SONAR-16374 - Load extra Taint Repositories from Configuration

author: Belen Pruvost <belen.pruvost@sonarsource.com> 2022-07-20 15:18:09 +0200
committer: sonartech <sonartech@sonarsource.com> 2022-07-25 20:03:58 +0000
commit: bc71c9ba2b296d0fe7531be7d71ddcb5a489d873 (patch)
tree: c36a91cf14cf3e73d47ee6b70c19fbbd20b57898 /server
parent: acbd890b2e9e8cd7bd23c562026ba2f54c317af8 (diff)
download: sonarqube-bc71c9ba2b296d0fe7531be7d71ddcb5a489d873.tar.gz
sonarqube-bc71c9ba2b296d0fe7531be7d71ddcb5a489d873.zip
10 files changed, 99 insertions, 35 deletions
diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/container/ProjectAnalysisTaskContainerPopulator.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/container/ProjectAnalysisTaskContainerPopulator.java
index 42489f15c13..5e18e706cd3 100644
--- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/container/ProjectAnalysisTaskContainerPopulator.java
+++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/container/ProjectAnalysisTaskContainerPopulator.java
@@ -151,6 +151,7 @@ import org.sonar.ce.task.step.ComputationSteps;
 import org.sonar.ce.task.taskprocessor.MutableTaskResultHolderImpl;
 import org.sonar.core.issue.tracking.Tracker;
 import org.sonar.core.platform.ContainerPopulator;
+import org.sonar.server.issue.TaintChecker;
 import org.sonar.server.setting.ProjectConfigurationLoaderImpl;
 import org.sonar.server.view.index.ViewIndex;
 
diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/pushevent/TaintVulnerabilityVisitor.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/pushevent/TaintVulnerabilityVisitor.java
index d64e8925b66..0544cd9e424 100644
--- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/pushevent/TaintVulnerabilityVisitor.java
+++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/pushevent/TaintVulnerabilityVisitor.java
@@ -39,12 +39,15 @@ public class TaintVulnerabilityVisitor extends IssueVisitor {
 
   private final PushEventRepository pushEventRepository;
   private final AnalysisMetadataHolder analysisMetadataHolder;
+  private final TaintChecker taintChecker;
   private final TreeRootHolder treeRootHolder;
 
   public TaintVulnerabilityVisitor(PushEventRepository pushEventRepository,
-    AnalysisMetadataHolder analysisMetadataHolder, TreeRootHolder treeRootHolder) {
+    AnalysisMetadataHolder analysisMetadataHolder, TaintChecker taintChecker,
+    TreeRootHolder treeRootHolder) {
     this.pushEventRepository = pushEventRepository;
     this.analysisMetadataHolder = analysisMetadataHolder;
+    this.taintChecker = taintChecker;
     this.treeRootHolder = treeRootHolder;
   }
 
@@ -116,8 +119,8 @@ public class TaintVulnerabilityVisitor extends IssueVisitor {
     return textRange;
   }
 
-  private static boolean isTaintVulnerability(DefaultIssue issue) {
-    return TaintChecker.getTaintRepositories().contains(issue.getRuleKey().repository())
+  private boolean isTaintVulnerability(DefaultIssue issue) {
+    return taintChecker.getTaintRepositories().contains(issue.getRuleKey().repository())
       && issue.getLocations() != null
       && !RuleType.SECURITY_HOTSPOT.equals(issue.type());
   }
diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/pushevent/TaintVulnerabilityVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/pushevent/TaintVulnerabilityVisitorTest.java
index ca588186539..a48c7cbb31c 100644
--- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/pushevent/TaintVulnerabilityVisitorTest.java
+++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/pushevent/TaintVulnerabilityVisitorTest.java
@@ -20,6 +20,8 @@
 package org.sonar.ce.task.projectanalysis.pushevent;
 
