SONAR-22914 Add a Sensor to import FOSSA results

diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java
index 449c272c8df3eb200fb3e5d915d0f5b8e956af6c..6a904f15ee5a7b4039ff449d3f95d6732ce53b80 100644 (file)
--- a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java
+++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java
@@ -44,6 +44,7 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs
   private RuleType type;
   private String engineId;
   private String ruleId;
+  private String cveId;
   private Map<SoftwareQuality, org.sonar.api.issue.impact.Severity> impacts = new EnumMap<>(SoftwareQuality.class);
   private CleanCodeAttribute cleanCodeAttribute;
 
@@ -84,6 +85,10 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs
     return ruleId;
   }
 
+  public String cveId() {
+    return cveId;
+  }
+
   @Override
   public Severity severity() {
     return this.severity;
@@ -131,6 +136,11 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs
     return this;
   }
 
+  public NewExternalIssue cveId(String cveId) {
+    this.cveId = cveId;
+    return this;
+  }
+
   @Override
   public DefaultExternalIssue forRule(RuleKey ruleKey) {
     this.engineId = ruleKey.repository();

diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java
index 66329f4e6ac37be3d2f3cfa0ea7a61d177b406da..d09209bb2c76f6c8ca680a66ce3a6f13b93f9669 100644 (file)
--- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java
+++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java
@@ -37,6 +37,7 @@ import org.sonar.api.batch.sensor.issue.Issue;
 import org.sonar.api.batch.sensor.issue.Issue.Flow;
 import org.sonar.api.batch.sensor.issue.MessageFormatting;
 import org.sonar.api.batch.sensor.issue.NewIssue.FlowType;
+import org.sonar.api.batch.sensor.issue.internal.DefaultExternalIssue;
 import org.sonar.api.batch.sensor.issue.internal.DefaultIssueFlow;
 import org.sonar.api.issue.impact.SoftwareQuality;
 import org.sonar.api.rules.CleanCodeAttribute;
@@ -88,9 +89,9 @@ public class IssuePublisher {
   private static boolean noSonar(DefaultInputComponent inputComponent, Issue issue) {
     TextRange textRange = issue.primaryLocation().textRange();
     return inputComponent.isFile()
-           && textRange != null
-           && ((DefaultInputFile) inputComponent).hasNoSonarAt(textRange.start().line())
-           && !StringUtils.containsIgnoreCase(issue.ruleKey().rule(), "nosonar");
+      && textRange != null
+      && ((DefaultInputFile) inputComponent).hasNoSonarAt(textRange.start().line())
+      && !StringUtils.containsIgnoreCase(issue.ruleKey().rule(), "nosonar");
   }
 
   public void initAndAddExternalIssue(ExternalIssue issue) {
@@ -176,7 +177,11 @@ public class IssuePublisher {
     locationBuilder.setComponentRef(componentRef);
     TextRange primaryTextRange = issue.primaryLocation().textRange();
 
-    //nullable fields
+    // nullable fields
+    var cveId = ((DefaultExternalIssue) issue).cveId();
+    if (cveId != null) {
+      builder.setCveId(cveId);
+    }
     CleanCodeAttribute cleanCodeAttribute = issue.cleanCodeAttribute();
     if (cleanCodeAttribute != null) {
       builder.setCleanCodeAttribute(cleanCodeAttribute.name());

diff --git a/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java b/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java
index e3f282977fa282577e9e1782da0476951a865853..5751aada0f874ab8a3266e1e0f98c2820c0bb98c 100644 (file)
--- a/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java
+++ b/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java
@@ -199,6 +199,10 @@ public class AnalysisResult implements AnalysisObserver {
     return readFromReport(ScannerReportReader::readAdHocRules);
   }
 
+  public List<ScannerReport.Cve> cves() {
+    return readFromReport(ScannerReportReader::readCves);
+  }
+
   @NotNull
   private <G> List<G> readFromReport(InputComponent component, BiFunction<ScannerReportReader, Integer, CloseableIterator<G>> readerMethod) {
     int ref = ((DefaultInputComponent) component).scannerId();

diff --git a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
index fddf8881f3106e3e42e23e0ba0dcc8465755424a..0a3fa17c4eef78768294478ea2f68bd730633ffe 100644 (file)
--- a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
+++ b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
@@ -216,7 +216,7 @@ message ExternalIssue {
   repeated MessageFormatting msgFormatting = 9;
   repeated Impact impacts = 10;
   optional string cleanCodeAttribute = 11;
-
+  optional string cve_id = 12;
 }
 
 message AdHocRule {
@@ -234,8 +234,8 @@ message Cve {
   string cve_id = 1;
   string description = 2;
   float cvss_score = 3;
-  float epss_score = 4;
-  float epss_percentile = 5;
+  optional float epss_score = 4;
+  optional float epss_percentile = 5;
   int64 published_date = 6;
   int64 last_modified_date = 7;
   repeated string cwe = 8;