Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🚧 Third party repository detection probe #323

Closed
Closed
Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
8d74f5c
Started with writing test cases for the probe
Jagrutiti Jun 1, 2023
7d62076
Removing unwanted details from test pom file.
Jagrutiti Jun 2, 2023
4286ff4
Adding dummy to pom test files
Jagrutiti Jun 2, 2023
f412657
Adding dummy values to pom test files
Jagrutiti Jun 2, 2023
537d68a
Restoring valuable test data
Jagrutiti Jun 2, 2023
491d16d
Updating the code and test cases
Jagrutiti Jun 3, 2023
3f593a4
Removing unused imports
Jagrutiti Jun 3, 2023
365db47
Fixing code
Jagrutiti Jun 3, 2023
3bb27f5
Undid irrelevant change
Jagrutiti Jun 3, 2023
99a1379
Apply suggestions from code review
Jagrutiti Jun 3, 2023
e050c24
Restoring .gitignore
Jagrutiti Jun 3, 2023
d830b63
Merge branch 'third-party-repository-detection' of https://github.com…
Jagrutiti Jun 3, 2023
fda43ae
Updated the code and the test case
Jagrutiti Jun 3, 2023
c5c3530
Updating the test case
Jagrutiti Jun 3, 2023
5dfd1ed
updating the code and revamping the test cases
Jagrutiti Jun 4, 2023
9b246d4
Updating the test cases
Jagrutiti Jun 4, 2023
00340f8
Updated the success to be parameterized
Jagrutiti Jun 4, 2023
a39e24e
Apply suggestions from code review
Jagrutiti Jun 4, 2023
008065d
Fixed the test cases
Jagrutiti Jun 4, 2023
c565cb4
Updated the test cases
Jagrutiti Jun 4, 2023
ec9b627
Merge branch 'main' into third-party-repository-detection
Jagrutiti Jun 5, 2023
d30ec44
Merge branch 'main' of https://github.com/Jagrutiti/plugin-health-sco…
Jagrutiti Jun 5, 2023
643f599
Merge branch 'third-party-repository-detection' of https://github.com…
Jagrutiti Jun 5, 2023
2cb3048
Updating code and tests to check for pluginRespositories
Jagrutiti Jun 5, 2023
b1b5257
Removing unused import
Jagrutiti Jun 5, 2023
d812c81
FIxing minor syntaxes
Jagrutiti Jun 5, 2023
355d923
Fixed minor syntaxes
Jagrutiti Jun 5, 2023
6d7b31c
Apply suggestions from code review
Jagrutiti Jun 6, 2023
1b3ad71
Apply suggestions from code review
Jagrutiti Jun 6, 2023
dbdfe6f
Adding pom test files
Jagrutiti Jun 6, 2023
53fb134
Apply suggestions from code review
Jagrutiti Jun 6, 2023
ed123c5
Updating code for the tests to fail when no repositories detected
Jagrutiti Jun 6, 2023
e273093
Merge branch 'third-party-repository-detection' of https://github.com…
Jagrutiti Jun 6, 2023
9f7ab30
Updated test case and test files
Jagrutiti Jun 6, 2023
eba72e7
Upating test case and test pom files
Jagrutiti Jun 7, 2023
d5f4070
Fixing checkstyle issues
Jagrutiti Jun 7, 2023
4833c9b
Modifying test cases and code
Jagrutiti Jun 10, 2023
24c911b
Merge branch 'main' into third-party-repository-detection
Jagrutiti Jun 10, 2023
039362e
Undoing editorconfig change
Jagrutiti Jun 10, 2023
2f1638e
Adding additional test files
Jagrutiti Jun 10, 2023
5560353
Fixed code and checkstyle
Jagrutiti Jun 10, 2023
ce97eb0
Removing the effective-pom file
Jagrutiti Jun 13, 2023
148d4dd
Added spotbugs fixes
Jagrutiti Jun 13, 2023
dbe70d5
Added spotbugs fixes
Jagrutiti Jun 13, 2023
276968c
Merge branch 'main' into third-party-repository-detection
Jagrutiti Jun 13, 2023
0be6114
Added spotbugs fixes
Jagrutiti Jun 13, 2023
9343f56
Merge branch 'third-party-repository-detection' of https://github.com…
Jagrutiti Jun 13, 2023
9d43283
Removing unused imports
Jagrutiti Jun 13, 2023
6d42558
Apply suggestions from code review
Jagrutiti Jun 14, 2023
3659137
Fixed missing symbols error
Jagrutiti Jun 14, 2023
58ba0b1
Fixing checkstyle issues
Jagrutiti Jun 14, 2023
da55c4d
Merge branch 'main' into third-party-repository-detection
Jagrutiti Jun 14, 2023
fc8ec3b
Adding code for effective-pom generation and updated the test cases:
Jagrutiti Sep 3, 2023
d77baf1
Adding comments
Jagrutiti Sep 3, 2023
9b23f07
Merge branch 'main' into third-party-repository-detection
Jagrutiti Sep 3, 2023
85c10f3
Merge branch 'main' into third-party-repository-detection
Jagrutiti Sep 7, 2023
1fa7c2b
Fixed merge issues
Jagrutiti Sep 7, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ node_modules/
!.yarn/plugins
!.yarn/releases
!.yarn/sdks
!.yarn/versions
!.yarn/versions
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved
5 changes: 5 additions & 0 deletions core/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -102,5 +102,10 @@
<artifactId>postgresql</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-model</artifactId>
<version>3.8.6</version>
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved
</dependency>
</dependencies>
</project>
alecharp marked this conversation as resolved.
Show resolved Hide resolved
alecharp marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
package io.jenkins.pluginhealth.scoring.probes;

