use of org.sonarqube.ws.Hotspots.SearchWsResponse in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspots_with_specified_cwes.
@Test
public void returns_hotspots_with_specified_cwes() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
RuleDefinitionDto rule1 = newRule(SECURITY_HOTSPOT);
RuleDefinitionDto rule2 = newRule(SECURITY_HOTSPOT, r -> r.setSecurityStandards(of("cwe:117", "cwe:190")));
RuleDefinitionDto rule3 = newRule(SECURITY_HOTSPOT, r -> r.setSecurityStandards(of("owaspTop10:a1", "cwe:601")));
insertHotspot(project, file, rule1);
IssueDto hotspot2 = insertHotspot(project, file, rule2);
insertHotspot(project, file, rule3);
indexIssues();
SearchWsResponse response = newRequest(project).setParam("cwe", "117,190").executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactly(hotspot2.getKey());
}
use of org.sonarqube.ws.Hotspots.SearchWsResponse in project sonarqube by SonarSource.
the class SearchActionTest method returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid.
@Test
public void returns_hotspots_ordered_by_vulnerabilityProbability_score_then_rule_uuid() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
List<IssueDto> hotspots = Arrays.stream(SQCategory.values()).sorted(Ordering.from(Comparator.<SQCategory>comparingInt(t1 -> t1.getVulnerability().getScore()).reversed()).thenComparing(SQCategory::getKey)).flatMap(sqCategory -> {
Set<String> cwes = SecurityStandards.CWES_BY_SQ_CATEGORY.get(sqCategory);
Set<String> securityStandards = singleton("cwe:" + (cwes == null ? "unknown" : cwes.iterator().next()));
RuleDefinitionDto rule1 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_a").setName("rule_" + sqCategory.name() + "_a").setSecurityStandards(securityStandards));
RuleDefinitionDto rule2 = newRule(SECURITY_HOTSPOT, t -> t.setUuid(sqCategory.name() + "_b").setName("rule_" + sqCategory.name() + "_b").setSecurityStandards(securityStandards));
return Stream.of(newHotspot(rule1, project, file).setKee(sqCategory + "_a"), newHotspot(rule2, project, file).setKee(sqCategory + "_b"));
}).collect(toList());
String[] expectedHotspotKeys = hotspots.stream().map(IssueDto::getKey).toArray(String[]::new);
// insert hotspots in random order
Collections.shuffle(hotspots);
hotspots.forEach(dbTester.issues()::insertHotspot);
indexIssues();
SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactly(expectedHotspotKeys);
}
use of org.sonarqube.ws.Hotspots.SearchWsResponse in project sonarqube by SonarSource.
the class SearchActionTest method returns_all_issues_when_sinceLeakPeriod_is_true_and_is_pr.
@Test
public void returns_all_issues_when_sinceLeakPeriod_is_true_and_is_pr() {
long referenceDate = 800_996_999_332L;
system2.setNow(referenceDate + 10_000);
ComponentDto project = dbTester.components().insertPublicProject();
ComponentDto pr = dbTester.components().insertProjectBranch(project, b -> b.setBranchType(BranchType.PULL_REQUEST).setKey("pr"));
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto file = dbTester.components().insertComponent(newFileDto(pr));
dbTester.components().insertSnapshot(project, t -> t.setPeriodDate(referenceDate).setLast(true));
dbTester.components().insertSnapshot(pr, t -> t.setPeriodDate(null).setLast(true));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto afterRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setIssueCreationTime(referenceDate + 1000));
IssueDto atRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setType(SECURITY_HOTSPOT).setIssueCreationTime(referenceDate));
IssueDto beforeRef = dbTester.issues().insertHotspot(rule, pr, file, t -> t.setIssueCreationTime(referenceDate - 1000));
indexIssues();
SearchWsResponse responseAll = newRequest(project).setParam("pullRequest", "pr").executeProtobuf(SearchWsResponse.class);
assertThat(responseAll.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsExactlyInAnyOrder(Stream.of(afterRef, atRef, beforeRef).map(IssueDto::getKey).toArray(String[]::new));
SearchWsResponse responseOnLeak = newRequest(project, t -> t.setParam("sinceLeakPeriod", "true").setParam("pullRequest", "pr")).executeProtobuf(SearchWsResponse.class);
assertThat(responseOnLeak.getHotspotsList()).hasSize(3);
}
use of org.sonarqube.ws.Hotspots.SearchWsResponse in project sonarqube by SonarSource.
the class SearchActionTest method returns_details_of_components.
