aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacek <jacek.poreda@sonarsource.com>2022-04-05 13:52:59 +0200
committersonartech <sonartech@sonarsource.com>2022-04-05 20:03:16 +0000
commitca68dabbefbad5122b57d57174130b33b2e93d22 (patch)
tree45675b6e9fee05bc707f0b60564972d80345665d
parent58bb357d33d2813fd00b7f1345db18df3503a6be (diff)
downloadsonarqube-ca68dabbefbad5122b57d57174130b33b2e93d22.tar.gz
sonarqube-ca68dabbefbad5122b57d57174130b33b2e93d22.zip
SONAR-16230 Add PCI DSS standard support in Plugin API
-rw-r--r--sonar-plugin-api/src/main/java/org/sonar/api/server/rule/RulesDefinition.java25
-rw-r--r--sonar-plugin-api/src/main/java/org/sonar/api/server/rule/internal/DefaultNewRule.java17
-rw-r--r--sonar-plugin-api/src/test/java/org/sonar/api/server/rule/internal/DefaultNewRuleTest.java28
3 files changed, 65 insertions, 5 deletions
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/server/rule/RulesDefinition.java b/sonar-plugin-api/src/main/java/org/sonar/api/server/rule/RulesDefinition.java
index 6d33f2dc0ee..e3a88118fbb 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/server/rule/RulesDefinition.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/server/rule/RulesDefinition.java
@@ -273,6 +273,26 @@ public interface RulesDefinition {
A1, A2, A3, A4, A5, A6, A7, A8, A9, A10
}
+ enum PciDssVersion {
+ V3_2("3.2", "pciDss-3.2"), V4_0("4.0", "pciDss-4.0");
+
+ private final String label;
+ private final String prefix;
+
+ PciDssVersion(String label, String prefix) {
+ this.label = label;
+ this.prefix = prefix;
+ }
+
+ public String label() {
+ return label;
+ }
+
+ public String prefix() {
+ return prefix;
+ }
+ }
+
interface ExtendedRepository {
String key();
@@ -465,6 +485,11 @@ public interface RulesDefinition {
public abstract NewRule addOwaspTop10(OwaspTop10Version version, OwaspTop10... standards);
/**
+ * @since 9.5
+ */
+ public abstract NewRule addPciDss(PciDssVersion version, String... requirements);
+
+ /**
* @since 7.3
*/
public abstract NewRule addCwe(int... nums);
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/server/rule/internal/DefaultNewRule.java b/sonar-plugin-api/src/main/java/org/sonar/api/server/rule/internal/DefaultNewRule.java
index 9077055fe4c..0bae29224f4 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/server/rule/internal/DefaultNewRule.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/server/rule/internal/DefaultNewRule.java
@@ -25,7 +25,6 @@ import java.util.Collection;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
-import java.util.Objects;
import java.util.Set;
import java.util.TreeSet;
import javax.annotation.CheckForNull;
@@ -41,9 +40,11 @@ import org.sonar.api.server.rule.RuleTagFormat;
import org.sonar.api.server.rule.RulesDefinition;
import org.sonar.api.server.rule.RulesDefinition.OwaspTop10;
import org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version;
+import org.sonar.api.server.rule.RulesDefinition.PciDssVersion;
import static java.lang.String.format;
import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.util.Objects.requireNonNull;
import static org.apache.commons.lang.StringUtils.isEmpty;
import static org.apache.commons.lang.StringUtils.trimToNull;
import static org.sonar.api.utils.Preconditions.checkArgument;
@@ -234,7 +235,7 @@ class DefaultNewRule extends RulesDefinition.NewRule {
@Override
public DefaultNewRule addOwaspTop10(OwaspTop10Version owaspTop10Version, OwaspTop10... standards) {
- Objects.requireNonNull(owaspTop10Version, "Owasp version must not be null");
+ requireNonNull(owaspTop10Version, "Owasp version must not be null");
for (OwaspTop10 owaspTop10 : standards) {
String standard = owaspTop10Version.prefix() + ":" + owaspTop10.name().toLowerCase(Locale.ENGLISH);
@@ -244,6 +245,18 @@ class DefaultNewRule extends RulesDefinition.NewRule {
}
@Override
+ public DefaultNewRule addPciDss(PciDssVersion pciDssVersion, String... requirements) {
+ requireNonNull(pciDssVersion, "PCI DSS version must not be null");
+ requireNonNull(requirements, "Requirements for PCI DSS standard must not be null");
+
+ for (String requirement : requirements) {
+ String standard = pciDssVersion.prefix() + ":" + requirement;
+ securityStandards.add(standard);
+ }
+ return this;
+ }
+
+ @Override
public DefaultNewRule addCwe(int... nums) {
for (int num : nums) {
String standard = "cwe:" + num;
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/server/rule/internal/DefaultNewRuleTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/server/rule/internal/DefaultNewRuleTest.java
index 730558805ee..d4e82b5b7ce 100644
--- a/sonar-plugin-api/src/test/java/org/sonar/api/server/rule/internal/DefaultNewRuleTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/server/rule/internal/DefaultNewRuleTest.java
@@ -28,6 +28,7 @@ import org.sonar.api.server.debt.DebtRemediationFunction;
import org.sonar.api.server.rule.RulesDefinition;
import org.sonar.api.server.rule.RulesDefinition.OwaspTop10;
import org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version;
+import org.sonar.api.server.rule.RulesDefinition.PciDssVersion;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
@@ -88,6 +89,13 @@ public class DefaultNewRuleTest {
assertThat(rule.securityStandards())
.contains("owaspTop10:a1", "owaspTop10:a2", "owaspTop10:a4", "owaspTop10-2021:a3", "owaspTop10-2021:a5");
+ rule.addPciDss(PciDssVersion.V3_2, "6.5.1");
+ rule.addPciDss(PciDssVersion.V3_2, "6.5");
+ rule.addPciDss(PciDssVersion.V4_0, "6.5.2", "6.5.10");
+
+ assertThat(rule.securityStandards())
+ .contains("pciDss-3.2:6.5.1", "pciDss-3.2:6.5", "pciDss-4.0:6.5.2", "pciDss-4.0:6.5.10");
+
rule.setType(RuleType.SECURITY_HOTSPOT);
assertThat(rule.type()).isEqualTo(RuleType.SECURITY_HOTSPOT);
@@ -142,8 +150,22 @@ public class DefaultNewRuleTest {
@Test
public void fail_if_null_owasp_version() {
- assertThatThrownBy(() -> rule.addOwaspTop10((OwaspTop10Version) null , OwaspTop10.A1))
- .isInstanceOf(NullPointerException.class)
- .hasMessage("Owasp version must not be null");
+ assertThatThrownBy(() -> rule.addOwaspTop10((OwaspTop10Version) null, OwaspTop10.A1))
+ .isInstanceOf(NullPointerException.class)
+ .hasMessage("Owasp version must not be null");
+ }
+
+ @Test
+ public void fail_if_null_pci_dss_version() {
+ assertThatThrownBy(() -> rule.addPciDss(null, "6.5.1"))
+ .isInstanceOf(NullPointerException.class)
+ .hasMessage("PCI DSS version must not be null");
+ }
+
+ @Test
+ public void fail_if_null_pci_dss_array() {
+ assertThatThrownBy(() -> rule.addPciDss(PciDssVersion.V3_2, null))
+ .isInstanceOf(NullPointerException.class)
+ .hasMessage("Requirements for PCI DSS standard must not be null");
}
}