diff options
| author | Dejan Milisavljevic <130993898+dejan-milisavljevic-sonarsource@users.noreply.github.com> | 2024-09-18 14:03:50 +0200 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2024-09-18 20:02:59 +0000 |
| commit | e55e29f6e2632c1eef4db2d659e685a50caa10a6 (patch) | |
| tree | c178331b8d79e523a9c3bdbbc82f611781413dbc /server/sonar-ce-task-projectanalysis/src | |
| parent | 7fe4eae27f3b725ea08c79d5a0373596200a1627 (diff) | |
| download | sonarqube-e55e29f6e2632c1eef4db2d659e685a50caa10a6.tar.gz sonarqube-e55e29f6e2632c1eef4db2d659e685a50caa10a6.zip | |
SONAR-22951 Use 5 levels severities for Software Impact
Co-authored-by: Léo Geoffroy <leo.geoffroy@sonarsource.com>
Co-authored-by: Stanislav <31501873+stanislavhh@users.noreply.github.com>
Co-authored-by: Viktor Vorona <viktor.vorona@sonarsource.com>
Co-authored-by: OrlovAlexander <35396155+OrlovAlexander85@users.noreply.github.com>
Co-authored-by: stanislavh <stanislav.honcharov@sonarsource.com>
Diffstat (limited to 'server/sonar-ce-task-projectanalysis/src')
15 files changed, 175 insertions, 132 deletions
diff --git a/server/sonar-ce-task-projectanalysis/src/it/java/org/sonar/ce/task/projectexport/issue/ExportIssuesStepIT.java b/server/sonar-ce-task-projectanalysis/src/it/java/org/sonar/ce/task/projectexport/issue/ExportIssuesStepIT.java index 3feed4fa16e..3dae30abdb8 100644 --- a/server/sonar-ce-task-projectanalysis/src/it/java/org/sonar/ce/task/projectexport/issue/ExportIssuesStepIT.java +++ b/server/sonar-ce-task-projectanalysis/src/it/java/org/sonar/ce/task/projectexport/issue/ExportIssuesStepIT.java @@ -233,6 +233,7 @@ public class ExportIssuesStepIT { .setIssueCreationTime(963L) .setIssueUpdateTime(852L) .addImpact(new ImpactDto().setSoftwareQuality(SoftwareQuality.MAINTAINABILITY).setSeverity(Severity.HIGH)) + .addImpact(new ImpactDto().setSoftwareQuality(SoftwareQuality.SECURITY).setSeverity(Severity.BLOCKER)) .setIssueCloseTime(741L) .setCodeVariants(List.of("v1", "v2")); @@ -270,7 +271,7 @@ public class ExportIssuesStepIT { assertThat(issue.getIssueClosedAt()).isEqualTo(issueDto.getIssueCloseTime()); assertThat(issue.getLocations()).isNotEmpty(); assertThat(issue.getImpactsList()).extracting(ProjectDump.Impact::getSoftwareQuality, ProjectDump.Impact::getSeverity) - .containsOnly(tuple(ProjectDump.SoftwareQuality.MAINTAINABILITY, ProjectDump.Severity.HIGH)); + .containsOnly(tuple(ProjectDump.SoftwareQuality.MAINTAINABILITY, ProjectDump.Severity.HIGH), tuple(ProjectDump.SoftwareQuality.SECURITY, ProjectDump.Severity.BLOCKER)); assertThat(issue.getMessageFormattingsList()) .isEqualTo(ExportIssuesStep.dbToDumpMessageFormatting(messageFormattings.getMessageFormattingList())); assertThat(issue.getCodeVariants()).isEqualTo(issueDto.getCodeVariantsString()); diff --git a/server/sonar-ce-task-projectanalysis/src/it/java/org/sonar/ce/task/projectexport/rule/ExportAdHocRulesStepIT.java b/server/sonar-ce-task-projectanalysis/src/it/java/org/sonar/ce/task/projectexport/rule/ExportAdHocRulesStepIT.java index 0d1ac24b094..94e6af5c4cf 100644 --- a/server/sonar-ce-task-projectanalysis/src/it/java/org/sonar/ce/task/projectexport/rule/ExportAdHocRulesStepIT.java +++ b/server/sonar-ce-task-projectanalysis/src/it/java/org/sonar/ce/task/projectexport/rule/ExportAdHocRulesStepIT.java @@ -207,7 +207,7 @@ public class ExportAdHocRulesStepIT { .setIsAdHoc(true) .setCleanCodeAttribute(CleanCodeAttribute.CONVENTIONAL) .addDefaultImpact(new ImpactDto().setSoftwareQuality(SoftwareQuality.MAINTAINABILITY).setSeverity(org.sonar.api.issue.impact.Severity.MEDIUM)) - .addDefaultImpact(new ImpactDto().setSoftwareQuality(SoftwareQuality.RELIABILITY).setSeverity(org.sonar.api.issue.impact.Severity.HIGH)) + .addDefaultImpact(new ImpactDto().setSoftwareQuality(SoftwareQuality.RELIABILITY).setSeverity(org.sonar.api.issue.impact.Severity.BLOCKER)) .setRuleKey(ruleKey) .setScope(RuleDto.Scope.ALL) .setStatus(RuleStatus.READY); diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/MaintainabilityMeasuresVisitor.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/MaintainabilityMeasuresVisitor.java index 32b15ebaaca..bf7aedad8c2 100644 --- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/MaintainabilityMeasuresVisitor.java +++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/MaintainabilityMeasuresVisitor.java @@ -157,7 +157,7 @@ public class MaintainabilityMeasuresVisitor extends PathAwareVisitorAdapter<Main } private void addSoftwareQualityMaintainabilityRatingMeasure(Component component, double density) { - Rating rating = ratingSettings.getDebtRatingGrid().getAToDRatingForDensity(density); + Rating rating = ratingSettings.getDebtRatingGrid().getRatingForDensity(density); measureRepository.add(component, softwareQualityMaintainabilityRatingMetric, RatingMeasures.get(rating)); } diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewMaintainabilityMeasuresVisitor.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewMaintainabilityMeasuresVisitor.java index f39acc0c7d2..39ac9561d1c 100644 --- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewMaintainabilityMeasuresVisitor.java +++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewMaintainabilityMeasuresVisitor.java @@ -131,7 +131,7 @@ public class NewMaintainabilityMeasuresVisitor extends PathAwareVisitorAdapter<N double densityBasedOnSoftwareQuality = computeDensity(path.current().getNewSoftwareQualityDebt(), path.current().getDevCost()); double newSoftwareQualityDebtRatio = 100.0 * densityBasedOnSoftwareQuality; - int newSoftwareQualityMaintainabilityRating = ratingSettings.getDebtRatingGrid().getAToDRatingForDensity(densityBasedOnSoftwareQuality).getIndex(); + int newSoftwareQualityMaintainabilityRating = ratingSettings.getDebtRatingGrid().getRatingForDensity(densityBasedOnSoftwareQuality).getIndex(); measureRepository.add(component, this.newSoftwareQualityMaintainabilityDebtRatioMetric, newMeasureBuilder().create(newSoftwareQualityDebtRatio)); measureRepository.add(component, this.newSoftwareQualityMaintainabilityRatingMetric, newMeasureBuilder().create(newSoftwareQualityMaintainabilityRating)); } diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewSecurityReviewMeasuresVisitor.