mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31670 Commits
59 Branches
Tree: 3ec97d1a43
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3ec97d1a43'
${ noResults }
sonarqube/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewReliabilityAndSecurityRa...

NewReliabilityAndSecurityRatingMeasuresVisitorTest.java 15KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2021 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.ce.task.projectanalysis.qualitymodel;

  21. 

  22. import java.util.Arrays;

  23. import java.util.Date;

  24. import org.junit.Before;

  25. import org.junit.Rule;

  26. import org.junit.Test;

  27. import org.sonar.api.rules.RuleType;

  28. import org.sonar.api.utils.Duration;

  29. import org.sonar.ce.task.projectanalysis.component.Component;

  30. import org.sonar.ce.task.projectanalysis.component.FileAttributes;

  31. import org.sonar.ce.task.projectanalysis.component.ReportComponent;

  32. import org.sonar.ce.task.projectanalysis.component.TreeRootHolderRule;

  33. import org.sonar.ce.task.projectanalysis.component.VisitorsCrawler;

  34. import org.sonar.ce.task.projectanalysis.issue.ComponentIssuesRepositoryRule;

  35. import org.sonar.ce.task.projectanalysis.issue.FillComponentIssuesVisitorRule;

  36. import org.sonar.ce.task.projectanalysis.issue.NewIssueClassifier;

  37. import org.sonar.ce.task.projectanalysis.measure.MeasureAssert;

  38. import org.sonar.ce.task.projectanalysis.measure.MeasureRepositoryRule;

  39. import org.sonar.ce.task.projectanalysis.metric.MetricRepositoryRule;

  40. import org.sonar.core.issue.DefaultIssue;

  41. import org.sonar.core.util.UuidFactoryFast;

  42. import org.sonar.server.measure.Rating;

  43. 

  44. import static org.assertj.core.api.Assertions.assertThat;

  45. import static org.mockito.ArgumentMatchers.any;

  46. import static org.mockito.ArgumentMatchers.eq;

  47. import static org.mockito.Mockito.mock;

  48. import static org.mockito.Mockito.when;

  49. import static org.sonar.api.issue.Issue.RESOLUTION_FIXED;

  50. import static org.sonar.api.measures.CoreMetrics.NEW_RELIABILITY_RATING;

  51. import static org.sonar.api.measures.CoreMetrics.NEW_RELIABILITY_RATING_KEY;

  52. import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_RATING;

  53. import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_RATING_KEY;

  54. import static org.sonar.api.rule.Severity.BLOCKER;

  55. import static org.sonar.api.rule.Severity.CRITICAL;

  56. import static org.sonar.api.rule.Severity.INFO;

  57. import static org.sonar.api.rule.Severity.MAJOR;

  58. import static org.sonar.api.rule.Severity.MINOR;

  59. import static org.sonar.api.rules.RuleType.BUG;

  60. import static org.sonar.api.rules.RuleType.CODE_SMELL;

  61. import static org.sonar.api.rules.RuleType.VULNERABILITY;

  62. import static org.sonar.ce.task.projectanalysis.component.Component.Type.DIRECTORY;

  63. import static org.sonar.ce.task.projectanalysis.component.Component.Type.FILE;

  64. import static org.sonar.ce.task.projectanalysis.component.Component.Type.PROJECT;

  65. import static org.sonar.ce.task.projectanalysis.component.ReportComponent.builder;

  66. import static org.sonar.server.measure.Rating.A;

  67. import static org.sonar.server.measure.Rating.B;

  68. import static org.sonar.server.measure.Rating.C;

  69. import static org.sonar.server.measure.Rating.D;

  70. import static org.sonar.server.measure.Rating.E;

  71. 

  72. public class NewReliabilityAndSecurityRatingMeasuresVisitorTest {

  73. 

  74.   private static final long LEAK_PERIOD_SNAPSHOT_IN_MILLISEC = 12323L;

  75.   private static final Date DEFAULT_ISSUE_CREATION_DATE = new Date(1000L);

  76.   private static final Date AFTER_LEAK_PERIOD_DATE = new Date(LEAK_PERIOD_SNAPSHOT_IN_MILLISEC + 5000L);

  77. 

