Issue spotbugs#387 only activate enabled rules or the server crashes

gtoison · Oct 9, 2021 · 7ed87e4 · 7ed87e4
1 parent b6e5b36
commit 7ed87e4
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 5 deletions.
diff --git a/src/main/java/org/sonar/plugins/findbugs/FindbugsProfileImporter.java b/src/main/java/org/sonar/plugins/findbugs/FindbugsProfileImporter.java
@@ -124,11 +124,14 @@ private void activateRulesByCategory(NewBuiltInQualityProfile profile, FindBugsF
   }
 
   private void activateRule(NewBuiltInQualityProfile profile, Rule rule, @Nullable String severity) {
-    NewBuiltInActiveRule r = profile.activateRule(rule.getRepositoryKey(), rule.getKey());
-    if (severity == null) {
-      r.overrideSeverity(getSeverityFromPriority(rule.getSeverity()));
-    } else {
-      r.overrideSeverity(severity);
+    // Trying to activate a disabled rule in a profile causes the SQ server to crash at startup
+    if (rule.isEnabled()) {
+      NewBuiltInActiveRule r = profile.activateRule(rule.getRepositoryKey(), rule.getKey());
+      if (severity == null) {
+        r.overrideSeverity(getSeverityFromPriority(rule.getSeverity()));
+      } else {
+        r.overrideSeverity(severity);
+      }
     }
   }
 

diff --git a/src/test/java/org/sonar/plugins/findbugs/profiles/FindbugsSecurityJspProfileTest.java b/src/test/java/org/sonar/plugins/findbugs/profiles/FindbugsSecurityJspProfileTest.java
@@ -21,6 +21,7 @@
 
 import org.junit.Rule;
 import org.junit.Test;
+import org.sonar.api.rules.RuleFinder;
 import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition.BuiltInQualityProfile;
 import org.sonar.api.server.profile.BuiltInQualityProfilesDefinition.Context;
 import org.sonar.api.utils.log.LogTester;
@@ -52,4 +53,25 @@ public void shouldCreateProfile() {
     assertThat(profile.rules().stream().filter(r -> r.repoKey().equals(FindSecurityBugsJspRulesDefinition.REPOSITORY_KEY)).count()).isEqualTo(6);
     assertThat(profile.rules().stream().filter(r -> r.repoKey().equals(FindbugsRulesDefinition.REPOSITORY_KEY)).count()).isEqualTo(0);
   }
+
+  @Test
+  public void disabledRuleMustNotBeActivated() {
+    RuleFinder ruleFinder = FakeRuleFinder.createWithAllRules();
+
+    // Mark a rule as removed
+    org.sonar.api.rules.Rule rule = ruleFinder.findByKey(FindSecurityBugsJspRulesDefinition.REPOSITORY_KEY, "XSS_JSP_PRINT");
+    rule.setStatus(org.sonar.api.rules.Rule.STATUS_REMOVED);
+
+    FindbugsProfileImporter importer = new FindbugsProfileImporter(ruleFinder);
+    FindbugsSecurityJspProfile findbugsProfile = new FindbugsSecurityJspProfile(importer);
+    Context context = new Context();
+    findbugsProfile.define(context);
+
+    //There should be 5 rules left since we removed one
+    BuiltInQualityProfile profile = context.profile(Jsp.KEY, FindbugsSecurityJspProfile.FINDBUGS_SECURITY_JSP_PROFILE_NAME);
+    assertThat(logTester.getLogs(LoggerLevel.ERROR)).isNull();
+    assertThat(logTester.getLogs(LoggerLevel.WARN)).isNull();
+    assertThat(profile.rules().stream().filter(r -> r.repoKey().equals(FindSecurityBugsJspRulesDefinition.REPOSITORY_KEY)).count()).isEqualTo(5);
+    assertThat(profile.rules().stream().filter(r -> r.repoKey().equals(FindbugsRulesDefinition.REPOSITORY_KEY)).count()).isEqualTo(0);
+  }
 }