Class: SonarQubeApi

Inherits:

Object

• Object
• SonarQubeApi

Defined in:

lib/heimdall_tools/sonarqube_mapper.rb

Constant Summary

ISSUES_ENDPOINT =

'/issues/search'.freeze

RULES_ENDPOINT =

'/rules/search'.freeze

RULE_ENDPOINT =

'/rules/show'.freeze

SOURCE_ENDPOINT =

'/sources/raw'.freeze

VERSION_ENDPOINT =

'/server/version'.freeze

PAGE_SIZE =

100

Instance Method Summary

• #initialize(api_url, auth = nil) ⇒ SonarQubeApi constructor

  A new instance of SonarQubeApi.

• #query_api(endpoint, params = {}) ⇒ Object
• #query_code_snippet(component, start_line, end_line) ⇒ Object

  Query the source endpoint for a code snippet showing a vulnerability SonarQube has 3 relevant source endpoints.

• #query_issues(project_name) ⇒ Object

  Query issues endpoint, get all vulnerabilities This query is based on the url params used by the web project issue view.

• #query_rule(rule) ⇒ Object

  Query rules endpoint to get additional info for 800-53 mapping.

• #query_version ⇒ Object

  Query the version of the SonarQube server.

Constructor Details

#initialize(api_url, auth = nil) ⇒ SonarQubeApi

Returns a new instance of SonarQubeApi.

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 36

def initialize(api_url, auth = nil)
  @api_url = api_url
  @auth = auth
end

Instance Method Details

#query_api(endpoint, params = {}) ⇒ Object

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 41

def query_api(endpoint, params = {})
  unless @auth.nil?
    creds = {
      username: @auth.split(':')[0],
              password: @auth.split(':')[1]
    }
  end

  response = HTTParty.get(@api_url + endpoint, { query: params, basic_auth: creds })
  check_response response
  response
end

#query_code_snippet(component, start_line, end_line) ⇒ Object

Query the source endpoint for a code snippet showing a vulnerability SonarQube has 3 relevant source endpoints. The web gui uses sources/list (not in webservices), returns each line w/ html formatting and scm sources/show returns just the source lines, but still w/ html formatting Both of the above allow filtering by line, whereas raw does not. sources/raw returns the entire file We are going to use sources/raw for now so we don’t have to deal with the html

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 96

def query_code_snippet(component, start_line, end_line)
  params = {
    key: component
  }
  response = query_api(SOURCE_ENDPOINT, params)
  response.body.split("\n")[start_line..end_line].join("\n")
end

#query_issues(project_name) ⇒ Object

Query issues endpoint, get all vulnerabilities This query is based on the url params used by the web project issue view

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 56

def query_issues(project_name)
  issues = []
  params = {
    componentKeys: project_name,
      resolved: 'false',
      types: 'VULNERABILITY',
      ps: PAGE_SIZE,
      p: 1
  }

  loop do # Get all pages
    response = query_api(ISSUES_ENDPOINT, params)
    issues += response['issues']

    if params[:p] * PAGE_SIZE >= response['paging']['total']
      break
    end

    params[:p] += 1
  end

  issues
end

#query_rule(rule) ⇒ Object

Query rules endpoint to get additional info for 800-53 mapping

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 81

def query_rule(rule)
  params = {
    key: rule
  }
  response = query_api(RULE_ENDPOINT, params)
  response['rule']
end

#query_version ⇒ Object

Query the version of the SonarQube server

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 105

def query_version
  response = query_api(VERSION_ENDPOINT)
  response.body
end