Merge pull request #394 from pascalgrimaud/sonar-code-smells-generate…

…d-projects

Fix some Sonar Code Smells for generated projects

src/main/resources/generator/server/springboot/database/postgresql/FixedPostgreSQL10DialectTest.java.mustache

@@ -40,7 +40,7 @@ class FixedPostgreSQL10DialectTest {
 
   @Test
   void testBlobTypeRegister() {
-    assertThat(registered.get(Types.BLOB)).isEqualTo("bytea");
+    assertThat(registered.get(Types.BLOB)).contains("bytea");
   }
 
   @Test

src/main/resources/generator/server/springboot/dbmigration/liquibase/test/AsyncSpringLiquibaseTest.java.mustache

@@ -239,6 +239,7 @@ class AsyncSpringLiquibaseTest {
     }
 
     @Override
+    @SuppressWarnings("java:S2925")
     protected void performUpdate(Liquibase liquibase) {
       long sleep = getSleep();
       if (sleep > 0) {
@@ -288,6 +289,7 @@ class AsyncSpringLiquibaseTest {
     }
 
     @Override
+    @SuppressWarnings("java:S2925")
     protected void performUpdate(Liquibase liquibase) {
       long sleep = getSleep();
       if (sleep > 0) {

src/main/resources/generator/server/springboot/mvc/security/jwt/src/ApplicationSecurityDefaults.java.mustache

@@ -1,18 +1,14 @@
 package {{packageName}}.security.jwt.infrastructure.config;
 
-@SuppressWarnings("java:S2386")
-public interface ApplicationSecurityDefaults {
-  interface Security {
-    String contentSecurityPolicy =
-      "default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
+public class ApplicationSecurityDefaults {
 
-    interface Authentication {
-      interface Jwt {
-        String secret = null;
-        String base64Secret = null;
-        long tokenValidityInSeconds = 1800; // 30 minutes
-        long tokenValidityInSecondsForRememberMe = 2592000; // 30 days
-      }
-    }
-  }
+  private ApplicationSecurityDefaults() {}
+
+  public static final String CONTENT_SECURITY_POLICY =
+    "default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
+
+  public static final String SECRET = null;
+  public static final String BASE_64_SECRET = null;
+  public static final long TOKEN_VALIDITY_IN_SECONDS = 1800; // 30 minutes
+  public static final long TOKEN_VALIDITY_IN_SECONDS_FOR_REMEMBER_ME = 2592000; // 30 days
 }

src/main/resources/generator/server/springboot/mvc/security/jwt/src/ApplicationSecurityProperties.java.mustache

@@ -7,7 +7,7 @@ import org.springframework.context.annotation.Configuration;
 @ConfigurationProperties(prefix = "application.security", ignoreUnknownFields = false)
 public class ApplicationSecurityProperties {
 
-  private String contentSecurityPolicy = ApplicationSecurityDefaults.Security.contentSecurityPolicy;
+  private String contentSecurityPolicy = ApplicationSecurityDefaults.CONTENT_SECURITY_POLICY;
 
   private final Authentication authentication = new Authentication();
 
@@ -33,14 +33,13 @@ public class ApplicationSecurityProperties {
 
     public static class Jwt {
 
-      private String secret = ApplicationSecurityDefaults.Security.Authentication.Jwt.secret;
+      private String secret = ApplicationSecurityDefaults.SECRET;
 
-      private String base64Secret = ApplicationSecurityDefaults.Security.Authentication.Jwt.base64Secret;
+      private String base64Secret = ApplicationSecurityDefaults.BASE_64_SECRET;
 
-      private long tokenValidityInSeconds = ApplicationSecurityDefaults.Security.Authentication.Jwt.tokenValidityInSeconds;
+      private long tokenValidityInSeconds = ApplicationSecurityDefaults.TOKEN_VALIDITY_IN_SECONDS;
 
-      private long tokenValidityInSecondsForRememberMe =
-        ApplicationSecurityDefaults.Security.Authentication.Jwt.tokenValidityInSecondsForRememberMe;
+      private long tokenValidityInSecondsForRememberMe = ApplicationSecurityDefaults.TOKEN_VALIDITY_IN_SECONDS_FOR_REMEMBER_ME;
 
       public String getSecret() {
         return secret;

src/main/resources/generator/server/springboot/mvc/security/jwt/src/SecurityConfiguration.java.mustache

@@ -73,7 +73,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
       .and()
       .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
       .and()
-      .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'")
+      .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
       .and()
       .frameOptions()
       .deny()

src/main/resources/generator/server/springboot/mvc/security/jwt/src/SecurityUtils.java.mustache

@@ -34,8 +34,8 @@ public final class SecurityUtils {
       return null;
     } else if (authentication.getPrincipal() instanceof UserDetails springSecurityUser) {
       return springSecurityUser.getUsername();
-    } else if (authentication.getPrincipal() instanceof String) {
-      return (String) authentication.getPrincipal();
+    } else if (authentication.getPrincipal() instanceof String principal) {
+      return principal;
     }
     return null;
   }

src/main/resources/generator/server/springboot/mvc/security/jwt/src/TokenProvider.java.mustache

