SONAR-10300 Forbid system properties in api/settings

8 files changed, 371 insertions, 1 deletions

diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java
index c46c38a108c..cf0d2d94bec 100644
--- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java
@@ -34,6 +34,7 @@ import org.sonar.server.platform.db.migration.version.v65.DbVersion65;
 import org.sonar.server.platform.db.migration.version.v66.DbVersion66;
 import org.sonar.server.platform.db.migration.version.v67.DbVersion67;
 import org.sonar.server.platform.db.migration.version.v70.DbVersion70;
+import org.sonar.server.platform.db.migration.version.v71.DbVersion71;
 
 public class MigrationConfigurationModule extends Module {
   @Override
@@ -51,6 +52,7 @@ public class MigrationConfigurationModule extends Module {
       DbVersion66.class,
       DbVersion67.class,
       DbVersion70.class,
+      DbVersion71.class,
 
       // migration steps
       MigrationStepRegistryImpl.class,
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/DbVersion71.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/DbVersion71.java
new file mode 100644
index 00000000000..2705f099de4
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/DbVersion71.java
@@ -0,0 +1,32 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v71;
+
+import org.sonar.server.platform.db.migration.step.MigrationStepRegistry;
+import org.sonar.server.platform.db.migration.version.DbVersion;
+
+public class DbVersion71 implements DbVersion {
+
+  @Override
+  public void addSteps(MigrationStepRegistry registry) {
+    registry
+      .add(2000, "Delete settings defined in sonar.properties from PROPERTIES table", DeleteSettingsDefinedInSonarDotProperties.class);
+  }
+}
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotProperties.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotProperties.java
new file mode 100644
index 00000000000..74484fa3db5
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotProperties.java
@@ -0,0 +1,128 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+package org.sonar.server.platform.db.migration.version.v71;
+
+import com.google.common.base.Joiner;
+import java.sql.SQLException;
+import java.util.List;
+import org.sonar.api.utils.log.Logger;
+import org.sonar.api.utils.log.Loggers;
+import org.sonar.core.util.stream.MoreCollectors;
+import org.sonar.db.Database;
+import org.sonar.server.platform.db.migration.step.DataChange;
+import org.sonar.server.platform.db.migration.step.MassUpdate;
+import org.sonar.server.platform.db.migration.step.SqlStatement;
+
+import static java.util.Arrays.asList;
+
+public class DeleteSettingsDefinedInSonarDotProperties extends DataChange {
+
+  private static final Logger LOG = Loggers.get(DeleteSettingsDefinedInSonarDotProperties.class);
+
+  private static final List<String> SONAR_PROPERTIES = asList(
+    "sonar.jdbc.url",
+    "sonar.jdbc.username",
+    "sonar.jdbc.password",
+    "sonar.jdbc.driverPath",
+    "sonar.jdbc.maxActive",
+    "sonar.jdbc.maxIdle",
+    "sonar.jdbc.minIdle",
+    "sonar.jdbc.maxWait",
+    "sonar.jdbc.minEvictableIdleTimeMillis",
+    "sonar.jdbc.timeBetweenEvictionRunsMillis",
+    "sonar.embeddedDatabase.port",
+    "sonar.path.data",
+    "sonar.path.home",
+    "sonar.path.logs",
+    "sonar.path.temp",
+    "sonar.path.web",
+    "sonar.search.host",
+    "sonar.search.port",
+    "sonar.search.httpPort",
+    "sonar.search.javaOpts",
+    "sonar.search.javaAdditionalOpts",
+    "sonar.search.replicas",
+    "sonar.search.minimumMasterNodes",
+    "sonar.search.initialStateTimeout",
+    "sonar.web.javaOpts",
+    "sonar.web.javaAdditionalOpts",
+    "sonar.web.port",
+    "sonar.auth.jwtBase64Hs256Secret",
+    "sonar.ce.javaOpts",
+    "sonar.ce.javaAdditionalOpts",
+    "sonar.enableStopCommand",
+    "http.proxyHost",
+    "https.proxyHost",
+    "http.proxyPort",
+    "https.proxyPort",
+    "http.proxyUser",