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewSecurityReviewMeasuresVisitor.java index e1b92e9b8fb..a6c3a5b32bd 100644 --- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewSecurityReviewMeasuresVisitor.java +++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewSecurityReviewMeasuresVisitor.java @@ -36,8 +36,6 @@ import static org.sonar.api.measures.CoreMetrics.NEW_SECURITY_REVIEW_RATING_KEY; import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT; import static org.sonar.ce.task.projectanalysis.component.ComponentVisitor.Order.POST_ORDER; import static org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit.FILE; -import static org.sonar.core.metric.SoftwareQualitiesMetrics.NEW_SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY; -import static org.sonar.server.security.SecurityReviewRating.computeAToDRating; import static org.sonar.server.security.SecurityReviewRating.computePercent; import static org.sonar.server.security.SecurityReviewRating.computeRating; @@ -46,7 +44,6 @@ public class NewSecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<Se private final ComponentIssuesRepository componentIssuesRepository; private final MeasureRepository measureRepository; private final Metric newSecurityReviewRatingMetric; - private final Metric newSoftwareQualitySecurityReviewRatingMetric; private final Metric newSecurityHotspotsReviewedMetric; private final Metric newSecurityHotspotsReviewedStatusMetric; private final Metric newSecurityHotspotsToReviewStatusMetric; @@ -58,7 +55,6 @@ public class NewSecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<Se this.componentIssuesRepository = componentIssuesRepository; this.measureRepository = measureRepository; this.newSecurityReviewRatingMetric = metricRepository.getByKey(NEW_SECURITY_REVIEW_RATING_KEY); - this.newSoftwareQualitySecurityReviewRatingMetric = metricRepository.getByKey(NEW_SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY); this.newSecurityHotspotsReviewedMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_REVIEWED_KEY); this.newSecurityHotspotsReviewedStatusMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS_KEY); this.newSecurityHotspotsToReviewStatusMetric = metricRepository.getByKey(NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS_KEY); @@ -96,8 +92,6 @@ public class NewSecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<Se Optional<Double> percent = computePercent(path.current().getHotspotsToReview(), path.current().getHotspotsReviewed()); measureRepository.add(component, newSecurityReviewRatingMetric, Measure.newMeasureBuilder().create(computeRating(percent.orElse(null)).getIndex())); - measureRepository.add(component, newSoftwareQualitySecurityReviewRatingMetric, - Measure.newMeasureBuilder().create(computeAToDRating(percent.orElse(null)).getIndex())); percent.ifPresent(p -> measureRepository.add(component, newSecurityHotspotsReviewedMetric, Measure.newMeasureBuilder().create(p))); if (!path.isRoot()) { diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewMeasuresVisitor.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewMeasuresVisitor.java index df9029b0328..c8e8ec02fc0 100644 --- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewMeasuresVisitor.java +++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewMeasuresVisitor.java @@ -37,8 +37,6 @@ import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT; import static org.sonar.ce.task.projectanalysis.component.ComponentVisitor.Order.POST_ORDER; import static org.sonar.ce.task.projectanalysis.component.CrawlerDepthLimit.FILE; import static org.sonar.ce.task.projectanalysis.measure.Measure.newMeasureBuilder; -import static org.sonar.core.metric.SoftwareQualitiesMetrics.SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY; -import static org.sonar.server.security.SecurityReviewRating.computeAToDRating; import static org.sonar.server.security.SecurityReviewRating.computePercent; import static org.sonar.server.security.SecurityReviewRating.computeRating; @@ -47,7 +45,6 @@ public class SecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<Secur private final ComponentIssuesRepository componentIssuesRepository; private final MeasureRepository measureRepository; private final Metric securityReviewRatingMetric; - private final Metric softwareQualitySecurityReviewRatingMetric; private final Metric securityHotspotsReviewedMetric; private final Metric securityHotspotsReviewedStatusMetric; private final Metric securityHotspotsToReviewStatusMetric; @@ -57,7 +54,6 @@ public class SecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<Secur this.componentIssuesRepository = componentIssuesRepository; this.measureRepository = measureRepository; this.securityReviewRatingMetric = metricRepository.getByKey(SECURITY_REVIEW_RATING_KEY); - this.softwareQualitySecurityReviewRatingMetric = metricRepository.getByKey(SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY); this.securityHotspotsReviewedMetric = metricRepository.getByKey(SECURITY_HOTSPOTS_REVIEWED_KEY); this.securityHotspotsReviewedStatusMetric = metricRepository.getByKey(SECURITY_HOTSPOTS_REVIEWED_STATUS_KEY); this.securityHotspotsToReviewStatusMetric = metricRepository.getByKey(SECURITY_HOTSPOTS_TO_REVIEW_STATUS_KEY); @@ -88,8 +84,6 @@ public class SecurityReviewMeasuresVisitor extends PathAwareVisitorAdapter<Secur