Example #1
0
        public void SonarScanner_SensitiveArgsPassedOnCommandLine()
        {
            // Check that sensitive arguments from the config are passed on the command line

            // Arrange
            var logger = new TestLogger();

            var testDir = TestUtils.CreateTestSpecificFolder(TestContext);

            var exePath            = CreateDummarySonarScannerBatchFile();
            var propertiesFilePath = CreateDummySonarScannerPropertiesFile();

            var userArgs = new string[] { "-Dxxx=yyy", "-Dsonar.password=cmdline.password" };

            // Create a config file containing sensitive arguments
            var fileSettings = new AnalysisProperties
            {
                new Property()
                {
                    Id = SonarProperties.DbPassword, Value = "file db pwd"
                },
                new Property()
                {
                    Id = SonarProperties.SonarPassword, Value = "file.password - should not be returned"
                },
                new Property()
                {
                    Id = "file.not.sensitive.key", Value = "not sensitive value"
                }
            };
            var settingsFilePath = Path.Combine(testDir, "fileSettings.txt");

            fileSettings.Save(settingsFilePath);

            var config = new AnalysisConfig()
            {
                SonarScannerWorkingDirectory = TestContext.DeploymentDirectory
            };

            config.SetSettingsFilePath(settingsFilePath);

            // Act
            var success = SonarScannerWrapper.ExecuteJavaRunner(config, userArgs, logger, exePath, propertiesFilePath);

            // Assert
            VerifyProcessRunOutcome(logger, TestContext.DeploymentDirectory, success, true);
            var actualCmdLineArgs = CheckStandardArgsPassed(logger, propertiesFilePath);

            // Non-sensitive values from the file should not be passed on the command line
            CheckArgDoesNotExist("file.not.sensitive.key", actualCmdLineArgs);

            var dbPwdIndex   = CheckArgExists("-Dsonar.jdbc.password=file db pwd", actualCmdLineArgs); // sensitive value from file
            var userPwdIndex = CheckArgExists("-Dsonar.password=cmdline.password", actualCmdLineArgs); // sensitive value from cmd line: overrides file value

            var propertiesFileIndex = CheckArgExists(SonarScannerWrapper.ProjectSettingsFileArgName, actualCmdLineArgs);

            Assert.IsTrue(dbPwdIndex < propertiesFileIndex, "User arguments should appear first");
            Assert.IsTrue(userPwdIndex < propertiesFileIndex, "User arguments should appear first");
        }
        public void SonarRunner_SensitiveArgsPassedOnCommandLine()
        {
            // Check that sensitive arguments from the config are passed on the command line

            // Arrange
            TestLogger logger = new TestLogger();

            string testDir = TestUtils.CreateTestSpecificFolder(this.TestContext);

            string exePath            = CreateDummarySonarRunnerBatchFile();
            string propertiesFilePath = CreateDummySonarRunnerPropertiesFile();

            string[] userArgs = new string[] { "-Dxxx=yyy", "-Dsonar.password=cmdline.password" };

            // Create a config file containing sensitive arguments
            AnalysisProperties fileSettings = new AnalysisProperties();

            fileSettings.Add(new Property()
            {
                Id = SonarProperties.DbPassword, Value = "file db pwd"
            });
            fileSettings.Add(new Property()
            {
                Id = SonarProperties.SonarPassword, Value = "file.password - should not be returned"
            });
            fileSettings.Add(new Property()
            {
                Id = "file.not.sensitive.key", Value = "not sensitive value"
            });
            string settingsFilePath = Path.Combine(testDir, "fileSettings.txt");

            fileSettings.Save(settingsFilePath);

            AnalysisConfig config = new AnalysisConfig()
            {
                SonarRunnerWorkingDirectory = this.TestContext.DeploymentDirectory
            };

            config.SetSettingsFilePath(settingsFilePath);

            // Act
            bool success = SonarRunnerWrapper.ExecuteJavaRunner(config, userArgs, logger, exePath, propertiesFilePath);

