]> source.dussan.org Git - sonarqube.git/blob
projects / sonarqube.git / blob
? search:


df159b8fcb16800e07a532da4afb9d8f5f5b4de3
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2024 SonarSource SA
4  * mailto:info AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.measure.live;
21
22 import com.google.gson.Gson;
23 import com.google.gson.GsonBuilder;
24 import com.google.gson.reflect.TypeToken;
25 import java.lang.reflect.Type;
26 import java.util.HashMap;
27 import java.util.List;
28 import java.util.Map;
29 import java.util.Optional;
30 import java.util.OptionalInt;
31 import java.util.Set;
32 import java.util.function.BiConsumer;
33 import java.util.stream.Collectors;
34 import org.sonar.api.issue.Issue;
35 import org.sonar.api.issue.impact.SoftwareQuality;
36 import org.sonar.api.measures.CoreMetrics;
37 import org.sonar.api.measures.Metric;
38 import org.sonar.api.rule.Severity;
39 import org.sonar.api.rules.RuleType;
40 import org.sonar.server.measure.Rating;
41
42 import static java.util.Arrays.asList;
43 import static org.sonar.api.measures.CoreMetrics.CODE_SMELLS;
44 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_REVIEWED;
45 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS;
46 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS;
47 import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_REVIEWED;
48 import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_REVIEWED_STATUS;
49 import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_TO_REVIEW_STATUS;
50 import static org.sonar.server.measure.Rating.RATING_BY_SEVERITY;
51 import static org.sonar.server.security.SecurityReviewRating.computePercent;
52 import static org.sonar.server.security.SecurityReviewRating.computeRating;
53
54 public class MeasureUpdateFormulaFactoryImpl implements MeasureUpdateFormulaFactory {
55   private static final List<MeasureUpdateFormula> FORMULAS = asList(
56     new MeasureUpdateFormula(CODE_SMELLS, false, new AddChildren(),
57       (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.CODE_SMELL, false))),
58
59     new MeasureUpdateFormula(CoreMetrics.BUGS, false, new AddChildren(),
60       (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.BUG, false))),
61
62     new MeasureUpdateFormula(CoreMetrics.VULNERABILITIES, false, new AddChildren(),
63       (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.VULNERABILITY, false))),
64
65     new MeasureUpdateFormula(CoreMetrics.SECURITY_HOTSPOTS, false, new AddChildren(),
66       (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.SECURITY_HOTSPOT, false))),
67
68     new MeasureUpdateFormula(CoreMetrics.RELIABILITY_ISSUES, false, new ImpactAddChildren(),
69       (context, issues) -> context.setValue(issues.getBySoftwareQuality(SoftwareQuality.RELIABILITY))),
70
71     new MeasureUpdateFormula(CoreMetrics.MAINTAINABILITY_ISSUES, false, new ImpactAddChildren(),
72       (context, issues) -> context.setValue(issues.getBySoftwareQuality(SoftwareQuality.MAINTAINABILITY))),
73
74     new MeasureUpdateFormula(CoreMetrics.SECURITY_ISSUES, false, new ImpactAddChildren(),
75       (context, issues) -> context.setValue(issues.getBySoftwareQuality(SoftwareQuality.SECURITY))),
76
77     new MeasureUpdateFormula(CoreMetrics.VIOLATIONS, false, new AddChildren(),
78       (context, issues) -> context.setValue(issues.countUnresolved(false))),
79
80     new MeasureUpdateFormula(CoreMetrics.BLOCKER_VIOLATIONS, false, new AddChildren(),
81       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.BLOCKER, false))),
82
83     new MeasureUpdateFormula(CoreMetrics.CRITICAL_VIOLATIONS, false, new AddChildren(),
84       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.CRITICAL, false))),
85
86     new MeasureUpdateFormula(CoreMetrics.MAJOR_VIOLATIONS, false, new AddChildren(),
87       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.MAJOR, false))),
