mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36209 Commits
59 Branches
Tree: 4592d63590
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4592d63590'
${ noResults }
sonarqube/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/issue/ComputeLocationHashesVisito...

ComputeLocationHashesVisitor.java 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2024 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.ce.task.projectanalysis.issue;

  21. 

  22. import java.util.HashMap;

  23. import java.util.LinkedList;

  24. import java.util.List;

  25. import java.util.Map;

  26. import java.util.regex.Pattern;

  27. import org.apache.commons.codec.digest.DigestUtils;

  28. import org.slf4j.Logger;

  29. import org.slf4j.LoggerFactory;

  30. import org.sonar.ce.task.projectanalysis.component.Component;

  31. import org.sonar.ce.task.projectanalysis.component.TreeRootHolder;

  32. import org.sonar.ce.task.projectanalysis.source.SourceLinesRepository;

  33. import org.sonar.core.issue.DefaultIssue;

  34. import org.sonar.core.util.CloseableIterator;

  35. import org.sonar.db.protobuf.DbCommons;

  36. import org.sonar.db.protobuf.DbIssues;

  37. import org.sonar.server.issue.TaintChecker;

  38. 

  39. import static org.apache.commons.lang3.StringUtils.defaultIfEmpty;

  40. 

  41. /**

  42.  * This visitor will update the locations field of issues, by filling hashes for their locations:

  43.  * - Primary location hash: for all issues, when needed (ie. is missing or the issue is new/updated)

  44.  * - Secondary location hash: only for taint vulnerabilities and security hotspots, when needed (the issue is new/updated)

  45.  * For performance reasons, it will read each source code file once and feed the lines to all locations in that file.

  46.  */

  47. public class ComputeLocationHashesVisitor extends IssueVisitor {

  48.   private static final Logger LOGGER = LoggerFactory.getLogger(ComputeLocationHashesVisitor.class);

  49. 

  50.   private static final Pattern MATCH_ALL_WHITESPACES = Pattern.compile("\\s");

  51.   private final List<DefaultIssue> issuesForAllLocations = new LinkedList<>();

  52.   private final List<DefaultIssue> issuesForPrimaryLocation = new LinkedList<>();

  53.   private final SourceLinesRepository sourceLinesRepository;

  54.   private final TreeRootHolder treeRootHolder;

  55.   private final TaintChecker taintChecker;

  56. 

  57.   public ComputeLocationHashesVisitor(TaintChecker taintChecker, SourceLinesRepository sourceLinesRepository, TreeRootHolder treeRootHolder) {

  58.     this.taintChecker = taintChecker;

  59.     this.sourceLinesRepository = sourceLinesRepository;

  60.     this.treeRootHolder = treeRootHolder;

  61.   }

  62. 

  63.   @Override

  64.   public void beforeComponent(Component component) {

  65.     issuesForAllLocations.clear();

  66.     issuesForPrimaryLocation.clear();

  67.   }

  68. 

  69.   @Override

  70.   public void onIssue(Component component, DefaultIssue issue) {

  71.     if (issueNeedsLocationHashes(issue)) {

  72.       if (shouldComputeAllLocationHashes(issue)) {

  73.         issuesForAllLocations.add(issue);

  74.       } else if (shouldComputePrimaryLocationHash(issue)) {

  75.         // Issues in this situation are not necessarily marked as changed, so we do it to ensure persistence

  76.         issue.setChanged(true);

  77.         issuesForPrimaryLocation.add(issue);

  78.       }

  79.     }

  80.   }

  81. 

  82.   private static boolean issueNeedsLocationHashes(DefaultIssue issue) {

  83.     DbIssues.Locations locations = issue.getLocations();

  84.     return !issue.isFromExternalRuleEngine()

  85.       && !issue.isBeingClosed()

  86.       && locations != null;

  87.   }

  88. 

  89.   private boolean shouldComputeAllLocationHashes(DefaultIssue issue) {

  90.     return taintChecker.isTaintVulnerability(issue)

  91.       && isIssueUpdated(issue);

  92.   }

  93. 

