pixee · JesusCotlamee · Jun 12, 2024 · Jun 6, 2024 · Jun 6, 2024 · Jun 6, 2024
diff --git a/README.md b/README.md
@@ -26,9 +26,9 @@ GitHub Action workflow that includes SonarQube, the step that performs the
 SonarQube analysis will be followed by a step that applies the SonarQube Quality
 Gate. The `pixee/upload-tool-results-action` should follow the SonarQube Quality
 Gate. The workflow should be configured to run the
-`pixee/upload-tool-results-action` step regardless of the outcome of the
-quality gate, so that Pixeebot may fix the issues preventing the quality gate
-from passing.
+`pixee/upload-tool-results-action` step regardless of the outcome of the quality
+gate, so that Pixeebot may fix the issues preventing the quality gate from
+passing.
 
 The `pixee/upload-tool-results-action` requires a SonarQube _user token_ token
 that is permitted to read Security Hotspots. Typically, the `SONAR_TOKEN` secret
@@ -49,7 +49,7 @@ confusing it for the typical _project analysis token_.
   if: always() && steps.sonarqube-analysis.outcome == 'success'
   with:
     tool: sonar
-    sonar-api-url: ${{ vars.SONAR_HOST_URL }}/api
+    sonar-host: ${{ vars.SONAR_HOST_URL }}
     sonar-token: ${{ secrets.PIXEE_SONAR_TOKEN }}
     sonar-component-key: "<insert-my-sonar-project-key>"
 ```
@@ -110,9 +110,9 @@ Detailed description of the inputs exposed by the
     # Default: `owner_repo`
     sonar-component-key:
 
-    # Base URL of the Sonar API. Use this to switch from SonarCloud to SonarQube.
-    # Default: https://sonarcloud.io/api
-    sonar-api-url:
+    # Base host of the SonarCloud or SonarQube API. Use this to switch from SonarCloud to SonarQube.
+    # Default: https://sonarcloud.io
+    sonar-host:
 
     # Token for authenticating requests to DefectDojo.
     defectdojo-token:

diff --git a/__tests__/sonar.test.ts b/__tests__/sonar.test.ts
@@ -0,0 +1,94 @@
+import { buildSonarCloudIssuesUrl } from "../src/sonar";
+import * as github from "../src/github";
+
+let getGitHubContextMock: jest.SpiedFunction<typeof github.getGitHubContext>;
+
+describe("sonar", () => {
+  const sonarHost = "https://sonarcloud.io/api/";
+  const componentKey = "myComponent";
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    getGitHubContextMock = jest
+      .spyOn(github, "getGitHubContext")
+      .mockImplementation();
+  });
+
+  it("should build the URL with pullRequest parameter if prNumber exists", async () => {
+    getGitHubContextMock.mockReturnValue({
+      owner: "owner",
+      repo: "repo",
+      sha: "sha",
+      prNumber: 123,
+    });
+
+    const result = buildSonarCloudIssuesUrl({
+      token: "",
+      sonarHost,
+      componentKey,
+    });
+
+    expect(result).toBe(
+      "https://sonarcloud.io/api/issues/search?componentKeys=myComponent&resolved=false&ps=500&pullRequest=123",
+    );
+  });
+
+  it("should build the URL without pullRequest parameter if prNumber does not exist", async () => {
+    getGitHubContextMock.mockReturnValue({
+      owner: "owner",
+      repo: "repo",
+      sha: "sha",
+      prNumber: undefined,
+    });
+
+    const result = buildSonarCloudIssuesUrl({
+      token: "",
+      sonarHost,
+      componentKey,
+    });
+
+    expect(result).toBe(
+      "https://sonarcloud.io/api/issues/search?componentKeys=myComponent&resolved=false&ps=500",
+    );
+  });
+
+  it("should encode the componentKey properly", async () => {
+    const specialComponentKey = "myComponent with spaces";
+    getGitHubContextMock.mockReturnValue({
+      owner: "owner",
+      repo: "repo",
+      sha: "sha",
+      prNumber: 123,
+    });
+
+    const result = buildSonarCloudIssuesUrl({
+      token: "",
+      sonarHost,
+      componentKey: specialComponentKey,
+    });
+
+    expect(result).toBe(
+      "https://sonarcloud.io/api/issues/search?componentKeys=myComponent+with+spaces&resolved=false&ps=500&pullRequest=123",
+    );
+  });
+
+  it("should handle sonarHost with trailing slash correctly", async () => {
+    const sonarHostWithSlash = "https://sonarcloud.io/";
+    getGitHubContextMock.mockReturnValue({
+      owner: "owner",
+      repo: "repo",
+      sha: "sha",
+      prNumber: 123,
+    });
+
+    const result = buildSonarCloudIssuesUrl({
+      token: "",
+      sonarHost: sonarHostWithSlash,
+      componentKey,
+    });
+
+    expect(result).toBe(
+      "https://sonarcloud.io/api/issues/search?componentKeys=myComponent&resolved=false&ps=500&pullRequest=123",
+    );
+  });
+});
diff --git a/action.yml b/action.yml
@@ -21,9 +21,9 @@ inputs:
   sonar-component-key:
     description: Key identifying the SonarCloud component to be analyzed.
     required: false
-  sonar-api-url:
-    description: Base URL of the SonarCloud API.
-    default: https://sonarcloud.io/api
+  sonar-host:
+    description: Base host of the SonarCloud or SonarQube API.