88
89     new MeasureUpdateFormula(CoreMetrics.MINOR_VIOLATIONS, false, new AddChildren(),
90       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.MINOR, false))),
91
92     new MeasureUpdateFormula(CoreMetrics.INFO_VIOLATIONS, false, new AddChildren(),
93       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.INFO, false))),
94
95     new MeasureUpdateFormula(CoreMetrics.FALSE_POSITIVE_ISSUES, false, new AddChildren(),
96       (context, issues) -> context.setValue(issues.countByResolution(Issue.RESOLUTION_FALSE_POSITIVE, false))),
97
98     new MeasureUpdateFormula(CoreMetrics.ACCEPTED_ISSUES, false, new AddChildren(),
99       (context, issues) -> context.setValue(issues.countByResolution(Issue.RESOLUTION_WONT_FIX, false))),
100
101     new MeasureUpdateFormula(CoreMetrics.HIGH_IMPACT_ACCEPTED_ISSUES, false, new AddChildren(),
102       (context, issues) -> context.setValue(issues.countHighImpactAccepted(false))),
103
104     new MeasureUpdateFormula(CoreMetrics.OPEN_ISSUES, false, new AddChildren(),
105       (context, issues) -> context.setValue(issues.countByStatus(Issue.STATUS_OPEN, false))),
106
107     new MeasureUpdateFormula(CoreMetrics.REOPENED_ISSUES, false, new AddChildren(),
108       (context, issues) -> context.setValue(issues.countByStatus(Issue.STATUS_REOPENED, false))),
109
110     new MeasureUpdateFormula(CoreMetrics.CONFIRMED_ISSUES, false, new AddChildren(),
111       (context, issues) -> context.setValue(issues.countByStatus(Issue.STATUS_CONFIRMED, false))),
112
113     new MeasureUpdateFormula(CoreMetrics.TECHNICAL_DEBT, false, new AddChildren(),
114       (context, issues) -> context.setValue(issues.sumEffortOfUnresolved(RuleType.CODE_SMELL, false))),
115
116     new MeasureUpdateFormula(CoreMetrics.RELIABILITY_REMEDIATION_EFFORT, false, new AddChildren(),
117       (context, issues) -> context.setValue(issues.sumEffortOfUnresolved(RuleType.BUG, false))),
118
119     new MeasureUpdateFormula(CoreMetrics.SECURITY_REMEDIATION_EFFORT, false, new AddChildren(),
120       (context, issues) -> context.setValue(issues.sumEffortOfUnresolved(RuleType.VULNERABILITY, false))),
121
122     new MeasureUpdateFormula(CoreMetrics.SQALE_DEBT_RATIO, false,
123       (context, formula) -> context.setValue(100.0 * debtDensity(context)),
124       (context, issues) -> context.setValue(100.0 * debtDensity(context)),
125       asList(CoreMetrics.TECHNICAL_DEBT, CoreMetrics.DEVELOPMENT_COST)),
126
127     new MeasureUpdateFormula(CoreMetrics.SQALE_RATING, false,
128       (context, issues) -> context.setValue(context.getDebtRatingGrid().getRatingForDensity(debtDensity(context))),
129       (context, issues) -> context.setValue(context.getDebtRatingGrid().getRatingForDensity(debtDensity(context))),
130       asList(CoreMetrics.TECHNICAL_DEBT, CoreMetrics.DEVELOPMENT_COST)),
131
132     new MeasureUpdateFormula(CoreMetrics.EFFORT_TO_REACH_MAINTAINABILITY_RATING_A, false,
133       (context, formula) -> context.setValue(effortToReachMaintainabilityRatingA(context)),
134       (context, issues) -> context.setValue(effortToReachMaintainabilityRatingA(context)), asList(CoreMetrics.TECHNICAL_DEBT, CoreMetrics.DEVELOPMENT_COST)),
135
136     new MeasureUpdateFormula(CoreMetrics.RELIABILITY_RATING, false, new MaxRatingChildren(),
137       (context, issues) -> context.setValue(RATING_BY_SEVERITY.get(issues.getHighestSeverityOfUnresolved(RuleType.BUG, false).orElse(Severity.INFO)))),
138
139     new MeasureUpdateFormula(CoreMetrics.SECURITY_RATING, false, new MaxRatingChildren(),
140       (context, issues) -> context.setValue(RATING_BY_SEVERITY.get(issues.getHighestSeverityOfUnresolved(RuleType.VULNERABILITY, false).orElse(Severity.INFO)))),
141
142     new MeasureUpdateFormula(SECURITY_HOTSPOTS_REVIEWED_STATUS, false,
143       (context, formula) -> context.setValue(context.getValue(SECURITY_HOTSPOTS_REVIEWED_STATUS).orElse(0D) + context.getChildrenHotspotsReviewed()),
