source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2024 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.ce.task.projectanalysis.issue;
  21
  22 import com.google.common.collect.EnumMultiset;
  23 import com.google.common.collect.HashMultiset;
  24 import com.google.common.collect.ImmutableMap;
  25 import com.google.common.collect.Multiset;
  26 import java.util.HashMap;
  27 import java.util.Map;
  28 import javax.annotation.Nullable;
  29 import org.sonar.api.issue.IssueStatus;
  30 import org.sonar.api.issue.impact.Severity;
  31 import org.sonar.api.issue.impact.SoftwareQuality;
  32 import org.sonar.api.rules.RuleType;
  33 import org.sonar.ce.task.projectanalysis.component.Component;
  34 import org.sonar.ce.task.projectanalysis.measure.Measure;
  35 import org.sonar.ce.task.projectanalysis.measure.MeasureRepository;
  36 import org.sonar.ce.task.projectanalysis.metric.Metric;
  37 import org.sonar.ce.task.projectanalysis.metric.MetricRepository;
  38 import org.sonar.core.issue.DefaultIssue;
  39 import org.sonar.server.measure.ImpactMeasureBuilder;
  40
  41 import static org.sonar.api.issue.Issue.STATUS_CONFIRMED;
  42 import static org.sonar.api.issue.Issue.STATUS_OPEN;
  43 import static org.sonar.api.issue.Issue.STATUS_REOPENED;
  44 import static org.sonar.api.measures.CoreMetrics.ACCEPTED_ISSUES_KEY;
  45 import static org.sonar.api.measures.CoreMetrics.BLOCKER_VIOLATIONS_KEY;
  46 import static org.sonar.api.measures.CoreMetrics.BUGS_KEY;
  47 import static org.sonar.api.measures.CoreMetrics.CODE_SMELLS_KEY;
  48 import static org.sonar.api.measures.CoreMetrics.CONFIRMED_ISSUES_KEY;
  49 import static org.sonar.api.measures.CoreMetrics.CRITICAL_VIOLATIONS_KEY;
  50 import static org.sonar.api.measures.CoreMetrics.FALSE_POSITIVE_ISSUES_KEY;
  51 import static org.sonar.api.measures.CoreMetrics.HIGH_IMPACT_ACCEPTED_ISSUES_KEY;
  52 import static org.sonar.api.measures.CoreMetrics.INFO_VIOLATIONS_KEY;
  53 import static org.sonar.api.measures.CoreMetrics.MAINTAINABILITY_ISSUES_KEY;
  54 import static org.sonar.api.measures.CoreMetrics.MAJOR_VIOLATIONS_KEY;
  55 import static org.sonar.api.measures.CoreMetrics.MINOR_VIOLATIONS_KEY;
  56 import static org.sonar.api.measures.CoreMetrics.NEW_ACCEPTED_ISSUES_KEY;
  57 import static org.sonar.api.measures.CoreMetrics.NEW_BLOCKER_VIOLATIONS_KEY;
  58 import static org.sonar.api.measures.CoreMetrics.NEW_BUGS_KEY;
  59 import static org.sonar.api.measures.CoreMetrics.NEW_CODE_SMELLS_KEY;
  60 import static org.sonar.api.measures.CoreMetrics.NEW_CRITICAL_VIOLATIONS_KEY;
  61 import static org.sonar.api.measures.CoreMetrics.NEW_INFO_VIOLATIONS_KEY;
  62 import static org.sonar.api.measures.CoreMetrics.NEW_MAINTAINABILITY_ISSUES_KEY;
  63 import static org.sonar.api.measures.CoreMetrics.NEW_MAJOR_VIOLATIONS_KEY;
  64 import static org.sonar.api.measures.CoreMetrics.NEW_MINOR_VIOLATIONS_KEY;
  65 import static org.sonar.api.measures.CoreMetrics.NEW_RELIABILITY_ISSUES_KEY;
  66 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_HOTSPOTS_KEY;
  67 import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_ISSUES_KEY;
  68 import static org.sonar.api.measures.CoreMetrics.NEW_VIOLATIONS_KEY;