            // Assert
            VerifySuccessfullRun(logger, success, this.TestContext.DeploymentDirectory);
            string actualCmdLineArgs = CheckStandardArgsPassed(logger, propertiesFilePath);

            // Non-sensitive values from the file should not be passed on the command line
            CheckArgDoesNotExist("file.not.sensitive.key", actualCmdLineArgs);

            int dbPwdIndex   = CheckArgExists("-Dsonar.jdbc.password=\"file db pwd\"", actualCmdLineArgs); // sensitive value from file
            int userPwdIndex = CheckArgExists("-Dsonar.password=cmdline.password", actualCmdLineArgs);     // sensitive value from cmd line: overrides file value

            int standardArgsIndex   = CheckArgExists(SonarRunnerWrapper.StandardAdditionalRunnerArguments, actualCmdLineArgs);
            int propertiesFileIndex = CheckArgExists(SonarRunnerWrapper.ProjectSettingsFileArgName, actualCmdLineArgs);

            Assert.IsTrue(dbPwdIndex < standardArgsIndex && dbPwdIndex < propertiesFileIndex, "User arguments should appear first");
            Assert.IsTrue(userPwdIndex < standardArgsIndex && userPwdIndex < propertiesFileIndex, "User arguments should appear first");
        }
        public void SonarScanner_SensitiveArgsPassedOnCommandLine()
        {
            // Check that sensitive arguments from the config are passed on the command line

            // Arrange
            var logger     = new TestLogger();
            var mockRunner = new MockProcessRunner(executeResult: true);
            var userArgs   = new string[] { "-Dxxx=yyy", "-Dsonar.password=cmdline.password" };

            // Create a config file containing sensitive arguments
            var fileSettings = new AnalysisProperties
            {
                new Property()
                {
                    Id = SonarProperties.DbPassword, Value = "file db pwd"
                },
                new Property()
                {
                    Id = SonarProperties.SonarPassword, Value = "file.password - should not be returned"
                },
                new Property()
                {
                    Id = "file.not.sensitive.key", Value = "not sensitive value"
                }
            };

            var testDir          = TestUtils.CreateTestSpecificFolderWithSubPaths(TestContext);
            var settingsFilePath = Path.Combine(testDir, "fileSettings.txt");

            fileSettings.Save(settingsFilePath);

            var config = new AnalysisConfig()
            {
                SonarScannerWorkingDirectory = testDir
            };

            config.SetSettingsFilePath(settingsFilePath);

            // Act
            var success = ExecuteJavaRunnerIgnoringAsserts(config, userArgs, logger, "c:\\foo.exe", "c:\\foo.props", mockRunner);

            // Assert
            VerifyProcessRunOutcome(mockRunner, logger, testDir, success, true);

            CheckStandardArgsPassed(mockRunner, "c:\\foo.props");

            // Non-sensitive values from the file should not be passed on the command line
            CheckArgDoesNotExist("file.not.sensitive.key", mockRunner);

            var dbPwdIndex   = CheckArgExists("-Dsonar.jdbc.password=file db pwd", mockRunner); // sensitive value from file
            var userPwdIndex = CheckArgExists("-Dsonar.password=cmdline.password", mockRunner); // sensitive value from cmd line: overrides file value

            var propertiesFileIndex = CheckArgExists(SonarScannerWrapper.ProjectSettingsFileArgName, mockRunner);

            propertiesFileIndex.Should().BeGreaterThan(dbPwdIndex, "User arguments should appear first");
            propertiesFileIndex.Should().BeGreaterThan(userPwdIndex, "User arguments should appear first");
        }
Example #4
0
        public static AnalysisConfig GenerateFile(ProcessedArgs args, TeamBuildSettings settings, IDictionary <string, string> serverProperties, ILogger logger)
        {
            if (args == null)
            {
                throw new ArgumentNullException("args");
            }
            if (settings == null)
            {
                throw new ArgumentNullException("settings");
            }
            if (serverProperties == null)
            {
                throw new ArgumentNullException("serverProperties");
            }
            if (logger == null)
            {
                throw new ArgumentNullException("logger");
            }

