SLE-430 Display taint vulnerabilities from SonarQube/SonarCloud (#298)

SonarSource · Mar 11, 2021 · f3909f8 · f3909f8
1 parent 315199d
commit f3909f8
Show file tree

Hide file tree

Showing 49 changed files with 1,189 additions and 166 deletions.
diff --git a/its/org.sonarlint.eclipse.its/src/org/sonarlint/eclipse/its/LocalLeakTest.java b/its/org.sonarlint.eclipse.its/src/org/sonarlint/eclipse/its/LocalLeakTest.java
@@ -46,7 +46,6 @@ public void shouldComputeLocalLeak() throws Exception {
 
     SWTBotView view = new OnTheFlyViewBot(bot).show();
     assertThat(view.bot().tree().columns()).containsExactly("Date", "Description", "Resource");
-    assertThat(view.bot().tree().getAllItems()).isEmpty();
 
     IProject project = importEclipseProject("java/leak", "leak");
     JobHelpers.waitForJobsToComplete(bot);

diff --git a/its/org.sonarlint.eclipse.its/src/org/sonarlint/eclipse/its/SecondaryLocationsTest.java b/its/org.sonarlint.eclipse.its/src/org/sonarlint/eclipse/its/SecondaryLocationsTest.java
@@ -64,11 +64,11 @@ public void closeActiveEditor() {
   }
 
   @Test
-  public void shouldShowSingleFlow() throws Exception {
+  public void shouldShowSingleFlow() {
     SWTBotEclipseEditor helloEditor = openAndAnalyzeFile("SingleFlow.java");
 
     String issueTitle = "\"NullPointerException\" will be thrown when invoking method \"doAnotherThingWith()\".";
-    waitUntilOnTheFlyViewHasItemWithTitle(issueTitle + " [+1 flow]");
+    waitUntilOnTheFlyViewHasItemWithTitle(issueTitle + " [+5 locations]");
     onTheFly.bot().tree().getAllItems()[0].select();
 
     SWTBotView issueLocationsView = getIssueLocationsView();
@@ -86,7 +86,7 @@ public void shouldShowSingleFlow() throws Exception {
   }
 
   @Test
-  public void shouldShowHighlightsOnly() throws Exception {
+  public void shouldShowHighlightsOnly() {
     openAndAnalyzeFile("HighlightOnly.java");
 
     String issueTitle = "Remove these useless parentheses.";
@@ -104,7 +104,7 @@ public void shouldShowHighlightsOnly() throws Exception {
   }
 
   @Test
-  public void shouldShowMultipleFlows() throws Exception {
+  public void shouldShowMultipleFlows() {
     SWTBotEclipseEditor helloEditor = openAndAnalyzeFile("MultiFlows.java");
 
     String issueTitle = "\"NullPointerException\" will be thrown when invoking method \"doAnotherThingWith()\".";
@@ -140,7 +140,7 @@ public void shouldShowMultipleFlows() throws Exception {
   }
 
   @Test
-  public void shouldShowFlattenedFlows() throws Exception {
+  public void shouldShowFlattenedFlows() {
     SWTBotEclipseEditor cognitiveComplexityEditor = openAndAnalyzeFile("CognitiveComplexity.java");
 
     String issueTitle = "Refactor this method to reduce its Cognitive Complexity from 24 to the 15 allowed.";

diff --git a/...core.tests/src/test/java/org/sonarlint/eclipse/core/internal/markers/MarkerFlowsTest.java b/...core.tests/src/test/java/org/sonarlint/eclipse/core/internal/markers/MarkerFlowsTest.java
@@ -0,0 +1,70 @@
+/*
+ * SonarLint for Eclipse
+ * Copyright (C) 2015-2021 SonarSource SA
+ * [email protected]
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarlint.eclipse.core.internal.markers;
+
+import java.util.Arrays;
+import org.junit.Test;
+import org.sonarlint.eclipse.tests.common.SonarTestCase;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class MarkerFlowsTest extends SonarTestCase {
+
+  @Test
+  public void display_a_correct_summary_for_secondary_locations_only_flows() {
+    MarkerFlow flow1 = new MarkerFlow(0);
+    new MarkerFlowLocation(flow1, "message1");
+    MarkerFlow flow2 = new MarkerFlow(0);
+    new MarkerFlowLocation(flow2, "message2");
+    MarkerFlow flow3 = new MarkerFlow(0);
+    new MarkerFlowLocation(flow3, "message3");
+    MarkerFlows markerFlows = new MarkerFlows(Arrays.asList(flow1, flow2, flow3));
+
+    assertThat(markerFlows.getSummaryDescription()).isEqualTo(" [+3 locations]");
+  }
+
+  @Test
+  public void display_a_correct_summary_for_multiple_flows() {
+    MarkerFlow flow1 = new MarkerFlow(0);
+    new MarkerFlowLocation(flow1, "message1");
+    new MarkerFlowLocation(flow1, "message11");
+    MarkerFlow flow2 = new MarkerFlow(0);
+    new MarkerFlowLocation(flow2, "message2");
+    new MarkerFlowLocation(flow2, "message22");
+    MarkerFlow flow3 = new MarkerFlow(0);
+    new MarkerFlowLocation(flow3, "message3");
+    new MarkerFlowLocation(flow3, "message33");
+    MarkerFlows markerFlows = new MarkerFlows(Arrays.asList(flow1, flow2, flow3));
+
+    assertThat(markerFlows.getSummaryDescription()).isEqualTo(" [+3 flows]");
+  }
+
+  @Test
+  public void display_a_correct_summary_for_single_flow() {
+    MarkerFlow flow1 = new MarkerFlow(0);
+    new MarkerFlowLocation(flow1, "message1");
+    new MarkerFlowLocation(flow1, "message11");
+    new MarkerFlowLocation(flow1, "message111");
+    MarkerFlows markerFlows = new MarkerFlows(Arrays.asList(flow1));
+
+    assertThat(markerFlows.getSummaryDescription()).isEqualTo(" [+3 locations]");
+  }
+
+}
diff --git a/org.sonarlint.eclipse.core/META-INF/MANIFEST.MF b/org.sonarlint.eclipse.core/META-INF/MANIFEST.MF
@@ -12,6 +12,7 @@ Bundle-Localization: OSGI-INF/l10n/bundle
 Export-Package: org.sonarlint.eclipse.core,
  org.sonarlint.eclipse.core.analysis,
  org.sonarlint.eclipse.core.configurator,
+ org.sonarlint.eclipse.core.listener,
  org.sonarlint.eclipse.core.internal;x-friends:="org.sonarlint.eclipse.core.tests,org.sonarlint.eclipse.ui",
  org.sonarlint.eclipse.core.internal.adapter;x-friends:="org.sonarlint.eclipse.ui",
  org.sonarlint.eclipse.core.internal.engine;x-friends:="org.sonarlint.eclipse.ui,org.sonarlint.eclipse.core.tests",

