use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_issues_when_sinceLeakPeriod_is_true_and_is_application_for_main_branch.
@Test
public void returns_issues_when_sinceLeakPeriod_is_true_and_is_application_for_main_branch() {
long referenceDate = 800_996_999_332L;
system2.setNow(referenceDate + 10_000);
ComponentDto application = dbTester.components().insertPublicApplication();
ComponentDto project = dbTester.components().insertPublicProject();
ComponentDto project2 = dbTester.components().insertPublicProject();
dbTester.components().addApplicationProject(application, project);
dbTester.components().addApplicationProject(application, project2);
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project, application));
dbTester.components().insertComponent(ComponentTesting.newProjectCopy(project2, application));
indexViews();
userSessionRule.registerApplication(application, project, project2);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
dbTester.components().insertSnapshot(project, t -> t.setPeriodDate(referenceDate).setLast(true));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto afterRef = dbTester.issues().insertHotspot(rule, project, file, t -> t.setIssueCreationTime(referenceDate + 1000));
IssueDto atRef = dbTester.issues().insertHotspot(rule, project, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
IssueDto beforeRef = dbTester.issues().insertHotspot(rule, project, file, t -> t.setIssueCreationTime(referenceDate - 1000));
ComponentDto file2 = dbTester.components().insertComponent(newFileDto(project2));
IssueDto project2Issue = dbTester.issues().insertHotspot(rule, project2, file2, t -> t.setIssueCreationTime(referenceDate - 1000));
indexIssues();
SearchWsResponse responseAll = newRequest(application).executeProtobuf(SearchWsResponse.class);
assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(afterRef.getKey(), atRef.getKey(), beforeRef.getKey(), project2Issue.getKey());
SearchWsResponse responseOnLeak = newRequest(application, t -> t.setParam("sinceLeakPeriod", "true")).executeProtobuf(SearchWsResponse.class);
assertThat(responseOnLeak.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(afterRef.getKey());
}
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_nothing_when_sinceLeakPeriod_is_true_and_no_period_exists.
@Test
public void returns_nothing_when_sinceLeakPeriod_is_true_and_no_period_exists() {
long referenceDate = 800_996_999_332L;
system2.setNow(referenceDate + 10_000);
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
dbTester.components().insertSnapshot(project, t -> t.setPeriodDate(referenceDate).setLast(false));
dbTester.components().insertSnapshot(project, t -> t.setPeriodDate(null).setLast(true));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto afterRef = dbTester.issues().insertHotspot(rule, project, file, t -> t.setIssueCreationTime(referenceDate + 1000));
IssueDto atRef = dbTester.issues().insertHotspot(rule, project, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
IssueDto beforeRef = dbTester.issues().insertHotspot(rule, project, file, t -> t.setIssueCreationTime(referenceDate - 1000));
indexIssues();
SearchWsResponse responseAll = newRequest(project).executeProtobuf(SearchWsResponse.class);
assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Stream.of(afterRef, atRef, beforeRef).map(IssueDto::getKey).toArray(String[]::new));
SearchWsResponse responseOnLeak = newRequest(project, t -> t.setParam("sinceLeakPeriod", "true")).executeProtobuf(SearchWsResponse.class);
assertThat(responseOnLeak.getHotspotsList()).isEmpty();
}
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspot_of_branch_or_pullRequest.
