Search in sources :

Example 1 with SECURITY_HOTSPOT

use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.

the class SearchActionTest method returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid.

@Test
public void returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid() {
    ComponentDto project = dbTester.components().insertPublicProject();
    userSessionRule.registerComponents(project);
    indexPermissions();
    ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
    List<IssueDto> hotspots = Arrays.stream(SQCategory.values()).sorted(Ordering.from(Comparator.<SQCategory>comparingInt(t1 -> t1.getVulnerability().getScore()).reversed()).thenComparing(SQCategory::getKey)).flatMap(sqCategory -> {
        Set<String> cwes = SecurityStandards.CWES_BY_SQ_CATEGORY.get(sqCategory);
        Set<String> securityStandards = singleton("cwe:" + (cwes == null ? "unknown" : cwes.iterator().next()));
        RuleDefinitionDto rule1 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_a").setName("rule_" + sqCategory.name() + "_a").setSecurityStandards(securityStandards));
        RuleDefinitionDto rule2 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_b").setName("rule_" + sqCategory.name() + "_b").setSecurityStandards(securityStandards));
        return Stream.of(newHotspot(rule1, project, file).setKee(sqCategory + "_a"), newHotspot(rule2, project, file).setKee(sqCategory + "_b"));
    }).collect(toList());
    String[] expectedHotspotKeys = hotspots.stream().map(IssueDto::getKey).toArray(String[]::new);
    // insert hotspots in random order
    Collections.shuffle(hotspots);
    hotspots.forEach(dbTester.issues()::insertHotspot);
    indexIssues();
    SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
    assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactly(expectedHotspotKeys);
}
Also used : Arrays(java.util.Arrays) AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing) SecurityStandards(org.sonar.server.security.SecurityStandards) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Random(java.util.Random) ViewIndexer(org.sonar.server.view.index.ViewIndexer) DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner) STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED) DbIssues(org.sonar.db.protobuf.DbIssues) WebService(org.sonar.api.server.ws.WebService) Collections.singleton(java.util.Collections.singleton) IssueIndex(org.sonar.server.issue.index.IssueIndex) IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory) IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue) Map(java.util.Map) ComponentTesting(org.sonar.db.component.ComponentTesting) DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime) Collectors.toSet(java.util.stream.Collectors.toSet) DbTester(org.sonar.db.DbTester) RuleTesting(org.sonar.db.rule.RuleTesting) PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer) REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH) System2(org.sonar.api.utils.System2) Hotspots(org.sonarqube.ws.Hotspots) Collection(java.util.Collection) Set(java.util.Set) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Sets(com.google.common.collect.Sets) NotFoundException(org.sonar.server.exceptions.NotFoundException) Collectors.joining(java.util.stream.Collectors.joining) Common(org.sonarqube.ws.Common) STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW) DbClient(org.sonar.db.DbClient) List(java.util.List) ComponentDto(org.sonar.db.component.ComponentDto) Stream(java.util.stream.Stream) STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED) ForbiddenException(org.sonar.server.exceptions.ForbiddenException) ProjectDto(org.sonar.db.project.ProjectDto) MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex) STATUSES(org.sonar.api.issue.Issue.STATUSES) IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory) Mockito.mock(org.mockito.Mockito.mock) IntStream(java.util.stream.IntStream) BranchDto(org.sonar.db.component.BranchDto) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) EsTester(org.sonar.server.es.EsTester) ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto) RunWith(org.junit.runner.RunWith) DataProvider(com.tngtech.java.junit.dataprovider.DataProvider) TestSystem2(org.sonar.api.impl.utils.TestSystem2) RuleType(org.sonar.api.rules.RuleType) WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter) SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT) RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED) Nullable(javax.annotation.Nullable) ImmutableSet.of(com.google.common.collect.ImmutableSet.of) UserSessionRule(org.sonar.server.tester.UserSessionRule) BranchType(org.sonar.db.component.BranchType) RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic) USER(org.sonar.api.web.UserRole.USER) UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider) TestRequest(org.sonar.server.ws.TestRequest) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE) WsActionTester(org.sonar.server.ws.WsActionTester) DbCommons(org.sonar.db.protobuf.DbCommons) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Component(org.sonarqube.ws.Hotspots.Component) Collectors.toList(java.util.stream.Collectors.toList) Rule(org.junit.Rule) Ordering(com.google.common.collect.Ordering) Issue(org.sonar.api.issue.Issue) IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker) Tuple.tuple(org.assertj.core.groups.Tuple.tuple) Comparator(java.util.Comparator) Collections(java.util.Collections) IssueIndexer(org.sonar.server.issue.index.IssueIndexer) Collectors.toSet(java.util.stream.Collectors.toSet) Set(java.util.Set) ComponentDto(org.sonar.db.component.ComponentDto) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) Test(org.junit.Test)

Example 2 with SECURITY_HOTSPOT

use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.

the class SearchActionTest method returns_all_issues_when_sinceLeakPeriod_is_true_and_is_pr.

