Example 1 with SECURITY_HOTSPOT
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid.
@Test
public void returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
List<IssueDto> hotspots = Arrays.stream(SQCategory.values()).sorted(Ordering.from(Comparator.<SQCategory>comparingInt(t1 -> t1.getVulnerability().getScore()).reversed()).thenComparing(SQCategory::getKey)).flatMap(sqCategory -> {
Set<String> cwes = SecurityStandards.CWES_BY_SQ_CATEGORY.get(sqCategory);
Set<String> securityStandards = singleton("cwe:" + (cwes == null ? "unknown" : cwes.iterator().next()));
RuleDefinitionDto rule1 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_a").setName("rule_" + sqCategory.name() + "_a").setSecurityStandards(securityStandards));
RuleDefinitionDto rule2 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_b").setName("rule_" + sqCategory.name() + "_b").setSecurityStandards(securityStandards));
return Stream.of(newHotspot(rule1, project, file).setKee(sqCategory + "_a"), newHotspot(rule2, project, file).setKee(sqCategory + "_b"));
}).collect(toList());
String[] expectedHotspotKeys = hotspots.stream().map(IssueDto::getKey).toArray(String[]::new);
// insert hotspots in random order
Collections.shuffle(hotspots);
hotspots.forEach(dbTester.issues()::insertHotspot);
indexIssues();
SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactly(expectedHotspotKeys);
}
Also used :
Arrays(java.util.Arrays)
AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing)
SecurityStandards(org.sonar.server.security.SecurityStandards)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Random(java.util.Random)
ViewIndexer(org.sonar.server.view.index.ViewIndexer)
DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner)
STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED)
DbIssues(org.sonar.db.protobuf.DbIssues)
WebService(org.sonar.api.server.ws.WebService)
Collections.singleton(java.util.Collections.singleton)
IssueIndex(org.sonar.server.issue.index.IssueIndex)
IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory)
IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue)
Map(java.util.Map)
ComponentTesting(org.sonar.db.component.ComponentTesting)
DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime)
Collectors.toSet(java.util.stream.Collectors.toSet)
DbTester(org.sonar.db.DbTester)
RuleTesting(org.sonar.db.rule.RuleTesting)
PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer)
REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH)
System2(org.sonar.api.utils.System2)
Hotspots(org.sonarqube.ws.Hotspots)
Collection(java.util.Collection)
Set(java.util.Set)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Sets(com.google.common.collect.Sets)
NotFoundException(org.sonar.server.exceptions.NotFoundException)
Collectors.joining(java.util.stream.Collectors.joining)
Common(org.sonarqube.ws.Common)
STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW)
DbClient(org.sonar.db.DbClient)
List(java.util.List)
ComponentDto(org.sonar.db.component.ComponentDto)
Stream(java.util.stream.Stream)
STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED)
ForbiddenException(org.sonar.server.exceptions.ForbiddenException)
ProjectDto(org.sonar.db.project.ProjectDto)
MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex)
STATUSES(org.sonar.api.issue.Issue.STATUSES)
IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue)
SQCategory(org.sonar.server.security.SecurityStandards.SQCategory)
ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory)
Mockito.mock(org.mockito.Mockito.mock)
IntStream(java.util.stream.IntStream)
BranchDto(org.sonar.db.component.BranchDto)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
IssueDto(org.sonar.db.issue.IssueDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
EsTester(org.sonar.server.es.EsTester)
ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto)
RunWith(org.junit.runner.RunWith)
DataProvider(com.tngtech.java.junit.dataprovider.DataProvider)
TestSystem2(org.sonar.api.impl.utils.TestSystem2)
RuleType(org.sonar.api.rules.RuleType)
WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter)
SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT)
RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED)
Nullable(javax.annotation.Nullable)
ImmutableSet.of(com.google.common.collect.ImmutableSet.of)
UserSessionRule(org.sonar.server.tester.UserSessionRule)
BranchType(org.sonar.db.component.BranchType)
RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic)
USER(org.sonar.api.web.UserRole.USER)
UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider)
TestRequest(org.sonar.server.ws.TestRequest)
Test(org.junit.Test)
Mockito.times(org.mockito.Mockito.times)
RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE)
WsActionTester(org.sonar.server.ws.WsActionTester)
DbCommons(org.sonar.db.protobuf.DbCommons)
Mockito.verify(org.mockito.Mockito.verify)
Consumer(java.util.function.Consumer)
Component(org.sonarqube.ws.Hotspots.Component)
Collectors.toList(java.util.stream.Collectors.toList)
Rule(org.junit.Rule)
Ordering(com.google.common.collect.Ordering)
Issue(org.sonar.api.issue.Issue)
IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker)
Tuple.tuple(org.assertj.core.groups.Tuple.tuple)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
IssueIndexer(org.sonar.server.issue.index.IssueIndexer)
Collectors.toSet(java.util.stream.Collectors.toSet)
Set(java.util.Set)
ComponentDto(org.sonar.db.component.ComponentDto)
IssueDto(org.sonar.db.issue.IssueDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
SQCategory(org.sonar.server.security.SecurityStandards.SQCategory)
Test(org.junit.Test)
Example 2 with SECURITY_HOTSPOT
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_all_issues_when_sinceLeakPeriod_is_true_and_is_pr.
@Test
public void returns_all_issues_when_sinceLeakPeriod_is_true_and_is_pr() {
long referenceDate = 800_996_999_332L;
system2.setNow(referenceDate + 10_000);
ComponentDto project = dbTester.components().insertPublicProject();
ComponentDto pr = dbTester.components().insertProjectBranch(project, b -> b.setBranchType(BranchType.PULL_REQUEST).setKey("pr"));
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(pr));
dbTester.components().insertSnapshot(project, t -> t.setPeriodDate(referenceDate).setLast(true));
dbTester.components().insertSnapshot(pr, t -> t.setPeriodDate(null).setLast(true));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto afterRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setIssueCreationTime(referenceDate + 1000));
IssueDto atRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
IssueDto beforeRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setIssueCreationTime(referenceDate - 1000));
indexIssues();
SearchWsResponse responseAll = newRequest(project).setParam("pullRequest", "pr").executeProtobuf(SearchWsResponse.class);
assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Stream.of(afterRef, atRef, beforeRef).map(IssueDto::getKey).toArray(String[]::new));
SearchWsResponse responseOnLeak = newRequest(project, t -> t.setParam("sinceLeakPeriod", "true").setParam("pullRequest", "pr")).executeProtobuf(SearchWsResponse.class);
assertThat(responseOnLeak.getHotspotsList()).hasSize(3);
}
Also used :
Arrays(java.util.Arrays)
AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing)
SecurityStandards(org.sonar.server.security.SecurityStandards)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Random(java.util.Random)
ViewIndexer(org.sonar.server.view.index.ViewIndexer)
DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner)
STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED)
DbIssues(org.sonar.db.protobuf.DbIssues)
WebService(org.sonar.api.server.ws.WebService)
Collections.singleton(java.util.Collections.singleton)
IssueIndex(org.sonar.server.issue.index.IssueIndex)
IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory)
IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue)
Map(java.util.Map)
ComponentTesting(org.sonar.db.component.ComponentTesting)
DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime)
Collectors.toSet(java.util.stream.Collectors.toSet)
DbTester(org.sonar.db.DbTester)
RuleTesting(org.sonar.db.rule.RuleTesting)
PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer)
REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH)
