Examples with SecurityStandards org.sonar.server.security.SecurityStandards used on opensource projects

Search in sources :

Example 1 with SecurityStandards

use of org.sonar.server.security.SecurityStandards in project sonarqube by SonarSource.

the class RuleIndexerTest method log_debug_if_hotspot_rule_maps_to_multiple_SQCategories.

@Test
@UseDataProvider("twoDifferentCategoriesButOTHERS")
public void log_debug_if_hotspot_rule_maps_to_multiple_SQCategories(SQCategory sqCategory1, SQCategory sqCategory2) {
    Set<String> standards = Stream.of(sqCategory1, sqCategory2).flatMap(t -> CWES_BY_SQ_CATEGORY.get(t).stream().map(e -> "cwe:" + e)).collect(toSet());
    SecurityStandards securityStandards = SecurityStandards.fromSecurityStandards(standards);
    RuleDefinitionDto rule = dbTester.rules().insert(RuleTesting.newRule().setType(RuleType.SECURITY_HOTSPOT).setSecurityStandards(standards).setDescription(VALID_HOTSPOT_RULE_DESCRIPTION));
    underTest.commitAndIndex(dbTester.getSession(), rule.getUuid());
    assertThat(logTester.getLogs()).hasSize(1);
    assertThat(logTester.logs(LoggerLevel.DEBUG).get(0)).isEqualTo(format("Rule %s with CWEs '%s' maps to multiple SQ Security Categories: %s", rule.getKey(), String.join(", ", securityStandards.getCwe()), ImmutableSet.of(sqCategory1, sqCategory2).stream().map(SQCategory::getKey).sorted(SQ_CATEGORY_KEYS_ORDERING).collect(joining(", "))));
}
Also used : IntStream(java.util.stream.IntStream) SecurityStandards(org.sonar.server.security.SecurityStandards) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) EsTester(org.sonar.server.es.EsTester) RuleStatus(org.sonar.api.rule.RuleStatus) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) RunWith(org.junit.runner.RunWith) TYPE_RULE(org.sonar.server.rule.index.RuleIndexDefinition.TYPE_RULE) Random(java.util.Random) CWES_BY_SQ_CATEGORY(org.sonar.server.security.SecurityStandards.CWES_BY_SQ_CATEGORY) DataProvider(com.tngtech.java.junit.dataprovider.DataProvider) DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner) DbSession(org.sonar.db.DbSession) RuleType(org.sonar.api.rules.RuleType) Severity(org.sonar.api.rule.Severity) SQ_CATEGORY_KEYS_ORDERING(org.sonar.server.security.SecurityStandards.SQ_CATEGORY_KEYS_ORDERING) Sets.newHashSet(com.google.common.collect.Sets.newHashSet) Scope(org.sonar.db.rule.RuleDto.Scope) EnumSet(java.util.EnumSet) Nullable(javax.annotation.Nullable) Collectors.toSet(java.util.stream.Collectors.toSet) DbTester(org.sonar.db.DbTester) RuleTesting(org.sonar.db.rule.RuleTesting) ImmutableSet(com.google.common.collect.ImmutableSet) RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic) Collections.emptyList(java.util.Collections.emptyList) UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider) Set(java.util.Set) Test(org.junit.Test) String.format(java.lang.String.format) Collectors.joining(java.util.stream.Collectors.joining) DbClient(org.sonar.db.DbClient) Stream(java.util.stream.Stream) Rule(org.junit.Rule) LogTester(org.sonar.api.utils.log.LogTester) RuleDto(org.sonar.db.rule.RuleDto) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) LoggerLevel(org.sonar.api.utils.log.LoggerLevel) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) SecurityStandards(org.sonar.server.security.SecurityStandards) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) Test(org.junit.Test) UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider)

Example 2 with SecurityStandards

use of org.sonar.server.security.SecurityStandards in project sonarqube by SonarSource.

the class SearchActionTest method returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid.

