aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-server-common
diff options
context:
space:
mode:
authorMatteo Mara <matteo.mara@sonarsource.com>2022-05-09 11:28:06 +0200
committersonartech <sonartech@sonarsource.com>2022-05-10 20:02:47 +0000
commitdafa3fa22dc51bd9d07af693d1015de49ccf3680 (patch)
treede8764c8578f20e97177fa7fe6cebea4b8c3b9d7 /server/sonar-server-common
parent41af7cd13eed44de4c3941669bdb5968347f454a (diff)
downloadsonarqube-dafa3fa22dc51bd9d07af693d1015de49ccf3680.tar.gz
sonarqube-dafa3fa22dc51bd9d07af693d1015de49ccf3680.zip
SONAR-16370 identify taint issues by repository
Diffstat (limited to 'server/sonar-server-common')
-rw-r--r--server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java68
-rw-r--r--server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java105
2 files changed, 173 insertions, 0 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java
new file mode 100644
index 00000000000..0abd66b3756
--- /dev/null
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java
@@ -0,0 +1,68 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.issue;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Predicate;
+import java.util.stream.Collectors;
+import org.jetbrains.annotations.NotNull;
+import org.sonar.db.issue.IssueDto;
+
+public class TaintChecker {
+
+ private static final Set<String> TAINT_REPOSITORIES = Set.of("roslyn.sonaranalyzer.security.cs", "javasecurity", "jssecurity", "tssecurity", "phpsecurity", "pythonsecurity");
+
+ private TaintChecker() {
+ throw new IllegalStateException("Utility class, cannot be instantiated.");
+ }
+
+ public static List<IssueDto> getTaintIssuesOnly(List<IssueDto> issues) {
+ return filterTaintIssues(issues, true);
+ }
+
+ public static List<IssueDto> getStandardIssuesOnly(List<IssueDto> issues) {
+ return filterTaintIssues(issues, false);
+ }
+
+ public static Map<Boolean, List<IssueDto>> mapIssuesByTaintStatus(List<IssueDto> issues) {
+ Map<Boolean, List<IssueDto>> issuesMap = new HashMap<>();
+ issuesMap.put(true, getTaintIssuesOnly(issues));
+ issuesMap.put(false, getStandardIssuesOnly(issues));
+ return issuesMap;
+ }
+
+ private static List<IssueDto> filterTaintIssues(List<IssueDto> issues, boolean returnTaint) {
+ return issues.stream()
+ .filter(getTaintIssueFilter(returnTaint))
+ .collect(Collectors.toList());
+ }
+
+ @NotNull
+ private static Predicate<IssueDto> getTaintIssueFilter(boolean returnTaint) {
+ if (returnTaint) {
+ return issueDto -> TAINT_REPOSITORIES.contains(issueDto.getRuleRepo());
+ }
+ return issueDto -> !TAINT_REPOSITORIES.contains(issueDto.getRuleRepo());
+ }
+
+}
diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java
new file mode 100644
index 00000000000..e98b2ba45ba
--- /dev/null
+++ b/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java
@@ -0,0 +1,105 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.issue;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import org.junit.Test;
+import org.sonar.db.issue.IssueDto;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.sonar.server.issue.TaintChecker.getStandardIssuesOnly;
+import static org.sonar.server.issue.TaintChecker.getTaintIssuesOnly;
+import static org.sonar.server.issue.TaintChecker.mapIssuesByTaintStatus;
+
+public class TaintCheckerTest {
+
+ @Test
+ public void test_getTaintIssuesOnly() {
+
+ List<IssueDto> taintIssues = getTaintIssuesOnly(getIssues());
+
+ assertThat(taintIssues).hasSize(6);
+ assertThat(taintIssues.get(0).getKey()).isEqualTo("taintIssue1");
+ assertThat(taintIssues.get(1).getKey()).isEqualTo("taintIssue2");
+ assertThat(taintIssues.get(2).getKey()).isEqualTo("taintIssue3");
+ assertThat(taintIssues.get(3).getKey()).isEqualTo("taintIssue4");
+ assertThat(taintIssues.get(4).getKey()).isEqualTo("taintIssue5");
+ assertThat(taintIssues.get(5).getKey()).isEqualTo("taintIssue6");
+
+ }
+
+ @Test
+ public void test_getStandardIssuesOnly() {
+
+ List<IssueDto> standardIssues = getStandardIssuesOnly(getIssues());
+
+ assertThat(standardIssues).hasSize(3);
+ assertThat(standardIssues.get(0).getKey()).isEqualTo("standardIssue1");
+ assertThat(standardIssues.get(1).getKey()).isEqualTo("standardIssue2");
+ assertThat(standardIssues.get(2).getKey()).isEqualTo("standardIssue3");
+ }
+
+ @Test
+ public void test_mapIssuesByTaintStatus() {
+ Map<Boolean, List<IssueDto>> issuesByTaintStatus = mapIssuesByTaintStatus(getIssues());
+
+ assertThat(issuesByTaintStatus.keySet()).hasSize(2);
+ assertThat(issuesByTaintStatus.get(true)).hasSize(6);
+ assertThat(issuesByTaintStatus.get(false)).hasSize(3);
+
+ assertThat(issuesByTaintStatus.get(true).get(0).getKey()).isEqualTo("taintIssue1");
+ assertThat(issuesByTaintStatus.get(true).get(1).getKey()).isEqualTo("taintIssue2");
+ assertThat(issuesByTaintStatus.get(true).get(2).getKey()).isEqualTo("taintIssue3");
+ assertThat(issuesByTaintStatus.get(true).get(3).getKey()).isEqualTo("taintIssue4");
+ assertThat(issuesByTaintStatus.get(true).get(4).getKey()).isEqualTo("taintIssue5");
+ assertThat(issuesByTaintStatus.get(true).get(5).getKey()).isEqualTo("taintIssue6");
+
+ assertThat(issuesByTaintStatus.get(false).get(0).getKey()).isEqualTo("standardIssue1");
+ assertThat(issuesByTaintStatus.get(false).get(1).getKey()).isEqualTo("standardIssue2");
+ assertThat(issuesByTaintStatus.get(false).get(2).getKey()).isEqualTo("standardIssue3");
+ }
+
+ private List<IssueDto> getIssues() {
+ List<IssueDto> issues = new ArrayList<>();
+
+ issues.add(createIssueWithRepository("taintIssue1", "roslyn.sonaranalyzer.security.cs"));
+ issues.add(createIssueWithRepository("taintIssue2", "javasecurity"));
+ issues.add(createIssueWithRepository("taintIssue3", "jssecurity"));
+ issues.add(createIssueWithRepository("taintIssue4", "tssecurity"));
+ issues.add(createIssueWithRepository("taintIssue5", "phpsecurity"));
+ issues.add(createIssueWithRepository("taintIssue6", "pythonsecurity"));
+
+ issues.add(createIssueWithRepository("standardIssue1", "java"));
+ issues.add(createIssueWithRepository("standardIssue2", "python"));
+ issues.add(createIssueWithRepository("standardIssue3", "js"));
+
+ return issues;
+ }
+
+ private IssueDto createIssueWithRepository(String issueKey, String repository) {
+ IssueDto issueDto = new IssueDto();
+ issueDto.setKee(issueKey);
+ issueDto.setRuleKey(repository, "S1");
+ return issueDto;
+ }
+
+}