diff options
| author | Julien Lancelot <julien.lancelot@sonarsource.com> | 2019-04-10 21:53:15 +0200 |
|---|---|---|
| committer | SonarTech <sonartech@sonarsource.com> | 2019-04-23 20:21:11 +0200 |
| commit | 77c27da687c874ec2cc7bfd393da22222fd55be8 (patch) | |
| tree | d9fb7954e5ce21794a02733e2aeb5f0ed1318e8a /server/sonar-server | |
| parent | 1ba4c3bf9883421bca6fe6914a41462f9694e7fb (diff) | |
| download | sonarqube-77c27da687c874ec2cc7bfd393da22222fd55be8.tar.gz sonarqube-77c27da687c874ec2cc7bfd393da22222fd55be8.zip | |
SONAR-11885 Fix computation of security_hotspots measures
* SONAR-11892 Reorganize ITs
* SONAR-11892 Do not include resolved security hotspots in measure
* SONAR-11892 Update security_hotspots measures in live
Diffstat (limited to 'server/sonar-server')
3 files changed, 57 insertions, 17 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueCounter.java b/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueCounter.java index cc5a70792f4..250629129b8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueCounter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueCounter.java @@ -45,6 +45,14 @@ class IssueCounter { IssueCounter(Collection<IssueGroupDto> groups) { for (IssueGroupDto group : groups) { RuleType ruleType = RuleType.valueOf(group.getRuleType()); + if (ruleType.equals(SECURITY_HOTSPOT)) { + if (group.getResolution() == null) { + unresolvedByType + .computeIfAbsent(SECURITY_HOTSPOT, k -> new Count()) + .add(group); + } + continue; + } if (group.getResolution() == null) { highestSeverityOfUnresolved .computeIfAbsent(ruleType, k -> new HighestSeverity()) @@ -117,11 +125,9 @@ class IssueCounter { private long leak = 0L; void add(IssueGroupDto group) { - if (group.getRuleType() != SECURITY_HOTSPOT.getDbConstant()) { - absolute += group.getCount(); - if (group.isInLeak()) { - leak += group.getCount(); - } + absolute += group.getCount(); + if (group.isInLeak()) { + leak += group.getCount(); } } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImpl.java b/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImpl.java index 4607b856627..f3b900c1cce 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImpl.java +++ b/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImpl.java @@ -44,6 +44,9 @@ public class IssueMetricFormulaFactoryImpl implements IssueMetricFormulaFactory new IssueMetricFormula(CoreMetrics.VULNERABILITIES, false, (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.VULNERABILITY, false))), + new IssueMetricFormula(CoreMetrics.SECURITY_HOTSPOTS, false, + (context, issues) -> context.setValue(issues.countUnresolvedByType(RuleType.SECURITY_HOTSPOT, false))), + new IssueMetricFormula(CoreMetrics.VIOLATIONS, false, (context, issues) -> context.setValue(issues.countUnresolved(false))), @@ -113,6 +116,9 @@ public class IssueMetricFormulaFactoryImpl implements IssueMetricFormulaFactory new IssueMetricFormula(CoreMetrics.NEW_VULNERABILITIES, true, (context, issues) -> context.setLeakValue(issues.countUnresolvedByType(RuleType.VULNERABILITY, true))), + new IssueMetricFormula(CoreMetrics.NEW_SECURITY_HOTSPOTS, true, + (context, issues) -> context.setLeakValue(issues.countUnresolvedByType(RuleType.SECURITY_HOTSPOT, true))), + new