  78.   static final String LANGUAGE_KEY_1 = "lKey1";

  79. 

  80.   static final int PROJECT_REF = 1;

  81.   static final int ROOT_DIR_REF = 12;

  82.   static final int DIRECTORY_REF = 123;

  83.   static final int FILE_1_REF = 1231;

  84.   static final int FILE_2_REF = 1232;

  85. 

  86.   static final Component ROOT_PROJECT = builder(Component.Type.PROJECT, PROJECT_REF).setKey("project")

  87.     .addChildren(

  88.       builder(DIRECTORY, ROOT_DIR_REF).setKey("dir")

  89.         .addChildren(

  90.           builder(DIRECTORY, DIRECTORY_REF).setKey("directory")

  91.             .addChildren(

  92.               builder(FILE, FILE_1_REF).setFileAttributes(new FileAttributes(false, LANGUAGE_KEY_1, 1)).setKey("file1").build(),

  93.               builder(FILE, FILE_2_REF).setFileAttributes(new FileAttributes(false, LANGUAGE_KEY_1, 1)).setKey("file2").build())

  94.             .build())

  95.         .build())

  96.     .build();

  97. 

  98.   @Rule

  99.   public TreeRootHolderRule treeRootHolder = new TreeRootHolderRule();

  100. 

  101.   @Rule

  102.   public MetricRepositoryRule metricRepository = new MetricRepositoryRule()

  103.     .add(NEW_SECURITY_RATING)

  104.     .add(NEW_RELIABILITY_RATING);

  105. 

  106.   @Rule

  107.   public MeasureRepositoryRule measureRepository = MeasureRepositoryRule.create(treeRootHolder, metricRepository);

  108. 

  109.   @Rule

  110.   public ComponentIssuesRepositoryRule componentIssuesRepositoryRule = new ComponentIssuesRepositoryRule(treeRootHolder);

  111.   @Rule

  112.   public FillComponentIssuesVisitorRule fillComponentIssuesVisitorRule = new FillComponentIssuesVisitorRule(componentIssuesRepositoryRule, treeRootHolder);

  113. 

  114.   private final NewIssueClassifier newIssueClassifier = mock(NewIssueClassifier.class);

  115.   private final VisitorsCrawler underTest = new VisitorsCrawler(Arrays.asList(fillComponentIssuesVisitorRule,

  116.     new NewReliabilityAndSecurityRatingMeasuresVisitor(metricRepository, measureRepository, componentIssuesRepositoryRule, newIssueClassifier)));

  117. 

  118.   @Before

  119.   public void before() {

  120.     when(newIssueClassifier.isEnabled()).thenReturn(true);

  121.   }

  122. 

  123.   @Test

  124.   public void measures_created_for_project_are_all_A_when_they_have_no_FILE_child() {

  125.     ReportComponent root = builder(PROJECT, 1).build();

  126.     treeRootHolder.setRoot(root);

  127. 

  128.     underTest.visit(root);

  129. 

  130.     verifyAddedRawMeasureOnLeakPeriod(1, NEW_SECURITY_RATING_KEY, A);

  131.     verifyAddedRawMeasureOnLeakPeriod(1, NEW_RELIABILITY_RATING_KEY, A);

  132.   }

  133. 

  134.   @Test

  135.   public void no_measure_if_there_is_no_period() {

  136.     when(newIssueClassifier.isEnabled()).thenReturn(false);

  137.     treeRootHolder.setRoot(builder(PROJECT, 1).build());

  138. 

  139.     underTest.visit(treeRootHolder.getRoot());

  140. 

  141.     assertThat(measureRepository.getAddedRawMeasures(1).values()).isEmpty();

  142.   }

  143. 