 import java.util.Date;
+import java.util.List;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.mockito.ArgumentMatcher;
@@ -37,23 +39,33 @@ import org.sonar.ce.task.projectanalysis.component.ReportComponent;
 import org.sonar.core.issue.DefaultIssue;
 import org.sonar.db.protobuf.DbCommons;
 import org.sonar.db.protobuf.DbIssues;
+import org.sonar.server.issue.TaintChecker;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 public class TaintVulnerabilityVisitorTest {
 
   private final PushEventRepository repositoryMock = mock(PushEventRepository.class);
+  private final TaintChecker taintChecker = mock(TaintChecker.class);
   @Rule
   public MutableTreeRootHolderRule treeRootHolder = new MutableTreeRootHolderRule();
   @Rule
   public AnalysisMetadataHolderRule analysisMetadataHolder = new AnalysisMetadataHolderRule()
     .setBranch(new TestBranch("develop"));
 
-  private final TaintVulnerabilityVisitor underTest = new TaintVulnerabilityVisitor(repositoryMock, analysisMetadataHolder, treeRootHolder);
+  private final TaintVulnerabilityVisitor underTest = new TaintVulnerabilityVisitor(repositoryMock, analysisMetadataHolder,
+    taintChecker, treeRootHolder);
+
+  @Before
+  public void setUp() {
+    when(taintChecker.getTaintRepositories()).thenReturn(List.of("roslyn.sonaranalyzer.security.cs",
+      "javasecurity", "jssecurity", "tssecurity", "phpsecurity", "pythonsecurity"));
+  }
 
   @Test
   public void add_event_to_repository_if_taint_vulnerability_is_new() {
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java
index ed591a9127d..c35dbed3bc0 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/TaintChecker.java
@@ -19,53 +19,73 @@
  */
 package org.sonar.server.issue;
 
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
 import org.jetbrains.annotations.NotNull;
+import org.sonar.api.config.Configuration;
 import org.sonar.db.issue.IssueDto;
 
 public class TaintChecker {
+  protected static final String EXTRA_TAINT_REPOSITORIES = "sonar.issues.taint.extra.repositories";
 
-  private static final List<String> TAINT_REPOSITORIES = List.of("roslyn.sonaranalyzer.security.cs", "javasecurity", "jssecurity", "tssecurity", "phpsecurity", "pythonsecurity");
+  private final Configuration config;
 
-  private TaintChecker() {
-    throw new IllegalStateException("Utility class, cannot be instantiated.");
+  private final List<String> taintRepositories;
+
+  public TaintChecker(Configuration config) {
+    this.config = config;
+    this.taintRepositories = initializeRepositories();
   }
 
-  public static List<IssueDto> getTaintIssuesOnly(List<IssueDto> issues) {
+  public List<IssueDto> getTaintIssuesOnly(List<IssueDto> issues) {
     return filterTaintIssues(issues, true);
   }
 
-  public static List<IssueDto> getStandardIssuesOnly(List<IssueDto> issues) {
+  public List<IssueDto> getStandardIssuesOnly(List<IssueDto> issues) {
     return filterTaintIssues(issues, false);
   }
 
-  public static Map<Boolean, List<IssueDto>> mapIssuesByTaintStatus(List<IssueDto> issues) {
+  public Map<Boolean, List<IssueDto>> mapIssuesByTaintStatus(List<IssueDto> issues) {
     Map<Boolean, List<IssueDto>> issuesMap = new HashMap<>();
     issuesMap.put(true, getTaintIssuesOnly(issues));
     issuesMap.put(false, getStandardIssuesOnly(issues));
     return issuesMap;
   }
 
-  private static List<IssueDto> filterTaintIssues(List<IssueDto> issues, boolean returnTaint) {
+  private List<IssueDto> filterTaintIssues(List<IssueDto> issues, boolean returnTaint) {
     return issues.stream()
       .filter(getTaintIssueFilter(returnTaint))
       .collect(Collectors.toList());
   }
 