  69 import static org.sonar.api.measures.CoreMetrics.NEW_VULNERABILITIES_KEY;
  70 import static org.sonar.api.measures.CoreMetrics.OPEN_ISSUES_KEY;
  71 import static org.sonar.api.measures.CoreMetrics.RELIABILITY_ISSUES_KEY;
  72 import static org.sonar.api.measures.CoreMetrics.REOPENED_ISSUES_KEY;
  73 import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_KEY;
  74 import static org.sonar.api.measures.CoreMetrics.SECURITY_ISSUES_KEY;
  75 import static org.sonar.api.measures.CoreMetrics.VIOLATIONS_KEY;
  76 import static org.sonar.api.measures.CoreMetrics.VULNERABILITIES_KEY;
  77 import static org.sonar.api.rule.Severity.BLOCKER;
  78 import static org.sonar.api.rule.Severity.CRITICAL;
  79 import static org.sonar.api.rule.Severity.INFO;
  80 import static org.sonar.api.rule.Severity.MAJOR;
  81 import static org.sonar.api.rule.Severity.MINOR;
  82 import static org.sonar.api.rules.RuleType.BUG;
  83 import static org.sonar.api.rules.RuleType.CODE_SMELL;
  84 import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
  85 import static org.sonar.api.rules.RuleType.VULNERABILITY;
  86
  87 /**
  88  * For each component, computes the measures related to number of issues:
  89  * <ul>
  90  * <li>issues per status (open, reopen, confirmed)</li>
  91  * <li>issues per resolution (unresolved, false-positives, won't fix)</li>
  92  * <li>issues per severity (from info to blocker)</li>
  93  * <li>issues per type (code smell, bug, vulnerability, security hotspots)</li>
  94  * <li>issues per impact</li>
  95  * </ul>
  96  * For each value, the variation on configured periods is also computed.
  97  */
  98 public class IssueCounter extends IssueVisitor {
  99
 100   private static final Map<String, String> SEVERITY_TO_METRIC_KEY = ImmutableMap.of(
 101     BLOCKER, BLOCKER_VIOLATIONS_KEY,
 102     CRITICAL, CRITICAL_VIOLATIONS_KEY,
 103     MAJOR, MAJOR_VIOLATIONS_KEY,
 104     MINOR, MINOR_VIOLATIONS_KEY,
 105     INFO, INFO_VIOLATIONS_KEY);
 106
 107   private static final Map<String, String> SEVERITY_TO_NEW_METRIC_KEY = ImmutableMap.of(
 108     BLOCKER, NEW_BLOCKER_VIOLATIONS_KEY,
 109     CRITICAL, NEW_CRITICAL_VIOLATIONS_KEY,
 110     MAJOR, NEW_MAJOR_VIOLATIONS_KEY,
 111     MINOR, NEW_MINOR_VIOLATIONS_KEY,
 112     INFO, NEW_INFO_VIOLATIONS_KEY);
 113
 114   static final Map<String, String> IMPACT_TO_METRIC_KEY = Map.of(
 115     SoftwareQuality.SECURITY.name(), SECURITY_ISSUES_KEY,
 116     SoftwareQuality.RELIABILITY.name(), RELIABILITY_ISSUES_KEY,
 117     SoftwareQuality.MAINTAINABILITY.name(), MAINTAINABILITY_ISSUES_KEY);
 118
 119   static final Map<String, String> IMPACT_TO_NEW_METRIC_KEY = Map.of(
 120     SoftwareQuality.SECURITY.name(), NEW_SECURITY_ISSUES_KEY,
 121     SoftwareQuality.RELIABILITY.name(), NEW_RELIABILITY_ISSUES_KEY,
 122     SoftwareQuality.MAINTAINABILITY.name(), NEW_MAINTAINABILITY_ISSUES_KEY);
 123
 124   private static final Map<RuleType, String> TYPE_TO_METRIC_KEY = ImmutableMap.<RuleType, String>builder()
 125     .put(CODE_SMELL, CODE_SMELLS_KEY)
 126     .put(BUG, BUGS_KEY)
 127     .put(VULNERABILITY, VULNERABILITIES_KEY)
 128     .put(SECURITY_HOTSPOT, SECURITY_HOTSPOTS_KEY)
 129     .build();
 130   private static final Map<RuleType, String> TYPE_TO_NEW_METRIC_KEY = ImmutableMap.<RuleType, String>builder()
