SONAR-23098 Add dependencies to the scanner report

author Julien HENRY <julien.henry@sonarsource.com>

Thu, 10 Oct 2024 14:18:16 +0000 (16:18 +0200)

committer sonartech <sonartech@sonarsource.com>

Mon, 21 Oct 2024 20:03:59 +0000 (20:03 +0000)
author Julien HENRY <julien.henry@sonarsource.com>
Thu, 10 Oct 2024 14:18:16 +0000 (16:18 +0200)
committer sonartech <sonartech@sonarsource.com>
Mon, 21 Oct 2024 20:03:59 +0000 (20:03 +0000)
diff --git a/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java b/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java

index 7aa0556e55a8b7ef3399083fcc4ed2c0312a98c9..0ceaaca8673aa3c474df2f70ccbf20b39d031904 100644 (file)
--- a/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java
+++ b/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java
@@ -369,6 +369,16 @@ public class ScannerReportReaderIT {
      }
    }
  
+  @Test
+  public void read_dependencies() {
+    ScannerReportWriter writer = new ScannerReportWriter(fileStructure);
+    ScannerReport.Dependency dep = ScannerReport.Dependency.newBuilder()
+      .build();
+    writer.appendDependency(dep);
+
+    assertThat(underTest.readDependencies()).toIterable().hasSize(1);
+  }
+
    @Test
    public void return_null_when_no_file_source() {
      assertThat(underTest.readFileSource(UNKNOWN_COMPONENT_REF)).isNull();
diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java

index 686b7d200666baa80eee641f09c409a3c3703fca..5c59f11283823491fc347426dbab65d38fbf6252 100644 (file)
--- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java
+++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java
@@ -102,6 +102,10 @@ public class FileStructure {
      return new File(dir, "analysis-warnings.pb");
    }
  
+  public File dependencies() {
+    return new File(dir, "dependencies.pb");
+  }
+
    public File root() {
      return dir;
    }
diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java

index 807509a83fbe8e279699d4842e6d0dc5e5285319..6e48f5b780926b40192093e50af42458c0a201a8 100644 (file)
--- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java
+++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java
@@ -226,6 +226,14 @@ public class ScannerReportReader {
      return Protobuf.readStream(file, ScannerReport.AnalysisWarning.parser());
    }
  
+  public CloseableIterator<ScannerReport.Dependency> readDependencies() {
+    File file = fileStructure.dependencies();
+    if (!fileExists(file)) {
+      return emptyCloseableIterator();
+    }
+    return Protobuf.readStream(file, ScannerReport.Dependency.parser());
+  }
+
    private static boolean fileExists(File file) {
      return file.exists() && file.isFile();
    }
diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java

index ad4720cbb5ff2d9d9db5c5ba0e6e28212624f287..1c202ab86056dbd5265dc09fe2a1f1d2a078f0f1 100644 (file)
--- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java
+++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java
@@ -169,6 +169,11 @@ public class ScannerReportWriter {
      return file;
    }
  
+  public void appendDependency(ScannerReport.Dependency dependency) {
+    File file = fileStructure.dependencies();
+    appendDelimitedTo(file, dependency, "dependency");
+  }
+
    public File getSourceFile(int componentRef) {
      return fileStructure.fileFor(FileStructure.Domain.SOURCE, componentRef);
    }
diff --git a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto

index b7c1d3d50641bf1ca3342c1dbfcd308a5c4f2974..fb7ebb72f7fa7f2c293e098d46549e61b61362dd 100644 (file)
--- a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
+++ b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
@@ -388,3 +388,13 @@ message Impact {
    string software_quality = 1;
    string severity = 2;
  }
+
+message Dependency {
+  string key = 1;
+  string name = 2;
+  optional string package_manager = 3;
+  optional string full_name = 4;
+  optional string description = 5;
+  optional string version = 6;
+  repeated string parent_dependency_key = 7;
+}
+\ No newline at end of file
diff --git a/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java b/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java

index 1dd80d25714ce95fba8cbb69147252334695dd2d..61d81401f168927ff6dbbbbdcd0a66766dc41c8b 100644 (file)
--- a/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java
+++ b/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java
@@ -128,8 +128,6 @@ class ScannerReportWriterTest {
  
    @Test
    void write_adhoc_rule() {
-
-    // write data
      ScannerReport.AdHocRule rule = ScannerReport.AdHocRule.newBuilder()
        .setEngineId("eslint")
        .setRuleId("123")
@@ -149,8 +147,6 @@ class ScannerReportWriterTest {
  
    @Test
    void write_cve() {
-
-    // write data
      ScannerReport.Cve cve = ScannerReport.Cve.newBuilder()
        .setCveId("CVE-2023-20863")
        .setDescription("In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a" +
@@ -368,7 +364,6 @@ class ScannerReportWriterTest {
  
    @Test
    void write_telemetry() {
-
      List<ScannerReport.TelemetryEntry> input = List.of(
        ScannerReport.TelemetryEntry.newBuilder()
          .setKey("key")
@@ -387,4 +382,24 @@ class ScannerReportWriterTest {
          .hasSize(input.size());
      }
    }
+
+  @Test
+  void write_dependencies() {
+    ScannerReport.Dependency dependency = ScannerReport.Dependency.newBuilder()
+      .setKey("mvn+com.fasterxml.jackson.core:jackson-databind$2.9.7")
+      .setName("jackson-databind")
+      .setFullName("com.fasterxml.jackson.core:jackson-databind")
+      .setDescription("General data-binding functionality for Jackson: works on core streaming API")
+      .setVersion("2.9.7")
+      .addParentDependencyKey("mvn+org.springframework:spring-webmvc$5.1.3.RELEASE")
+      .build();
+    underTest.appendDependency(dependency);
+
+    File file = underTest.getFileStructure().dependencies();
+    assertThat(file).exists().isFile();
+    try (CloseableIterator<ScannerReport.Dependency> read = Protobuf.readStream(file, ScannerReport.Dependency.parser())) {
+      assertThat(Iterators.size(read)).isOne();
+    }
+  }
+
  }
author	Julien HENRY <julien.henry@sonarsource.com>
	Thu, 10 Oct 2024 14:18:16 +0000 (16:18 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Mon, 21 Oct 2024 20:03:59 +0000 (20:03 +0000)
sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java		patch \| blob \| history
sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java		patch \| blob \| history
sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java		patch \| blob \| history
sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java		patch \| blob \| history
sonar-scanner-protocol/src/main/protobuf/scanner_report.proto		patch \| blob \| history
sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java		patch \| blob \| history