SonarQube fixes (#175)

* Replace HTTP with HTTPS even in tests and examples * Force HTTPS on redirects * Include all code in coverage * Ignore non-passwords with SonarQube * Fix various SonaQube issues
release-engineering · Jul 25, 2024 · c0b0059 · c0b0059
1 parent e1bb922
commit c0b0059
Show file tree

Hide file tree

Showing 16 changed files with 425 additions and 538 deletions.
diff --git a/APIDOCS.apiary b/APIDOCS.apiary
@@ -87,7 +87,7 @@ Retrieve a single `Result` based on the `id`.
             "testcase": {
                 "name": "dist.rpmlint",
                 "ref_url": "https://fedoraproject.org/wiki/Common_Rpmlint_issues",
-                "href": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
+                "href": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
             },
             "note": "0 errors, 30 warnings",
             "ref_url": "https://taskotron-dev.fedoraproject.org/artifacts/all/27f94e36-62ec-11e6-83fd-525400d7d6a4/task_output/koschei-1.7.2-1.fc24.log",
@@ -98,7 +98,7 @@ Retrieve a single `Result` based on the `id`.
                 "type": ["koji_build"],
                 "arch": ["x86_64","noarch"]
             },
-            "href": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989"
+            "href": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989"
         }
 
 + Response 404 (application/json)
@@ -153,7 +153,7 @@ Examples are provided in the Parameters section of the documentation.
 + Response 200 (application/json)
 
         {
-            "next":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?item:like=koschei*fc24*&outcome=PASSED,FAILED&since=2016-08-15T13:00:00,2016-08-15T13:30:00&page=1",
+            "next":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?item:like=koschei*fc24*&outcome=PASSED,FAILED&since=2016-08-15T13:00:00,2016-08-15T13:30:00&page=1",
             "prev":null,
             "data":[
                 {
@@ -162,7 +162,7 @@ Examples are provided in the Parameters section of the documentation.
                     "testcase":{
                         "name":"dist.rpmlint",
                         "ref_url":"https://fedoraproject.org/wiki/Common_Rpmlint_issues",
-                        "href":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
+                        "href":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
                     },
                     "groups":["27f94e36-62ec-11e6-83fd-525400d7d6a4"],
                     "note":"0 errors, 30 warnings",
@@ -173,7 +173,7 @@ Examples are provided in the Parameters section of the documentation.
                         "type":["koji_build"],
                         "arch":["x86_64","noarch"]
                     },
-                    "href":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989"
+                    "href":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989"
                 }
             ]
         }
@@ -225,7 +225,7 @@ An additional available parameter is `_distinct_on`, if specified allows the use
                     "testcase":{
                         "name":"dist.rpmlint",
                         "ref_url":"https://fedoraproject.org/wiki/Common_Rpmlint_issues",
-                        "href":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
+                        "href":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
                     },
                     "groups":["27f94e36-62ec-11e6-83fd-525400d7d6a4"],
                     "note":"0 errors, 30 warnings",
@@ -236,7 +236,7 @@ An additional available parameter is `_distinct_on`, if specified allows the use
                         "type":["koji_build"],
                         "arch":["x86_64","noarch"]
                     },
-                    "href":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989"
+                    "href":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989"
                 }
             ]
         }
@@ -290,7 +290,7 @@ When a new `Result` is created, it is assigned an unique `id` and `submit_time`
             "testcase":{
                 "name":"dist.rpmlint",
                 "ref_url":"https://fedoraproject.org/wiki/Common_Rpmlint_issues",
-                "href":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
+                "href":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
             },
             "groups":["27f94e36-62ec-11e6-83fd-525400d7d6a4"],
             "note":"0 errors, 30 warnings",
@@ -301,7 +301,7 @@ When a new `Result` is created, it is assigned an unique `id` and `submit_time`
                 "type":["koji_build"],
                 "arch":["x86_64","noarch"]
             },
-            "href":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989"
+            "href":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989"
         }
 
 + Response 400 (application/json)
@@ -349,9 +349,9 @@ Retrieve a single `Group` based on the `uuid`.
             "uuid": "27f94e36-62ec-11e6-83fd-525400d7d6a4",
             "description": "Taskotron job on koji_build koschei-1.7.2-1.fc24",
             "ref_url": "https://taskotron-dev.fedoraproject.org/execdb/jobs/27f94e36-62ec-11e6-83fd-525400d7d6a4",
-            "results": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?group=27f94e36-62ec-11e6-83fd-525400d7d6a4",
+            "results": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?group=27f94e36-62ec-11e6-83fd-525400d7d6a4",
             "results_count": 1,
-            "href": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups/27f94e36-62ec-11e6-83fd-525400d7d6a4"
+            "href": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups/27f94e36-62ec-11e6-83fd-525400d7d6a4"
         }
 
 
@@ -381,16 +381,16 @@ Collection of all the `Groups`.
 + Response 200 (application/json)
 
         {
-            "next":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups?page=1",
+            "next":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups?page=1",
             "prev":null,
             "data":[
                 {
                     "uuid": "27f94e36-62ec-11e6-83fd-525400d7d6a4",
                     "description": "Taskotron job on koji_build koschei-1.7.2-1.fc24",
                     "ref_url": "https://taskotron-dev.fedoraproject.org/execdb/jobs/27f94e36-62ec-11e6-83fd-525400d7d6a4",
-                    "results": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?group=27f94e36-62ec-11e6-83fd-525400d7d6a4",
+                    "results": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?group=27f94e36-62ec-11e6-83fd-525400d7d6a4",
                     "results_count": 1,
-                    "href": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups/27f94e36-62ec-11e6-83fd-525400d7d6a4"
+                    "href": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups/27f94e36-62ec-11e6-83fd-525400d7d6a4"
                 }
             ]
         }
@@ -426,9 +426,9 @@ the new `description` or `ref_url`, if set in the JSON data.
             "uuid": "27f94e36-62ec-11e6-83fd-525400d7d6a4",
             "description": "Taskotron job on koji_build koschei-1.7.2-1.fc24",
             "ref_url": "https://taskotron-dev.fedoraproject.org/execdb/jobs/27f94e36-62ec-11e6-83fd-525400d7d6a4",
-            "results": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?group=27f94e36-62ec-11e6-83fd-525400d7d6a4",
+            "results": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?group=27f94e36-62ec-11e6-83fd-525400d7d6a4",
             "results_count": 0,
-            "href": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups/27f94e36-62ec-11e6-83fd-525400d7d6a4"
+            "href": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups/27f94e36-62ec-11e6-83fd-525400d7d6a4"
         }
 
 
@@ -467,7 +467,7 @@ Retrieve a single `Testcase` based on the `name`.
         {
             "name": "dist.rpmlint",
             "ref_url": "https://fedoraproject.org/wiki/Common_Rpmlint_issues",
-            "href": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
+            "href": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
         }
 
 + Response 404 (application/json)
@@ -498,13 +498,13 @@ Collection of all the `Testcases`.
 + Response 200 (application/json)
 
         {
-            "next":"http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/name:like=dist.rpmlint.*&page=1",
+            "next":"https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/name:like=dist.rpmlint.*&page=1",
             "prev":null,
             "data":[
                 {
                     "name": "dist.rpmlint",
                     "ref_url": "https://fedoraproject.org/wiki/Common_Rpmlint_issues",
-                    "href": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
+                    "href": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
                 }
             ]
         }
@@ -531,7 +531,7 @@ get updated with the new `ref_url`, if set in the JSON data.
         {
             "name": "dist.rpmlint",
             "ref_url": "https://fedoraproject.org/wiki/Common_Rpmlint_issues",
-            "href": "http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
+            "href": "https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint"
         }
 
 
@@ -554,7 +554,7 @@ get updated with the new `ref_url`, if set in the JSON data.
     - `27f94e36-62ec-11e6-83fd-525400d7d6a4` (string)
 - data (object) - Any number of key-value pairs. Used to store any additional information. In Taskotron `item` and `type` are the most common keys used to represent "what was tested".
     - *key* (array[string], optional)
-- `href`: `http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989` (string) - Reference to self.
+- `href`: `https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results/7484989` (string) - Reference to self.
 
 ## Result POST (object)
 - outcome (OUTCOMES, required)
@@ -602,9 +602,9 @@ get updated with the new `ref_url`, if set in the JSON data.
 - _auth (nullable, optional) - Placeholder for the future implemantation of Authentication/Authorization
 
 ## Group GET (Group POST data)
-- results: `http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?group=27f94e36-62ec-11e6-83fd-525400d7d6a4` (string) - URL to retrieve results in the `Group` via the `Result` resource
+- results: `https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/results?group=27f94e36-62ec-11e6-83fd-525400d7d6a4` (string) - URL to retrieve results in the `Group` via the `Result` resource
 - `results_count`: 1 (number) - Amount of `Results` in the `Group`
-- `href`: `http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups/27f94e36-62ec-11e6-83fd-525400d7d6a4` (string) - Reference to self.
+- `href`: `https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/groups/27f94e36-62ec-11e6-83fd-525400d7d6a4` (string) - Reference to self.
 
 
 ## Testcase POST data (object)
@@ -617,4 +617,4 @@ get updated with the new `ref_url`, if set in the JSON data.
 - _auth (nullable, optional) - Placeholder for the future implemantation of Authentication/Authorization.
 