System2(org.sonar.api.utils.System2)
Hotspots(org.sonarqube.ws.Hotspots)
Collection(java.util.Collection)
Set(java.util.Set)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Sets(com.google.common.collect.Sets)
NotFoundException(org.sonar.server.exceptions.NotFoundException)
Collectors.joining(java.util.stream.Collectors.joining)
Common(org.sonarqube.ws.Common)
STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW)
DbClient(org.sonar.db.DbClient)
List(java.util.List)
ComponentDto(org.sonar.db.component.ComponentDto)
Stream(java.util.stream.Stream)
STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED)
ForbiddenException(org.sonar.server.exceptions.ForbiddenException)
ProjectDto(org.sonar.db.project.ProjectDto)
MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex)
STATUSES(org.sonar.api.issue.Issue.STATUSES)
IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue)
SQCategory(org.sonar.server.security.SecurityStandards.SQCategory)
ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory)
Mockito.mock(org.mockito.Mockito.mock)
IntStream(java.util.stream.IntStream)
BranchDto(org.sonar.db.component.BranchDto)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
IssueDto(org.sonar.db.issue.IssueDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
EsTester(org.sonar.server.es.EsTester)
ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto)
RunWith(org.junit.runner.RunWith)
DataProvider(com.tngtech.java.junit.dataprovider.DataProvider)
TestSystem2(org.sonar.api.impl.utils.TestSystem2)
RuleType(org.sonar.api.rules.RuleType)
WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter)
SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT)
RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED)
Nullable(javax.annotation.Nullable)
ImmutableSet.of(com.google.common.collect.ImmutableSet.of)
UserSessionRule(org.sonar.server.tester.UserSessionRule)
BranchType(org.sonar.db.component.BranchType)
RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic)
USER(org.sonar.api.web.UserRole.USER)
UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider)
TestRequest(org.sonar.server.ws.TestRequest)
Test(org.junit.Test)
Mockito.times(org.mockito.Mockito.times)
RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE)
WsActionTester(org.sonar.server.ws.WsActionTester)
DbCommons(org.sonar.db.protobuf.DbCommons)
Mockito.verify(org.mockito.Mockito.verify)
Consumer(java.util.function.Consumer)
Component(org.sonarqube.ws.Hotspots.Component)
Collectors.toList(java.util.stream.Collectors.toList)
Rule(org.junit.Rule)
Ordering(com.google.common.collect.Ordering)
Issue(org.sonar.api.issue.Issue)
IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker)
Tuple.tuple(org.assertj.core.groups.Tuple.tuple)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
IssueIndexer(org.sonar.server.issue.index.IssueIndexer)
ComponentDto(org.sonar.db.component.ComponentDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
IssueDto(org.sonar.db.issue.IssueDto)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Test(org.junit.Test)
Example 3 with SECURITY_HOTSPOT
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspot_components_when_project_has_hotspots.
@Test
public void returns_hotspot_components_when_project_has_hotspots() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
ComponentDto fileWithHotspot = dbTester.components().insertComponent(newFileDto(project));
Arrays.stream(RuleType.values()).filter(t -> t != SECURITY_HOTSPOT).forEach(ruleType -> {
RuleDefinitionDto rule = newRule(ruleType);
dbTester.issues().insert(rule, project, file, t -> t.setType(ruleType));
});
IssueDto[] hotspots = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
return insertHotspot(project, fileWithHotspot, rule);
}).toArray(IssueDto[]::new);
indexIssues();
SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsOnly(Arrays.stream(hotspots).map(IssueDto::getKey).toArray(String[]::new));
assertThat(response.getComponentsList()).extracting(Component::getKey).containsOnly(project.getKey(), fileWithHotspot.getKey());
}
Also used :
Arrays(java.util.Arrays)
AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing)