@Test
public void returns_all_issues_when_sinceLeakPeriod_is_true_and_is_pr() {
    long referenceDate = 800_996_999_332L;
    system2.setNow(referenceDate + 10_000);
    ComponentDto project = dbTester.components().insertPublicProject();
    ComponentDto pr = dbTester.components().insertProjectBranch(project, b -> b.setBranchType(BranchType.PULL_REQUEST).setKey("pr"));
    userSessionRule.registerComponents(project);
    indexPermissions();
    ComponentDto file = dbTester.components().insertComponent(newFileDto(pr));
    dbTester.components().insertSnapshot(project, t -> t.setPeriodDate(referenceDate).setLast(true));
    dbTester.components().insertSnapshot(pr, t -> t.setPeriodDate(null).setLast(true));
    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
    IssueDto afterRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setIssueCreationTime(referenceDate + 1000));
    IssueDto atRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
    IssueDto beforeRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setIssueCreationTime(referenceDate - 1000));
    indexIssues();
    SearchWsResponse responseAll = newRequest(project).setParam("pullRequest", "pr").executeProtobuf(SearchWsResponse.class);
    assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Stream.of(afterRef, atRef, beforeRef).map(IssueDto::getKey).toArray(String[]::new));
    SearchWsResponse responseOnLeak = newRequest(project, t -> t.setParam("sinceLeakPeriod", "true").setParam("pullRequest", "pr")).executeProtobuf(SearchWsResponse.class);
    assertThat(responseOnLeak.getHotspotsList()).hasSize(3);
}
Also used : Arrays(java.util.Arrays) AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing) SecurityStandards(org.sonar.server.security.SecurityStandards) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Random(java.util.Random) ViewIndexer(org.sonar.server.view.index.ViewIndexer) DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner) STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED) DbIssues(org.sonar.db.protobuf.DbIssues) WebService(org.sonar.api.server.ws.WebService) Collections.singleton(java.util.Collections.singleton) IssueIndex(org.sonar.server.issue.index.IssueIndex) IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory) IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue) Map(java.util.Map) ComponentTesting(org.sonar.db.component.ComponentTesting) DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime) Collectors.toSet(java.util.stream.Collectors.toSet) DbTester(org.sonar.db.DbTester) RuleTesting(org.sonar.db.rule.RuleTesting) PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer) REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH) System2(org.sonar.api.utils.System2) Hotspots(org.sonarqube.ws.Hotspots) Collection(java.util.Collection) Set(java.util.Set) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Sets(com.google.common.collect.Sets) NotFoundException(org.sonar.server.exceptions.NotFoundException) Collectors.joining(java.util.stream.Collectors.joining) Common(org.sonarqube.ws.Common) STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW) DbClient(org.sonar.db.DbClient) List(java.util.List) ComponentDto(org.sonar.db.component.ComponentDto) Stream(java.util.stream.Stream) STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED) ForbiddenException(org.sonar.server.exceptions.ForbiddenException) ProjectDto(org.sonar.db.project.ProjectDto) MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex) STATUSES(org.sonar.api.issue.Issue.STATUSES) IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory) Mockito.mock(org.mockito.Mockito.mock) IntStream(java.util.stream.IntStream) BranchDto(org.sonar.db.component.BranchDto) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) EsTester(org.sonar.server.es.EsTester) ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto) RunWith(org.junit.runner.RunWith) DataProvider(com.tngtech.java.junit.dataprovider.DataProvider) TestSystem2(org.sonar.api.impl.utils.TestSystem2) RuleType(org.sonar.api.rules.RuleType) WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter) SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT) RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED) Nullable(javax.annotation.Nullable) ImmutableSet.of(com.google.common.collect.ImmutableSet.of) UserSessionRule(org.sonar.server.tester.UserSessionRule) BranchType(org.sonar.db.component.BranchType) RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic) USER(org.sonar.api.web.UserRole.USER) UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider) TestRequest(org.sonar.server.ws.TestRequest) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE) WsActionTester(org.sonar.server.ws.WsActionTester) DbCommons(org.sonar.db.protobuf.DbCommons) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Component(org.sonarqube.ws.Hotspots.Component) Collectors.toList(java.util.stream.Collectors.toList) Rule(org.junit.Rule) Ordering(com.google.common.collect.Ordering) Issue(org.sonar.api.issue.Issue) IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker) Tuple.tuple(org.assertj.core.groups.Tuple.tuple) Comparator(java.util.Comparator) Collections(java.util.Collections) IssueIndexer(org.sonar.server.issue.index.IssueIndexer) ComponentDto(org.sonar.db.component.ComponentDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) IssueDto(org.sonar.db.issue.IssueDto) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Test(org.junit.Test)

