SONAR-10300 Forbid system properties in api/settings

author: Julien Lancelot <julien.lancelot@sonarsource.com> 2018-02-01 13:36:29 +0100
committer: GitHub <noreply@github.com> 2018-02-01 13:36:29 +0100
commit: e737a37b28a2504aa1a6387606841afd776f2fef (patch)
tree: 2ffc650ac5c2e4d3f22621a837db9e8304f1a04b /sonar-core
parent: 39f671dce022e19460606d9639f3727493a1faf2 (diff)
download: sonarqube-e737a37b28a2504aa1a6387606841afd776f2fef.tar.gz
sonarqube-e737a37b28a2504aa1a6387606841afd776f2fef.zip
6 files changed, 1 insertions, 175 deletions
diff --git a/sonar-core/src/main/java/org/sonar/core/config/CorePropertyDefinitions.java b/sonar-core/src/main/java/org/sonar/core/config/CorePropertyDefinitions.java
index d95e51088b3..e7d215f8296 100644
--- a/sonar-core/src/main/java/org/sonar/core/config/CorePropertyDefinitions.java
+++ b/sonar-core/src/main/java/org/sonar/core/config/CorePropertyDefinitions.java
@@ -29,7 +29,6 @@ import org.sonar.api.resources.Qualifiers;
 
 import static java.util.Arrays.asList;
 import static org.sonar.api.PropertyType.BOOLEAN;
-import static org.sonar.api.database.DatabaseProperties.PROP_PASSWORD;
 
 public class CorePropertyDefinitions {
 
@@ -62,15 +61,9 @@ public class CorePropertyDefinitions {
     defs.addAll(PurgeProperties.all());
     defs.addAll(EmailSettings.definitions());
     defs.addAll(WebhookProperties.all());
-    defs.addAll(TelemetryProperties.all());
     defs.addAll(ScannerProperties.all());
-    defs.addAll(WebProperties.all());
 
     defs.addAll(asList(
-      PropertyDefinition.builder(PROP_PASSWORD)
-        .type(PropertyType.PASSWORD)
-        .hidden()
-        .build(),
       PropertyDefinition.builder(CoreProperties.SERVER_BASE_URL)
         .name("Server base URL")
         .description("HTTP URL of this SonarQube server, such as <i>http://yourhost.yourdomain/sonar</i>. This value is used i.e. to create links in emails.")
@@ -125,10 +118,6 @@ public class CorePropertyDefinitions {
         .category(CoreProperties.CATEGORY_GENERAL)
         .defaultValue(String.valueOf(false))
         .build(),
-      PropertyDefinition.builder(CoreProperties.CORE_AUTHENTICATOR_REALM)
-        .name("Security Realm")
-        .hidden()
-        .build(),
       PropertyDefinition.builder("sonar.authenticator.downcase")
         .name("Downcase login")
         .description("Downcase login during user authentication, typically for Active Directory")
@@ -136,12 +125,6 @@ public class CorePropertyDefinitions {
         .defaultValue(String.valueOf(false))
         .hidden()
         .build(),
-      PropertyDefinition.builder(CoreProperties.CORE_AUTHENTICATOR_IGNORE_STARTUP_FAILURE)
-        .name("Ignore failures during authenticator startup")
-        .type(BOOLEAN)
-        .defaultValue(String.valueOf(false))
-        .hidden()
-        .build(),
       PropertyDefinition.builder(DISABLE_NOTIFICATION_ON_BUILT_IN_QPROFILES)
         .name("Avoid quality profiles notification")
         .description("Avoid sending email notification on each update of built-in quality profiles to quality profile administrators.")
diff --git a/sonar-core/src/main/java/org/sonar/core/config/TelemetryProperties.java b/sonar-core/src/main/java/org/sonar/core/config/TelemetryProperties.java
deleted file mode 100644
index ff0dd1ebfa7..00000000000
--- a/sonar-core/src/main/java/org/sonar/core/config/TelemetryProperties.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2018 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-package org.sonar.core.config;
-
-import com.google.common.collect.ImmutableList;
-import java.util.List;
-import org.sonar.api.PropertyType;
-import org.sonar.api.config.PropertyDefinition;
-
-public class TelemetryProperties {
-
-  public static final String PROP_ENABLE = "sonar.telemetry.enable";
-  public static final String PROP_FREQUENCY = "sonar.telemetry.frequencyInSeconds";
-  public static final String PROP_URL = "sonar.telemetry.url";
-
-  private TelemetryProperties() {
-    // only static stuff
-  }
-
-  public static List<PropertyDefinition> all() {
-    return ImmutableList.of(
-      PropertyDefinition.builder(PROP_ENABLE)
-        .defaultValue(Boolean.toString(true))
-        .type(PropertyType.BOOLEAN)
-        .name("Share SonarQube statistics")
-        .description("By sharing anonymous SonarQube statistics, you help us understand how SonarQube is used so we can improve the plugin to work even better for you. " +
-          "We don't collect source code or IP addresses. And we don't share the data with anyone else.")
-        .hidden()
-        .build(),
-      PropertyDefinition.builder(PROP_FREQUENCY)
-        // 6 hours in seconds
-        .defaultValue("21600")
-        .type(PropertyType.INTEGER)
-        .name("Frequency of telemetry checks, in seconds")
-        .hidden()
-        .build(),
-      PropertyDefinition.builder(PROP_URL)
-        .defaultValue("https://telemetry.sonarsource.com/sonarqube")
-        .type(PropertyType.STRING)
-        .name("URL where telemetry data is sent")
-        .hidden()
-        .build()
-    );
-
-  }
-}
diff --git a/sonar-core/src/main/java/org/sonar/core/config/WebConstants.java b/sonar-core/src/main/java/org/sonar/core/config/WebConstants.java
index 7dea57429f9..3465ef12951 100644
--- a/sonar-core/src/main/java/org/sonar/core/config/WebConstants.java
+++ b/sonar-core/src/main/java/org/sonar/core/config/WebConstants.java
@@ -29,8 +29,6 @@ public final class WebConstants {
   public static final String SONAR_LF_LOGO_URL = "sonar.lf.logoUrl";
   public static final String SONAR_LF_LOGO_WIDTH_PX = "sonar.lf.logoWidthPx";
   public static final String SONAR_LF_ABOUT_TEXT = "sonar.lf.aboutText";
-  public static final String SONAR_UPDATECENTER_ACTIVATE = "sonar.updatecenter.activate";
-  public static final String SONARCLOUD_ENABLED = "sonar.sonarcloud.enabled";
 