SecurityStandards(org.sonar.server.security.SecurityStandards)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Random(java.util.Random)
ViewIndexer(org.sonar.server.view.index.ViewIndexer)
DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner)
STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED)
DbIssues(org.sonar.db.protobuf.DbIssues)
WebService(org.sonar.api.server.ws.WebService)
Collections.singleton(java.util.Collections.singleton)
IssueIndex(org.sonar.server.issue.index.IssueIndex)
IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory)
IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue)
Map(java.util.Map)
ComponentTesting(org.sonar.db.component.ComponentTesting)
DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime)
Collectors.toSet(java.util.stream.Collectors.toSet)
DbTester(org.sonar.db.DbTester)
RuleTesting(org.sonar.db.rule.RuleTesting)
PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer)
REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH)
System2(org.sonar.api.utils.System2)
Hotspots(org.sonarqube.ws.Hotspots)
Collection(java.util.Collection)
Set(java.util.Set)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Sets(com.google.common.collect.Sets)
NotFoundException(org.sonar.server.exceptions.NotFoundException)
Collectors.joining(java.util.stream.Collectors.joining)
Common(org.sonarqube.ws.Common)
STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW)
DbClient(org.sonar.db.DbClient)
List(java.util.List)
ComponentDto(org.sonar.db.component.ComponentDto)
Stream(java.util.stream.Stream)
STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED)
ForbiddenException(org.sonar.server.exceptions.ForbiddenException)
ProjectDto(org.sonar.db.project.ProjectDto)
MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex)
STATUSES(org.sonar.api.issue.Issue.STATUSES)
IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue)
SQCategory(org.sonar.server.security.SecurityStandards.SQCategory)
ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory)
Mockito.mock(org.mockito.Mockito.mock)
IntStream(java.util.stream.IntStream)
BranchDto(org.sonar.db.component.BranchDto)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
IssueDto(org.sonar.db.issue.IssueDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
EsTester(org.sonar.server.es.EsTester)
ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto)
RunWith(org.junit.runner.RunWith)
DataProvider(com.tngtech.java.junit.dataprovider.DataProvider)
TestSystem2(org.sonar.api.impl.utils.TestSystem2)
RuleType(org.sonar.api.rules.RuleType)
WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter)
SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT)
RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED)
Nullable(javax.annotation.Nullable)
ImmutableSet.of(com.google.common.collect.ImmutableSet.of)
UserSessionRule(org.sonar.server.tester.UserSessionRule)
BranchType(org.sonar.db.component.BranchType)
RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic)
USER(org.sonar.api.web.UserRole.USER)
UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider)
TestRequest(org.sonar.server.ws.TestRequest)
Test(org.junit.Test)
Mockito.times(org.mockito.Mockito.times)
RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE)
WsActionTester(org.sonar.server.ws.WsActionTester)
DbCommons(org.sonar.db.protobuf.DbCommons)
Mockito.verify(org.mockito.Mockito.verify)
Consumer(java.util.function.Consumer)
Component(org.sonarqube.ws.Hotspots.Component)
Collectors.toList(java.util.stream.Collectors.toList)
Rule(org.junit.Rule)
Ordering(com.google.common.collect.Ordering)
Issue(org.sonar.api.issue.Issue)
IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker)
Tuple.tuple(org.assertj.core.groups.Tuple.tuple)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
IssueIndexer(org.sonar.server.issue.index.IssueIndexer)
ComponentDto(org.sonar.db.component.ComponentDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
IssueDto(org.sonar.db.issue.IssueDto)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Test(org.junit.Test)
Example 4 with SECURITY_HOTSPOT
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspots_of_specified_application.
