Search in sources :

Example 1 with CWES_BY_CWE_TOP_25

use of org.sonar.server.security.SecurityStandards.CWES_BY_CWE_TOP_25 in project sonarqube by SonarSource.

the class IssueIndex method getCweTop25Reports.

public List<SecurityStandardCategoryStatistics> getCweTop25Reports(String projectUuid, boolean isViewOrApp) {
    SearchSourceBuilder request = prepareNonClosedVulnerabilitiesAndHotspotSearch(projectUuid, isViewOrApp);
    CWES_BY_CWE_TOP_25.keySet().forEach(cweYear -> request.aggregation(newSecurityReportSubAggregations(AggregationBuilders.filter(cweYear, boolQuery().filter(existsQuery(FIELD_ISSUE_CWE))), true, CWES_BY_CWE_TOP_25.get(cweYear))));
    List<SecurityStandardCategoryStatistics> result = processSecurityReportSearchResults(request, true);
    for (SecurityStandardCategoryStatistics cweReport : result) {
        Set<String> foundRules = cweReport.getChildren().stream().map(SecurityStandardCategoryStatistics::getCategory).collect(Collectors.toSet());
        CWES_BY_CWE_TOP_25.get(cweReport.getCategory()).stream().filter(rule -> !foundRules.contains(rule)).forEach(rule -> cweReport.getChildren().add(emptyCweStatistics(rule)));
    }
    return result;
}
Also used : Arrays(java.util.Arrays) StringUtils(org.apache.commons.lang.StringUtils) CWE(org.sonar.server.issue.index.IssueIndex.Facet.CWE) SumAggregationBuilder(org.elasticsearch.search.aggregations.metrics.SumAggregationBuilder) PARAM_ASSIGNEES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_ASSIGNEES) AUTHOR(org.sonar.server.issue.index.IssueIndex.Facet.AUTHOR) EsClient(org.sonar.server.es.EsClient) Collections.singletonList(java.util.Collections.singletonList) FIELD_ISSUE_KEY(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_KEY) SimpleFieldFilterScope(org.sonar.server.es.searchrequest.TopAggregationDefinition.SimpleFieldFilterScope) SimpleFieldTopAggregationDefinition(org.sonar.server.es.searchrequest.SimpleFieldTopAggregationDefinition) LANGUAGES(org.sonar.server.issue.index.IssueIndex.Facet.LANGUAGES) PARAM_FILES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_FILES) Map(java.util.Map) FIELD_ISSUE_FUNC_CREATED_AT(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_FUNC_CREATED_AT) FIELD_ISSUE_TAGS(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_TAGS) FIELD_ISSUE_RULE_UUID(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_RULE_UUID) ParsedFilter(org.elasticsearch.search.aggregations.bucket.filter.ParsedFilter) BucketOrder(org.elasticsearch.search.aggregations.BucketOrder) SEVERITIES(org.sonar.server.issue.index.IssueIndex.Facet.SEVERITIES) FIELD_ISSUE_SCOPE(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_SCOPE) PARAM_SCOPES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_SCOPES) PARAM_STATUSES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_STATUSES) SANS_TOP_25(org.sonar.server.issue.index.IssueIndex.Facet.SANS_TOP_25) FIELD_ISSUE_CWE(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_CWE) TYPE_ISSUE(org.sonar.server.issue.index.IssueIndexDefinition.TYPE_ISSUE) QueryBuilders.boolQuery(org.elasticsearch.index.query.QueryBuilders.boolQuery) PARAM_TYPES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_TYPES) Set(java.util.Set) FieldSortBuilder(org.elasticsearch.search.sort.FieldSortBuilder) FIELD_ISSUE_IS_MAIN_BRANCH(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_IS_MAIN_BRANCH) FIELD_ISSUE_STATUS(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_STATUS) ParsedMax(org.elasticsearch.search