Skip to content

Commit

Permalink
Revert "work-around for issue 55", because in most cases dependency-c…
Browse files Browse the repository at this point in the history 
…heck-report.xml is not present in sonar filesystem or the xml has only one line.

This reverts commit f5a1775.
  • Loading branch information
@Reamer
Reamer committed Sep 28, 2018
1 parent 0d83563 commit 34f1c3a
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 54 deletions.
24 changes: 4 additions & 20 deletions ...ependency-check-plugin/src/main/java/org/sonar/dependencycheck/DependencyCheckSensor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@
import org.apache.commons.lang3.StringUtils;
import org.sonar.api.batch.fs.FileSystem;
import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.fs.TextRange;
import org.sonar.api.batch.rule.Severity;
import org.sonar.api.batch.sensor.Sensor;
import org.sonar.api.batch.sensor.SensorContext;
Expand Down Expand Up @@ -73,19 +72,12 @@ public DependencyCheckSensor(FileSystem fileSystem, PathResolver pathResolver) {
this.pathResolver = pathResolver;
}

private void addIssue(SensorContext context, InputFile reportFile, Dependency dependency, Vulnerability vulnerability) {

TextRange artificialTextRange = reportFile.selectLine(vulnerability.getLineNumer());
LOGGER.debug("TextRange: '{}' for dependency: '{}' and vulnerability: '{}'", artificialTextRange,
dependency.getFileName(), vulnerability.getName());

private void addIssue(SensorContext context, Dependency dependency, Vulnerability vulnerability) {
Severity severity = DependencyCheckUtils.cvssToSonarQubeSeverity(vulnerability.getCvssScore(), context.settings().getDouble(DependencyCheckConstants.SEVERITY_CRITICAL), context.settings().getDouble(DependencyCheckConstants.SEVERITY_MAJOR));

context.newIssue()
.forRule(RuleKey.of(DependencyCheckPlugin.REPOSITORY_KEY, DependencyCheckPlugin.RULE_KEY))
.at(new DefaultIssueLocation()
.on(reportFile)
.at(artificialTextRange)
.on(context.module())
.message(formatDescription(dependency, vulnerability))
)
.overrideSeverity(severity)
Expand Down Expand Up @@ -131,20 +123,12 @@ private void addIssues(SensorContext context, Analysis analysis) {
return;
}
for (Dependency dependency : analysis.getDependencies()) {
LOGGER.debug("Processing dependency '{}', filePath: '{}'", dependency.getFileName(), dependency.getFilePath());
InputFile testFile = fileSystem.inputFile(
fileSystem.predicates().hasPath(
escapeReservedPathChars(dependency.getFilePath())
)
);

String reportFilePath = context.settings().getString(DependencyCheckConstants.REPORT_PATH_PROPERTY);
InputFile reportFile = fileSystem.inputFile(fileSystem.predicates().hasPath(reportFilePath));
if (null == reportFile) {
LOGGER.warn("skipping dependency '{}' as no inputFile could established.", dependency.getFileName());
return;
}

int depVulnCount = dependency.getVulnerabilities().size();

if (depVulnCount > 0) {
Expand All @@ -155,7 +139,7 @@ private void addIssues(SensorContext context, Analysis analysis) {
saveMetricOnFile(context, testFile, DependencyCheckMetrics.TOTAL_DEPENDENCIES, (double) depVulnCount);

for (Vulnerability vulnerability : dependency.getVulnerabilities()) {
addIssue(context, reportFile, dependency, vulnerability);
addIssue(context, dependency, vulnerability);
vulnerabilityCount++;
}
}
Expand All @@ -174,7 +158,7 @@ private Analysis parseAnalysis(SensorContext context) throws IOException, Parser
return new ReportParser().parse(stream);
}
}

private String getHtmlReport(SensorContext context) {
XmlReportFile report = new XmlReportFile(context.settings(), fileSystem, this.pathResolver);
File reportFile = report.getFile(DependencyCheckConstants.HTML_REPORT_PATH_PROPERTY);
Expand Down
1 change: 0 additions & 1 deletion ...-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/parser/ReportParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,6 @@ private Collection<Vulnerability> processVulnerabilities(SMInputCursor vulnC) th

