public static AnalysisConfig GenerateFile(ProcessedArgs args, TeamBuildSettings settings, IDictionary<string, string> serverProperties, ILogger logger) { if (args == null) { throw new ArgumentNullException("args"); } if (settings == null) { throw new ArgumentNullException("settings"); } if (serverProperties == null) { throw new ArgumentNullException("serverProperties"); } if (logger == null) { throw new ArgumentNullException("logger"); } AnalysisConfig config = new AnalysisConfig(); config.SonarProjectKey = args.ProjectKey; config.SonarProjectName = args.ProjectName; config.SonarProjectVersion = args.ProjectVersion; config.SonarQubeHostUrl = args.GetSetting(SonarProperties.HostUrl); config.SetBuildUri(settings.BuildUri); config.SetTfsUri(settings.TfsUri); config.SonarConfigDir = settings.SonarConfigDirectory; config.SonarOutputDir = settings.SonarOutputDirectory; config.SonarBinDir = settings.SonarBinDirectory; config.SonarRunnerWorkingDirectory = settings.SonarRunnerWorkingDirectory; // Add the server properties to the config config.ServerSettings = new AnalysisProperties(); foreach (var property in serverProperties) { if (!IsSecuredServerProperty(property.Key)) { AddSetting(config.ServerSettings, property.Key, property.Value); } } // Add command line arguments config.LocalSettings = new AnalysisProperties(); foreach (var property in args.LocalProperties.GetAllProperties()) { AddSetting(config.LocalSettings, property.Id, property.Value); } // Set the pointer to the properties file if (args.PropertiesFileName != null) { config.SetSettingsFilePath(args.PropertiesFileName); } config.Save(settings.AnalysisConfigFilePath); return config; }
public void SonarRunner_SensitiveArgsPassedOnCommandLine() { // Check that sensitive arguments from the config are passed on the command line // Arrange TestLogger logger = new TestLogger(); string testDir = TestUtils.CreateTestSpecificFolder(this.TestContext); string exePath = CreateDummarySonarRunnerBatchFile(); string propertiesFilePath = CreateDummySonarRunnerPropertiesFile(); string[] userArgs = new string[] { "-Dxxx=yyy", "-Dsonar.password=cmdline.password" }; // Create a config file containing sensitive arguments AnalysisProperties fileSettings = new AnalysisProperties(); fileSettings.Add(new Property() { Id = SonarProperties.DbPassword, Value = "file db pwd" }); fileSettings.Add(new Property() { Id = SonarProperties.SonarPassword, Value = "file.password - should not be returned" }); fileSettings.Add(new Property() { Id = "file.not.sensitive.key", Value = "not sensitive value" }); string settingsFilePath = Path.Combine(testDir, "fileSettings.txt"); fileSettings.Save(settingsFilePath); AnalysisConfig config = new AnalysisConfig() { SonarRunnerWorkingDirectory = this.TestContext.DeploymentDirectory }; config.SetSettingsFilePath(settingsFilePath); // Act bool success = SonarRunnerWrapper.ExecuteJavaRunner(config, userArgs, logger, exePath, propertiesFilePath); // Assert VerifyProcessRunOutcome(logger, this.TestContext.DeploymentDirectory, success, true); string actualCmdLineArgs = CheckStandardArgsPassed(logger, propertiesFilePath); // Non-sensitive values from the file should not be passed on the command line CheckArgDoesNotExist("file.not.sensitive.key", actualCmdLineArgs); int dbPwdIndex = CheckArgExists("-Dsonar.jdbc.password=file db pwd", actualCmdLineArgs); // sensitive value from file int userPwdIndex = CheckArgExists("-Dsonar.password=cmdline.password", actualCmdLineArgs); // sensitive value from cmd line: overrides file value int standardArgsIndex = CheckArgExists(SonarRunnerWrapper.StandardAdditionalRunnerArguments, actualCmdLineArgs); int propertiesFileIndex = CheckArgExists(SonarRunnerWrapper.ProjectSettingsFileArgName, actualCmdLineArgs); Assert.IsTrue(dbPwdIndex < standardArgsIndex && dbPwdIndex < propertiesFileIndex, "User arguments should appear first"); Assert.IsTrue(userPwdIndex < standardArgsIndex && userPwdIndex < propertiesFileIndex, "User arguments should appear first"); }