public void AnalysisConfGen_FileProperties()
{
// File properties should not be copied to the file.
// Instead, a pointer to the file should be created.
// Arrange
var analysisDir = TestUtils.CreateTestSpecificFolderWithSubPaths(TestContext);
var logger = new TestLogger();
// The set of file properties to supply
var fileProperties = new AnalysisProperties
{
new Property()
{
Id = SonarProperties.HostUrl, Value = "http://myserver"
},
new Property()
{
Id = "file.only", Value = "file value"
}
};
var settingsFilePath = Path.Combine(analysisDir, "settings.txt");
fileProperties.Save(settingsFilePath);
var fileProvider = FilePropertyProvider.Load(settingsFilePath);
var args = new ProcessedArgs("key", "name", "version", "organization", false, EmptyPropertyProvider.Instance, fileProvider, EmptyPropertyProvider.Instance, logger);
var settings = TeamBuildSettings.CreateNonTeamBuildSettingsForTesting(analysisDir);
Directory.CreateDirectory(settings.SonarConfigDirectory); // config directory needs to exist
// Act
var actualConfig = AnalysisConfigGenerator.GenerateFile(args, settings, new Dictionary <string, string>(), new List <AnalyzerSettings>(), new MockSonarQubeServer(), logger);
// Assert
AssertConfigFileExists(actualConfig);
logger.AssertErrorsLogged(0);
logger.AssertWarningsLogged(0);
var actualSettingsFilePath = actualConfig.GetSettingsFilePath();
actualSettingsFilePath.Should().Be(settingsFilePath, "Unexpected settings file path");
// Check the file setting value do not appear in the config file
AssertFileDoesNotContainText(actualConfig.FileName, "file.only");
actualConfig.SourcesDirectory.Should().Be(settings.SourcesDirectory);
actualConfig.SonarScannerWorkingDirectory.Should().Be(settings.SonarScannerWorkingDirectory);
AssertExpectedLocalSetting(SonarProperties.Organization, "organization", actualConfig);
}
public void AnalysisConfGen_FileProperties()
{
// File properties should not be copied to the file.
// Instead, a pointer to the file should be created.
// Arrange
string analysisDir = TestUtils.CreateTestSpecificFolder(this.TestContext);
TestLogger logger = new TestLogger();
// The set of file properties to supply
AnalysisProperties fileProperties = new AnalysisProperties();
fileProperties.Add(new Property()
{
Id = SonarProperties.HostUrl, Value = "http://myserver"
});
fileProperties.Add(new Property()
{
Id = "file.only", Value = "file value"
});
string settingsFilePath = Path.Combine(analysisDir, "settings.txt");
fileProperties.Save(settingsFilePath);
FilePropertyProvider fileProvider = FilePropertyProvider.Load(settingsFilePath);
ProcessedArgs args = new ProcessedArgs("key", "name", "version", false, EmptyPropertyProvider.Instance, fileProvider);
TeamBuildSettings settings = TeamBuildSettings.CreateNonTeamBuildSettingsForTesting(analysisDir);
Directory.CreateDirectory(settings.SonarConfigDirectory); // config directory needs to exist
// Act
AnalysisConfig actualConfig = AnalysisConfigGenerator.GenerateFile(args, settings, new Dictionary <string, string>(), logger);
// Assert
AssertConfigFileExists(actualConfig);
logger.AssertErrorsLogged(0);
logger.AssertWarningsLogged(0);
string actualSettingsFilePath = actualConfig.GetSettingsFilePath();
Assert.AreEqual(settingsFilePath, actualSettingsFilePath, "Unexpected settings file path");
// Check the file setting value do not appear in the config file
AssertFileDoesNotContainText(actualConfig.FileName, "file.only");
Assert.AreEqual(settings.SonarRunnerWorkingDirectory, actualConfig.SonarRunnerWorkingDirectory);
}
[WorkItem(127)] // Do not store the db and server credentials in the config files: http://jira.sonarsource.com/browse/SONARMSBRU-127
public void AnalysisConfGen_AnalysisConfigDoesNotContainSensitiveData()
{
// Arrange
var analysisDir = TestUtils.CreateTestSpecificFolderWithSubPaths(TestContext);
var logger = new TestLogger();
var cmdLineArgs = new ListPropertiesProvider();
// Public args - should be written to the config file
cmdLineArgs.AddProperty("sonar.host.url", "http://host");
cmdLineArgs.AddProperty("public.key", "public value");
cmdLineArgs.AddProperty("sonar.user.license.secured", "user input license");
cmdLineArgs.AddProperty("server.key.secured.xxx", "not really secure");
cmdLineArgs.AddProperty("sonar.value", "value.secured");
// Sensitive values - should not be written to the config file
cmdLineArgs.AddProperty(SonarProperties.DbPassword, "secret db password");
// Create a settings file with public and sensitive data
var fileSettings = new AnalysisProperties
{
new Property()
{
Id = "file.public.key", Value = "file public value"
},
new Property()
{
Id = SonarProperties.DbUserName, Value = "secret db user"
},
new Property()
{
Id = SonarProperties.DbPassword, Value = "secret db password"
}
};
var fileSettingsPath = Path.Combine(analysisDir, "fileSettings.txt");
fileSettings.Save(fileSettingsPath);
