SONAR-10300 Forbid system properties in api/settings

author: Julien Lancelot <julien.lancelot@sonarsource.com> 2018-02-01 13:36:29 +0100
committer: GitHub <noreply@github.com> 2018-02-01 13:36:29 +0100
commit: e737a37b28a2504aa1a6387606841afd776f2fef (patch)
tree: 2ffc650ac5c2e4d3f22621a837db9e8304f1a04b /tests/src
parent: 39f671dce022e19460606d9639f3727493a1faf2 (diff)
download: sonarqube-e737a37b28a2504aa1a6387606841afd776f2fef.tar.gz
sonarqube-e737a37b28a2504aa1a6387606841afd776f2fef.zip
3 files changed, 77 insertions, 24 deletions
diff --git a/tests/src/test/java/org/sonarqube/tests/settings/SettingsTest.java b/tests/src/test/java/org/sonarqube/tests/settings/SettingsTest.java
index 04c4f0ad670..7315c08e484 100644
--- a/tests/src/test/java/org/sonarqube/tests/settings/SettingsTest.java
+++ b/tests/src/test/java/org/sonarqube/tests/settings/SettingsTest.java
@@ -49,6 +49,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.tuple;
 import static org.sonarqube.ws.Settings.Setting;
 import static org.sonarqube.ws.Settings.ValuesWsResponse;
+import static util.ItUtils.expectBadRequestError;
 import static util.ItUtils.newAdminWsClient;
 import static util.ItUtils.newUserWsClient;
 import static util.ItUtils.newWsClient;
@@ -201,6 +202,38 @@ public class SettingsTest {
       .contains(tuple(PLUGIN_SETTING_KEY, "some value"), tuple("hidden", "test"));
   }
 
+  /**
+   * SONAR-10300 Do not allow to use settings defined in sonar.properties in WS api/settings/values
+   */
+  @Test
+  public void infra_properties_are_excluded_from_values_response() {
+    ValuesWsResponse values = adminSettingsService.values(new ValuesRequest());
+
+    assertThat(values.getSettingsList())
+      .extracting(Setting::getKey)
+      .doesNotContain("sonar.jdbc.url", "sonar.jdbc.password", "sonar.web.javaOpts" /* an others */);
+  }
+
+  /**
+   * SONAR-10300 Do not allow to use settings defined in sonar.properties in WS api/settings/values
+   */
+  @Test
+  public void requesting_an_infra_property_is_not_allowed() {
+    ValuesRequest request = new ValuesRequest().setKeys(asList("sonar.jdbc.url"));
+
+    expectBadRequestError(() -> adminSettingsService.values(request));
+  }
+
+  /**
+   * SONAR-10300 Do not allow to use settings defined in sonar.properties in WS api/settings/set
+   */
+  @Test
+  public void values_of_infra_properties_cant_be_changed() {
+    SetRequest request = new SetRequest().setKey("sonar.jdbc.url").setValue("jdbc:h2:foo");
+
+    expectBadRequestError(() -> adminSettingsService.set(request));
+  }
+
   @CheckForNull
   private static Setting getSetting(String key, SettingsService settingsService) {
     ValuesWsResponse response = settingsService.values(new ValuesRequest().setKeys(asList(key)));
diff --git a/tests/src/test/java/org/sonarqube/tests/telemetry/TelemetryOptOutTest.java b/tests/src/test/java/org/sonarqube/tests/telemetry/TelemetryOptOutTest.java
index d524eef68a3..1cd6186184d 100644
--- a/tests/src/test/java/org/sonarqube/tests/telemetry/TelemetryOptOutTest.java
+++ b/tests/src/test/java/org/sonarqube/tests/telemetry/TelemetryOptOutTest.java
@@ -24,7 +24,6 @@ import java.util.Map;
 import java.util.concurrent.TimeUnit;
 import okhttp3.mockwebserver.MockWebServer;
 import okhttp3.mockwebserver.RecordedRequest;
-import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.rules.RuleChain;
@@ -33,32 +32,25 @@ import org.sonarqube.ws.client.GetRequest;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static util.ItUtils.jsonToMap;
-import static util.ItUtils.setServerProperty;
 import static util.ItUtils.xooPlugin;
 
 public class TelemetryOptOutTest {
 
-  @ClassRule
   public static MockWebServer server = new MockWebServer();
 
   private static Orchestrator orchestrator = Orchestrator.builderEnv()
     .addPlugin(xooPlugin())
+    .setServerProperty("sonar.telemetry.enable", "false")
+    .setServerProperty("sonar.telemetry.url", server.url("").toString())
+    .setServerProperty("sonar.telemetry.frequencyInSeconds", "1")
     .build();
   private static Tester tester = new Tester(orchestrator);
 
   @ClassRule
-  public static RuleChain ruleChain = RuleChain.outerRule(orchestrator)
+  public static RuleChain ruleChain = RuleChain.outerRule(server)
+    .around(orchestrator)
     .around(tester);
 
