aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-webserver-es
diff options
context:
space:
mode:
authorMatteo Mara <matteo.mara@sonarsource.com>2023-09-27 18:09:19 +0200
committersonartech <sonartech@sonarsource.com>2023-09-29 20:02:47 +0000
commit562f94669463698cd913f2362d6580c0765a9b39 (patch)
tree91eee10d857caae0806ce3dfdf31a68e3e1bcc92 /server/sonar-webserver-es
parentcfe20cf4fd0bdadcb9b6aaf089c0cfe188d5fd20 (diff)
downloadsonarqube-562f94669463698cd913f2362d6580c0765a9b39.tar.gz
sonarqube-562f94669463698cd913f2362d6580c0765a9b39.zip
SONAR-20333 Update security reports with CWE Top 25 2023
Diffstat (limited to 'server/sonar-webserver-es')
-rw-r--r--server/sonar-webserver-es/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java89
1 files changed, 44 insertions, 45 deletions
diff --git a/server/sonar-webserver-es/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java b/server/sonar-webserver-es/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java
index 0ff92fd6965..535fae2a23b 100644
--- a/server/sonar-webserver-es/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java
+++ b/server/sonar-webserver-es/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java
@@ -40,9 +40,9 @@ import static java.util.stream.Collectors.toList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.server.rule.RulesDefinition.OwaspAsvsVersion;
-import static org.sonar.api.server.rule.RulesDefinition.PciDssVersion;
import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.Y2017;
import static org.sonar.api.server.rule.RulesDefinition.OwaspTop10Version.Y2021;
+import static org.sonar.api.server.rule.RulesDefinition.PciDssVersion;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
import static org.sonar.server.issue.IssueDocTesting.newDocForProject;
import static org.sonar.server.security.SecurityStandards.UNKNOWN_STANDARD;
@@ -586,28 +586,7 @@ public class IssueIndexSecurityReportsTest extends IssueIndexTestCommon {
.map(SecurityStandardCategoryStatistics::getCategory)
.collect(toList());
- assertThat(listOfYears).contains("2020", "2021", "2022");
-
- SecurityStandardCategoryStatistics cwe2020 = cweTop25Reports.stream()
- .filter(s -> s.getCategory().equals("2020"))
- .findAny().get();
- assertThat(cwe2020.getChildren()).hasSize(25);
- assertThat(findRuleInCweByYear(cwe2020, "119")).isNotNull()
- .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
- SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
- SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
- .containsExactlyInAnyOrder(1L, 0L, 0L);
- assertThat(findRuleInCweByYear(cwe2020, "89")).isNotNull()
- .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
- SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
- SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
- .containsExactlyInAnyOrder(0L, 1L, 0L);
- assertThat(findRuleInCweByYear(cwe2020, "862")).isNotNull()
- .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
- SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
- SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
- .containsExactlyInAnyOrder(1L, 0L, 0L);
- assertThat(findRuleInCweByYear(cwe2020, "999")).isNull();
+ assertThat(listOfYears).contains("2021", "2022", "2023");
SecurityStandardCategoryStatistics cwe2021 = cweTop25Reports.stream()
.filter(s -> s.getCategory().equals("2021"))
@@ -642,6 +621,27 @@ public class IssueIndexSecurityReportsTest extends IssueIndexTestCommon {
.containsExactlyInAnyOrder(0L, 1L, 0L);
assertThat(findRuleInCweByYear(cwe2022, "950")).isNull();
assertThat(findRuleInCweByYear(cwe2022, "999")).isNull();
+
+ SecurityStandardCategoryStatistics cwe2023 = cweTop25Reports.stream()
+ .filter(s -> s.getCategory().equals("2023"))
+ .findAny().get();
+ assertThat(cwe2023.getChildren()).hasSize(25);
+ assertThat(findRuleInCweByYear(cwe2023, "119")).isNotNull()
+ .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
+ SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
+ SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
+ .containsExactlyInAnyOrder(1L, 0L, 0L);
+ assertThat(findRuleInCweByYear(cwe2023, "89")).isNotNull()
+ .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
+ SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
+ SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
+ .containsExactlyInAnyOrder(0L, 1L, 0L);
+ assertThat(findRuleInCweByYear(cwe2023, "862")).isNotNull()
+ .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
+ SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
+ SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
+ .containsExactlyInAnyOrder(1L, 0L, 0L);
+ assertThat(findRuleInCweByYear(cwe2023, "999")).isNull();
}
@Test
@@ -670,28 +670,7 @@ public class IssueIndexSecurityReportsTest extends IssueIndexTestCommon {
.map(SecurityStandardCategoryStatistics::getCategory)
.collect(toList());
- assertThat(listOfYears).contains("2020", "2021", "2022");
-
- SecurityStandardCategoryStatistics cwe2020 = cweTop25Reports.stream()
- .filter(s -> s.getCategory().equals("2020"))
- .findAny().get();
- assertThat(cwe2020.getChildren()).hasSize(25);
- assertThat(findRuleInCweByYear(cwe2020, "119")).isNotNull()
- .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
- SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
- SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
- .containsExactlyInAnyOrder(2L, 0L, 0L);
- assertThat(findRuleInCweByYear(cwe2020, "89")).isNotNull()
- .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
- SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
- SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
- .containsExactlyInAnyOrder(0L, 1L, 0L);
- assertThat(findRuleInCweByYear(cwe2020, "862")).isNotNull()
- .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
- SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
- SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
- .containsExactlyInAnyOrder(1L, 0L, 0L);
- assertThat(findRuleInCweByYear(cwe2020, "999")).isNull();
+ assertThat(listOfYears).contains("2021", "2022", "2023");
SecurityStandardCategoryStatistics cwe2021 = cweTop25Reports.stream()
.filter(s -> s.getCategory().equals("2021"))
@@ -728,6 +707,26 @@ public class IssueIndexSecurityReportsTest extends IssueIndexTestCommon {
assertThat(findRuleInCweByYear(cwe2022, "295")).isNull();
assertThat(findRuleInCweByYear(cwe2022, "999")).isNull();
+ SecurityStandardCategoryStatistics cwe2023 = cweTop25Reports.stream()
+ .filter(s -> s.getCategory().equals("2023"))
+ .findAny().get();
+ assertThat(cwe2023.getChildren()).hasSize(25);
+ assertThat(findRuleInCweByYear(cwe2023, "119")).isNotNull()
+ .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
+ SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
+ SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
+ .containsExactlyInAnyOrder(2L, 0L, 0L);
+ assertThat(findRuleInCweByYear(cwe2023, "89")).isNotNull()
+ .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
+ SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
+ SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
+ .containsExactlyInAnyOrder(0L, 1L, 0L);
+ assertThat(findRuleInCweByYear(cwe2023, "862")).isNotNull()
+ .extracting(SecurityStandardCategoryStatistics::getVulnerabilities,
+ SecurityStandardCategoryStatistics::getToReviewSecurityHotspots,
+ SecurityStandardCategoryStatistics::getReviewedSecurityHotspots)
+ .containsExactlyInAnyOrder(1L, 0L, 0L);
+ assertThat(findRuleInCweByYear(cwe2023, "999")).isNull();
}
private SecurityStandardCategoryStatistics findRuleInCweByYear(SecurityStandardCategoryStatistics statistics, String cweId) {