diff options
Diffstat (limited to 'server/sonar-db-dao/src/main/java/org')
64 files changed, 344 insertions, 2595 deletions
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java index 23ee064c592..02986d9c4c6 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java @@ -88,13 +88,6 @@ import org.sonar.db.report.ReportSubscriptionDao; import org.sonar.db.rule.RuleChangeDao; import org.sonar.db.rule.RuleDao; import org.sonar.db.rule.RuleRepositoryDao; -import org.sonar.db.sca.ScaDependenciesDao; -import org.sonar.db.sca.ScaIssuesDao; -import org.sonar.db.sca.ScaIssuesReleasesDao; -import org.sonar.db.sca.ScaIssuesReleasesDetailsDao; -import org.sonar.db.sca.ScaReleasesDao; -import org.sonar.db.sca.ScaReleasesDependenciesDao; -import org.sonar.db.sca.ScaVulnerabilityIssuesDao; import org.sonar.db.scannercache.ScannerAnalysisCacheDao; import org.sonar.db.schemamigration.SchemaMigrationDao; import org.sonar.db.scim.ScimGroupDao; @@ -156,7 +149,6 @@ public class DaoModule extends Module { IssueChangeDao.class, IssueDao.class, IssueFixedDao.class, - ScaIssuesReleasesDetailsDao.class, MeasureDao.class, ProjectMeasureDao.class, MetricDao.class, @@ -192,12 +184,6 @@ public class DaoModule extends Module { RuleChangeDao.class, RuleRepositoryDao.class, SamlMessageIdDao.class, - ScaDependenciesDao.class, - ScaIssuesDao.class, - ScaIssuesReleasesDao.class, - ScaReleasesDao.class, - ScaReleasesDependenciesDao.class, - ScaVulnerabilityIssuesDao.class, ScannerAnalysisCacheDao.class, SchemaMigrationDao.class, ScimGroupDao.class, diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java index ed5319a5ec9..ec1fc6884b1 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java @@ -88,13 +88,6 @@ import org.sonar.db.report.ReportSubscriptionDao; import org.sonar.db.rule.RuleChangeDao; import org.sonar.db.rule.RuleDao; import org.sonar.db.rule.RuleRepositoryDao; -import org.sonar.db.sca.ScaDependenciesDao; -import org.sonar.db.sca.ScaIssuesDao; -import org.sonar.db.sca.ScaIssuesReleasesDao; -import org.sonar.db.sca.ScaIssuesReleasesDetailsDao; -import org.sonar.db.sca.ScaReleasesDao; -import org.sonar.db.sca.ScaReleasesDependenciesDao; -import org.sonar.db.sca.ScaVulnerabilityIssuesDao; import org.sonar.db.scannercache.ScannerAnalysisCacheDao; import org.sonar.db.schemamigration.SchemaMigrationDao; import org.sonar.db.scim.ScimGroupDao; @@ -207,13 +200,6 @@ public class DbClient { private final ProjectExportDao projectExportDao; private final IssueFixedDao issueFixedDao; private final TelemetryMetricsSentDao telemetryMetricsSentDao; - private final ScaReleasesDao scaReleasesDao; - private final ScaDependenciesDao scaDependenciesDao; - private final ScaReleasesDependenciesDao scaReleasesDependenciesDao; - private final ScaIssuesDao scaIssuesDao; - private final ScaIssuesReleasesDao scaIssuesReleasesDao; - private final ScaVulnerabilityIssuesDao scaVulnerabilityIssuesDao; - private final ScaIssuesReleasesDetailsDao scaIssuesReleasesDetailsDao; public DbClient(Database database, MyBatis myBatis, DBSessions dbSessions, Dao... daos) { this.database = database; @@ -310,13 +296,6 @@ public class DbClient { projectExportDao = getDao(map, ProjectExportDao.class); issueFixedDao = getDao(map, IssueFixedDao.class); telemetryMetricsSentDao = getDao(map, TelemetryMetricsSentDao.class); - scaReleasesDao = getDao(map, ScaReleasesDao.class); - scaDependenciesDao = getDao(map, ScaDependenciesDao.class); - scaReleasesDependenciesDao = getDao(map, ScaReleasesDependenciesDao.class); - scaIssuesDao = getDao(map, ScaIssuesDao.class); - scaIssuesReleasesDao = getDao(map, ScaIssuesReleasesDao.class); - scaVulnerabilityIssuesDao = getDao(map, ScaVulnerabilityIssuesDao.class); - scaIssuesReleasesDetailsDao = getDao(map, ScaIssuesReleasesDetailsDao.class); } public DbSession openSession(boolean batch) { @@ -680,32 +659,4 @@ public class DbClient { public ProjectExportDao projectExportDao() { return projectExportDao; } - - public ScaReleasesDao scaReleasesDao() { - return scaReleasesDao; - } - - public ScaDependenciesDao scaDependenciesDao() { - return scaDependenciesDao; - } - - public ScaReleasesDependenciesDao scaReleasesDependenciesDao() { - return scaReleasesDependenciesDao; - } - - public ScaIssuesDao scaIssuesDao() { - return scaIssuesDao; - } - - public ScaIssuesReleasesDao scaIssuesReleasesDao() { - return scaIssuesReleasesDao; - } - - public ScaVulnerabilityIssuesDao scaVulnerabilityIssuesDao() { - return scaVulnerabilityIssuesDao; - } - - public ScaIssuesReleasesDetailsDao scaIssuesReleasesDetailsDao() { - return scaIssuesReleasesDetailsDao; - } } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java index cb67f4a4b65..334ad5a5cdf 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java @@ -151,13 +151,6 @@ import org.sonar.db.rule.RuleChangeMapper; import org.sonar.db.rule.RuleMapper; import org.sonar.db.rule.RuleParamDto; import org.sonar.db.rule.RuleRepositoryMapper; -import org.sonar.db.sca.ScaDependenciesMapper; -import org.sonar.db.sca.ScaDependencyDto; -import org.sonar.db.sca.ScaIssuesMapper; -import org.sonar.db.sca.ScaIssuesReleasesDetailsMapper; -import org.sonar.db.sca.ScaIssuesReleasesMapper; -import org.sonar.db.sca.ScaReleasesMapper; -import org.sonar.db.sca.ScaVulnerabilityIssuesMapper; import org.sonar.db.scannercache.ScannerAnalysisCacheMapper; import org.sonar.db.schemamigration.SchemaMigrationDto; import org.sonar.db.schemamigration.SchemaMigrationMapper; @@ -258,7 +251,6 @@ public class MyBatis { confBuilder.loadAlias("QualityGate", QualityGateDto.class); confBuilder.loadAlias("Resource", ResourceDto.class); confBuilder.loadAlias("RuleParam", RuleParamDto.class); - confBuilder.loadAlias("ScaDependency", ScaDependencyDto.class); confBuilder.loadAlias("SchemaMigration", SchemaMigrationDto.class); confBuilder.loadAlias("ScrapProperty", ScrapPropertyDto.class); confBuilder.loadAlias("ScrapAnalysisProperty", ScrapAnalysisPropertyDto.class); @@ -347,12 +339,6 @@ public class MyBatis { RuleChangeMapper.class, RuleRepositoryMapper.class, SamlMessageIdMapper.class, - ScaDependenciesMapper.class, - ScaIssuesMapper.class, - ScaIssuesReleasesMapper.class, - ScaIssuesReleasesDetailsMapper.class, - ScaReleasesMapper.class, - ScaVulnerabilityIssuesMapper.class, ScannerAnalysisCacheMapper.class, SchemaMigrationMapper.class, ScimGroupMapper.class, diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/alm/setting/ProjectAlmSettingDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/alm/setting/ProjectAlmSettingDto.java index 95f83df37d7..2d0e5766eb9 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/alm/setting/ProjectAlmSettingDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/alm/setting/ProjectAlmSettingDto.java @@ -19,6 +19,7 @@ */ package org.sonar.db.alm.setting; +import java.util.Objects; import javax.annotation.CheckForNull; import javax.annotation.Nullable; @@ -165,5 +166,21 @@ public class ProjectAlmSettingDto { this.createdAt = createdAt; } + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ProjectAlmSettingDto that = (ProjectAlmSettingDto) o; + return Objects.equals(uuid, that.uuid); + } + + @Override + public int hashCode() { + return Objects.hash(uuid); + } } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/alm/setting/ProjectAlmSettingQuery.java b/server/sonar-db-dao/src/main/java/org/sonar/db/alm/setting/ProjectAlmSettingQuery.java index ea3d8fd1b47..54c7f6621f5 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/alm/setting/ProjectAlmSettingQuery.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/alm/setting/ProjectAlmSettingQuery.java @@ -21,6 +21,73 @@ package org.sonar.db.alm.setting; import javax.annotation.Nullable; -public record ProjectAlmSettingQuery(@Nullable String repository, @Nullable String almSettingUuid -) { +public record ProjectAlmSettingQuery( + @Nullable String repository, + @Nullable String almSettingUuid, + @Nullable String almRepo, + @Nullable String almSlug) { + + // Existing constructor for backward compatibility (repository search in both alm_repo and alm_slug) + public ProjectAlmSettingQuery(String repository, String almSettingUuid) { + this(repository, almSettingUuid, null, null); + } + + public static Builder builder() { + return new Builder(); + } + + public static class Builder { + private String repository; + private String almSettingUuid; + private String almRepo; + private String almSlug; + + private Builder() { + } + + public Builder repository(String repository) { + if (almRepo != null || almSlug != null) { + throw new IllegalStateException("Cannot use repository with almRepo or almSlug"); + } + this.repository = repository; + return this; + } + + public Builder almSettingUuid(String almSettingUuid) { + if (almRepo != null || almSlug != null) { + throw new IllegalStateException("Cannot use almSettingUuid with almRepo or almSlug"); + } + this.almSettingUuid = almSettingUuid; + return this; + } + + public Builder almRepo(String almRepo) { + if (repository != null || almSettingUuid != null) { + throw new IllegalStateException("Cannot use almRepo with repository or almSettingUuid"); + } + this.almRepo = almRepo; + return this; + } + + public Builder almSlug(String almSlug) { + if (repository != null || almSettingUuid != null) { + throw new IllegalStateException("Cannot use almSlug with repository or almSettingUuid"); + } + this.almSlug = almSlug; + return this; + } + + public ProjectAlmSettingQuery build() { + return new ProjectAlmSettingQuery(repository, almSettingUuid, almRepo, almSlug); + } + } + + public static ProjectAlmSettingQuery forAlmRepo(String almRepo) { + return builder().almRepo(almRepo).build(); + } + + public static ProjectAlmSettingQuery forAlmRepoAndSlug(String almRepo, String almSlug) { + return builder().almRepo(almRepo).almSlug(almSlug).build(); + } + } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/component/BranchDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/component/BranchDao.java index 1f72e4a4002..faa712d555d 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/component/BranchDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/component/BranchDao.java @@ -214,4 +214,8 @@ public class BranchDao implements Dao { public List<BranchDto> selectMainBranchesAssociatedToDefaultQualityProfile(DbSession dbSession) { return mapper(dbSession).selectMainBranchesAssociatedToDefaultQualityProfile(); } + + public List<BranchDto> selectPullRequestsTargetingBranch(DbSession dbSession, String projectUuid, String branchUuid) { + return mapper(dbSession).selectPullRequestsTargetingBranch(projectUuid, branchUuid); + } } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/component/BranchMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/component/BranchMapper.java index 04c4642834f..dbd11313580 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/component/BranchMapper.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/component/BranchMapper.java @@ -81,4 +81,6 @@ public interface BranchMapper { List<BranchDto> selectMainBranches(); List<BranchDto> selectMainBranchesAssociatedToDefaultQualityProfile(); + + List<BranchDto> selectPullRequestsTargetingBranch(@Param("projectUuid") String projectUuid, @Param("branchUuid") String branchUuid); } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueDto.java index 61f2b6d96c6..1e58c75dc36 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueDto.java @@ -42,7 +42,7 @@ import org.sonar.api.issue.impact.Severity; import org.sonar.api.issue.impact.SoftwareQuality; import org.sonar.api.rule.RuleKey; import org.sonar.api.rules.CleanCodeAttribute; -import org.sonar.api.rules.RuleType; +import org.sonar.core.rule.RuleType; import org.sonar.api.utils.Duration; import org.sonar.core.issue.DefaultIssue; import org.sonar.db.component.ComponentDto; @@ -877,7 +877,7 @@ public final class IssueDto implements Serializable { public DefaultIssue toDefaultIssue() { DefaultIssue issue = new DefaultIssue(); issue.setKey(kee); - issue.setType(RuleType.valueOf(type)); + issue.setType(RuleType.fromDbConstant(type)); issue.setStatus(status); issue.setResolution(resolution); issue.setMessage(message); diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/AuthorizationDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/AuthorizationDao.java index 1402b8cadd0..85dd8c651e9 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/AuthorizationDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/AuthorizationDao.java @@ -126,6 +126,10 @@ public class AuthorizationDao implements Dao { return mapper(dbSession).countUsersWithGlobalPermissionExcludingUserPermission(permission, userUuid); } + public Set<String> keepAuthorizedEntityUuids(DbSession dbSession, Collection<String> entityUuids, @Nullable String userUuid, ProjectPermission permission) { + return keepAuthorizedEntityUuids(dbSession, entityUuids, userUuid, permission.getKey()); + } + public Set<String> keepAuthorizedEntityUuids(DbSession dbSession, Collection<String> entityUuids, @Nullable String userUuid, String permission) { return executeLargeInputsIntoSet( entityUuids, @@ -142,10 +146,15 @@ public class AuthorizationDao implements Dao { * Keep only authorized user that have the given permission on a given entity. * Please Note that if the permission is 'Anyone' is NOT taking into account by this method. */ - public Collection<String> keepAuthorizedUsersForRoleAndEntity(DbSession dbSession, Collection<String> userUuids, String role, String entityUuid) { + public Collection<String> keepAuthorizedUsersForRoleAndEntity(DbSession dbSession, Collection<String> userUuids, ProjectPermission permission, String entityUuid) { + return keepAuthorizedUsersForRoleAndEntity(dbSession, userUuids, permission.getKey(), entityUuid); + } + + + public Collection<String> keepAuthorizedUsersForRoleAndEntity(DbSession dbSession, Collection<String> userUuids, String permission, String entityUuid) { return executeLargeInputs( userUuids, - partitionOfIds -> mapper(dbSession).keepAuthorizedUsersForRoleAndEntity(role, entityUuid, partitionOfIds), + partitionOfIds -> mapper(dbSession).keepAuthorizedUsersForRoleAndEntity(permission, entityUuid, partitionOfIds), partitionSize -> partitionSize / 3); } @@ -161,6 +170,10 @@ public class AuthorizationDao implements Dao { return mapper(dbSession).selectEmailSubscribersWithGlobalPermission(ADMINISTER.getKey()); } + public Set<String> keepAuthorizedLoginsOnEntity(DbSession dbSession, Set<String> logins, String entityKey, ProjectPermission permission) { + return keepAuthorizedLoginsOnEntity(dbSession, logins, entityKey, permission.getKey()); + } + public Set<String> keepAuthorizedLoginsOnEntity(DbSession dbSession, Set<String> logins, String entityKey, String permission) { return executeLargeInputsIntoSet( logins, diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/CountPerEntityPermission.