 ## Testcase GET (Testcase POST data)
-- `href`: `http://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint` (string) - Reference to self.
+- `href`: `https://taskotron-dev.fedoraproject.org/resultsdb_api/api/v2.0/testcases/dist.rpmlint` (string) - Reference to self.
diff --git a/Dockerfile b/Dockerfile
@@ -31,7 +31,7 @@ RUN set -exo pipefail \
     && yum --installroot=/mnt/rootfs clean all \
     && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* \
     # https://python-poetry.org/docs/master/#installing-with-the-official-installer
-    && curl -sSL https://install.python-poetry.org | python3 - \
+    && curl -sSL --proto "=https" https://install.python-poetry.org | python3 - \
     && python3 -m venv --system-site-packages /venv
 
 ENV \

diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 # Copyright 2018, Red Hat, Inc.
-# License: GPL-2.0+ <http://spdx.org/licenses/GPL-2.0+>
+# License: GPL-2.0+ <https://spdx.org/licenses/GPL-2.0+>
 # See the LICENSE file for more details on Licensing
 
 #######################################################################

diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@
 ResultsDB is a results store engine for (not only) Fedora QA tools.
 
 The API v2 documentation can be found at
-<http://docs.resultsdb20.apiary.io/>.
+<https://docs.resultsdb20.apiary.io/>.
 
 ## Repositories
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -8,7 +8,7 @@ authors = [
 license = "GPL-2.0-or-later"
 readme = "README.md"
 repository = "https://github.com/release-engineering/resultsdb"
-homepage = "http://docs.resultsdb20.apiary.io/"
+homepage = "https://docs.resultsdb20.apiary.io/"
 
 include = [
     "LICENSE",

diff --git a/resultsdb/__init__.py b/resultsdb/__init__.py
@@ -54,7 +54,7 @@
 
 def create_app(config_obj=None):
     app = Flask(__name__)
-    app.secret_key = "replace-me-with-something-random"  # nosec
+    app.secret_key = "replace-me-with-something-random"  # nosec # NOSONAR
 
     # make sure app behaves when behind a proxy
     app.wsgi_app = ReverseProxied(app.wsgi_app)
@@ -90,7 +90,7 @@ def create_app(config_obj=None):
         app.config.from_pyfile(config_file)
 
     if app.config["PRODUCTION"]:
-        if app.secret_key == "replace-me-with-something-random":  # nosec
+        if app.secret_key == "replace-me-with-something-random":  # nosec # NOSONAR
             raise Warning("You need to change the app.secret_key value for production")
 
     setup_logging(app)

diff --git a/resultsdb/__main__.py b/resultsdb/__main__.py
@@ -101,30 +101,36 @@ def mock_data():
 
     if not db.session.query(Testcase).count():
         print(" - Testcase, Job, Result, ResultData")
-        tc1 = Testcase(ref_url="http://example.com/depcheck", name="depcheck")
-        tc2 = Testcase(ref_url="http://example.com/rpmlint", name="rpmlint")
+        tc1 = Testcase(ref_url="https://example.com/depcheck", name="depcheck")
+        tc2 = Testcase(ref_url="https://example.com/rpmlint", name="rpmlint")
 
         j1 = Group(
             uuid="5b3f47b4-2ba2-11e5-a343-5254007dccf9",
-            ref_url="http://example.com/job1",
+            ref_url="https://example.com/job1",
         )
 
         j2 = Group(
             uuid="4e575b2c-2ba2-11e5-a343-5254007dccf9",
-            ref_url="http://example.com/job2",
+            ref_url="https://example.com/job2",
         )
 
         r1 = Result(
-            groups=[j1], testcase=tc1, outcome="PASSED", ref_url="http://example.com/r1"
+            groups=[j1],
+            testcase=tc1,
+            outcome="PASSED",
+            ref_url="https://example.com/r1",
         )
         r2 = Result(
             groups=[j1, j2],
             testcase=tc1,
             outcome="FAILED",
-            ref_url="http://example.com/r2",
+            ref_url="https://example.com/r2",
         )
         r3 = Result(
-            groups=[j2], testcase=tc2, outcome="FAILED", ref_url="http://example.com/r2"
+            groups=[j2],
+            testcase=tc2,
+            outcome="FAILED",
+            ref_url="https://example.com/r2",
         )
 
         ResultData(r1, "item", "cabal-rpm-0.8.3-1.fc18")

diff --git a/resultsdb/authorization.py b/resultsdb/authorization.py
@@ -6,6 +6,8 @@
 
 log = logging.getLogger(__name__)
 