  144.   @Test

  145.   public void compute_new_security_rating() {

  146.     treeRootHolder.setRoot(ROOT_PROJECT);

  147.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF,

  148.       newVulnerabilityIssue(10L, MAJOR),

  149.       // Should not be taken into account

  150.       oldVulnerabilityIssue(1L, MAJOR),

  151.       newBugIssue(1L, MAJOR));

  152.     fillComponentIssuesVisitorRule.setIssues(FILE_2_REF,

  153.       newVulnerabilityIssue(2L, CRITICAL),

  154.       newVulnerabilityIssue(3L, MINOR),

  155.       // Should not be taken into account

  156.       newVulnerabilityIssue(10L, BLOCKER).setResolution(RESOLUTION_FIXED));

  157.     fillComponentIssuesVisitorRule.setIssues(ROOT_DIR_REF, newVulnerabilityIssue(7L, BLOCKER));

  158. 

  159.     underTest.visit(ROOT_PROJECT);

  160. 

  161.     verifyAddedRawMeasureOnLeakPeriod(FILE_1_REF, NEW_SECURITY_RATING_KEY, C);

  162.     verifyAddedRawMeasureOnLeakPeriod(FILE_2_REF, NEW_SECURITY_RATING_KEY, D);

  163.     verifyAddedRawMeasureOnLeakPeriod(DIRECTORY_REF, NEW_SECURITY_RATING_KEY, D);

  164.     verifyAddedRawMeasureOnLeakPeriod(ROOT_DIR_REF, NEW_SECURITY_RATING_KEY, E);

  165.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SECURITY_RATING_KEY, E);

  166.   }

  167. 

  168.   @Test

  169.   public void compute_new_security_rating_to_A_when_no_issue() {

  170.     treeRootHolder.setRoot(ROOT_PROJECT);

  171.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF);

  172. 

  173.     underTest.visit(ROOT_PROJECT);

  174. 

  175.     verifyAddedRawMeasureOnLeakPeriod(FILE_1_REF, NEW_SECURITY_RATING_KEY, A);

  176.     verifyAddedRawMeasureOnLeakPeriod(FILE_2_REF, NEW_SECURITY_RATING_KEY, A);

  177.     verifyAddedRawMeasureOnLeakPeriod(DIRECTORY_REF, NEW_SECURITY_RATING_KEY, A);

  178.     verifyAddedRawMeasureOnLeakPeriod(ROOT_DIR_REF, NEW_SECURITY_RATING_KEY, A);

  179.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SECURITY_RATING_KEY, A);

  180.   }

  181. 

  182.   @Test

  183.   public void compute_new_security_rating_to_A_when_no_new_issue() {

  184.     treeRootHolder.setRoot(ROOT_PROJECT);

  185.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, oldVulnerabilityIssue(1L, MAJOR));

  186. 

  187.     underTest.visit(ROOT_PROJECT);

  188. 

  189.     verifyAddedRawMeasureOnLeakPeriod(FILE_1_REF, NEW_SECURITY_RATING_KEY, A);

  190.     verifyAddedRawMeasureOnLeakPeriod(FILE_2_REF, NEW_SECURITY_RATING_KEY, A);

  191.     verifyAddedRawMeasureOnLeakPeriod(DIRECTORY_REF, NEW_SECURITY_RATING_KEY, A);

  192.     verifyAddedRawMeasureOnLeakPeriod(ROOT_DIR_REF, NEW_SECURITY_RATING_KEY, A);

  193.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SECURITY_RATING_KEY, A);

  194.   }

  195. 

  196.   @Test

  197.   public void compute_new_reliability_rating() {

  198.     treeRootHolder.setRoot(ROOT_PROJECT);

  199.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF,

  200.       newBugIssue(10L, MAJOR),

  201.       // Should not be taken into account

  202.       oldBugIssue(1L, MAJOR),

  203.       newVulnerabilityIssue(1L, MAJOR));

  204.     fillComponentIssuesVisitorRule.setIssues(FILE_2_REF,

  205.       newBugIssue(2L, CRITICAL),

  206.       newBugIssue(3L, MINOR),

  207.       // Should not be taken into account

  208.       newBugIssue(10L, BLOCKER).setResolution(RESOLUTION_FIXED));

  209.     fillComponentIssuesVisitorRule.setIssues(ROOT_DIR_REF,

  210.       newBugIssue(7L, BLOCKER));

  211. 