            AnalysisConfig config = new AnalysisConfig();

            config.SonarProjectKey     = args.ProjectKey;
            config.SonarProjectName    = args.ProjectName;
            config.SonarProjectVersion = args.ProjectVersion;
            config.SonarQubeHostUrl    = args.GetSetting(SonarProperties.HostUrl);

            config.SetBuildUri(settings.BuildUri);
            config.SetTfsUri(settings.TfsUri);
            config.SonarConfigDir = settings.SonarConfigDirectory;
            config.SonarOutputDir = settings.SonarOutputDirectory;
            config.SonarBinDir    = settings.SonarBinDirectory;
            config.SonarRunnerWorkingDirectory = settings.SonarRunnerWorkingDirectory;

            // Add the server properties to the config
            config.ServerSettings = new AnalysisProperties();
            foreach (var property in serverProperties)
            {
                AddSetting(config.ServerSettings, property.Key, property.Value);
            }

            // Add command line arguments
            config.LocalSettings = new AnalysisProperties();
            foreach (var property in args.LocalProperties.GetAllProperties())
            {
                AddSetting(config.LocalSettings, property.Id, property.Value);
            }

            // Set the pointer to the properties file
            if (args.PropertiesFileName != null)
            {
                config.SetSettingsFilePath(args.PropertiesFileName);
            }

            config.Save(settings.AnalysisConfigFilePath);

            return(config);
        }
Example #5
0
        public void ConfigExt_GetAnalysisSettings_FileSettings()
        {
            // Check that file settings are always retrieved by GetAnalysisSettings
            // and that the file name config property is set and retrieved correctly

            // 0. Setup
            var testDir = TestUtils.CreateTestSpecificFolder(TestContext);

            var config = new AnalysisConfig();

            // File settings
            var fileSettings = new AnalysisProperties
            {
                new Property()
                {
                    Id = "file.1", Value = "file.value.1"
                },
                new Property()
                {
                    Id = "file.2", Value = "file.value.2"
                }
            };
            var settingsFilePath = Path.Combine(testDir, "settings.txt");

            fileSettings.Save(settingsFilePath);

            // 1. Get path when not set -> null
            Assert.IsNull(config.GetSettingsFilePath(), "Expecting the settings file path to be null");

            // 2. Set and get
            config.SetSettingsFilePath(settingsFilePath);
            Assert.AreEqual(settingsFilePath, config.GetSettingsFilePath(), "Unexpected settings file path value returned");

            // 3. Check file properties are retrieved
            var provider = config.GetAnalysisSettings(false);

            provider.AssertExpectedPropertyCount(2);
            provider.AssertExpectedPropertyValue("file.1", "file.value.1");
            provider.AssertExpectedPropertyValue("file.2", "file.value.2");
        }
Example #6
0
        public void ConfigExt_GetAnalysisSettings_Precedence()
        {
            // Expected precedence: local -> file -> server

            // 0. Setup
            var testDir = TestUtils.CreateTestSpecificFolder(TestContext);

            var config = new AnalysisConfig();

            // File settings
            var fileSettings = new AnalysisProperties
            {
                new Property()
                {
                    Id = "file.1", Value = "file.value.1"
                },
                new Property()
                {
                    Id = "shared.property", Value = "shared value from file - should never be returned"
                },
                new Property()
                {
                    Id = "shared.property2", Value = "shared value 2 from file"
                }
            };
            var settingsFilePath = Path.Combine(testDir, "settings.txt");

            fileSettings.Save(settingsFilePath);
            config.SetSettingsFilePath(settingsFilePath);

            // Local settings
            config.LocalSettings = new AnalysisProperties
            {
                new Property()
                {
                    Id = "local.1", Value = "local.value.1"
                },
                new Property()
                {
                    Id = "local.2", Value = "local.value.2"
                },
                new Property()
                {
                    Id = "shared.property", Value = "shared value from local"
                }
            };