144       (context, issues) -> context.setValue(issues.countHotspotsByStatus(Issue.STATUS_REVIEWED, false))),
145
146     new MeasureUpdateFormula(SECURITY_HOTSPOTS_TO_REVIEW_STATUS, false,
147       (context, formula) -> context.setValue(context.getValue(SECURITY_HOTSPOTS_TO_REVIEW_STATUS).orElse(0D) + context.getChildrenHotspotsToReview()),
148       (context, issues) -> context.setValue(issues.countHotspotsByStatus(Issue.STATUS_TO_REVIEW, false))),
149
150     new MeasureUpdateFormula(CoreMetrics.SECURITY_HOTSPOTS_REVIEWED, false,
151       (context, formula) -> {
152         Optional<Double> percent = computePercent(
153           context.getValue(SECURITY_HOTSPOTS_TO_REVIEW_STATUS).orElse(0D).longValue(),
154           context.getValue(SECURITY_HOTSPOTS_REVIEWED_STATUS).orElse(0D).longValue());
155         percent.ifPresent(context::setValue);
156       },
157       (context, issues) -> computePercent(issues.countHotspotsByStatus(Issue.STATUS_TO_REVIEW, false), issues.countHotspotsByStatus(Issue.STATUS_REVIEWED, false))
158         .ifPresent(context::setValue)),
159
160     new MeasureUpdateFormula(CoreMetrics.SECURITY_REVIEW_RATING, false,
161       (context, formula) -> context.setValue(computeRating(context.getValue(SECURITY_HOTSPOTS_REVIEWED).orElse(null))),
162       (context, issues) -> {
163         Optional<Double> percent = computePercent(issues.countHotspotsByStatus(Issue.STATUS_TO_REVIEW, false), issues.countHotspotsByStatus(Issue.STATUS_REVIEWED, false));
164         context.setValue(computeRating(percent.orElse(null)));
165       }),
166
167     new MeasureUpdateFormula(CoreMetrics.NEW_CODE_SMELLS, true, new AddChildren(),
168       (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.CODE_SMELL, true))),
169
170     new MeasureUpdateFormula(CoreMetrics.NEW_BUGS, true, new AddChildren(),
171       (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.BUG, true))),
172
173     new MeasureUpdateFormula(CoreMetrics.NEW_VULNERABILITIES, true, new AddChildren(),
174       (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.VULNERABILITY, true))),
175
176     new MeasureUpdateFormula(CoreMetrics.NEW_SECURITY_HOTSPOTS, true, new AddChildren(),
177       (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.SECURITY_HOTSPOT, true))),
178
179     new MeasureUpdateFormula(CoreMetrics.NEW_VIOLATIONS, true, new AddChildren(),
180       (context, issues) -> context.setValue(issues.countUnresolved(true))),
181
182     new MeasureUpdateFormula(CoreMetrics.NEW_BLOCKER_VIOLATIONS, true, new AddChildren(),
183       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.BLOCKER, true))),
184
185     new MeasureUpdateFormula(CoreMetrics.NEW_CRITICAL_VIOLATIONS, true, new AddChildren(),
186       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.CRITICAL, true))),
187
188     new MeasureUpdateFormula(CoreMetrics.NEW_MAJOR_VIOLATIONS, true, new AddChildren(),
189       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.MAJOR, true))),
190
191     new MeasureUpdateFormula(CoreMetrics.NEW_MINOR_VIOLATIONS, true, new AddChildren(),
192       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.MINOR, true))),
193
194     new MeasureUpdateFormula(CoreMetrics.NEW_INFO_VIOLATIONS, true, new AddChildren(),
195       (context, issues) -> context.setValue(issues.countUnresolvedBySeverity(Severity.INFO, true))),
196
197     new MeasureUpdateFormula(CoreMetrics.NEW_ACCEPTED_ISSUES, true, new AddChildren(),
198       (context, issues) -> context.setValue(issues.countByResolution(Issue.RESOLUTION_WONT_FIX, true))),
199
200     new MeasureUpdateFormula(CoreMetrics.NEW_TECHNICAL_DEBT, true, new AddChildren(),
201       (context, issues) -> context.setValue(issues.sumEffortOfUnresolved(RuleType.CODE_SMELL, true))),
202
203     new MeasureUpdateFormula(CoreMetrics.NEW_RELIABILITY_REMEDIATION_EFFORT, true, new AddChildren(),