   @NotNull
-  private static Predicate<IssueDto> getTaintIssueFilter(boolean returnTaint) {
+  private Predicate<IssueDto> getTaintIssueFilter(boolean returnTaint) {
     if (returnTaint) {
-      return issueDto -> TAINT_REPOSITORIES.contains(issueDto.getRuleRepo());
+      return issueDto -> taintRepositories.contains(issueDto.getRuleRepo());
     }
-    return issueDto -> !TAINT_REPOSITORIES.contains(issueDto.getRuleRepo());
+    return issueDto -> !taintRepositories.contains(issueDto.getRuleRepo());
+  }
+
+  public List<String> getTaintRepositories() {
+    return taintRepositories;
   }
 
-  public static List<String> getTaintRepositories() {
-    return TAINT_REPOSITORIES;
+  private List<String> initializeRepositories() {
+    List<String> repositories = new ArrayList<>(List.of("roslyn.sonaranalyzer.security.cs",
+      "javasecurity", "jssecurity", "tssecurity", "phpsecurity", "pythonsecurity"));
+
+    if (!config.hasKey(EXTRA_TAINT_REPOSITORIES)) {
+      return repositories;
+    }
+
+    repositories.addAll(Arrays.stream(config.getStringArray(EXTRA_TAINT_REPOSITORIES)).collect(Collectors.toList()));
+
+    return repositories;
   }
 
 }
diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java
index 7da4d7a26ee..637829ec3d4 100644
--- a/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java
+++ b/server/sonar-server-common/src/test/java/org/sonar/server/issue/TaintCheckerTest.java
@@ -23,19 +23,21 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import org.junit.Test;
+import org.sonar.api.config.Configuration;
 import org.sonar.db.issue.IssueDto;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.sonar.server.issue.TaintChecker.getStandardIssuesOnly;
-import static org.sonar.server.issue.TaintChecker.getTaintIssuesOnly;
-import static org.sonar.server.issue.TaintChecker.mapIssuesByTaintStatus;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.sonar.server.issue.TaintChecker.EXTRA_TAINT_REPOSITORIES;
 
 public class TaintCheckerTest {
+  private final Configuration configuration = mock(Configuration.class);
+  private final TaintChecker underTest = new TaintChecker(configuration);
 
   @Test
   public void test_getTaintIssuesOnly() {
-
-    List<IssueDto> taintIssues = getTaintIssuesOnly(getIssues());
+    List<IssueDto> taintIssues = underTest.getTaintIssuesOnly(getIssues());
 
     assertThat(taintIssues).hasSize(6);
     assertThat(taintIssues.get(0).getKey()).isEqualTo("taintIssue1");
@@ -44,13 +46,12 @@ public class TaintCheckerTest {
     assertThat(taintIssues.get(3).getKey()).isEqualTo("taintIssue4");
     assertThat(taintIssues.get(4).getKey()).isEqualTo("taintIssue5");
     assertThat(taintIssues.get(5).getKey()).isEqualTo("taintIssue6");
-
   }
 
   @Test
   public void test_getStandardIssuesOnly() {
 
-    List<IssueDto> standardIssues = getStandardIssuesOnly(getIssues());
+    List<IssueDto> standardIssues = underTest.getStandardIssuesOnly(getIssues());
 
     assertThat(standardIssues).hasSize(3);
     assertThat(standardIssues.get(0).getKey()).isEqualTo("standardIssue1");
@@ -60,7 +61,7 @@ public class TaintCheckerTest {
 
   @Test
   public void test_mapIssuesByTaintStatus() {
-    Map<Boolean, List<IssueDto>> issuesByTaintStatus = mapIssuesByTaintStatus(getIssues());
+    Map<Boolean, List<IssueDto>> issuesByTaintStatus = underTest.mapIssuesByTaintStatus(getIssues());
 
     assertThat(issuesByTaintStatus.keySet()).hasSize(2);
     assertThat(issuesByTaintStatus.get(true)).hasSize(6);
@@ -80,12 +81,23 @@ public class TaintCheckerTest {
 