-  @BeforeClass
-  public static void setUp() {
-    setServerProperty(orchestrator, "sonar.telemetry.enable", "false");
-    setServerProperty(orchestrator, "sonar.telemetry.url", server.url("").toString());
-    setServerProperty(orchestrator, "sonar.telemetry.frequencyInSeconds", "1");
-
-    orchestrator.restartServer();
-  }
-
   @Test
   public void opt_out_of_telemetry() throws Exception {
     RecordedRequest request = server.takeRequest(1, TimeUnit.SECONDS);
diff --git a/tests/src/test/java/org/sonarqube/tests/telemetry/TelemetryUploadTest.java b/tests/src/test/java/org/sonarqube/tests/telemetry/TelemetryUploadTest.java
index 54012292aee..8e8a9007f59 100644
--- a/tests/src/test/java/org/sonarqube/tests/telemetry/TelemetryUploadTest.java
+++ b/tests/src/test/java/org/sonarqube/tests/telemetry/TelemetryUploadTest.java
@@ -20,9 +20,11 @@
 package org.sonarqube.tests.telemetry;
 
 import com.sonar.orchestrator.Orchestrator;
+import java.sql.PreparedStatement;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
+import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import okhttp3.mockwebserver.RecordedRequest;
 import org.junit.After;
@@ -36,7 +38,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.tuple;
 import static util.ItUtils.jsonToMap;
 import static util.ItUtils.runProjectAnalysis;
-import static util.ItUtils.setServerProperty;
 import static util.ItUtils.xooPlugin;
 
 public class TelemetryUploadTest {
@@ -57,26 +58,26 @@ public class TelemetryUploadTest {
   }
 
   @Test
-  public void send_telemetry_data() throws Exception {
+  public void sent_telemetry_data() throws Exception {
+    telemetryServer.enqueue(new MockResponse().setResponseCode(200));
     orchestrator = Orchestrator.builderEnv()
       .addPlugin(xooPlugin())
       .setServerProperty("sonar.telemetry.url", telemetryServer.url("").toString())
+      // increase frequency so that payload is sent quickly after startup
+      .setServerProperty("sonar.telemetry.frequencyInSeconds", "1")
+      //.setServerProperty("sonar.web.javaAdditionalOpts", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=8001")
       .build();
-    // by default telemetry payload is sent 6 hours after startup, once a week
     orchestrator.start();
-
+    // Consume request to no block the telemetry daemon
+    telemetryServer.takeRequest();
     runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.projectKey", "xoo-sample-1");
     runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.projectKey", "xoo-sample-2");
     runProjectAnalysis(orchestrator, "shared/xoo2-sample", "sonar.projectKey", "xoo2-sample");
-
-    // no payload received at that time
-    assertThat(telemetryServer.getRequestCount()).isEqualTo(0);
-
-    // increase frequency so that payload is sent quickly after startup
-    setServerProperty(orchestrator, "sonar.telemetry.frequencyInSeconds", "1");
-    orchestrator.restartServer();
+    // Remove telemetry last ping from internal properties in order to allow telemetry to send another request
+    resetTelemetryLastPing();
 
     RecordedRequest request = telemetryServer.takeRequest();
+
     assertThat(request.getMethod()).isEqualTo("POST");
     assertThat(request.getHeader("User-Agent")).contains("SonarQube");
     Map<String, Object> json = jsonToMap(request.getBody().readUtf8());
@@ -96,6 +97,24 @@ public class TelemetryUploadTest {
     List<Map<String, String>> nclocByLanguage = (List<Map<String, String>>) json.get("nclocByLanguage");
     assertThat(nclocByLanguage).extracting(p -> p.get("language"), p -> getInteger(p.get("ncloc")))
       .contains(tuple("xoo", 13 * 2), tuple("xoo2", 7));
+
+    // Check that only 2 requests have been send to the telemetry server
+    assertThat(telemetryServer.getRequestCount()).isEqualTo(2);
+  }
+
+  @Test
+  public void does_not_send_telemetry_data_right_away_by_Default() {
+    orchestrator = Orchestrator.builderEnv()
+      .addPlugin(xooPlugin())
+      .setServerProperty("sonar.telemetry.url", telemetryServer.url("").toString())
+      .build();
+    // by default telemetry payload is sent 6 hours after startup, once a week
+    orchestrator.start();
+
+    runProjectAnalysis(orchestrator, "shared/xoo-sample");
+
+    // no payload received at that time
+    assertThat(telemetryServer.getRequestCount()).isEqualTo(0);
   }
 
   private String serverId() {
@@ -107,4 +126,13 @@ public class TelemetryUploadTest {
     double value = (Double) jsonValue;
     return (int) Math.round(value);
   }
+
+  private void resetTelemetryLastPing(){
+    try (PreparedStatement preparedStatement = orchestrator.getDatabase().openConnection().prepareStatement("delete from internal_properties where kee='telemetry.lastPing'");) {
+      preparedStatement.execute();
+      preparedStatement.close();
+    } catch (Exception e) {
+      throw new IllegalStateException(e);
+    }
+  }
 }
author	Julien Lancelot <julien.lancelot@sonarsource.com>	2018-02-01 13:36:29 +0100
committer	GitHub <noreply@github.com>	2018-02-01 13:36:29 +0100
commit	e737a37b28a2504aa1a6387606841afd776f2fef (patch)
tree	2ffc650ac5c2e4d3f22621a837db9e8304f1a04b /tests/src
parent	39f671dce022e19460606d9639f3727493a1faf2 (diff)
download	sonarqube-e737a37b28a2504aa1a6387606841afd776f2fef.tar.gz sonarqube-e737a37b28a2504aa1a6387606841afd776f2fef.zip