@Test
public void returns_hotspots_of_specified_application() {
ComponentDto application1 = dbTester.components().insertPublicApplication();
ComponentDto application2 = dbTester.components().insertPublicApplication();
ComponentDto project1 = dbTester.components().insertPublicProject();
ComponentDto project2 = dbTester.components().insertPublicProject();
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project1, application1));
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project2, application2));
indexViews();
userSessionRule.registerApplication(application1, project1).registerApplication(application2, project2);
indexPermissions();
ComponentDto file1 = dbTester.components().insertComponent(newFileDto(project1));
ComponentDto file2 = dbTester.components().insertComponent(newFileDto(project2));
IssueDto[] hotspots2 = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
insertHotspot(project1, file1, rule);
return insertHotspot(project2, file2, rule);
}).toArray(IssueDto[]::new);
indexIssues();
SearchWsResponse responseApplication1 = newRequest(application1).executeProtobuf(SearchWsResponse.class);
assertThat(responseApplication1.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).doesNotContainAnyElementsOf(Arrays.stream(hotspots2).map(IssueDto::getKey).collect(toList()));
assertThat(responseApplication1.getComponentsList()).extracting(Component::getKey).containsOnly(project1.getKey(), file1.getKey());
SearchWsResponse responseApplication2 = newRequest(application2).executeProtobuf(SearchWsResponse.class);
assertThat(responseApplication2.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsOnly(Arrays.stream(hotspots2).map(IssueDto::getKey).toArray(String[]::new));
assertThat(responseApplication2.getComponentsList()).extracting(Component::getKey).containsOnly(project2.getKey(), file2.getKey());
}
Also used :
Arrays(java.util.Arrays)
AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing)
SecurityStandards(org.sonar.server.security.SecurityStandards)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Random(java.util.Random)
ViewIndexer(org.sonar.server.view.index.ViewIndexer)
DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner)
STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED)
DbIssues(org.sonar.db.protobuf.DbIssues)
WebService(org.sonar.api.server.ws.WebService)
Collections.singleton(java.util.Collections.singleton)
IssueIndex(org.sonar.server.issue.index.IssueIndex)
IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory)
IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue)
Map(java.util.Map)
ComponentTesting(org.sonar.db.component.ComponentTesting)
DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime)
Collectors.toSet(java.util.stream.Collectors.toSet)
DbTester(org.sonar.db.DbTester)
RuleTesting(org.sonar.db.rule.RuleTesting)
PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer)
REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH)
System2(org.sonar.api.utils.System2)
Hotspots(org.sonarqube.ws.Hotspots)
Collection(java.util.Collection)
Set(java.util.Set)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Sets(com.google.common.collect.Sets)
NotFoundException(org.sonar.server.exceptions.NotFoundException)
Collectors.joining(java.util.stream.Collectors.joining)
Common(org.sonarqube.ws.Common)
STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW)
DbClient(org.sonar.db.DbClient)
List(java.util.List)
ComponentDto(org.sonar.db.component.ComponentDto)
Stream(java.util.stream.Stream)
STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED)
ForbiddenException(org.sonar.server.exceptions.ForbiddenException)
ProjectDto(org.sonar.db.project.ProjectDto)
MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex)
STATUSES(org.sonar.api.issue.Issue.STATUSES)
IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue)
SQCategory(org.sonar.server.security.SecurityStandards.SQCategory)
ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory)
Mockito.mock(org.mockito.Mockito.mock)
IntStream(java.util.stream.IntStream)
BranchDto(org.sonar.db.component.BranchDto)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
IssueDto(org.sonar.db.issue.IssueDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
EsTester(org.sonar.server.es.EsTester)
ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto)
RunWith(org.junit.runner.RunWith)
DataProvider(com.tngtech.java.junit.dataprovider.DataProvider)
TestSystem2(org.sonar.api.impl.utils.TestSystem2)
RuleType(org.sonar.api.rules.RuleType)
WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter)
SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT)
RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED)
Nullable(javax.annotation.Nullable)
ImmutableSet.of(com.google.common.collect.ImmutableSet.of)
UserSessionRule(org.sonar.server.tester.UserSessionRule)
BranchType(org.sonar.db.component.BranchType)
RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic)
USER(org.sonar.api.web.UserRole.USER)
UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider)
TestRequest(org.sonar.server.ws.TestRequest)
Test(org.junit.Test)
Mockito.times(org.mockito.Mockito.times)
RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE)
WsActionTester(org.sonar.server.ws.WsActionTester)
DbCommons(org.sonar.db.protobuf.DbCommons)
Mockito.verify(org.mockito.Mockito.verify)
Consumer(java.util.function.Consumer)
Component(org.sonarqube.ws.Hotspots.Component)
Collectors.toList(java.util.stream.Collectors.toList)
Rule(org.junit.Rule)
Ordering(com.google.common.collect.Ordering)
Issue(org.sonar.api.issue.Issue)
IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker)
Tuple.tuple(org.assertj.core.groups.Tuple.tuple)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
IssueIndexer(org.sonar.server.issue.index.IssueIndexer)
ComponentDto(org.sonar.db.component.ComponentDto)
IssueDto(org.sonar.db.issue.IssueDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Test(org.junit.Test)
Example 5 with SECURITY_HOTSPOT
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_issues_when_sinceLeakPeriod_is_true_and_is_application_for_branch_other_than_main.