+LDAP_ERROR = "Some error occurred initializing the LDAP connection"
+
 
 def get_group_membership(ldap, user, con, ldap_search):
     try:
@@ -23,8 +25,8 @@ def get_group_membership(ldap, user, con, ldap_search):
         log.exception("The LDAP server is not reachable")
         raise BadGateway("The LDAP server is not reachable")
     except ldap.LDAPError:
-        log.exception("Some error occurred initializing the LDAP connection")
-        raise BadGateway("Some error occurred initializing the LDAP connection")
+        log.exception(LDAP_ERROR)
+        raise BadGateway(LDAP_ERROR)
 
 
 def match_testcase_permissions(testcase, permissions):
@@ -64,8 +66,8 @@ def verify_authorization(user, testcase, permissions, ldap_host, ldap_searches):
     try:
         con = ldap.initialize(ldap_host)
     except ldap.LDAPError:
-        log.exception("Some error occurred initializing the LDAP connection")
-        raise BadGateway("Some error occurred initializing the LDAP connection")
+        log.exception(LDAP_ERROR)
+        raise BadGateway(LDAP_ERROR)
 
     any_groups_found = False
     for cur_ldap_search in ldap_searches:

diff --git a/resultsdb/config.py b/resultsdb/config.py
@@ -27,7 +27,7 @@
 def db_uri_for_testing():
     postgres_port = os.getenv("RESULTSDB_POSTGRES_PORT")
     if postgres_port:
-        return f"postgresql+psycopg2://resultsdb:resultsdb@localhost:{postgres_port}/resultsdb"
+        return f"postgresql+psycopg2://resultsdb:resultsdb@localhost:{postgres_port}/resultsdb"  # NOSONAR
 
     return "sqlite:///.test_db.sqlite"
 
@@ -37,7 +37,7 @@ class Config:
 
     DEBUG = True
     PRODUCTION = False
-    SECRET_KEY = "replace-me-with-something-random"  # nosec
+    SECRET_KEY = "replace-me-with-something-random"  # nosec # NOSONAR
 
     HOST = "127.0.0.1"
     PORT = 5001

diff --git a/resultsdb/controllers/api_v2.py b/resultsdb/controllers/api_v2.py
@@ -120,6 +120,23 @@ def prev_next_urls(data, limit=QUERY_LIMIT):
 # =============================================================================
 
 
+def add_group(grp):
+    if isinstance(grp, (str, bytes)):
+        grp = dict(uuid=grp)
+    elif isinstance(grp, dict):
+        grp["uuid"] = grp.get("uuid", str(uuid.uuid1()))
+
+    group = Group.query.filter_by(uuid=grp["uuid"]).first()
+    if not group:
+        group = Group(uuid=grp["uuid"])
+
+    group.description = grp.get("description", group.description)
+    group.ref_url = grp.get("ref_url", group.ref_url)
+
+    db.session.add(group)
+    return group
+
+
 @api.route("/groups", methods=["GET"])
 @validate()
 def get_groups(query: GroupsParams):
@@ -407,7 +424,7 @@ def get_results_latest(query: ResultsParams):
             jsonify(
                 {
                     "message": (
-                        "Please, provide at least one " "filter beside '_distinct_on'"
+                        "Please, provide at least one filter beside '_distinct_on'"
                     )
                 }
             ),
@@ -508,23 +525,7 @@ def create_result_any_data(body: CreateResultParams):
     #  when a group defined by the string is not found, new is created
     #  group defined by the object, is updated/created with the values from the object
     # non-existing groups are created automatically
-    groups = []
-    if body.groups:
-        for grp in body.groups:
-            if isinstance(grp, (str, bytes)):
-                grp = dict(uuid=grp)
-            elif isinstance(grp, dict):
-                grp["uuid"] = grp.get("uuid", str(uuid.uuid1()))
-
-            group = Group.query.filter_by(uuid=grp["uuid"]).first()
-            if not group:
-                group = Group(uuid=grp["uuid"])
-
-            group.description = grp.get("description", group.description)
-            group.ref_url = grp.get("ref_url", group.ref_url)
-
-            db.session.add(group)
-            groups.append(group)
+    groups = [add_group(group) for group in (body.groups or [])]
 
     result = Result(
         testcase, body.outcome, groups, body.ref_url, body.note, body.submit_time
@@ -652,7 +653,7 @@ def landing_page():
                 "message": "Everything is fine. But choose wisely, for while "
                 "the true Grail will bring you life, the false "
                 "Grail will take it from you.",
-                "documentation": "http://docs.resultsdb20.apiary.io/",
+                "documentation": "https://docs.resultsdb20.apiary.io/",
                 "groups": url_for(".get_groups", _external=True),
                 "results": url_for(".get_results", _external=True),
                 "testcases": url_for(".get_testcases", _external=True),