+    default: https://sonarcloud.io
   defectdojo-token:
     description: Token for authenticating requests to DefectDojo.
     required: false

diff --git a/examples/sonarqube-pixeebot-maven.yml b/examples/sonarqube-pixeebot-maven.yml
@@ -58,6 +58,6 @@ jobs:
         if: always() && steps.sonarqube-analysis.outcome == 'success' # run this when the analysis is successful, regardless of the quality gate status
         with:
           tool: sonar
-          sonar-api-url: ${{ vars.SONAR_HOST_URL }}/api
+          sonar-host: ${{ vars.SONAR_HOST_URL }}
           sonar-token: ${{ secrets.PIXEE_SONAR_TOKEN }}
           sonar-component-key: "<insert-my-sonar-project-key>"
diff --git a/examples/sonarqube-python.yml b/examples/sonarqube-python.yml
@@ -36,6 +36,6 @@ jobs:
         if: always() && steps.sonarqube-analysis.outcome == 'success'
         with:
           tool: sonar
-          sonar-api-url: ${{ vars.SONAR_HOST_URL }}/api
+          sonar-host: ${{ vars.SONAR_HOST_URL }}
           sonar-token: ${{ secrets.PIXEE_SONAR_TOKEN }}
           sonar-component-key: "<insert-my-sonar-project-key>"
diff --git a/src/sonar.ts b/src/sonar.ts
@@ -28,13 +28,70 @@ export async function retrieveSonarCloudIssues(
   return retrieveSonarCloudResults(sonarCloudInputs, url, "issues");
 }
 
+export function buildSonarCloudIssuesUrl({
+  sonarHost,
+  componentKey,
+}: SonarCloudInputs): string {
+  const { prNumber } = getGitHubContext();
+  const path = "/api/issues/search";
+
+  const queryParams = {
+    componentKeys: componentKey,
+    resolved: "false",
+    ps: MAX_PAGE_SIZE,
+    ...(prNumber && { pullRequest: prNumber }),
+  };
+
+  return buildSonarCloudUrl({ sonarHost, path, queryParams });
+}
+
 export async function retrieveSonarCloudHotspots(
   sonarCloudInputs: SonarCloudInputs,
 ): Promise<SonarSearchHotspotResult> {
   const url = buildSonarCloudHotspotsUrl(sonarCloudInputs);
   return retrieveSonarCloudResults(sonarCloudInputs, url, "hotspots");
 }
 
+export function buildSonarCloudHotspotsUrl({
+  sonarHost,
+  componentKey,
+}: SonarCloudInputs): string {
+  const { prNumber } = getGitHubContext();
+  const path = "/api/hotspots/search";
+
+  const queryParams = {
+    projectKey: componentKey,
+    resolved: "false",
+    ps: MAX_PAGE_SIZE,
+    ...(prNumber && { pullRequest: prNumber }),
+  };
+
+  return buildSonarCloudUrl({ sonarHost, path, queryParams });
+}
+
+export function buildSonarCloudUrl({
+  sonarHost,
+  path,
+  queryParams,
+}: {
+  sonarHost: string;
+  path: string;
+  queryParams: { [key: string]: string | number };
+}): string {
+  const baseApiUrl = new URL(sonarHost);
+  const apiUrl = new URL(path, baseApiUrl);
+
+  Object.entries(queryParams).forEach(([key, value]) => {
+    apiUrl.searchParams.append(key, value.toString());
+  });
+
+  if (core.isDebug()) {
+    core.info(`SonarCloud url ${apiUrl}`);
+  }
+
+  return apiUrl.href;
+}
+
 async function retrieveSonarCloudResults(
   { token }: SonarCloudInputs,
   url: string,
@@ -62,38 +119,16 @@ async function retrieveSonarCloudResults(
 interface SonarCloudInputs {
   token: string;
   componentKey: string;
-  apiUrl: string;
+  sonarHost: string;
 }
 
 export function getSonarCloudInputs(): SonarCloudInputs {
-  const apiUrl = core.getInput("sonar-api-url", { required: true });
+  const sonarHost = core.getInput("sonar-host", { required: true });
   const token = core.getInput("sonar-token");
   let componentKey = core.getInput("sonar-component-key");
   if (!componentKey) {
     const { owner, repo } = getRepositoryInfo();
     componentKey = `${owner}_${repo}`;
   }
-  return { token, componentKey, apiUrl };
-}
-
-function buildSonarCloudIssuesUrl({
-  apiUrl,
-  componentKey,
-}: SonarCloudInputs): string {
-  const { prNumber } = getGitHubContext();
-  const url = `${apiUrl}/issues/search?componentKeys=${encodeURIComponent(
-    componentKey,
-  )}&resolved=false&ps=${MAX_PAGE_SIZE}`;
-  return prNumber ? `${url}&pullRequest=${prNumber}` : url;
-}
-
-function buildSonarCloudHotspotsUrl({
-  apiUrl,
-  componentKey,
-}: SonarCloudInputs): string {
-  const { prNumber } = getGitHubContext();
-  const url = `${apiUrl}/hotspots/search?projectKey=${encodeURIComponent(
-    componentKey,
-  )}&resolved=false&ps=${MAX_PAGE_SIZE}`;
-  return prNumber ? `${url}&pullRequest=${prNumber}` : url;
+  return { token, componentKey, sonarHost };
 }