   @Test
   public void test_getTaintRepositories() {
-    assertThat(TaintChecker.getTaintRepositories())
+    assertThat(underTest.getTaintRepositories())
       .hasSize(6)
       .containsExactlyInAnyOrder("roslyn.sonaranalyzer.security.cs", "javasecurity", "jssecurity",
         "tssecurity", "phpsecurity", "pythonsecurity");
   }
 
+  @Test
+  public void test_getTaintRepositories_withExtraReposFromConfiguration() {
+    when(configuration.hasKey(EXTRA_TAINT_REPOSITORIES)).thenReturn(true);
+    when(configuration.getStringArray(EXTRA_TAINT_REPOSITORIES)).thenReturn(new String[]{"extra-1", "extra-2"});
+    TaintChecker underTest = new TaintChecker(configuration);
+    assertThat(underTest.getTaintRepositories())
+      .hasSize(8)
+      .containsExactlyInAnyOrder("roslyn.sonaranalyzer.security.cs", "javasecurity", "jssecurity",
+        "tssecurity", "phpsecurity", "pythonsecurity", "extra-1", "extra-2");
+  }
+
   private List<IssueDto> getIssues() {
     List<IssueDto> issues = new ArrayList<>();
 
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/IssueWsModule.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/IssueWsModule.java
index 815edbec1b8..37b3a53adbb 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/IssueWsModule.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/IssueWsModule.java
@@ -24,6 +24,7 @@ import org.sonar.server.issue.AvatarResolverImpl;
 import org.sonar.server.issue.IssueChangeWSSupport;
 import org.sonar.server.issue.IssueFieldsSetter;
 import org.sonar.server.issue.IssueFinder;
+import org.sonar.server.issue.TaintChecker;
 import org.sonar.server.issue.TextRangeResponseFormatter;
 import org.sonar.server.issue.TransitionService;
 import org.sonar.server.issue.WebIssueStorage;
@@ -70,6 +71,7 @@ public class IssueWsModule extends Module {
       ChangelogAction.class,
       BulkChangeAction.class,
       QGChangeEventListenersImpl.class,
+      TaintChecker.class,
       PullAction.class,
       PullTaintAction.class,
       PullActionResponseWriter.class,
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/PullAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/PullAction.java
index 52aa0b61608..234fd8eef53 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/PullAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/PullAction.java
@@ -44,12 +44,14 @@ public class PullAction extends BasePullAction {
   private static final String SINCE_VERSION = "9.5";
 
   private final DbClient dbClient;
+  private final TaintChecker taintChecker;
 
   public PullAction(System2 system2, ComponentFinder componentFinder, DbClient dbClient, UserSession userSession,
-    PullActionProtobufObjectGenerator protobufObjectGenerator) {
+    PullActionProtobufObjectGenerator protobufObjectGenerator, TaintChecker taintChecker) {
     super(system2, componentFinder, dbClient, userSession, protobufObjectGenerator, ACTION_PULL,
       ISSUE_TYPE, REPOSITORY_EXAMPLE, SINCE_VERSION, RESOURCE_EXAMPLE);
     this.dbClient = dbClient;
+    this.taintChecker = taintChecker;
   }
 
   @Override
@@ -59,12 +61,12 @@ public class PullAction extends BasePullAction {
 
       if (changedSinceDate.isPresent()) {
         return dbClient.issueDao().selectIssueKeysByComponentUuidAndChangedSinceDate(dbSession, issueQueryParams.getBranchUuid(),
-          changedSinceDate.get(), issueQueryParams.getRuleRepositories(), TaintChecker.getTaintRepositories(),
+          changedSinceDate.get(), issueQueryParams.getRuleRepositories(), taintChecker.getTaintRepositories(),
           issueQueryParams.getLanguages(), issueQueryParams.isResolvedOnly());
       }
 
