SONAR-14501 Custom security config telemetry

author: Jacek <jacek.poreda@sonarsource.com> 2021-02-23 11:05:24 +0100
committer: sonartech <sonartech@sonarsource.com> 2021-02-26 20:07:39 +0000
commit: 10fef4f93aeefcf8d79e7eb93742d4460c75d90b (patch)
tree: 36f43dd41e9c239db4b3cf9821814810810776c4 /server/sonar-webserver-core
parent: 7657870eed718a74c6b4e8dbd18ab6f8d5d5bc78 (diff)
download: sonarqube-10fef4f93aeefcf8d79e7eb93742d4460c75d90b.tar.gz
sonarqube-10fef4f93aeefcf8d79e7eb93742d4460c75d90b.zip
2 files changed, 68 insertions, 13 deletions
diff --git a/server/sonar-webserver-core/src/main/java/org/sonar/server/telemetry/TelemetryDataLoaderImpl.java b/server/sonar-webserver-core/src/main/java/org/sonar/server/telemetry/TelemetryDataLoaderImpl.java
index 93f086e52e0..c0c518b4e33 100644
--- a/server/sonar-webserver-core/src/main/java/org/sonar/server/telemetry/TelemetryDataLoaderImpl.java
+++ b/server/sonar-webserver-core/src/main/java/org/sonar/server/telemetry/TelemetryDataLoaderImpl.java
@@ -21,12 +21,15 @@ package org.sonar.server.telemetry;
 
 import java.sql.DatabaseMetaData;
 import java.sql.SQLException;
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
+import org.sonar.api.config.Configuration;
 import org.sonar.api.platform.Server;
 import org.sonar.api.server.ServerSide;
 import org.sonar.core.platform.PlatformEditionProvider;
@@ -47,9 +50,12 @@ import org.sonar.server.telemetry.TelemetryData.Database;
 import org.sonar.server.user.index.UserIndex;
 import org.sonar.server.user.index.UserQuery;
 
+import static java.util.Arrays.asList;
 import static java.util.Optional.ofNullable;
 import static org.apache.commons.lang.StringUtils.startsWith;
 import static org.sonar.core.platform.EditionProvider.Edition.COMMUNITY;
+import static org.sonar.core.platform.EditionProvider.Edition.DATACENTER;
+import static org.sonar.core.platform.EditionProvider.Edition.ENTERPRISE;
 import static org.sonar.server.metric.UnanalyzedLanguageMetrics.UNANALYZED_CPP_KEY;
 import static org.sonar.server.metric.UnanalyzedLanguageMetrics.UNANALYZED_C_KEY;
 
@@ -61,18 +67,19 @@ public class TelemetryDataLoaderImpl implements TelemetryDataLoader {
   private final UserIndex userIndex;
   private final ProjectMeasuresIndex projectMeasuresIndex;
   private final PlatformEditionProvider editionProvider;
+  private final Configuration configuration;
   private final InternalProperties internalProperties;
   private final DockerSupport dockerSupport;
   @CheckForNull
   private final LicenseReader licenseReader;
 
   public TelemetryDataLoaderImpl(Server server, DbClient dbClient, PluginRepository pluginRepository, UserIndex userIndex, ProjectMeasuresIndex projectMeasuresIndex,
-    PlatformEditionProvider editionProvider, InternalProperties internalProperties, DockerSupport dockerSupport) {
-    this(server, dbClient, pluginRepository, userIndex, projectMeasuresIndex, editionProvider, internalProperties, dockerSupport, null);
+    PlatformEditionProvider editionProvider, InternalProperties internalProperties, Configuration configuration, DockerSupport dockerSupport) {
+    this(server, dbClient, pluginRepository, userIndex, projectMeasuresIndex, editionProvider, internalProperties, configuration, dockerSupport, null);
   }
 
   public TelemetryDataLoaderImpl(Server server, DbClient dbClient, PluginRepository pluginRepository, UserIndex userIndex, ProjectMeasuresIndex projectMeasuresIndex,
-    PlatformEditionProvider editionProvider, InternalProperties internalProperties,
+    PlatformEditionProvider editionProvider, InternalProperties internalProperties, Configuration configuration,
     DockerSupport dockerSupport, @Nullable LicenseReader licenseReader) {
     this.server = server;
     this.dbClient = dbClient;
@@ -81,6 +88,7 @@ public class TelemetryDataLoaderImpl implements TelemetryDataLoader {
     this.projectMeasuresIndex = projectMeasuresIndex;
     this.editionProvider = editionProvider;
     this.internalProperties = internalProperties;
+    this.configuration = configuration;
     this.dockerSupport = dockerSupport;
     this.licenseReader = licenseReader;
   }
@@ -129,6 +137,9 @@ public class TelemetryDataLoaderImpl implements TelemetryDataLoader {
 
