aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-server-common/src
diff options
context:
space:
mode:
authorMatteo Mara <matteo.mara@sonarsource.com>2022-07-19 18:08:17 +0200
committersonartech <sonartech@sonarsource.com>2022-07-25 20:03:58 +0000
commit9cd44988c23e6533cbf34e5acc6d225e706f1707 (patch)
tree0a38b2a50f51400ceccf1d3b24a586a033dc9ef3 /server/sonar-server-common/src
parent3ffa7edb6113b9f51b1f03396827344561953586 (diff)
downloadsonarqube-9cd44988c23e6533cbf34e5acc6d225e706f1707.tar.gz
sonarqube-9cd44988c23e6533cbf34e5acc6d225e706f1707.zip
SONAR-17061 add PCI DSS to security reports show API
Diffstat (limited to 'server/sonar-server-common/src')
-rw-r--r--server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java28
-rw-r--r--server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java4
-rw-r--r--server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java2
-rw-r--r--server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java33
-rw-r--r--server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java10
5 files changed, 73 insertions, 4 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java
index 5ee631b248c..ac194d590ab 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueDoc.java
@@ -276,13 +276,28 @@ public class IssueDoc extends BaseDoc {
}
@CheckForNull
- public Collection<String> getOwaspTop10() {
- return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10);
+ public Collection<String> getPciDss32() {
+ return getNullableField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_32);
+ }
+
+ public IssueDoc setPciDss32(@Nullable Collection<String> o) {
+ setField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_32, o);
+ return this;
+ }
+
+ public IssueDoc setPciDss40(@Nullable Collection<String> o) {
+ setField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_40, o);
+ return this;
}
@CheckForNull
- public Collection<String> getOwaspTop10For2021() {
- return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10_2021);
+ public Collection<String> getPciDss40() {
+ return getNullableField(IssueIndexDefinition.FIELD_ISSUE_PCI_DSS_40);
+ }
+
+ @CheckForNull
+ public Collection<String> getOwaspTop10() {
+ return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10);
}
public IssueDoc setOwaspTop10(@Nullable Collection<String> o) {
@@ -290,6 +305,11 @@ public class IssueDoc extends BaseDoc {
return this;
}
+ @CheckForNull
+ public Collection<String> getOwaspTop10For2021() {
+ return getNullableField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10_2021);
+ }
+
public IssueDoc setOwaspTop10For2021(@Nullable Collection<String> o) {
setField(IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10_2021, o);
return this;
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java
index d7dd7fbb541..a0bf4593815 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIndexDefinition.java
@@ -96,6 +96,8 @@ public class IssueIndexDefinition implements IndexDefinition {
public static final String FIELD_ISSUE_STATUS = "status";
public static final String FIELD_ISSUE_TAGS = "tags";
public static final String FIELD_ISSUE_TYPE = "type";
+ public static final String FIELD_ISSUE_PCI_DSS_32 = "pciDss-3.2";
+ public static final String FIELD_ISSUE_PCI_DSS_40 = "pciDss-4.0";
public static final String FIELD_ISSUE_OWASP_TOP_10 = "owaspTop10";
public static final String FIELD_ISSUE_OWASP_TOP_10_2021 = "owaspTop10-2021";
public static final String FIELD_ISSUE_SANS_TOP_25 = "sansTop25";
@@ -164,6 +166,8 @@ public class IssueIndexDefinition implements IndexDefinition {
mapping.keywordFieldBuilder(FIELD_ISSUE_STATUS).disableNorms().addSubFields(SORTABLE_ANALYZER).build();
mapping.keywordFieldBuilder(FIELD_ISSUE_TAGS).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_TYPE).disableNorms().build();
+ mapping.keywordFieldBuilder(FIELD_ISSUE_PCI_DSS_32).disableNorms().build();
+ mapping.keywordFieldBuilder(FIELD_ISSUE_PCI_DSS_40).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_OWASP_TOP_10).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_OWASP_TOP_10_2021).disableNorms().build();
mapping.keywordFieldBuilder(FIELD_ISSUE_SANS_TOP_25).disableNorms().build();
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java
index 743f962f618..9586ff3cb55 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/IssueIteratorForSingleChunk.java