.aggregations.metrics.ParsedMax) Stream(java.util.stream.Stream) CREATED_AT(org.sonar.server.issue.index.IssueIndex.Facet.CREATED_AT) Min(org.elasticsearch.search.aggregations.metrics.Min) FILES(org.sonar.server.issue.index.IssueIndex.Facet.FILES) SecurityReviewRating.computePercent(org.sonar.server.security.SecurityReviewRating.computePercent) ViewIndexDefinition(org.sonar.server.view.index.ViewIndexDefinition) FIELD_ISSUE_ASSIGNEE_UUID(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_ASSIGNEE_UUID) FIELD_ISSUE_LINE(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_LINE) PROJECT_UUIDS(org.sonar.server.issue.index.IssueIndex.Facet.PROJECT_UUIDS) TYPE_VIEW(org.sonar.server.view.index.ViewIndexDefinition.TYPE_VIEW) AuthorizationDoc(org.sonar.server.permission.index.AuthorizationDoc) Duration(org.joda.time.Duration) FIELD_ISSUE_BRANCH_UUID(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_BRANCH_UUID) FIELD_ISSUE_TYPE(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_TYPE) QueryBuilders.rangeQuery(org.elasticsearch.index.query.QueryBuilders.rangeQuery) RULES(org.sonar.server.issue.index.IssueIndex.Facet.RULES) SearchRequest(org.elasticsearch.action.search.SearchRequest) STATUSES(org.sonar.server.issue.index.IssueIndex.Facet.STATUSES) ArrayList(java.util.ArrayList) RuleType(org.sonar.api.rules.RuleType) FIELD_ISSUE_VULNERABILITY_PROBABILITY(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_VULNERABILITY_PROBABILITY) PARAM_CREATED_AT(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_CREATED_AT) OptionalLong(java.util.OptionalLong) FIELD_ISSUE_RESOLUTION(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_RESOLUTION) FIELD_ISSUE_SEVERITY_VALUE(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_SEVERITY_VALUE) Severity(org.sonar.api.rule.Severity) DateUtils(org.sonar.api.utils.DateUtils) WebAuthorizationTypeSupport(org.sonar.server.permission.index.WebAuthorizationTypeSupport) SearchSourceBuilder(org.elasticsearch.search.builder.SearchSourceBuilder) STICKY(org.sonar.server.es.searchrequest.TopAggregationDefinition.STICKY) FIELD_INDEX_TYPE(org.sonar.server.es.IndexType.FIELD_INDEX_TYPE) TermsAggregationBuilder(org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder) Nullable(javax.annotation.Nullable) FIELD_ISSUE_NEW_CODE_REFERENCE(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_NEW_CODE_REFERENCE) PARAM_DIRECTORIES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_DIRECTORIES) PARAM_RESOLUTIONS(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_RESOLUTIONS) QueryBuilder(org.elasticsearch.index.query.QueryBuilder) PARAM_SEVERITIES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_SEVERITIES) QueryBuilders.matchAllQuery(org.elasticsearch.index.query.QueryBuilders.matchAllQuery) RequestFiltersComputer(org.sonar.server.es.searchrequest.RequestFiltersComputer) NON_STICKY(org.sonar.server.es.searchrequest.TopAggregationDefinition.NON_STICKY) NO_OTHER_SUBAGGREGATION(org.sonar.server.es.searchrequest.TopAggregationHelper.NO_OTHER_SUBAGGREGATION) PARAM_LANGUAGES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_LANGUAGES) ASSIGNED_TO_ME(org.sonar.server.issue.index.IssueIndex.Facet.ASSIGNED_TO_ME) FIELD_ISSUE_OWASP_TOP_10(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_OWASP_TOP_10) HasAggregations(org.elasticsearch.search.aggregations.HasAggregations) SANS_TOP_25_RISKY_RESOURCE(org.sonar.server.security.SecurityStandards.SANS_TOP_25_RISKY_RESOURCE) QueryBuilders.termQuery