var fileProvider = FilePropertyProvider.Load(fileSettingsPath);
var args = new ProcessedArgs("key", "name", "1.0", null, false, cmdLineArgs, fileProvider, EmptyPropertyProvider.Instance, logger);
IDictionary <string, string> serverProperties = new Dictionary <string, string>
{
// Public server settings
{ "server.key.1", "server value 1" },
// Sensitive server settings
{ SonarProperties.SonarUserName, "secret user" },
{ SonarProperties.SonarPassword, "secret pwd" },
{ "sonar.vbnet.license.secured", "secret license" },
{ "sonar.cpp.License.Secured", "secret license 2" }
};
var settings = TeamBuildSettings.CreateNonTeamBuildSettingsForTesting(analysisDir);
Directory.CreateDirectory(settings.SonarConfigDirectory); // config directory needs to exist
// Act
var config = AnalysisConfigGenerator.GenerateFile(args, settings, serverProperties, new List <AnalyzerSettings>(), new MockSonarQubeServer(), logger);
// Assert
AssertConfigFileExists(config);
logger.AssertErrorsLogged(0);
logger.AssertWarningsLogged(0);
// Check the config
// "Public" arguments should be in the file
config.SonarProjectKey.Should().Be("key", "Unexpected project key");
config.SonarProjectName.Should().Be("name", "Unexpected project name");
config.SonarProjectVersion.Should().Be("1.0", "Unexpected project version");
AssertExpectedLocalSetting(SonarProperties.HostUrl, "http://host", config);
AssertExpectedLocalSetting("sonar.user.license.secured", "user input license", config); // we only filter out *.secured server settings
AssertExpectedLocalSetting("sonar.value", "value.secured", config);
AssertExpectedLocalSetting("server.key.secured.xxx", "not really secure", config);
AssertExpectedServerSetting("server.key.1", "server value 1", config);
AssertFileDoesNotContainText(config.FileName, "file.public.key"); // file settings values should not be in the config
AssertFileDoesNotContainText(config.FileName, "secret"); // sensitive data should not be in config
}
[WorkItem(127)] // Do not store the db and server credentials in the config files: http://jira.sonarsource.com/browse/SONARMSBRU-127
public void AnalysisConfGen_AnalysisConfigDoesNotContainSensitiveData()
{
// Arrange
string analysisDir = TestUtils.CreateTestSpecificFolder(this.TestContext);
TestLogger logger = new TestLogger();
ListPropertiesProvider cmdLineArgs = new ListPropertiesProvider();
// Public args - should be written to the config file
cmdLineArgs.AddProperty("sonar.host.url", "http://host");
cmdLineArgs.AddProperty("public.key", "public value");
// Sensitive values - should not be written to the config file
cmdLineArgs.AddProperty(SonarProperties.DbPassword, "secret db password");
cmdLineArgs.AddProperty(SonarProperties.DbUserName, "secret db user");
// Create a settings file with public and sensitive data
AnalysisProperties fileSettings = new AnalysisProperties();
fileSettings.Add(new Property()
{
Id = "file.public.key", Value = "file public value"
});
fileSettings.Add(new Property()
{
Id = SonarProperties.DbUserName, Value = "secret db user"
});
fileSettings.Add(new Property()
{
Id = SonarProperties.DbPassword, Value = "secret db password"
});
string fileSettingsPath = Path.Combine(analysisDir, "fileSettings.txt");
fileSettings.Save(fileSettingsPath);
FilePropertyProvider fileProvider = FilePropertyProvider.Load(fileSettingsPath);
ProcessedArgs args = new ProcessedArgs("key", "name", "1.0", false, cmdLineArgs, fileProvider);
IDictionary <string, string> serverProperties = new Dictionary <string, string>();
// Public server settings
serverProperties.Add("server.key.1", "server value 1");
// Sensitive server settings
serverProperties.Add(SonarProperties.SonarUserName, "secret user");
serverProperties.Add(SonarProperties.SonarPassword, "secret pwd");
TeamBuildSettings settings = TeamBuildSettings.CreateNonTeamBuildSettingsForTesting(analysisDir);
Directory.CreateDirectory(settings.SonarConfigDirectory); // config directory needs to exist
// Act
AnalysisConfig config = AnalysisConfigGenerator.GenerateFile(args, settings, serverProperties, logger);
// Assert
AssertConfigFileExists(config);
logger.AssertErrorsLogged(0);
logger.AssertWarningsLogged(0);
// Check the config
// "Public" arguments should be in the file
Assert.AreEqual("key", config.SonarProjectKey, "Unexpected project key");
Assert.AreEqual("name", config.SonarProjectName, "Unexpected project name");
Assert.AreEqual("1.0", config.SonarProjectVersion, "Unexpected project version");
AssertExpectedLocalSetting(SonarProperties.HostUrl, "http://host", config);
AssertExpectedServerSetting("server.key.1", "server value 1", config);
AssertFileDoesNotContainText(config.FileName, "file.public.key"); // file settings values should not be in the config
// SONARMSBRU-136: TODO - uncomment the following code:
AssertFileDoesNotContainText(config.FileName, "secret"); // sensitive data should not be in config
}
