-
Notifications
You must be signed in to change notification settings - Fork 176
/
HtmlSecurityTest.java
103 lines (91 loc) · 3.64 KB
/
HtmlSecurityTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
/*
* SonarQube JavaScript Plugin
* Copyright (C) 2012-2024 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package com.sonar.javascript.it.plugin;
import static com.sonar.javascript.it.plugin.OrchestratorStarter.JAVASCRIPT_PLUGIN_LOCATION;
import static com.sonar.javascript.it.plugin.OrchestratorStarter.getSonarScanner;
import static org.assertj.core.api.Assertions.assertThat;
import com.sonar.javascript.it.plugin.assertj.BuildResultAssert;
import com.sonar.orchestrator.Orchestrator;
import com.sonar.orchestrator.build.SonarScanner;
import com.sonar.orchestrator.container.Edition;
import com.sonar.orchestrator.junit5.OrchestratorExtension;
import com.sonar.orchestrator.locator.FileLocation;
import com.sonar.orchestrator.locator.MavenLocation;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Map;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
class HtmlSecurityTest {
private static Orchestrator orchestrator;
@Test
void should_not_generate_ucfgs_for_html() throws IOException {
var projectKey = "html-project";
var projectPath = TestUtils.projectDir(projectKey);
OrchestratorStarter.setProfiles(
orchestrator,
projectKey,
Map.of("html-security-profile", "js")
);
var result = orchestrator.executeBuild(getScanner(projectPath, projectKey));
assertThat(result.isSuccess()).isTrue();
var stream = Files.find(
projectPath.toPath().resolve(".scannerwork"),
3,
BuildResultAssert::isUcfgFile
);
assertThat(stream.toList()).isEmpty();
}
@BeforeAll
public static void startOrchestrator() {
var builder = OrchestratorExtension
.builderEnv()
.useDefaultAdminCredentialsForBuilds(true)
.setSonarVersion(System.getProperty("sonar.runtimeVersion", "LATEST_RELEASE"))
.addPlugin(JAVASCRIPT_PLUGIN_LOCATION)
.setEdition(Edition.DEVELOPER)
.activateLicense()
.addPlugin(MavenLocation.of("com.sonarsource.security", "sonar-security-plugin", "DEV"))
.addPlugin(
MavenLocation.of("com.sonarsource.security", "sonar-security-js-frontend-plugin", "DEV")
)
.addPlugin(MavenLocation.of("org.sonarsource.html", "sonar-html-plugin", "LATEST_RELEASE"))
.restoreProfileAtStartup(FileLocation.ofClasspath("/html-security-profile.xml"));
orchestrator = builder.build();
// Installation of SQ server in orchestrator is not thread-safe, so we need to synchronize
synchronized (OrchestratorStarter.class) {
orchestrator.start();
}
}
@AfterAll
public static void stopOrchestrator() {
orchestrator.stop();
}
private static SonarScanner getScanner(File projectDir, String projectKey) {
return getSonarScanner()
.setProjectKey(projectKey)
.setSourceEncoding("UTF-8")
.setDebugLogs(true)
.setSourceDirs(".")
.setProjectDir(projectDir);
}
}