 131     .put(CODE_SMELL, NEW_CODE_SMELLS_KEY)
 132     .put(BUG, NEW_BUGS_KEY)
 133     .put(VULNERABILITY, NEW_VULNERABILITIES_KEY)
 134     .put(SECURITY_HOTSPOT, NEW_SECURITY_HOTSPOTS_KEY)
 135     .build();
 136
 137   private final MetricRepository metricRepository;
 138   private final MeasureRepository measureRepository;
 139   private final NewIssueClassifier newIssueClassifier;
 140   private final Map<String, Counters> countersByComponentUuid = new HashMap<>();
 141
 142   private Counters currentCounters;
 143
 144   public IssueCounter(MetricRepository metricRepository, MeasureRepository measureRepository, NewIssueClassifier newIssueClassifier) {
 145     this.metricRepository = metricRepository;
 146     this.measureRepository = measureRepository;
 147     this.newIssueClassifier = newIssueClassifier;
 148   }
 149
 150   @Override
 151   public void beforeComponent(Component component) {
 152     currentCounters = new Counters();
 153     countersByComponentUuid.put(component.getUuid(), currentCounters);
 154
 155     // aggregate children counters
 156     for (Component child : component.getChildren()) {
 157       Counters childCounters = countersByComponentUuid.remove(child.getUuid());
 158       currentCounters.add(childCounters);
 159     }
 160   }
 161
 162   @Override
 163   public void onIssue(Component component, DefaultIssue issue) {
 164     currentCounters.add(issue);
 165     if (newIssueClassifier.isNew(component, issue)) {
 166       currentCounters.addOnPeriod(issue);
 167     }
 168   }
 169
 170   @Override
 171   public void afterComponent(Component component) {
 172     addMeasuresBySeverity(component);
 173     addMeasuresByStatus(component);
 174     addMeasuresByType(component);
 175     addMeasuresByImpact(component);
 176     addNewMeasures(component);
 177     currentCounters = null;
 178   }
 179
 180   private void addMeasuresBySeverity(Component component) {
 181     for (Map.Entry<String, String> entry : SEVERITY_TO_METRIC_KEY.entrySet()) {
 182       String severity = entry.getKey();
 183       String metricKey = entry.getValue();
 184       addMeasure(component, metricKey, currentCounters.counter().severityBag.count(severity));
 185     }
 186   }
 187
 188   private void addMeasuresByStatus(Component component) {
 189     addMeasure(component, VIOLATIONS_KEY, currentCounters.counter().unresolved);
 190     addMeasure(component, OPEN_ISSUES_KEY, currentCounters.counter().open);
 191     addMeasure(component, REOPENED_ISSUES_KEY, currentCounters.counter().reopened);
 192     addMeasure(component, CONFIRMED_ISSUES_KEY, currentCounters.counter().confirmed);
 193     addMeasure(component, FALSE_POSITIVE_ISSUES_KEY, currentCounters.counter().falsePositives);
 194     addMeasure(component, ACCEPTED_ISSUES_KEY, currentCounters.counter().accepted);
 195     addMeasure(component, HIGH_IMPACT_ACCEPTED_ISSUES_KEY, currentCounters.counter().highImpactAccepted);
 196   }
 197
 198   private void addMeasuresByImpact(Component component) {
 199     for (Map.Entry<String, Map<String, Long>> impactEntry : currentCounters.counter().impactsBag.entrySet()) {
 200       String json = ImpactMeasureBuilder.fromMap(impactEntry.getValue()).buildAsString();