private Vulnerability processVulnerability(SMInputCursor vulnC) throws XMLStreamException {
Vulnerability vulnerability = new Vulnerability();
vulnerability.setLineNumer(vulnC.getLocation().getLineNumber());
SMInputCursor childCursor = vulnC.childCursor();
while (childCursor.getNext() != null) {
String nodeName = childCursor.getLocalName();
Expand Down
9 changes: 0 additions & 9 deletions ...cy-check-plugin/src/main/java/org/sonar/dependencycheck/parser/element/Vulnerability.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ public class Vulnerability {
private String severity;
private String description;
private String cwe;
private int lineNumer;

public String getName() {
return name;
Expand Down Expand Up @@ -68,12 +67,4 @@ public void setCwe(String cwe) {
this.cwe = cwe;
}

public int getLineNumer() {
return lineNumer;
}

public void setLineNumer(int lineNumer) {
this.lineNumer = lineNumer;
}

}
24 changes: 0 additions & 24 deletions ...heck-plugin/src/test/java/org/sonar/dependencycheck/parser/DependencyCheckSensorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,8 @@

import org.junit.Before;
import org.junit.Test;
import org.sonar.api.batch.fs.FilePredicate;
import org.sonar.api.batch.fs.FileSystem;
import org.sonar.api.batch.fs.InputComponent;
import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.fs.internal.DefaultInputFile;
import org.sonar.api.batch.measure.Metric;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.SensorDescriptor;
Expand Down Expand Up @@ -79,12 +76,6 @@ public void shouldAnalyse() throws URISyntaxException {

when(context.settings().getString(DependencyCheckConstants.REPORT_PATH_PROPERTY)).thenReturn("dependency-check-report.xml");
when(pathResolver.relativeFile(any(File.class), anyString())).thenReturn(sampleReport);

InputFile mockInputFile = mock(DefaultInputFile.class);
when(fileSystem.inputFile(any(FilePredicate.class))).thenReturn(mockInputFile);
when(mockInputFile.isFile()).thenReturn(true);


sensor.execute(context);
}

Expand All @@ -103,11 +94,6 @@ public void shouldAddAnIssueForAVulnerability() throws URISyntaxException {

when(context.settings().getString(DependencyCheckConstants.REPORT_PATH_PROPERTY)).thenReturn("dependency-check-report.xml");
when(pathResolver.relativeFile(any(File.class), anyString())).thenReturn(sampleReport);

InputFile mockInputFile = mock(DefaultInputFile.class);
when(fileSystem.inputFile(any(FilePredicate.class))).thenReturn(mockInputFile);
when(mockInputFile.isFile()).thenReturn(true);

sensor.execute(context);

verify(context, times(3)).newIssue();
Expand All @@ -119,11 +105,6 @@ public void shouldPersistTotalMetrics() throws URISyntaxException {

when(context.settings().getString(DependencyCheckConstants.REPORT_PATH_PROPERTY)).thenReturn("dependency-check-report.xml");
when(pathResolver.relativeFile(any(File.class), anyString())).thenReturn(sampleReport);

InputFile mockInputFile = mock(DefaultInputFile.class);
when(fileSystem.inputFile(any(FilePredicate.class))).thenReturn(mockInputFile);
when(mockInputFile.isFile()).thenReturn(true);

sensor.execute(context);

verify(context.newMeasure(), times(8)).forMetric(any(Metric.class));
Expand All @@ -135,11 +116,6 @@ public void shouldPersistMetricsOnReport() throws URISyntaxException {

when(context.settings().getString(DependencyCheckConstants.REPORT_PATH_PROPERTY)).thenReturn("dependency-check-report.xml");
when(pathResolver.relativeFile(any(File.class), anyString())).thenReturn(sampleReport);

InputFile mockInputFile = mock(DefaultInputFile.class);
when(fileSystem.inputFile(any(FilePredicate.class))).thenReturn(mockInputFile);
when(mockInputFile.isFile()).thenReturn(true);

sensor.execute(context);

verify(context.newMeasure(), atLeastOnce()).on(any(InputComponent.class));
Expand Down

0 comments on commit 34f1c3a

Please sign in to comment.