SONAR-14682 - Make webhook validation configurable

author: Belen Pruvost <belen.pruvost@sonarsource.com> 2021-04-29 17:30:41 +0200
committer: sonartech <sonartech@sonarsource.com> 2021-04-29 20:03:32 +0000
commit: 7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1 (patch)
tree: efc2128a8f3ad840fdaac8ea3f2b7766ec9cea01 /sonar-core
parent: d62debd109bd54064ee87ab513886958b0e58b48 (diff)
download: sonarqube-7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1.tar.gz
sonarqube-7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1.zip
2 files changed, 23 insertions, 8 deletions
diff --git a/sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java b/sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java
index e9e20c59335..225731cd74a 100644
--- a/sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java
+++ b/sonar-core/src/main/java/org/sonar/core/config/SecurityProperties.java
@@ -20,11 +20,17 @@
 package org.sonar.core.config;
 
 import java.util.List;
-import org.sonar.api.CoreProperties;
 import org.sonar.api.PropertyType;
 import org.sonar.api.config.PropertyDefinition;
 
 import static java.util.Arrays.asList;
+import static org.sonar.api.CoreProperties.CATEGORY_SECURITY;
+import static org.sonar.api.CoreProperties.CORE_ALLOW_PERMISSION_MANAGEMENT_FOR_PROJECT_ADMINS_DEFAULT_VALUE;
+import static org.sonar.api.CoreProperties.CORE_ALLOW_PERMISSION_MANAGEMENT_FOR_PROJECT_ADMINS_PROPERTY;
+import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE;
+import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY;
+import static org.sonar.api.CoreProperties.SONAR_VALIDATE_WEBHOOKS_DEFAULT_VALUE;
+import static org.sonar.api.CoreProperties.SONAR_VALIDATE_WEBHOOKS_PROPERTY;
 
 class SecurityProperties {
 
@@ -34,24 +40,33 @@ class SecurityProperties {
 
   static List<PropertyDefinition> all() {
     return asList(
-      PropertyDefinition.builder(CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY)
-        .defaultValue(Boolean.toString(CoreProperties.CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE))
+      PropertyDefinition.builder(CORE_FORCE_AUTHENTICATION_PROPERTY)
+        .defaultValue(Boolean.toString(CORE_FORCE_AUTHENTICATION_DEFAULT_VALUE))
         .name("Force user authentication")
         .description(
           "Forcing user authentication prevents anonymous users from accessing the SonarQube UI, or project data via the Web API. "
             + "Some specific read-only Web APIs, including those required to prompt authentication, are still available anonymously."
             + "<br><strong>Disabling this setting can expose the instance to security risks.</strong>")
         .type(PropertyType.BOOLEAN)
-        .category(CoreProperties.CATEGORY_SECURITY)
+        .category(CATEGORY_SECURITY)
         .build(),
-      PropertyDefinition.builder(CoreProperties.CORE_ALLOW_PERMISSION_MANAGEMENT_FOR_PROJECT_ADMINS_PROPERTY)
-        .defaultValue(Boolean.toString(CoreProperties.CORE_ALLOW_PERMISSION_MANAGEMENT_FOR_PROJECT_ADMINS_DEFAULT_VALUE))
+      PropertyDefinition.builder(CORE_ALLOW_PERMISSION_MANAGEMENT_FOR_PROJECT_ADMINS_PROPERTY)
+        .defaultValue(Boolean.toString(CORE_ALLOW_PERMISSION_MANAGEMENT_FOR_PROJECT_ADMINS_DEFAULT_VALUE))
         .name("Enable permission management for project administrators")
         .description(
           "Set if users with 'Administer' role in a project should be allowed to change project permissions. By default users with 'Administer' " +
             "role are allowed to change both project configuration and project permissions.")
         .type(PropertyType.BOOLEAN)
-        .category(CoreProperties.CATEGORY_SECURITY)
+        .category(CATEGORY_SECURITY)
+        .build(),
+      PropertyDefinition.builder(SONAR_VALIDATE_WEBHOOKS_PROPERTY)
+        .defaultValue(Boolean.toString(SONAR_VALIDATE_WEBHOOKS_DEFAULT_VALUE))
+        .name("Enable local webhooks validation")
+        .description(
+          "Forcing local webhooks validation prevents the creation and triggering of local webhooks"
+            + "<br><strong>Disabling this setting can expose the instance to security risks.</strong>")
+        .type(PropertyType.BOOLEAN)
+        .category(CATEGORY_SECURITY)
         .build()
     );
 
diff --git a/sonar-core/src/test/java/org/sonar/core/config/CorePropertyDefinitionsTest.java b/sonar-core/src/test/java/org/sonar/core/config/CorePropertyDefinitionsTest.java
index 0079520e18f..b098ef95616 100644
--- a/sonar-core/src/test/java/org/sonar/core/config/CorePropertyDefinitionsTest.java
+++ b/sonar-core/src/test/java/org/sonar/core/config/CorePropertyDefinitionsTest.java
@@ -30,7 +30,7 @@ public class CorePropertyDefinitionsTest {
   @Test
   public void all() {
     List<PropertyDefinition> defs = CorePropertyDefinitions.all();
-    assertThat(defs).hasSize(56);
+    assertThat(defs).hasSize(57);
   }
 
   @Test
author	Belen Pruvost <belen.pruvost@sonarsource.com>	2021-04-29 17:30:41 +0200
committer	sonartech <sonartech@sonarsource.com>	2021-04-29 20:03:32 +0000
commit	7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1 (patch)
tree	efc2128a8f3ad840fdaac8ea3f2b7766ec9cea01 /sonar-core
parent	d62debd109bd54064ee87ab513886958b0e58b48 (diff)
download	sonarqube-7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1.tar.gz sonarqube-7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1.zip