class SonarQubeApi
Constants
- ISSUES_ENDPOINT
- PAGE_SIZE
- RULES_ENDPOINT
- RULE_ENDPOINT
- SOURCE_ENDPOINT
- VERSION_ENDPOINT
Public Class Methods
new(api_url, auth = nil)
click to toggle source
# File lib/heimdall_tools/sonarqube_mapper.rb, line 36 def initialize(api_url, auth = nil) @api_url = api_url @auth = auth end
Public Instance Methods
query_api(endpoint, params = {})
click to toggle source
# File lib/heimdall_tools/sonarqube_mapper.rb, line 41 def query_api(endpoint, params = {}) unless @auth.nil? creds = { username: @auth.split(':')[0], password: @auth.split(':')[1] } end response = HTTParty.get(@api_url + endpoint, { query: params, basic_auth: creds }) check_response response response end
query_code_snippet(component, start_line, end_line)
click to toggle source
Query the source endpoint for a code snippet showing a vulnerability SonarQube has 3 relevant source endpoints. The web gui uses sources/list (not in webservices), returns each line w/ html formatting and scm sources/show returns just the source lines, but still w/ html formatting Both of the above allow filtering by line, whereas raw does not. sources/raw returns the entire file We are going to use sources/raw for now so we don't have to deal with the html
# File lib/heimdall_tools/sonarqube_mapper.rb, line 96 def query_code_snippet(component, start_line, end_line) params = { key: component } response = query_api(SOURCE_ENDPOINT, params) response.body.split("\n")[start_line..end_line].join("\n") end
query_issues(project_name)
click to toggle source
Query issues endpoint, get all vulnerabilities This query is based on the url params used by the web project issue view
# File lib/heimdall_tools/sonarqube_mapper.rb, line 56 def query_issues(project_name) issues = [] params = { componentKeys: project_name, resolved: 'false', types: 'VULNERABILITY', ps: PAGE_SIZE, p: 1 } loop do # Get all pages response = query_api(ISSUES_ENDPOINT, params) issues += response['issues'] if params[:p] * PAGE_SIZE >= response['paging']['total'] break end params[:p] += 1 end issues end
query_rule(rule)
click to toggle source
Query rules endpoint to get additional info for 800-53 mapping
# File lib/heimdall_tools/sonarqube_mapper.rb, line 81 def query_rule(rule) params = { key: rule } response = query_api(RULE_ENDPOINT, params) response['rule'] end
query_version()
click to toggle source
Query the version of the SonarQube server
# File lib/heimdall_tools/sonarqube_mapper.rb, line 105 def query_version response = query_api(VERSION_ENDPOINT) response.body end