@Test
public void returns_hotspot_of_branch_or_pullRequest() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto branch = dbTester.components().insertProjectBranch(project);
ComponentDto pullRequest = dbTester.components().insertProjectBranch(project, t -> t.setBranchType(BranchType.PULL_REQUEST));
ComponentDto fileProject = dbTester.components().insertComponent(newFileDto(project));
ComponentDto fileBranch = dbTester.components().insertComponent(newFileDto(branch));
ComponentDto filePR = dbTester.components().insertComponent(newFileDto(pullRequest));
IssueDto[] hotspotProject = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
return insertHotspot(project, fileProject, rule);
}).toArray(IssueDto[]::new);
IssueDto[] hotspotBranch = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
return insertHotspot(branch, fileBranch, rule);
}).toArray(IssueDto[]::new);
IssueDto[] hotspotPR = IntStream.range(0, 1 + RANDOM.nextInt(10)).mapToObj(i -> {
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
return insertHotspot(pullRequest, filePR, rule);
}).toArray(IssueDto[]::new);
indexIssues();
SearchWsResponse responseProject = newRequest(project).executeProtobuf(SearchWsResponse.class);
SearchWsResponse responseBranch = newRequest(branch).executeProtobuf(SearchWsResponse.class);
SearchWsResponse responsePR = newRequest(pullRequest).executeProtobuf(SearchWsResponse.class);
assertThat(responseProject.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Arrays.stream(hotspotProject).map(IssueDto::getKey).toArray(String[]::new));
assertThat(responseBranch.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Arrays.stream(hotspotBranch).map(IssueDto::getKey).toArray(String[]::new));
assertThat(responsePR.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Arrays.stream(hotspotPR).map(IssueDto::getKey).toArray(String[]::new));
verify(issueIndexSyncProgressChecker, times(3)).checkIfComponentNeedIssueSync(any(), eq(project.getDbKey()));
}
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method verify_response_example.
@Test
public void verify_response_example() {
ComponentDto project = dbTester.components().insertPublicProject(componentDto -> componentDto.setName("test-project").setLongName("test-project").setDbKey("com.sonarsource:test-project"));
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto fileWithHotspot = dbTester.components().insertComponent(newFileDto(project).setDbKey("com.sonarsource:test-project:src/main/java/com/sonarsource/FourthClass.java").setName("FourthClass.java").setLongName("src/main/java/com/sonarsource/FourthClass.java").setPath("src/main/java/com/sonarsource/FourthClass.java"));
long time = 1577976190000L;
IssueDto[] hotspots = IntStream.range(0, 3).mapToObj(i -> {
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT).setSecurityStandards(Sets.newHashSet(SQCategory.WEAK_CRYPTOGRAPHY.getKey()));
return insertHotspot(rule, project, fileWithHotspot, issueDto -> issueDto.setKee("hotspot-" + i).setAssigneeUuid("assignee-uuid").setAuthorLogin("joe").setMessage("message-" + i).setLine(10 + i).setIssueCreationTime(time).setIssueUpdateTime(time));
}).toArray(IssueDto[]::new);
indexIssues();
assertThat(actionTester.getDef().responseExampleAsString()).isNotNull();
newRequest(project).execute().assertJson(actionTester.getDef().responseExampleAsString());
}
use of org.sonar.api.rules.RuleType.SECURITY_HOTSPOT in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspots_on_the_leak_period_when_sinceLeakPeriod_is_true_and_branch_uses_reference_branch.
@Test
public void returns_hotspots_on_the_leak_period_when_sinceLeakPeriod_is_true_and_branch_uses_reference_branch() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
dbTester.components().insertSnapshot(project, t -> t.setPeriodMode(REFERENCE_BRANCH.name()).setPeriodParam("master"));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
List<IssueDto> hotspotsInLeakPeriod = IntStream.range(0, 1 + RANDOM.nextInt(20)).mapToObj(i -> dbTester.issues().insertHotspot(rule, project, file, t -> t.setLine(i))).collect(toList());
hotspotsInLeakPeriod.stream().forEach(i -> dbTester.issues().insertNewCodeReferenceIssue(newCodeReferenceIssue(i)));
List<IssueDto> hotspotsNotInLeakPeriod = IntStream.range(0, 1 + RANDOM.nextInt(20)).mapToObj(i -> dbTester.issues().insertHotspot(rule, project, file, t -> t.setLine(i))).collect(toList());
indexIssues();
SearchWsResponse responseAll = newRequest(project).executeProtobuf(SearchWsResponse.class);
assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Stream.of(hotspotsInLeakPeriod.stream(), hotspotsNotInLeakPeriod.stream()).flatMap(t -> t).map(IssueDto::getKey).toArray(String[]::new));
SearchWsResponse responseOnLeak = newRequest(project, t -> t.setParam("sinceLeakPeriod", "true")).executeProtobuf(SearchWsResponse.class);
assertThat(responseOnLeak.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(hotspotsInLeakPeriod.stream().map(IssueDto::getKey).toArray(String[]::new));
}
Aggregations