diff options
author | Matteo Mara <matteo.mara@sonarsource.com> | 2022-05-09 11:28:06 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2022-05-10 20:02:47 +0000 |
commit | dafa3fa22dc51bd9d07af693d1015de49ccf3680 (patch) | |
tree | de8764c8578f20e97177fa7fe6cebea4b8c3b9d7 /server/sonar-server-common | |
parent | 41af7cd13eed44de4c3941669bdb5968347f454a (diff) | |
download | sonarqube-dafa3fa22dc51bd9d07af693d1015de49ccf3680.tar.gz sonarqube-dafa3fa22dc51bd9d07af693d1015de49ccf3680.zip |
SONAR-16370 identify taint issues by repository
Diffstat (limited to 'server/sonar-server-common')
-rw-r--r-- | server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java | 68 | ||||
-rw-r--r-- | server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java | 105 |
2 files changed, 173 insertions, 0 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java new file mode 100644 index 00000000000..0abd66b3756 --- /dev/null +++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java @@ -0,0 +1,68 @@ +/* + * SonarQube + * Copyright (C) 2009-2022 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.issue; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.function.Predicate; +import java.util.stream.Collectors; +import org.jetbrains.annotations.NotNull; +import org.sonar.db.issue.IssueDto; + +public class TaintChecker { + + private static final Set<String> TAINT_REPOSITORIES = Set.of("roslyn.sonaranalyzer.security.cs", "javasecurity", "jssecurity", "tssecurity", "phpsecurity", "pythonsecurity"); + + private TaintChecker() { + throw new IllegalStateException("Utility class, cannot be instantiated."); + } + + public static List<IssueDto> getTaintIssuesOnly(List<IssueDto> issues) { + return filterTaintIssues(issues, true); + } + + public static List<IssueDto> getStandardIssuesOnly(List<IssueDto> issues) { + return filterTaintIssues(issues, false); + } + + public static Map<Boolean, List<IssueDto>> mapIssuesByTaintStatus(List<IssueDto> issues) { + Map<Boolean, List<IssueDto>> issuesMap = new HashMap<>(); + issuesMap.put(true, getTaintIssuesOnly(issues)); + issuesMap.put(false, getStandardIssuesOnly(issues)); + return issuesMap; + } + + private static List<IssueDto> filterTaintIssues(List<IssueDto> issues, boolean returnTaint) { + return issues.stream() + .filter(getTaintIssueFilter(returnTaint)) + .collect(Collectors.toList()); + } + + @NotNull + private static Predicate<IssueDto> getTaintIssueFilter(boolean returnTaint) { + if (returnTaint) { + return issueDto -> TAINT_REPOSITORIES.contains(issueDto.getRuleRepo()); + } + return issueDto -> !TAINT_REPOSITORIES.contains(issueDto.getRuleRepo()); + } + +} diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java new file mode 100644 index 00000000000..e98b2ba45ba --- /dev/null +++ b/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java @@ -0,0 +1,105 @@ +/* + * SonarQube + * Copyright (C) 2009-2022 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.issue; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import org.junit.Test; +import org.sonar.db.issue.IssueDto; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.issue.TaintChecker.getStandardIssuesOnly; +import static org.sonar.server.issue.TaintChecker.getTaintIssuesOnly; +import static org.sonar.server.issue.TaintChecker.mapIssuesByTaintStatus; + +public class TaintCheckerTest { + + @Test + public void test_getTaintIssuesOnly() { + + List<IssueDto> taintIssues = getTaintIssuesOnly(getIssues()); + + assertThat(taintIssues).hasSize(6); + assertThat(taintIssues.get(0).getKey()).isEqualTo("taintIssue1"); + assertThat(taintIssues.get(1).getKey()).isEqualTo("taintIssue2"); + assertThat(taintIssues.get(2).getKey()).isEqualTo("taintIssue3"); + assertThat(taintIssues.get(3).getKey()).isEqualTo("taintIssue4"); + assertThat(taintIssues.get(4).getKey()).isEqualTo("taintIssue5"); + assertThat(taintIssues.get(5).getKey()).isEqualTo("taintIssue6"); + + } + + @Test + public void test_getStandardIssuesOnly() { + + List<IssueDto> standardIssues = getStandardIssuesOnly(getIssues()); + + assertThat(standardIssues).hasSize(3); + assertThat(standardIssues.get(0).getKey()).isEqualTo("standardIssue1"); + assertThat(standardIssues.get(1).getKey()).isEqualTo("standardIssue2"); + assertThat(standardIssues.get(2).getKey()).isEqualTo("standardIssue3"); + } + + @Test + public void test_mapIssuesByTaintStatus() { + Map<Boolean, List<IssueDto>> issuesByTaintStatus = mapIssuesByTaintStatus(getIssues()); + + assertThat(issuesByTaintStatus.keySet()).hasSize(2); + assertThat(issuesByTaintStatus.get(true)).hasSize(6); + assertThat(issuesByTaintStatus.get(false)).hasSize(3); + + assertThat(issuesByTaintStatus.get(true).get(0).getKey()).isEqualTo("taintIssue1"); + assertThat(issuesByTaintStatus.get(true).get(1).getKey()).isEqualTo("taintIssue2"); + assertThat(issuesByTaintStatus.get(true).get(2).getKey()).isEqualTo("taintIssue3"); + assertThat(issuesByTaintStatus.get(true).get(3).getKey()).isEqualTo("taintIssue4"); + assertThat(issuesByTaintStatus.get(true).get(4).getKey()).isEqualTo("taintIssue5"); + assertThat(issuesByTaintStatus.get(true).get(5).getKey()).isEqualTo("taintIssue6"); + + assertThat(issuesByTaintStatus.get(false).get(0).getKey()).isEqualTo("standardIssue1"); + assertThat(issuesByTaintStatus.get(false).get(1).getKey()).isEqualTo("standardIssue2"); + assertThat(issuesByTaintStatus.get(false).get(2).getKey()).isEqualTo("standardIssue3"); + } + + private List<IssueDto> getIssues() { + List<IssueDto> issues = new ArrayList<>(); + + issues.add(createIssueWithRepository("taintIssue1", "roslyn.sonaranalyzer.security.cs")); + issues.add(createIssueWithRepository("taintIssue2", "javasecurity")); + issues.add(createIssueWithRepository("taintIssue3", "jssecurity")); + issues.add(createIssueWithRepository("taintIssue4", "tssecurity")); + issues.add(createIssueWithRepository("taintIssue5", "phpsecurity")); + issues.add(createIssueWithRepository("taintIssue6", "pythonsecurity")); + + issues.add(createIssueWithRepository("standardIssue1", "java")); + issues.add(createIssueWithRepository("standardIssue2", "python")); + issues.add(createIssueWithRepository("standardIssue3", "js")); + + return issues; + } + + private IssueDto createIssueWithRepository(String issueKey, String repository) { + IssueDto issueDto = new IssueDto(); + issueDto.setKee(issueKey); + issueDto.setRuleKey(repository, "S1"); + return issueDto; + } + +} |