@Test
public void returns_details_of_components() {
ComponentDto project = dbTester.components().insertPublicProject();
userSessionRule.registerComponents(project);
indexPermissions();
ComponentDto directory = dbTester.components().insertComponent(newDirectory(project, "donut/acme"));
ComponentDto directory2 = dbTester.components().insertComponent(newDirectory(project, "foo/bar"));
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
ComponentDto file2 = dbTester.components().insertComponent(newFileDto(project));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto fileHotspot = insertHotspot(project, file, rule);
IssueDto dirHotspot = insertHotspot(project, directory, rule);
IssueDto projectHotspot = insertHotspot(project, project, rule);
indexIssues();
SearchWsResponse response = newRequest(project).executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsOnly(fileHotspot.getKey(), dirHotspot.getKey(), projectHotspot.getKey());
assertThat(response.getComponentsList()).hasSize(3);
assertThat(response.getComponentsList()).extracting(Component::getKey).containsOnly(project.getKey(), directory.getKey(), file.getKey());
Map<String, Component> componentByKey = response.getComponentsList().stream().collect(uniqueIndex(Component::getKey));
Component actualProject = componentByKey.get(project.getKey());
assertThat(actualProject.getQualifier()).isEqualTo(project.qualifier());
assertThat(actualProject.getName()).isEqualTo(project.name());
assertThat(actualProject.getLongName()).isEqualTo(project.longName());
assertThat(actualProject.hasPath()).isFalse();
assertThat(actualProject.hasBranch()).isFalse();
assertThat(actualProject.hasPullRequest()).isFalse();
Component actualDirectory = componentByKey.get(directory.getKey());
assertThat(actualDirectory.getQualifier()).isEqualTo(directory.qualifier());
assertThat(actualDirectory.getName()).isEqualTo(directory.name());
assertThat(actualDirectory.getLongName()).isEqualTo(directory.longName());
assertThat(actualDirectory.getPath()).isEqualTo(directory.path());
assertThat(actualDirectory.hasBranch()).isFalse();
assertThat(actualDirectory.hasPullRequest()).isFalse();
Component actualFile = componentByKey.get(file.getKey());
assertThat(actualFile.getQualifier()).isEqualTo(file.qualifier());
assertThat(actualFile.getName()).isEqualTo(file.name());
assertThat(actualFile.getLongName()).isEqualTo(file.longName());
assertThat(actualFile.getPath()).isEqualTo(file.path());
assertThat(actualFile.hasBranch()).isFalse();
assertThat(actualFile.hasPullRequest()).isFalse();
}
use of org.sonarqube.ws.Hotspots.SearchWsResponse in project sonarqube by SonarSource.
the class SearchActionTest method returns_pullRequest_field_of_components_of_pullRequest.
@Test
public void returns_pullRequest_field_of_components_of_pullRequest() {
ComponentDto project = dbTester.components().insertPublicProject();
ComponentDto pullRequest = dbTester.components().insertProjectBranch(project, t -> t.setBranchType(BranchType.PULL_REQUEST));
userSessionRule.registerComponents(project, pullRequest);
indexPermissions();
ComponentDto directory = dbTester.components().insertComponent(newDirectory(pullRequest, "donut/acme"));
ComponentDto file = dbTester.components().insertComponent(newFileDto(pullRequest));
RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
IssueDto fileHotspot = insertHotspot(pullRequest, file, rule);
IssueDto dirHotspot = insertHotspot(pullRequest, directory, rule);
IssueDto projectHotspot = insertHotspot(pullRequest, pullRequest, rule);
indexIssues();
SearchWsResponse response = newRequest(pullRequest).executeProtobuf(SearchWsResponse.class);
assertThat(response.getHotspotsList()).extracting(SearchWsResponse.Hotspot::getKey).containsOnly(fileHotspot.getKey(), dirHotspot.getKey(), projectHotspot.getKey());
assertThat(response.getComponentsList()).extracting(Component::getKey).containsOnly(project.getKey(), directory.getKey(), file.getKey());
Map<String, Component> componentByKey = response.getComponentsList().stream().collect(uniqueIndex(Component::getKey));
Component actualProject = componentByKey.get(project.getKey());
assertThat(actualProject.hasBranch()).isFalse();
assertThat(actualProject.getPullRequest()).isEqualTo(pullRequest.getPullRequest());
Component actualDirectory = componentByKey.get(directory.getKey());
assertThat(actualDirectory.hasBranch()).isFalse();
assertThat(actualDirectory.getPullRequest()).isEqualTo(pullRequest.getPullRequest());
Component actualFile = componentByKey.get(file.getKey());
assertThat(actualFile.hasBranch()).isFalse();
assertThat(actualFile.getPullRequest()).isEqualTo(pullRequest.getPullRequest());
}
Aggregations