import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.util.List;

import io.jenkins.pluginhealth.scoring.model.Plugin;
import io.jenkins.pluginhealth.scoring.model.ProbeResult;
import org.apache.maven.model.Model;
import org.apache.maven.model.Repository;
import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Component
@Order(value = ThirdPartyRepositoryDetectionProbe.ORDER)
public class ThirdPartyRepositoryDetectionProbe extends Probe{

private static final Logger LOGGER = LoggerFactory.getLogger(ThirdPartyRepositoryDetectionProbe.class);
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved
public static final int ORDER = SCMLinkValidationProbe.ORDER + 100;
public static final String KEY = "third-party-repository-detection-probe";

@Override
protected ProbeResult doApply(Plugin plugin, ProbeContext context) {
final String path = "https://repo.jenkins-ci.org";
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved
MavenXpp3Reader mavenReader = new MavenXpp3Reader();
try {
Model model = mavenReader.read(new FileReader(plugin.getScm()+"/pom.xml"));
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved
for (Repository repository : getRepositories(model)) {
if(!(repository.getUrl().startsWith(path))) {
return ProbeResult.failure(KEY, "Third party repository detected in the plugin");
}
}
} catch (FileNotFoundException e) {
System.out.println("ex 1");
return ProbeResult.error(KEY, e.getMessage());
} catch (XmlPullParserException e) {
System.out.println("ex 2");
return ProbeResult.error(KEY, e.getMessage());
} catch (IOException e) {
System.out.println("ex 3");
return ProbeResult.error(KEY, e.getMessage());

}
return ProbeResult.success(KEY, "The plugin has no third party repositories");
}

private static List<Repository> getRepositories(Model model) {
return model.getRepositories();
}

@Override
public String key() {
return null;
}

@Override
public String getDescription() {
return null;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
package io.jenkins.pluginhealth.scoring.probes;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.*;
alecharp marked this conversation as resolved.
Show resolved Hide resolved
import static org.mockito.Mockito.when;

import java.io.*;
import java.util.List;

import io.jenkins.pluginhealth.scoring.model.Plugin;
import io.jenkins.pluginhealth.scoring.model.ProbeResult;

import org.apache.maven.model.Model;
import org.apache.maven.model.Repository;
import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
import org.junit.jupiter.api.Test;

public class ThirdPartyRepositoryDetectionProbeTest extends AbstractProbeTest<ThirdPartyRepositoryDetectionProbe> {
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved
@Override
ThirdPartyRepositoryDetectionProbe getSpy() {
return spy(ThirdPartyRepositoryDetectionProbe.class);
}

@Test
void shouldFailIfThirdPartRepositoriesDetected() throws IOException, XmlPullParserException {
final Plugin plugin = mock(Plugin.class);
final ProbeContext ctx = mock(ProbeContext.class);

InputStream inputStream = getClass().getClassLoader().getResourceAsStream("pom-test-both-paths/pom.xml");

MavenXpp3Reader mavenReader = mock(MavenXpp3Reader.class);
Model mockModel = mock(Model.class);
List<Repository> repositoryList = mavenReader.read(inputStream).getRepositories();
when(mockModel.getRepositories()).thenReturn(repositoryList);
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved

final ThirdPartyRepositoryDetectionProbe probe = getSpy();

assertThat(probe.apply(plugin, ctx))
.usingRecursiveComparison()
.comparingOnlyFields("id", "message", "status")
.isEqualTo(ProbeResult.failure(ThirdPartyRepositoryDetectionProbe.KEY, "Third party repository detected in the plugin"));
}
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved

