3 * Copyright (C) 2009-2024 SonarSource SA
4 * mailto:info AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.ce.task.projectanalysis.qualitymodel;
22 import java.util.Optional;
23 import org.sonar.ce.task.projectanalysis.component.Component;
24 import org.sonar.ce.task.projectanalysis.component.PathAwareVisitorAdapter;
25 import org.sonar.ce.task.projectanalysis.issue.ComponentIssuesRepository;
26 import org.sonar.ce.task.projectanalysis.measure.Measure;
27 import org.sonar.ce.task.projectanalysis.measure.MeasureRepository;
28 import org.sonar.ce.task.projectanalysis.metric.Metric;
29 import org.sonar.ce.task.projectanalysis.metric.MetricRepository;
30 import org.sonar.ce.task.projectanalysis.issue.NewIssueClassifier;
32 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_REVIEWED_KEY;
33 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS_KEY;
34 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS_KEY;
35 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_REVIEW_RATING_KEY;
36 import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
37 import static org.sonar.ce.task.projectanalysis.component.ComponentVisitor.Order.POST_ORDER;
38 import static org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit.FILE;
39 import static org.sonar.server.security.SecurityReviewRating.computePercent;
40 import static org.sonar.server.security.SecurityReviewRating.computeRating;
42 public class NewSecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<SecurityReviewCounter> {
44 private final ComponentIssuesRepository componentIssuesRepository;
45 private final MeasureRepository measureRepository;
46 private final Metric newSecurityReviewRatingMetric;
47 private final Metric newSecurityHotspotsReviewedMetric;
48 private final Metric newSecurityHotspotsReviewedStatusMetric;
49 private final Metric newSecurityHotspotsToReviewStatusMetric;
50 private final NewIssueClassifier newIssueClassifier;
52 public NewSecurityReviewMeasuresVisitor(ComponentIssuesRepository componentIssuesRepository, MeasureRepository measureRepository, MetricRepository metricRepository,
53 NewIssueClassifier newIssueClassifier) {
54 super(FILE, POST_ORDER, NewSecurityReviewMeasuresVisitor.CounterFactory.INSTANCE);
55 this.componentIssuesRepository = componentIssuesRepository;
56 this.measureRepository = measureRepository;
57 this.newSecurityReviewRatingMetric = metricRepository.getByKey(NEW_SECURITY_REVIEW_RATING_KEY);
58 this.newSecurityHotspotsReviewedMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_REVIEWED_KEY);
59 this.newSecurityHotspotsReviewedStatusMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS_KEY);
60 this.newSecurityHotspotsToReviewStatusMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS_KEY);
61 this.newIssueClassifier = newIssueClassifier;
65 public void visitProject(Component project, Path<SecurityReviewCounter> path) {
66 if (!newIssueClassifier.isEnabled()) {
69 computeMeasure(project, path);
71 // The following measures are only computed on projects level as they are required to compute the others measures on applications
72 measureRepository.add(project, newSecurityHotspotsReviewedStatusMetric, Measure.newMeasureBuilder().create(path.current().getHotspotsReviewed()));
73 measureRepository.add(project, newSecurityHotspotsToReviewStatusMetric, Measure.newMeasureBuilder().create(path.current().getHotspotsToReview()));
77 public void visitDirectory(Component directory, Path<SecurityReviewCounter> path) {
78 computeMeasure(directory, path);
82 public void visitFile(Component file, Path<SecurityReviewCounter> path) {
83 computeMeasure(file, path);
86 private void computeMeasure(Component component, Path<SecurityReviewCounter> path) {
87 componentIssuesRepository.getIssues(component)
89 .filter(issue -> issue.type().equals(SECURITY_HOTSPOT))
90 .filter(issue -> newIssueClassifier.isNew(component, issue))
91 .forEach(issue -> path.current().processHotspot(issue));
93 Optional<Double> percent = computePercent(path.current().getHotspotsToReview(), path.current().getHotspotsReviewed());
94 measureRepository.add(component, newSecurityReviewRatingMetric, Measure.newMeasureBuilder().create(computeRating(percent.orElse(null)).getIndex()));
95 percent.ifPresent(p -> measureRepository.add(component, newSecurityHotspotsReviewedMetric, Measure.newMeasureBuilder().create(p)));
98 path.parent().add(path.current());
102 private static final class CounterFactory extends SimpleStackElementFactory<SecurityReviewCounter> {
103 public static final NewSecurityReviewMeasuresVisitor.CounterFactory INSTANCE = new NewSecurityReviewMeasuresVisitor.CounterFactory();
105 private CounterFactory() {
106 // prevents instantiation
110 public SecurityReviewCounter createForAny(Component component) {
111 return new SecurityReviewCounter();
projects / sonarqube.git / blob