diff options
Diffstat (limited to 'server/sonar-server/src')
10 files changed, 24 insertions, 890 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java index 7ec91b1dbbe..ea1182c26b8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java @@ -157,7 +157,7 @@ import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_INSEC import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_POROUS_DEFENSES; import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_RISKY_RESOURCE; import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_CWE_MAPPING; -import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; +import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_OTHER_CWES_CATEGORY; import static org.sonar.server.view.index.ViewIndexDefinition.TYPE_VIEW; import static org.sonarqube.ws.client.issue.IssuesWsParameters.DEPRECATED_PARAM_AUTHORS; import static org.sonarqube.ws.client.issue.IssuesWsParameters.FACET_MODE_EFFORT; @@ -880,15 +880,15 @@ public class IssueIndex { public List<SecurityStandardCategoryStatistics> getSonarSourceReport(String projectUuid, boolean isViewOrApp, boolean includeCwe) { SearchRequestBuilder request = prepareNonClosedVulnerabilitiesAndHotspotSearch(projectUuid, isViewOrApp); - SONARSOURCE_CWE_MAPPING.keySet() - .forEach( - sonarsourceCategory -> request.addAggregation(createAggregation(FIELD_ISSUE_SONARSOURCE_SECURITY, sonarsourceCategory, includeCwe, Optional.of(SONARSOURCE_CWE_MAPPING)))); + Stream.concat(SONARSOURCE_CWE_MAPPING.keySet().stream(), Stream.of(SONARSOURCE_OTHER_CWES_CATEGORY)) + .forEach(sonarsourceCategory -> request.addAggregation( + createAggregation(FIELD_ISSUE_SONARSOURCE_SECURITY, sonarsourceCategory, includeCwe, Optional.of(SONARSOURCE_CWE_MAPPING)))); return processSecurityReportSearchResults(request, includeCwe); } public List<SecurityStandardCategoryStatistics> getOwaspTop10Report(String projectUuid, boolean isViewOrApp, boolean includeCwe) { SearchRequestBuilder request = prepareNonClosedVulnerabilitiesAndHotspotSearch(projectUuid, isViewOrApp); - Stream.concat(IntStream.rangeClosed(1, 10).mapToObj(i -> "a" + i), Stream.of(UNKNOWN_STANDARD)) + IntStream.rangeClosed(1, 10).mapToObj(i -> "a" + i) .forEach(owaspCategory -> request.addAggregation(createAggregation(FIELD_ISSUE_OWASP_TOP_10, owaspCategory, includeCwe, Optional.empty()))); return processSecurityReportSearchResults(request, includeCwe); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java index e160d7fe300..1144a6f83a0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java @@ -88,6 +88,7 @@ import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_INSEC import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_POROUS_DEFENSES; import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_RISKY_RESOURCE; import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_CWE_MAPPING; +import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_OTHER_CWES_CATEGORY; import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; import static org.sonar.server.ws.KeyExamples.KEY_BRANCH_EXAMPLE_001; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; @@ -260,9 +261,9 @@ public class SearchAction implements IssuesWsAction, Startable { .setPossibleValues((Object[]) RuleType.values()) .setExampleValue(format("%s,%s", RuleType.CODE_SMELL, RuleType.BUG)); action.createParam(PARAM_OWASP_TOP_10) - .setDescription("Comma-separated list of OWASP Top 10 lowercase categories. Use '" + UNKNOWN_STANDARD + "' to select issues not associated to any OWASP Top 10 category.") + .setDescription("Comma-separated list of OWASP Top 10 lowercase categories.") .setSince("7.3") - .setPossibleValues("a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10", UNKNOWN_STANDARD); + .setPossibleValues("a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10"); action.createParam(PARAM_SANS_TOP_25) .setDescription("Comma-separated list of SANS Top 25 categories.") .setSince("7.3") @@ -271,9 +272,10 @@ public class SearchAction implements IssuesWsAction, Startable { .setDescription("Comma-separated list of CWE identifiers. Use '" + UNKNOWN_STANDARD + "' to select issues not associated to any CWE.") .setExampleValue("12,125," + UNKNOWN_STANDARD); action.createParam(PARAM_SONARSOURCE_SECURITY) - .setDescription("Comma-separated list of SonarSource security categories.") + .setDescription("Comma-separated list of SonarSource security categories. Use '" + SONARSOURCE_OTHER_CWES_CATEGORY + "' to select issues not associated" + + " with any category") .setSince("7.8") - .setPossibleValues(SONARSOURCE_CWE_MAPPING.keySet()); + .setPossibleValues(ImmutableList.builder().addAll(SONARSOURCE_CWE_MAPPING.keySet()).add(SONARSOURCE_OTHER_CWES_CATEGORY).build()); action.createParam(DEPRECATED_PARAM_AUTHORS) .setDeprecatedSince("7.7") .setDescription("This parameter is deprecated, please use '%s' instead", PARAM_AUTHOR) diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java index eb19feff8a5..551548eee01 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java @@ -19,6 +19,7 @@ */ package org.sonar.server.rule.ws; +import com.google.common.collect.ImmutableList; import java.util.List; import java.util.Map; import java.util.Objects; @@ -35,7 +36,6 @@ import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.rule.RuleDto; import org.sonar.db.user.UserDto; -import org.sonar.server.security.SecurityStandardHelper; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.qualityprofile.ActiveRuleInheritance; import org.sonar.server.rule.index.RuleIndexDefinition; @@ -50,8 +50,6 @@ import static org.sonar.core.util.stream.MoreCollectors.toSet; import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex; import static org.sonar.db.organization.OrganizationDto.Subscription.PAID; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; -import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_CWE_MAPPING; -import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_ACTIVATION; import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_ACTIVE_SEVERITIES; import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_AVAILABLE_SINCE; @@ -73,6 +71,10 @@ import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_STATUSES; import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_TAGS; import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_TEMPLATE_KEY; import static org.sonar.server.rule.ws.RulesWsParameters.PARAM_TYPES; +import static org.sonar.server.security.SecurityStandardHelper.SANS_TOP_25_CWE_MAPPING; +import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_CWE_MAPPING; +import static org.sonar.server.security.SecurityStandardHelper.SONARSOURCE_OTHER_CWES_CATEGORY; +import static org.sonar.server.security.SecurityStandardHelper.UNKNOWN_STANDARD; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; @ServerSide @@ -143,10 +145,9 @@ public class RuleWsSupport { .setExampleValue("12,125," + UNKNOWN_STANDARD); action.createParam(PARAM_OWASP_TOP_10) - .setDescription("Comma-separated list of OWASP Top 10 lowercase categories. Use '" + UNKNOWN_STANDARD + "' to select rules not associated to any OWASP " + - "Top 10 category.") + .setDescription("Comma-separated list of OWASP Top 10 lowercase categories.") .setSince("7.3") - .setPossibleValues("a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10", UNKNOWN_STANDARD); + .setPossibleValues("a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10"); action.createParam(PARAM_SANS_TOP_25) .setDescription("Comma-separated list of SANS Top 25 categories.") @@ -155,9 +156,11 @@ public class RuleWsSupport { action .createParam(PARAM_SONARSOURCE_SECURITY) - .setDescription("Comma-separated list of SonarSource report categories.") - .setPossibleValues(SecurityStandardHelper.SONARSOURCE_CWE_MAPPING.keySet()) - .setExampleValue("sql-injection,command-injection"); + .setDescription("Comma-separated list of SonarSource security categories. Use '" + SONARSOURCE_OTHER_CWES_CATEGORY + "' to select rules not associated" + + " with any category") + .setSince("7.8") + .setPossibleValues(ImmutableList.builder().addAll(SONARSOURCE_CWE_MAPPING.keySet()).add(SONARSOURCE_OTHER_CWES_CATEGORY).build()) + .setExampleValue("sql-injection,command-injection,others"); action .createParam(PARAM_LANGUAGES) diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java index d4d757b87e0..577c835d490 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java @@ -218,8 +218,7 @@ public class IssueIndexSecurityReportsTest { tuple("a7", 0L, OptionalInt.empty(), 0L, 0L, 0L), tuple("a8", 0L, OptionalInt.empty(), 0L, 0L, 1L /* reviewedHotspot */), tuple("a9", 0L, OptionalInt.empty(), 0L, 0L, 0L), - tuple("a10", 0L, OptionalInt.empty(), 0L, 0L, 0L), - tuple("unknown", 1L /* notowaspvul */, OptionalInt.of(4) /* CRITICAL = D */, 1L /* notowasphotspot */, 0L, 0L)); + tuple("a10", 0L, OptionalInt.empty(), 0L, 0L, 0L)); return owaspTop10Report; } diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/empty.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/empty.json deleted file mode 100644 index efb9191e511..00000000000 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/empty.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "categories": [ - { - "category": "a1", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "a2", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "a3", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 1 - }, - { - "category": "a4", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a5", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a6", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a7", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a8", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a9", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a10", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "unknown", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 2 - } - ] -} diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/owaspNoCwe.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/owaspNoCwe.json deleted file mode 100644 index 60675e21b7b..00000000000 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/owaspNoCwe.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "categories": [ - { - "category": "a1", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "a2", - "vulnerabilities": 1, - "vulnerabilityRating": 3, - "inReviewSecurityHotspots": 1, - "toReviewSecurityHotspots": 1, - "reviewedSecurityHotspots": 1, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "a3", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 1 - }, - { - "category": "a4", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a5", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a6", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a7", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a8", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a9", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "a10", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "unknown", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 2 - } - ] -} diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sansWithCwe.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sansWithCwe.json deleted file mode 100644 index ce510484551..00000000000 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sansWithCwe.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "categories": [ - { - "category": "porous-defenses", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 1 - }, - { - "category": "risky-resource", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "insecure-interaction", - "vulnerabilities": 1, - "vulnerabilityRating": 3, - "inReviewSecurityHotspots": 1, - "toReviewSecurityHotspots": 1, - "reviewedSecurityHotspots": 0, - "distribution": [ - { - "cwe": "89", - "vulnerabilities": 1, - "vulnerabilityRating": 3, - "inReviewSecurityHotspots": 1, - "toReviewSecurityHotspots": 1, - "reviewedSecurityHotspots": 0, - "activeRules": 1, - "totalRules": 1 - } - ], - "activeRules": 2, - "totalRules": 2 - } - ] -} diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityNoCwe.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityNoCwe.json deleted file mode 100644 index c00feb5f200..00000000000 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityNoCwe.json +++ /dev/null @@ -1,205 +0,0 @@ -{ - "categories": [ - { - "category": "ldap-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "object-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "ssrf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "insecure-conf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "xxe", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "auth", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "xpath-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "weak-cryptography", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "dos", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "open-redirect", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "log-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "csrf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "sql-injection", - "vulnerabilities": 1, - "vulnerabilityRating": 3, - "inReviewSecurityHotspots": 1, - "toReviewSecurityHotspots": 1, - "reviewedSecurityHotspots": 1, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "file-manipulation", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "expression-lang-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "rce", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "xss", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "path-traversal-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "command-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "http-response-splitting", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - } - ] -} diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityOnApplication.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityOnApplication.json deleted file mode 100644 index 93df7186016..00000000000 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityOnApplication.json +++ /dev/null @@ -1,174 +0,0 @@ -{ - "categories": [ - { - "category": "ldap-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "object-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "ssrf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "insecure-conf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "xxe", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "auth", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "xpath-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "weak-cryptography", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "dos", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "open-redirect", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "log-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "csrf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "sql-injection", - "vulnerabilities": 1, - "vulnerabilityRating": 3, - "inReviewSecurityHotspots": 1, - "toReviewSecurityHotspots": 1, - "reviewedSecurityHotspots": 1, - "distribution": [ - { - "cwe": "89", - "vulnerabilities": 1, - "vulnerabilityRating": 3, - "inReviewSecurityHotspots": 1, - "toReviewSecurityHotspots": 1, - "reviewedSecurityHotspots": 1 - } - ] - }, - { - "category": "file-manipulation", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "expression-lang-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "rce", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "xss", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "path-traversal-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "command-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - }, - { - "category": "http-response-splitting", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [] - } - ] -} diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityWithCwe.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityWithCwe.json deleted file mode 100644 index c9e6c748036..00000000000 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityWithCwe.json +++ /dev/null @@ -1,216 +0,0 @@ -{ - "categories": [ - { - "category": "ldap-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "object-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "ssrf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "insecure-conf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "xxe", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "auth", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "xpath-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "weak-cryptography", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "dos", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "open-redirect", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "log-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "csrf", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "sql-injection", - "vulnerabilities": 1, - "vulnerabilityRating": 3, - "inReviewSecurityHotspots": 1, - "toReviewSecurityHotspots": 1, - "reviewedSecurityHotspots": 1, - "distribution": [ - { - "cwe": "89", - "vulnerabilities": 1, - "vulnerabilityRating": 3, - "inReviewSecurityHotspots": 1, - "toReviewSecurityHotspots": 1, - "reviewedSecurityHotspots": 1, - "activeRules": 1, - "totalRules": 1 - } - ], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "file-manipulation", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "expression-lang-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "rce", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "xss", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - }, - { - "category": "path-traversal-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "command-injection", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 1, - "totalRules": 1 - }, - { - "category": "http-response-splitting", - "vulnerabilities": 0, - "inReviewSecurityHotspots": 0, - "toReviewSecurityHotspots": 0, - "reviewedSecurityHotspots": 0, - "distribution": [], - "activeRules": 0, - "totalRules": 0 - } - ] -} |