 201       addMeasure(component, IMPACT_TO_METRIC_KEY.get(impactEntry.getKey()), json);
 202     }
 203   }
 204
 205   private void addMeasuresByType(Component component) {
 206     for (Map.Entry<RuleType, String> entry : TYPE_TO_METRIC_KEY.entrySet()) {
 207       addMeasure(component, entry.getValue(), currentCounters.counter().typeBag.count(entry.getKey()));
 208     }
 209   }
 210
 211   private void addMeasure(Component component, String metricKey, int value) {
 212     Metric metric = metricRepository.getByKey(metricKey);
 213     measureRepository.add(component, metric, Measure.newMeasureBuilder().create(value));
 214   }
 215
 216   private void addMeasure(Component component, String metricKey, String data) {
 217     Metric metric = metricRepository.getByKey(metricKey);
 218     measureRepository.add(component, metric, Measure.newMeasureBuilder().create(data));
 219   }
 220
 221   private void addNewMeasures(Component component) {
 222     if (!newIssueClassifier.isEnabled()) {
 223       return;
 224     }
 225     int unresolved = currentCounters.counterForPeriod().unresolved;
 226     measureRepository.add(component, metricRepository.getByKey(NEW_VIOLATIONS_KEY), Measure.newMeasureBuilder()
 227       .create(unresolved));
 228
 229     for (Map.Entry<String, String> entry : SEVERITY_TO_NEW_METRIC_KEY.entrySet()) {
 230       String severity = entry.getKey();
 231       String metricKey = entry.getValue();
 232       Multiset<String> bag = currentCounters.counterForPeriod().severityBag;
 233       addMeasure(component, metricKey, bag.count(severity));
 234     }
 235
 236     // waiting for Java 8 lambda in order to factor this loop with the previous one
 237     // (see call currentCounters.counterForPeriod(period.getIndex()).xxx with xxx as severityBag or typeBag)
 238     for (Map.Entry<RuleType, String> entry : TYPE_TO_NEW_METRIC_KEY.entrySet()) {
 239       RuleType type = entry.getKey();
 240       String metricKey = entry.getValue();
 241       Multiset<RuleType> bag = currentCounters.counterForPeriod().typeBag;
 242       addMeasure(component, metricKey, bag.count(type));
 243     }
 244
 245     for (Map.Entry<String, Map<String, Long>> impactEntry : currentCounters.counterForPeriod().impactsBag.entrySet()) {
 246       String json = ImpactMeasureBuilder.fromMap(impactEntry.getValue()).buildAsString();
 247       addMeasure(component, IMPACT_TO_NEW_METRIC_KEY.get(impactEntry.getKey()), json);
 248     }
 249
 250     addMeasure(component, NEW_ACCEPTED_ISSUES_KEY, currentCounters.counterForPeriod().accepted);
 251   }
 252
 253   /**
 254    * Count issues by status, resolutions, rules, impacts and severities
 255    */
 256   private static class Counter {
 257     private int unresolved = 0;
 258     private int open = 0;
 259     private int reopened = 0;
 260     private int confirmed = 0;
 261     private int falsePositives = 0;
 262     private int accepted = 0;
 263     private int highImpactAccepted = 0;
 264     private final Multiset<String> severityBag = HashMultiset.create();
 265     /**
 266      * This map contains the number of issues per software quality along with their distribution based on (new) severity.