  212.     underTest.visit(ROOT_PROJECT);

  213. 

  214.     verifyAddedRawMeasureOnLeakPeriod(FILE_1_REF, NEW_RELIABILITY_RATING_KEY, C);

  215.     verifyAddedRawMeasureOnLeakPeriod(FILE_2_REF, NEW_RELIABILITY_RATING_KEY, D);

  216.     verifyAddedRawMeasureOnLeakPeriod(DIRECTORY_REF, NEW_RELIABILITY_RATING_KEY, D);

  217.     verifyAddedRawMeasureOnLeakPeriod(ROOT_DIR_REF, NEW_RELIABILITY_RATING_KEY, E);

  218.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_RELIABILITY_RATING_KEY, E);

  219.   }

  220. 

  221.   @Test

  222.   public void compute_new_reliability_rating_to_A_when_no_issue() {

  223.     treeRootHolder.setRoot(ROOT_PROJECT);

  224.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF);

  225. 

  226.     underTest.visit(ROOT_PROJECT);

  227. 

  228.     verifyAddedRawMeasureOnLeakPeriod(FILE_1_REF, NEW_RELIABILITY_RATING_KEY, A);

  229.     verifyAddedRawMeasureOnLeakPeriod(FILE_2_REF, NEW_RELIABILITY_RATING_KEY, A);

  230.     verifyAddedRawMeasureOnLeakPeriod(DIRECTORY_REF, NEW_RELIABILITY_RATING_KEY, A);

  231.     verifyAddedRawMeasureOnLeakPeriod(ROOT_DIR_REF, NEW_RELIABILITY_RATING_KEY, A);

  232.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_RELIABILITY_RATING_KEY, A);

  233.   }

  234. 

  235.   @Test

  236.   public void compute_new_reliability_rating_to_A_when_no_new_issue() {

  237.     treeRootHolder.setRoot(ROOT_PROJECT);

  238.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, oldBugIssue(1L, MAJOR));

  239. 

  240.     underTest.visit(ROOT_PROJECT);

  241. 

  242.     verifyAddedRawMeasureOnLeakPeriod(FILE_1_REF, NEW_RELIABILITY_RATING_KEY, A);

  243.     verifyAddedRawMeasureOnLeakPeriod(FILE_2_REF, NEW_RELIABILITY_RATING_KEY, A);

  244.     verifyAddedRawMeasureOnLeakPeriod(DIRECTORY_REF, NEW_RELIABILITY_RATING_KEY, A);

  245.     verifyAddedRawMeasureOnLeakPeriod(ROOT_DIR_REF, NEW_RELIABILITY_RATING_KEY, A);

  246.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_RELIABILITY_RATING_KEY, A);

  247.   }

  248. 

  249.   @Test

  250.   public void compute_E_reliability_and_security_rating_on_blocker_issue() {

  251.     treeRootHolder.setRoot(ROOT_PROJECT);

  252.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF,

  253.       newBugIssue(10L, BLOCKER),

  254.       newVulnerabilityIssue(1L, BLOCKER),

  255.       // Should not be taken into account

  256.       newBugIssue(1L, MAJOR));

  257. 

  258.     underTest.visit(ROOT_PROJECT);

  259. 

  260.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_RELIABILITY_RATING_KEY, E);

  261.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SECURITY_RATING_KEY, E);

  262.   }

  263. 

  264.   @Test

  265.   public void compute_D_reliability_and_security_rating_on_critical_issue() {

  266.     treeRootHolder.setRoot(ROOT_PROJECT);

  267.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF,

  268.       newBugIssue(10L, CRITICAL),

  269.       newVulnerabilityIssue(15L, CRITICAL),

  270.       // Should not be taken into account

  271.       newCodeSmellIssue(1L, MAJOR));

  272. 

  273.     underTest.visit(ROOT_PROJECT);

  274. 

  275.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_RELIABILITY_RATING_KEY, D);

  276.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SECURITY_RATING_KEY, D);

  277.   }

  278. 