IssueMetricFormula(CoreMetrics.NEW_VIOLATIONS, true, (context, issues) -> context.setLeakValue(issues.countUnresolved(true))), diff --git a/server/sonar-server/src/test/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImplTest.java b/server/sonar-server/src/test/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImplTest.java index 38fc5e2bf87..7a916eb7532 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImplTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImplTest.java @@ -111,6 +111,19 @@ public class IssueMetricFormulaFactoryImplTest { } @Test + public void test_security_hotspots() { + withNoIssues().assertThatValueIs(CoreMetrics.SECURITY_HOTSPOTS, 0); + with( + newGroup(RuleType.SECURITY_HOTSPOT).setSeverity(Severity.MAJOR).setCount(3), + newGroup(RuleType.SECURITY_HOTSPOT).setSeverity(Severity.CRITICAL).setCount(5), + // exclude resolved + newResolvedGroup(RuleType.SECURITY_HOTSPOT).setCount(7), + // not hotspots + newGroup(RuleType.BUG).setCount(11)) + .assertThatValueIs(CoreMetrics.SECURITY_HOTSPOTS, 3 + 5); + } + + @Test public void count_unresolved_by_severity() { withNoIssues() .assertThatValueIs(CoreMetrics.BLOCKER_VIOLATIONS, 0) @@ -130,7 +143,8 @@ public class IssueMetricFormulaFactoryImplTest { newGroup(RuleType.CODE_SMELL).setSeverity(Severity.BLOCKER).setInLeak(true).setCount(13), // exclude resolved newResolvedGroup(RuleType.VULNERABILITY).setSeverity(Severity.INFO).setCount(17), - newResolvedGroup(RuleType.BUG).setSeverity(Severity.MAJOR).setCount(19)) + newResolvedGroup(RuleType.BUG).setSeverity(Severity.MAJOR).setCount(19), + newResolvedGroup(RuleType.SECURITY_HOTSPOT).setSeverity(Severity.INFO).setCount(21)) .assertThatValueIs(CoreMetrics.BLOCKER_VIOLATIONS, 11 + 13) .assertThatValueIs(CoreMetrics.CRITICAL_VIOLATIONS, 7) .assertThatValueIs(CoreMetrics.MAJOR_VIOLATIONS, 3 + 5) @@ -423,6 +437,20 @@ public class IssueMetricFormulaFactoryImplTest { } @Test + public void test_new_security_hotspots() { + withNoIssues().assertThatLeakValueIs(CoreMetrics.NEW_SECURITY_HOTSPOTS, 0.0); + + with( + newGroup(RuleType.SECURITY_HOTSPOT).setInLeak(false).setSeverity(Severity.MAJOR).setCount(3), + newGroup(RuleType.SECURITY_HOTSPOT).setInLeak(true).setSeverity(Severity.CRITICAL).setCount(5), + newGroup(RuleType.SECURITY_HOTSPOT).setInLeak(true).setSeverity(Severity.MINOR).setCount(7), + // not hotspots + newGroup(RuleType.BUG).setInLeak(true).setCount(9), + newGroup(RuleType.CODE_SMELL).setInLeak(true).setCount(11)) + .assertThatLeakValueIs(CoreMetrics.NEW_SECURITY_HOTSPOTS, 5 + 7); + } + + @Test public void test_new_violations() { withNoIssues().assertThatLeakValueIs(CoreMetrics.NEW_VIOLATIONS, 0.0); @@ -468,7 +496,7 @@ public class IssueMetricFormulaFactoryImplTest { // not in leak newGroup(RuleType.CODE_SMELL).setSeverity(Severity.CRITICAL).setInLeak(false).setCount(11), newGroup(RuleType.BUG).setSeverity(Severity.CRITICAL).setInLeak(false).setCount(13)) - .assertThatLeakValueIs(CoreMetrics.NEW_CRITICAL_VIOLATIONS, 3 + 5 + 7); + .assertThatLeakValueIs(CoreMetrics.NEW_CRITICAL_VIOLATIONS, 3 + 5 + 7); } @Test @@ -485,7 +513,7 @@ public class IssueMetricFormulaFactoryImplTest { // not in leak