use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid.
@Test
public void returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
List<IssueDto> hotspots = Arrays.stream(SQCategory.values()).sorted(Ordering.from(Comparator.<SQCategory>comparingInt(t1 -> t1.getVulnerability().getScore()).reversed()).thenComparing(SQCategory::getKey)).flatMap(sqCategory -> {
Set<String> cwes = SecurityStandards.CWES_BY_SQ_CATEGORY.get(sqCategory);
Set<String> securityStandards = singleton("cwe:" + (cwes == null ? "unknown" : cwes.iterator().next()));
RuleDefinitionDto rule1 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_a").setName("rule_" + sqCategory.name() + "_a").setSecurityStandards(securityStandards));
RuleDefinitionDto rule2 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_b").setName("rule_" + sqCategory.name() + "_b").setSecurityStandards(securityStandards));
return Stream.of(newHotspot(rule1, project, file).setKee(sqCategory + "_a"), newHotspot(rule2, project, file).setKee(sqCategory + "_b"));
}).collect(toList());
String[] expectedHotspotKeys = hotspots.stream().map(IssueDto::getKey).toArray(String[]::new);
// insert hotspots in random order
Collections.shuffle(hotspots);
hotspots.forEach(dbTester.issues()::insertHotspot);
indexIssues();
SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactly(expectedHotspotKeys);
}
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_all_issues_when_sinceLeakPeriod_is_true_and_is_pr.
@Test
public void returns_all_issues_when_sinceLeakPeriod_is_true_and_is_pr() {
long referenceDate = 800_996_999_332L;
system2.setNow(referenceDate + 10_000);
ComponentDto project = dbTester.components().insertPublicProject();
ComponentDto pr = dbTester.components().insertProjectBranch(project, b -> b.setBranchType(BranchType.PULL_REQUEST).setKey("pr"));
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(pr));
dbTester.components().insertSnapshot(project, t -> t.setPeriodDate(referenceDate).setLast(true));
dbTester.components().insertSnapshot(pr, t -> t.setPeriodDate(null).setLast(true));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto afterRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setIssueCreationTime(referenceDate + 1000));
IssueDto atRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
IssueDto beforeRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setIssueCreationTime(referenceDate - 1000));
indexIssues();
SearchWsResponse responseAll = newRequest(project).setParam("pullRequest", "pr").executeProtobuf(SearchWsResponse.class);
assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Stream.of(afterRef, atRef, beforeRef).map(IssueDto::getKey).toArray(String[]::new));
SearchWsResponse responseOnLeak = newRequest(project, t -> t.setParam("sinceLeakPeriod", "true").setParam("pullRequest", "pr")).executeProtobuf(SearchWsResponse.class);
assertThat(responseOnLeak.getHotspotsList()).hasSize(3);
}
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspot_components_when_project_has_hotspots.
@Test
public void returns_hotspot_components_when_project_has_hotspots() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
ComponentDto fileWithHotspot = dbTester.components().insertComponent(newFileDto(project));
Arrays.stream(RuleType.values()).filter(t -> t != SECURITY_HOTSPOT).forEach(ruleType -> {
RuleDefinitionDto rule = newRule(ruleType);
dbTester.issues().insert(rule, project, file, t -> t.setType(ruleType));
});
IssueDto[] hotspots = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
return insertHotspot(project, fileWithHotspot, rule);
}).toArray(IssueDto[]::new);
indexIssues();
SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsOnly(Arrays.stream(hotspots).map(IssueDto::getKey).toArray(String[]::new));
assertThat(response.getComponentsList()).extracting(Component::getKey).containsOnly(project.getKey(), fileWithHotspot.getKey());
}
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspots_of_specified_application.