@Test
public void returns_issues_when_sinceLeakPeriod_is_true_and_is_application_for_branch_other_than_main() {
long referenceDate = 800_996_999_332L;
system2.setNow(referenceDate + 10_000);
ProjectDto application = dbTester.components().insertPublicApplicationDto();
BranchDto applicationBranch = dbTester.components().insertProjectBranch(application, branchDto -> branchDto.setKey("application_branch_1"));
ProjectDto project = dbTester.components().insertPublicProjectDto();
BranchDto projectBranch = dbTester.components().insertProjectBranch(project, branchDto -> branchDto.setKey("project_1_branch_1"));
ProjectDto project2 = dbTester.components().insertPublicProjectDto();
BranchDto project2Branch = dbTester.components().insertProjectBranch(project2, branchDto -> branchDto.setKey("project_2_branch_1"));
dbTester.components().addApplicationProject(application, project);
dbTester.components().addApplicationProject(application, project2);
dbTester.components().addProjectBranchToApplicationBranch(applicationBranch, projectBranch, project2Branch);
ComponentDto applicationBranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), applicationBranch.getUuid()).get();
ComponentDto projectBranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), projectBranch.getUuid()).get();
ComponentDto project2BranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), project2Branch.getUuid()).get();
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(projectBranchComponentDto, applicationBranchComponentDto));
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project2BranchComponentDto, applicationBranchComponentDto));
indexViews();
userSessionRule.registerApplication(application, project, project2);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(projectBranchComponentDto));
dbTester.components().insertSnapshot(projectBranch, t -> t.setPeriodDate(referenceDate).setLast(true));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto afterRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setIssueCreationTime(referenceDate + 1000));
IssueDto atRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
IssueDto beforeRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setIssueCreationTime(referenceDate - 1000));
ComponentDto file2 = dbTester.components().insertComponent(newFileDto(project2BranchComponentDto));
IssueDto project2Issue = dbTester.issues().insertHotspot(rule, project2BranchComponentDto, file2, t -> t.setIssueCreationTime(referenceDate - 1000));
indexIssues();
ComponentDto applicationComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), application.getUuid()).get();
SearchWsResponse responseAll = newRequest(applicationComponentDto, t -> t.setParam("branch", applicationBranch.getKey())).executeProtobuf(SearchWsResponse.class);
assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(afterRef.getKey(), atRef.getKey(), beforeRef.getKey(), project2Issue.getKey());
SearchWsResponse responseOnLeak = newRequest(applicationComponentDto, t -> t.setParam("sinceLeakPeriod", "true").setParam("branch", applicationBranch.getKey())).executeProtobuf(SearchWsResponse.class);
assertThat(responseOnLeak.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(afterRef.getKey());
}
Also used :
ProjectDto(org.sonar.db.project.ProjectDto)
Arrays(java.util.Arrays)
AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing)
SecurityStandards(org.sonar.server.security.SecurityStandards)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Random(java.util.Random)
ViewIndexer(org.sonar.server.view.index.ViewIndexer)
DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner)
STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED)
DbIssues(org.sonar.db.protobuf.DbIssues)
WebService(org.sonar.api.server.ws.WebService)
Collections.singleton(java.util.Collections.singleton)
IssueIndex(org.sonar.server.issue.index.IssueIndex)
IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory)
IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue)
Map(java.util.Map)
ComponentTesting(org.sonar.db.component.ComponentTesting)
DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime)
Collectors.toSet(java.util.stream.Collectors.toSet)
DbTester(org.sonar.db.DbTester)
