/*
* SonarQube
* Copyright (C) 2009-2017 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package it.qualityModel;
import com.sonar.orchestrator.Orchestrator;
import com.sonar.orchestrator.build.SonarScanner;
import it.Category2Suite;
import java.util.Map;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.sonarqube.ws.WsMeasures;
import util.ItUtils;
import static java.lang.Double.parseDouble;
import static org.assertj.core.api.Assertions.assertThat;
import static util.ItUtils.getMeasuresByMetricKey;
import static util.ItUtils.projectDir;
public class SecurityMeasureTest {
private static final String PROJECT = "com.sonarsource.it.samples:multi-modules-sample";
private static final String MODULE = "com.sonarsource.it.samples:multi-modules-sample:module_a";
private static final String SUB_MODULE = "com.sonarsource.it.samples:multi-modules-sample:module_a:module_a1";
private static final String DIRECTORY = "com.sonarsource.it.samples:multi-modules-sample:module_a:module_a1:src/main/xoo/com/sonar/it/samples/modules/a1";
private static final String FILE = "com.sonarsource.it.samples:multi-modules-sample:module_a:module_a1:src/main/xoo/com/sonar/it/samples/modules/a1/HelloA1.xoo";
private static final String VULNERABILITIES_METRIC = "vulnerabilities";
private static final String SECURITY_REMEDIATION_EFFORT_METRIC = "security_remediation_effort";
private static final String SECURITY_RATING_METRIC = "security_rating";
private static final String[] METRICS = new String[] {VULNERABILITIES_METRIC, SECURITY_REMEDIATION_EFFORT_METRIC, SECURITY_RATING_METRIC};
@ClassRule
public static Orchestrator orchestrator = Category2Suite.ORCHESTRATOR;
@Before
public void init() {
orchestrator.resetData();
orchestrator.getServer().provisionProject(PROJECT, PROJECT);
}
@Test
public void verify_security_measures_when_vulnerability_rules_activated() {
ItUtils.restoreProfile(orchestrator, getClass().getResource("/qualityModel/with-many-rules.xml"));
orchestrator.getServer().associateProjectToQualityProfile(PROJECT, "xoo", "with-many-rules");
orchestrator.executeBuild(SonarScanner.create(projectDir("shared/xoo-multi-modules-sample")));
assertMeasures(PROJECT, 4, 340, 5);
assertMeasures(MODULE, 2, 170, 5);
assertMeasures(SUB_MODULE, 1, 85, 5);
assertMeasures(DIRECTORY, 0, 0, 1);
assertMeasures(FILE, 0, 0, 1);
}
@Test
public void verify_security_measures_when_no_vulnerability_rule() {
ItUtils.restoreProfile(orchestrator, getClass().getResource("/qualityModel/without-type-vulnerability.xml"));
orchestrator.getServer().associateProjectToQualityProfile(PROJECT, "xoo", "without-type-vulnerability");
orchestrator.executeBuild(SonarScanner.create(projectDir("shared/xoo-multi-modules-sample")));
assertMeasures(PROJECT, 0, 0, 1);
}
private void assertMeasures(String componentKey, int expectedVulnerabilities, int expectedReliabilityRemediationEffort, int expectedReliabilityRating) {
Map<String, WsMeasures.Measure> measures = getMeasuresByMetricKey(orchestrator, componentKey, METRICS);
assertThat(parseDouble(measures.get(VULNERABILITIES_METRIC).getValue())).isEqualTo(expectedVulnerabilities);
assertThat(parseDouble(measures.get(SECURITY_REMEDIATION_EFFORT_METRIC).getValue())).isEqualTo(expectedReliabilityRemediationEffort);
assertThat(parseDouble(measures.get(SECURITY_RATING_METRIC).getValue())).isEqualTo(expectedReliabilityRating);
}
}