       return dbClient.issueDao().selectIssueKeysByComponentUuid(dbSession, issueQueryParams.getBranchUuid(),
-        issueQueryParams.getRuleRepositories(), TaintChecker.getTaintRepositories(),
+        issueQueryParams.getRuleRepositories(), taintChecker.getTaintRepositories(),
         issueQueryParams.getLanguages(), issueQueryParams.isResolvedOnly(), true);
     }
   }
@@ -72,7 +74,7 @@ public class PullAction extends BasePullAction {
   @Override
   protected IssueQueryParams initializeQueryParams(BranchDto branchDto, @Nullable List<String> languages,
     @Nullable List<String> ruleRepositories, boolean resolvedOnly, @Nullable Long changedSince) {
-    return new IssueQueryParams(branchDto.getUuid(), languages, ruleRepositories, TaintChecker.getTaintRepositories(), resolvedOnly, changedSince);
+    return new IssueQueryParams(branchDto.getUuid(), languages, ruleRepositories, taintChecker.getTaintRepositories(), resolvedOnly, changedSince);
   }
 
 
@@ -80,7 +82,7 @@ public class PullAction extends BasePullAction {
   protected void validateRuleRepositories(List<String> ruleRepositories) {
     checkArgument(ruleRepositories
       .stream()
-      .filter(TaintChecker.getTaintRepositories()::contains)
+      .filter(taintChecker.getTaintRepositories()::contains)
       .count() == 0, "Incorrect rule repositories list: it should only include repositories that define Issues, and no Taint Vulnerabilities");
 
   }
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/PullTaintAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/PullTaintAction.java
index 5c1e1f8faa7..218fcfb873c 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/PullTaintAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/PullTaintAction.java
@@ -43,12 +43,14 @@ public class PullTaintAction extends BasePullAction {
   private static final String SINCE_VERSION = "9.6";
 
   private final DbClient dbClient;
+  private final TaintChecker taintChecker;
 
   public PullTaintAction(System2 system2, ComponentFinder componentFinder, DbClient dbClient, UserSession userSession,
-    PullTaintActionProtobufObjectGenerator protobufObjectGenerator) {
+    PullTaintActionProtobufObjectGenerator protobufObjectGenerator, TaintChecker taintChecker) {
     super(system2, componentFinder, dbClient, userSession, protobufObjectGenerator, ACTION_PULL_TAINT,
       ISSUE_TYPE, "", SINCE_VERSION, RESOURCE_EXAMPLE);
     this.dbClient = dbClient;
+    this.taintChecker = taintChecker;
   }
 
   @Override
@@ -73,7 +75,7 @@ public class PullTaintAction extends BasePullAction {
   @Override
   protected IssueQueryParams initializeQueryParams(BranchDto branchDto, @Nullable List<String> languages,
     @Nullable List<String> ruleRepositories, boolean resolvedOnly, @Nullable Long changedSince) {
-    return new IssueQueryParams(branchDto.getUuid(), languages, TaintChecker.getTaintRepositories(), emptyList(), resolvedOnly, changedSince);
+    return new IssueQueryParams(branchDto.getUuid(), languages, taintChecker.getTaintRepositories(), emptyList(), resolvedOnly, changedSince);
   }
 
   @Override
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/PullActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/PullActionTest.java
index 699b06e4f91..2c2769ae308 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/PullActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/PullActionTest.java
@@ -42,6 +42,7 @@ import org.sonar.db.user.UserDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.issue.TaintChecker;
 import org.sonar.server.issue.ws.pull.PullActionProtobufObjectGenerator;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestRequest;
@@ -75,6 +76,7 @@ public class PullActionTest {
   public DbTester db = DbTester.create(System2.INSTANCE);
 
   private final System2 system2 = mock(System2.class);
+  private final TaintChecker taintChecker = mock(TaintChecker.class);
   private final PullActionProtobufObjectGenerator pullActionProtobufObjectGenerator = new PullActionProtobufObjectGenerator();
 
   private final ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
@@ -83,7 +85,8 @@ public class PullActionTest {
   private final IssueDbTester issueDbTester = new IssueDbTester(db);
   private final ComponentDbTester componentDbTester = new ComponentDbTester(db);
 