            // Server settings
            config.ServerSettings = new AnalysisProperties
            {
                new Property()
                {
                    Id = "server.1", Value = "server.value.1"
                },
                new Property()
                {
                    Id = "server.2", Value = "server.value.2"
                },
                new Property()
                {
                    Id = "shared.property", Value = "shared value from server - should never be returned"
                },
                new Property()
                {
                    Id = "shared.property2", Value = "shared value 2 from server - should never be returned"
                }
            };

            // 1. Precedence - local should win over file
            var provider = config.GetAnalysisSettings(false);

            provider.AssertExpectedPropertyCount(5);
            provider.AssertExpectedPropertyValue("local.1", "local.value.1");
            provider.AssertExpectedPropertyValue("local.2", "local.value.2");
            provider.AssertExpectedPropertyValue("file.1", "file.value.1");
            provider.AssertExpectedPropertyValue("shared.property", "shared value from local");
            provider.AssertExpectedPropertyValue("shared.property2", "shared value 2 from file");

            provider.AssertPropertyDoesNotExist("server.1");
            provider.AssertPropertyDoesNotExist("server.2");

            // 2. Server and non-server
            provider = config.GetAnalysisSettings(true);
            provider.AssertExpectedPropertyCount(7);
            provider.AssertExpectedPropertyValue("local.1", "local.value.1");
            provider.AssertExpectedPropertyValue("local.2", "local.value.2");
            provider.AssertExpectedPropertyValue("file.1", "file.value.1");
            provider.AssertExpectedPropertyValue("shared.property", "shared value from local");
            provider.AssertExpectedPropertyValue("shared.property2", "shared value 2 from file");
            provider.AssertExpectedPropertyValue("server.1", "server.value.1");
            provider.AssertExpectedPropertyValue("server.2", "server.value.2");
        }
Example #7
0
        /// <summary>
        /// Combines the various configuration options into the AnalysisConfig file
        /// used by the build and post-processor. Saves the file and returns the config instance.
        /// </summary>
        /// <param name="localSettings">Processed local settings, including command line arguments supplied the user</param>
        /// <param name="buildSettings">Build environment settings</param>
        /// <param name="serverProperties">Analysis properties downloaded from the SonarQube server</param>
        /// <param name="analyzerSettings">Specifies the Roslyn analyzers to use. Can be empty</param>
        public static AnalysisConfig GenerateFile(ProcessedArgs localSettings,
                                                  TeamBuildSettings buildSettings,
                                                  IDictionary <string, string> serverProperties,
                                                  List <AnalyzerSettings> analyzersSettings,
                                                  ILogger logger)
        {
            if (localSettings == null)
            {
                throw new ArgumentNullException(nameof(localSettings));
            }
            if (buildSettings == null)
            {
                throw new ArgumentNullException(nameof(buildSettings));
            }
            if (serverProperties == null)
            {
                throw new ArgumentNullException(nameof(serverProperties));
            }

            if (logger == null)
            {
                throw new ArgumentNullException(nameof(logger));
            }

            var config = new AnalysisConfig
            {
                SonarProjectKey     = localSettings.ProjectKey,
                SonarProjectName    = localSettings.ProjectName,
                SonarProjectVersion = localSettings.ProjectVersion,
                SonarQubeHostUrl    = localSettings.SonarQubeUrl
            };

            config.SetBuildUri(buildSettings.BuildUri);
            config.SetTfsUri(buildSettings.TfsUri);

            config.SonarConfigDir = buildSettings.SonarConfigDirectory;
            config.SonarOutputDir = buildSettings.SonarOutputDirectory;
            config.SonarBinDir    = buildSettings.SonarBinDirectory;
            config.SonarScannerWorkingDirectory = buildSettings.SonarScannerWorkingDirectory;
            config.SourcesDirectory             = buildSettings.SourcesDirectory;

            // Add the server properties to the config
            config.ServerSettings = new AnalysisProperties();

            foreach (var property in serverProperties)
            {
                if (!Utilities.IsSecuredServerProperty(property.Key))
                {
                    AddSetting(config.ServerSettings, property.Key, property.Value);
                }
            }

            config.LocalSettings = new AnalysisProperties();
            // From the local settings, we only write the ones coming from the cmd line
            foreach (var property in localSettings.CmdLineProperties.GetAllProperties())
            {
                AddSetting(config.LocalSettings, property.Id, property.Value);
            }

            if (!string.IsNullOrEmpty(localSettings.Organization))
            {
                AddSetting(config.LocalSettings, SonarProperties.Organization, localSettings.Organization);
            }

