aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-webserver-api
diff options
context:
space:
mode:
authorZipeng WU <zipeng.wu@sonarsource.com>2021-03-23 08:32:29 +0100
committersonartech <sonartech@sonarsource.com>2021-04-15 20:03:44 +0000
commit8b518c6bccb19f5416991dd05b0924ddd0838526 (patch)
treea78a21e78c20d769db312223a3aa102dc904e549 /server/sonar-webserver-api
parenta3ae9a82c4f2b99e68a2bc837b8fa318e7d410a1 (diff)
downloadsonarqube-8b518c6bccb19f5416991dd05b0924ddd0838526.tar.gz
sonarqube-8b518c6bccb19f5416991dd05b0924ddd0838526.zip
SONAR-14606 make consent required when startup with external plugins
Diffstat (limited to 'server/sonar-webserver-api')
-rw-r--r--server/sonar-webserver-api/src/main/java/org/sonar/server/plugins/PluginConsentVerifier.java73
-rw-r--r--server/sonar-webserver-api/src/test/java/org/sonar/server/plugins/PluginConsentVerifierTest.java138
2 files changed, 211 insertions, 0 deletions
diff --git a/server/sonar-webserver-api/src/main/java/org/sonar/server/plugins/PluginConsentVerifier.java b/server/sonar-webserver-api/src/main/java/org/sonar/server/plugins/PluginConsentVerifier.java
new file mode 100644
index 00000000000..8bb031476d8
--- /dev/null
+++ b/server/sonar-webserver-api/src/main/java/org/sonar/server/plugins/PluginConsentVerifier.java
@@ -0,0 +1,73 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2021 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.plugins;
+
+import java.util.Optional;
+
+import org.picocontainer.Startable;
+import org.sonar.core.extension.PluginRiskConsent;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
+import org.sonar.db.property.PropertyDto;
+
+import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT;
+import static org.sonar.core.extension.PluginRiskConsent.NOT_ACCEPTED;
+import static org.sonar.core.extension.PluginRiskConsent.REQUIRED;
+
+public class PluginConsentVerifier implements Startable {
+ private final ServerPluginRepository pluginRepository;
+ private final DbClient dbClient;
+
+ public PluginConsentVerifier(ServerPluginRepository pluginRepository, DbClient dbClient) {
+ this.pluginRepository = pluginRepository;
+ this.dbClient = dbClient;
+ }
+
+ @Override
+ public void start() {
+ boolean hasExternalPlugins = pluginRepository.getPlugins().stream().anyMatch(plugin -> plugin.getType().equals(PluginType.EXTERNAL));
+ try (DbSession session = dbClient.openSession(false)) {
+ PropertyDto property = Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(session, PLUGINS_RISK_CONSENT))
+ .orElse(defaultPluginRiskConsentProperty());
+ if (hasExternalPlugins && NOT_ACCEPTED == PluginRiskConsent.valueOf(property.getValue())) {
+ property.setValue(REQUIRED.name());
+ dbClient.propertiesDao().saveProperty(session, property);
+ session.commit();
+ } else if (!hasExternalPlugins && REQUIRED == PluginRiskConsent.valueOf(property.getValue())) {
+ property.setValue(NOT_ACCEPTED.name());
+ dbClient.propertiesDao().saveProperty(session, property);
+ session.commit();
+ }
+ }
+ }
+
+ private static PropertyDto defaultPluginRiskConsentProperty() {
+ PropertyDto property = new PropertyDto();
+ property.setKey(PLUGINS_RISK_CONSENT);
+ property.setValue(NOT_ACCEPTED.name());
+ return property;
+ }
+
+ @Override
+ public void stop() {
+ // Nothing to do
+ }
+
+}
diff --git a/server/sonar-webserver-api/src/test/java/org/sonar/server/plugins/PluginConsentVerifierTest.java b/server/sonar-webserver-api/src/test/java/org/sonar/server/plugins/PluginConsentVerifierTest.java
new file mode 100644
index 00000000000..e77d71e7936
--- /dev/null
+++ b/server/sonar-webserver-api/src/test/java/org/sonar/server/plugins/PluginConsentVerifierTest.java