@@ -82,7 +82,7 @@ public class TokenProvider {
       .stream(claims.get(AUTHORITIES_KEY).toString().split(","))
       .filter(auth -> !auth.trim().isEmpty())
       .map(SimpleGrantedAuthority::new)
-      .collect(Collectors.toList());
+      .toList();
 
     User principal = new User(claims.getSubject(), "", authorities);
 

src/main/resources/generator/server/springboot/mvc/security/jwt/test/ApplicationSecurityPropertiesTest.java.mustache

@@ -1,6 +1,5 @@
 package {{packageName}}.security.jwt.infrastructure.config;
 
-import static org.assertj.core.api.Assertions.*;
 import static org.assertj.core.api.Assertions.assertThat;
 
 import org.junit.jupiter.api.BeforeEach;
@@ -18,49 +17,49 @@ class ApplicationSecurityPropertiesTest {
   }
 
   @Test
-  void testSecurityAuthenticationJwtSecret() {
+  void shouldGetSecurityAuthenticationJwtSecret() {
     ApplicationSecurityProperties.Authentication.Jwt obj = properties.getAuthentication().getJwt();
-    String val = ApplicationSecurityDefaults.Security.Authentication.Jwt.secret;
+    String val = ApplicationSecurityDefaults.SECRET;
     assertThat(obj.getSecret()).isEqualTo(val);
     val = "1" + val;
     obj.setSecret(val);
     assertThat(obj.getSecret()).isEqualTo(val);
   }
 
   @Test
-  void testSecurityAuthenticationJwtBase64Secret() {
+  void shouldGetSecurityAuthenticationJwtBase64Secret() {
     ApplicationSecurityProperties.Authentication.Jwt obj = properties.getAuthentication().getJwt();
-    String val = ApplicationSecurityDefaults.Security.Authentication.Jwt.base64Secret;
+    String val = ApplicationSecurityDefaults.BASE_64_SECRET;
     assertThat(obj.getSecret()).isEqualTo(val);
     val = "1" + val;
     obj.setBase64Secret(val);
     assertThat(obj.getBase64Secret()).isEqualTo(val);
   }
 
   @Test
-  void testSecurityAuthenticationJwtTokenValidityInSeconds() {
+  void shouldGetSecurityAuthenticationJwtTokenValidityInSeconds() {
     ApplicationSecurityProperties.Authentication.Jwt obj = properties.getAuthentication().getJwt();
-    long val = ApplicationSecurityDefaults.Security.Authentication.Jwt.tokenValidityInSeconds;
+    long val = ApplicationSecurityDefaults.TOKEN_VALIDITY_IN_SECONDS;
     assertThat(obj.getTokenValidityInSeconds()).isEqualTo(val);
     val++;
     obj.setTokenValidityInSeconds(val);
     assertThat(obj.getTokenValidityInSeconds()).isEqualTo(val);
   }
 
   @Test
-  void testSecurityAuthenticationJwtTokenValidityInSecondsForRememberMe() {
+  void shouldGetSecurityAuthenticationJwtTokenValidityInSecondsForRememberMe() {
     ApplicationSecurityProperties.Authentication.Jwt obj = properties.getAuthentication().getJwt();
-    long val = ApplicationSecurityDefaults.Security.Authentication.Jwt.tokenValidityInSecondsForRememberMe;
+    long val = ApplicationSecurityDefaults.TOKEN_VALIDITY_IN_SECONDS_FOR_REMEMBER_ME;
     assertThat(obj.getTokenValidityInSecondsForRememberMe()).isEqualTo(val);
     val++;
     obj.setTokenValidityInSecondsForRememberMe(val);
     assertThat(obj.getTokenValidityInSecondsForRememberMe()).isEqualTo(val);
   }
 
   @Test
-  void testSecurityContentSecurityPolicy() {
+  void shouldGetSecurityContentSecurityPolicy() {
     ApplicationSecurityProperties obj = properties;
-    String val = ApplicationSecurityDefaults.Security.contentSecurityPolicy;
+    String val = ApplicationSecurityDefaults.CONTENT_SECURITY_POLICY;
     assertThat(obj.getContentSecurityPolicy()).isEqualTo(val);
     obj.setContentSecurityPolicy("foobar");
     assertThat(obj.getContentSecurityPolicy()).isEqualTo("foobar");

src/main/resources/generator/server/springboot/mvc/web/src/BadRequestAlertException.java.mustache

@@ -6,6 +6,7 @@ import java.util.Map;
 import org.zalando.problem.AbstractThrowableProblem;
 import org.zalando.problem.Status;
 
+@SuppressWarnings("squid:MaximumInheritanceDepth")
 public class BadRequestAlertException extends AbstractThrowableProblem {
 
   private static final long serialVersionUID = 1L;