            // Set the pointer to the properties file
            if (localSettings.PropertiesFileName != null)
            {
                config.SetSettingsFilePath(localSettings.PropertiesFileName);
            }

            config.AnalyzersSettings = analyzersSettings ?? throw new ArgumentNullException(nameof(analyzersSettings));
            config.Save(buildSettings.AnalysisConfigFilePath);

            return(config);
        }
Example #8
0
        /// <summary>
        /// Combines the various configuration options into the AnalysisConfig file
        /// used by the build and post-processor. Saves the file and returns the config instance.
        /// </summary>
        /// <param name="args">Processed command line arguments supplied the user</param>
        /// <param name="buildSettings">Build environment settings</param>
        /// <param name="serverProperties">Analysis properties downloaded from the SonarQube server</param>
        /// <param name="analyzerSettings">Specifies the Roslyn analyzers to use</param>
        public static AnalysisConfig GenerateFile(ProcessedArgs args,
                                                  TeamBuildSettings buildSettings,
                                                  IDictionary <string, string> serverProperties,
                                                  List <AnalyzerSettings> analyzersSettings,
                                                  ILogger logger)
        {
            if (args == null)
            {
                throw new ArgumentNullException(nameof(args));
            }
            if (buildSettings == null)
            {
                throw new ArgumentNullException(nameof(buildSettings));
            }
            if (serverProperties == null)
            {
                throw new ArgumentNullException(nameof(serverProperties));
            }
            if (analyzersSettings == null)
            {
                throw new ArgumentNullException(nameof(analyzersSettings));
            }
            if (logger == null)
            {
                throw new ArgumentNullException(nameof(logger));
            }

            AnalysisConfig config = new AnalysisConfig();

            config.SonarProjectKey     = args.ProjectKey;
            config.SonarProjectName    = args.ProjectName;
            config.SonarProjectVersion = args.ProjectVersion;
            config.SonarQubeHostUrl    = args.GetSetting(SonarProperties.HostUrl);

            config.SetBuildUri(buildSettings.BuildUri);
            config.SetTfsUri(buildSettings.TfsUri);

            config.SonarConfigDir = buildSettings.SonarConfigDirectory;
            config.SonarOutputDir = buildSettings.SonarOutputDirectory;
            config.SonarBinDir    = buildSettings.SonarBinDirectory;
            config.SonarScannerWorkingDirectory = buildSettings.SonarScannerWorkingDirectory;
            config.SourcesDirectory             = buildSettings.SourcesDirectory;

            // Add the server properties to the config
            config.ServerSettings = new AnalysisProperties();

            foreach (var property in serverProperties)
            {
                if (!Utilities.IsSecuredServerProperty(property.Key))
                {
                    AddSetting(config.ServerSettings, property.Key, property.Value);
                }
            }

            config.LocalSettings = new AnalysisProperties();
            foreach (var property in args.LocalProperties.GetAllProperties())
            {
                AddSetting(config.LocalSettings, property.Id, property.Value);
            }

            // Set the pointer to the properties file
            if (args.PropertiesFileName != null)
            {
                config.SetSettingsFilePath(args.PropertiesFileName);
            }

            config.AnalyzersSettings = analyzersSettings;

            config.Save(buildSettings.AnalysisConfigFilePath);

            return(config);
        }
        public void ConfigExt_GetAnalysisSettings_FileSettings()
        {
            // Check that file settings are always retrieved by GetAnalysisSettings
            // and that the file name config property is set and retrieved correctly

            // 0. Setup
            string testDir = TestUtils.CreateTestSpecificFolder(this.TestContext);

            AnalysisConfig config = new AnalysisConfig();