@Test
void shouldPassIfNoThirdPartyRepositoriesDetected() {
final Plugin plugin = mock(Plugin.class);
final ProbeContext ctx = mock(ProbeContext.class);
final ThirdPartyRepositoryDetectionProbe probe = getSpy();

assertThat(probe.apply(plugin, ctx))
.usingRecursiveComparison()
.comparingOnlyFields("id", "message", "status")
.isEqualTo(ProbeResult.failure(ThirdPartyRepositoryDetectionProbe.KEY, "The plugin has no third party repositories"));
verify(probe).doApply(any(Plugin.class), any(ProbeContext.class));

}


}
58 changes: 58 additions & 0 deletions core/src/test/resources/pom-test-both-paths/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This is a fake pom used for test cases
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>plugin</artifactId>
<version>4.58</version>
<relativePath />
</parent>

<properties>
<changelist>9999-SNAPSHOT</changelist>
<jenkins.version>2.361.4</jenkins.version>
</properties>


<artifactId>not-a-real-publisher</artifactId>
<name>Fake Publisher</name>
<description>For testing purpose</description>
<version>${changelist}</version>
<packaging>hpi</packaging>
<url>https://test.com/test/${project.artifactId}-plugin</url>

<repositories>
<repository>
<id>repo.jenkins-ci.org</id>
<url>https://repo.jenkins-ci.org/public/</url>
</repository>
<repository>
<id>releases-repo.jenkins-ci.org</id>
<url>https://repo.jenkins-ci.org/releases/</url>
</repository>
<repository>
<id>atlassian-public</id>
<url>https://packages.atlassian.com/mvn/maven-external/</url>
<snapshots>
<enabled>true</enabled>
<updatePolicy>never</updatePolicy>
<checksumPolicy>warn</checksumPolicy>
</snapshots>
<releases>
<enabled>true</enabled>
<checksumPolicy>warn</checksumPolicy>
</releases>
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved
</repository>
</repositories>

<pluginRepositories>
<pluginRepository>
<id>repo.jenkins-ci.org</id>
<url>https://repo.jenkins-ci.org/public/</url>
</pluginRepository>
</pluginRepositories>
</project>
45 changes: 45 additions & 0 deletions core/src/test/resources/pom-test-only-correct-path/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This is a fake pom used for test cases
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>plugin</artifactId>
<version>4.58</version>
<relativePath />
</parent>

<properties>
<changelist>9999-SNAPSHOT</changelist>
<jenkins.version>2.361.4</jenkins.version>
</properties>


<artifactId>not-a-real-publisher</artifactId>
<name>Fake Publisher</name>
<description>For testing purpose</description>
<version>${changelist}</version>
<packaging>hpi</packaging>
<url>https://test.com/test/${project.artifactId}-plugin</url>

<repositories>
<repository>
<id>repo.jenkins-ci.org</id>
<url>https://repo.jenkins-ci.org/public/</url>
</repository>
<repository>
<id>releases-repo.jenkins-ci.org</id>
<url>https://repo.jenkins-ci.org/releases/</url>
</repository>
</repositories>

<pluginRepositories>
<pluginRepository>
<id>repo.jenkins-ci.org</id>
<url>https://repo.jenkins-ci.org/public/</url>
</pluginRepository>
</pluginRepositories>
</project>
43 changes: 43 additions & 0 deletions core/src/test/resources/pom-test-only-incorrect-path/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This is a fake pom used for test cases
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>plugin</artifactId>
<version>4.58</version>
<relativePath />
</parent>

<properties>
<changelist>9999-SNAPSHOT</changelist>
<jenkins.version>2.361.4</jenkins.version>
</properties>


<artifactId>not-a-real-publisher</artifactId>
<name>Fake Publisher</name>
<description>For testing purpose</description>
<version>${changelist}</version>
<packaging>hpi</packaging>
<url>https://test.com/test/${project.artifactId}-plugin</url>

<repositories>
<repository>
<id>atlassian-public</id>
<url>https://packages.atlassian.com/mvn/maven-external/</url>
<snapshots>
<enabled>true</enabled>
<updatePolicy>never</updatePolicy>
<checksumPolicy>warn</checksumPolicy>
</snapshots>
<releases>
<enabled>true</enabled>
<checksumPolicy>warn</checksumPolicy>
</releases>
Jagrutiti marked this conversation as resolved.
Show resolved Hide resolved
</repository>
</repositories>
</project>
5 changes: 5 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,11 @@
<artifactId>github-api</artifactId>
<version>1.314</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-model</artifactId>
<version>3.9.2</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down