Example 3 with SECURITY_HOTSPOT

use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.

the class SearchActionTest method returns_hotspot_components_when_project_has_hotspots.

@Test
public void returns_hotspot_components_when_project_has_hotspots() {
    ComponentDto project = dbTester.components().insertPublicProject();
    userSessionRule.registerComponents(project);
    indexPermissions();
    ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
    ComponentDto fileWithHotspot = dbTester.components().insertComponent(newFileDto(project));
    Arrays.stream(RuleType.values()).filter(t -> t != SECURITY_HOTSPOT).forEach(ruleType -> {
        RuleDefinitionDto rule = newRule(ruleType);
        dbTester.issues().insert(rule, project, file, t -> t.setType(ruleType));
    });
    IssueDto[] hotspots = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
        RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
        return insertHotspot(project, fileWithHotspot, rule);
    }).toArray(IssueDto[]::new);
    indexIssues();
    SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
    assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsOnly(Arrays.stream(hotspots).map(IssueDto::getKey).toArray(String[]::new));
    assertThat(response.getComponentsList()).extracting(Component::getKey).containsOnly(project.getKey(), fileWithHotspot.getKey());
}
Also used : Arrays(java.util.Arrays) AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing) SecurityStandards(org.sonar.server.security.SecurityStandards) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Random(java.util.Random) ViewIndexer(org.sonar.server.view.index.ViewIndexer) DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner) STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED) DbIssues(org.sonar.db.protobuf.DbIssues) WebService(org.sonar.api.server.ws.WebService) Collections.singleton(java.util.Collections.singleton) IssueIndex(org.sonar.server.issue.index.IssueIndex) IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory) IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue) Map(java.util.Map) ComponentTesting(org.sonar.db.component.ComponentTesting) DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime) Collectors.toSet(java.util.stream.Collectors.toSet) DbTester(org.sonar.db.DbTester) RuleTesting(org.sonar.db.rule.RuleTesting) PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer) REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH) System2(org.sonar.api.utils.System2) Hotspots(org.sonarqube.ws.Hotspots) Collection(java.util.Collection) Set(java.util.Set) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Sets(com.google.common.collect.Sets) NotFoundException(org.sonar.server.exceptions.NotFoundException) Collectors.joining(java.util.stream.Collectors.joining) Common(org.sonarqube.ws.Common) STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW) DbClient(org.sonar.db.DbClient) List(java.util.List) ComponentDto(org.sonar.db.component.ComponentDto) Stream(java.util.stream.Stream) STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED) ForbiddenException(org.sonar.server.exceptions.ForbiddenException) ProjectDto(org.sonar.db.project.ProjectDto) MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex) STATUSES(org.sonar.api.issue.Issue.STATUSES) IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory) Mockito.mock(org.mockito.Mockito.mock) IntStream(java.util.stream.IntStream) BranchDto(org.sonar.db.component.BranchDto) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) EsTester(org.sonar.server.es.EsTester) ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto) RunWith(org.junit.runner.RunWith) DataProvider(com.tngtech.java.junit.dataprovider.DataProvider) TestSystem2(org.sonar.api.impl.utils.TestSystem2) RuleType(org.sonar.api.rules.RuleType) WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter) SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT) RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED) Nullable(javax.annotation.Nullable) ImmutableSet.of(com.google.common.collect.ImmutableSet.of) UserSessionRule(org.sonar.server.tester.UserSessionRule) BranchType(org.sonar.db.component.BranchType) RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic) USER(org.sonar.api.web.UserRole.USER) UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider) TestRequest(org.sonar.server.ws.TestRequest) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE) WsActionTester(org.sonar.server.ws.WsActionTester) DbCommons(org.sonar.db.protobuf.DbCommons) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Component(org.sonarqube.ws.Hotspots.Component) Collectors.toList(java.util.stream.Collectors.toList) Rule(org.junit.Rule) Ordering(com.google.common.collect.Ordering) Issue(org.sonar.api.issue.Issue) IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker) Tuple.tuple(org.assertj.core.groups.Tuple.tuple) Comparator(java.util.Comparator) Collections(java.util.Collections) IssueIndexer(org.sonar.server.issue.index.IssueIndexer) ComponentDto(org.sonar.db.component.ComponentDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) IssueDto(org.sonar.db.issue.IssueDto) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Test(org.junit.Test)

