diff options
4 files changed, 26 insertions, 7 deletions
diff --git a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java index 449c272c8df..6a904f15ee5 100644 --- a/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java +++ b/sonar-plugin-api-impl/src/main/java/org/sonar/api/batch/sensor/issue/internal/DefaultExternalIssue.java @@ -44,6 +44,7 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs private RuleType type; private String engineId; private String ruleId; + private String cveId; private Map<SoftwareQuality, org.sonar.api.issue.impact.Severity> impacts = new EnumMap<>(SoftwareQuality.class); private CleanCodeAttribute cleanCodeAttribute; @@ -84,6 +85,10 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs return ruleId; } + public String cveId() { + return cveId; + } + @Override public Severity severity() { return this.severity; @@ -131,6 +136,11 @@ public class DefaultExternalIssue extends AbstractDefaultIssue<DefaultExternalIs return this; } + public NewExternalIssue cveId(String cveId) { + this.cveId = cveId; + return this; + } + @Override public DefaultExternalIssue forRule(RuleKey ruleKey) { this.engineId = ruleKey.repository(); diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java index 66329f4e6ac..d09209bb2c7 100644 --- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java +++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/issue/IssuePublisher.java @@ -37,6 +37,7 @@ import org.sonar.api.batch.sensor.issue.Issue; import org.sonar.api.batch.sensor.issue.Issue.Flow; import org.sonar.api.batch.sensor.issue.MessageFormatting; import org.sonar.api.batch.sensor.issue.NewIssue.FlowType; +import org.sonar.api.batch.sensor.issue.internal.DefaultExternalIssue; import org.sonar.api.batch.sensor.issue.internal.DefaultIssueFlow; import org.sonar.api.issue.impact.SoftwareQuality; import org.sonar.api.rules.CleanCodeAttribute; @@ -88,9 +89,9 @@ public class IssuePublisher { private static boolean noSonar(DefaultInputComponent inputComponent, Issue issue) { TextRange textRange = issue.primaryLocation().textRange(); return inputComponent.isFile() - && textRange != null - && ((DefaultInputFile) inputComponent).hasNoSonarAt(textRange.start().line()) - && !StringUtils.containsIgnoreCase(issue.ruleKey().rule(), "nosonar"); + && textRange != null + && ((DefaultInputFile) inputComponent).hasNoSonarAt(textRange.start().line()) + && !StringUtils.containsIgnoreCase(issue.ruleKey().rule(), "nosonar"); } public void initAndAddExternalIssue(ExternalIssue issue) { @@ -176,7 +177,11 @@ public class IssuePublisher { locationBuilder.setComponentRef(componentRef); TextRange primaryTextRange = issue.primaryLocation().textRange(); - //nullable fields + // nullable fields + var cveId = ((DefaultExternalIssue) issue).cveId(); + if (cveId != null) { + builder.setCveId(cveId); + } CleanCodeAttribute cleanCodeAttribute = issue.cleanCodeAttribute(); if (cleanCodeAttribute != null) { builder.setCleanCodeAttribute(cleanCodeAttribute.name()); diff --git a/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java b/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java index e3f282977fa..5751aada0f8 100644 --- a/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java +++ b/sonar-scanner-engine/src/testFixtures/java/org/sonar/scanner/mediumtest/AnalysisResult.java @@ -199,6 +199,10 @@ public class AnalysisResult implements AnalysisObserver { return readFromReport(ScannerReportReader::readAdHocRules); } + public List<ScannerReport.Cve> cves() { + return readFromReport(ScannerReportReader::readCves); + } + @NotNull private <G> List<G> readFromReport(InputComponent component, BiFunction<ScannerReportReader, Integer, CloseableIterator<G>> readerMethod) { int ref = ((DefaultInputComponent) component).scannerId(); diff --git a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto index fddf8881f31..0a3fa17c4ee 100644 --- a/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto +++ b/sonar-scanner-protocol/src/main/protobuf/scanner_report.proto @@ -216,7 +216,7 @@ message ExternalIssue { repeated MessageFormatting msgFormatting = 9; repeated Impact impacts = 10; optional string cleanCodeAttribute = 11; - + optional string cve_id = 12; } message AdHocRule { @@ -234,8 +234,8 @@ message Cve { string cve_id = 1; string description = 2; float cvss_score = 3; - float epss_score = 4; - float epss_percentile = 5; + optional float epss_score = 4; + optional float epss_percentile = 5; int64 published_date = 6; int64 last_modified_date = 7; repeated string cwe = 8; |