       data.setAlmIntegrationCountByAlm(countAlmUsage(dbSession));
     }
+
+    setSecurityCustomConfigIfPresent(data);
+
     Optional<String> installationDateProperty = internalProperties.read(InternalProperties.INSTALLATION_DATE);
     installationDateProperty.ifPresent(s -> data.setInstallationDate(Long.valueOf(s)));
     Optional<String> installationVersionProperty = internalProperties.read(InternalProperties.INSTALLATION_VERSION);
@@ -138,6 +149,23 @@ public class TelemetryDataLoaderImpl implements TelemetryDataLoader {
     return data.build();
   }
 
+  private void setSecurityCustomConfigIfPresent(TelemetryData.Builder data) {
+    editionProvider.get()
+      .filter(edition -> asList(ENTERPRISE, DATACENTER).contains(edition))
+      .ifPresent(edition -> {
+        List<String> customSecurityConfigs = new LinkedList<>();
+        configuration.get("sonar.security.config.javasecurity")
+          .ifPresent(s -> customSecurityConfigs.add("java"));
+        configuration.get("sonar.security.config.phpsecurity")
+          .ifPresent(s -> customSecurityConfigs.add("php"));
+        configuration.get("sonar.security.config.pythonsecurity")
+          .ifPresent(s -> customSecurityConfigs.add("python"));
+        configuration.get("sonar.security.config.roslyn.sonaranalyzer.security.cs")
+          .ifPresent(s -> customSecurityConfigs.add("csharp"));
+        data.setCustomSecurityConfigs(customSecurityConfigs);
+      });
+  }
+
   private Map<String, Long> countAlmUsage(DbSession dbSession) {
     return dbClient.almSettingDao().selectAll(dbSession).stream()
       .collect(Collectors.groupingBy(almSettingDto -> {
diff --git a/server/sonar-webserver-core/src/test/java/org/sonar/server/telemetry/TelemetryDataLoaderImplTest.java b/server/sonar-webserver-core/src/test/java/org/sonar/server/telemetry/TelemetryDataLoaderImplTest.java
index a4925b0babb..981839617a3 100644
--- a/server/sonar-webserver-core/src/test/java/org/sonar/server/telemetry/TelemetryDataLoaderImplTest.java
+++ b/server/sonar-webserver-core/src/test/java/org/sonar/server/telemetry/TelemetryDataLoaderImplTest.java
@@ -26,6 +26,7 @@ import java.util.Optional;
 import java.util.stream.IntStream;
 import org.junit.Rule;
 import org.junit.Test;
+import org.sonar.api.config.Configuration;
 import org.sonar.api.impl.utils.TestSystem2;
 import org.sonar.core.platform.PlatformEditionProvider;
 import org.sonar.core.platform.PluginInfo;
@@ -58,6 +59,7 @@ import static org.sonar.api.measures.CoreMetrics.NCLOC_KEY;
 import static org.sonar.api.measures.CoreMetrics.NCLOC_LANGUAGE_DISTRIBUTION_KEY;
 import static org.sonar.core.platform.EditionProvider.Edition.COMMUNITY;
 import static org.sonar.core.platform.EditionProvider.Edition.DEVELOPER;
+import static org.sonar.core.platform.EditionProvider.Edition.ENTERPRISE;
 import static org.sonar.db.component.BranchType.BRANCH;
 import static org.sonar.db.component.BranchType.PULL_REQUEST;
 import static org.sonar.server.metric.UnanalyzedLanguageMetrics.UNANALYZED_CPP_KEY;
@@ -71,6 +73,7 @@ public class TelemetryDataLoaderImplTest {
 
   private final FakeServer server = new FakeServer();
   private final PluginRepository pluginRepository = mock(PluginRepository.class);
+  private final Configuration configuration = mock(Configuration.class);
   private final TestSystem2 system2 = new TestSystem2().setNow(System.currentTimeMillis());
   private final PlatformEditionProvider editionProvider = mock(PlatformEditionProvider.class);
   private final DockerSupport dockerSupport = mock(DockerSupport.class);
@@ -80,9 +83,9 @@ public class TelemetryDataLoaderImplTest {
   private final LicenseReader licenseReader = mock(LicenseReader.class);
 