RuleTesting(org.sonar.db.rule.RuleTesting)
PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer)
REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH)
System2(org.sonar.api.utils.System2)
Hotspots(org.sonarqube.ws.Hotspots)
Collection(java.util.Collection)
Set(java.util.Set)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Sets(com.google.common.collect.Sets)
NotFoundException(org.sonar.server.exceptions.NotFoundException)
Collectors.joining(java.util.stream.Collectors.joining)
Common(org.sonarqube.ws.Common)
STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW)
DbClient(org.sonar.db.DbClient)
List(java.util.List)
ComponentDto(org.sonar.db.component.ComponentDto)
Stream(java.util.stream.Stream)
STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED)
ForbiddenException(org.sonar.server.exceptions.ForbiddenException)
ProjectDto(org.sonar.db.project.ProjectDto)
MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex)
STATUSES(org.sonar.api.issue.Issue.STATUSES)
IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue)
SQCategory(org.sonar.server.security.SecurityStandards.SQCategory)
ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory)
Mockito.mock(org.mockito.Mockito.mock)
IntStream(java.util.stream.IntStream)
BranchDto(org.sonar.db.component.BranchDto)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
IssueDto(org.sonar.db.issue.IssueDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
EsTester(org.sonar.server.es.EsTester)
ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto)
RunWith(org.junit.runner.RunWith)
DataProvider(com.tngtech.java.junit.dataprovider.DataProvider)
TestSystem2(org.sonar.api.impl.utils.TestSystem2)
RuleType(org.sonar.api.rules.RuleType)
WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter)
SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT)
RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED)
Nullable(javax.annotation.Nullable)
ImmutableSet.of(com.google.common.collect.ImmutableSet.of)
UserSessionRule(org.sonar.server.tester.UserSessionRule)
BranchType(org.sonar.db.component.BranchType)
RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic)
USER(org.sonar.api.web.UserRole.USER)
UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider)
TestRequest(org.sonar.server.ws.TestRequest)
Test(org.junit.Test)
Mockito.times(org.mockito.Mockito.times)
RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE)
WsActionTester(org.sonar.server.ws.WsActionTester)
DbCommons(org.sonar.db.protobuf.DbCommons)
Mockito.verify(org.mockito.Mockito.verify)
Consumer(java.util.function.Consumer)
Component(org.sonarqube.ws.Hotspots.Component)
Collectors.toList(java.util.stream.Collectors.toList)
Rule(org.junit.Rule)
Ordering(com.google.common.collect.Ordering)
Issue(org.sonar.api.issue.Issue)
IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker)
Tuple.tuple(org.assertj.core.groups.Tuple.tuple)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
IssueIndexer(org.sonar.server.issue.index.IssueIndexer)
BranchDto(org.sonar.db.component.BranchDto)
ComponentDto(org.sonar.db.component.ComponentDto)
RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto)
IssueDto(org.sonar.db.issue.IssueDto)
SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse)
Test(org.junit.Test)
Aggregations
Sets (com.google.common.collect.Sets)27
DataProvider (com.tngtech.java.junit.dataprovider.DataProvider)27
DataProviderRunner (com.tngtech.java.junit.dataprovider.DataProviderRunner)27
UseDataProvider (com.tngtech.java.junit.dataprovider.UseDataProvider)27
Arrays (java.util.Arrays)27
Collections (java.util.Collections)27
List (java.util.List)27
Random (java.util.Random)27
Set (java.util.Set)27
Consumer (java.util.function.Consumer)27
IntStream (java.util.stream.IntStream)27
Stream (java.util.stream.Stream)27
Nullable (javax.annotation.Nullable)27
RandomStringUtils.randomAlphabetic (org.apache.commons.lang.RandomStringUtils.randomAlphabetic)27
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)27
Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)27
Rule (org.junit.Rule)27
Test (org.junit.Test)27
RunWith (org.junit.runner.RunWith)27
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)27