@@ -235,6 +235,8 @@ class IssueIteratorForSingleChunk implements IssueIterator {
SecurityStandards.SQCategory sqCategory = securityStandards.getSqCategory();
doc.setOwaspTop10(securityStandards.getOwaspTop10());
doc.setOwaspTop10For2021(securityStandards.getOwaspTop10For2021());
+ doc.setPciDss32(securityStandards.getPciDss32());
+ doc.setPciDss40(securityStandards.getPciDss40());
doc.setCwe(securityStandards.getCwe());
doc.setSansTop25(securityStandards.getSansTop25());
doc.setSonarSourceSecurityCategory(sqCategory);
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java
index 4569aeecf17..afb13b4271b 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/security/SecurityStandards.java
@@ -37,6 +37,8 @@ import static java.util.Arrays.asList;
import static java.util.Arrays.stream;
import static java.util.Collections.singleton;
import static java.util.Collections.singletonList;
+import static org.sonar.api.server.rule.RulesDefinition.PciDssVersion.V3_2;
+import static org.sonar.api.server.rule.RulesDefinition.PciDssVersion.V4_0;
import static org.sonar.core.util.stream.MoreCollectors.toList;
import static org.sonar.core.util.stream.MoreCollectors.toSet;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
@@ -54,6 +56,8 @@ public final class SecurityStandards {
private static final String OWASP_TOP10_PREFIX = "owaspTop10:";
private static final String OWASP_TOP10_2021_PREFIX = "owaspTop10-2021:";
+ private static final String PCI_DSS_32_PREFIX = V3_2.prefix() + ":";
+ private static final String PCI_DSS_40_PREFIX = V4_0.prefix() + ":";
private static final String CWE_PREFIX = "cwe:";
// See https://www.sans.org/top25-software-errors
private static final Set<String> INSECURE_CWE = new HashSet<>(asList("89", "78", "79", "434", "352", "601"));
@@ -159,6 +163,20 @@ public final class SecurityStandards {
}
}
+ public enum PciDss {
+ R1("1"), R2("2"), R3("3"), R4("4"), R5("5"), R6("6"), R7("7"), R8("8"), R9("9"), R10("10"), R11("11"), R12("12");
+
+ private final String category;
+
+ PciDss(String category) {
+ this.category = category;
+ }
+
+ public String category() {
+ return category;
+ }
+ }
+
public static final Map<SQCategory, Set<String>> CWES_BY_SQ_CATEGORY = ImmutableMap.<SQCategory, Set<String>>builder()
.put(SQCategory.BUFFER_OVERFLOW, Set.of("119", "120", "131", "676", "788"))
.put(SQCategory.SQL_INJECTION, Set.of("89", "564", "943"))
@@ -207,6 +225,14 @@ public final class SecurityStandards {
return cwe;
}
+ public Set<String> getPciDss32() {
+ return toPciDss(standards, PCI_DSS_32_PREFIX);
+ }
+
+ public Set<String> getPciDss40() {
+ return toPciDss(standards, PCI_DSS_40_PREFIX);
+ }
+
public Set<String> getOwaspTop10() {
return toOwaspTop10(standards, OWASP_TOP10_PREFIX);
}
@@ -250,6 +276,13 @@ public final class SecurityStandards {
return new SecurityStandards(standards, cwe, sqCategory, ignoredSQCategories);
}
+ private static Set<String> toPciDss(Set<String> securityStandards, String prefix) {
+ return securityStandards.stream()
+ .filter(s -> s.startsWith(prefix))
+ .map(s -> s.substring(prefix.length()))
+ .collect(toSet());
+ }
+
private static Set<String> toOwaspTop10(Set<String> securityStandards, String prefix) {
return securityStandards.stream()
.filter(s -> s.startsWith(prefix))
diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java
index bfcf245dfe5..665d27fa357 100644
--- a/server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java
+++ b/server/sonar-server-common/src/test/java/org/sonar/server/security/SecurityStandardsTest.java
@@ -19,10 +19,13 @@
*/
package org.sonar.server.security;
+import java.util.Arrays;
import java.util.EnumSet;
+import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.junit.Test;
+import org.sonar.server.security.SecurityStandards.PciDss;
import org.sonar.server.security.SecurityStandards.SQCategory;
import static java.util.Collections.emptySet;
@@ -115,4 +118,11 @@ public class SecurityStandardsTest {
sqCategories.remove(expected);
}
}
+
+ @Test
+ public void pciDss_categories_check() {
+ List<String> pciDssCategories = Arrays.stream(PciDss.values()).map(PciDss::category).collect(Collectors.toList());
+
+ assertThat(pciDssCategories).hasSize(12).containsExactly("1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12");
+ }
}