204       (context, issues) -> context.setValue(issues.sumEffortOfUnresolved(RuleType.BUG, true))),
205
206     new MeasureUpdateFormula(CoreMetrics.NEW_SECURITY_REMEDIATION_EFFORT, true, new AddChildren(),
207       (context, issues) -> context.setValue(issues.sumEffortOfUnresolved(RuleType.VULNERABILITY, true))),
208
209     new MeasureUpdateFormula(CoreMetrics.NEW_RELIABILITY_RATING, true, new MaxRatingChildren(),
210       (context, issues) -> {
211         String highestSeverity = issues.getHighestSeverityOfUnresolved(RuleType.BUG, true).orElse(Severity.INFO);
212         context.setValue(RATING_BY_SEVERITY.get(highestSeverity));
213       }),
214
215     new MeasureUpdateFormula(CoreMetrics.NEW_SECURITY_RATING, true, new MaxRatingChildren(),
216       (context, issues) -> {
217         String highestSeverity = issues.getHighestSeverityOfUnresolved(RuleType.VULNERABILITY, true).orElse(Severity.INFO);
218         context.setValue(RATING_BY_SEVERITY.get(highestSeverity));
219       }),
220
221     new MeasureUpdateFormula(NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS, true,
222       (context, formula) -> context.setValue(context.getValue(NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS).orElse(0D) + context.getChildrenNewHotspotsReviewed()),
223       (context, issues) -> context.setValue(issues.countHotspotsByStatus(Issue.STATUS_REVIEWED, true))),
224
225     new MeasureUpdateFormula(NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS, true,
226       (context, formula) -> context.setValue(context.getValue(NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS).orElse(0D) + context.getChildrenNewHotspotsToReview()),
227       (context, issues) -> context.setValue(issues.countHotspotsByStatus(Issue.STATUS_TO_REVIEW, true))),
228
229     new MeasureUpdateFormula(NEW_SECURITY_HOTSPOTS_REVIEWED, true,
230       (context, formula) -> {
231         Optional<Double> percent = computePercent(
232           context.getValue(NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS).orElse(0D).longValue(),
233           context.getValue(NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS).orElse(0D).longValue());
234         percent.ifPresent(context::setValue);
235       },
236       (context, issues) -> computePercent(issues.countHotspotsByStatus(Issue.STATUS_TO_REVIEW, true), issues.countHotspotsByStatus(Issue.STATUS_REVIEWED, true))
237         .ifPresent(context::setValue)),
238
239     new MeasureUpdateFormula(CoreMetrics.NEW_SECURITY_REVIEW_RATING, true,
240       (context, formula) -> context.setValue(computeRating(context.getValue(NEW_SECURITY_HOTSPOTS_REVIEWED).orElse(null))),
241       (context, issues) -> {
242         Optional<Double> percent = computePercent(issues.countHotspotsByStatus(Issue.STATUS_TO_REVIEW, true), issues.countHotspotsByStatus(Issue.STATUS_REVIEWED, true));
243         context.setValue(computeRating(percent.orElse(null)));
244       }),
245
246     new MeasureUpdateFormula(CoreMetrics.NEW_SQALE_DEBT_RATIO, true,
247       (context, formula) -> context.setValue(100.0D * newDebtDensity(context)),
248       (context, issues) -> context.setValue(100.0D * newDebtDensity(context)),
249       asList(CoreMetrics.NEW_TECHNICAL_DEBT, CoreMetrics.NEW_DEVELOPMENT_COST)),
250
251     new MeasureUpdateFormula(CoreMetrics.NEW_MAINTAINABILITY_RATING, true,
252       (context, formula) -> context.setValue(context.getDebtRatingGrid().getRatingForDensity(newDebtDensity(context))),
253       (context, issues) -> context.setValue(context.getDebtRatingGrid().getRatingForDensity(newDebtDensity(context))),
254       asList(CoreMetrics.NEW_TECHNICAL_DEBT, CoreMetrics.NEW_DEVELOPMENT_COST)));
255
256   private static final Set<Metric> FORMULA_METRICS = MeasureUpdateFormulaFactory.extractMetrics(FORMULAS);
257
258   private static final Gson GSON = new GsonBuilder().create();