   private WebConstants() {
   }
diff --git a/sonar-core/src/main/java/org/sonar/core/config/WebProperties.java b/sonar-core/src/main/java/org/sonar/core/config/WebProperties.java
deleted file mode 100644
index c457b536f93..00000000000
--- a/sonar-core/src/main/java/org/sonar/core/config/WebProperties.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2018 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-package org.sonar.core.config;
-
-import java.util.List;
-import org.sonar.api.PropertyType;
-import org.sonar.api.config.PropertyDefinition;
-
-import static java.util.Arrays.asList;
-
-public final class WebProperties {
-
-  private WebProperties() {
-  }
-
-  public static List<PropertyDefinition> all() {
-    return asList(
-      PropertyDefinition.builder(WebConstants.SONARCLOUD_ENABLED)
-        .defaultValue("false")
-        .name("Enable SonarCloud look&feel")
-        .type(PropertyType.BOOLEAN)
-        .hidden()
-        .build());
-  }
-}
diff --git a/sonar-core/src/test/java/org/sonar/core/config/CorePropertyDefinitionsTest.java b/sonar-core/src/test/java/org/sonar/core/config/CorePropertyDefinitionsTest.java
index 1bf45f65267..2be463f4364 100644
--- a/sonar-core/src/test/java/org/sonar/core/config/CorePropertyDefinitionsTest.java
+++ b/sonar-core/src/test/java/org/sonar/core/config/CorePropertyDefinitionsTest.java
@@ -20,28 +20,17 @@
 package org.sonar.core.config;
 
 import java.util.List;
-import java.util.Optional;
 import org.junit.Test;
-import org.sonar.api.PropertyType;
 import org.sonar.api.config.PropertyDefinition;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.sonar.api.database.DatabaseProperties.PROP_PASSWORD;
 
 public class CorePropertyDefinitionsTest {
 
   @Test
   public void all() {
     List<PropertyDefinition> defs = CorePropertyDefinitions.all();
-    assertThat(defs).hasSize(67);
-  }
-
-  @Test
-  public void jdbc_password_property_has_password_type() {
-    List<PropertyDefinition> defs = CorePropertyDefinitions.all();
-
-    Optional<PropertyDefinition> prop = defs.stream().filter(def -> PROP_PASSWORD.equals(def.key())).findFirst();
-    assertThat(prop.get().type()).isEqualTo(PropertyType.PASSWORD);
+    assertThat(defs).hasSize(60);
   }
 
   @Test
diff --git a/sonar-core/src/test/java/org/sonar/core/config/TelemetryPropertiesTest.java b/sonar-core/src/test/java/org/sonar/core/config/TelemetryPropertiesTest.java
deleted file mode 100644
index 4e5b41a6525..00000000000
--- a/sonar-core/src/test/java/org/sonar/core/config/TelemetryPropertiesTest.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2018 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-package org.sonar.core.config;
-
-import org.junit.Test;
-import org.sonar.api.config.Configuration;
-import org.sonar.api.config.PropertyDefinitions;
-import org.sonar.api.config.internal.MapSettings;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-public class TelemetryPropertiesTest {
-
-  private Configuration underTest = new MapSettings(new PropertyDefinitions(TelemetryProperties.all())).asConfig();
-
-  @Test
-  public void default_telemetry_properties() {
-    assertThat(underTest.getBoolean("sonar.telemetry.enable")).hasValue(true);
-    assertThat(underTest.getInt("sonar.telemetry.frequencyInSeconds")).hasValue(6 * 60 * 60);
-    assertThat(underTest.get("sonar.telemetry.url")).hasValue("https://telemetry.sonarsource.com/sonarqube");
-  }
-}
author	Julien Lancelot <julien.lancelot@sonarsource.com>	2018-02-01 13:36:29 +0100
committer	GitHub <noreply@github.com>	2018-02-01 13:36:29 +0100
commit	e737a37b28a2504aa1a6387606841afd776f2fef (patch)
tree	2ffc650ac5c2e4d3f22621a837db9e8304f1a04b /sonar-core
parent	39f671dce022e19460606d9639f3727493a1faf2 (diff)
download	sonarqube-e737a37b28a2504aa1a6387606841afd776f2fef.tar.gz sonarqube-e737a37b28a2504aa1a6387606841afd776f2fef.zip