From a02e8181bfd31af586fc4eb40fc044bd56bc5645 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Wed, 5 Jun 2019 11:23:33 +0200 Subject: [PATCH] SONAR-12131 Compute Security Review Rating measures on portfolios and applications --- .../SecurityReviewRatingVisitor.java | 26 +++++++-- .../SecurityReviewRatingVisitorTest.java | 53 +++++++++++++++++-- 2 files changed, 71 insertions(+), 8 deletions(-) diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java index 6e5da70e2f1..cafc9d7c137 100644 --- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java +++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitor.java @@ -22,6 +22,7 @@ package org.sonar.ce.task.projectanalysis.qualitymodel; import java.util.Optional; import org.sonar.ce.task.projectanalysis.component.Component; +import org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit; import org.sonar.ce.task.projectanalysis.component.TypeAwareVisitorAdapter; import org.sonar.ce.task.projectanalysis.measure.Measure; import org.sonar.ce.task.projectanalysis.measure.MeasureRepository; @@ -33,7 +34,8 @@ import org.sonar.server.security.SecurityReviewRating; import static org.sonar.api.measures.CoreMetrics.NCLOC_KEY; import static org.sonar.api.measures.CoreMetrics.SECURITY_HOTSPOTS_KEY; import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING_KEY; -import static org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit.PROJECT; +import static org.sonar.ce.task.projectanalysis.component.Component.Type.PROJECT; +import static org.sonar.ce.task.projectanalysis.component.Component.Type.SUBVIEW; import static org.sonar.ce.task.projectanalysis.measure.Measure.newMeasureBuilder; public class SecurityReviewRatingVisitor extends TypeAwareVisitorAdapter { @@ -44,7 +46,7 @@ public class SecurityReviewRatingVisitor extends TypeAwareVisitorAdapter { private final Metric securityReviewRatingMetric; public SecurityReviewRatingVisitor(MeasureRepository measureRepository, MetricRepository metricRepository) { - super(PROJECT, Order.POST_ORDER); + super(new CrawlerDepthLimit.Builder(PROJECT).withViewsMaxDepth(SUBVIEW), Order.POST_ORDER); this.measureRepository = measureRepository; this.nclocMetric = metricRepository.getByKey(NCLOC_KEY); this.securityHostspotsMetric = metricRepository.getByKey(SECURITY_HOTSPOTS_KEY); @@ -53,15 +55,29 @@ public class SecurityReviewRatingVisitor extends TypeAwareVisitorAdapter { @Override public void visitProject(Component project) { - Optional nclocMeasure = measureRepository.getRawMeasure(project, nclocMetric); - Optional securityHostspotsMeasure = measureRepository.getRawMeasure(project, securityHostspotsMetric); + computeMeasure(project); + } + + @Override + public void visitView(Component view) { + computeMeasure(view); + } + + @Override + public void visitSubView(Component subView) { + computeMeasure(subView); + } + + private void computeMeasure(Component component) { + Optional nclocMeasure = measureRepository.getRawMeasure(component, nclocMetric); + Optional securityHostspotsMeasure = measureRepository.getRawMeasure(component, securityHostspotsMetric); if (!nclocMeasure.isPresent() || !securityHostspotsMeasure.isPresent()) { return; } int ncloc = nclocMeasure.get().getIntValue(); int securityHotspots = securityHostspotsMeasure.get().getIntValue(); Rating rating = SecurityReviewRating.compute(ncloc, securityHotspots); - measureRepository.add(project, securityReviewRatingMetric, newMeasureBuilder().create(rating.getIndex(), rating.name())); + measureRepository.add(component, securityReviewRatingMetric, newMeasureBuilder().create(rating.getIndex(), rating.name())); } } diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java index ee8e616336d..d7a69ccd6fc 100644 --- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java +++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewRatingVisitorTest.java @@ -24,11 +24,12 @@ import org.junit.Rule; import org.junit.Test; import org.sonar.ce.task.projectanalysis.component.Component; import org.sonar.ce.task.projectanalysis.component.TreeRootHolderRule; +import org.sonar.ce.task.projectanalysis.component.ViewAttributes; +import