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/CountPerEntityPermission.java index 9d6c2c207ac..e3870a20127 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/CountPerEntityPermission.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/CountPerEntityPermission.java @@ -34,9 +34,9 @@ public class CountPerEntityPermission { } @VisibleForTesting - CountPerEntityPermission(String entityUuid, String permission, int count) { + CountPerEntityPermission(String entityUuid, ProjectPermission permission, int count) { this.entityUuid = entityUuid; - this.permission = permission; + this.permission = permission.getKey(); this.count = count; } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java index 395d31a7ff9..f7998a70808 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java @@ -59,7 +59,7 @@ public enum GlobalPermission { return p; } } - throw new IllegalArgumentException("Unsupported permission: " + key); + throw new IllegalArgumentException("Unsupported global permission: " + key); } public static boolean contains(String key) { diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java index 3306033e1d3..bcdfaee08db 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java @@ -117,6 +117,10 @@ public class GroupPermissionDao implements Dao { * permission, <strong>excluding group "AnyOne"</strong> (which implies the returned {@code Sett} can't contain * {@code null}). */ + public Set<String> selectGroupUuidsWithPermissionOnEntityBut(DbSession session, String entityUuid, ProjectPermission permission) { + return selectGroupUuidsWithPermissionOnEntityBut(session, entityUuid, permission.getKey()); + } + public Set<String> selectGroupUuidsWithPermissionOnEntityBut(DbSession session, String entityUuid, String permission) { return mapper(session).selectGroupUuidsWithPermissionOnEntityBut(entityUuid, permission); } @@ -205,6 +209,11 @@ public class GroupPermissionDao implements Dao { * @param groupUuid if null, then anyone, else uuid of group * @param entityDto if null, then global permission, otherwise the uuid of entity */ + public void delete(DbSession dbSession, ProjectPermission permission, @Nullable String groupUuid, + @Nullable String groupName, @Nullable EntityDto entityDto) { + delete(dbSession, permission.getKey(), groupUuid, groupName, entityDto); + } + public void delete(DbSession dbSession, String permission, @Nullable String groupUuid, @Nullable String groupName, @Nullable EntityDto entityDto) { diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDto.java index e0507f7bb26..d6fcd6a3646 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDto.java @@ -64,6 +64,10 @@ public class GroupPermissionDto { return role; } + public GroupPermissionDto setRole(ProjectPermission permission) { + return setRole(permission.getKey()); + } + public GroupPermissionDto setRole(String role) { this.role = role; return this; diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java index 95dd6226eea..5bb0acd62f1 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java @@ -137,6 +137,10 @@ public class PermissionQuery { return this; } + public Builder setPermission(@Nullable ProjectPermission permission) { + return setPermission(permission == null ? null : permission.getKey()); + } + public Builder setEntity(ComponentDto component) { return setEntityUuid(component.uuid()); } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/ProjectPermission.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/ProjectPermission.java new file mode 100644 index 00000000000..230594b58b5 --- /dev/null +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/ProjectPermission.java @@ -0,0 +1,77 @@ +/* + * SonarQube + * Copyright (C) 2009-2025 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.permission; + +import java.util.Arrays; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; + +public enum ProjectPermission { + + USER("user"), + ADMIN("admin"), + CODEVIEWER("codeviewer"), + ISSUE_ADMIN("issueadmin"), + SECURITYHOTSPOT_ADMIN("securityhotspotadmin"), + SCAN("scan"); + + /** + * Permissions which are implicitly available for any user, any group on public projects. + */ + public static final Set<ProjectPermission> PUBLIC_PERMISSIONS = Collections.unmodifiableSet(EnumSet.of(ProjectPermission.USER, ProjectPermission.CODEVIEWER)); + + private final String key; + + ProjectPermission(String key) { + this.key = key; + } + + public String getKey() { + return key; + } + + @Override + public String toString() { + return key; + } + + public static ProjectPermission fromKey(String key) { + for (ProjectPermission p : values()) { + if (p.getKey().equals(key)) { + return p; + } + } + throw new IllegalArgumentException("Unsupported project permission: " + key); + } + + public static boolean contains(String key) { + return Arrays.stream(values()).anyMatch(v -> v.getKey().equals(key)); + } + + public static boolean isPublic(ProjectPermission permission) { + return PUBLIC_PERMISSIONS.contains(permission); + } + + public static boolean isPublic(String permissionKey) { + return PUBLIC_PERMISSIONS.stream().anyMatch(p -> p.getKey().equals(permissionKey)); + } + +} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDao.java index 7014a0aed29..b6cc79c9f85 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDao.java @@ -25,6 +25,7 @@ import org.sonar.db.Dao; import org.sonar.db.DbSession; import org.sonar.db.audit.AuditPersister; import org.sonar.db.audit.model.PermissionTemplateNewValue; +import org.sonar.db.permission.ProjectPermission; import static com.google.common.base.Preconditions.checkArgument; import static java.util.Objects.requireNonNull; @@ -41,6 +42,10 @@ public class PermissionTemplateCharacteristicDao implements Dao { return executeLargeInputs(templateUuids, partitionOfTemplateUuids -> mapper(dbSession).selectByTemplateUuids(partitionOfTemplateUuids)); } + public Optional<PermissionTemplateCharacteristicDto> selectByPermissionAndTemplateId(DbSession dbSession, ProjectPermission permission, String templateUuid) { + return selectByPermissionAndTemplateId(dbSession, permission.getKey(), templateUuid); + } + public Optional<PermissionTemplateCharacteristicDto> selectByPermissionAndTemplateId(DbSession dbSession, String permission, String templateUuid) { PermissionTemplateCharacteristicDto dto = mapper(dbSession).selectByPermissionAndTemplateUuid(permission, templateUuid); return Optional.ofNullable(dto); diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDto.java index 89aebabc55d..fc3224c9ec6 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDto.java @@ -19,6 +19,8 @@ */ package org.sonar.db.permission.template; +import org.sonar.db.permission.ProjectPermission; + import static com.google.common.base.Preconditions.checkArgument; public class PermissionTemplateCharacteristicDto { @@ -54,6 +56,10 @@ public class PermissionTemplateCharacteristicDto { return permission; } + public PermissionTemplateCharacteristicDto setPermission(ProjectPermission permission) { + return setPermission(permission.getKey()); + } + public PermissionTemplateCharacteristicDto setPermission(String permission) { checkArgument(permission.length() <= MAX_PERMISSION_KEY_LENGTH, "Permission key length (%s) is longer than the maximum authorized (%s). '%s' was provided.", permission.length(), MAX_PERMISSION_KEY_LENGTH, permission); diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java index 5ef2e73adef..46a6633133e 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java @@ -37,6 +37,7 @@ import org.sonar.db.audit.AuditPersister; import org.sonar.db.audit.model.PermissionTemplateNewValue; import org.sonar.db.permission.CountPerEntityPermission; import org.sonar.db.permission.PermissionQuery; +import org.sonar.db.permission.ProjectPermission; import static java.lang.String.format; import static org.sonar.api.security.DefaultGroups.ANYONE; @@ -175,6 +176,11 @@ public class PermissionTemplateDao implements Dao { return permissionTemplate; } + public void insertUserPermission(DbSession session, String templateUuid, String userUuid, ProjectPermission permission, + String templateName, String userLogin) { + insertUserPermission(session, templateUuid, userUuid, permission.getKey(), templateName, userLogin); + } + public void insertUserPermission(DbSession session, String templateUuid, String userUuid, String permission, String templateName, String userLogin) { PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto() @@ -192,6 +198,11 @@ public class PermissionTemplateDao implements Dao { session.commit(); } + public void deleteUserPermission(DbSession session, String templateUuid, String userUuid, ProjectPermission permission, + String templateName, String userLogin) { + deleteUserPermission(session, templateUuid, userUuid, permission.getKey(), templateName, userLogin); + } + public void deleteUserPermission(DbSession session, String templateUuid, String userUuid, String permission, String templateName, String userLogin) { PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto() @@ -215,6 +226,11 @@ public class PermissionTemplateDao implements Dao { } } + public void insertGroupPermission(DbSession session, String templateUuid, @Nullable String groupUuid, ProjectPermission permission, + String templateName, @Nullable String groupName) { + insertGroupPermission(session, templateUuid, groupUuid, permission.getKey(), templateName, groupName); + } + public void insertGroupPermission(DbSession session, String templateUuid, @Nullable String groupUuid, String permission, String templateName, @Nullable String groupName) { PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto() @@ -236,6 +252,11 @@ public class PermissionTemplateDao implements Dao { permissionTemplateGroup.getPermission(), null, null, permissionTemplateGroup.getGroupUuid(), permissionTemplateGroup.getGroupName())); } + public void deleteGroupPermission(DbSession session, String templateUuid, @Nullable String groupUuid, ProjectPermission permission, String templateName, + @Nullable String groupName) { + deleteGroupPermission(session, templateUuid, groupUuid, permission.getKey(), templateName, groupName); + } + public void deleteGroupPermission(DbSession session, String templateUuid, @Nullable String groupUuid, String permission, String templateName, @Nullable String groupName) { PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto() diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateGroupDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateGroupDto.java index 1bd6fc26ef1..94155be3d5c 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateGroupDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateGroupDto.java @@ -21,6 +21,7 @@ package org.sonar.db.permission.template; import java.util.Date; import javax.annotation.Nullable; +import org.sonar.db.permission.ProjectPermission; public class PermissionTemplateGroupDto { private String uuid; @@ -67,6 +68,10 @@ public class PermissionTemplateGroupDto { return this; } + public PermissionTemplateGroupDto setPermission(ProjectPermission permission) { + return setPermission(permission.getKey()); + } + public String getGroupName() { return groupName; } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/project/ProjectDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/project/ProjectDao.java index a031d8d69db..fcf9e17e0bb 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/project/ProjectDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/project/ProjectDao.java @@ -74,7 +74,7 @@ public class ProjectDao implements Dao { if (keys.isEmpty()) { return emptyList(); } - return mapper(session).selectProjectsByKeys(keys); + return executeLargeInputs(keys, partition -> mapper(session).selectProjectsByKeys(partition)); } public List<ProjectDto> selectApplicationsByKeys(DbSession session, Set<String> keys) { diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java index d1e8a396407..d1e6085d072 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java @@ -19,5 +19,20 @@ */ package org.sonar.db.provisioning; +import org.apache.ibatis.annotations.AutomapConstructor; +import org.sonar.db.permission.ProjectPermission; + public record DevOpsPermissionsMappingDto(String uuid, String devOpsPlatform, String role, String sonarqubePermission) { + + @AutomapConstructor + public DevOpsPermissionsMappingDto { + } + + public DevOpsPermissionsMappingDto(String uuid, String devOpsPlatform, String role, ProjectPermission sonarqubePermission) { + this(uuid, devOpsPlatform, role, sonarqubePermission.getKey()); + } + + public ProjectPermission projectPermission() { + return ProjectPermission.fromKey(sonarqubePermission); + } } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeCommands.java b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeCommands.java index 230d9aff010..fca991f9f28 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeCommands.