public static AnalysisConfig GenerateFile(ProcessedArgs args, TeamBuildSettings settings, IDictionary<string, string> serverProperties, ILogger logger)
{
if (args == null)
{
throw new ArgumentNullException("args");
}
if (settings == null)
{
throw new ArgumentNullException("settings");
}
if (serverProperties == null)
{
throw new ArgumentNullException("serverProperties");
}
if (logger == null)
{
throw new ArgumentNullException("logger");
}
AnalysisConfig config = new AnalysisConfig();
config.SonarProjectKey = args.ProjectKey;
config.SonarProjectName = args.ProjectName;
config.SonarProjectVersion = args.ProjectVersion;
config.SonarQubeHostUrl = args.GetSetting(SonarProperties.HostUrl);
config.SetBuildUri(settings.BuildUri);
config.SetTfsUri(settings.TfsUri);
config.SonarConfigDir = settings.SonarConfigDirectory;
config.SonarOutputDir = settings.SonarOutputDirectory;
config.SonarBinDir = settings.SonarBinDirectory;
config.SonarRunnerWorkingDirectory = settings.SonarRunnerWorkingDirectory;
// Add the server properties to the config
config.ServerSettings = new AnalysisProperties();
foreach (var property in serverProperties)
{
if (!IsSecuredServerProperty(property.Key))
{
AddSetting(config.ServerSettings, property.Key, property.Value);
}
}
// Add command line arguments
config.LocalSettings = new AnalysisProperties();
foreach (var property in args.LocalProperties.GetAllProperties())
{
AddSetting(config.LocalSettings, property.Id, property.Value);
}
// Set the pointer to the properties file
if (args.PropertiesFileName != null)
{
config.SetSettingsFilePath(args.PropertiesFileName);
}
config.Save(settings.AnalysisConfigFilePath);
return config;
}
public void SonarRunner_SensitiveArgsPassedOnCommandLine()
{
// Check that sensitive arguments from the config are passed on the command line
// Arrange
TestLogger logger = new TestLogger();
string testDir = TestUtils.CreateTestSpecificFolder(this.TestContext);
string exePath = CreateDummarySonarRunnerBatchFile();
string propertiesFilePath = CreateDummySonarRunnerPropertiesFile();
string[] userArgs = new string[] { "-Dxxx=yyy", "-Dsonar.password=cmdline.password" };
// Create a config file containing sensitive arguments
AnalysisProperties fileSettings = new AnalysisProperties();
fileSettings.Add(new Property() { Id = SonarProperties.DbPassword, Value = "file db pwd" });
fileSettings.Add(new Property() { Id = SonarProperties.SonarPassword, Value = "file.password - should not be returned" });
fileSettings.Add(new Property() { Id = "file.not.sensitive.key", Value = "not sensitive value" });
string settingsFilePath = Path.Combine(testDir, "fileSettings.txt");
fileSettings.Save(settingsFilePath);
AnalysisConfig config = new AnalysisConfig() { SonarRunnerWorkingDirectory = this.TestContext.DeploymentDirectory };
config.SetSettingsFilePath(settingsFilePath);
// Act
bool success = SonarRunnerWrapper.ExecuteJavaRunner(config, userArgs, logger, exePath, propertiesFilePath);
// Assert
VerifyProcessRunOutcome(logger, this.TestContext.DeploymentDirectory, success, true);
string actualCmdLineArgs = CheckStandardArgsPassed(logger, propertiesFilePath);
// Non-sensitive values from the file should not be passed on the command line
CheckArgDoesNotExist("file.not.sensitive.key", actualCmdLineArgs);
int dbPwdIndex = CheckArgExists("-Dsonar.jdbc.password=file db pwd", actualCmdLineArgs); // sensitive value from file
int userPwdIndex = CheckArgExists("-Dsonar.password=cmdline.password", actualCmdLineArgs); // sensitive value from cmd line: overrides file value
int standardArgsIndex = CheckArgExists(SonarRunnerWrapper.StandardAdditionalRunnerArguments, actualCmdLineArgs);
int propertiesFileIndex = CheckArgExists(SonarRunnerWrapper.ProjectSettingsFileArgName, actualCmdLineArgs);
Assert.IsTrue(dbPwdIndex < standardArgsIndex && dbPwdIndex < propertiesFileIndex, "User arguments should appear first");
Assert.IsTrue(userPwdIndex < standardArgsIndex && userPwdIndex < propertiesFileIndex, "User arguments should appear first");
}