org.sonar.ce.task.projectanalysis.component.ViewsComponent; import org.sonar.ce.task.projectanalysis.component.VisitorsCrawler; import org.sonar.ce.task.projectanalysis.measure.Measure; import org.sonar.ce.task.projectanalysis.measure.MeasureRepositoryRule; import org.sonar.ce.task.projectanalysis.metric.MetricRepositoryRule; -import org.sonar.server.measure.Rating; import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; @@ -40,12 +41,28 @@ import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING; import static org.sonar.api.measures.CoreMetrics.SECURITY_REVIEW_RATING_KEY; import static org.sonar.ce.task.projectanalysis.component.ReportComponent.builder; import static org.sonar.ce.task.projectanalysis.measure.Measure.newMeasureBuilder; +import static org.sonar.server.measure.Rating.B; +import static org.sonar.server.measure.Rating.C; public class SecurityReviewRatingVisitorTest { private static final int PROJECT_REF = 1; private static final Component PROJECT = builder(Component.Type.PROJECT, PROJECT_REF).setKey("project").build(); + private static final int PORTFOLIO_REF = 10; + private static final int SUB_PORTFOLIO_1_REF = 11; + private static final int SUB_PORTFOLIO_2_REF = 12; + private static final Component PORTFOLIO = ViewsComponent.builder(Component.Type.VIEW, Integer.toString(PORTFOLIO_REF)) + .addChildren( + ViewsComponent.builder(Component.Type.SUBVIEW, Integer.toString(SUB_PORTFOLIO_1_REF)).build(), + ViewsComponent.builder(Component.Type.SUBVIEW, Integer.toString(SUB_PORTFOLIO_2_REF)).build()) + .build(); + + private static final int APPLICATION_REF = 20; + private static final Component APPLICATION = ViewsComponent.builder(Component.Type.VIEW, Integer.toString(APPLICATION_REF)) + .setViewAttributes(new ViewAttributes(ViewAttributes.Type.APPLICATION)) + .build(); + @Rule public TreeRootHolderRule treeRootHolder = new TreeRootHolderRule(); @@ -69,8 +86,38 @@ public class SecurityReviewRatingVisitorTest { underTest.visit(PROJECT); Measure measure = measureRepository.getAddedRawMeasure(PROJECT_REF, SECURITY_REVIEW_RATING_KEY).get(); - assertThat(measure.getIntValue()).isEqualTo(Rating.C.getIndex()); - assertThat(measure.getData()).isEqualTo(Rating.C.name()); + assertThat(measure.getIntValue()).isEqualTo(C.getIndex()); + assertThat(measure.getData()).isEqualTo(C.name()); + } + + @Test + public void compute_security_review_rating_on_portfolio() { + treeRootHolder.setRoot(PORTFOLIO); + measureRepository.addRawMeasure(PORTFOLIO_REF, NCLOC_KEY, newMeasureBuilder().create(2000)); + measureRepository.addRawMeasure(PORTFOLIO_REF, SECURITY_HOTSPOTS_KEY, newMeasureBuilder().create(20)); + measureRepository.addRawMeasure(SUB_PORTFOLIO_1_REF, NCLOC_KEY, newMeasureBuilder().create(1000)); + measureRepository.addRawMeasure(SUB_PORTFOLIO_1_REF, SECURITY_HOTSPOTS_KEY, newMeasureBuilder().create(5)); + measureRepository.addRawMeasure(SUB_PORTFOLIO_2_REF, NCLOC_KEY, newMeasureBuilder().create(1000)); + measureRepository.addRawMeasure(SUB_PORTFOLIO_2_REF, SECURITY_HOTSPOTS_KEY, newMeasureBuilder().create(15)); + + underTest.visit(PORTFOLIO); + + assertThat(measureRepository.getAddedRawMeasure(SUB_PORTFOLIO_1_REF, SECURITY_REVIEW_RATING_KEY).get().getIntValue()).isEqualTo(B.getIndex()); + assertThat(measureRepository.getAddedRawMeasure(SUB_PORTFOLIO_2_REF, SECURITY_REVIEW_RATING_KEY).get().getIntValue()).isEqualTo(C.getIndex()); + assertThat(measureRepository.getAddedRawMeasure(PORTFOLIO_REF, SECURITY_REVIEW_RATING_KEY).get().getIntValue()).isEqualTo(B.getIndex()); + } + + @Test + public void compute_security_review_rating_on_application() { + treeRootHolder.setRoot(APPLICATION); + measureRepository.addRawMeasure(APPLICATION_REF, NCLOC_KEY, newMeasureBuilder().create(1000)); + measureRepository.addRawMeasure(APPLICATION_REF, SECURITY_HOTSPOTS_KEY, newMeasureBuilder().create(12)); + + underTest.visit(APPLICATION); + + Measure measure = measureRepository.getAddedRawMeasure(APPLICATION_REF, SECURITY_REVIEW_RATING_KEY).get(); + assertThat(measure.getIntValue()).isEqualTo(C.getIndex()); + assertThat(measure.getData()).isEqualTo(C.name()); } @Test -- 2.39.5