diff options
Diffstat (limited to 'server')
11 files changed, 216 insertions, 1 deletions
diff --git a/server/sonar-db-dao/src/schema/schema-sq.ddl b/server/sonar-db-dao/src/schema/schema-sq.ddl index 3a18fcb87e4..04db4d93d71 100644 --- a/server/sonar-db-dao/src/schema/schema-sq.ddl +++ b/server/sonar-db-dao/src/schema/schema-sq.ddl @@ -1198,7 +1198,8 @@ CREATE TABLE "SCA_VULNERABILITY_ISSUES"( "CVSS_SCORE" DOUBLE PRECISION, "CREATED_AT" BIGINT NOT NULL, "UPDATED_AT" BIGINT NOT NULL, - "WITHDRAWN" BOOLEAN DEFAULT FALSE NOT NULL + "WITHDRAWN" BOOLEAN DEFAULT FALSE NOT NULL, + "PUBLISHED_ON" BIGINT ); ALTER TABLE "SCA_VULNERABILITY_ISSUES" ADD CONSTRAINT "PK_SCA_VULNERABILITY_ISSUES" PRIMARY KEY("UUID"); diff --git a/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v202505/AddPublishedOnToScaVulnerabilityIssuesTest.java b/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v202505/AddPublishedOnToScaVulnerabilityIssuesTest.java new file mode 100644 index 00000000000..562d12ee3c6 --- /dev/null +++ b/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v202505/AddPublishedOnToScaVulnerabilityIssuesTest.java @@ -0,0 +1,53 @@ +/* + * SonarQube + * Copyright (C) 2009-2025 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v202505; + +import java.sql.SQLException; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.RegisterExtension; +import org.sonar.db.MigrationDbTester; +import org.sonar.server.platform.db.migration.step.DdlChange; + +import static java.sql.Types.BIGINT; +import static org.sonar.db.MigrationDbTester.createForMigrationStep; + +class AddPublishedOnToScaVulnerabilityIssuesTest { + private static final String TABLE_NAME = "sca_vulnerability_issues"; + private static final String COLUMN_NAME = "published_on"; + + @RegisterExtension + public final MigrationDbTester db = createForMigrationStep(AddPublishedOnToScaVulnerabilityIssues.class); + private final DdlChange underTest = new AddPublishedOnToScaVulnerabilityIssues(db.database()); + + @Test + void execute_shouldAddColumn() throws SQLException { + db.assertColumnDoesNotExist(TABLE_NAME, COLUMN_NAME); + underTest.execute(); + db.assertColumnDefinition(TABLE_NAME, COLUMN_NAME, BIGINT, 64, true); + } + + @Test + void execute_shouldBeReentrant() throws SQLException { + db.assertColumnDoesNotExist(TABLE_NAME, COLUMN_NAME); + underTest.execute(); + underTest.execute(); + db.assertColumnDefinition(TABLE_NAME, COLUMN_NAME, BIGINT, 64, true); + } +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java index 23c17a18540..cd928ab9389 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java @@ -32,6 +32,7 @@ import org.sonar.server.platform.db.migration.version.v202501.DbVersion202501; import org.sonar.server.platform.db.migration.version.v202502.DbVersion202502; import org.sonar.server.platform.db.migration.version.v202503.DbVersion202503; import org.sonar.server.platform.db.migration.version.v202504.DbVersion202504; +import org.sonar.server.platform.db.migration.version.v202505.DbVersion202505; public class MigrationConfigurationModule extends Module { @Override @@ -44,6 +45,7 @@ public class MigrationConfigurationModule extends Module { DbVersion202502.class, DbVersion202503.class, DbVersion202504.class, + DbVersion202505.class, // migration steps MigrationStepRegistryImpl.class, diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v202505/AddPublishedOnToScaVulnerabilityIssues.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v202505/AddPublishedOnToScaVulnerabilityIssues.java new file mode 100644 index 00000000000..86b18994052 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v202505/AddPublishedOnToScaVulnerabilityIssues.java @@ -0,0 +1,53 @@ +/* + * SonarQube + * Copyright (C) 2009-2025 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v202505; + +import java.sql.SQLException; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.def.BigIntegerColumnDef; +import org.sonar.server.platform.db.migration.sql.AddColumnsBuilder; +import org.sonar.server.platform.db.migration.step.DdlChange; + +import static org.sonar.db.DatabaseUtils.tableColumnExists; + +public