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeCommands.java @@ -510,6 +510,13 @@ class PurgeCommands { profiler.stop(); } + public void deleteArchitectureGraphs(String branchUuid) { + profiler.start("deleteArchitectureGraphs (architecture_graphs)"); + purgeMapper.deleteArchitectureGraphsByBranchUuid(branchUuid); + session.commit(); + profiler.stop(); + } + public void deleteAnticipatedTransitions(String projectUuid, long createdAt) { profiler.start("deleteAnticipatedTransitions (anticipated_transitions)"); purgeMapper.deleteAnticipatedTransitionsByProjectUuidAndCreationDate(projectUuid, createdAt); @@ -525,11 +532,24 @@ class PurgeCommands { } public void deleteScaActivity(String componentUuid) { + // delete sca_analyses first since it sort of marks the analysis as valid/existing + profiler.start("deleteScaAnalyses (sca_analyses)"); + purgeMapper.deleteScaAnalysesByComponentUuid(componentUuid); + session.commit(); + profiler.stop(); + profiler.start("deleteScaDependencies (sca_dependencies)"); purgeMapper.deleteScaDependenciesByComponentUuid(componentUuid); session.commit(); profiler.stop(); + // this must be done before deleting sca_issues_releases or we won't + // be able to find the rows + profiler.start("deleteScaIssuesReleasesChanges (sca_issue_rels_changes)"); + purgeMapper.deleteScaIssuesReleasesChangesByComponentUuid(componentUuid); + session.commit(); + profiler.stop(); + profiler.start("deleteScaIssuesReleases (sca_issues_releases)"); purgeMapper.deleteScaIssuesReleasesByComponentUuid(componentUuid); session.commit(); @@ -542,4 +562,10 @@ class PurgeCommands { session.commit(); profiler.stop(); } + + public void deleteScaLicenseProfiles(String projectUuid) { + profiler.start("deleteScaLicenseProfileProjects (sca_lic_prof_projects)"); + purgeMapper.deleteScaLicenseProfileProjectsByProjectUuid(projectUuid); + profiler.stop(); + } } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeDao.java index ce5e0cf5e70..ff34ce5783d 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeDao.java @@ -281,6 +281,7 @@ public class PurgeDao implements Dao { commands.deleteReportSubscriptions(branchUuid); commands.deleteIssuesFixed(branchUuid); commands.deleteScaActivity(branchUuid); + commands.deleteArchitectureGraphs(branchUuid); } private static void deleteProject(String projectUuid, PurgeMapper mapper, PurgeCommands commands) { @@ -313,6 +314,7 @@ public class PurgeDao implements Dao { commands.deleteOutdatedProperties(projectUuid); commands.deleteReportSchedules(projectUuid); commands.deleteReportSubscriptions(projectUuid); + commands.deleteScaLicenseProfiles(projectUuid); } /** diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeMapper.java index 5ca08a12d7a..ab4b369aef6 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeMapper.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeMapper.java @@ -195,9 +195,17 @@ public interface PurgeMapper { void deleteIssuesFixedByBranchUuid(@Param("branchUuid") String branchUuid); + void deleteScaAnalysesByComponentUuid(@Param("componentUuid") String componentUuid); + void deleteScaDependenciesByComponentUuid(@Param("componentUuid") String componentUuid); void deleteScaIssuesReleasesByComponentUuid(@Param("componentUuid") String componentUuid); + void deleteScaIssuesReleasesChangesByComponentUuid(@Param("componentUuid") String componentUuid); + void deleteScaReleasesByComponentUuid(@Param("componentUuid") String componentUuid); + + void deleteScaLicenseProfileProjectsByProjectUuid(@Param("projectUuid") String projectUuid); + + void deleteArchitectureGraphsByBranchUuid(@Param("branchUuid") String branchUuid); } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/qualitygate/QualityGateFindingDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/qualitygate/QualityGateFindingDto.java index ebefc919835..17e310f3887 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/qualitygate/QualityGateFindingDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/qualitygate/QualityGateFindingDto.java @@ -27,6 +27,7 @@ public class QualityGateFindingDto { private String operator = null; private String valueType = null; private String errorThreshold = null; + private String qualityGateName = null; public String getDescription() { return description; @@ -52,6 +53,10 @@ public class QualityGateFindingDto { return errorThreshold; } + public String getQualityGateName() { + return qualityGateName; + } + private String getOperator() { return operator; } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/qualityprofile/ExportRuleDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/qualityprofile/ExportRuleDto.java index 8b847759942..ec68a1f28cb 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/qualityprofile/ExportRuleDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/qualityprofile/ExportRuleDto.java @@ -26,7 +26,7 @@ import java.util.Objects; import java.util.Set; import javax.annotation.CheckForNull; import org.sonar.api.rule.RuleKey; -import org.sonar.api.rules.RuleType; +import org.sonar.core.rule.RuleType; import org.sonar.db.rule.SeverityUtil; public class ExportRuleDto { @@ -71,7 +71,7 @@ public class ExportRuleDto { } public RuleType getRuleType() { - return RuleType.valueOf(type); + return RuleType.fromDbConstant(type); } @CheckForNull diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/report/IssueFindingDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/report/IssueFindingDto.java index 43eeda81427..b3e75db1658 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/report/IssueFindingDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/report/IssueFindingDto.java @@ -22,7 +22,7 @@ package org.sonar.db.report; import java.util.List; import java.util.Set; import javax.annotation.CheckForNull; -import org.sonar.api.rules.RuleType; +import org.sonar.core.rule.RuleType; import org.sonar.db.issue.ImpactDto; import org.sonar.db.rule.RuleDto; @@ -77,7 +77,7 @@ public class IssueFindingDto { } public RuleType getType() { - return RuleType.valueOf(type); + return RuleType.fromDbConstant(type); } public String getSeverity() { diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/rule/RuleDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/rule/RuleDto.java index 684cf6eca4a..c9dd18df7ba 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/rule/RuleDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/rule/RuleDto.java @@ -36,7 +36,7 @@ import org.sonar.api.issue.impact.SoftwareQuality; import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleStatus; import org.sonar.api.rules.CleanCodeAttribute; -import org.sonar.api.rules.RuleType; +import org.sonar.core.rule.RuleType; import org.sonar.db.issue.ImpactDto; import static com.google.common.base.Preconditions.checkArgument; @@ -421,7 +421,7 @@ public class RuleDto { } public RuleType getEnumType() { - return RuleType.valueOf(type); + return RuleType.fromDbConstant(type); } public RuleDto setType(int type) { diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/rule/RuleForIndexingDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/rule/RuleForIndexingDto.java index f1041e97702..c03eb7c04f0 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/rule/RuleForIndexingDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/rule/RuleForIndexingDto.java @@ -28,7 +28,7 @@ import javax.annotation.CheckForNull; import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleStatus; import org.sonar.api.rules.CleanCodeAttribute; -import org.sonar.api.rules.RuleType; +import org.sonar.core.rule.RuleType; import org.sonar.db.issue.ImpactDto; public class RuleForIndexingDto { diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/DefaultScaIssueIdentity.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/DefaultScaIssueIdentity.java deleted file mode 100644 index 7eec1512e71..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/DefaultScaIssueIdentity.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import static com.google.common.base.Preconditions.checkArgument; - -/** - * <p> - * Default implementation of {@link ScaIssueIdentity}. - * </p> - * <p> - * Caution: missing fields are empty string, not null, so db unique constraint works. - * </p> - * @param scaIssueType the issue type - * @param packageUrl the package url (may or may not have a version) - * @param vulnerabilityId the vulnerability id such as CVE-12345 - * @param spdxLicenseId the SPDX license identifier (not license expression) - */ -public record DefaultScaIssueIdentity(ScaIssueType scaIssueType, - String packageUrl, - String vulnerabilityId, - String spdxLicenseId) implements ScaIssueIdentity { - public DefaultScaIssueIdentity { - checkIdentityColumn(packageUrl, "packageUrl"); - checkIdentityColumn(vulnerabilityId, "vulnerabilityId"); - checkIdentityColumn(spdxLicenseId, "spdxLicenseId"); - } - - private static void checkIdentityColumn(String value, String name) { - checkArgument(value != null, "DefaultScaIssueIdentity.%s cannot be null", name); - checkArgument(!value.isBlank(), "DefaultScaIssueIdentity.%s cannot be blank, use ScaIssueDto.NULL_VALUE", name); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ListOfListOfStringsTypeHandler.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ListOfListOfStringsTypeHandler.java deleted file mode 100644 index e90ddafba5d..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ListOfListOfStringsTypeHandler.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import com.google.gson.Gson; -import com.google.gson.reflect.TypeToken; -import java.lang.reflect.Type; -import java.sql.CallableStatement; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.util.List; -import org.apache.ibatis.type.BaseTypeHandler; -import org.apache.ibatis.type.JdbcType; - -public class ListOfListOfStringsTypeHandler extends BaseTypeHandler<List<List<String>>> { - private static final Gson GSON = new Gson(); - private static final Type type = new TypeToken<List<List<String>>>() { - }.getType(); - - @Override - public void setNonNullParameter(PreparedStatement ps, int i, List<List<String>> parameter, JdbcType jdbcType) throws SQLException { - ps.setString(i, GSON.toJson(parameter)); - } - - @Override - public List<List<String>> getNullableResult(ResultSet rs, String columnName) throws SQLException { - return GSON.fromJson(rs.getString(columnName), type); - } - - @Override - public List<List<String>> getNullableResult(ResultSet rs, int columnIndex) throws SQLException { - return GSON.fromJson(rs.getString(columnIndex), type); - } - - @Override - public List<List<String>> getNullableResult(CallableStatement cs, int columnIndex) throws SQLException { - return GSON.fromJson(cs.getString(columnIndex), type); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ListOfStringsTypeHandler.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ListOfStringsTypeHandler.java deleted file mode 100644 index 6d573e282d8..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ListOfStringsTypeHandler.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import com.google.gson.Gson; -import com.google.gson.reflect.TypeToken; -import java.lang.reflect.Type; -import java.sql.CallableStatement; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.util.List; -import org.apache.ibatis.type.BaseTypeHandler; -import org.apache.ibatis.type.JdbcType; - -public class ListOfStringsTypeHandler extends BaseTypeHandler<List<String>> { - public static final int MAXIMUM_LENGTH = 255; - private static final Gson GSON = new Gson(); - private static final Type type = new TypeToken<List<String>>() { - }.getType(); - - @Override - public void setNonNullParameter(PreparedStatement ps, int i, List<String> parameter, JdbcType jdbcType) throws SQLException { - var s = GSON.toJson(parameter); - if (s.length() > MAXIMUM_LENGTH) { - throw new SQLException("List of strings is too long to store in database"); - } - ps.setString(i, s); - } - - @Override - public List<String> getNullableResult(ResultSet rs, String columnName) throws SQLException { - return GSON.fromJson(rs.getString(columnName), type); - } - - @Override - public List<String> getNullableResult(ResultSet rs, int columnIndex) throws SQLException { - return GSON.fromJson(rs.getString(columnIndex), type); - } - - @Override - public List<String> getNullableResult(CallableStatement cs, int columnIndex) throws SQLException { - return GSON.fromJson(cs.getString(columnIndex), type); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/PackageManager.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/PackageManager.java deleted file mode 100644 index 50b49bcd185..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/PackageManager.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -/** - * These values come from https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst and correspond - * to the package manager string used in PURLs. - */ -public enum PackageManager { - CARGO, COCOAPODS, COMPOSER, CONAN, CONDA, GEM, GOLANG, MAVEN, NPM, NUGET, PYPI -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesDao.java deleted file mode 100644 index 166a8e0f2aa..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesDao.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.List; -import java.util.Optional; -import org.sonar.db.Dao; -import org.sonar.db.DbSession; -import org.sonar.db.Pagination; - -public class ScaDependenciesDao implements Dao { - - private static ScaDependenciesMapper mapper(DbSession session) { - return session.getMapper(ScaDependenciesMapper.class); - } - - public void insert(DbSession session, ScaDependencyDto scaDependencyDto) { - mapper(session).insert(scaDependencyDto); - } - - public void deleteByUuid(DbSession session, String uuid) { - mapper(session).deleteByUuid(uuid); - } - - public Optional<ScaDependencyDto> selectByUuid(DbSession dbSession, String uuid) { - return Optional.ofNullable(mapper(dbSession).selectByUuid(uuid)); - } - - /** - * Retrieves all dependencies with a specific branch UUID, no other filtering is done by this method. - */ - public List<ScaDependencyDto> selectByBranchUuid(DbSession dbSession, String branchUuid) { - return mapper(dbSession).selectByBranchUuid(branchUuid); - } - - public List<ScaDependencyDto> selectByQuery(DbSession session, ScaDependenciesQuery scaDependenciesQuery, Pagination pagination) { - return mapper(session).selectByQuery(scaDependenciesQuery, pagination); - } - - public int countByQuery(DbSession session, ScaDependenciesQuery scaDependenciesQuery) { - return mapper(session).countByQuery(scaDependenciesQuery); - } - - public void update(DbSession session, ScaDependencyDto scaDependencyDto) { - mapper(session).update(scaDependencyDto); - } - - public List<ScaDependencyDto> selectByReleaseUuids(DbSession dbSession, Collection<String> releaseUuids) { - return mapper(dbSession).selectByReleaseUuids(releaseUuids); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesMapper.java deleted file mode 100644 index 9113c76a906..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesMapper.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.List; -import org.apache.ibatis.annotations.Param; -import org.sonar.db.Pagination; - -public interface ScaDependenciesMapper { - void insert(ScaDependencyDto dto); - - void deleteByUuid(String uuid); - - ScaDependencyDto selectByUuid(String uuid); - - List<ScaDependencyDto> selectByBranchUuid(String branchUuid); - - List<ScaDependencyDto> selectByQuery(@Param("query") ScaDependenciesQuery query, @Param("pagination") Pagination pagination); - - List<ScaDependencyDto> selectByReleaseUuids(Collection<String> releaseUuids); - - void update(ScaDependencyDto dto); - - int countByQuery(@Param("query") ScaDependenciesQuery query); -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesQuery.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesQuery.java deleted file mode 100644 index 459fcf7a50e..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependenciesQuery.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; -import java.util.Locale; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - -import static org.sonar.db.DaoUtils.buildLikeValue; -import static org.sonar.db.WildcardPosition.AFTER; - -public record ScaDependenciesQuery( - String branchUuid, - @Nullable Boolean direct, - @Nullable List<String> packageManagers, - @Nullable String query) { - - /** - * Used by MyBatis mapper - */ - @CheckForNull - public String likeQuery() { - return query == null ? null : buildLikeValue(query.toLowerCase(Locale.ENGLISH), AFTER); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependencyDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependencyDto.java deleted file mode 100644 index 2b5f59800bc..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependencyDto.java +++ /dev/null @@ -1,234 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import com.google.gson.Gson; -import java.util.List; -import javax.annotation.Nullable; - -import static com.google.common.base.Preconditions.checkArgument; - -/** - * Represents a Software Composition Analysis (SCA) dependency, associated with a component. - * The component will be a package component nested inside a project branch component. - * <p> - * One of userDependencyFilePath or lockfileDependencyFilePath should not be null. - *</p> - * <p> - * A dependency is a "mention" of a release in a project, with a scope and a specific - * dependency file that it was mentioned in. - *</p> - * @param uuid primary key - * @param scaReleaseUuid the UUID of the SCA release that this dependency refers to - * @param direct is this a direct dependency of the project - * @param scope the scope of the dependency e.g. "development" - * @param productionScope whether the scope appears to be a production scope or test scope - * @param userDependencyFilePath path to the user-editable file where the dependency was found ("manifest") e.g. package.json - * @param lockfileDependencyFilePath path to the machine-maintained lockfile where the dependency was found e.g. package-lock.json - * @param chains a list of the purl chains that require the dependency, stored as JSON string, e.g. [["pkg:npm/foo@1.0.0", ...], ...] - * @param newInPullRequest is it newly-added vs. target branch in this PR - * @param createdAt timestamp of creation - * @param updatedAt timestamp of most recent update - */ -public record ScaDependencyDto( - String uuid, - String scaReleaseUuid, - boolean direct, - String scope, - boolean productionScope, - @Nullable String userDependencyFilePath, - @Nullable String lockfileDependencyFilePath, - @Nullable List<List<String>> chains, - boolean newInPullRequest, - long createdAt, - long updatedAt) { - - // These need to be in sync with the database but because the db migration module and this module don't - // depend on each other, we can't make one just refer to the other. - public static final int SCOPE_MAX_LENGTH = 100; - public static final int DEPENDENCY_FILE_PATH_MAX_LENGTH = 1000; - - private static final Gson GSON = new Gson(); - - public ScaDependencyDto { - // We want these to raise errors and not silently put junk values in the db - checkLength(scope, SCOPE_MAX_LENGTH, "scope"); - checkLength(userDependencyFilePath, DEPENDENCY_FILE_PATH_MAX_LENGTH, "userDependencyFilePath"); - checkLength(lockfileDependencyFilePath, DEPENDENCY_FILE_PATH_MAX_LENGTH, "lockfileDependencyFilePath"); - if (userDependencyFilePath == null && lockfileDependencyFilePath == null) { - throw new IllegalArgumentException("One of userDependencyFilePath or lockfileDependencyFilePath should not be null"); - } - } - - private static void checkLength(@Nullable String value, int maxLength, String name) { - if (value != null) { - checkArgument(value.length() <= maxLength, "Maximum length of %s is %s: %s", name, maxLength, value); - } - } - - public String getChainsJson() { - return chains == null ? null : GSON.toJson(chains); - } - - /** - * Returns the userDependencyFilePath if it is not null, otherwise returns the lockfileDependencyFilePath. - * - * @return a non-null file path - */ - public String primaryDependencyFilePath() { - return userDependencyFilePath != null ? userDependencyFilePath : lockfileDependencyFilePath; - } - - /** - * Returns an object whose .equals and .hashCode would match that of another ScaDependencyDto's - * identity() if the two ScaDependencyDto would count as duplicates within the sca_dependencies table. - * This is different from the DTOs themselves being equal because some fields do not count in - * the identity of the row, and can be updated while preserving the identity. The method just - * returns Object and not a type, because it exists just to call .equals and .hashCode on. - * - * @return an object to be used for hashing and comparing ScaDependencyDto instances for identity - */ - public Identity identity() { - return new IdentityImpl(this); - } - - public Builder toBuilder() { - return new Builder() - .setUuid(this.uuid) - .setScaReleaseUuid(this.scaReleaseUuid) - .setDirect(this.direct) - .setScope(this.scope) - .setProductionScope(this.productionScope) - .setUserDependencyFilePath(this.userDependencyFilePath) - .setLockfileDependencyFilePath(this.lockfileDependencyFilePath) - .setChains(this.chains) - .setNewInPullRequest(this.newInPullRequest) - .setCreatedAt(this.createdAt) - .setUpdatedAt(this.updatedAt); - } - - public interface Identity { - /** - * Return a new identity with a different scaReleaseUuid - * @param scaReleaseUuid to swap in to the identity - * @return an object to be used for hashing and comparing ScaDependencyDto instances for identity - */ - Identity withScaReleaseUuid(String scaReleaseUuid); - } - - /** This object has the subset of fields that have to be unique in a ScaDependencyDto, - * so if this is the same for two ScaDependencyDto, we can update rather than insert - * those ScaDependencyDto. Conceptually, sca_dependencies table could have a unique - * constraint on these fields, though in practice it does not. - *<p> - * This class is private because it is exclusively used for .equals and .hashCode - * so nobody cares about it otherwise. - *</p> - */ - private record IdentityImpl(String scaReleaseUuid, - boolean direct, - String scope, - @Nullable String userDependencyFilePath, - @Nullable String lockfileDependencyFilePath) implements Identity { - - IdentityImpl(ScaDependencyDto dto) { - this(dto.scaReleaseUuid(), dto.direct(), dto.scope(), dto.userDependencyFilePath(), dto.lockfileDependencyFilePath()); - } - - @Override - public IdentityImpl withScaReleaseUuid(String scaReleaseUuid) { - return new IdentityImpl(scaReleaseUuid, direct, scope, userDependencyFilePath, lockfileDependencyFilePath); - } - } - - public static class Builder { - private String uuid; - private String scaReleaseUuid; - private boolean direct; - private String scope; - private boolean productionScope; - private String userDependencyFilePath; - private String lockfileDependencyFilePath; - private List<List<String>> chains; - private boolean newInPullRequest; - private long createdAt; - private long updatedAt; - - public Builder setUuid(String uuid) { - this.uuid = uuid; - return this; - } - - public Builder setScaReleaseUuid(String scaReleaseUuid) { - this.scaReleaseUuid = scaReleaseUuid; - return this; - } - - public Builder setDirect(boolean direct) { - this.direct = direct; - return this; - } - - public Builder setScope(String scope) { - this.scope = scope; - return this; - } - - public Builder setProductionScope(boolean productionScope) { - this.productionScope = productionScope; - return this; - } - - public Builder setUserDependencyFilePath(@Nullable String dependencyFilePath) { - this.userDependencyFilePath = dependencyFilePath; - return this; - } - - public Builder setLockfileDependencyFilePath(@Nullable String dependencyFilePath) { - this.lockfileDependencyFilePath = dependencyFilePath; - return this; - } - - public Builder setChains(@Nullable List<List<String>> chains) { - this.chains = chains; - return this; - } - - public Builder setNewInPullRequest(boolean newInPullRequest) { - this.newInPullRequest = newInPullRequest; - return this; - } - - public Builder setCreatedAt(long createdAt) { - this.createdAt = createdAt; - return this; - } - - public Builder setUpdatedAt(long updatedAt) { - this.updatedAt = updatedAt; - return this; - } - - public ScaDependencyDto build() { - return new ScaDependencyDto( - uuid, scaReleaseUuid, direct, scope, productionScope, userDependencyFilePath, lockfileDependencyFilePath, chains, newInPullRequest, createdAt, updatedAt); - } - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependencyReleaseDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependencyReleaseDto.java deleted file mode 100644 index 131a84bf1c0..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaDependencyReleaseDto.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; -import javax.annotation.Nullable; - -/** - * This DTO represents the join of sca_dependencies and sca_releases, and is "read only" - * (it cannot be inserted, it would only be a query result). - * - * @param dependencyUuid uuid of the sca_dependencies row - * @param releaseUuid uuid of the sca_releases row - * @param componentUuid uuid of the component both rows were associated with - * @param direct is it a direct dep - * @param scope scope/type of the dep like "compile" - * @param userDependencyFilePath which manifest file (e.g. package.json) - * @param lockfileDependencyFilePath which lockfile (e.g. package-lock.json) - * @param chains chains that brought the dependency in, e.g. [["pkg:npm/foo@1.0.0", ...], ...] - * @param packageUrl PURL specification URL - * @param packageManager package manager - * @param packageName name of package - * @param version version - * @param licenseExpression SPDX license expression - * @param known was the package known to Sonar - */ -public record ScaDependencyReleaseDto(String dependencyUuid, - String releaseUuid, - String componentUuid, - boolean direct, - String scope, - @Nullable String userDependencyFilePath, - @Nullable String lockfileDependencyFilePath, - @Nullable List<List<String>> chains, - String packageUrl, - PackageManager packageManager, - String packageName, - String version, - String licenseExpression, - boolean known) { - - public ScaDependencyReleaseDto(ScaDependencyDto dependency, ScaReleaseDto release) { - this( - dependency.uuid(), - release.uuid(), - release.componentUuid(), - dependency.direct(), - dependency.scope(), - dependency.userDependencyFilePath(), - dependency.lockfileDependencyFilePath(), - dependency.chains(), - release.packageUrl(), - release.packageManager(), - release.packageName(), - release.version(), - release.licenseExpression(), - release.known()); - if (!dependency.scaReleaseUuid().equals(release.uuid())) { - throw new IllegalArgumentException("Dependency and release UUIDs should match"); - } - } - - public String primaryDependencyFilePath() { - return userDependencyFilePath != null ? userDependencyFilePath : lockfileDependencyFilePath; - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueDto.java deleted file mode 100644 index c1d28a4916b..