aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-scanner-protocol
diff options
context:
space:
mode:
authorJulien HENRY <julien.henry@sonarsource.com>2024-10-10 16:18:16 +0200
committersonartech <sonartech@sonarsource.com>2024-10-21 20:03:59 +0000
commit67768656bfe3462a6554ffc236da801cffd20f54 (patch)
tree679a49a4e06a84fe9f18c81eae578959fdf0d0e9 /sonar-scanner-protocol
parentdd9ebd6a6f4b59c38ce1f1ca494f1d4231291513 (diff)
downloadsonarqube-67768656bfe3462a6554ffc236da801cffd20f54.tar.gz
sonarqube-67768656bfe3462a6554ffc236da801cffd20f54.zip
SONAR-23098 Add dependencies to the scanner report
Diffstat (limited to 'sonar-scanner-protocol')
-rw-r--r--sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java10
-rw-r--r--sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java4
-rw-r--r--sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java8
-rw-r--r--sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java5
-rw-r--r--sonar-scanner-protocol/src/main/protobuf/scanner_report.proto10
-rw-r--r--sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java25
6 files changed, 57 insertions, 5 deletions
diff --git a/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java b/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java
index 7aa0556e55a..0ceaaca8673 100644
--- a/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java
+++ b/sonar-scanner-protocol/src/it/java/org/sonar/scanner/protocol/output/ScannerReportReaderIT.java
@@ -370,6 +370,16 @@ public class ScannerReportReaderIT {
}
@Test
+ public void read_dependencies() {
+ ScannerReportWriter writer = new ScannerReportWriter(fileStructure);
+ ScannerReport.Dependency dep = ScannerReport.Dependency.newBuilder()
+ .build();
+ writer.appendDependency(dep);
+
+ assertThat(underTest.readDependencies()).toIterable().hasSize(1);
+ }
+
+ @Test
public void return_null_when_no_file_source() {
assertThat(underTest.readFileSource(UNKNOWN_COMPONENT_REF)).isNull();
}
diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java
index 686b7d20066..5c59f112838 100644
--- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java
+++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/FileStructure.java
@@ -102,6 +102,10 @@ public class FileStructure {
return new File(dir, "analysis-warnings.pb");
}
+ public File dependencies() {
+ return new File(dir, "dependencies.pb");
+ }
+
public File root() {
return dir;
}
diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java
index 807509a83fb..6e48f5b7809 100644
--- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java
+++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportReader.java
@@ -226,6 +226,14 @@ public class ScannerReportReader {
return Protobuf.readStream(file, ScannerReport.AnalysisWarning.parser());
}
+ public CloseableIterator<ScannerReport.Dependency> readDependencies() {
+ File file = fileStructure.dependencies();
+ if (!fileExists(file)) {
+ return emptyCloseableIterator();
+ }
+ return Protobuf.readStream(file, ScannerReport.Dependency.parser());
+ }
+
private static boolean fileExists(File file) {
return file.exists() && file.isFile();
}
diff --git a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java
index ad4720cbb5f..1c202ab8605 100644
--- a/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java
+++ b/sonar-scanner-protocol/src/main/java/org/sonar/scanner/protocol/output/ScannerReportWriter.java
@@ -169,6 +169,11 @@ public class ScannerReportWriter {
return file;
}
+ public void appendDependency(ScannerReport.Dependency dependency) {
+ File file = fileStructure.dependencies();
+ appendDelimitedTo(file, dependency, "dependency");
+ }
+
public File getSourceFile(int componentRef) {
return fileStructure.fileFor(FileStructure.Domain.SOURCE, componentRef);
}
diff --git a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
index b7c1d3d5064..fb7ebb72f7f 100644
--- a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
+++ b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto
@@ -388,3 +388,13 @@ message Impact {
string software_quality = 1;
string severity = 2;
}
+
+message Dependency {
+ string key = 1;
+ string name = 2;
+ optional string package_manager = 3;
+ optional string full_name = 4;
+ optional string description = 5;
+ optional string version = 6;
+ repeated string parent_dependency_key = 7;
+} \ No newline at end of file
diff --git a/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java b/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java
index 1dd80d25714..61d81401f16 100644
--- a/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java
+++ b/sonar-scanner-protocol/src/test/java/org/sonar/scanner/protocol/output/ScannerReportWriterTest.java
@@ -128,8 +128,6 @@ class ScannerReportWriterTest {
@Test
void write_adhoc_rule() {
-
- // write data
ScannerReport.AdHocRule rule = ScannerReport.AdHocRule.newBuilder()
.setEngineId("eslint")
.setRuleId("123")
@@ -149,8 +147,6 @@ class ScannerReportWriterTest {
@Test
void write_cve() {
-
- // write data
ScannerReport.Cve cve = ScannerReport.Cve.newBuilder()
.setCveId("CVE-2023-20863")
.setDescription("In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a" +
@@ -368,7 +364,6 @@ class ScannerReportWriterTest {
@Test
void write_telemetry() {
-
List<ScannerReport.TelemetryEntry> input = List.of(
ScannerReport.TelemetryEntry.newBuilder()
.setKey("key")
@@ -387,4 +382,24 @@ class ScannerReportWriterTest {
.hasSize(input.size());
}
}
+
+ @Test
+ void write_dependencies() {
+ ScannerReport.Dependency dependency = ScannerReport.Dependency.newBuilder()
+ .setKey("mvn+com.fasterxml.jackson.core:jackson-databind$2.9.7")
+ .setName("jackson-databind")
+ .setFullName("com.fasterxml.jackson.core:jackson-databind")
+ .setDescription("General data-binding functionality for Jackson: works on core streaming API")
+ .setVersion("2.9.7")
+ .addParentDependencyKey("mvn+org.springframework:spring-webmvc$5.1.3.RELEASE")
+ .build();
+ underTest.appendDependency(dependency);
+
+ File file = underTest.getFileStructure().dependencies();
+ assertThat(file).exists().isFile();
+ try (CloseableIterator<ScannerReport.Dependency> read = Protobuf.readStream(file, ScannerReport.Dependency.parser())) {
+ assertThat(Iterators.size(read)).isOne();
+ }
+ }
+
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-03 19:14:35 +0000