class AddPublishedOnToScaVulnerabilityIssues extends DdlChange { + static final String TABLE_NAME = "sca_vulnerability_issues"; + static final String COLUMN_NAME = "published_on"; + + public AddPublishedOnToScaVulnerabilityIssues(Database db) { + super(db); + } + + @Override + public void execute(Context context) throws SQLException { + try (var connection = getDatabase().getDataSource().getConnection()) { + if (!tableColumnExists(connection, TABLE_NAME, COLUMN_NAME)) { + var columnDef = BigIntegerColumnDef.newBigIntegerColumnDefBuilder() + .setColumnName(COLUMN_NAME) + .setIsNullable(true) + .build(); + + context.execute(new AddColumnsBuilder(getDialect(), TABLE_NAME) + .addColumn(columnDef) + .build()); + } + } + } +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v202505/DbVersion202505.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v202505/DbVersion202505.java new file mode 100644 index 00000000000..f817b83ff55 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v202505/DbVersion202505.java @@ -0,0 +1,34 @@ +/* + * SonarQube + * Copyright (C) 2009-2025 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v202505; + +import org.sonar.server.platform.db.migration.step.MigrationStepRegistry; +import org.sonar.server.platform.db.migration.version.DbVersion; + +public class DbVersion202505 implements DbVersion { + // ignoring bad number formatting, as it's intended that we align the migration numbers to SQ versions + @SuppressWarnings("java:S3937") + + @Override + public void addSteps(MigrationStepRegistry registry) { + registry + .add(2025_05_000, "Add 'published_on' column to 'sca_vulnerability_issues' table", AddPublishedOnToScaVulnerabilityIssues.class); + } +} diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v202505/DbVersion202505Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v202505/DbVersion202505Test.java new file mode 100644 index 00000000000..9402d33cc2e --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v202505/DbVersion202505Test.java @@ -0,0 +1,39 @@ +/* + * SonarQube + * Copyright (C) 2009-2025 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v202505; + +import org.junit.jupiter.api.Test; + +import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMigrationNotEmpty; +import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMinimumMigrationNumber; + +class DbVersion202505Test { + private final DbVersion202505 underTest = new DbVersion202505(); + + @Test + void migrationNumber_starts_at_2025_05_000() { + verifyMinimumMigrationNumber(underTest, 2025_05_000); + } + + @Test + void verify_migration_is_not_empty() { + verifyMigrationNotEmpty(underTest); + } +} diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/ComponentAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/ComponentAction.java index 0afe402240e..2fc281a3807 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/ComponentAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/ComponentAction.java @@ -98,6 +98,9 @@ public class ComponentAction implements MeasuresWsAction { .setResponseExample(getClass().getResource("component-example.json")) .setSince("5.4") .setChangelog( + new Change("2025.4", format( + "The following SCA metrics are available on licensed enterprise/datacenter editions with SCA enabled: %s", + MeasuresWsModule.getNewScaMetricsInSonarQube202504())), new Change("2025.2", "The 'Execute Analysis' permission also allows to access the endpoint"), new Change("10.8", format("The following metrics are not deprecated anymore: %s", MeasuresWsModule.getUndeprecatedMetricsinSonarQube108())), diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/ComponentTreeAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/ComponentTreeAction.java index 6e7e8fa2039..d7ecd83abbd 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/ComponentTreeAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/ComponentTreeAction.java @@ -183,6 +183,9 @@ public class ComponentTreeAction implements MeasuresWsAction { .setHandler(this) .addPagingParams(100, MAX_SIZE) .setChangelog( + new Change("2025.4", format( + "The following SCA metrics are available on licensed enterprise/datacenter editions with SCA enabled: %s", + MeasuresWsModule.getNewScaMetricsInSonarQube202504())), new Change("10.8", format(NUMBER_OF_KEYS_LIMITED, 75)), new Change("10.8", "Portfolio project metrics now also include: 'contains_ai_code', 'reliability_rating_without_aica', " + "'reliability_rating_with_aica', 'software_quality_security_rating_without_aica', 'software_quality_security_rating_with_aica', " + diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/MeasuresWsModule.