  94.   private static boolean shouldComputePrimaryLocationHash(DefaultIssue issue) {

  95.     DbIssues.Locations locations = issue.getLocations();

  96.     return (locations.hasTextRange() && !locations.hasChecksum())

  97.       || isIssueUpdated(issue);

  98.   }

  99. 

  100.   private static boolean isIssueUpdated(DefaultIssue issue) {

  101.     return issue.isNew() || issue.locationsChanged();

  102.   }

  103. 

  104.   @Override

  105.   public void beforeCaching(Component component) {

  106.     Map<Component, List<Location>> locationsByComponent = new HashMap<>();

  107.     List<LocationToSet> locationsToSet = new LinkedList<>();

  108. 

  109.     // Issues that needs both primary and secondary locations hashes

  110.     extractForAllLocations(component, locationsByComponent, locationsToSet);

  111.     // Then issues that needs only primary locations

  112.     extractForPrimaryLocation(component, locationsByComponent, locationsToSet);

  113. 

  114.     // Feed lines to locations, component by component

  115.     locationsByComponent.forEach(this::updateLocationsInComponent);

  116. 

  117.     // Finalize by setting hashes 

  118.     locationsByComponent.values().forEach(list -> list.forEach(Location::afterAllLines));

  119. 

  120.     // set new locations to issues

  121.     locationsToSet.forEach(LocationToSet::set);

  122. 

  123.     issuesForAllLocations.clear();

  124.     issuesForPrimaryLocation.clear();

  125.   }

  126. 

  127.   private void extractForAllLocations(Component component, Map<Component, List<Location>> locationsByComponent, List<LocationToSet> locationsToSet) {

  128.     for (DefaultIssue issue : issuesForAllLocations) {

  129.       DbIssues.Locations.Builder locationsBuilder = ((DbIssues.Locations) issue.getLocations()).toBuilder();

  130.       addPrimaryLocation(component, locationsByComponent, locationsBuilder);

  131.       addSecondaryLocations(issue, locationsByComponent, locationsBuilder);

  132.       locationsToSet.add(new LocationToSet(issue, locationsBuilder));

  133.     }

  134.   }

  135. 

  136.   private void extractForPrimaryLocation(Component component, Map<Component, List<Location>> locationsByComponent, List<LocationToSet> locationsToSet) {

  137.     for (DefaultIssue issue : issuesForPrimaryLocation) {

  138.       DbIssues.Locations.Builder locationsBuilder = ((DbIssues.Locations) issue.getLocations()).toBuilder();

  139.       addPrimaryLocation(component, locationsByComponent, locationsBuilder);

  140.       locationsToSet.add(new LocationToSet(issue, locationsBuilder));

  141.     }

  142.   }

  143. 

  144.   private static void addPrimaryLocation(Component component, Map<Component, List<Location>> locationsByComponent, DbIssues.Locations.Builder locationsBuilder) {

  145.     if (locationsBuilder.hasTextRange()) {

  146.       PrimaryLocation primaryLocation = new PrimaryLocation(locationsBuilder);

  147.       locationsByComponent.computeIfAbsent(component, c -> new LinkedList<>()).add(primaryLocation);

  148.     }

  149.   }

  150. 

  151.   private void addSecondaryLocations(DefaultIssue issue, Map<Component, List<Location>> locationsByComponent, DbIssues.Locations.Builder locationsBuilder) {

  152.     List<DbIssues.Location.Builder> locationBuilders = locationsBuilder.getFlowBuilderList().stream()

  153.       .flatMap(flowBuilder -> flowBuilder.getLocationBuilderList().stream())

  154.       .filter(DbIssues.Location.Builder::hasTextRange)

  155.       .toList();

  156. 

  157.     locationBuilders.forEach(locationBuilder -> addSecondaryLocation(locationBuilder, issue, locationsByComponent));

  158.   }

  159. 

  160.   private void addSecondaryLocation(DbIssues.Location.Builder locationBuilder, DefaultIssue issue, Map<Component, List<Location>> locationsByComponent) {

  161.     String componentUuid = defaultIfEmpty(locationBuilder.getComponentId(), issue.componentUuid());

  162.     Component locationComponent = treeRootHolder.getComponentByUuid(componentUuid);

  163.     locationsByComponent.computeIfAbsent(locationComponent, c -> new LinkedList<>()).add(new SecondaryLocation(locationBuilder));

  164.   }

  165. 

