From 76ef310b3344995f45f156410fa90ea1c490ee0a Mon Sep 17 00:00:00 2001 From: lukasz-jarocki-sonarsource Date: Wed, 6 Dec 2023 09:59:43 +0100 Subject: SONAR-21139 setting nulls for clean_code_attribute of security hotspots rules --- ...CleanCodeAttributeFromCustomHotspotRulesIT.java | 96 ++++++++++++++++++++++ .../db/migration/version/v104/DbVersion104.java | 4 +- ...veCleanCodeAttributeFromCustomHotspotRules.java | 56 +++++++++++++ .../java/org/sonar/server/rule/RuleCreator.java | 1 - 4 files changed, 155 insertions(+), 2 deletions(-) create mode 100644 server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v104/RemoveCleanCodeAttributeFromCustomHotspotRulesIT.java create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v104/RemoveCleanCodeAttributeFromCustomHotspotRules.java diff --git a/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v104/RemoveCleanCodeAttributeFromCustomHotspotRulesIT.java b/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v104/RemoveCleanCodeAttributeFromCustomHotspotRulesIT.java new file mode 100644 index 00000000000..d4ebc2fb203 --- /dev/null +++ b/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v104/RemoveCleanCodeAttributeFromCustomHotspotRulesIT.java @@ -0,0 +1,96 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v104; + +import java.sql.SQLException; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import org.junit.Rule; +import org.junit.Test; +import org.sonar.db.MigrationDbTester; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.tuple; + +public class RemoveCleanCodeAttributeFromCustomHotspotRulesIT { + + @Rule + public final MigrationDbTester db = MigrationDbTester.createForMigrationStep(RemoveCleanCodeAttributeFromCustomHotspotRules.class); + private final RemoveCleanCodeAttributeFromCustomHotspotRules underTest = new RemoveCleanCodeAttributeFromCustomHotspotRules(db.database()); + + @Test + public void execute_whenRulesTableIsEmpty_shouldDoNothing() throws SQLException { + underTest.execute(); + + assertThat(db.select("select clean_code_attribute from rules")).isEmpty(); + } + + @Test + public void execute_whenCustomHotspotRuleExist_shouldRemoveCleanCodeAttributeOnlyFromHotspot() throws SQLException { + insertRule("custom_hotspot_rule", "4", "CONVENTIONAL"); + insertRule("other_rule", "1", "ETHICAL"); + + underTest.execute(); + + List> selectResult = db.select("select NAME, CLEAN_CODE_ATTRIBUTE, UPDATED_AT from RULES"); + + assertThat(selectResult) + .extracting(stringObjectMap -> stringObjectMap.get("NAME"), stringObjectMap -> stringObjectMap.get("CLEAN_CODE_ATTRIBUTE")) + .containsExactlyInAnyOrder(tuple("custom_hotspot_rule", null), tuple("other_rule", "ETHICAL")); + + Optional updatedAtForHotspotRule = selectResult.stream().filter(map -> map.containsValue("custom_hotspot_rule")) + .map(map -> map.get("UPDATED_AT")).findFirst(); + assertThat(updatedAtForHotspotRule.get()).isNotEqualTo(0L); + + Optional updatedAtForOtherRule = selectResult.stream().filter(map -> map.containsValue("other_rule")) + .map(map -> map.get("UPDATED_AT")).findFirst(); + assertThat(updatedAtForOtherRule).contains(0L); + } + + @Test + public void execute_whenCustomHotspotRuleExist_isReentrant() throws SQLException { + insertRule("custom_hotspot_rule", "4", "CONVENTIONAL"); + insertRule("other_rule", "1", "ETHICAL"); + + underTest.execute(); + underTest.execute(); + + List> selectResult = db.select("select NAME, CLEAN_CODE_ATTRIBUTE from RULES"); + + assertThat(selectResult) + .extracting(stringObjectMap -> stringObjectMap.get("NAME"), stringObjectMap -> stringObjectMap.get("CLEAN_CODE_ATTRIBUTE")) + .containsExactlyInAnyOrder(tuple("custom_hotspot_rule", null), tuple("other_rule", "ETHICAL")); + } + + private void insertRule(String name, String ruleType, String cleanCodeAttribute) { + db.executeInsert("rules", + "PLUGIN_RULE_KEY", name, + "PLUGIN_NAME", name, + "SCOPE", name, + "NAME", name, + "IS_EXTERNAL", true, + "IS_AD_HOC", false, + "UUID", name, + "RULE_TYPE", ruleType, + "UPDATED_AT", 0L, + "CLEAN_CODE_ATTRIBUTE", cleanCodeAttribute); + } +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v104/DbVersion104.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v104/DbVersion104.java index 73f7742f355..2db623a7e49 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v104/DbVersion104.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v104/DbVersion104.java @@ -50,6 +50,8 @@ public class DbVersion104 implements DbVersion { .add(10_4_006, "Add 'uuid' column to 'groups_users'", AddUuidColumnToGroupsUsers.class) .add(10_4_007, "Populate 'uuid' column in 'groups_users'", PopulateGroupsUsersUuid.class) .add(10_4_008, "Make 'uuid' column in 'groups_users' table non-nullable", MakeUuidInGroupsUsersNotNullable.class) - .add(10_4_009, "Create primary key on 'groups_users.uuid'", CreatePrimaryKeyOnGroupsUsersTable.class); + .add(10_4_009, "Create primary key on 'groups_users.uuid'", CreatePrimaryKeyOnGroupsUsersTable.class) + .add(10_4_010, "Set nulls in 'clean_code_attribute' column of 'rules' table for security hotspots", + RemoveCleanCodeAttributeFromCustomHotspotRules.class); } } diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v104/RemoveCleanCodeAttributeFromCustomHotspotRules.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v104/RemoveCleanCodeAttributeFromCustomHotspotRules.java new file mode 100644 index 00000000000..e31d479455f --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v104/RemoveCleanCodeAttributeFromCustomHotspotRules.java @@ -0,0 +1,56 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v104; + +import java.sql.SQLException; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.step.DataChange; +import org.sonar.server.platform.db.migration.step.MassUpdate; + +public class RemoveCleanCodeAttributeFromCustomHotspotRules extends DataChange { + + private static final String SELECT = """ + SELECT uuid + FROM rules + WHERE rule_type = 4 + AND clean_code_attribute IS NOT NULL + """; + private static final String UPDATE = """ + UPDATE rules SET clean_code_attribute = NULL, updated_at = ? WHERE uuid = ? + """; + + public RemoveCleanCodeAttributeFromCustomHotspotRules(Database db) { + super(db); + } + + @Override + protected void execute(Context context) throws SQLException { + MassUpdate massUpdate = context.prepareMassUpdate(); + Long updatedAt = System.currentTimeMillis(); + massUpdate.select(SELECT); + massUpdate.update(UPDATE); + massUpdate.execute((row, update) -> { + String uuid = row.getString(1); + update.setLong(1, updatedAt); + update.setString(2, uuid); + return true; + }); + } +} diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java index c17f60d341b..4619e83411a 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/RuleCreator.java @@ -50,7 +50,6 @@ import org.sonar.db.rule.RuleParamDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.rule.index.RuleIndexer; import org.sonar.server.util.TypeValidations; -import org.sonarqube.ws.Common; import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.collect.Lists.newArrayList; -- cgit v1.2.3