diff options
| author | belen-pruvost-sonarsource <belen.pruvost@sonarsource.com> | 2021-11-25 11:14:00 +0100 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2021-11-25 20:03:17 +0000 |
| commit | c2077e970a1e9c136cbc80743b23167c657b6f6b (patch) | |
| tree | 852870693a172764b9be18d9b8d08663009f4c04 /plugins/sonar-xoo-plugin/src | |
| parent | ec99908ddde9dc780ed7d1f2b31f0a489e742942 (diff) | |
| download | sonarqube-c2077e970a1e9c136cbc80743b23167c657b6f6b.tar.gz sonarqube-c2077e970a1e9c136cbc80743b23167c657b6f6b.zip | |
SONAR-15681 - IT for Owasp Top 10 2021 support in sonar-plugin-api
Diffstat (limited to 'plugins/sonar-xoo-plugin/src')
| -rw-r--r-- | plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java | 8 | ||||
| -rw-r--r-- | plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java | 38 |
2 files changed, 32 insertions, 14 deletions
diff --git a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java index 77f087f4b5f..bba672d9e8f 100644 --- a/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java +++ b/plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java @@ -31,6 +31,8 @@ import org.sonar.xoo.Xoo; import org.sonar.xoo.Xoo2; import org.sonar.xoo.checks.Check; +import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.*; + /** * Define all the coding rules that are supported on the repositories named "xoo" and "xoo2" */ @@ -200,13 +202,15 @@ public class XooRulesDefinition implements RulesDefinition { hotspot .setDebtRemediationFunction(hotspot.debtRemediationFunctions().constantPerIssue("2min")); - if (version != null && version.isGreaterThanOrEqual(Version.create(7, 3))) { + if (version != null && version.isGreaterThanOrEqual(Version.create(9, 3))) { hotspot .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3) + .addOwaspTop10(Y2021, OwaspTop10.A3, OwaspTop10.A2) .addCwe(1, 89, 123, 863); oneVulnerabilityIssuePerModule - .addOwaspTop10(OwaspTop10.A9, OwaspTop10.A10) + .addOwaspTop10(Y2017, OwaspTop10.A9, OwaspTop10.A10) + .addOwaspTop10(Y2021, OwaspTop10.A6, OwaspTop10.A9) .addCwe(250, 564, 546, 943); } diff --git a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java index 2160c1bc0e5..ce0101b1831 100644 --- a/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java +++ b/plugins/sonar-xoo-plugin/src/test/java/org/sonar/xoo/rule/XooRulesDefinitionTest.java @@ -33,7 +33,7 @@ import static org.assertj.core.api.Assertions.assertThat; public class XooRulesDefinitionTest { - private XooRulesDefinition def = new XooRulesDefinition(SonarRuntimeImpl.forSonarQube(Version.create(7, 3), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY)); + private XooRulesDefinition def = new XooRulesDefinition(SonarRuntimeImpl.forSonarQube(Version.create(9, 3), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY)); private RulesDefinition.Context context = new RulesDefinitionContext(); @@ -44,11 +44,7 @@ public class XooRulesDefinitionTest { @Test public void define_xoo_rules() { - RulesDefinition.Repository repo = context.repository("xoo"); - assertThat(repo).isNotNull(); - assertThat(repo.name()).isEqualTo("Xoo"); - assertThat(repo.language()).isEqualTo("xoo"); - assertThat(repo.rules()).hasSize(23); + RulesDefinition.Repository repo = getRepository(); RulesDefinition.Rule rule = repo.rule(OneIssuePerLineSensor.RULE_KEY); assertThat(rule.name()).isNotEmpty(); @@ -60,17 +56,26 @@ public class XooRulesDefinitionTest { @Test public void define_xoo_hotspot_rule() { - RulesDefinition.Repository repo = context.repository("xoo"); - assertThat(repo).isNotNull(); - assertThat(repo.name()).isEqualTo("Xoo"); - assertThat(repo.language()).isEqualTo("xoo"); - assertThat(repo.rules()).hasSize(23); + RulesDefinition.Repository repo = getRepository(); RulesDefinition.Rule rule = repo.rule(HotspotSensor.RULE_KEY); assertThat(rule.name()).isNotEmpty(); assertThat(rule.securityStandards()) .isNotEmpty() - .containsExactlyInAnyOrder("cwe:1", "cwe:89", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3"); + .containsExactlyInAnyOrder("cwe:1", "cwe:89", "cwe:123", "cwe:863", "owaspTop10:a1", "owaspTop10:a3", + "owaspTop10-2021:a3", "owaspTop10-2021:a2"); + } + + @Test + public void define_xoo_vulnerability_rule() { + RulesDefinition.Repository repo = getRepository(); + + RulesDefinition.Rule rule = repo.rule(OneVulnerabilityIssuePerModuleSensor.RULE_KEY); + assertThat(rule.name()).isNotEmpty(); + assertThat(rule.securityStandards()) + .isNotEmpty() + .containsExactlyInAnyOrder("cwe:250", "cwe:546", "cwe:564", "cwe:943", "owaspTop10-2021:a6", "owaspTop10-2021:a9", + "owaspTop10:a10", "owaspTop10:a9"); } @Test @@ -90,4 +95,13 @@ public class XooRulesDefinitionTest { assertThat(repo.language()).isEqualTo("xoo2"); assertThat(repo.rules()).hasSize(2); } + + private RulesDefinition.Repository getRepository() { + RulesDefinition.Repository repo = context.repository("xoo"); + assertThat(repo).isNotNull(); + assertThat(repo.name()).isEqualTo("Xoo"); + assertThat(repo.language()).isEqualTo("xoo"); + assertThat(repo.rules()).hasSize(23); + return repo; + } } |