@@ -0,0 +1,138 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2021 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.plugins;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.sonar.api.utils.System2;
+import org.sonar.core.extension.PluginRiskConsent;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbTester;
+import org.sonar.db.property.PropertyDto;
+
+import static java.util.Arrays.asList;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.sonar.core.config.CorePropertyDefinitions.PLUGINS_RISK_CONSENT;
+import static org.sonar.core.extension.PluginRiskConsent.ACCEPTED;
+import static org.sonar.core.extension.PluginRiskConsent.NOT_ACCEPTED;
+import static org.sonar.core.extension.PluginRiskConsent.REQUIRED;
+import static org.sonar.server.plugins.PluginType.BUNDLED;
+import static org.sonar.server.plugins.PluginType.EXTERNAL;
+
+public class PluginConsentVerifierTest {
+ @Rule
+ public DbTester db = DbTester.create(System2.INSTANCE);
+
+ private DbClient dbClient = db.getDbClient();
+ private ServerPluginRepository pluginRepository = mock(ServerPluginRepository.class);
+ private PluginConsentVerifier underTest = new PluginConsentVerifier(pluginRepository, dbClient);
+
+ @Test
+ public void require_consent_when_exist_external_plugins_and_not_accepted() {
+ setupExternalPluginConsent(NOT_ACCEPTED);
+ setupExternalPlugin();
+
+ underTest.start();
+
+ assertThat(dbClient.propertiesDao().selectGlobalProperty(PLUGINS_RISK_CONSENT))
+ .extracting(PropertyDto::getValue)
+ .isEqualTo(REQUIRED.name());
+ }
+
+ @Test
+ public void require_consent_when_exist_external_plugins_and_consent_property_not_exist() {
+ setupExternalPlugin();
+
+ underTest.start();
+
+ assertThat(dbClient.propertiesDao().selectGlobalProperty(PLUGINS_RISK_CONSENT))
+ .extracting(PropertyDto::getValue)
+ .isEqualTo(REQUIRED.name());
+ }
+
+ @Test
+ public void consent_does_not_change_when_value_is_accepted() {
+ setupExternalPluginConsent(ACCEPTED);
+ setupExternalPlugin();
+
+ underTest.start();
+
+ assertThat(dbClient.propertiesDao().selectGlobalProperty(PLUGINS_RISK_CONSENT))
+ .extracting(PropertyDto::getValue)
+ .isEqualTo(ACCEPTED.name());
+ }
+
+ @Test
+ public void consent_does_not_change_when_value_is_required() {
+ setupExternalPluginConsent(REQUIRED);
+ setupExternalPlugin();
+
+ underTest.start();
+
+ assertThat(dbClient.propertiesDao().selectGlobalProperty(PLUGINS_RISK_CONSENT))
+ .extracting(PropertyDto::getValue)
+ .isEqualTo(REQUIRED.name());
+ }
+
+ @Test
+ public void consent_should_be_not_accepted_when_there_is_no_external_plugin_and_never_been_accepted() {
+ setupExternalPluginConsent(REQUIRED);
+ setupBundledPlugin();
+
+ underTest.start();
+
+ assertThat(dbClient.propertiesDao().selectGlobalProperty(PLUGINS_RISK_CONSENT))
+ .extracting(PropertyDto::getValue)
+ .isEqualTo(NOT_ACCEPTED.name());
+ }
+
+ @Test
+ public void do_nothing_when_there_is_no_external_plugin() {
+ setupExternalPluginConsent(NOT_ACCEPTED);
+ setupBundledPlugin();
+
+ underTest.start();
+
+ assertThat(dbClient.propertiesDao().selectGlobalProperty(PLUGINS_RISK_CONSENT))
+ .extracting(PropertyDto::getValue)
+ .isEqualTo(NOT_ACCEPTED.name());
+ }
+
+ private void setupExternalPluginConsent(PluginRiskConsent pluginRiskConsent) {
+ dbClient.propertiesDao().saveProperty(new PropertyDto()
+ .setKey(PLUGINS_RISK_CONSENT)
+ .setValue(pluginRiskConsent.name()));
+ }
+
+ private void setupExternalPlugin() {
+ ServerPlugin plugin = mock(ServerPlugin.class);
+ when(plugin.getType()).thenReturn(EXTERNAL);
+ when(pluginRepository.getPlugins()).thenReturn(asList(plugin));
+ }
+
+ private void setupBundledPlugin() {
+ ServerPlugin plugin = mock(ServerPlugin.class);
+ when(plugin.getType()).thenReturn(BUNDLED);
+ when(pluginRepository.getPlugins()).thenReturn(asList(plugin));
+ }
+
+}