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/MeasuresWsModule.java index b74cebf2f4c..fad22e62b68 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/MeasuresWsModule.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/MeasuresWsModule.java @@ -22,6 +22,7 @@ package org.sonar.server.measure.ws; import java.util.stream.Collectors; import java.util.stream.Stream; import org.sonar.api.measures.CoreMetrics; +import org.sonar.core.metric.ScaMetrics; import org.sonar.core.metric.SoftwareQualitiesMetrics; import org.sonar.core.platform.Module; import org.sonar.server.telemetry.TelemetryPortfolioActivityGraphTypeProvider; @@ -119,4 +120,24 @@ public class MeasuresWsModule extends Module { public static String getUndeprecatedMetricsinSonarQube108() { return getDeprecatedMetricsInSonarQube104() + ", " + getDeprecatedMetricsInSonarQube105(); } + + public static String getNewScaMetricsInSonarQube202504() { + return Stream.of( + ScaMetrics.SCA_RATING_LICENSING_KEY, + ScaMetrics.SCA_RATING_VULNERABILITY_KEY, + ScaMetrics.SCA_RATING_ANY_ISSUE_KEY, + ScaMetrics.SCA_SEVERITY_LICENSING_KEY, + ScaMetrics.SCA_SEVERITY_VULNERABILITY_KEY, + ScaMetrics.SCA_SEVERITY_ANY_ISSUE_KEY, + ScaMetrics.SCA_COUNT_ANY_ISSUE_KEY, + ScaMetrics.NEW_SCA_RATING_LICENSING_KEY, + ScaMetrics.NEW_SCA_RATING_VULNERABILITY_KEY, + ScaMetrics.NEW_SCA_RATING_ANY_ISSUE_KEY, + ScaMetrics.NEW_SCA_SEVERITY_LICENSING_KEY, + ScaMetrics.NEW_SCA_SEVERITY_VULNERABILITY_KEY, + ScaMetrics.NEW_SCA_SEVERITY_ANY_ISSUE_KEY, + ScaMetrics.NEW_SCA_COUNT_ANY_ISSUE_KEY) + .map(e -> "'" + e + "'") + .collect(Collectors.joining(", ")); + } } diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/SearchAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/SearchAction.java index 067b0f5ca39..92c69628fa4 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/SearchAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/SearchAction.java @@ -87,6 +87,9 @@ public class SearchAction implements MeasuresWsAction { .setResponseExample(getClass().getResource("search-example.json")) .setHandler(this) .setChangelog( + new Change("2025.4", format( + "The following SCA metrics are available on licensed enterprise/datacenter editions with SCA enabled: %s", + MeasuresWsModule.getNewScaMetricsInSonarQube202504())), new Change("10.8", format("The following metrics are not deprecated anymore: %s", MeasuresWsModule.getUndeprecatedMetricsinSonarQube108())), new Change("10.8", String.format("Added new accepted values for the 'metricKeys' param: %s", MeasuresWsModule.getNewMetricsInSonarQube108())), diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/SearchHistoryAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/SearchHistoryAction.java index bec33db5fd8..add8892067d 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/SearchHistoryAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/measure/ws/SearchHistoryAction.java @@ -109,6 +109,9 @@ public class SearchHistoryAction implements MeasuresWsAction { .setResponseExample(getClass().getResource("search_history-example.json")) .setSince("6.3") .setChangelog( + new Change("2025.4", format( + "The following SCA metrics are available on licensed enterprise/datacenter editions with SCA enabled: %s", + MeasuresWsModule.getNewScaMetricsInSonarQube202504())), new Change("10.8", String.format("The following metrics are not deprecated anymore: %s", MeasuresWsModule.getUndeprecatedMetricsinSonarQube108())), new Change("10.8", String.format("Added new accepted values for the 'metricKeys' param: %s", |