From: Julien HENRY Date: Thu, 10 Oct 2024 14:18:16 +0000 (+0200) Subject: SONAR-23098 Add dependencies to the scanner report X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=67768656bfe3462a6554ffc236da801cffd20f54;p=sonarqube.git SONAR-23098 Add dependencies to the scanner report --- diff --git a/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java b/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java index 7aa0556e55a..0ceaaca8673 100644 --- a/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java +++ b/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java @@ -369,6 +369,16 @@ public class ScannerReportReaderIT { } } + @Test + public void read_dependencies() { + ScannerReportWriter writer = new ScannerReportWriter(fileStructure); + ScannerReport.Dependency dep = ScannerReport.Dependency.newBuilder() + .build(); + writer.appendDependency(dep); + + assertThat(underTest.readDependencies()).toIterable().hasSize(1); + } + @Test public void return_null_when_no_file_source() { assertThat(underTest.readFileSource(UNKNOWN_COMPONENT_REF)).isNull(); diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java index 686b7d20066..5c59f112838 100644 --- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java +++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java @@ -102,6 +102,10 @@ public class FileStructure { return new File(dir, "analysis-warnings.pb"); } + public File dependencies() { + return new File(dir, "dependencies.pb"); + } + public File root() { return dir; } diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java index 807509a83fb..6e48f5b7809 100644 --- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java +++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java @@ -226,6 +226,14 @@ public class ScannerReportReader { return Protobuf.readStream(file, ScannerReport.AnalysisWarning.parser()); } + public CloseableIterator readDependencies() { + File file = fileStructure.dependencies(); + if (!fileExists(file)) { + return emptyCloseableIterator(); + } + return Protobuf.readStream(file, ScannerReport.Dependency.parser()); + } + private static boolean fileExists(File file) { return file.exists() && file.isFile(); } diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java index ad4720cbb5f..1c202ab8605 100644 --- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java +++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java @@ -169,6 +169,11 @@ public class ScannerReportWriter { return file; } + public void appendDependency(ScannerReport.Dependency dependency) { + File file = fileStructure.dependencies(); + appendDelimitedTo(file, dependency, "dependency"); + } + public File getSourceFile(int componentRef) { return fileStructure.fileFor(FileStructure.Domain.SOURCE, componentRef); } diff --git a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto index b7c1d3d5064..fb7ebb72f7f 100644 --- a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto +++ b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto @@ -388,3 +388,13 @@ message Impact { string software_quality = 1; string severity = 2; } + +message Dependency { + string key = 1; + string name = 2; + optional string package_manager = 3; + optional string full_name = 4; + optional string description = 5; + optional string version = 6; + repeated string parent_dependency_key = 7; +} \ No newline at end of file diff --git a/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java b/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java index 1dd80d25714..61d81401f16 100644 --- a/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java +++ b/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java @@ -128,8 +128,6 @@ class ScannerReportWriterTest { @Test void write_adhoc_rule() { - - // write data ScannerReport.AdHocRule rule = ScannerReport.AdHocRule.newBuilder() .setEngineId("eslint") .setRuleId("123") @@ -149,8 +147,6 @@ class ScannerReportWriterTest { @Test void write_cve() { - - // write data ScannerReport.Cve cve = ScannerReport.Cve.newBuilder() .setCveId("CVE-2023-20863") .setDescription("In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a" + @@ -368,7 +364,6 @@ class ScannerReportWriterTest { @Test void write_telemetry() { - List input = List.of( ScannerReport.TelemetryEntry.newBuilder() .setKey("key") @@ -387,4 +382,24 @@ class ScannerReportWriterTest { .hasSize(input.size()); } } + + @Test + void write_dependencies() { + ScannerReport.Dependency dependency = ScannerReport.Dependency.newBuilder() + .setKey("mvn+com.fasterxml.jackson.core:jackson-databind$2.9.7") + .setName("jackson-databind") + .setFullName("com.fasterxml.jackson.core:jackson-databind") + .setDescription("General data-binding functionality for Jackson: works on core streaming API") + .setVersion("2.9.7") + .addParentDependencyKey("mvn+org.springframework:spring-webmvc$5.1.3.RELEASE") + .build(); + underTest.appendDependency(dependency); + + File file = underTest.getFileStructure().dependencies(); + assertThat(file).exists().isFile(); + try (CloseableIterator read = Protobuf.readStream(file, ScannerReport.Dependency.parser())) { + assertThat(Iterators.size(read)).isOne(); + } + } + }