+    "http.proxyPassword",
+    "sonar.cluster.enabled",
+    "sonar.cluster.node.type",
+    "sonar.cluster.search.hosts",
+    "sonar.cluster.hosts",
+    "sonar.cluster.node.port",
+    "sonar.cluster.node.host",
+    "sonar.cluster.node.name",
+    "sonar.cluster.name",
+    "sonar.cluster.web.startupLeader",
+    "sonar.sonarcloud.enabled",
+    "sonar.updatecenter.activate",
+    "http.nonProxyHosts",
+    "http.auth.ntlm.domain",
+    "socksProxyHost",
+    "socksProxyPort",
+    "sonar.web.sso.enable",
+    "sonar.web.sso.loginHeader",
+    "sonar.web.sso.nameHeader",
+    "sonar.web.sso.emailHeader",
+    "sonar.web.sso.groupsHeader",
+    "sonar.web.sso.refreshIntervalInMinutes",
+    "sonar.security.realm",
+    "sonar.authenticator.ignoreStartupFailure",
+    "sonar.telemetry.enable",
+    "sonar.telemetry.url",
+    "sonar.telemetry.frequencyInSeconds");
+
+  private static final Joiner COMMA_JOINER = Joiner.on(",");
+
+  public DeleteSettingsDefinedInSonarDotProperties(Database db) {
+    super(db);
+  }
+
+  @Override
+  protected void execute(DataChange.Context context) throws SQLException {
+    MassUpdate massUpdate = context.prepareMassUpdate();
+    String selectSql = "select id, prop_key from properties where prop_key in (";
+    selectSql += SONAR_PROPERTIES.stream().map(p -> "?").collect(MoreCollectors.join(COMMA_JOINER));
+    selectSql += ")";
+    SqlStatement selectStatement = massUpdate.select(selectSql);
+    for (int i = 1; i <= SONAR_PROPERTIES.size(); i++) {
+      selectStatement.setString(i, SONAR_PROPERTIES.get(i - 1));
+    }
+    massUpdate.update("delete from properties where id=?");
+    massUpdate.execute((row, update) -> {
+      update.setLong(1, row.getLong(1));
+      LOG.warn("System setting '{}' was defined in database, it has been removed", row.getString(2));
+      return true;
+    });
+  }
+}
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/package-info.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/package-info.java
new file mode 100644
index 00000000000..8bce9750fc5
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v71/package-info.java
@@ -0,0 +1,24 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+@ParametersAreNonnullByDefault
+package org.sonar.server.platform.db.migration.version.v71;
+
+import javax.annotation.ParametersAreNonnullByDefault;
+
diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java
index f554ff144dd..29059e5f75e 100644
--- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java
@@ -37,7 +37,7 @@ public class MigrationConfigurationModuleTest {
     assertThat(container.getPicoContainer().getComponentAdapters())
       .hasSize(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER
         // DbVersion classes
-        + 11
+        + 12
         // Others
         + 3);
   }
diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v71/DbVersion71Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v71/DbVersion71Test.java
new file mode 100644
index 00000000000..47b980bb2fa
--- /dev/null
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v71/DbVersion71Test.java
@@ -0,0 +1,42 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+package org.sonar.server.platform.db.migration.version.v71;
+
+import org.junit.Test;
+
+import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMigrationCount;
+import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMinimumMigrationNumber;
+
+public class DbVersion71Test {
+
+  private DbVersion71 underTest = new DbVersion71();
+
+  @Test
+  public void migrationNumber_starts_at_2000() {
+    verifyMinimumMigrationNumber(underTest, 2000);
+  }
+
+  @Test
+  public void verify_migration_count() {
+    verifyMigrationCount(underTest, 1);
+  }
+
+}
diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotPropertiesTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotPropertiesTest.java
new file mode 100644
index 00000000000..8e7e9596705