-  private final PullAction underTest = new PullAction(system2, componentFinder, db.getDbClient(), userSession, pullActionProtobufObjectGenerator);
+  private final PullAction underTest = new PullAction(system2, componentFinder, db.getDbClient(), userSession,
+    pullActionProtobufObjectGenerator, taintChecker);
   private final WsActionTester tester = new WsActionTester(underTest);
 
   private RuleDto correctRule, incorrectRule;
@@ -100,6 +103,9 @@ public class PullActionTest {
     incorrectRule = db.rules().insertIssueRule();
     incorrectProject = db.components().insertPrivateProject();
     incorrectFile = db.components().insertComponent(newFileDto(incorrectProject));
+
+    when(taintChecker.getTaintRepositories()).thenReturn(List.of("roslyn.sonaranalyzer.security.cs",
+      "javasecurity", "jssecurity", "tssecurity", "phpsecurity", "pythonsecurity"));
   }
 
   @Test
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/PullTaintActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/PullTaintActionTest.java
index 8cd49e768e9..36837d49920 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/PullTaintActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/PullTaintActionTest.java
@@ -43,6 +43,7 @@ import org.sonar.db.user.UserDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.issue.TaintChecker;
 import org.sonar.server.issue.ws.pull.PullTaintActionProtobufObjectGenerator;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestRequest;
@@ -75,13 +76,15 @@ public class PullTaintActionTest {
   public DbTester db = DbTester.create(System2.INSTANCE);
 
   private final System2 system2 = mock(System2.class);
+  private final TaintChecker taintChecker = mock(TaintChecker.class);
   private final ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
   private final ComponentFinder componentFinder = new ComponentFinder(db.getDbClient(), resourceTypes);
   private final IssueDbTester issueDbTester = new IssueDbTester(db);
   private final ComponentDbTester componentDbTester = new ComponentDbTester(db);
 
   private PullTaintActionProtobufObjectGenerator objectGenerator = new PullTaintActionProtobufObjectGenerator(db.getDbClient(), userSession);
-  private PullTaintAction underTest = new PullTaintAction(system2, componentFinder, db.getDbClient(), userSession, objectGenerator);
+  private PullTaintAction underTest = new PullTaintAction(system2, componentFinder, db.getDbClient(), userSession,
+    objectGenerator, taintChecker);
   private WsActionTester tester = new WsActionTester(underTest);
 
   private RuleDto correctRule, incorrectRule;
@@ -102,7 +105,8 @@ public class PullTaintActionTest {
     incorrectProject = db.components().insertPrivateProject();
     incorrectFile = db.components().insertComponent(newFileDto(incorrectProject));
 
-
+    when(taintChecker.getTaintRepositories()).thenReturn(List.of("roslyn.sonaranalyzer.security.cs",
+      "javasecurity", "jssecurity", "tssecurity", "phpsecurity", "pythonsecurity"));
   }
 
   @Test
author	Belen Pruvost <belen.pruvost@sonarsource.com>	2022-07-20 15:18:09 +0200
committer	sonartech <sonartech@sonarsource.com>	2022-07-25 20:03:58 +0000
commit	bc71c9ba2b296d0fe7531be7d71ddcb5a489d873 (patch)
tree	c36a91cf14cf3e73d47ee6b70c19fbbd20b57898 /server
parent	acbd890b2e9e8cd7bd23c562026ba2f54c317af8 (diff)
download	sonarqube-bc71c9ba2b296d0fe7531be7d71ddcb5a489d873.tar.gz sonarqube-bc71c9ba2b296d0fe7531be7d71ddcb5a489d873.zip