Example 4 with SECURITY_HOTSPOT

use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.

the class SearchActionTest method returns_hotspots_of_specified_application.

@Test
public void returns_hotspots_of_specified_application() {
    ComponentDto application1 = dbTester.components().insertPublicApplication();
    ComponentDto application2 = dbTester.components().insertPublicApplication();
    ComponentDto project1 = dbTester.components().insertPublicProject();
    ComponentDto project2 = dbTester.components().insertPublicProject();
    dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project1, application1));
    dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project2, application2));
    indexViews();
    userSessionRule.registerApplication(application1, project1).registerApplication(application2, project2);
    indexPermissions();
    ComponentDto file1 = dbTester.components().insertComponent(newFileDto(project1));
    ComponentDto file2 = dbTester.components().insertComponent(newFileDto(project2));
    IssueDto[] hotspots2 = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
        RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
        insertHotspot(project1, file1, rule);
        return insertHotspot(project2, file2, rule);
    }).toArray(IssueDto[]::new);
    indexIssues();
    SearchWsResponse responseApplication1 = newRequest(application1).executeProtobuf(SearchWsResponse.class);
    assertThat(responseApplication1.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).doesNotContainAnyElementsOf(Arrays.stream(hotspots2).map(IssueDto::getKey).collect(toList()));
    assertThat(responseApplication1.getComponentsList()).extracting(Component::getKey).containsOnly(project1.getKey(), file1.getKey());
    SearchWsResponse responseApplication2 = newRequest(application2).executeProtobuf(SearchWsResponse.class);
    assertThat(responseApplication2.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsOnly(Arrays.stream(hotspots2).map(IssueDto::getKey).toArray(String[]::new));
    assertThat(responseApplication2.getComponentsList()).extracting(Component::getKey).containsOnly(project2.getKey(), file2.getKey());
}
Also used : Arrays(java.util.Arrays) AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing) SecurityStandards(org.sonar.server.security.SecurityStandards) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Random(java.util.Random) ViewIndexer(org.sonar.server.view.index.ViewIndexer) DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner) STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED) DbIssues(org.sonar.db.protobuf.DbIssues) WebService(org.sonar.api.server.ws.WebService) Collections.singleton(java.util.Collections.singleton) IssueIndex(org.sonar.server.issue.index.IssueIndex) IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory) IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue) Map(java.util.Map) ComponentTesting(org.sonar.db.component.ComponentTesting) DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime) Collectors.toSet(java.util.stream.Collectors.toSet) DbTester(org.sonar.db.DbTester) RuleTesting(org.sonar.db.rule.RuleTesting) PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer) REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH) System2(org.sonar.api.utils.System2) Hotspots(org.sonarqube.ws.Hotspots) Collection(java.util.Collection) Set(java.util.Set) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Sets(com.google.common.collect.Sets) NotFoundException(org.sonar.server.exceptions.NotFoundException) Collectors.joining(java.util.stream.Collectors.joining) Common(org.sonarqube.ws.Common) STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW) DbClient(org.sonar.db.DbClient) List(java.util.List) ComponentDto(org.sonar.db.component.ComponentDto) Stream(java.util.stream.Stream) STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED) ForbiddenException(org.sonar.server.exceptions.ForbiddenException) ProjectDto(org.sonar.db.project.ProjectDto) MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex) STATUSES(org.sonar.api.issue.Issue.STATUSES) IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory) Mockito.mock(org.mockito.Mockito.mock) IntStream(java.util.stream.IntStream) BranchDto(org.sonar.db.component.BranchDto) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) EsTester(org.sonar.server.es.EsTester) ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto) RunWith(org.junit.runner.RunWith) DataProvider(com.tngtech.java.junit.dataprovider.DataProvider) TestSystem2(org.sonar.api.impl.utils.TestSystem2) RuleType(org.sonar.api.rules.RuleType) WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter) SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT) RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED) Nullable(javax.annotation.Nullable) ImmutableSet.of(com.google.common.collect.ImmutableSet.of) UserSessionRule(org.sonar.server.tester.UserSessionRule) BranchType(org.sonar.db.component.BranchType) RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic) USER(org.sonar.api.web.UserRole.USER) UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider) TestRequest(org.sonar.server.ws.TestRequest) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE) WsActionTester(org.sonar.server.ws.WsActionTester) DbCommons(org.sonar.db.protobuf.DbCommons) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Component(org.sonarqube.ws.Hotspots.Component) Collectors.toList(java.util.stream.Collectors.toList) Rule(org.junit.Rule) Ordering(com.google.common.collect.Ordering) Issue(org.sonar.api.issue.Issue) IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker) Tuple.tuple(org.assertj.core.groups.Tuple.tuple) Comparator(java.util.Comparator) Collections(java.util.Collections) IssueIndexer(org.sonar.server.issue.index.IssueIndexer) ComponentDto(org.sonar.db.component.ComponentDto) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Test(org.junit.Test)