@Test
public void returns_hotspots_of_specified_application() {
ComponentDto application1 = dbTester.components().insertPublicApplication();
ComponentDto application2 = dbTester.components().insertPublicApplication();
ComponentDto project1 = dbTester.components().insertPublicProject();
ComponentDto project2 = dbTester.components().insertPublicProject();
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project1, application1));
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project2, application2));
indexViews();
userSessionRule.registerApplication(application1, project1).registerApplication(application2, project2);
indexPermissions();
ComponentDto file1 = dbTester.components().insertComponent(newFileDto(project1));
ComponentDto file2 = dbTester.components().insertComponent(newFileDto(project2));
IssueDto[] hotspots2 = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
insertHotspot(project1, file1, rule);
return insertHotspot(project2, file2, rule);
}).toArray(IssueDto[]::new);
indexIssues();
SearchWsResponse responseApplication1 = newRequest(application1).executeProtobuf(SearchWsResponse.class);
assertThat(responseApplication1.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).doesNotContainAnyElementsOf(Arrays.stream(hotspots2).map(IssueDto::getKey).collect(toList()));
assertThat(responseApplication1.getComponentsList()).extracting(Component::getKey).containsOnly(project1.getKey(), file1.getKey());
SearchWsResponse responseApplication2 = newRequest(application2).executeProtobuf(SearchWsResponse.class);
assertThat(responseApplication2.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsOnly(Arrays.stream(hotspots2).map(IssueDto::getKey).toArray(String[]::new));
assertThat(responseApplication2.getComponentsList()).extracting(Component::getKey).containsOnly(project2.getKey(), file2.getKey());
}
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_issues_when_sinceLeakPeriod_is_true_and_is_application_for_branch_other_than_main.
@Test
public void returns_issues_when_sinceLeakPeriod_is_true_and_is_application_for_branch_other_than_main() {
long referenceDate = 800_996_999_332L;
system2.setNow(referenceDate + 10_000);
ProjectDto application = dbTester.components().insertPublicApplicationDto();
BranchDto applicationBranch = dbTester.components().insertProjectBranch(application, branchDto -> branchDto.setKey("application_branch_1"));
ProjectDto project = dbTester.components().insertPublicProjectDto();
BranchDto projectBranch = dbTester.components().insertProjectBranch(project, branchDto -> branchDto.setKey("project_1_branch_1"));
ProjectDto project2 = dbTester.components().insertPublicProjectDto();
BranchDto project2Branch = dbTester.components().insertProjectBranch(project2, branchDto -> branchDto.setKey("project_2_branch_1"));
dbTester.components().addApplicationProject(application, project);
dbTester.components().addApplicationProject(application, project2);
dbTester.components().addProjectBranchToApplicationBranch(applicationBranch, projectBranch, project2Branch);
ComponentDto applicationBranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), applicationBranch.getUuid()).get();
ComponentDto projectBranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), projectBranch.getUuid()).get();
ComponentDto project2BranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), project2Branch.getUuid()).get();
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(projectBranchComponentDto, applicationBranchComponentDto));
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project2BranchComponentDto, applicationBranchComponentDto));
indexViews();
userSessionRule.registerApplication(application, project, project2);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(projectBranchComponentDto));
dbTester.components().insertSnapshot(projectBranch, t -> t.setPeriodDate(referenceDate).setLast(true));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto afterRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setIssueCreationTime(referenceDate + 1000));
IssueDto atRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
IssueDto beforeRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setIssueCreationTime(referenceDate - 1000));
ComponentDto file2 = dbTester.components().insertComponent(newFileDto(project2BranchComponentDto));
IssueDto project2Issue = dbTester.issues().insertHotspot(rule, project2BranchComponentDto, file2, t -> t.setIssueCreationTime(referenceDate - 1000));
indexIssues();
ComponentDto applicationComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), application.getUuid()).get();
SearchWsResponse responseAll = newRequest(applicationComponentDto, t -> t.setParam("branch", applicationBranch.getKey())).executeProtobuf(SearchWsResponse.class);
assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(afterRef.getKey(), atRef.getKey(), beforeRef.getKey(), project2Issue.getKey());
SearchWsResponse responseOnLeak = newRequest(applicationComponentDto, t -> t.setParam("sinceLeakPeriod", "true").setParam("branch", applicationBranch.getKey())).executeProtobuf(SearchWsResponse.class);
assertThat(responseOnLeak.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(afterRef.getKey());
}
Aggregations