  279.   @Test

  280.   public void compute_C_reliability_and_security_rating_on_major_issue() {

  281.     treeRootHolder.setRoot(ROOT_PROJECT);

  282.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF,

  283.       newBugIssue(10L, MAJOR),

  284.       newVulnerabilityIssue(15L, MAJOR),

  285.       // Should not be taken into account

  286.       newCodeSmellIssue(1L, MAJOR));

  287. 

  288.     underTest.visit(ROOT_PROJECT);

  289. 

  290.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_RELIABILITY_RATING_KEY, C);

  291.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SECURITY_RATING_KEY, C);

  292.   }

  293. 

  294.   @Test

  295.   public void compute_B_reliability_and_security_rating_on_minor_issue() {

  296.     treeRootHolder.setRoot(ROOT_PROJECT);

  297.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF,

  298.       newBugIssue(10L, MINOR),

  299.       newVulnerabilityIssue(15L, MINOR),

  300.       // Should not be taken into account

  301.       newCodeSmellIssue(1L, MAJOR));

  302. 

  303.     underTest.visit(ROOT_PROJECT);

  304. 

  305.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_RELIABILITY_RATING_KEY, B);

  306.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SECURITY_RATING_KEY, B);

  307.   }

  308. 

  309.   @Test

  310.   public void compute_A_reliability_and_security_rating_on_info_issue() {

  311.     treeRootHolder.setRoot(ROOT_PROJECT);

  312.     fillComponentIssuesVisitorRule.setIssues(FILE_1_REF,

  313.       newBugIssue(10L, INFO).setCreationDate(AFTER_LEAK_PERIOD_DATE),

  314.       newVulnerabilityIssue(15L, INFO).setCreationDate(AFTER_LEAK_PERIOD_DATE),

  315.       // Should not be taken into account

  316.       newCodeSmellIssue(1L, MAJOR).setCreationDate(AFTER_LEAK_PERIOD_DATE));

  317. 

  318.     underTest.visit(ROOT_PROJECT);

  319. 

  320.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_RELIABILITY_RATING_KEY, A);

  321.     verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SECURITY_RATING_KEY, A);

  322.   }

  323. 

  324.   private void verifyAddedRawMeasureOnLeakPeriod(int componentRef, String metricKey, Rating rating) {

  325.     MeasureAssert.assertThat(measureRepository.getAddedRawMeasure(componentRef, metricKey))

  326.       .hasVariation(rating.getIndex());

  327.   }

  328. 

  329.   private DefaultIssue newBugIssue(long effort, String severity) {

  330.     return createIssue(effort, severity, BUG, true);

  331.   }

  332. 

  333.   private DefaultIssue oldBugIssue(long effort, String severity) {

  334.     return createIssue(effort, severity, BUG, false);

  335.   }

  336. 

  337.   private DefaultIssue newVulnerabilityIssue(long effort, String severity) {

  338.     return createIssue(effort, severity, VULNERABILITY, true);

  339.   }

  340. 

  341.   private DefaultIssue oldVulnerabilityIssue(long effort, String severity) {

  342.     return createIssue(effort, severity, VULNERABILITY, false);

  343.   }

  344. 

  345.   private DefaultIssue newCodeSmellIssue(long effort, String severity) {

  346.     return createIssue(effort, severity, CODE_SMELL, true);

  347.   }

  348. 

  349.   private DefaultIssue createIssue(long effort, String severity, RuleType type, boolean isNew) {

  350.     DefaultIssue issue = createIssue(severity, type)

  351.       .setEffort(Duration.create(effort));

  352.     when(newIssueClassifier.isNew(any(), eq(issue))).thenReturn(isNew);

  353.     return issue;

  354.   }

  355. 

  356.   private static DefaultIssue createIssue(String severity, RuleType type) {

  357.     return new DefaultIssue()

  358.       .setKey(UuidFactoryFast.getInstance().create())

  359.       .setSeverity(severity)

  360.       .setType(type)

  361.       .setCreationDate(DEFAULT_ISSUE_CREATION_DATE);

  362.   }

  363. 

  364. }