--- /dev/null
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotPropertiesTest.java
@@ -0,0 +1,131 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+package org.sonar.server.platform.db.migration.version.v71;
+
+import java.sql.SQLException;
+import java.util.stream.Collectors;
+import javax.annotation.Nullable;
+import org.assertj.core.groups.Tuple;
+import org.junit.Rule;
+import org.junit.Test;
+import org.sonar.api.utils.log.LogTester;
+import org.sonar.api.utils.log.LoggerLevel;
+import org.sonar.db.CoreDbTester;
+import org.sonar.server.platform.db.migration.step.DataChange;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.tuple;
+
+public class DeleteSettingsDefinedInSonarDotPropertiesTest {
+
+  @Rule
+  public CoreDbTester db = CoreDbTester.createForSchema(DeleteSettingsDefinedInSonarDotPropertiesTest.class, "properties.sql");
+
+  @Rule
+  public LogTester logTester = new LogTester();
+
+  private DataChange underTest = new DeleteSettingsDefinedInSonarDotProperties(db.database());
+
+  @Test
+  public void delete_sonar_dot_properties_settings() throws SQLException {
+    insertSetting("sonar.jdbc.url");
+    insertSetting("sonar.path.data");
+    insertSetting("sonar.cluster.enabled");
+    insertSetting("sonar.updatecenter.activate");
+
+    underTest.execute();
+
+    assertNoSettings();
+  }
+
+  @Test
+  public void log_removed_settings() throws SQLException {
+    insertSetting("sonar.jdbc.url");
+    insertSetting("not.to.be.removed");
+
+    underTest.execute();
+
+    assertThat(logTester.logs(LoggerLevel.WARN)).containsExactlyInAnyOrder("System setting 'sonar.jdbc.url' was defined in database, it has been removed");
+  }
+
+  @Test
+  public void delete_setting_at_global_and_component_level() throws SQLException {
+    insertSetting("sonar.jdbc.url", null);
+    insertSetting("sonar.jdbc.url", 100L);
+
+    underTest.execute();
+
+    assertNoSettings();
+  }
+
+  @Test
+  public void migration_is_reentrant() throws SQLException {
+    insertSetting("sonar.jdbc.url");
+
+    underTest.execute();
+    assertNoSettings();
+
+    underTest.execute();
+    assertNoSettings();
+  }
+
+  @Test
+  public void does_nothing_when_no_sonar_dot_properties_settings() throws SQLException {
+    insertSetting("other");
+
+    underTest.execute();
+
+    assertSettings(tuple("other", null));
+  }
+
+  @Test
+  public void does_nothing_on_empty_table() throws SQLException {
+    underTest.execute();
+
+    assertSettings();
+  }
+
+  private void assertSettings(Tuple... expectedTuples) {
+    assertThat(db.select("SELECT PROP_KEY, RESOURCE_ID FROM PROPERTIES")
+      .stream()
+      .map(map -> new Tuple(map.get("PROP_KEY"), map.get("RESOURCE_ID")))
+      .collect(Collectors.toList()))
+        .containsExactlyInAnyOrder(expectedTuples);
+  }
+
+  private void assertNoSettings() {
+    assertSettings();
+  }
+
+  private void insertSetting(String key) {
+    insertSetting(key, null);
+  }
+
+  private void insertSetting(String key, @Nullable Long componentId) {
+    db.executeInsert(
+      "properties",
+      "PROP_KEY", key,
+      "RESOURCE_ID", componentId,
+      "IS_EMPTY", false,
+      "CREATED_AT", 1000);
+  }
+
+}
diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotPropertiesTest/properties.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotPropertiesTest/properties.sql
new file mode 100644
index 00000000000..d84c238cd48
--- /dev/null
+++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v71/DeleteSettingsDefinedInSonarDotPropertiesTest/properties.sql
@@ -0,0 +1,11 @@
+CREATE TABLE "PROPERTIES" (
+  "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+  "PROP_KEY" VARCHAR(512) NOT NULL,
+  "RESOURCE_ID" INTEGER,
+  "USER_ID" INTEGER,
+  "IS_EMPTY" BOOLEAN NOT NULL,
+  "TEXT_VALUE" VARCHAR(4000),
+  "CLOB_VALUE" CLOB,
+  "CREATED_AT" BIGINT
+);
+CREATE INDEX "PROPERTIES_KEY" ON "PROPERTIES" ("PROP_KEY");