@Test
public void returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid() {
    ComponentDto project = dbTester.components().insertPublicProject();
    userSessionRule.registerComponents(project);
    indexPermissions();
    ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
    List<IssueDto> hotspots = Arrays.stream(SQCategory.values()).sorted(Ordering.from(Comparator.<SQCategory>comparingInt(t1 -> t1.getVulnerability().getScore()).reversed()).thenComparing(SQCategory::getKey)).flatMap(sqCategory -> {
        Set<String> cwes = SecurityStandards.CWES_BY_SQ_CATEGORY.get(sqCategory);
        Set<String> securityStandards = singleton("cwe:" + (cwes == null ? "unknown" : cwes.iterator().next()));
        RuleDefinitionDto rule1 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_a").setName("rule_" + sqCategory.name() + "_a").setSecurityStandards(securityStandards));
        RuleDefinitionDto rule2 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_b").setName("rule_" + sqCategory.name() + "_b").setSecurityStandards(securityStandards));
        return Stream.of(newHotspot(rule1, project, file).setKee(sqCategory + "_a"), newHotspot(rule2, project, file).setKee(sqCategory + "_b"));
    }).collect(toList());
    String[] expectedHotspotKeys = hotspots.stream().map(IssueDto::getKey).toArray(String[]::new);
    // insert hotspots in random order
    Collections.shuffle(hotspots);
    hotspots.forEach(dbTester.issues()::insertHotspot);
    indexIssues();
    SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
    assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactly(expectedHotspotKeys);
}
Also used : Arrays(java.util.Arrays) AsyncIssueIndexing(org.sonar.server.issue.index.AsyncIssueIndexing) SecurityStandards(org.sonar.server.security.SecurityStandards) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Random(java.util.Random) ViewIndexer(org.sonar.server.view.index.ViewIndexer) DataProviderRunner(com.tngtech.java.junit.dataprovider.DataProviderRunner) STATUS_CLOSED(org.sonar.api.issue.Issue.STATUS_CLOSED) DbIssues(org.sonar.db.protobuf.DbIssues) WebService(org.sonar.api.server.ws.WebService) Collections.singleton(java.util.Collections.singleton) IssueIndex(org.sonar.server.issue.index.IssueIndex) IssueIteratorFactory(org.sonar.server.issue.index.IssueIteratorFactory) IssueTesting.newIssue(org.sonar.db.issue.IssueTesting.newIssue) Map(java.util.Map) ComponentTesting(org.sonar.db.component.ComponentTesting) DateUtils.formatDateTime(org.sonar.api.utils.DateUtils.formatDateTime) Collectors.toSet(java.util.stream.Collectors.toSet) DbTester(org.sonar.db.DbTester) RuleTesting(org.sonar.db.rule.RuleTesting) PermissionIndexer(org.sonar.server.permission.index.PermissionIndexer) REFERENCE_BRANCH(org.sonar.db.newcodeperiod.NewCodePeriodType.REFERENCE_BRANCH) System2(org.sonar.api.utils.System2) Hotspots(org.sonarqube.ws.Hotspots) Collection(java.util.Collection) Set(java.util.Set) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) Sets(com.google.common.collect.Sets) NotFoundException(org.sonar.server.exceptions.NotFoundException) Collectors.joining(java.util.stream.Collectors.joining) Common(org.sonarqube.ws.Common) STATUS_TO_REVIEW(org.sonar.api.issue.Issue.STATUS_TO_REVIEW) DbClient(org.sonar.db.DbClient) List(java.util.List) ComponentDto(org.sonar.db.component.ComponentDto) Stream(java.util.stream.Stream) STATUS_REVIEWED(org.sonar.api.issue.Issue.STATUS_REVIEWED) ForbiddenException(org.sonar.server.exceptions.ForbiddenException) ProjectDto(org.sonar.db.project.ProjectDto) MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex) STATUSES(org.sonar.api.issue.Issue.STATUSES) IssueTesting.newCodeReferenceIssue(org.sonar.db.issue.IssueTesting.newCodeReferenceIssue) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) ComponentTesting.newDirectory(org.sonar.db.component.ComponentTesting.newDirectory) Mockito.mock(org.mockito.Mockito.mock) IntStream(java.util.stream.IntStream) BranchDto(org.sonar.db.component.BranchDto) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) EsTester(org.sonar.server.es.EsTester) ComponentTesting.newFileDto(org.sonar.db.component.ComponentTesting.newFileDto) RunWith(org.junit.runner.RunWith) DataProvider(com.tngtech.java.junit.dataprovider.DataProvider) TestSystem2(org.sonar.api.impl.utils.TestSystem2) RuleType(org.sonar.api.rules.RuleType) WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) TextRangeResponseFormatter(org.sonar.server.issue.TextRangeResponseFormatter) SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT) RESOLUTION_FIXED(org.sonar.api.issue.Issue.RESOLUTION_FIXED) Nullable(javax.annotation.Nullable) ImmutableSet.of(com.google.common.collect.ImmutableSet.of) UserSessionRule(org.sonar.server.tester.UserSessionRule) BranchType(org.sonar.db.component.BranchType) RandomStringUtils.randomAlphabetic(org.apache.commons.lang.RandomStringUtils.randomAlphabetic) USER(org.sonar.api.web.UserRole.USER) UseDataProvider(com.tngtech.java.junit.dataprovider.UseDataProvider) TestRequest(org.sonar.server.ws.TestRequest) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) RESOLUTION_SAFE(org.sonar.api.issue.Issue.RESOLUTION_SAFE) WsActionTester(org.sonar.server.ws.WsActionTester) DbCommons(org.sonar.db.protobuf.DbCommons) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Component(org.sonarqube.ws.Hotspots.Component) Collectors.toList(java.util.stream.Collectors.toList) Rule(org.junit.Rule) Ordering(com.google.common.collect.Ordering) Issue(org.sonar.api.issue.Issue) IssueIndexSyncProgressChecker(org.sonar.server.issue.index.IssueIndexSyncProgressChecker) Tuple.tuple(org.assertj.core.groups.Tuple.tuple) Comparator(java.util.Comparator) Collections(java.util.Collections) IssueIndexer(org.sonar.server.issue.index.IssueIndexer) Collectors.toSet(java.util.stream.Collectors.toSet) Set(java.util.Set) ComponentDto(org.sonar.db.component.ComponentDto) IssueDto(org.sonar.db.issue.IssueDto) RuleDefinitionDto(org.sonar.db.rule.RuleDefinitionDto) SearchWsResponse(org.sonarqube.ws.Hotspots.SearchWsResponse) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) Test(org.junit.Test)