Example 5 with SECURITY_HOTSPOT

use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.

the class SearchActionTest method returns_issues_when_sinceLeakPeriod_is_true_and_is_application_for_branch_other_than_main.

@Test
public void returns_issues_when_sinceLeakPeriod_is_true_and_is_application_for_branch_other_than_main() {
    long referenceDate = 800_996_999_332L;
    system2.setNow(referenceDate + 10_000);
    ProjectDto application = dbTester.components().insertPublicApplicationDto();
    BranchDto applicationBranch = dbTester.components().insertProjectBranch(application, branchDto -> branchDto.setKey("application_branch_1"));
    ProjectDto project = dbTester.components().insertPublicProjectDto();
    BranchDto projectBranch = dbTester.components().insertProjectBranch(project, branchDto -> branchDto.setKey("project_1_branch_1"));
    ProjectDto project2 = dbTester.components().insertPublicProjectDto();
    BranchDto project2Branch = dbTester.components().insertProjectBranch(project2, branchDto -> branchDto.setKey("project_2_branch_1"));
    dbTester.components().addApplicationProject(application, project);
    dbTester.components().addApplicationProject(application, project2);
    dbTester.components().addProjectBranchToApplicationBranch(applicationBranch, projectBranch, project2Branch);
    ComponentDto applicationBranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), applicationBranch.getUuid()).get();
    ComponentDto projectBranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), projectBranch.getUuid()).get();
    ComponentDto project2BranchComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), project2Branch.getUuid()).get();
    dbTester.components().insertComponent(ComponentTesting.newProjectCopy(projectBranchComponentDto, applicationBranchComponentDto));
    dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project2BranchComponentDto, applicationBranchComponentDto));
    indexViews();
    userSessionRule.registerApplication(application, project, project2);
    indexPermissions();
    ComponentDto file = dbTester.components().insertComponent(newFileDto(projectBranchComponentDto));
    dbTester.components().insertSnapshot(projectBranch, t -> t.setPeriodDate(referenceDate).setLast(true));
    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
    IssueDto afterRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setIssueCreationTime(referenceDate + 1000));
    IssueDto atRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
    IssueDto beforeRef = dbTester.issues().insertHotspot(rule, projectBranchComponentDto, file, t -> t.setIssueCreationTime(referenceDate - 1000));
    ComponentDto file2 = dbTester.components().insertComponent(newFileDto(project2BranchComponentDto));
    IssueDto project2Issue = dbTester.issues().insertHotspot(rule, project2BranchComponentDto, file2, t -> t.setIssueCreationTime(referenceDate - 1000));
    indexIssues();
    ComponentDto applicationComponentDto = dbClient.componentDao().selectByUuid(dbTester.getSession(), application.getUuid()).get();
    SearchWsResponse responseAll = newRequest(applicationComponentDto, t -> t.setParam("branch", applicationBranch.getKey())).executeProtobuf(SearchWsResponse.class);
    assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(afterRef.getKey(), atRef.getKey(), beforeRef.getKey(), project2Issue.getKey());
    SearchWsResponse responseOnLeak = newRequest(applicationComponentDto, t -> t.setParam("sinceLeakPeriod", "true").setParam("branch", applicationBranch.getKey())).executeProtobuf(SearchWsResponse.class);
    assertThat(responseOnLeak.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(afterRef.getKey());
}
