SONAR-12131 Compute Security Review Rating measures on projects

* Compute Security Review Rating measures on projects * Live update Security Review Rating measures
author: Julien Lancelot <julien.lancelot@sonarsource.com> 2019-06-05 11:51:31 +0200
committer: SonarTech <sonartech@sonarsource.com> 2019-06-14 20:21:10 +0200
commit: f6028da2015f64cb71146b1c8736e800c9ed7b54 (patch)
tree: 20462b8054ac13eb5ee7e98edfc954e4f83ddf01 /server/sonar-server
parent: 00e91c1362a5c02384ba9145ad02d9289ba5e686 (diff)
download: sonarqube-f6028da2015f64cb71146b1c8736e800c9ed7b54.tar.gz
sonarqube-f6028da2015f64cb71146b1c8736e800c9ed7b54.zip
2 files changed, 15 insertions, 0 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImpl.java b/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImpl.java
index f3b900c1cce..e7bb34eecbb 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImpl.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImpl.java
@@ -28,6 +28,7 @@ import org.sonar.api.measures.Metric;
 import org.sonar.api.rule.Severity;
 import org.sonar.api.rules.RuleType;
 import org.sonar.server.measure.Rating;
+import org.sonar.server.security.SecurityReviewRating;
 
 import static java.util.Arrays.asList;
 import static org.sonar.server.measure.Rating.RATING_BY_SEVERITY;
@@ -107,6 +108,11 @@ public class IssueMetricFormulaFactoryImpl implements IssueMetricFormulaFactory
     new IssueMetricFormula(CoreMetrics.SECURITY_RATING, false,
       (context, issues) -> context.setValue(RATING_BY_SEVERITY.get(issues.getHighestSeverityOfUnresolved(RuleType.VULNERABILITY, false).orElse(Severity.INFO)))),
 
+    new IssueMetricFormula(CoreMetrics.SECURITY_REVIEW_RATING, false,
+      (context, issues) -> context.setValue(SecurityReviewRating.compute(context.getValue(CoreMetrics.NCLOC).orElse(0d).intValue(),
+        context.getValue(CoreMetrics.SECURITY_HOTSPOTS).orElse(0d).intValue())),
+      asList(CoreMetrics.NCLOC, CoreMetrics.SECURITY_HOTSPOTS)),
+
     new IssueMetricFormula(CoreMetrics.NEW_CODE_SMELLS, true,
       (context, issues) -> context.setLeakValue(issues.countUnresolvedByType(RuleType.CODE_SMELL, true))),
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImplTest.java b/server/sonar-server/src/test/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImplTest.java
index 7a916eb7532..5051f4305f7 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImplTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/measure/live/IssueMetricFormulaFactoryImplTest.java
@@ -124,6 +124,15 @@ public class IssueMetricFormulaFactoryImplTest {
   }
 
   @Test
+  public void test_security_review_rating() {
+    withNoIssues().assertThatValueIs(CoreMetrics.SECURITY_REVIEW_RATING, Rating.A);
+
+    with(CoreMetrics.SECURITY_HOTSPOTS, 12.0)
+      .and(CoreMetrics.NCLOC, 1000.0)
+      .assertThatValueIs(CoreMetrics.SECURITY_REVIEW_RATING, Rating.C);
+  }
+
+  @Test
   public void count_unresolved_by_severity() {
     withNoIssues()
       .assertThatValueIs(CoreMetrics.BLOCKER_VIOLATIONS, 0)
author	Julien Lancelot <julien.lancelot@sonarsource.com>	2019-06-05 11:51:31 +0200
committer	SonarTech <sonartech@sonarsource.com>	2019-06-14 20:21:10 +0200
commit	f6028da2015f64cb71146b1c8736e800c9ed7b54 (patch)
tree	20462b8054ac13eb5ee7e98edfc954e4f83ddf01 /server/sonar-server
parent	00e91c1362a5c02384ba9145ad02d9289ba5e686 (diff)
download	sonarqube-f6028da2015f64cb71146b1c8736e800c9ed7b54.tar.gz sonarqube-f6028da2015f64cb71146b1c8736e800c9ed7b54.zip