 267      */
 268     private final Map<String, Map<String, Long>> impactsBag = new HashMap<>();
 269     private final EnumMultiset<RuleType> typeBag = EnumMultiset.create(RuleType.class);
 270
 271     public Counter() {
 272       initImpactsBag();
 273     }
 274
 275     private void initImpactsBag() {
 276       for (SoftwareQuality quality : SoftwareQuality.values()) {
 277         impactsBag.put(quality.name(), ImpactMeasureBuilder.createEmpty().buildAsMap());
 278       }
 279     }
 280
 281     void add(Counter counter) {
 282       unresolved += counter.unresolved;
 283       open += counter.open;
 284       reopened += counter.reopened;
 285       confirmed += counter.confirmed;
 286       falsePositives += counter.falsePositives;
 287       accepted += counter.accepted;
 288       highImpactAccepted += counter.highImpactAccepted;
 289       severityBag.addAll(counter.severityBag);
 290       typeBag.addAll(counter.typeBag);
 291
 292       // Add impacts
 293       for (Map.Entry<String, Map<String, Long>> impactEntry : counter.impactsBag.entrySet()) {
 294         Map<String, Long> severityMap = impactsBag.get(impactEntry.getKey());
 295         for (Map.Entry<String, Long> severityEntry : impactEntry.getValue().entrySet()) {
 296           severityMap.compute(severityEntry.getKey(), (key, value) -> value + severityEntry.getValue());
 297         }
 298       }
 299     }
 300
 301     void add(DefaultIssue issue) {
 302       if (issue.type() == SECURITY_HOTSPOT) {
 303         if (issue.resolution() == null) {
 304           typeBag.add(SECURITY_HOTSPOT);
 305         }
 306         return;
 307       }
 308       if (issue.resolution() == null) {
 309         unresolved++;
 310         typeBag.add(issue.type());
 311         severityBag.add(issue.severity());
 312       } else if (IssueStatus.FALSE_POSITIVE.equals(issue.issueStatus())) {
 313         falsePositives++;
 314       } else if (IssueStatus.ACCEPTED.equals(issue.issueStatus())) {
 315         accepted++;
 316         if (issue.impacts().values().stream().anyMatch(severity -> severity == Severity.HIGH)) {
 317           highImpactAccepted++;
 318         }
 319       }
 320       switch (issue.status()) {
 321         case STATUS_OPEN:
 322           open++;
 323           break;
 324         case STATUS_REOPENED:
 325           reopened++;
 326           break;
 327         case STATUS_CONFIRMED:
 328           confirmed++;
 329           break;
 330         default:
 331           // Other statuses are ignored
 332       }
 333       addIssueToImpactsBag(issue);
 334     }
 335
 336     private void addIssueToImpactsBag(DefaultIssue issue) {
 337       if (IssueStatus.OPEN == issue.issueStatus() || IssueStatus.CONFIRMED == issue.issueStatus()) {
 338         for (Map.Entry<SoftwareQuality, Severity> impact : issue.impacts().entrySet()) {
 339           impactsBag.compute(impact.getKey().name(), (key, value) -> {
 340             value.compute(impact.getValue().name(), (severity, count) -> count == null ? 1 : count + 1);
 341             value.compute(ImpactMeasureBuilder.TOTAL_KEY, (total, count) -> count == null ? 1 : count + 1);
 342             return value;
 343           });
 344         }
 345       }
 346     }
 347   }
 348
 349   /**
 350    * List of {@link Counter} for regular value and period.
 351    */
 352   private static class Counters {
 353     private final Counter counter = new Counter();
 354     private final Counter counterForPeriod = new Counter();
 355
 356     void add(@Nullable Counters other) {
 357       if (other != null) {
 358         counter.add(other.counter);
 359         counterForPeriod.add(other.counterForPeriod);
 360       }
 361     }
 362
 363     void addOnPeriod(DefaultIssue issue) {
 364       counterForPeriod.add(issue);
 365     }
 366
 367     void add(DefaultIssue issue) {
 368       counter.add(issue);
 369     }
 370
 371     Counter counter() {
 372       return counter;
 373     }
 374
 375     Counter counterForPeriod() {
 376       return counterForPeriod;
 377     }
 378   }
 379 }