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueDto.java +++ /dev/null @@ -1,153 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import static com.google.common.base.Preconditions.checkArgument; - -/** - * This table has GLOBAL rows spanning all analysis runs. For a given notional - * problem there will be ONE row. A notional problem could be a particular - * vulnerability "CVE-12345" or a particular license rule like "GPL-3.0 is prohibited". - * The purpose of this table is to assign a uuid to that notional problem. - * Because the uuid must be globally unique for the same problem, there is a - * unique constraint across all the columns. - * <p> - * NULL columns cannot participate in unique constraints on all database backends, - * so irrelevant columns for a particular issue type are set to empty string instead of NULL. - * </p> - * <p> - * The columns in this table should be those that establish the identity of the issue - * and no more. See {@link ScaIssueType} which has a method returning the proper - * ScaIssueDto for each issue type. Those same columns without uuid and timestamps - * are also in the {@link DefaultScaIssueIdentity} type. - * </p> - * <p> - * The packageUrl may or may not include a version number, depending on whether - * the issue type is per-package or per-release. - * </p> - */ -public record ScaIssueDto( - String uuid, - ScaIssueType scaIssueType, - String packageUrl, - String vulnerabilityId, - String spdxLicenseId, - long createdAt, - long updatedAt) implements ScaIssueIdentity { - - /** - * Value that represents "does not apply" in one of the identity columns. - * <p> - * You know you are going to ask, so the reason we can't use empty string - * is that Oracle thinks empty strings are NULL. And the reason we can't - * use NULL is that not all databases have a way to consider NULL as a - * value in a unique constraint. So anyway, just go with it. - * </p> - * <p> - * This string should be invalid as an actual value for all of the - * columns, so it's not a package url, not a vulnerability ID, - * and not a SPDX license ID. - * </p> - */ - public static final String NULL_VALUE = "-"; - - // these need to match what's in the db - public static final int SCA_ISSUE_TYPE_MAX_LENGTH = 40; - public static final int PACKAGE_URL_MAX_LENGTH = 400; - public static final int VULNERABILITY_ID_MAX_LENGTH = 63; - public static final int SPDX_LICENSE_ID_MAX_LENGTH = 127; - - public ScaIssueDto { - // We want these to raise errors and not silently put junk values in the db - checkIdentityColumn(packageUrl, PACKAGE_URL_MAX_LENGTH, "packageUrl"); - checkIdentityColumn(vulnerabilityId, VULNERABILITY_ID_MAX_LENGTH, "vulnerabilityId"); - checkIdentityColumn(spdxLicenseId, SPDX_LICENSE_ID_MAX_LENGTH, "spdxLicenseId"); - } - - public ScaIssueDto(String uuid, ScaIssueIdentity identity, long createdAt, long updatedAt) { - this(uuid, identity.scaIssueType(), identity.packageUrl(), identity.vulnerabilityId(), identity.spdxLicenseId(), createdAt, updatedAt); - } - - private static void checkIdentityColumn(String value, int maxLength, String name) { - checkArgument(value != null, "Column %s cannot be null", name); - checkArgument(!value.isBlank(), "Column %s cannot be blank, use ScaIssueDto.NULL_VALUE", name); - checkArgument(value.length() <= maxLength, "Maximum length of %s is %s: %s", name, maxLength, value); - } - - public Builder toBuilder() { - return new Builder() - .setUuid(uuid) - .setScaIssueType(scaIssueType) - .setPackageUrl(packageUrl) - .setVulnerabilityId(vulnerabilityId) - .setSpdxLicenseId(spdxLicenseId) - .setCreatedAt(createdAt) - .setUpdatedAt(updatedAt); - } - - public static class Builder { - private String uuid; - private ScaIssueType scaIssueType; - private String packageUrl; - private String vulnerabilityId; - private String spdxLicenseId; - private long createdAt; - private long updatedAt; - - public Builder setUuid(String uuid) { - this.uuid = uuid; - return this; - } - - public Builder setScaIssueType(ScaIssueType scaIssueType) { - this.scaIssueType = scaIssueType; - return this; - } - - public Builder setPackageUrl(String packageUrl) { - this.packageUrl = packageUrl; - return this; - } - - public Builder setVulnerabilityId(String vulnerabilityId) { - this.vulnerabilityId = vulnerabilityId; - return this; - } - - public Builder setSpdxLicenseId(String spdxLicenseId) { - this.spdxLicenseId = spdxLicenseId; - return this; - } - - public Builder setCreatedAt(long createdAt) { - this.createdAt = createdAt; - return this; - } - - public Builder setUpdatedAt(long updatedAt) { - this.updatedAt = updatedAt; - return this; - } - - public ScaIssueDto build() { - return new ScaIssueDto(uuid, scaIssueType, packageUrl, vulnerabilityId, spdxLicenseId, createdAt, updatedAt); - } - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueIdentity.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueIdentity.java deleted file mode 100644 index fc101ea46f6..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueIdentity.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -/** - * <p> - * Contains those fields which are in the unique index of the sca_issues table. - * This will be a subset of fields in the {@link ScaIssueDto} class. - * These fields are used to assign a global uuid to each issue, such as - * each vulnerability or each prohibited license. - * </p> - * <p> - * None of the fields are nullable; if not relevant to the issue's identity - * they must be empty string instead. Nulls are not usable in a unique index - * in standard sql. - * </p> - * <p> - * Implementations of this interface are allowed to include fields other than - * the identity fields in their equals and hashCode, so it is probably not - * appropriate to use instances of this interface as a hash key. You can likely - * use a concrete implementation of this interface as a hash key, though. - * </p> - */ -public interface ScaIssueIdentity { - ScaIssueType scaIssueType(); - - String packageUrl(); - - String vulnerabilityId(); - - String spdxLicenseId(); -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueReleaseDetailsDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueReleaseDetailsDto.java deleted file mode 100644 index 5ea5e9f49a1..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueReleaseDetailsDto.java +++ /dev/null @@ -1,176 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.math.BigDecimal; -import java.util.List; -import javax.annotation.Nullable; -import org.sonar.api.utils.DateUtils; - -/** - * <p>A "read-only" DTO used to query the join of sca_issues_releases, sca_issues, and sca_*_issues. - * This is used to return all the details shown in a list of issues in the UX. - * This DTO and its mapper are an optimization, to do more work in SQL and - * avoid "joining in Java." - * </p> - * <p> - * The uuids in the DTOs must all correspond, or some kind of bug is happening. - * </p> - * <p> - * issueReleaseUuid is passed in separately because it allows mybatis to have an ID for the DTO, - * which it then uses for caching and lookup instead of hashing the whole object. - * </p> - */ -public record ScaIssueReleaseDetailsDto( - String issueReleaseUuid, - ScaIssueReleaseDto issueReleaseDto, - ScaIssueDto issueDto, - ScaReleaseDto releaseDto, - @Nullable ScaVulnerabilityIssueDto vulnerabilityIssueDto) { - - public ScaIssueReleaseDetailsDto { - // the issueReleaseUuid is separate so mybatis can use it for instance - // identity, but it must match the UUID in the issueReleaseDto - // and is straight-up redundant. - if (!issueReleaseUuid.equals(issueReleaseDto.uuid())) { - throw new IllegalArgumentException("issueReleaseUuid must match issueReleaseDto.uuid()"); - } - if (!issueDto.uuid().equals(issueReleaseDto.scaIssueUuid())) { - throw new IllegalArgumentException("issueDto.uuid() must match issueReleaseDto.scaIssueUuid()"); - } - if (!releaseDto.uuid().equals(issueReleaseDto.scaReleaseUuid())) { - throw new IllegalArgumentException("releaseDto.uuid() must match issueReleaseDto.scaReleaseUuid()"); - } - if (vulnerabilityIssueDto != null && !vulnerabilityIssueDto.uuid().equals(issueDto.uuid())) { - throw new IllegalArgumentException("vulnerabilityIssueDto.uuid() must match issueDto.uuid()"); - } - } - - // DateUtils says that this returns an RFC 822 timestamp - // but it is really a ISO 8601 timestamp. - public String createdAtIso8601() { - return DateUtils.formatDateTime(issueReleaseDto.createdAt()); - } - - public ScaSeverity severity() { - return issueReleaseDto.severity(); - } - - public String issueUuid() { - return issueDto.uuid(); - } - - public String releaseUuid() { - return releaseDto.uuid(); - } - - public ScaIssueType scaIssueType() { - return issueDto.scaIssueType(); - } - - public boolean newInPullRequest() { - return releaseDto.newInPullRequest(); - } - - public String version() { - return releaseDto.version(); - } - - /** - * Returns the versioned package URL of the release - */ - public String releasePackageUrl() { - return releaseDto.packageUrl(); - } - - /** Returns the unversioned package URL of the security vulnerability, - * or ScaIssueDto::NULL_VALUE if the issue is not a vulnerability. - */ - public String issuePackageUrl() { - return issueDto.packageUrl(); - } - - /** - * Returns the vulnerability ID of the issue, or ScaIssueDto::NULL_VALUE if the issue is not a vulnerability. - */ - public String vulnerabilityId() { - return issueDto.vulnerabilityId(); - } - - /** Returns the SPDX license ID of the issue, or ScaIssueDto::NULL_VALUE if the issue is not a license issue. */ - public String spdxLicenseId() { - return issueDto.spdxLicenseId(); - } - - /** Returns the base severity of the vulnerability, or null if the issue is not a vulnerability. */ - public @Nullable ScaSeverity vulnerabilityBaseSeverity() { - return vulnerabilityIssueDto == null ? null : vulnerabilityIssueDto.baseSeverity(); - } - - /** Returns the CWE IDs of the vulnerability, or null if the issue is not a vulnerability. */ - public @Nullable List<String> cweIds() { - return vulnerabilityIssueDto == null ? null : vulnerabilityIssueDto.cweIds(); - } - - /** Returns the CVSS score of the vulnerability, or null if the issue is not a vulnerability or does not have a CVSS score. */ - public @Nullable BigDecimal cvssScore() { - return vulnerabilityIssueDto == null ? null : vulnerabilityIssueDto.cvssScore(); - } - - public Builder toBuilder() { - return new Builder() - .setIssueReleaseDto(issueReleaseDto) - .setIssueDto(issueDto) - .setReleaseDto(releaseDto) - .setVulnerabilityIssueDto(vulnerabilityIssueDto); - } - - public static class Builder { - private ScaIssueReleaseDto issueReleaseDto; - private ScaIssueDto issueDto; - private ScaReleaseDto releaseDto; - @Nullable - private ScaVulnerabilityIssueDto vulnerabilityIssueDto; - - public Builder setIssueReleaseDto(ScaIssueReleaseDto issueReleaseDto) { - this.issueReleaseDto = issueReleaseDto; - return this; - } - - public Builder setIssueDto(ScaIssueDto issueDto) { - this.issueDto = issueDto; - return this; - } - - public Builder setReleaseDto(ScaReleaseDto releaseDto) { - this.releaseDto = releaseDto; - return this; - } - - public Builder setVulnerabilityIssueDto(@Nullable ScaVulnerabilityIssueDto vulnerabilityIssueDto) { - this.vulnerabilityIssueDto = vulnerabilityIssueDto; - return this; - } - - public ScaIssueReleaseDetailsDto build() { - return new ScaIssueReleaseDetailsDto(issueReleaseDto.uuid(), issueReleaseDto, issueDto, releaseDto, vulnerabilityIssueDto); - } - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueReleaseDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueReleaseDto.java deleted file mode 100644 index 74f4979b0fa..