SONAR-12131 Compute Security Review Rating measures on portfolios and applications

author Julien Lancelot <julien.lancelot@sonarsource.com>

Wed, 5 Jun 2019 09:23:33 +0000 (11:23 +0200)

committer SonarTech <sonartech@sonarsource.com>

Fri, 14 Jun 2019 18:21:11 +0000 (20:21 +0200)
author Julien Lancelot <julien.lancelot@sonarsource.com>
Wed, 5 Jun 2019 09:23:33 +0000 (11:23 +0200)
committer SonarTech <sonartech@sonarsource.com>
Fri, 14 Jun 2019 18:21:11 +0000 (20:21 +0200)
diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java

index 6e5da70e2f14313b2e886af705ae20f50e1d28fa..cafc9d7c13716dc694da787c073b09deafa1bf51 100644 (file)
--- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java
+++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java
@@ -22,6 +22,7 @@ package org.sonar.ce.task.projectanalysis.qualitymodel;
  
  import java.util.Optional;
  import org.sonar.ce.task.projectanalysis.component.Component;
+import org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit;
  import org.sonar.ce.task.projectanalysis.component.TypeAwareVisitorAdapter;
  import org.sonar.ce.task.projectanalysis.measure.Measure;
  import org.sonar.ce.task.projectanalysis.measure.MeasureRepository;
@@ -33,7 +34,8 @@ import org.sonar.server.security.SecurityReviewRating;
  import static org.sonar.api.measures.CoreMetrics.NCLOC_KEY;
  import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_KEY;
  import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING_KEY;
-import static org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit.PROJECT;
+import static org.sonar.ce.task.projectanalysis.component.Component.Type.PROJECT;
+import static org.sonar.ce.task.projectanalysis.component.Component.Type.SUBVIEW;
  import static org.sonar.ce.task.projectanalysis.measure.Measure.newMeasureBuilder;
  
  public class SecurityReviewRatingVisitor extends TypeAwareVisitorAdapter {
@@ -44,7 +46,7 @@ public class SecurityReviewRatingVisitor extends TypeAwareVisitorAdapter {
    private final Metric securityReviewRatingMetric;
  
    public SecurityReviewRatingVisitor(MeasureRepository measureRepository, MetricRepository metricRepository) {
-    super(PROJECT, Order.POST_ORDER);
+    super(new CrawlerDepthLimit.Builder(PROJECT).withViewsMaxDepth(SUBVIEW), Order.POST_ORDER);
      this.measureRepository = measureRepository;
      this.nclocMetric = metricRepository.getByKey(NCLOC_KEY);
      this.securityHostspotsMetric = metricRepository.getByKey(SECURITY_HOTSPOTS_KEY);
@@ -53,15 +55,29 @@ public class SecurityReviewRatingVisitor extends TypeAwareVisitorAdapter {
  
    @Override
    public void visitProject(Component project) {
-    Optional<Measure> nclocMeasure = measureRepository.getRawMeasure(project, nclocMetric);
-    Optional<Measure> securityHostspotsMeasure = measureRepository.getRawMeasure(project, securityHostspotsMetric);
+    computeMeasure(project);
+  }
+
+  @Override
+  public void visitView(Component view) {
+    computeMeasure(view);
+  }
+
+  @Override
+  public void visitSubView(Component subView) {
+    computeMeasure(subView);
+  }
+
+  private void computeMeasure(Component component) {
+    Optional<Measure> nclocMeasure = measureRepository.getRawMeasure(component, nclocMetric);
+    Optional<Measure> securityHostspotsMeasure = measureRepository.getRawMeasure(component, securityHostspotsMetric);
      if (!nclocMeasure.isPresent() || !securityHostspotsMeasure.isPresent()) {
        return;
      }
      int ncloc = nclocMeasure.get().getIntValue();
      int securityHotspots = securityHostspotsMeasure.get().getIntValue();
      Rating rating = SecurityReviewRating.compute(ncloc, securityHotspots);
-    measureRepository.add(project, securityReviewRatingMetric, newMeasureBuilder().create(rating.getIndex(), rating.name()));
+    measureRepository.add(component, securityReviewRatingMetric, newMeasureBuilder().create(rating.getIndex(), rating.name()));
    }
  
  }
diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java

index ee8e616336d8c1c52a2811fbd518f563fd434c95..d7a69ccd6fcb7e1de22ea7a0d195d73f07f6c790 100644 (file)
--- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java
+++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java
@@ -24,11 +24,12 @@ import org.junit.Rule;
  import org.junit.Test;
  import org.sonar.ce.task.projectanalysis.component.Component;
  import org.sonar.ce.task.projectanalysis.component.TreeRootHolderRule;
+import org.sonar.ce.task.projectanalysis.component.ViewAttributes;
+import org.sonar.ce.task.projectanalysis.component.ViewsComponent;
  import org.sonar.ce.task.projectanalysis.component.VisitorsCrawler;
  import org.sonar.ce.task.projectanalysis.measure.Measure;
  import org.sonar.ce.task.projectanalysis.measure.MeasureRepositoryRule;
  import org.sonar.ce.task.projectanalysis.metric.MetricRepositoryRule;
-import org.sonar.server.measure.Rating;
  
  import static java.util.Collections.singletonList;
  import static org.assertj.core.api.Assertions.assertThat;
@@ -40,12 +41,28 @@ import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING;
  import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING_KEY;
  import static org.sonar.ce.task.projectanalysis.component.ReportComponent.builder;
  import static org.sonar.ce.task.projectanalysis.measure.Measure.newMeasureBuilder;
+import static org.sonar.server.measure.Rating.B;
+import static org.sonar.server.measure.Rating.C;
  
  public class SecurityReviewRatingVisitorTest {
  
    private static final int PROJECT_REF = 1;
    private static final Component PROJECT = builder(Component.Type.PROJECT, PROJECT_REF).setKey("project").build();
  
