aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulien HENRY <julien.henry@sonarsource.com>2024-09-05 17:29:35 +0200
committersonartech <sonartech@sonarsource.com>2024-09-12 20:02:54 +0000
commit55dfebf3ece23eb11e9d2ea9b862b6fad3dbbfbc (patch)
tree1dd5101d80aad8a0ad309aac649f9fa3a52ef8ab
parent574637dc96a0655344a0623fa1aae861fe073a86 (diff)
downloadsonarqube-55dfebf3ece23eb11e9d2ea9b862b6fad3dbbfbc.tar.gz
sonarqube-55dfebf3ece23eb11e9d2ea9b862b6fad3dbbfbc.zip
SONAR-22914 Add a Sensor to import FOSSA results
-rw-r--r--sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java10
-rw-r--r--sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java13
-rw-r--r--sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java4
-rw-r--r--sonar-scanner-protocol/src/main/protobuf/scanner_report.proto6
4 files changed, 26 insertions, 7 deletions
diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java
index 449c272c8df..6a904f15ee5 100644
--- a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java
+++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java
@@ -44,6 +44,7 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs
private RuleType type;
private String engineId;
private String ruleId;
+ private String cveId;
private Map<SoftwareQuality, org.sonar.api.issue.impact.Severity> impacts = new EnumMap<>(SoftwareQuality.class);
private CleanCodeAttribute cleanCodeAttribute;
@@ -84,6 +85,10 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs
return ruleId;
}
+ public String cveId() {
+ return cveId;
+ }
+
@Override
public Severity severity() {
return this.severity;
@@ -131,6 +136,11 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs
return this;
}
+ public NewExternalIssue cveId(String cveId) {
+ this.cveId = cveId;
+ return this;
+ }
+
@Override
public DefaultExternalIssue forRule(RuleKey ruleKey) {
this.engineId = ruleKey.repository();
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java
index 66329f4e6ac..d09209bb2c7 100644
--- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java
+++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java
@@ -37,6 +37,7 @@ import org.sonar.api.batch.sensor.issue.Issue;
import org.sonar.api.batch.sensor.issue.Issue.Flow;
import org.sonar.api.batch.sensor.issue.MessageFormatting;
import org.sonar.api.batch.sensor.issue.NewIssue.FlowType;
+import org.sonar.api.batch.sensor.issue.internal.DefaultExternalIssue;
import org.sonar.api.batch.sensor.issue.internal.DefaultIssueFlow;
import org.sonar.api.issue.impact.SoftwareQuality;
import org.sonar.api.rules.CleanCodeAttribute;
@@ -88,9 +89,9 @@ public class IssuePublisher {
private static boolean noSonar(DefaultInputComponent inputComponent, Issue issue) {
TextRange textRange = issue.primaryLocation().textRange();
return inputComponent.isFile()
- && textRange != null
- && ((DefaultInputFile) inputComponent).hasNoSonarAt(textRange.start().line())
- && !StringUtils.containsIgnoreCase(issue.ruleKey().rule(), "nosonar");
+ && textRange != null
+ && ((DefaultInputFile) inputComponent).hasNoSonarAt(textRange.start().line())
+ && !StringUtils.containsIgnoreCase(issue.ruleKey().rule(), "nosonar");
}
public void initAndAddExternalIssue(ExternalIssue issue) {
@@ -176,7 +177,11 @@ public class IssuePublisher {
locationBuilder.setComponentRef(componentRef);
TextRange primaryTextRange = issue.primaryLocation().textRange();
- //nullable fields
+ // nullable fields
+ var cveId = ((DefaultExternalIssue) issue).cveId();
+ if (cveId != null) {
+ builder.setCveId(cveId);
+ }
CleanCodeAttribute cleanCodeAttribute = issue.cleanCodeAttribute();
if (cleanCodeAttribute != null) {
builder.setCleanCodeAttribute(cleanCodeAttribute.name());
diff --git a/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java b/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java
index e3f282977fa..5751aada0f8 100644
--- a/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java
+++ b/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java
@@ -199,6 +199,10 @@ public class AnalysisResult implements AnalysisObserver {
return readFromReport(ScannerReportReader::readAdHocRules);
}
+ public List<ScannerReport.Cve> cves() {
+ return readFromReport(ScannerReportReader::readCves);
+ }
+
@NotNull
private <G> List<G> readFromReport(InputComponent component, BiFunction<ScannerReportReader, Integer, CloseableIterator<G>> readerMethod) {
int ref = ((DefaultInputComponent) component).scannerId();
diff --git a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
index fddf8881f31..0a3fa17c4ee 100644
--- a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
+++ b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
@@ -216,7 +216,7 @@ message ExternalIssue {
repeated MessageFormatting msgFormatting = 9;
repeated Impact impacts = 10;
optional string cleanCodeAttribute = 11;
-
+ optional string cve_id = 12;
}
message AdHocRule {
@@ -234,8 +234,8 @@ message Cve {
string cve_id = 1;
string description = 2;
float cvss_score = 3;
- float epss_score = 4;
- float epss_percentile = 5;
+ optional float epss_score = 4;
+ optional float epss_percentile = 5;
int64 published_date = 6;
int64 last_modified_date = 7;
repeated string cwe = 8;