  166.   private void updateLocationsInComponent(Component component, List<Location> locations) {

  167.     try (CloseableIterator<String> linesIterator = sourceLinesRepository.readLines(component)) {

  168.       int lineNumber = 1;

  169.       while (linesIterator.hasNext()) {

  170.         String line = linesIterator.next();

  171.         for (Location location : locations) {

  172.           location.processLine(lineNumber, line);

  173.         }

  174.         lineNumber++;

  175.       }

  176.     }

  177.   }

  178. 

  179.   private static class LocationToSet {

  180.     private final DefaultIssue issue;

  181.     private final DbIssues.Locations.Builder locationsBuilder;

  182. 

  183.     public LocationToSet(DefaultIssue issue, DbIssues.Locations.Builder locationsBuilder) {

  184.       this.issue = issue;

  185.       this.locationsBuilder = locationsBuilder;

  186.     }

  187. 

  188.     void set() {

  189.       issue.setLocations(locationsBuilder.build());

  190.     }

  191.   }

  192. 

  193.   private static class PrimaryLocation extends Location {

  194.     private final DbIssues.Locations.Builder locationsBuilder;

  195. 

  196.     public PrimaryLocation(DbIssues.Locations.Builder locationsBuilder) {

  197.       this.locationsBuilder = locationsBuilder;

  198.     }

  199. 

  200.     @Override

  201.     DbCommons.TextRange getTextRange() {

  202.       return locationsBuilder.getTextRange();

  203.     }

  204. 

  205.     @Override

  206.     void setHash(String hash) {

  207.       locationsBuilder.setChecksum(hash);

  208.     }

  209.   }

  210. 

  211.   private static class SecondaryLocation extends Location {

  212.     private final DbIssues.Location.Builder locationBuilder;

  213. 

  214.     public SecondaryLocation(DbIssues.Location.Builder locationBuilder) {

  215.       this.locationBuilder = locationBuilder;

  216.     }

  217. 

  218.     @Override

  219.     DbCommons.TextRange getTextRange() {

  220.       return locationBuilder.getTextRange();

  221.     }

  222. 

  223.     @Override

  224.     void setHash(String hash) {

  225.       locationBuilder.setChecksum(hash);

  226.     }

  227.   }

  228. 

  229.   private abstract static class Location {

  230.     private final StringBuilder hashBuilder = new StringBuilder();

  231. 

  232.     abstract DbCommons.TextRange getTextRange();

  233. 

  234.     abstract void setHash(String hash);

  235. 

  236.     public void processLine(int lineNumber, String line) {

  237.       DbCommons.TextRange textRange = getTextRange();

  238.       if (lineNumber > textRange.getEndLine() || lineNumber < textRange.getStartLine()) {

  239.         return;

  240.       }

  241.       try {

  242.         if (lineNumber == textRange.getStartLine() && lineNumber == textRange.getEndLine()) {

  243.           hashBuilder.append(line, textRange.getStartOffset(), textRange.getEndOffset());

  244.         } else if (lineNumber == textRange.getStartLine()) {

  245.           hashBuilder.append(line, textRange.getStartOffset(), line.length());

  246.         } else if (lineNumber < textRange.getEndLine()) {

  247.           hashBuilder.append(line);

  248.         } else {

  249.           hashBuilder.append(line, 0, textRange.getEndOffset());

  250.         }

  251.       } catch (IndexOutOfBoundsException e) {

  252.         LOGGER.debug("Try to compute issue location hash from {} to {} on line ({} chars): {}",

  253.           textRange.getStartOffset(), textRange.getEndOffset(), line.length(), line);

  254.       }

  255.     }

  256. 

  257.     void afterAllLines() {

  258.       String issueContentWithoutWhitespaces = MATCH_ALL_WHITESPACES.matcher(hashBuilder.toString()).replaceAll("");

  259.       String hash = DigestUtils.md5Hex(issueContentWithoutWhitespaces);

  260.       setHash(hash);

  261.     }

  262.   }

  263. }