newGroup(RuleType.CODE_SMELL).setSeverity(Severity.MAJOR).setInLeak(false).setCount(11), newGroup(RuleType.BUG).setSeverity(Severity.MAJOR).setInLeak(false).setCount(13)) - .assertThatLeakValueIs(CoreMetrics.NEW_MAJOR_VIOLATIONS, 3 + 5 + 7); + .assertThatLeakValueIs(CoreMetrics.NEW_MAJOR_VIOLATIONS, 3 + 5 + 7); } @Test @@ -502,7 +530,7 @@ public class IssueMetricFormulaFactoryImplTest { // not in leak newGroup(RuleType.CODE_SMELL).setSeverity(Severity.MINOR).setInLeak(false).setCount(11), newGroup(RuleType.BUG).setSeverity(Severity.MINOR).setInLeak(false).setCount(13)) - .assertThatLeakValueIs(CoreMetrics.NEW_MINOR_VIOLATIONS, 3 + 5 + 7); + .assertThatLeakValueIs(CoreMetrics.NEW_MINOR_VIOLATIONS, 3 + 5 + 7); } @Test @@ -519,7 +547,7 @@ public class IssueMetricFormulaFactoryImplTest { // not in leak newGroup(RuleType.CODE_SMELL).setSeverity(Severity.INFO).setInLeak(false).setCount(11), newGroup(RuleType.BUG).setSeverity(Severity.INFO).setInLeak(false).setCount(13)) - .assertThatLeakValueIs(CoreMetrics.NEW_INFO_VIOLATIONS, 3 + 5 + 7); + .assertThatLeakValueIs(CoreMetrics.NEW_INFO_VIOLATIONS, 3 + 5 + 7); } @Test @@ -535,7 +563,7 @@ public class IssueMetricFormulaFactoryImplTest { newGroup(RuleType.BUG).setEffort(7.0).setInLeak(true), // exclude resolved newResolvedGroup(RuleType.CODE_SMELL).setEffort(17.0).setInLeak(true)) - .assertThatLeakValueIs(CoreMetrics.NEW_TECHNICAL_DEBT, 3.0); + .assertThatLeakValueIs(CoreMetrics.NEW_TECHNICAL_DEBT, 3.0); } @Test @@ -550,7 +578,7 @@ public class IssueMetricFormulaFactoryImplTest { newGroup(RuleType.CODE_SMELL).setEffort(7.0).setInLeak(true), // exclude resolved newResolvedGroup(RuleType.BUG).setEffort(17.0).setInLeak(true)) - .assertThatLeakValueIs(CoreMetrics.NEW_RELIABILITY_REMEDIATION_EFFORT, 3.0); + .assertThatLeakValueIs(CoreMetrics.NEW_RELIABILITY_REMEDIATION_EFFORT, 3.0); } @Test @@ -565,7 +593,7 @@ public class IssueMetricFormulaFactoryImplTest { newGroup(RuleType.CODE_SMELL).setEffort(7.0).setInLeak(true), // exclude resolved newResolvedGroup(RuleType.VULNERABILITY).setEffort(17.0).setInLeak(true)) - .assertThatLeakValueIs(CoreMetrics.NEW_SECURITY_REMEDIATION_EFFORT, 3.0); + .assertThatLeakValueIs(CoreMetrics.NEW_SECURITY_REMEDIATION_EFFORT, 3.0); } @Test @@ -581,8 +609,8 @@ public class IssueMetricFormulaFactoryImplTest { newGroup(RuleType.CODE_SMELL).setSeverity(Severity.BLOCKER).setInLeak(true), // exclude resolved newResolvedGroup(RuleType.BUG).setSeverity(Severity.BLOCKER).setInLeak(true)) - // highest severity of bugs on leak period is minor -> B - .assertThatLeakValueIs(CoreMetrics.NEW_RELIABILITY_RATING, Rating.B); + // highest severity of bugs on leak period is minor -> B + .assertThatLeakValueIs(CoreMetrics.NEW_RELIABILITY_RATING, Rating.B); } @Test @@ -598,8 +626,8 @@ public class IssueMetricFormulaFactoryImplTest { newGroup(RuleType.CODE_SMELL).setSeverity(Severity.BLOCKER).setInLeak(true), // exclude resolved newResolvedGroup(RuleType.VULNERABILITY).setSeverity(Severity.BLOCKER).setInLeak(true)) - // highest severity of bugs on leak period is minor -> B - .assertThatLeakValueIs(CoreMetrics.NEW_SECURITY_RATING, Rating.B); + // highest severity of bugs on leak period is minor -> B + .assertThatLeakValueIs(CoreMetrics.NEW_SECURITY_RATING, Rating.B); } @Test |