diff options
author | Matteo Mara <matteo.mara@sonarsource.com> | 2022-07-19 18:08:17 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2022-07-25 20:03:58 +0000 |
commit | 9cd44988c23e6533cbf34e5acc6d225e706f1707 (patch) | |
tree | 0a38b2a50f51400ceccf1d3b24a586a033dc9ef3 /server/sonar-server-common/src | |
parent | 3ffa7edb6113b9f51b1f03396827344561953586 (diff) | |
download | sonarqube-9cd44988c23e6533cbf34e5acc6d225e706f1707.tar.gz sonarqube-9cd44988c23e6533cbf34e5acc6d225e706f1707.zip |
SONAR-17061 add PCI DSS to security reports show API
Diffstat (limited to 'server/sonar-server-common/src')
5 files changed, 73 insertions, 4 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java index 5ee631b248c..ac194d590ab 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java @@ -276,13 +276,28 @@ public class IssueDoc extends BaseDoc { } @CheckForNull - public Collection<String> getOwaspTop10() { - return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10); + public Collection<String> getPciDss32() { + return getNullableField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_32); + } + + public IssueDoc setPciDss32(@Nullable Collection<String> o) { + setField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_32, o); + return this; + } + + public IssueDoc setPciDss40(@Nullable Collection<String> o) { + setField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_40, o); + return this; } @CheckForNull - public Collection<String> getOwaspTop10For2021() { - return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10_2021); + public Collection<String> getPciDss40() { + return getNullableField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_40); + } + + @CheckForNull + public Collection<String> getOwaspTop10() { + return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10); } public IssueDoc setOwaspTop10(@Nullable Collection<String> o) { @@ -290,6 +305,11 @@ public class IssueDoc extends BaseDoc { return this; } + @CheckForNull + public Collection<String> getOwaspTop10For2021() { + return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10_2021); + } + public IssueDoc setOwaspTop10For2021(@Nullable Collection<String> o) { setField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10_2021, o); return this; diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java index d7dd7fbb541..a0bf4593815 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java @@ -96,6 +96,8 @@ public class IssueIndexDefinition implements IndexDefinition { public static final String FIELD_ISSUE_STATUS = "status"; public static final String FIELD_ISSUE_TAGS = "tags"; public static final String FIELD_ISSUE_TYPE = "type"; + public static final String FIELD_ISSUE_PCI_DSS_32 = "pciDss-3.2"; + public static final String FIELD_ISSUE_PCI_DSS_40 = "pciDss-4.0"; public static final String FIELD_ISSUE_OWASP_TOP_10 = "owaspTop10"; public static final String FIELD_ISSUE_OWASP_TOP_10_2021 = "owaspTop10-2021"; public static final String FIELD_ISSUE_SANS_TOP_25 = "sansTop25"; @@ -164,6 +166,8 @@ public class IssueIndexDefinition implements IndexDefinition { mapping.keywordFieldBuilder(FIELD_ISSUE_STATUS).disableNorms().addSubFields(SORTABLE_ANALYZER).build(); mapping.keywordFieldBuilder(FIELD_ISSUE_TAGS).disableNorms().build(); mapping.keywordFieldBuilder(FIELD_ISSUE_TYPE).disableNorms().build(); + mapping.keywordFieldBuilder(FIELD_ISSUE_PCI_DSS_32).disableNorms().build(); + mapping.keywordFieldBuilder(FIELD_ISSUE_PCI_DSS_40).disableNorms().build(); mapping.keywordFieldBuilder(FIELD_ISSUE_OWASP_TOP_10).disableNorms().build(); mapping.keywordFieldBuilder(FIELD_ISSUE_OWASP_TOP_10_2021).disableNorms().build(); mapping.keywordFieldBuilder(FIELD_ISSUE_SANS_TOP_25).disableNorms().build(); diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java index 743f962f618..9586ff3cb55 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java @@ -235,6 +235,8 @@ class IssueIteratorForSingleChunk implements IssueIterator { SecurityStandards.SQCategory sqCategory = securityStandards.getSqCategory(); doc.setOwaspTop10(securityStandards.getOwaspTop10()); doc.setOwaspTop10For2021(securityStandards.getOwaspTop10For2021()); + doc.setPciDss32(securityStandards.getPciDss32()); + doc.setPciDss40(securityStandards.getPciDss40()); doc.setCwe(securityStandards.getCwe()); doc.setSansTop25(securityStandards.getSansTop25()); doc.setSonarSourceSecurityCategory(sqCategory); diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java index 4569aeecf17..afb13b4271b 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java @@ -37,6 +37,8 @@ import static java.util.Arrays.asList; import static java.util.Arrays.stream; import static java.util.Collections.singleton; import static java.util.Collections.singletonList; +import static org.sonar.api.server.rule.RulesDefinition.PciDssVersion.V3_2; +import static org.sonar.api.server.rule.RulesDefinition.PciDssVersion.V4_0; import static org.sonar.core.util.stream.MoreCollectors.toList; import static org.sonar.core.util.stream.MoreCollectors.toSet; import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex; @@ -54,6 +56,8 @@ public final class SecurityStandards { private static final String OWASP_TOP10_PREFIX = "owaspTop10:"; private static final String OWASP_TOP10_2021_PREFIX = "owaspTop10-2021:"; + private static final String PCI_DSS_32_PREFIX = V3_2.prefix() + ":"; + private static final String PCI_DSS_40_PREFIX = V4_0.prefix() + ":"; private static final String CWE_PREFIX = "cwe:"; // See https://www.sans.org/top25-software-errors private static final Set<String> INSECURE_CWE = new HashSet<>(asList("89", "78", "79", "434", "352", "601")); @@ -159,6 +163,20 @@ public final class SecurityStandards { } } + public enum PciDss { + R1("1"), R2("2"), R3("3"), R4("4"), R5("5"), R6("6"), R7("7"), R8("8"), R9("9"), R10("10"), R11("11"), R12("12"); + + private final String category; + + PciDss(String category) { + this.category = category; + } + + public String category() { + return category; + } + } + public static final Map<SQCategory, Set<String>> CWES_BY_SQ_CATEGORY = ImmutableMap.<SQCategory, Set<String>>builder() .put(SQCategory.BUFFER_OVERFLOW, Set.of("119", "120", "131", "676", "788")) .put(SQCategory.SQL_INJECTION, Set.of("89", "564", "943")) @@ -207,6 +225,14 @@ public final class SecurityStandards { return cwe; } + public Set<String> getPciDss32() { + return toPciDss(standards, PCI_DSS_32_PREFIX); + } + + public Set<String> getPciDss40() { + return toPciDss(standards, PCI_DSS_40_PREFIX); + } + public Set<String> getOwaspTop10() { return toOwaspTop10(standards, OWASP_TOP10_PREFIX); } @@ -250,6 +276,13 @@ public final class SecurityStandards { return new SecurityStandards(standards, cwe, sqCategory, ignoredSQCategories); } + private static Set<String> toPciDss(Set<String> securityStandards, String prefix) { + return securityStandards.stream() + .filter(s -> s.startsWith(prefix)) + .map(s -> s.substring(prefix.length())) + .collect(toSet()); + } + private static Set<String> toOwaspTop10(Set<String> securityStandards, String prefix) { return securityStandards.stream() .filter(s -> s.startsWith(prefix)) diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java index bfcf245dfe5..665d27fa357 100644 --- a/server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java +++ b/server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java @@ -19,10 +19,13 @@ */ package org.sonar.server.security; +import java.util.Arrays; import java.util.EnumSet; +import java.util.List; import java.util.Set; import java.util.stream.Collectors; import org.junit.Test; +import org.sonar.server.security.SecurityStandards.PciDss; import org.sonar.server.security.SecurityStandards.SQCategory; import static java.util.Collections.emptySet; @@ -115,4 +118,11 @@ public class SecurityStandardsTest { sqCategories.remove(expected); } } + + @Test + public void pciDss_categories_check() { + List<String> pciDssCategories = Arrays.stream(PciDss.values()).map(PciDss::category).collect(Collectors.toList()); + + assertThat(pciDssCategories).hasSize(12).containsExactly("1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12"); + } } |