(org.elasticsearch.index.query.QueryBuilders.termQuery) PARAM_OWASP_TOP_10(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_OWASP_TOP_10) FIELD_ISSUE_FILE_PATH(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_FILE_PATH) Preconditions(com.google.common.base.Preconditions) FIELD_ISSUE_FUNC_CLOSED_AT(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_FUNC_CLOSED_AT) SecurityStandards(org.sonar.server.security.SecurityStandards) Date(java.util.Date) MODULE_UUIDS(org.sonar.server.issue.index.IssueIndex.Facet.MODULE_UUIDS) LongBounds(org.elasticsearch.search.aggregations.bucket.histogram.LongBounds) QueryBuilders(org.elasticsearch.index.query.QueryBuilders) OWASP_TOP_10(org.sonar.server.issue.index.IssueIndex.Facet.OWASP_TOP_10) ParsedStringTerms(org.elasticsearch.search.aggregations.bucket.terms.ParsedStringTerms) BaseDoc(org.sonar.server.es.BaseDoc) FIELD_ISSUE_PROJECT_UUID(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_PROJECT_UUID) PARAM_SONARSOURCE_SECURITY(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_SONARSOURCE_SECURITY) SONARSOURCE_SECURITY(org.sonar.server.issue.index.IssueIndex.Facet.SONARSOURCE_SECURITY) FIELD_ISSUE_DIRECTORY_PATH(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_DIRECTORY_PATH) PARAM_AUTHOR(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_AUTHOR) SearchResponse(org.elasticsearch.action.search.SearchResponse) FIELD_ISSUE_AUTHOR_LOGIN(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_AUTHOR_LOGIN) TAGS(org.sonar.server.issue.index.IssueIndex.Facet.TAGS) DateHistogramInterval(org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramInterval) SubAggregationHelper(org.sonar.server.es.searchrequest.SubAggregationHelper) FIELD_ISSUE_EFFORT(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_EFFORT) System2(org.sonar.api.utils.System2) Terms(org.elasticsearch.search.aggregations.bucket.terms.Terms) VULNERABILITY(org.sonar.api.rules.RuleType.VULNERABILITY) Collection(java.util.Collection) DIRECTORIES(org.sonar.server.issue.index.IssueIndex.Facet.DIRECTORIES) RESOLUTIONS(org.sonar.server.issue.index.IssueIndex.Facet.RESOLUTIONS) PARAM_SANS_TOP_25(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_SANS_TOP_25) TopAggregationDefinition(org.sonar.server.es.searchrequest.TopAggregationDefinition) FilterAggregationBuilder(org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder) Collectors(java.util.stream.Collectors) String.format(java.lang.String.format) Preconditions.checkState(com.google.common.base.Preconditions.checkState) Objects(java.util.Objects) TopAggregationHelper(org.sonar.server.es.searchrequest.TopAggregationHelper) BaseDoc.epochMillisToEpochSeconds(org.sonar.server.es.BaseDoc.epochMillisToEpochSeconds) ASSIGNEES(org.sonar.server.issue.index.IssueIndex.Facet.ASSIGNEES) List(java.util.List) SearchOptions(org.sonar.server.es.SearchOptions) SecurityReviewRating.computeRating(org.sonar.server.security.SecurityReviewRating.computeRating) MultiBucketsAggregation(org.elasticsearch.search.aggregations.bucket.MultiBucketsAggregation) AllFilters(org.sonar.server.es.searchrequest.RequestFiltersComputer.AllFilters) SCOPES(org.sonar.server.issue.index.IssueIndex.Facet.SCOPES) MoreCollectors.uniqueIndex(org.sonar.core.util.stream.MoreCollectors.uniqueIndex) Optional(java.util.Optional) BoolQueryBuilder(org.elasticsearch.index.query.BoolQueryBuilder) SQCategory(org.sonar.server.security.SecurityStandards.SQCategory) IntStream(java.util.stream.IntStream) IncludeExclude(org.elasticsearch.search.aggregations.bucket.terms.IncludeExclude) FACET_MODE_EFFORT(org.sonarqube.ws.client.issue.IssuesWsParameters.FACET_MODE_EFFORT) AggregationBuilder(org.elasticsearch.search.aggregations.AggregationBuilder) CWES_BY_CWE_TOP_25(org.sonar.server.security.SecurityStandards.CWES_BY_CWE_TOP_25) PARAM_RULES(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_RULES) EsUtils.escapeSpecialRegexChars(org.sonar.server.es.EsUtils.escapeSpecialRegexChars) Sorting(org.sonar.server.es.Sorting) FIELD_ISSUE_MODULE_UUID(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_MODULE_UUID) SANS_TOP_25_POROUS_DEFENSES(org.sonar.server.security.SecurityStandards.SANS_TOP_25_POROUS_DEFENSES) FIELD_ISSUE_MODULE_PATH(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_MODULE_PATH) OptionalInt(java.util.OptionalInt) EsUtils(org.sonar.server.es.EsUtils) FIELD_ISSUE_SEVERITY(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_SEVERITY) SECURITY_HOTSPOT(org.sonar.api.rules.RuleType.SECURITY_HOTSPOT) PARAM_TAGS(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_TAGS) FIELD_ISSUE_LANGUAGE(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_LANGUAGE) SANS_TOP_25_INSECURE_INTERACTION(org.sonar.server.security.SecurityStandards.SANS_TOP_25_INSECURE_INTERACTION) MoreCollectors(org.sonar.core.util.stream.MoreCollectors) FIELD_ISSUE_SANS_TOP_25(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_SANS_TOP_25) QueryBuilders.termsQuery(org.elasticsearch.index.query.QueryBuilders.termsQuery) TYPES(org.sonar.server.issue.index.IssueIndex.Facet.TYPES) PARAM_CWE(org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_CWE) FIELD_ISSUE_FUNC_UPDATED_AT(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_FUNC_UPDATED_AT) FIELD_ISSUE_SQ_SECURITY_CATEGORY(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_SQ_SECURITY_CATEGORY) FIELD_ISSUE_COMPONENT_UUID(org.sonar.server.issue.index.IssueIndexDefinition.FIELD_ISSUE_COMPONENT_UUID) TermsLookup(org.elasticsearch.indices.TermsLookup) AggregationBuilders(org.elasticsearch.search.aggregations.AggregationBuilders) PeriodStart(org.sonar.server.issue.index.IssueQuery.PeriodStart) ParsedValueCount(org.elasticsearch.search.aggregations.metrics.ParsedValueCount) Consumer(java.util.function.Consumer) Collectors.toList(java.util.stream.Collectors.toList) Issue(org.sonar.api.issue.Issue) NO_EXTRA_FILTER(org.sonar.server.es.searchrequest.TopAggregationHelper.NO_EXTRA_FILTER) UserSession(org.sonar.server.user.UserSession) Collections(java.util.Collections) CheckForNull(javax.annotation.CheckForNull) IndexType(org.sonar.server.es.IndexType) QueryBuilders.existsQuery(org.elasticsearch.index.query.QueryBuilders.existsQuery) SearchSourceBuilder(org.elasticsearch.search.builder.SearchSourceBuilder)

Aggregations

Preconditions (com.google.common.base.Preconditions)1 Preconditions.checkState (com.google.common.base.Preconditions.checkState)1 String.format (java.lang.String.format)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 Collections.singletonList (java.util.Collections.singletonList)1 Date (java.util.Date)1 List (java.util.List)1 Map (java.util.Map)1 Objects (java.util.Objects)1 Optional (java.util.Optional)1 OptionalInt (java.util.OptionalInt)1 OptionalLong (java.util.OptionalLong)1 Set (java.util.Set)1 Consumer (java.util.function.Consumer)1 Collectors (java.util.stream.Collectors)1 Collectors.toList (java.util.stream.Collectors.toList)1 IntStream (java.util.stream.IntStream)1