259   private static final Type MAP_TYPE = new TypeToken<Map<String, Long>>() {}.getType();
260
261   private static double debtDensity(MeasureUpdateFormula.Context context) {
262     double debt = Math.max(context.getValue(CoreMetrics.TECHNICAL_DEBT).orElse(0.0D), 0.0D);
263     Optional<Double> devCost = context.getText(CoreMetrics.DEVELOPMENT_COST).map(Double::parseDouble);
264     if (devCost.isPresent() && Double.doubleToRawLongBits(devCost.get()) > 0L) {
265       return debt / devCost.get();
266     }
267     return 0.0D;
268   }
269
270   private static double newDebtDensity(MeasureUpdateFormula.Context context) {
271     double debt = Math.max(context.getValue(CoreMetrics.NEW_TECHNICAL_DEBT).orElse(0.0D), 0.0D);
272     Optional<Double> devCost = context.getValue(CoreMetrics.NEW_DEVELOPMENT_COST);
273     if (devCost.isPresent() && Double.doubleToRawLongBits(devCost.get()) > 0L) {
274       return debt / devCost.get();
275     }
276     return 0.0D;
277   }
278
279   private static double effortToReachMaintainabilityRatingA(MeasureUpdateFormula.Context context) {
280     double developmentCost = context.getText(CoreMetrics.DEVELOPMENT_COST).map(Double::parseDouble).orElse(0.0D);
281     double effort = context.getValue(CoreMetrics.TECHNICAL_DEBT).orElse(0.0D);
282     double upperGradeCost = context.getDebtRatingGrid().getGradeLowerBound(Rating.B) * developmentCost;
283     return upperGradeCost < effort ? (effort - upperGradeCost) : 0.0D;
284   }
285
286   static class AddChildren implements BiConsumer<MeasureUpdateFormula.Context, MeasureUpdateFormula> {
287     @Override
288     public void accept(MeasureUpdateFormula.Context context, MeasureUpdateFormula formula) {
289       double sum = context.getChildrenValues().stream().mapToDouble(x -> x).sum();
290       context.setValue(context.getValue(formula.getMetric()).orElse(0D) + sum);
291     }
292   }
293
294   private static class MaxRatingChildren implements BiConsumer<MeasureUpdateFormula.Context, MeasureUpdateFormula> {
295     @Override
296     public void accept(MeasureUpdateFormula.Context context, MeasureUpdateFormula formula) {
297       OptionalInt max = context.getChildrenValues().stream().mapToInt(Double::intValue).max();
298       if (max.isPresent()) {
299         int currentRating = context.getValue(formula.getMetric()).map(Double::intValue).orElse(Rating.A.getIndex());
300         context.setValue(Rating.valueOf(Math.max(currentRating, max.getAsInt())));
301       }
302     }
303   }
304
305   private static class ImpactAddChildren implements BiConsumer<MeasureUpdateFormula.Context, MeasureUpdateFormula> {
306     @Override
307     public void accept(MeasureUpdateFormula.Context context, MeasureUpdateFormula formula) {
308       List<Map<String, Long>> measures = context.getChildrenTextValues().stream()
309         .map(ImpactAddChildren::toMap)
310         .collect(Collectors.toList());
311       context.getText(formula.getMetric()).ifPresent(value -> measures.add(toMap(value)));
312
313       Map<String, Long> newValue = new HashMap<>();
314       newValue.put("total", measures.stream().mapToLong(map -> map.get("total")).sum());
315       for (org.sonar.api.issue.impact.Severity severity : org.sonar.api.issue.impact.Severity.values()) {
316         newValue.put(severity.name(), measures.stream().mapToLong(map -> map.get(severity.name())).sum());
317       }
318
319       context.setValue(GSON.toJson(newValue));
320     }
321
322     private static Map<String, Long> toMap(String value) {
323       return GSON.fromJson(value, MAP_TYPE);
324     }
325   }
326
327   @Override
328   public List<MeasureUpdateFormula> getFormulas() {
329     return FORMULAS;
330   }
331
332   @Override
333   public Set<Metric> getFormulaMetrics() {
334     return FORMULA_METRICS;
335   }
336 }
Continuous Inspection: https://github.com/SonarSource/sonarqube