source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2024 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.ce.task.projectanalysis.qualitymodel;
  21
  22 import java.util.Optional;
  23 import org.sonar.ce.task.projectanalysis.component.Component;
  24 import org.sonar.ce.task.projectanalysis.component.PathAwareVisitorAdapter;
  25 import org.sonar.ce.task.projectanalysis.issue.ComponentIssuesRepository;
  26 import org.sonar.ce.task.projectanalysis.issue.NewIssueClassifier;
  27 import org.sonar.ce.task.projectanalysis.measure.Measure;
  28 import org.sonar.ce.task.projectanalysis.measure.MeasureRepository;
  29 import org.sonar.ce.task.projectanalysis.metric.Metric;
  30 import org.sonar.ce.task.projectanalysis.metric.MetricRepository;
  31
  32 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_REVIEWED_KEY;
  33 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS_KEY;
  34 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS_KEY;
  35 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_REVIEW_RATING_KEY;
  36 import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
  37 import static org.sonar.ce.task.projectanalysis.component.ComponentVisitor.Order.POST_ORDER;
  38 import static org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit.FILE;
  39 import static org.sonar.server.metric.SoftwareQualitiesMetrics.NEW_SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY;
  40 import static org.sonar.server.security.SecurityReviewRating.computeAToDRating;
  41 import static org.sonar.server.security.SecurityReviewRating.computePercent;
  42 import static org.sonar.server.security.SecurityReviewRating.computeRating;
  43
  44 public class NewSecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<SecurityReviewCounter> {
  45
  46   private final ComponentIssuesRepository componentIssuesRepository;
  47   private final MeasureRepository measureRepository;
  48   private final Metric newSecurityReviewRatingMetric;
  49   private final Metric newSoftwareQualitySecurityReviewRatingMetric;
  50   private final Metric newSecurityHotspotsReviewedMetric;
  51   private final Metric newSecurityHotspotsReviewedStatusMetric;
  52   private final Metric newSecurityHotspotsToReviewStatusMetric;
  53   private final NewIssueClassifier newIssueClassifier;
  54
  55   public NewSecurityReviewMeasuresVisitor(ComponentIssuesRepository componentIssuesRepository, MeasureRepository measureRepository, MetricRepository metricRepository,
  56     NewIssueClassifier newIssueClassifier) {
  57     super(FILE, POST_ORDER, NewSecurityReviewMeasuresVisitor.CounterFactory.INSTANCE);
  58     this.componentIssuesRepository = componentIssuesRepository;
  59     this.measureRepository = measureRepository;
  60     this.newSecurityReviewRatingMetric = metricRepository.getByKey(NEW_SECURITY_REVIEW_RATING_KEY);
  61     this.newSoftwareQualitySecurityReviewRatingMetric = metricRepository.getByKey(NEW_SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY);
  62     this.newSecurityHotspotsReviewedMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_REVIEWED_KEY);
  63     this.newSecurityHotspotsReviewedStatusMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS_KEY);
  64     this.newSecurityHotspotsToReviewStatusMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS_KEY);
  65     this.newIssueClassifier = newIssueClassifier;
  66   }
  67
  68   @Override
  69   public void visitProject(Component project, Path<SecurityReviewCounter> path) {
  70     if (!newIssueClassifier.isEnabled()) {
  71       return;
  72     }
  73     computeMeasure(project, path);
  74
  75     // The following measures are only computed on projects level as they are required to compute the others measures on applications
  76     measureRepository.add(project, newSecurityHotspotsReviewedStatusMetric, Measure.newMeasureBuilder().create(path.current().getHotspotsReviewed()));
  77     measureRepository.add(project, newSecurityHotspotsToReviewStatusMetric, Measure.newMeasureBuilder().create(path.current().getHotspotsToReview()));
  78   }
  79
  80   @Override
  81   public void visitDirectory(Component directory, Path<SecurityReviewCounter> path) {
  82     computeMeasure(directory, path);
  83   }
  84
  85   @Override
  86   public void visitFile(Component file, Path<SecurityReviewCounter> path) {
  87     computeMeasure(file, path);
  88   }
  89
  90   private void computeMeasure(Component component, Path<SecurityReviewCounter> path) {
  91     componentIssuesRepository.getIssues(component)
  92       .stream()
  93       .filter(issue -> issue.type().equals(SECURITY_HOTSPOT))
  94       .filter(issue -> newIssueClassifier.isNew(component, issue))
  95       .forEach(issue -> path.current().processHotspot(issue));
  96
  97     Optional<Double> percent = computePercent(path.current().getHotspotsToReview(), path.current().getHotspotsReviewed());
  98     measureRepository.add(component, newSecurityReviewRatingMetric, Measure.newMeasureBuilder().create(computeRating(percent.orElse(null)).getIndex()));
  99     measureRepository.add(component, newSoftwareQualitySecurityReviewRatingMetric,
 100       Measure.newMeasureBuilder().create(computeAToDRating(percent.orElse(null)).getIndex()));
 101     percent.ifPresent(p -> measureRepository.add(component, newSecurityHotspotsReviewedMetric, Measure.newMeasureBuilder().create(p)));
 102
 103     if (!path.isRoot()) {
 104       path.parent().add(path.current());
 105     }
 106   }
 107
 108   private static final class CounterFactory extends SimpleStackElementFactory<SecurityReviewCounter> {
 109     public static final NewSecurityReviewMeasuresVisitor.CounterFactory INSTANCE = new NewSecurityReviewMeasuresVisitor.CounterFactory();
 110
 111     private CounterFactory() {
 112       // prevents instantiation
 113     }
 114
 115     @Override
 116     public SecurityReviewCounter createForAny(Component component) {
 117       return new SecurityReviewCounter();
 118     }
 119   }
 120
 121 }