source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2020 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.ce.task.projectanalysis.qualitymodel;
  21
  22 import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolder;
  23 import org.sonar.ce.task.projectanalysis.component.Component;
  24 import org.sonar.ce.task.projectanalysis.component.PathAwareVisitorAdapter;
  25 import org.sonar.ce.task.projectanalysis.issue.ComponentIssuesRepository;
  26 import org.sonar.ce.task.projectanalysis.measure.Measure;
  27 import org.sonar.ce.task.projectanalysis.measure.MeasureRepository;
  28 import org.sonar.ce.task.projectanalysis.metric.Metric;
  29 import org.sonar.ce.task.projectanalysis.metric.MetricRepository;
  30 import org.sonar.ce.task.projectanalysis.period.PeriodHolder;
  31
  32 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_REVIEWED_KEY;
  33 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_REVIEW_RATING_KEY;
  34 import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
  35 import static org.sonar.ce.task.projectanalysis.component.ComponentVisitor.Order.POST_ORDER;
  36 import static org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit.FILE;
  37 import static org.sonar.server.security.SecurityReviewRating.computePercent;
  38 import static org.sonar.server.security.SecurityReviewRating.computeRating;
  39
  40 public class NewSecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<SecurityReviewCounter> {
  41
  42   private final ComponentIssuesRepository componentIssuesRepository;
  43   private final MeasureRepository measureRepository;
  44   private final PeriodHolder periodHolder;
  45   private final AnalysisMetadataHolder analysisMetadataHolder;
  46   private final Metric newSecurityReviewRatingMetric;
  47   private final Metric newSecurityHotspotsReviewedMetric;
  48
  49   public NewSecurityReviewMeasuresVisitor(ComponentIssuesRepository componentIssuesRepository, MeasureRepository measureRepository, PeriodHolder periodHolder,
  50     AnalysisMetadataHolder analysisMetadataHolder, MetricRepository metricRepository) {
  51     super(FILE, POST_ORDER, NewSecurityReviewMeasuresVisitor.CounterFactory.INSTANCE);
  52     this.componentIssuesRepository = componentIssuesRepository;
  53     this.measureRepository = measureRepository;
  54     this.periodHolder = periodHolder;
  55     this.analysisMetadataHolder = analysisMetadataHolder;
  56     this.newSecurityReviewRatingMetric = metricRepository.getByKey(NEW_SECURITY_REVIEW_RATING_KEY);
  57     this.newSecurityHotspotsReviewedMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_REVIEWED_KEY);
  58   }
  59
  60   @Override
  61   public void visitProject(Component project, Path<SecurityReviewCounter> path) {
  62     computeMeasure(project, path);
  63   }
  64
  65   @Override
  66   public void visitDirectory(Component directory, Path<SecurityReviewCounter> path) {
  67     computeMeasure(directory, path);
  68   }
  69
  70   @Override
  71   public void visitFile(Component file, Path<SecurityReviewCounter> path) {
  72     computeMeasure(file, path);
  73   }
  74
  75   private void computeMeasure(Component component, Path<SecurityReviewCounter> path) {
  76     if (!periodHolder.hasPeriod() && !analysisMetadataHolder.isPullRequest()) {
  77       return;
  78     }
  79     componentIssuesRepository.getIssues(component)
  80       .stream()
  81       .filter(issue -> issue.type().equals(SECURITY_HOTSPOT))
  82       .filter(issue -> analysisMetadataHolder.isPullRequest() || periodHolder.getPeriod().isOnPeriod(issue.creationDate()) )
  83       .forEach(issue -> path.current().processHotspot(issue));
  84
  85     Double percent = computePercent(path.current().getHotspotsToReview(), path.current().getHotspotsReviewed());
  86     measureRepository.add(component, newSecurityHotspotsReviewedMetric, Measure.newMeasureBuilder().setVariation(percent).createNoValue());
  87     measureRepository.add(component, newSecurityReviewRatingMetric, Measure.newMeasureBuilder().setVariation(computeRating(percent).getIndex()).createNoValue());
  88
  89     if (!path.isRoot()) {
  90       path.parent().add(path.current());
  91     }
  92   }
  93
  94   private static final class CounterFactory extends SimpleStackElementFactory<SecurityReviewCounter> {
  95     public static final NewSecurityReviewMeasuresVisitor.CounterFactory INSTANCE = new NewSecurityReviewMeasuresVisitor.CounterFactory();
  96
  97     private CounterFactory() {
  98       // prevents instantiation
  99     }
 100
 101     @Override
 102     public SecurityReviewCounter createForAny(Component component) {
 103       return new SecurityReviewCounter();
 104     }
 105   }
 106
 107 }