Example 3 with SecurityStandards

use of org.sonar.server.security.SecurityStandards in project sonarqube by SonarSource.

the class ShowAction method formatRule.

private static void formatRule(ShowWsResponse.Builder responseBuilder, RuleDefinitionDto ruleDefinitionDto) {
    SecurityStandards securityStandards = SecurityStandards.fromSecurityStandards(ruleDefinitionDto.getSecurityStandards());
    SecurityStandards.SQCategory sqCategory = securityStandards.getSqCategory();
    Hotspots.Rule.Builder ruleBuilder = Hotspots.Rule.newBuilder().setKey(ruleDefinitionDto.getKey().toString()).setName(nullToEmpty(ruleDefinitionDto.getName())).setSecurityCategory(sqCategory.getKey()).setVulnerabilityProbability(sqCategory.getVulnerability().name());
    HotspotRuleDescription hotspotRuleDescription = HotspotRuleDescription.from(ruleDefinitionDto);
    hotspotRuleDescription.getVulnerable().ifPresent(ruleBuilder::setVulnerabilityDescription);
    hotspotRuleDescription.getRisk().ifPresent(ruleBuilder::setRiskDescription);
    hotspotRuleDescription.getFixIt().ifPresent(ruleBuilder::setFixRecommendations);
    responseBuilder.setRule(ruleBuilder.build());
}
Also used : HotspotRuleDescription(org.sonar.server.rule.HotspotRuleDescription) SecurityStandards(org.sonar.server.security.SecurityStandards)

Aggregations

SecurityStandards (org.sonar.server.security.SecurityStandards)3 DataProvider (com.tngtech.java.junit.dataprovider.DataProvider)2 DataProviderRunner (com.tngtech.java.junit.dataprovider.DataProviderRunner)2 UseDataProvider (com.tngtech.java.junit.dataprovider.UseDataProvider)2 Random (java.util.Random)2 Set (java.util.Set)2 Collectors.joining (java.util.stream.Collectors.joining)2 Collectors.toSet (java.util.stream.Collectors.toSet)2 IntStream (java.util.stream.IntStream)2 Stream (java.util.stream.Stream)2 Nullable (javax.annotation.Nullable)2 RandomStringUtils.randomAlphabetic (org.apache.commons.lang.RandomStringUtils.randomAlphabetic)2 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2 Rule (org.junit.Rule)2 Test (org.junit.Test)2 RunWith (org.junit.runner.RunWith)2 RuleType (org.sonar.api.rules.RuleType)2 DbClient (org.sonar.db.DbClient)2 DbTester (org.sonar.db.DbTester)2 RuleDefinitionDto (org.sonar.db.rule.RuleDefinitionDto)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial