Add new extensions for Micronaut Security #60
Conversation
MariusVolkhart
requested review from
ethan-wrasman-pkware and
mbayerPK
as code owners
| @@ -0,0 +1,124 @@ | |||
| # Micronaut Extension for Detekt | |||
|
|
|||
| A detekt extension that provides security and best practice rules for Micronaut applications. | |||
There was a problem hiding this comment.
Where are we going to be using micronaut controllers over spring?
I also assume this extension doesn't work for spring annotated controllers with annotations like @GetMapping @PutMapping, @PostMapping, right?
Also for the roles can you reference DSM rbac roles in the annotations like SUPER_USER, etc? Or where do you get roles from for the @RolesAllowed and @Secured annotations?
| } | ||
|
|
||
| @Test | ||
| fun `reports endpoint in controller class`() { |
There was a problem hiding this comment.
Can we add a test for reporting un-annotated endpoints in a controller where there are mixed annotated and un-annotated endpoints?
| @Test | ||
| fun `does not report endpoint with RolesAllowed annotation`() { | ||
| val code = """ | ||
| @RolesAllowed("USER", "ADMIN") |
There was a problem hiding this comment.
What happens if we have an @RolesAllowed annotation with a blank/empty role?
| @Test | ||
| fun `does not report endpoint with Secured annotation`() { | ||
| val code = """ | ||
| @Secured("ROLE_ADMIN") |
There was a problem hiding this comment.
What happens if we have an @Secured annotation with a blank/empty role?
| assertThat(findings) | ||
| .hasSize(1) | ||
| .hasStartSourceLocation(2, 13) | ||
| assertThat(findings.first()) |
There was a problem hiding this comment.
Do we want similar message verification asserts for the rest of the endpoint verb tests?
No description provided.