ATTRIBUTE)){
+    if (shouldReturnField(fieldsToReturn, FIELD_CLEAN_CODE_ATTRIBUTE) && ruleDto.getType() != RuleType.SECURITY_HOTSPOT.getDbConstant()) {
       ruleResponse.setCleanCodeAttribute(Common.CleanCodeAttribute.valueOf(ruleDto.getCleanCodeAttribute().name()));
       ruleResponse.setCleanCodeAttributeCategory(Common.CleanCodeAttributeCategory.valueOf(ruleDto.getCleanCodeAttribute().getAttributeCategory().name()));
     }
author	Léo Geoffroy <leo.geoffroy@sonarsource.com>	2023-08-22 17:14:36 +0200
committer	sonartech <sonartech@sonarsource.com>	2023-08-22 20:03:06 +0000
commit	bd966450d95c7e98bc279f47e35b747e8cf3de3d (patch)
tree	cb8bd9c9f0fa8e1167f8d145fcdace2208fd00e1
parent	5142c93dae376c45dcd3b0e1dfd3743c19fffce3 (diff)
download	sonarqube-bd966450d95c7e98bc279f47e35b747e8cf3de3d.tar.gz sonarqube-bd966450d95c7e98bc279f47e35b747e8cf3de3d.zip