measureRepository.add(component, securityHotspotsToReviewStatusMetric, newMeasureBuilder().create(path.current().getHotspotsToReview())); Optional<Double> percent = computePercent(path.current().getHotspotsToReview(), path.current().getHotspotsReviewed()); measureRepository.add(component, securityReviewRatingMetric, RatingMeasures.get(computeRating(percent.orElse(null)))); - measureRepository.add(component, softwareQualitySecurityReviewRatingMetric, - RatingMeasures.get(computeAToDRating(percent.orElse(null)))); percent.ifPresent(p -> measureRepository.add(component, securityHotspotsReviewedMetric, newMeasureBuilder().create(p, securityHotspotsReviewedMetric.getDecimalScale()))); if (!path.isRoot()) { diff --git a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/step/PersistLiveMeasuresStep.java b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/step/PersistLiveMeasuresStep.java index 7ec45800832..42497ea5066 100644 --- a/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/step/PersistLiveMeasuresStep.java +++ b/server/sonar-ce-task-projectanalysis/src/main/java/org/sonar/ce/task/projectanalysis/step/PersistLiveMeasuresStep.java @@ -114,7 +114,6 @@ public class PersistLiveMeasuresStep implements ComputationStep { SoftwareQualitiesMetrics.SOFTWARE_QUALITY_MAINTAINABILITY_RATING_KEY, SoftwareQualitiesMetrics.SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, SoftwareQualitiesMetrics.SOFTWARE_QUALITY_SECURITY_RATING_KEY, - SoftwareQualitiesMetrics.SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY, SoftwareQualitiesMetrics.EFFORT_TO_REACH_SOFTWARE_QUALITY_MAINTAINABILITY_RATING_A_KEY, SoftwareQualitiesMetrics.SOFTWARE_QUALITY_MAINTAINABILITY_REMEDIATION_EFFORT_KEY, SoftwareQualitiesMetrics.SOFTWARE_QUALITY_SECURITY_REMEDIATION_EFFORT_KEY, diff --git a/server/sonar-ce-task-projectanalysis/src/main/protobuf/project_dump.proto b/server/sonar-ce-task-projectanalysis/src/main/protobuf/project_dump.proto index d1e3782b7f1..114fdda60f4 100644 --- a/server/sonar-ce-task-projectanalysis/src/main/protobuf/project_dump.proto +++ b/server/sonar-ce-task-projectanalysis/src/main/protobuf/project_dump.proto @@ -253,4 +253,6 @@ enum Severity { LOW = 0; MEDIUM = 1; HIGH = 2; + INFO = 3; + BLOCKER = 4; } diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/issue/IssueCounterTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/issue/IssueCounterTest.java index 7ad66ed9b40..f47a6da5495 100644 --- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/issue/IssueCounterTest.java +++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/issue/IssueCounterTest.java @@ -126,6 +126,7 @@ import static org.sonar.ce.task.projectanalysis.issue.IssueCounter.IMPACT_TO_MET import static org.sonar.ce.task.projectanalysis.issue.IssueCounter.IMPACT_TO_NEW_METRIC_KEY; import static org.sonar.ce.task.projectanalysis.measure.Measure.newMeasureBuilder; import static org.sonar.ce.task.projectanalysis.measure.MeasureRepoEntry.entryOf; +import static org.sonar.test.JsonAssert.assertJson; class IssueCounterTest { @@ -316,9 +317,11 @@ class IssueCounterTest { underTest.beforeComponent(PROJECT); underTest.afterComponent(PROJECT); - assertIntValue(FILE1, entry(NEW_VIOLATIONS_KEY, 2), entry(NEW_CRITICAL_VIOLATIONS_KEY, 2), entry(NEW_BLOCKER_VIOLATIONS_KEY, 0), entry(NEW_MAJOR_VIOLATIONS_KEY, 0), + assertIntValue(FILE1, entry(NEW_VIOLATIONS_KEY, 2), entry(NEW_CRITICAL_VIOLATIONS_KEY, 2), entry(NEW_BLOCKER_VIOLATIONS_KEY, 0), + entry(NEW_MAJOR_VIOLATIONS_KEY, 0), entry(NEW_CODE_SMELLS_KEY, 1), entry(NEW_BUGS_KEY, 1), entry(NEW_VULNERABILITIES_KEY, 0), entry(NEW_SECURITY_HOTSPOTS_KEY, 1)); - assertIntValue(PROJECT, entry(NEW_VIOLATIONS_KEY, 2), entry(NEW_CRITICAL_VIOLATIONS_KEY, 2), entry(NEW_BLOCKER_VIOLATIONS_KEY, 0), entry(NEW_MAJOR_VIOLATIONS_KEY, 0), + assertIntValue(PROJECT, entry(NEW_VIOLATIONS_KEY, 2), entry(NEW_CRITICAL_VIOLATIONS_KEY, 2), entry(NEW_BLOCKER_VIOLATIONS_KEY, 0), + entry(NEW_MAJOR_VIOLATIONS_KEY, 0), entry(NEW_CODE_SMELLS_KEY, 1), entry(NEW_BUGS_KEY, 1), entry(NEW_VULNERABILITIES_KEY, 0), entry(NEW_SECURITY_HOTSPOTS_KEY, 1)); } @@ -350,14 +353,14 @@ class IssueCounterTest { when(newIssueClassifier.isEnabled()).thenReturn(true); underTest.beforeComponent(FILE1); - underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, HIGH)); + underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, HIGH)); underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, MEDIUM)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, HIGH)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_RESOLVED, SoftwareQuality.MAINTAINABILITY, HIGH)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, MEDIUM)); - underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.SECURITY, HIGH)); + underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.SECURITY, HIGH)); underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.SECURITY, MEDIUM)); underTest.onIssue(FILE1, createNewSecurityHotspot()); @@ -368,9 +371,9 @@ class IssueCounterTest { Set<Map.Entry<String, Measure>> entries = measureRepository.getRawMeasures(FILE1).entrySet(); - assertOverallSoftwareQualityMeasures(SoftwareQuality.MAINTAINABILITY, getImpactMeasure(4, 2, 2, 0), entries); - assertOverallSoftwareQualityMeasures(SoftwareQuality.SECURITY, getImpactMeasure(2, 1, 1, 0), entries); - assertOverallSoftwareQualityMeasures(SoftwareQuality.RELIABILITY, getImpactMeasure(0, 0, 0, 0), entries); + assertOverallSoftwareQualityMeasures(SoftwareQuality.MAINTAINABILITY, getImpactMeasure(4, 2, 2, 0, 0, 0), entries); + assertOverallSoftwareQualityMeasures(SoftwareQuality.SECURITY, getImpactMeasure(2, 1, 1, 0, 0, 0), entries); + assertOverallSoftwareQualityMeasures(SoftwareQuality.RELIABILITY, getImpactMeasure(0, 0, 0, 0, 0, 0), entries); } @Test @@ -378,17 +381,17 @@ class IssueCounterTest { when(newIssueClassifier.isEnabled()).thenReturn(true); underTest.beforeComponent(FILE1); - underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, HIGH)); + underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, HIGH)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, HIGH)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_RESOLVED, SoftwareQuality.MAINTAINABILITY, HIGH)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.MAINTAINABILITY, MEDIUM)); - underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.RELIABILITY, HIGH)); + underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.RELIABILITY, HIGH)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.RELIABILITY, LOW)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_RESOLVED, SoftwareQuality.RELIABILITY, HIGH)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.RELIABILITY, MEDIUM)); - underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.SECURITY, MEDIUM)); + underTest.onIssue(FILE1, createIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.SECURITY, MEDIUM)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.SECURITY, LOW)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.SECURITY, HIGH)); underTest.onIssue(FILE1, createNewIssue(RESOLUTION_WONT_FIX, STATUS_OPEN, SoftwareQuality.SECURITY, HIGH)); @@ -402,9 +405,9 @@ class IssueCounterTest { Set<Map.Entry<String, Measure>> entries = measureRepository.getRawMeasures(FILE1).entrySet(); - assertNewSoftwareQualityMeasures(SoftwareQuality.MAINTAINABILITY, getImpactMeasure(2, 1, 1, 0), entries); - assertNewSoftwareQualityMeasures(SoftwareQuality.RELIABILITY, getImpactMeasure(2, 0, 1, 1), entries); - assertNewSoftwareQualityMeasures(SoftwareQuality.SECURITY, getImpactMeasure(4, 2, 1, 1), entries); + assertNewSoftwareQualityMeasures(SoftwareQuality.MAINTAINABILITY, getImpactMeasure(2, 1, 1, 0, 0, 0), entries); + assertNewSoftwareQualityMeasures(SoftwareQuality.RELIABILITY, getImpactMeasure(2, 0, 1, 1, 0, 0), entries); + assertNewSoftwareQualityMeasures(SoftwareQuality.SECURITY, getImpactMeasure(4, 2, 1, 1, 0, 0), entries); } private static Map<String, Long> getImpactMeasure(long total, long high, long medium, long low) { @@ -416,6 +419,13 @@ class IssueCounterTest { return map; } + private static Map<String, Long> getImpactMeasure(long total, long high, long medium, long low, long info, long blocker) { + Map<String, Long> map = getImpactMeasure(total, high, medium, low); + map.put(Severity.INFO.name(), info); + map.put(Severity.BLOCKER.name(), blocker); + return map; + } + private void assertOverallSoftwareQualityMeasures(SoftwareQuality softwareQuality, Map<? extends String, Long> expectedMap, Set<Map.Entry<String, Measure>> actualRaw) { assertSoftwareQualityMeasures(softwareQuality, expectedMap, actualRaw, IMPACT_TO_METRIC_KEY); @@ -434,7 +444,7 @@ class IssueCounterTest { .findFirst() .get(); - assertThat(softwareQualityMap.getValue().getData()).isEqualTo(new Gson().toJson(expectedMap)); + assertJson(softwareQualityMap.getValue().getData()).isSimilarTo(new Gson().toJson(expectedMap)); } @Test @@ -513,9 +523,11 @@ class IssueCounterTest { underTest.beforeComponent(PROJECT); underTest.afterComponent(PROJECT); - assertIntValue(FILE1, entry(NEW_VIOLATIONS_KEY, 0), entry(NEW_CRITICAL_VIOLATIONS_KEY, 0), entry(NEW_BLOCKER_VIOLATIONS_KEY, 0), entry(NEW_MAJOR_VIOLATIONS_KEY, 0), + assertIntValue(FILE1, entry(NEW_VIOLATIONS_KEY, 0), entry(NEW_CRITICAL_VIOLATIONS_KEY, 0), entry(NEW_BLOCKER_VIOLATIONS_KEY, 0), + entry(NEW_MAJOR_VIOLATIONS_KEY, 0), entry(NEW_VULNERABILITIES_KEY, 0)); - assertIntValue(PROJECT, entry(NEW_VIOLATIONS_KEY, 0), entry(NEW_CRITICAL_VIOLATIONS_KEY, 0), entry(NEW_BLOCKER_VIOLATIONS_KEY, 0), entry(NEW_MAJOR_VIOLATIONS_KEY, 0), + assertIntValue(PROJECT, entry(NEW_VIOLATIONS_KEY, 0), entry(NEW_CRITICAL_VIOLATIONS_KEY, 0), entry(NEW_BLOCKER_VIOLATIONS_KEY, 0), + entry(NEW_MAJOR_VIOLATIONS_KEY, 0), entry(NEW_VULNERABILITIES_KEY, 0)); } @@ -546,7 +558,8 @@ class IssueCounterTest { return createNewIssue(resolution, status, SoftwareQuality.MAINTAINABILITY, impactSeverity); } - private DefaultIssue createNewIssue(@Nullable String resolution, String status, SoftwareQuality softwareQuality, Severity impactSeverity) { + private DefaultIssue createNewIssue(@Nullable String resolution, String status, SoftwareQuality softwareQuality, + Severity impactSeverity) { DefaultIssue issue = createNewIssue(resolution, status, MAJOR, CODE_SMELL); issue.addImpact(softwareQuality, impactSeverity); return issue; @@ -566,7 +579,8 @@ class IssueCounterTest { return createIssue(resolution, status, SoftwareQuality.MAINTAINABILITY, impactSeverity); } - private static DefaultIssue createIssue(@Nullable String resolution, String status, SoftwareQuality softwareQuality, Severity impactSeverity) { + private static DefaultIssue createIssue(@Nullable String resolution, String status, SoftwareQuality softwareQuality, + Severity impactSeverity) { DefaultIssue issue = createIssue(resolution, status, MAJOR, CODE_SMELL); issue.addImpact(softwareQuality, impactSeverity); return issue; diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/MaintainabilityMeasuresVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/MaintainabilityMeasuresVisitorTest.java index e2741c6a5da..25779ab5480 100644 --- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/MaintainabilityMeasuresVisitorTest.java +++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/MaintainabilityMeasuresVisitorTest.java @@ -279,7 +279,7 @@ class MaintainabilityMeasuresVisitorTest { verifyAddedRawMeasure(FILE_1_REF, SOFTWARE_QUALITY_MAINTAINABILITY_RATING_KEY, C); verifyAddedRawMeasure(FILE_2_REF, SOFTWARE_QUALITY_MAINTAINABILITY_RATING_KEY, A); verifyAddedRawMeasure(DIRECTORY_REF, SOFTWARE_QUALITY_MAINTAINABILITY_RATING_KEY, C); - verifyAddedRawMeasure(PROJECT_REF, SOFTWARE_QUALITY_MAINTAINABILITY_RATING_KEY, D); + verifyAddedRawMeasure(PROJECT_REF, SOFTWARE_QUALITY_MAINTAINABILITY_RATING_KEY, E); } @ParameterizedTest diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewMaintainabilityMeasuresVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewMaintainabilityMeasuresVisitorTest.java index 19415757cec..ad891b15259 100644 --- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewMaintainabilityMeasuresVisitorTest.java +++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewMaintainabilityMeasuresVisitorTest.java @@ -358,7 +358,7 @@ public class NewMaintainabilityMeasuresVisitorTest { @ParameterizedTest @MethodSource("metrics") - void compute_new_maintainability_rating_map_to_D(String remediationEffortKey, String debtRatioKey, String ratingKey) { + void compute_new_maintainability_rating_map_to_E(String remediationEffortKey, String debtRatioKey, String ratingKey) { ReportComponent file = builder(FILE, LANGUAGE_1_FILE_REF).setFileAttributes(new FileAttributes(false, LANGUAGE_1_KEY, 1)).build(); treeRootHolder.setRoot( builder(PROJECT, ROOT_REF) @@ -375,12 +375,7 @@ public class NewMaintainabilityMeasuresVisitorTest { setNewLines(file, 3, 4); underTest.visit(treeRootHolder.getRoot()); - - if (ratingKey.equals(NEW_SOFTWARE_QUALITY_MAINTAINABILITY_RATING_KEY)) { - assertNewRating(ratingKey, LANGUAGE_1_FILE_REF, D); - } else if (ratingKey.equals(NEW_MAINTAINABILITY_RATING_KEY)) { - assertNewRating(ratingKey, LANGUAGE_1_FILE_REF, E); - } + assertNewRating(ratingKey, LANGUAGE_1_FILE_REF, E); } @Test diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewReliabilityAndSecurityRatingMeasuresVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewReliabilityAndSecurityRatingMeasuresVisitorTest.java index f2d94abce7a..48eba3a7541 100644 --- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewReliabilityAndSecurityRatingMeasuresVisitorTest.java +++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewReliabilityAndSecurityRatingMeasuresVisitorTest.java @@ -186,7 +186,7 @@ class NewReliabilityAndSecurityRatingMeasuresVisitorTest { oldImpactIssue(SoftwareQuality.SECURITY, Severity.HIGH)); fillComponentIssuesVisitorRule.setIssues(FILE_2_REF, newImpactIssue(SoftwareQuality.SECURITY, Severity.LOW), - newImpactIssue(SoftwareQuality.SECURITY, Severity.HIGH), + newImpactIssue(SoftwareQuality.SECURITY, Severity.BLOCKER), // Should not be taken into account oldImpactIssue(SoftwareQuality.SECURITY, Severity.HIGH)); fillComponentIssuesVisitorRule.setIssues(ROOT_DIR_REF, newImpactIssue(SoftwareQuality.SECURITY, Severity.HIGH)); @@ -194,10 +194,10 @@ class NewReliabilityAndSecurityRatingMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); verifyAddedRawMeasureOnLeakPeriod(FILE_1_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, C); - verifyAddedRawMeasureOnLeakPeriod(FILE_2_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, D); - verifyAddedRawMeasureOnLeakPeriod(DIRECTORY_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, D); - verifyAddedRawMeasureOnLeakPeriod(ROOT_DIR_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, D); - verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, D); + verifyAddedRawMeasureOnLeakPeriod(FILE_2_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, E); + verifyAddedRawMeasureOnLeakPeriod(DIRECTORY_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, E); + verifyAddedRawMeasureOnLeakPeriod(ROOT_DIR_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, E); + verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, E); } @Test @@ -289,7 +289,7 @@ class NewReliabilityAndSecurityRatingMeasuresVisitorTest { // Should not be taken into account oldImpactIssue(SoftwareQuality.RELIABILITY, Severity.HIGH)); fillComponentIssuesVisitorRule.setIssues(FILE_2_REF, - newImpactIssue(SoftwareQuality.RELIABILITY, Severity.LOW), + newImpactIssue(SoftwareQuality.RELIABILITY, Severity.INFO), newImpactIssue(SoftwareQuality.RELIABILITY, Severity.HIGH), // Should not be taken into account oldImpactIssue(SoftwareQuality.RELIABILITY, Severity.HIGH)); @@ -376,6 +376,21 @@ class NewReliabilityAndSecurityRatingMeasuresVisitorTest { } @Test + void compute_E_software_quality_reliability_and_security_rating_on_blocker_severity_issue() { + treeRootHolder.setRoot(ROOT_PROJECT); + fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, + newImpactIssue(SoftwareQuality.RELIABILITY, Severity.BLOCKER), + newImpactIssue(SoftwareQuality.SECURITY, Severity.BLOCKER), + // Should not be taken into account + newCodeSmellIssue(1L, MAJOR)); + + underTest.visit(ROOT_PROJECT); + + verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, E); + verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, E); + } + + @Test void compute_D_reliability_and_security_rating_on_critical_issue() { treeRootHolder.setRoot(ROOT_PROJECT); fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, @@ -481,6 +496,21 @@ class NewReliabilityAndSecurityRatingMeasuresVisitorTest { } @Test + void compute_A_software_quality_reliability_and_security_rating_on_info_severity_issue() { + treeRootHolder.setRoot(ROOT_PROJECT); + fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, + newImpactIssue(SoftwareQuality.RELIABILITY, Severity.INFO), + newImpactIssue(SoftwareQuality.SECURITY, Severity.INFO), + // Should not be taken into account + newCodeSmellIssue(1L, MAJOR)); + + underTest.visit(ROOT_PROJECT); + + verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, A); + verifyAddedRawMeasureOnLeakPeriod(PROJECT_REF, NEW_SOFTWARE_QUALITY_SECURITY_RATING_KEY, A); + } + + @Test void compute_A_software_quality_reliability_and_security_rating_when_no_issue() { treeRootHolder.setRoot(ROOT_PROJECT); fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewSecurityReviewMeasuresVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewSecurityReviewMeasuresVisitorTest.java index 2fe66648466..83d8db3d25c 100644 --- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewSecurityReviewMeasuresVisitorTest.java +++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/NewSecurityReviewMeasuresVisitorTest.java @@ -68,8 +68,6 @@ import static org.sonar.server.measure.Rating.B; import static org.sonar.server.measure.Rating.C; import static org.sonar.server.measure.Rating.D; import static org.sonar.server.measure.Rating.E; -import static org.sonar.core.metric.SoftwareQualitiesMetrics.NEW_SOFTWARE_QUALITY_SECURITY_REVIEW_RATING; -import static org.sonar.core.metric.SoftwareQualitiesMetrics.NEW_SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY; class NewSecurityReviewMeasuresVisitorTest { private static final Offset<Double> VALUE_COMPARISON_OFFSET = Offset.offset(0.01); @@ -98,7 +96,6 @@ class NewSecurityReviewMeasuresVisitorTest { @RegisterExtension private final MetricRepositoryRule metricRepository = new MetricRepositoryRule() .add(NEW_SECURITY_REVIEW_RATING) - .add(NEW_SOFTWARE_QUALITY_SECURITY_REVIEW_RATING) .add(NEW_SECURITY_HOTSPOTS_REVIEWED) .add(NEW_SECURITY_HOTSPOTS_REVIEWED_STATUS) .add(NEW_SECURITY_HOTSPOTS_TO_REVIEW_STATUS); @@ -134,11 +131,11 @@ class NewSecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(FILE_2_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(PROJECT_REF, A, A, 100.0); + verifyRatingAndReviewedMeasures(FILE_1_REF, A, 100.0); + verifyRatingAndReviewedMeasures(FILE_2_REF, A, 100.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, A, 100.0); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, A, 100.0); + verifyRatingAndReviewedMeasures(PROJECT_REF, A, 100.0); } @Test @@ -163,11 +160,11 @@ class NewSecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(FILE_2_REF, A, B, 80.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, A, B, 87.5); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, A, B, 87.5); - verifyRatingAndReviewedMeasures(PROJECT_REF, A, B, 87.5); + verifyRatingAndReviewedMeasures(FILE_1_REF, A, 100.0); + verifyRatingAndReviewedMeasures(FILE_2_REF, A, 80.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, A, 87.5); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, A, 87.5); + verifyRatingAndReviewedMeasures(PROJECT_REF, A, 87.5); } @Test @@ -192,11 +189,11 @@ class NewSecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(FILE_2_REF, B, B, 71.42); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, B, B, 75.0); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, B, B, 75.0); - verifyRatingAndReviewedMeasures(PROJECT_REF, B, B, 75.0); + verifyRatingAndReviewedMeasures(FILE_1_REF, A, 100.0); + verifyRatingAndReviewedMeasures(FILE_2_REF, B, 71.42); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, B, 75.0); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, B, 75.0); + verifyRatingAndReviewedMeasures(PROJECT_REF, B, 75.0); } @Test @@ -220,11 +217,11 @@ class NewSecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, C, C, 50.0); - verifyRatingAndReviewedMeasures(FILE_2_REF, C, C, 60.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, C, C, 57.14); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, C, C, 57.14); - verifyRatingAndReviewedMeasures(PROJECT_REF, C, C, 57.14); + verifyRatingAndReviewedMeasures(FILE_1_REF, C, 50.0); + verifyRatingAndReviewedMeasures(FILE_2_REF, C, 60.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, C, 57.14); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, C, 57.14); + verifyRatingAndReviewedMeasures(PROJECT_REF, C, 57.14); } @Test @@ -249,11 +246,11 @@ class NewSecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, D, D, 33.33); - verifyRatingAndReviewedMeasures(FILE_2_REF, D, D, 40.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, D, D, 37.5); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, D, D, 37.5); - verifyRatingAndReviewedMeasures(PROJECT_REF, D, D, 37.5); + verifyRatingAndReviewedMeasures(FILE_1_REF, D, 33.33); + verifyRatingAndReviewedMeasures(FILE_2_REF, D, 40.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, D, 37.5); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, D, 37.5); + verifyRatingAndReviewedMeasures(PROJECT_REF, D, 37.5); } @Test @@ -276,11 +273,11 @@ class NewSecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, D, D, 33.33); - verifyRatingAndReviewedMeasures(FILE_2_REF, E, D, 0.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, E, D, 16.66); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, E, D, 16.66); - verifyRatingAndReviewedMeasures(PROJECT_REF, E, D, 16.66); + verifyRatingAndReviewedMeasures(FILE_1_REF, D, 33.33); + verifyRatingAndReviewedMeasures(FILE_2_REF, E, 0.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, E, 16.66); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, E, 16.66); + verifyRatingAndReviewedMeasures(PROJECT_REF, E, 16.66); } @Test @@ -293,7 +290,7 @@ class NewSecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(PROJECT_REF, A, A, null); + verifyRatingAndReviewedMeasures(PROJECT_REF, A, null); } @Test @@ -343,10 +340,8 @@ class NewSecurityReviewMeasuresVisitorTest { assertThat(measureRepository.getAddedRawMeasures(PROJECT_REF).values()).isEmpty(); } - private void verifyRatingAndReviewedMeasures(int componentRef, Rating expectedReviewRating, - Rating expectedSoftwareQualitySecurityReviewRating, @Nullable Double expectedHotspotsReviewed) { + private void verifyRatingAndReviewedMeasures(int componentRef, Rating expectedReviewRating, @Nullable Double expectedHotspotsReviewed) { assertThat(measureRepository.getAddedRawMeasure(componentRef, NEW_SECURITY_REVIEW_RATING_KEY)).hasValue(expectedReviewRating.getIndex()); - assertThat(measureRepository.getAddedRawMeasure(componentRef, NEW_SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY)).hasValue(expectedSoftwareQualitySecurityReviewRating.getIndex()); if (expectedHotspotsReviewed != null) { assertThat(measureRepository.getAddedRawMeasure(componentRef, NEW_SECURITY_HOTSPOTS_REVIEWED_KEY)).hasValue(expectedHotspotsReviewed, VALUE_COMPARISON_OFFSET); diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/ReliabilityAndSecurityRatingMeasuresVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/ReliabilityAndSecurityRatingMeasuresVisitorTest.java index fae829957bb..9ce99a9556a 100644 --- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/ReliabilityAndSecurityRatingMeasuresVisitorTest.java +++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/ReliabilityAndSecurityRatingMeasuresVisitorTest.java @@ -163,7 +163,7 @@ class ReliabilityAndSecurityRatingMeasuresVisitorTest { // Should not be taken into account newImpactIssue(SoftwareQuality.SECURITY, Severity.HIGH)); - fillComponentIssuesVisitorRule.setIssues(PROJECT_REF, newImpactIssue(SoftwareQuality.RELIABILITY, Severity.HIGH)); + fillComponentIssuesVisitorRule.setIssues(PROJECT_REF, newImpactIssue(SoftwareQuality.RELIABILITY, Severity.BLOCKER)); underTest.visit(ROOT_PROJECT); @@ -171,7 +171,7 @@ class ReliabilityAndSecurityRatingMeasuresVisitorTest { verifyAddedRawMeasure(FILE_2_REF, SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, C); verifyAddedRawMeasure(FILE_3_REF, SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, A); verifyAddedRawMeasure(DIRECTORY_REF, SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, C); - verifyAddedRawMeasure(PROJECT_REF, SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, D); + verifyAddedRawMeasure(PROJECT_REF, SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, E); } @Test @@ -197,13 +197,13 @@ class ReliabilityAndSecurityRatingMeasuresVisitorTest { void compute_software_quality_security_rating() { treeRootHolder.setRoot(ROOT_PROJECT); fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, - newImpactIssue(SoftwareQuality.SECURITY, Severity.LOW), + newImpactIssue(SoftwareQuality.SECURITY, Severity.INFO), // Should not be taken into account newImpactIssue(SoftwareQuality.RELIABILITY, Severity.HIGH)); fillComponentIssuesVisitorRule.setIssues(FILE_2_REF, newImpactIssue(SoftwareQuality.SECURITY, Severity.MEDIUM), // Should not be taken into account - newImpactIssue(SoftwareQuality.RELIABILITY, Severity.HIGH)); + newImpactIssue(SoftwareQuality.RELIABILITY, Severity.BLOCKER)); fillComponentIssuesVisitorRule.setIssues(FILE_3_REF, // Should not be taken into account newImpactIssue(SoftwareQuality.RELIABILITY, Severity.HIGH)); @@ -212,7 +212,7 @@ class ReliabilityAndSecurityRatingMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyAddedRawMeasure(FILE_1_REF, SOFTWARE_QUALITY_SECURITY_RATING_KEY, B); + verifyAddedRawMeasure(FILE_1_REF, SOFTWARE_QUALITY_SECURITY_RATING_KEY, A); verifyAddedRawMeasure(FILE_2_REF, SOFTWARE_QUALITY_SECURITY_RATING_KEY, C); verifyAddedRawMeasure(FILE_3_REF, SOFTWARE_QUALITY_SECURITY_RATING_KEY, A); verifyAddedRawMeasure(DIRECTORY_REF, SOFTWARE_QUALITY_SECURITY_RATING_KEY, C); @@ -233,6 +233,19 @@ class ReliabilityAndSecurityRatingMeasuresVisitorTest { } @Test + void compute_E_software_quality_reliability_and_security_rating_on_blocker_issue() { + treeRootHolder.setRoot(ROOT_PROJECT); + fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, newImpactIssue(SoftwareQuality.RELIABILITY, Severity.BLOCKER), newImpactIssue(SoftwareQuality.SECURITY, Severity.BLOCKER), + // Should not be taken into account + newImpactIssue(SoftwareQuality.MAINTAINABILITY, Severity.HIGH)); + + underTest.visit(ROOT_PROJECT); + + verifyAddedRawMeasure(PROJECT_REF, SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, E); + verifyAddedRawMeasure(PROJECT_REF, SOFTWARE_QUALITY_SECURITY_RATING_KEY, E); + } + + @Test void compute_D_reliability_and_security_rating_on_critical_issue() { treeRootHolder.setRoot(ROOT_PROJECT); fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, newBugIssue(10L, CRITICAL), newVulnerabilityIssue(15L, CRITICAL), @@ -324,6 +337,19 @@ class ReliabilityAndSecurityRatingMeasuresVisitorTest { } @Test + void compute_A_software_quality_reliability_and_security_rating_on_info_issue() { + treeRootHolder.setRoot(ROOT_PROJECT); + fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, newImpactIssue(SoftwareQuality.RELIABILITY, Severity.INFO), newImpactIssue(SoftwareQuality.SECURITY, Severity.INFO), + // Should not be taken into account + newImpactIssue(SoftwareQuality.MAINTAINABILITY, Severity.HIGH)); + + underTest.visit(ROOT_PROJECT); + + verifyAddedRawMeasure(PROJECT_REF, SOFTWARE_QUALITY_RELIABILITY_RATING_KEY, A); + verifyAddedRawMeasure(PROJECT_REF, SOFTWARE_QUALITY_SECURITY_RATING_KEY, A); + } + + @Test void compute_A_software_quality_reliability_and_security_rating_when_no_issue() { treeRootHolder.setRoot(ROOT_PROJECT); fillComponentIssuesVisitorRule.setIssues(FILE_1_REF, diff --git a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewMeasuresVisitorTest.java b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewMeasuresVisitorTest.java index 8d33cc5ddf5..ef5b6b59f8a 100644 --- a/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewMeasuresVisitorTest.java +++ b/server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/qualitymodel/SecurityReviewMeasuresVisitorTest.java @@ -59,8 +59,6 @@ import static org.sonar.server.measure.Rating.B; import static org.sonar.server.measure.Rating.C; import static org.sonar.server.measure.Rating.D; import static org.sonar.server.measure.Rating.E; -import static org.sonar.core.metric.SoftwareQualitiesMetrics.SOFTWARE_QUALITY_SECURITY_REVIEW_RATING; -import static org.sonar.core.metric.SoftwareQualitiesMetrics.SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY; class SecurityReviewMeasuresVisitorTest { @@ -87,7 +85,6 @@ class SecurityReviewMeasuresVisitorTest { @RegisterExtension private final MetricRepositoryRule metricRepository = new MetricRepositoryRule() .add(SECURITY_REVIEW_RATING) - .add(SOFTWARE_QUALITY_SECURITY_REVIEW_RATING) .add(SECURITY_HOTSPOTS_REVIEWED) .add(SECURITY_HOTSPOTS_REVIEWED_STATUS) .add(SECURITY_HOTSPOTS_TO_REVIEW_STATUS); @@ -115,11 +112,11 @@ class SecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(FILE_2_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(PROJECT_REF, A, A, 100.0); + verifyRatingAndReviewedMeasures(FILE_1_REF, A, 100.0); + verifyRatingAndReviewedMeasures(FILE_2_REF, A, 100.