Also used : ProjectDto(org.sonar.db.project.ProjectDto) Arrays(java.util.Arrays) AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing) SecurityStandards(org.sonar.server.security.SecurityStandards) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Random(java.util.Random) ViewIndexer(org.sonar.server.view.index.ViewIndexer) DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner) STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED) DbIssues(org.sonar.db.protobuf.DbIssues) WebService(org.sonar.api.server.ws.WebService) Collections.singleton(java.util.Collections.singleton) IssueIndex(org.sonar.server.issue.index.IssueIndex) IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory) IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue) Map(java.util.Map) ComponentTesting(org.sonar.db.component.ComponentTesting) DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime) Collectors.toSet(java.util.stream.Collectors.toSet) DbTester(org.sonar.db.DbTester) RuleTesting(org.sonar.db.rule.RuleTesting) PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer) REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH) System2(org.sonar.api.utils.System2) Hotspots(org.sonarqube.ws.Hotspots) Collection(java.util.Collection) Set(java.util.Set) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Sets(com.google.common.collect.Sets) NotFoundException(org.sonar.server.exceptions.NotFoundException) Collectors.joining(java.util.stream.Collectors.joining) Common(org.sonarqube.ws.Common) STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW) DbClient(org.sonar.db.DbClient) List(java.util.List) ComponentDto(org.sonar.db.component.ComponentDto) Stream(java.util.stream.Stream) STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED) ForbiddenException(org.sonar.server.exceptions.ForbiddenException) ProjectDto(org.sonar.db.project.ProjectDto) MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex) STATUSES(org.sonar.api.issue.Issue.STATUSES) IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory) Mockito.mock(org.mockito.Mockito.mock) IntStream(java.util.stream.IntStream) BranchDto(org.sonar.db.component.BranchDto) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) EsTester(org.sonar.server.es.EsTester) ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto) RunWith(org.junit.runner.RunWith) DataProvider(com.tngtech.java.junit.dataprovider.DataProvider) TestSystem2(org.sonar.api.impl.utils.TestSystem2) RuleType(org.sonar.api.rules.RuleType) WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter) SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT) RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED) Nullable(javax.annotation.Nullable) ImmutableSet.of(com.google.common.collect.ImmutableSet.of) UserSessionRule(org.sonar.server.tester.UserSessionRule) BranchType(org.sonar.db.component.BranchType) RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic) USER(org.sonar.api.web.UserRole.USER) UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider) TestRequest(org.sonar.server.ws.TestRequest) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE) WsActionTester(org.sonar.server.ws.WsActionTester) DbCommons(org.sonar.db.protobuf.DbCommons) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Component(org.sonarqube.ws.Hotspots.Component) Collectors.toList(java.util.stream.Collectors.toList) Rule(org.junit.Rule) Ordering(com.google.common.collect.Ordering) Issue(org.sonar.api.issue.Issue) IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker) Tuple.tuple(org.assertj.core.groups.Tuple.tuple) Comparator(java.util.Comparator) Collections(java.util.Collections) IssueIndexer(org.sonar.server.issue.index.IssueIndexer) BranchDto(org.sonar.db.component.BranchDto) ComponentDto(org.sonar.db.component.ComponentDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) IssueDto(org.sonar.db.issue.IssueDto) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Test(org.junit.Test)

Aggregations

Sets (com.google.common.collect.Sets)27 DataProvider (com.tngtech.java.junit.dataprovider.DataProvider)27 DataProviderRunner (com.tngtech.java.junit.dataprovider.DataProviderRunner)27 UseDataProvider (com.tngtech.java.junit.dataprovider.UseDataProvider)27 Arrays (java.util.Arrays)27 Collections (java.util.Collections)27 List (java.util.List)27 Random (java.util.Random)27 Set (java.util.Set)27 Consumer (java.util.function.Consumer)27 IntStream (java.util.stream.IntStream)27 Stream (java.util.stream.Stream)27 Nullable (javax.annotation.Nullable)27 RandomStringUtils.randomAlphabetic (org.apache.commons.lang.RandomStringUtils.randomAlphabetic)27 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)27 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)27 Rule (org.junit.Rule)27 Test (org.junit.Test)27 RunWith (org.junit.runner.RunWith)27 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)27