            // File settings
            AnalysisProperties fileSettings = new AnalysisProperties();
            fileSettings.Add(new Property() { Id = "file.1", Value = "file.value.1" });
            fileSettings.Add(new Property() { Id = "file.2", Value = "file.value.2" });
            string settingsFilePath = Path.Combine(testDir, "settings.txt");
            fileSettings.Save(settingsFilePath);

            // 1. Get path when not set -> null
            Assert.IsNull(config.GetSettingsFilePath(), "Expecting the settings file path to be null");

            // 2. Set and get
            config.SetSettingsFilePath(settingsFilePath);
            Assert.AreEqual(settingsFilePath, config.GetSettingsFilePath(), "Unexpected settings file path value returned");

            // 3. Check file properties are retrieved
            IAnalysisPropertyProvider provider = config.GetAnalysisSettings(false);
            provider.AssertExpectedPropertyCount(2);
            provider.AssertExpectedPropertyValue("file.1", "file.value.1");
            provider.AssertExpectedPropertyValue("file.2", "file.value.2");
        }
        public void ConfigExt_GetAnalysisSettings_Precedence()
        {
            // Expected precedence: local -> file -> server

            // 0. Setup
            string testDir = TestUtils.CreateTestSpecificFolder(this.TestContext);

            AnalysisConfig config = new AnalysisConfig();

            // File settings
            AnalysisProperties fileSettings = new AnalysisProperties();
            fileSettings.Add(new Property() { Id = "file.1", Value = "file.value.1" });
            fileSettings.Add(new Property() { Id = "shared.property", Value = "shared value from file - should never be returned" });
            fileSettings.Add(new Property() { Id = "shared.property2", Value = "shared value 2 from file" });
            string settingsFilePath = Path.Combine(testDir, "settings.txt");
            fileSettings.Save(settingsFilePath);
            config.SetSettingsFilePath(settingsFilePath);

            // Local settings
            config.LocalSettings = new AnalysisProperties();
            config.LocalSettings.Add(new Property() { Id = "local.1", Value = "local.value.1" });
            config.LocalSettings.Add(new Property() { Id = "local.2", Value = "local.value.2" });
            config.LocalSettings.Add(new Property() { Id = "shared.property", Value = "shared value from local" });

            // Server settings
            config.ServerSettings = new AnalysisProperties();
            config.ServerSettings.Add(new Property() { Id = "server.1", Value = "server.value.1" });
            config.ServerSettings.Add(new Property() { Id = "server.2", Value = "server.value.2" });
            config.ServerSettings.Add(new Property() { Id = "shared.property", Value = "shared value from server - should never be returned" });
            config.ServerSettings.Add(new Property() { Id = "shared.property2", Value = "shared value 2 from server - should never be returned" });


            // 1. Precedence - local should win over file
            IAnalysisPropertyProvider provider = config.GetAnalysisSettings(false);
            provider.AssertExpectedPropertyCount(5);
            provider.AssertExpectedPropertyValue("local.1", "local.value.1");
            provider.AssertExpectedPropertyValue("local.2", "local.value.2");
            provider.AssertExpectedPropertyValue("file.1", "file.value.1");
            provider.AssertExpectedPropertyValue("shared.property", "shared value from local");
            provider.AssertExpectedPropertyValue("shared.property2", "shared value 2 from file");

            provider.AssertPropertyDoesNotExist("server.1");
            provider.AssertPropertyDoesNotExist("server.2");

            // 2. Server and non-server
            provider = config.GetAnalysisSettings(true);
            provider.AssertExpectedPropertyCount(7);
            provider.AssertExpectedPropertyValue("local.1", "local.value.1");
            provider.AssertExpectedPropertyValue("local.2", "local.value.2");
            provider.AssertExpectedPropertyValue("file.1", "file.value.1");
            provider.AssertExpectedPropertyValue("shared.property", "shared value from local");
            provider.AssertExpectedPropertyValue("shared.property2", "shared value 2 from file");
            provider.AssertExpectedPropertyValue("server.1", "server.value.1");
            provider.AssertExpectedPropertyValue("server.2", "server.value.2");
        }