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, A, 100.0); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, A, 100.0); + verifyRatingAndReviewedMeasures(PROJECT_REF, A, 100.0); } @Test @@ -141,11 +138,11 @@ class SecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(FILE_2_REF, A, B, 80.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, A, B, 87.5); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, A, B, 87.5); - verifyRatingAndReviewedMeasures(PROJECT_REF, A, B, 87.5); + verifyRatingAndReviewedMeasures(FILE_1_REF, A, 100.0); + verifyRatingAndReviewedMeasures(FILE_2_REF, A, 80.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, A, 87.5); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, A, 87.5); + verifyRatingAndReviewedMeasures(PROJECT_REF, A, 87.5); } @Test @@ -167,11 +164,11 @@ class SecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, A, A, 100.0); - verifyRatingAndReviewedMeasures(FILE_2_REF, B, B, 71.4); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, B, B, 75.0); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, B, B, 75.0); - verifyRatingAndReviewedMeasures(PROJECT_REF, B, B, 75.0); + verifyRatingAndReviewedMeasures(FILE_1_REF, A, 100.0); + verifyRatingAndReviewedMeasures(FILE_2_REF, B, 71.4); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, B, 75.0); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, B, 75.0); + verifyRatingAndReviewedMeasures(PROJECT_REF, B, 75.0); } @Test @@ -192,11 +189,11 @@ class SecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, C, C,50.0); - verifyRatingAndReviewedMeasures(FILE_2_REF, C, C,60.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, C,C, 57.1); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, C, C,57.1); - verifyRatingAndReviewedMeasures(PROJECT_REF, C, C,57.1); + verifyRatingAndReviewedMeasures(FILE_1_REF, C, 50.0); + verifyRatingAndReviewedMeasures(FILE_2_REF, C, 60.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, C, 57.1); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, C, 57.1); + verifyRatingAndReviewedMeasures(PROJECT_REF, C, 57.1); } @Test @@ -218,11 +215,11 @@ class SecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, D, D,33.3); - verifyRatingAndReviewedMeasures(FILE_2_REF, D, D,40.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, D,D, 37.5); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, D, D,37.5); - verifyRatingAndReviewedMeasures(PROJECT_REF, D, D,37.5); + verifyRatingAndReviewedMeasures(FILE_1_REF, D, 33.3); + verifyRatingAndReviewedMeasures(FILE_2_REF, D, 40.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, D, 37.5); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, D, 37.5); + verifyRatingAndReviewedMeasures(PROJECT_REF, D, 37.5); } @Test @@ -242,11 +239,11 @@ class SecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(FILE_1_REF, D, D,33.3); - verifyRatingAndReviewedMeasures(FILE_2_REF, E, D,0.0); - verifyRatingAndReviewedMeasures(DIRECTORY_REF, E,D, 16.7); - verifyRatingAndReviewedMeasures(ROOT_DIR_REF, E, D,16.7); - verifyRatingAndReviewedMeasures(PROJECT_REF, E, D,16.7); + verifyRatingAndReviewedMeasures(FILE_1_REF, D, 33.3); + verifyRatingAndReviewedMeasures(FILE_2_REF, E, 0.0); + verifyRatingAndReviewedMeasures(DIRECTORY_REF, E, 16.7); + verifyRatingAndReviewedMeasures(ROOT_DIR_REF, E, 16.7); + verifyRatingAndReviewedMeasures(PROJECT_REF, E, 16.7); } @Test @@ -255,7 +252,7 @@ class SecurityReviewMeasuresVisitorTest { underTest.visit(ROOT_PROJECT); - verifyRatingAndReviewedMeasures(PROJECT_REF, A, A,null); + verifyRatingAndReviewedMeasures(PROJECT_REF, A, null); } @Test @@ -292,9 +289,8 @@ class SecurityReviewMeasuresVisitorTest { verifyHotspotStatusMeasures(PROJECT_REF, 0, 0); } - private void verifyRatingAndReviewedMeasures(int componentRef, Rating expectedReviewRating, Rating expectedSoftwareQualityReviewRating, - @Nullable Double expectedHotspotsReviewed) { - verifySecurityReviewRating(componentRef, expectedReviewRating, expectedSoftwareQualityReviewRating); + private void verifyRatingAndReviewedMeasures(int componentRef, Rating expectedReviewRating, @Nullable Double expectedHotspotsReviewed) { + verifySecurityReviewRating(componentRef, expectedReviewRating); if (expectedHotspotsReviewed != null) { verifySecurityHotspotsReviewed(componentRef, expectedHotspotsReviewed); } else { @@ -302,13 +298,10 @@ class SecurityReviewMeasuresVisitorTest { } } - private void verifySecurityReviewRating(int componentRef, Rating rating, Rating softwareQualityRating) { + private void verifySecurityReviewRating(int componentRef, Rating rating) { Measure measure = measureRepository.getAddedRawMeasure(componentRef, SECURITY_REVIEW_RATING_KEY).get(); - Measure softwareQualityMeasure = measureRepository.getAddedRawMeasure(componentRef, SOFTWARE_QUALITY_SECURITY_REVIEW_RATING_KEY).get(); assertThat(measure.getIntValue()).isEqualTo(rating.getIndex()); assertThat(measure.getData()).isEqualTo(rating.name()); - assertThat(softwareQualityMeasure.getIntValue()).isEqualTo(softwareQualityRating.getIndex()); - assertThat(softwareQualityMeasure.getData()).isEqualTo(softwareQualityRating.name()); } private void verifySecurityHotspotsReviewed(int componentRef, double percent) { |