+  private static final int PORTFOLIO_REF = 10;
+  private static final int SUB_PORTFOLIO_1_REF = 11;
+  private static final int SUB_PORTFOLIO_2_REF = 12;
+  private static final Component PORTFOLIO = ViewsComponent.builder(Component.Type.VIEW, Integer.toString(PORTFOLIO_REF))
+    .addChildren(
+      ViewsComponent.builder(Component.Type.SUBVIEW, Integer.toString(SUB_PORTFOLIO_1_REF)).build(),
+      ViewsComponent.builder(Component.Type.SUBVIEW, Integer.toString(SUB_PORTFOLIO_2_REF)).build())
+    .build();
+
+  private static final int APPLICATION_REF = 20;
+  private static final Component APPLICATION = ViewsComponent.builder(Component.Type.VIEW, Integer.toString(APPLICATION_REF))
+    .setViewAttributes(new ViewAttributes(ViewAttributes.Type.APPLICATION))
+    .build();
+
    @Rule
    public TreeRootHolderRule treeRootHolder = new TreeRootHolderRule();
  
@@ -69,8 +86,38 @@ public class SecurityReviewRatingVisitorTest {
      underTest.visit(PROJECT);
  
      Measure measure = measureRepository.getAddedRawMeasure(PROJECT_REF, SECURITY_REVIEW_RATING_KEY).get();
-    assertThat(measure.getIntValue()).isEqualTo(Rating.C.getIndex());
-    assertThat(measure.getData()).isEqualTo(Rating.C.name());
+    assertThat(measure.getIntValue()).isEqualTo(C.getIndex());
+    assertThat(measure.getData()).isEqualTo(C.name());
+  }
+
+  @Test
+  public void compute_security_review_rating_on_portfolio() {
+    treeRootHolder.setRoot(PORTFOLIO);
+    measureRepository.addRawMeasure(PORTFOLIO_REF, NCLOC_KEY, newMeasureBuilder().create(2000));
+    measureRepository.addRawMeasure(PORTFOLIO_REF, SECURITY_HOTSPOTS_KEY, newMeasureBuilder().create(20));
+    measureRepository.addRawMeasure(SUB_PORTFOLIO_1_REF, NCLOC_KEY, newMeasureBuilder().create(1000));
+    measureRepository.addRawMeasure(SUB_PORTFOLIO_1_REF, SECURITY_HOTSPOTS_KEY, newMeasureBuilder().create(5));
+    measureRepository.addRawMeasure(SUB_PORTFOLIO_2_REF, NCLOC_KEY, newMeasureBuilder().create(1000));
+    measureRepository.addRawMeasure(SUB_PORTFOLIO_2_REF, SECURITY_HOTSPOTS_KEY, newMeasureBuilder().create(15));
+
+    underTest.visit(PORTFOLIO);
+
+    assertThat(measureRepository.getAddedRawMeasure(SUB_PORTFOLIO_1_REF, SECURITY_REVIEW_RATING_KEY).get().getIntValue()).isEqualTo(B.getIndex());
+    assertThat(measureRepository.getAddedRawMeasure(SUB_PORTFOLIO_2_REF, SECURITY_REVIEW_RATING_KEY).get().getIntValue()).isEqualTo(C.getIndex());
+    assertThat(measureRepository.getAddedRawMeasure(PORTFOLIO_REF, SECURITY_REVIEW_RATING_KEY).get().getIntValue()).isEqualTo(B.getIndex());
+  }
+
+  @Test
+  public void compute_security_review_rating_on_application() {
+    treeRootHolder.setRoot(APPLICATION);
+    measureRepository.addRawMeasure(APPLICATION_REF, NCLOC_KEY, newMeasureBuilder().create(1000));
+    measureRepository.addRawMeasure(APPLICATION_REF, SECURITY_HOTSPOTS_KEY, newMeasureBuilder().create(12));
+
+    underTest.visit(APPLICATION);
+
+    Measure measure = measureRepository.getAddedRawMeasure(APPLICATION_REF, SECURITY_REVIEW_RATING_KEY).get();
+    assertThat(measure.getIntValue()).isEqualTo(C.getIndex());
+    assertThat(measure.getData()).isEqualTo(C.name());
    }
  
    @Test
author	Julien Lancelot <julien.lancelot@sonarsource.com>
	Wed, 5 Jun 2019 09:23:33 +0000 (11:23 +0200)
committer	SonarTech <sonartech@sonarsource.com>
	Fri, 14 Jun 2019 18:21:11 +0000 (20:21 +0200)
server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java		patch \| blob \| history
server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java		patch \| blob \| history