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueReleaseDto.java +++ /dev/null @@ -1,128 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -/** - * Represents a many-to-many join between Software Composition Analysis (SCA) issue and a SCA release. - * - * @param uuid primary key - * @param scaIssueUuid the UUID of the SCA issue - * @param scaReleaseUuid the UUID of the SCA release - * @param severity the severity of the issue - * @param createdAt timestamp of creation - * @param updatedAt timestamp of most recent update - */ -public record ScaIssueReleaseDto( - String uuid, - String scaIssueUuid, - String scaReleaseUuid, - ScaSeverity severity, - long createdAt, - long updatedAt) { - - /** - * This constructor makes it a little harder to get the issue and release uuids backward, - * if you have the DTOs around to use it. - */ - public ScaIssueReleaseDto(String uuid, ScaIssueDto scaIssueDto, ScaReleaseDto scaReleaseDto, ScaSeverity severity, long createdAt, long updatedAt) { - this(uuid, scaIssueDto.uuid(), scaReleaseDto.uuid(), severity, createdAt, updatedAt); - } - - public int severitySortKey() { - return severity.databaseSortKey(); - } - - public Builder toBuilder() { - return new Builder() - .setUuid(this.uuid) - .setScaIssueUuid(this.scaIssueUuid) - .setScaReleaseUuid(this.scaReleaseUuid) - .setSeverity(this.severity) - .setCreatedAt(this.createdAt) - .setUpdatedAt(this.updatedAt); - } - - /** - * Returns an object whose .equals and .hashCode would match that of another ScaIssueReleaseDto's - * identity() if the two ScaIssueReleaseDto would count as duplicates within the sca_issues_releases - * table. - * This is different from the DTOs themselves being equal because some fields do not count in - * the identity of the row, and can be updated while preserving the identity. The method just - * returns Object and not a type, because it exists just to call .equals and .hashCode on. - * - * @return an object to be used for hashing and comparing ScaReleaseDto instances for identity - */ - public Identity identity() { - return new IdentityImpl(this); - } - - public interface Identity { - } - - private record IdentityImpl(String scaIssueUuid, String scaReleaseUuid) implements Identity { - IdentityImpl(ScaIssueReleaseDto dto) { - this(dto.scaIssueUuid(), dto.scaReleaseUuid()); - } - } - - public static class Builder { - private String uuid; - private String scaIssueUuid; - private String scaReleaseUuid; - private ScaSeverity severity; - private long createdAt; - private long updatedAt; - - public Builder setUuid(String uuid) { - this.uuid = uuid; - return this; - } - - public Builder setScaIssueUuid(String scaIssueUuid) { - this.scaIssueUuid = scaIssueUuid; - return this; - } - - public Builder setScaReleaseUuid(String scaReleaseUuid) { - this.scaReleaseUuid = scaReleaseUuid; - return this; - } - - public Builder setSeverity(ScaSeverity severity) { - this.severity = severity; - return this; - } - - public Builder setCreatedAt(long createdAt) { - this.createdAt = createdAt; - return this; - } - - public Builder setUpdatedAt(long updatedAt) { - this.updatedAt = updatedAt; - return this; - } - - public ScaIssueReleaseDto build() { - return new ScaIssueReleaseDto( - uuid, scaIssueUuid, scaReleaseUuid, severity, createdAt, updatedAt); - } - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueType.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueType.java deleted file mode 100644 index 0dcd8825622..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssueType.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -/** - * The type of ScaIssue (not the type of generic Sonar issue). - */ -public enum ScaIssueType { - VULNERABILITY, - PROHIBITED_LICENSE; -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesDao.java deleted file mode 100644 index 93c527cff7a..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesDao.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.List; -import java.util.Optional; -import org.sonar.db.Dao; -import org.sonar.db.DbSession; - -public class ScaIssuesDao implements Dao { - - private static ScaIssuesMapper mapper(DbSession session) { - return session.getMapper(ScaIssuesMapper.class); - } - - public void insert(DbSession session, ScaIssueDto scaIssueDto) { - mapper(session).insert(scaIssueDto); - } - - public Optional<ScaIssueDto> selectByUuid(DbSession dbSession, String uuid) { - return Optional.ofNullable(mapper(dbSession).selectByUuid(uuid)); - } - - public List<ScaIssueDto> selectByUuids(DbSession dbSession, Collection<String> uuids) { - return mapper(dbSession).selectByUuids(uuids); - } - - public Optional<String> selectUuidByValue(DbSession dbSession, ScaIssueIdentity scaIssueIdentity) { - return mapper(dbSession).selectUuidByValue(scaIssueIdentity); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesMapper.java deleted file mode 100644 index 0ebe2c02056..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesMapper.java +++ /dev/null @@ -1,34 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.List; -import java.util.Optional; - -public interface ScaIssuesMapper { - void insert(ScaIssueDto dto); - - ScaIssueDto selectByUuid(String uuid); - - List<ScaIssueDto> selectByUuids(Collection<String> uuids); - - Optional<String> selectUuidByValue(ScaIssueIdentity scaIssueIdentity); -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDao.java deleted file mode 100644 index 710deb12d2c..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDao.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; -import org.sonar.db.Dao; -import org.sonar.db.DbSession; - -public class ScaIssuesReleasesDao implements Dao { - - private static ScaIssuesReleasesMapper mapper(DbSession session) { - return session.getMapper(ScaIssuesReleasesMapper.class); - } - - public void insert(DbSession session, ScaIssueReleaseDto scaIssueReleaseDto) { - mapper(session).insert(scaIssueReleaseDto); - } - - public void update(DbSession session, ScaIssueReleaseDto scaIssueReleaseDto) { - mapper(session).update(scaIssueReleaseDto); - } - - public void deleteByUuid(DbSession session, String uuid) { - mapper(session).deleteByUuid(uuid); - } - - public List<ScaIssueReleaseDto> selectByBranchUuid(DbSession dbSession, String branchUuid) { - return mapper(dbSession).selectByBranchUuid(branchUuid); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsDao.java deleted file mode 100644 index 31a0d5dd611..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsDao.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; -import org.sonar.db.Dao; -import org.sonar.db.DbSession; -import org.sonar.db.Pagination; - -public class ScaIssuesReleasesDetailsDao implements Dao { - - private static ScaIssuesReleasesDetailsMapper mapper(DbSession session) { - return session.getMapper(ScaIssuesReleasesDetailsMapper.class); - } - - /** - * Retrieves all issues with a specific branch UUID, no other filtering is done by this method. - */ - public List<ScaIssueReleaseDetailsDto> selectByBranchUuid(DbSession dbSession, String branchUuid, Pagination pagination) { - return mapper(dbSession).selectByBranchUuid(branchUuid, pagination); - } - - /** - * Retrieves all issues with a specific release UUID, no other filtering is done by this method. - */ - public List<ScaIssueReleaseDetailsDto> selectByReleaseUuid(DbSession dbSession, String releaseUuid) { - return mapper(dbSession).selectByReleaseUuid(releaseUuid); - } - - /** - * Counts all issues with a specific branch UUID, no other filtering is done by this method. - */ - public int countByBranchUuid(DbSession dbSession, String branchUuid) { - return mapper(dbSession).countByBranchUuid(branchUuid); - } - - public List<ScaIssueReleaseDetailsDto> selectByQuery(DbSession dbSession, ScaIssuesReleasesDetailsQuery query, Pagination pagination) { - return mapper(dbSession).selectByQuery(query, pagination); - } - - public int countByQuery(DbSession dbSession, ScaIssuesReleasesDetailsQuery query) { - return mapper(dbSession).countByQuery(query); - } - - /** - * Retrieves a single issue with a specific release. - */ - public ScaIssueReleaseDetailsDto selectByScaIssueReleaseUuid(DbSession dbSession, String scaIssueReleaseUuid) { - return mapper(dbSession).selectByScaIssueReleaseUuid(scaIssueReleaseUuid); - } - -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsMapper.java deleted file mode 100644 index 35d6608322d..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsMapper.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; -import org.apache.ibatis.annotations.Param; -import org.sonar.db.Pagination; - -public interface ScaIssuesReleasesDetailsMapper { - List<ScaIssueReleaseDetailsDto> selectByBranchUuid(@Param("branchUuid") String branchUuid, @Param("pagination") Pagination pagination); - - ScaIssueReleaseDetailsDto selectByScaIssueReleaseUuid(String scaIssueReleaseUuid); - - List<ScaIssueReleaseDetailsDto> selectByReleaseUuid(String releaseUuid); - - int countByBranchUuid(String branchUuid); - - List<ScaIssueReleaseDetailsDto> selectByQuery(@Param("query") ScaIssuesReleasesDetailsQuery query, @Param("pagination") Pagination pagination); - - int countByQuery(@Param("query") ScaIssuesReleasesDetailsQuery query); -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsQuery.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsQuery.java deleted file mode 100644 index 17397e97c34..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesDetailsQuery.java +++ /dev/null @@ -1,183 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; -import java.util.Locale; -import java.util.Objects; -import java.util.Optional; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; -import org.sonar.db.WildcardPosition; - -import static org.sonar.db.DaoUtils.buildLikeValue; -import static org.sonar.db.WildcardPosition.BEFORE_AND_AFTER; - -public record ScaIssuesReleasesDetailsQuery( - String branchUuid, - Sort sort, - @Nullable Boolean direct, - @Nullable Boolean productionScope, - @Nullable String vulnerabilityIdSubstring, - @Nullable String packageNameSubstring, - @Nullable Boolean newInPullRequest, - @Nullable List<ScaIssueType> types, - @Nullable List<ScaSeverity> severities, - @Nullable List<PackageManager> packageManagers) { - - public ScaIssuesReleasesDetailsQuery { - Objects.requireNonNull(branchUuid); - Objects.requireNonNull(sort); - } - - /** For use in the mapper after <code>upper(vulnerabilityId) LIKE</code>, - * and per the {@link org.sonar.db.DaoUtils#buildLikeValue(String, WildcardPosition)}} - * docs, we have to say <code>ESCAPE '/'</code>. We are using uppercase because - * most ids will be uppercase already. - */ - @CheckForNull - public String vulnerabilityIdUppercaseEscapedAsLikeValue() { - return vulnerabilityIdSubstring == null ? null : buildLikeValue(vulnerabilityIdSubstring.toUpperCase(Locale.ROOT), BEFORE_AND_AFTER); - } - - /** For use in the mapper after <code>lower(packageName) LIKE</code>, - * and per the {@link org.sonar.db.DaoUtils#buildLikeValue(String, WildcardPosition)}} - * docs, we have to say <code>ESCAPE '/'</code>. We are using lowercase because most - * package names will be all or mostly lowercase already. - */ - @CheckForNull - public String packageNameLowercaseEscapedAsLikeValue() { - return packageNameSubstring == null ? null : buildLikeValue(packageNameSubstring.toLowerCase(Locale.ROOT), BEFORE_AND_AFTER); - } - - public Builder toBuilder() { - return new Builder() - .setBranchUuid(branchUuid) - .setSort(sort) - .setDirect(direct) - .setProductionScope(productionScope) - .setVulnerabilityIdSubstring(vulnerabilityIdSubstring) - .setPackageNameSubstring(packageNameSubstring) - .setNewInPullRequest(newInPullRequest) - .setTypes(types) - .setSeverities(severities) - .setPackageManagers(packageManagers); - } - - public enum Sort { - IDENTITY_ASC("+identity"), - IDENTITY_DESC("-identity"), - SEVERITY_ASC("+severity"), - SEVERITY_DESC("-severity"), - CVSS_SCORE_ASC("+cvssScore"), - CVSS_SCORE_DESC("-cvssScore"); - - private final String queryParameterValue; - - Sort(String queryParameterValue) { - this.queryParameterValue = queryParameterValue; - } - - /** - * Convert a query parameter value to the corresponding {@link Sort} enum value. - * The passed-in string must not be null. - */ - public static Optional<Sort> fromQueryParameterValue(String queryParameterValue) { - for (Sort sort : values()) { - if (sort.queryParameterValue.equals(queryParameterValue)) { - return Optional.of(sort); - } - } - return Optional.empty(); - } - - public String queryParameterValue() { - return queryParameterValue; - } - } - - public static class Builder { - private String branchUuid; - private Sort sort; - private Boolean direct; - private Boolean productionScope; - private String vulnerabilityIdSubstring; - private String packageNameSubstring; - private Boolean newInPullRequest; - private List<ScaIssueType> types; - private List<ScaSeverity> severities; - private List<PackageManager> packageManagers; - - public Builder setBranchUuid(String branchUuid) { - this.branchUuid = branchUuid; - return this; - } - - public Builder setSort(Sort sort) { - this.sort = sort; - return this; - } - - public Builder setDirect(@Nullable Boolean direct) { - this.direct = direct; - return this; - } - - public Builder setProductionScope(@Nullable Boolean productionScope) { - this.productionScope = productionScope; - return this; - } - - public Builder setVulnerabilityIdSubstring(@Nullable String vulnerabilityIdSubstring) { - this.vulnerabilityIdSubstring = vulnerabilityIdSubstring; - return this; - } - - public Builder setPackageNameSubstring(@Nullable String packageNameSubstring) { - this.packageNameSubstring = packageNameSubstring; - return this; - } - - public Builder setNewInPullRequest(@Nullable Boolean newInPullRequest) { - this.newInPullRequest = newInPullRequest; - return this; - } - - public Builder setTypes(@Nullable List<ScaIssueType> types) { - this.types = types; - return this; - } - - public Builder setSeverities(@Nullable List<ScaSeverity> severities) { - this.severities = severities; - return this; - } - - public Builder setPackageManagers(@Nullable List<PackageManager> packageManagers) { - this.packageManagers = packageManagers; - return this; - } - - public ScaIssuesReleasesDetailsQuery build() { - return new ScaIssuesReleasesDetailsQuery(branchUuid, sort, direct, productionScope, vulnerabilityIdSubstring, - packageNameSubstring, newInPullRequest, types, severities, packageManagers); - } - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesMapper.java deleted file mode 100644 index 58c40fd1435..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaIssuesReleasesMapper.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; - -public interface ScaIssuesReleasesMapper { - void insert(ScaIssueReleaseDto dto); - - void update(ScaIssueReleaseDto dto); - - void deleteByUuid(String uuid); - - List<ScaIssueReleaseDto> selectByBranchUuid(String branchUuid); -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseByPackageManagerCountDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseByPackageManagerCountDto.java deleted file mode 100644 index 35f2625f7c2..