   private final TelemetryDataLoader communityUnderTest = new TelemetryDataLoaderImpl(server, db.getDbClient(), pluginRepository, new UserIndex(es.client(), system2),
-    new ProjectMeasuresIndex(es.client(), null, system2), editionProvider, internalProperties, dockerSupport, null);
+    new ProjectMeasuresIndex(es.client(), null, system2), editionProvider, internalProperties, configuration, dockerSupport, null);
   private final TelemetryDataLoader commercialUnderTest = new TelemetryDataLoaderImpl(server, db.getDbClient(), pluginRepository, new UserIndex(es.client(), system2),
-    new ProjectMeasuresIndex(es.client(), null, system2), editionProvider, internalProperties, dockerSupport, licenseReader);
+    new ProjectMeasuresIndex(es.client(), null, system2), editionProvider, internalProperties, configuration, dockerSupport, licenseReader);
 
   @Test
   public void send_telemetry_data() {
@@ -144,14 +147,14 @@ public class TelemetryDataLoaderImplTest {
       entry("java", 500L), entry("kotlin", 2500L), entry("js", 50L));
     assertThat(data.isInDocker()).isFalse();
     assertThat(data.getAlmIntegrationCountByAlm())
-        .containsEntry("azure_devops_server", 1L)
-        .containsEntry("azure_devops_cloud", 1L)
-        .containsEntry("bitbucket_server", 1L)
-        .containsEntry("bitbucket_cloud", 1L)
-        .containsEntry("gitlab_server", 1L)
-        .containsEntry("gitlab_cloud", 1L)
-        .containsEntry("github_cloud", 1L)
-        .containsEntry("github_server", 1L);
+      .containsEntry("azure_devops_server", 1L)
+      .containsEntry("azure_devops_cloud", 1L)
+      .containsEntry("bitbucket_server", 1L)
+      .containsEntry("bitbucket_cloud", 1L)
+      .containsEntry("gitlab_server", 1L)
+      .containsEntry("gitlab_cloud", 1L)
+      .containsEntry("github_cloud", 1L)
+      .containsEntry("github_server", 1L);
   }
 
   private void assertDatabaseMetadata(TelemetryData.Database database) {
@@ -292,6 +295,30 @@ public class TelemetryDataLoaderImplTest {
     assertThat(data.hasUnanalyzedCpp().get()).isFalse();
   }
 
+  @Test
+  public void populate_security_custom_config_for_languages_on_enterprise() {
+    when(editionProvider.get()).thenReturn(Optional.of(ENTERPRISE));
+
+    when(configuration.get("sonar.security.config.javasecurity")).thenReturn(Optional.of("{}"));
+    when(configuration.get("sonar.security.config.phpsecurity")).thenReturn(Optional.of("{}"));
+    when(configuration.get("sonar.security.config.pythonsecurity")).thenReturn(Optional.of("{}"));
+    when(configuration.get("sonar.security.config.roslyn.sonaranalyzer.security.cs")).thenReturn(Optional.of("{}"));
+
+    TelemetryData data = commercialUnderTest.load();
+
+    assertThat(data.getCustomSecurityConfigs())
+      .containsExactlyInAnyOrder("java", "php", "python", "csharp");
+  }
+
+  @Test
+  public void skip_security_custom_config_on_community() {
+    when(editionProvider.get()).thenReturn(Optional.of(COMMUNITY));
+
+    TelemetryData data = communityUnderTest.load();
+
+    assertThat(data.getCustomSecurityConfigs()).isEmpty();
+  }
+
   private PluginInfo newPlugin(String key, String version) {
     return new PluginInfo(key)
       .setVersion(Version.create(version));
author	Jacek <jacek.poreda@sonarsource.com>	2021-02-23 11:05:24 +0100
committer	sonartech <sonartech@sonarsource.com>	2021-02-26 20:07:39 +0000
commit	10fef4f93aeefcf8d79e7eb93742d4460c75d90b (patch)
tree	36f43dd41e9c239db4b3cf9821814810810776c4 /server/sonar-webserver-core
parent	7657870eed718a74c6b4e8dbd18ab6f8d5d5bc78 (diff)
download	sonarqube-10fef4f93aeefcf8d79e7eb93742d4460c75d90b.tar.gz sonarqube-10fef4f93aeefcf8d79e7eb93742d4460c75d90b.zip