class SonarQubeApi

Constants

ISSUES_ENDPOINT
PAGE_SIZE
RULES_ENDPOINT
RULE_ENDPOINT
SOURCE_ENDPOINT
VERSION_ENDPOINT

Public Class Methods

new(api_url, auth = nil) click to toggle source
# File lib/heimdall_tools/sonarqube_mapper.rb, line 36
def initialize(api_url, auth = nil)
  @api_url = api_url
  @auth = auth
end

Public Instance Methods

query_api(endpoint, params = {}) click to toggle source
# File lib/heimdall_tools/sonarqube_mapper.rb, line 41
def query_api(endpoint, params = {})
  unless @auth.nil?
    creds = {
      username: @auth.split(':')[0],
              password: @auth.split(':')[1]
    }
  end

  response = HTTParty.get(@api_url + endpoint, { query: params, basic_auth: creds })
  check_response response
  response
end
query_code_snippet(component, start_line, end_line) click to toggle source

Query the source endpoint for a code snippet showing a vulnerability SonarQube has 3 relevant source endpoints. The web gui uses sources/list (not in webservices), returns each line w/ html formatting and scm sources/show returns just the source lines, but still w/ html formatting Both of the above allow filtering by line, whereas raw does not. sources/raw returns the entire file We are going to use sources/raw for now so we don't have to deal with the html

# File lib/heimdall_tools/sonarqube_mapper.rb, line 96
def query_code_snippet(component, start_line, end_line)
  params = {
    key: component
  }
  response = query_api(SOURCE_ENDPOINT, params)
  response.body.split("\n")[start_line..end_line].join("\n")
end
query_issues(project_name) click to toggle source

Query issues endpoint, get all vulnerabilities This query is based on the url params used by the web project issue view

# File lib/heimdall_tools/sonarqube_mapper.rb, line 56
def query_issues(project_name)
  issues = []
  params = {
    componentKeys: project_name,
      resolved: 'false',
      types: 'VULNERABILITY',
      ps: PAGE_SIZE,
      p: 1
  }

  loop do # Get all pages
    response = query_api(ISSUES_ENDPOINT, params)
    issues += response['issues']

    if params[:p] * PAGE_SIZE >= response['paging']['total']
      break
    end

    params[:p] += 1
  end

  issues
end
query_rule(rule) click to toggle source

Query rules endpoint to get additional info for 800-53 mapping

# File lib/heimdall_tools/sonarqube_mapper.rb, line 81
def query_rule(rule)
  params = {
    key: rule
  }
  response = query_api(RULE_ENDPOINT, params)
  response['rule']
end
query_version() click to toggle source

Query the version of the SonarQube server

# File lib/heimdall_tools/sonarqube_mapper.rb, line 105
def query_version
  response = query_api(VERSION_ENDPOINT)
  response.body
end