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseByPackageManagerCountDto.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -public record ScaReleaseByPackageManagerCountDto(String packageManager, int releaseCount) { -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseDependenciesDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseDependenciesDto.java deleted file mode 100644 index 82204443c5a..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseDependenciesDto.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; -import java.util.Objects; - -/** - * This DTO represents the join of sca_releases and sca_dependencies, and is "read only" - * (it cannot be inserted, it would only be a query result). - * <p> - * The releaseUuid must match the uuid in the release DTO, it is duplicated to help out mybatis - * in caching and lookup (allow the mapper for this DTO have an idArg). - * </p> - * @param releaseUuid uuid of the releaseDto - * @param release release - * @param dependencies dependency DTOs - */ -public record ScaReleaseDependenciesDto( - String releaseUuid, - ScaReleaseDto release, - List<ScaDependencyDto> dependencies) { - - public ScaReleaseDependenciesDto { - Objects.requireNonNull(release); - Objects.requireNonNull(dependencies); - if (!releaseUuid.equals(release.uuid())) { - throw new IllegalArgumentException("releaseUuid must match release.uuid()"); - } - } - - public ScaReleaseDependenciesDto(ScaReleaseDto release, List<ScaDependencyDto> dependencies) { - this(release.uuid(), release, dependencies); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseDto.java deleted file mode 100644 index 0a7916383db..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleaseDto.java +++ /dev/null @@ -1,193 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import static com.google.common.base.Preconditions.checkArgument; - -/** - * Represents a single release of a package, such as an npm or maven package, - * as found in a single dependency analysis run (so it's attached to a branch component, - * and there's a separate copy of each release per branch it appears in). - * - * @param uuid Primary key - * @param componentUuid the component the release is associated with - * @param packageUrl package URL following the PURL specification - * @param packageManager package manager e.g. PYPI - * @param packageName package name e.g. "urllib3" - * @param version package version e.g. "1.25.6" - * @param licenseExpression an SPDX license expression (NOT a single license, can have parens/AND/OR) - * @param declaredLicenseExpression the valid SPDX license expression declared by the package itself - * @param known is this package and version known to Sonar (if not it be internal, could be malicious, could be from a weird repo) - * @param newInPullRequest is it newly added in a PR (always false when not on a PR) - * @param createdAt timestamp it was created - * @param updatedAt timestamp it was last updated - */ -public record ScaReleaseDto( - String uuid, - String componentUuid, - String packageUrl, - PackageManager packageManager, - String packageName, - String version, - String licenseExpression, - String declaredLicenseExpression, - boolean known, - boolean newInPullRequest, - long createdAt, - long updatedAt) { - - // these need to match what's in the db - public static final int PACKAGE_URL_MAX_LENGTH = 400; - public static final int PACKAGE_MANAGER_MAX_LENGTH = 20; - public static final int PACKAGE_NAME_MAX_LENGTH = 400; - public static final int VERSION_MAX_LENGTH = 400; - public static final int LICENSE_EXPRESSION_MAX_LENGTH = 400; - - public ScaReleaseDto { - // We want these to raise errors and not silently put junk values in the db - checkLength(packageUrl, PACKAGE_URL_MAX_LENGTH, "packageUrl"); - checkLength(packageName, PACKAGE_NAME_MAX_LENGTH, "packageName"); - checkLength(version, VERSION_MAX_LENGTH, "version"); - checkLength(licenseExpression, LICENSE_EXPRESSION_MAX_LENGTH, "licenseExpression"); - } - - private static void checkLength(String value, int maxLength, String name) { - checkArgument(value.length() <= maxLength, "Maximum length of %s is %s: %s", name, maxLength, value); - } - - public Builder toBuilder() { - return new Builder() - .setUuid(this.uuid) - .setComponentUuid(this.componentUuid) - .setPackageUrl(this.packageUrl) - .setPackageManager(this.packageManager) - .setPackageName(this.packageName) - .setVersion(this.version) - .setLicenseExpression(this.licenseExpression) - .setDeclaredLicenseExpression(this.declaredLicenseExpression) - .setKnown(this.known) - .setNewInPullRequest(this.newInPullRequest) - .setCreatedAt(this.createdAt) - .setUpdatedAt(this.updatedAt); - } - - /** - * Returns an object whose .equals and .hashCode would match that of another ScaReleaseDto's - * identity() if the two ScaReleaseDto would count as duplicates within the sca_releases table - * (within a single analysis, so ignoring the componentUuid). - * This is different from the DTOs themselves being equal because some fields do not count in - * the identity of the row, and can be updated while preserving the identity. The method just - * returns Object and not a type, because it exists just to call .equals and .hashCode on. - * - * @return an object to be used for hashing and comparing ScaReleaseDto instances for identity - */ - public Identity identity() { - return new IdentityImpl(this); - } - - public interface Identity { - } - - private record IdentityImpl(String packageUrl) implements Identity { - IdentityImpl(ScaReleaseDto dto) { - this(dto.packageUrl()); - } - } - - public static class Builder { - private String uuid; - private String componentUuid; - private String packageUrl; - private PackageManager packageManager; - private String packageName; - private String version; - private String licenseExpression; - private String declaredLicenseExpression; - private boolean known; - private boolean newInPullRequest; - private long createdAt; - private long updatedAt; - - public Builder setUuid(String uuid) { - this.uuid = uuid; - return this; - } - - public Builder setComponentUuid(String componentUuid) { - this.componentUuid = componentUuid; - return this; - } - - public Builder setPackageUrl(String packageUrl) { - this.packageUrl = packageUrl; - return this; - } - - public Builder setPackageManager(PackageManager packageManager) { - this.packageManager = packageManager; - return this; - } - - public Builder setPackageName(String packageName) { - this.packageName = packageName; - return this; - } - - public Builder setVersion(String version) { - this.version = version; - return this; - } - - public Builder setLicenseExpression(String licenseExpression) { - this.licenseExpression = licenseExpression; - return this; - } - - public Builder setDeclaredLicenseExpression(String declaredLicenseExpression) { - this.declaredLicenseExpression = declaredLicenseExpression; - return this; - } - - public Builder setKnown(boolean known) { - this.known = known; - return this; - } - - public Builder setNewInPullRequest(boolean newInPullRequest) { - this.newInPullRequest = newInPullRequest; - return this; - } - - public Builder setCreatedAt(long createdAt) { - this.createdAt = createdAt; - return this; - } - - public Builder setUpdatedAt(long updatedAt) { - this.updatedAt = updatedAt; - return this; - } - - public ScaReleaseDto build() { - return new ScaReleaseDto( - uuid, componentUuid, packageUrl, packageManager, packageName, version, licenseExpression, declaredLicenseExpression, known, newInPullRequest, createdAt, updatedAt); - } - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesDao.java deleted file mode 100644 index 878276874de..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesDao.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.List; -import java.util.Optional; -import org.sonar.db.Dao; -import org.sonar.db.DbSession; -import org.sonar.db.Pagination; - -public class ScaReleasesDao implements Dao { - - private static ScaReleasesMapper mapper(DbSession session) { - return session.getMapper(ScaReleasesMapper.class); - } - - public void insert(DbSession session, ScaReleaseDto scaReleaseDto) { - mapper(session).insert(scaReleaseDto); - } - - public void deleteByUuid(DbSession session, String uuid) { - mapper(session).deleteByUuid(uuid); - } - - public Optional<ScaReleaseDto> selectByUuid(DbSession dbSession, String uuid) { - return Optional.ofNullable(mapper(dbSession).selectByUuid(uuid)); - } - - public List<ScaReleaseDto> selectByUuids(DbSession dbSession, Collection<String> uuids) { - return mapper(dbSession).selectByUuids(uuids); - } - - /** - * Retrieves all releases with a specific branch UUID, no other filtering is done by this method. - */ - public List<ScaReleaseDto> selectByBranchUuid(DbSession dbSession, String branchUuid) { - return mapper(dbSession).selectByBranchUuid(branchUuid); - } - - public List<ScaReleaseDto> selectByQuery(DbSession session, ScaReleasesQuery scaReleasesQuery, Pagination pagination) { - return mapper(session).selectByQuery(scaReleasesQuery, pagination); - } - - public int countByQuery(DbSession session, ScaReleasesQuery scaReleasesQuery) { - return mapper(session).countByQuery(scaReleasesQuery); - } - - public List<ScaReleaseByPackageManagerCountDto> countReleasesByPackageManager(DbSession session, ScaReleasesQuery scaReleasesQuery) { - return mapper(session).countReleasesByPackageManager(scaReleasesQuery); - } - - public void update(DbSession session, ScaReleaseDto scaReleaseDto) { - mapper(session).update(scaReleaseDto); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesDependenciesDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesDependenciesDao.java deleted file mode 100644 index b4b1d2c1564..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesDependenciesDao.java +++ /dev/null @@ -1,84 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.stream.Collectors; -import org.sonar.db.Dao; -import org.sonar.db.DbSession; - -public class ScaReleasesDependenciesDao implements Dao { - - private static ScaReleasesMapper releasesMapper(DbSession session) { - return session.getMapper(ScaReleasesMapper.class); - } - - private static ScaDependenciesMapper dependenciesMapper(DbSession session) { - return session.getMapper(ScaDependenciesMapper.class); - } - - /** - * Obtain ScaReleaseDependenciesDto for each of the release uuids. - * - * @param dbSession db session - * @param uuids uuids for sca_releases - * @return the list of ScaReleaseDependenciesDto - */ - public List<ScaReleaseDependenciesDto> selectByReleaseUuids(DbSession dbSession, Collection<String> uuids) { - List<ScaReleaseDto> releases = releasesMapper(dbSession).selectByUuids(uuids); - return selectByReleaseDtos(dbSession, releases); - } - - /** - * Obtain ScaReleaseDependenciesDto wrapping each of the passed-in ScaReleaseDto and adding - * the dependencies list. - * - * @param dbSession db session - * @param releases ScaReleaseDto to be wrapped in ScaReleaseDependenciesDto after selecting dependencies - * @return the list of ScaReleaseDependenciesDto - */ - public List<ScaReleaseDependenciesDto> selectByReleaseDtos(DbSession dbSession, Collection<ScaReleaseDto> releases) { - // This has a somewhat abnormal implementation (not in the mapper xml) due to - // https://github.com/mybatis/mybatis-3/issues/101 , - // essentially a mapper cannot mix "creating immutable objects via constructor" (the <constructor> tag) - // "filling in child objects from another query" (the <collection> tag), because mybatis would have to - // be refactored to postpone creating the parent objects until it had loaded the child objects. - // Some options considered: - // 1. use mutable DTOs or temporary mutable DTOs that we then convert (lots of cruft) - // 2. use a single join query instead of two queries (result set duplicates the parent's columns for each child) - // 3. custom result handler doing something-or-other (not really worked out) - // 4. just don't use a mapper and have a Dao that delegates to other mappers (this solution) - List<ScaDependencyDto> dependencies = dependenciesMapper(dbSession).selectByReleaseUuids(releases.stream().map(ScaReleaseDto::uuid).toList()); - Map<String, List<ScaDependencyDto>> dependenciesGroupedByReleaseId = dependencies.stream().collect(Collectors.groupingBy(ScaDependencyDto::scaReleaseUuid)); - - return releases.stream().map(releaseDto -> { - // by returning empty list instead of omitting the release if there are no deps, we simulate a left join. - // We may never actually save dependency-less sca_releases in real life though, which means we may - // only be doing this so our tests don't always have to create dependencies in order to load releases - // through here. - var dependenciesDtos = Optional.ofNullable(dependenciesGroupedByReleaseId.get(releaseDto.uuid())).orElse(Collections.emptyList()); - return new ScaReleaseDependenciesDto(releaseDto, dependenciesDtos); - }).toList(); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesMapper.java deleted file mode 100644 index 0694271ee3f..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesMapper.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.List; -import org.apache.ibatis.annotations.Param; -import org.sonar.db.Pagination; - -public interface ScaReleasesMapper { - void insert(ScaReleaseDto dto); - - void deleteByUuid(String uuid); - - ScaReleaseDto selectByUuid(String uuid); - - List<ScaReleaseDto> selectByUuids(Collection<String> uuids); - - List<ScaReleaseDto> selectByBranchUuid(String branchUuid); - - List<ScaReleaseDto> selectByQuery(@Param("query") ScaReleasesQuery query, @Param("pagination") Pagination pagination); - - void update(ScaReleaseDto dto); - - int countByQuery(@Param("query") ScaReleasesQuery query); - - List<ScaReleaseByPackageManagerCountDto> countReleasesByPackageManager(@Param("query") ScaReleasesQuery query); -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesQuery.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesQuery.java deleted file mode 100644 index 1e24eaf8c6a..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaReleasesQuery.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.List; -import java.util.Locale; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - -import static org.sonar.db.DaoUtils.buildLikeValue; -import static org.sonar.db.WildcardPosition.BEFORE_AND_AFTER; - -public record ScaReleasesQuery( - String branchUuid, - @Nullable Boolean direct, - @Nullable Boolean productionScope, - @Nullable List<String> packageManagers, - @Nullable Boolean newInPullRequest, - @Nullable String query) { - - /** - * Used by MyBatis mapper - */ - @CheckForNull - public String likeQuery() { - return query == null ? null : buildLikeValue(query.toLowerCase(Locale.ENGLISH), BEFORE_AND_AFTER); - } - - public Builder toBuilder() { - return new Builder() - .setBranchUuid(branchUuid) - .setDirect(direct) - .setProductionScope(productionScope) - .setPackageManagers(packageManagers) - .setNewInPullRequest(newInPullRequest) - .setQuery(query); - } - - public static class Builder { - private String branchUuid; - private Boolean direct; - private Boolean productionScope; - private List<String> packageManagers; - private Boolean newInPullRequest; - private String query; - - public Builder setBranchUuid(String branchUuid) { - this.branchUuid = branchUuid; - return this; - } - - public Builder setDirect(Boolean direct) { - this.direct = direct; - return this; - } - - public Builder setProductionScope(Boolean productionScope) { - this.productionScope = productionScope; - return this; - } - - public Builder setPackageManagers(List<String> packageManagers) { - this.packageManagers = packageManagers; - return this; - } - - public Builder setNewInPullRequest(Boolean newInPullRequest) { - this.newInPullRequest = newInPullRequest; - return this; - } - - public Builder setQuery(String query) { - this.query = query; - return this; - } - - public ScaReleasesQuery build() { - return new ScaReleasesQuery(branchUuid, direct, productionScope, packageManagers, newInPullRequest, query); - } - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaSeverity.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaSeverity.java deleted file mode 100644 index d7d0e63eafd..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaSeverity.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -/** - * The severity of a dependency issue found by SCA. - * This is calculated as a base severity (which may be based on a vulnerability's CVSS score - * or just based on the type of issue), and then analysis-specific factors such as reachability - * can be considered to get the final severity. - */ -public enum ScaSeverity { - INFO(5), - LOW(10), - MEDIUM(15), - HIGH(20), - BLOCKER(25); - - // this needs to match the DB varchar length - public static final int MAX_NAME_LENGTH = 15; - private final int databaseSortKey; - - ScaSeverity(int databaseSortKey) { - this.databaseSortKey = databaseSortKey; - } - - /** - * Returns the sort key for the severity in the database. - * We store the severity as a string for debuggability - * and so on, but to sort by severity we need an integer - * that gets higher as the severity gets more severe. - * The sort keys have gaps so we could add new - * in-between values to the enum without a big data migration. - * @return integer to sort by severity - */ - public final int databaseSortKey() { - return databaseSortKey; - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssueDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssueDto.java deleted file mode 100644 index 7746571d087..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssueDto.java +++ /dev/null @@ -1,106 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.math.BigDecimal; -import java.util.List; -import javax.annotation.Nullable; - -/** - * This table has GLOBAL rows spanning all analysis runs. It represents - * extra fields on all rows of sca_issues that are of {@link ScaIssueType#VULNERABILITY}, - * in other words it's a polymorphic child class of sca_issues. - * <p> - * The uuid primary key will match the primary key of the corresponding row in the sca_issues table. - * </p> - * <p> - * The base severity does not consider project-specific considerations such as reachability. - * </p> - * <p> - * At least in the current take, this table does not contain all attributes of a given - * vulnerability; it only contains those that we show in a list of issues, but not those - * that appear when we show full details of a vulnerability. The columns in this table - * need to be returned by the cloud endpoint that analyzes dependency files. - * </p> - */ -public record ScaVulnerabilityIssueDto( - String uuid, - ScaSeverity baseSeverity, - List<String> cweIds, - @Nullable BigDecimal cvssScore, - long createdAt, - long updatedAt) { - - // these need to match what's in the db - public static final int CWE_IDS_MAX_LENGTH = 255; - - public Builder toBuilder() { - return new Builder() - .setUuid(uuid) - .setBaseSeverity(baseSeverity) - .setCweIds(cweIds) - .setCvssScore(cvssScore) - .setCreatedAt(createdAt) - .setUpdatedAt(updatedAt); - } - - public static class Builder { - private String uuid; - private ScaSeverity baseSeverity; - private List<String> cweIds; - private BigDecimal cvssScore; - private long createdAt; - private long updatedAt; - - public Builder setUuid(String uuid) { - this.uuid = uuid; - return this; - } - - public Builder setBaseSeverity(ScaSeverity baseSeverity) { - this.baseSeverity = baseSeverity; - return this; - } - - public Builder setCweIds(List<String> cweIds) { - this.cweIds = cweIds; - return this; - } - - public Builder setCvssScore(BigDecimal cvssScore) { - this.cvssScore = cvssScore; - return this; - } - - public Builder setCreatedAt(long createdAt) { - this.createdAt = createdAt; - return this; - } - - public Builder setUpdatedAt(long updatedAt) { - this.updatedAt = updatedAt; - return this; - } - - public ScaVulnerabilityIssueDto build() { - return new ScaVulnerabilityIssueDto(uuid, baseSeverity, cweIds, cvssScore, createdAt, updatedAt); - } - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssuesDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssuesDao.java deleted file mode 100644 index d06bfb872da..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssuesDao.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.List; -import java.util.Optional; -import org.sonar.db.Dao; -import org.sonar.db.DbSession; - -public class ScaVulnerabilityIssuesDao implements Dao { - - private static ScaVulnerabilityIssuesMapper mapper(DbSession session) { - return session.getMapper(ScaVulnerabilityIssuesMapper.class); - } - - public void insert(DbSession session, ScaVulnerabilityIssueDto scaVulnerabilityIssueDto) { - mapper(session).insert(scaVulnerabilityIssueDto); - } - - public Optional<ScaVulnerabilityIssueDto> selectByUuid(DbSession dbSession, String uuid) { - return Optional.ofNullable(mapper(dbSession).selectByUuid(uuid)); - } - - public List<ScaVulnerabilityIssueDto> selectByUuids(DbSession dbSession, Collection<String> uuids) { - return mapper(dbSession).selectByUuids(uuids); - } - - public void update(DbSession session, ScaVulnerabilityIssueDto scaVulnerabilityIssueDto) { - mapper(session).update(scaVulnerabilityIssueDto); - } -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssuesMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssuesMapper.java deleted file mode 100644 index 487039a1e06..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/ScaVulnerabilityIssuesMapper.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.sca; - -import java.util.Collection; -import java.util.List; - -public interface ScaVulnerabilityIssuesMapper { - void insert(ScaVulnerabilityIssueDto dto); - - ScaVulnerabilityIssueDto selectByUuid(String uuid); - - List<ScaVulnerabilityIssueDto> selectByUuids(Collection<String> uuids); - - void update(ScaVulnerabilityIssueDto dto); -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/package-info.java b/server/sonar-db-dao/src/main/java/org/sonar/db/sca/package-info.java deleted file mode 100644 index 91273c3d426..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/sca/package-info.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2025 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -@ParametersAreNonnullByDefault -package org.sonar.db.sca; - -import javax.annotation.ParametersAreNonnullByDefault; diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/GroupQuery.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/GroupQuery.java index a2185648d6b..b54c25da22d 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/GroupQuery.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/GroupQuery.java @@ -29,10 +29,14 @@ import org.sonar.db.WildcardPosition; public class GroupQuery { private final String searchText; private final String isManagedSqlClause; + private final String userId; + private final String excludedUserId; - GroupQuery(@Nullable String searchText, @Nullable String isManagedSqlClause) { + GroupQuery(@Nullable String searchText, @Nullable String isManagedSqlClause, String userId, String excludedUserId) { this.searchText = searchTextToSearchTextSql(searchText); this.isManagedSqlClause = isManagedSqlClause; + this.userId = userId; + this.excludedUserId = excludedUserId; } private static String searchTextToSearchTextSql(@Nullable String text) { @@ -54,6 +58,16 @@ public class GroupQuery { return isManagedSqlClause; } + @CheckForNull + public String getUserId() { + return userId; + } + + @CheckForNull + public String getExcludedUserId() { + return excludedUserId; + } + public static GroupQueryBuilder builder() { return new GroupQueryBuilder(); } @@ -61,6 +75,8 @@ public class GroupQuery { public static final class GroupQueryBuilder { private String searchText = null; private String isManagedSqlClause = null; + private String userId = null; + private String excludedUserId = null; private GroupQueryBuilder() { } @@ -70,14 +86,23 @@ public class GroupQuery { return this; } - public GroupQuery.GroupQueryBuilder isManagedClause(@Nullable String isManagedSqlClause) { this.isManagedSqlClause = isManagedSqlClause; return this; } + public GroupQuery.GroupQueryBuilder userId(@Nullable String userId) { + this.userId = userId; + return this; + } + + public GroupQuery.GroupQueryBuilder excludedUserId(@Nullable String excludedUserId) { + this.excludedUserId = excludedUserId; + return this; + } + public GroupQuery build() { - return new GroupQuery(searchText, isManagedSqlClause); + return new GroupQuery(searchText, isManagedSqlClause, userId, excludedUserId); } } } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/RoleDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/RoleDao.java index 6c725d60262..bc823cc79a6 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/RoleDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/RoleDao.java @@ -19,33 +19,33 @@ */ package org.sonar.db.user; -import com.google.common.collect.ImmutableSet; import java.util.Collection; +import java.util.EnumSet; import java.util.List; import java.util.Set; -import org.sonar.api.web.UserRole; import org.sonar.db.Dao; import org.sonar.db.DbSession; +import org.sonar.db.permission.ProjectPermission; import static com.google.common.base.Preconditions.checkArgument; -import static org.sonar.api.web.UserRole.CODEVIEWER; -import static org.sonar.api.web.UserRole.USER; +import static org.sonar.db.permission.ProjectPermission.CODEVIEWER; +import static org.sonar.db.permission.ProjectPermission.USER; public class RoleDao implements Dao { - private static final Set<String> UNSUPPORTED_PROJECT_PERMISSIONS = ImmutableSet.of(USER, CODEVIEWER); + private static final Set<ProjectPermission> UNSUPPORTED_PROJECT_PERMISSIONS = EnumSet.of(USER, CODEVIEWER); /** * All the entities on which the user has {@code permission}, directly or through * groups. * - * @throws IllegalArgumentException this method does not support permissions {@link UserRole#USER user} nor - * {@link UserRole#CODEVIEWER codeviewer} because it does not support public root components. + * @throws IllegalArgumentException this method does not support permissions {@link ProjectPermission#USER user} nor + * {@link ProjectPermission#CODEVIEWER codeviewer} because it does not support public root components. */ - public List<String> selectEntityUuidsByPermissionAndUserUuidAndQualifier(DbSession dbSession, String permission, String userUuid, Collection<String> qualifiers) { + public List<String> selectEntityUuidsByPermissionAndUserUuidAndQualifier(DbSession dbSession, ProjectPermission permission, String userUuid, Collection<String> qualifiers) { checkArgument( !UNSUPPORTED_PROJECT_PERMISSIONS.contains(permission), "Permissions %s are not supported by selectEntityUuidsByPermissionAndUserUuidAndQualifier", UNSUPPORTED_PROJECT_PERMISSIONS); - return mapper(dbSession).selectEntityUuidsByPermissionAndUserUuidAndQualifier(permission, userUuid, qualifiers); + return mapper(dbSession).selectEntityUuidsByPermissionAndUserUuidAndQualifier(permission.getKey(), userUuid, qualifiers); } public void deleteGroupRolesByGroupUuid(DbSession session, String groupUuid) { |