diff --git a/org.sonarlint.eclipse.core/plugin.xml b/org.sonarlint.eclipse.core/plugin.xml
@@ -88,6 +88,39 @@
       </persistent>
    </extension>
 
+   <extension
+        id="sonarlintTaintVulnerability"
+        name="SonarLint Taint Vulnerability"
+        point="org.eclipse.core.resources.markers">
+      <super
+            type="org.eclipse.core.resources.problemmarker">
+      </super>
+      <persistent
+            value="false">
+      </persistent>
+      <attribute
+            name="rulename">
+      </attribute>
+      <attribute
+            name="rulekey">
+      </attribute>
+      <attribute
+            name="creationdate">
+      </attribute>
+   </extension>
+
+   <extension
+        id="sonarlintTaintVulnerabilityFlowLocation"
+        name="SonarLint Taint Vulnerability Flow Location"
+        point="org.eclipse.core.resources.markers">
+      <super
+            type="org.eclipse.core.resources.textmarker">
+      </super>
+      <persistent
+            value="false">
+      </persistent>
+   </extension>
+
   <extension
         point="org.eclipse.core.expressions.propertyTesters">
      <propertyTester

diff --git a/org.sonarlint.eclipse.core/src/org/sonarlint/eclipse/core/internal/SonarLintCorePlugin.java b/org.sonarlint.eclipse.core/src/org/sonarlint/eclipse/core/internal/SonarLintCorePlugin.java
@@ -61,6 +61,8 @@ public class SonarLintCorePlugin extends Plugin {
   public static final String MARKER_REPORT_ID = PLUGIN_ID + ".sonarlintReportProblem";
   public static final String MARKER_REPORT_FLOW_ID = PLUGIN_ID + ".sonarlintReportFlowLocation";
   public static final String MARKER_HOTSPOT_ID = PLUGIN_ID + ".sonarlintHotspot";
+  public static final String MARKER_TAINT_ID = PLUGIN_ID + ".sonarlintTaintVulnerability";
+  public static final String MARKER_TAINT_FLOW_ID = PLUGIN_ID + ".sonarlintTaintVulnerabilityFlowLocation";
 
   private static SonarLintCorePlugin plugin;
   private static SonarLintProjectConfigurationManager configManager;

diff --git a/....core/src/org/sonarlint/eclipse/core/internal/engine/connected/ConnectedEngineFacade.java b/....core/src/org/sonarlint/eclipse/core/internal/engine/connected/ConnectedEngineFacade.java
@@ -469,7 +469,7 @@ public List<ISonarLintProject> getBoundProjects(String projectKey) {
   public void updateProjectStorage(String projectKey, IProgressMonitor monitor) {
     doWithEngine(engine -> {
       engine.updateProject(createEndpointParams(), buildClientWithProxyAndCredentials(), projectKey,
-        false, new WrappedProgressMonitor(monitor, "Update configuration from server '" + getId() + "' for project '" + projectKey + "'"));
+        true, new WrappedProgressMonitor(monitor, "Update configuration from server '" + getId() + "' for project '" + projectKey + "'"));
       getBoundProjects(projectKey).forEach(p -> {
         ProjectBinding projectBinding = engine.calculatePathPrefixes(projectKey, p.files().stream().map(ISonarLintFile::getProjectRelativePath).collect(toList()));
         String idePathPrefix = projectBinding.idePathPrefix();
@@ -647,7 +647,7 @@ public void downloadServerIssues(String projectKey, IProgressMonitor monitor) {
   public List<ServerIssue> downloadServerIssues(ProjectBinding projectBinding, String filePath, IProgressMonitor monitor) {
     return withEngine(
       engine -> engine.downloadServerIssues(createEndpointParams(), buildClientWithProxyAndCredentials(), projectBinding, filePath,
-        false, new WrappedProgressMonitor(monitor, "Fetch issues")))
+        true, new WrappedProgressMonitor(monitor, "Fetch issues")))
           .orElse(emptyList());
   }
 

diff --git a/...eclipse.core/src/org/sonarlint/eclipse/core/internal/jobs/AnalyzeConnectedProjectJob.java b/...eclipse.core/src/org/sonarlint/eclipse/core/internal/jobs/AnalyzeConnectedProjectJob.java
@@ -79,10 +79,7 @@ protected void trackIssues(Map<ISonarLintFile, IDocument> docPerFile, Map<ISonar
     }
     super.trackIssues(docPerFile, rawIssuesPerResource, triggerType, monitor);
     if (triggerType.shouldUpdateFileIssuesAsync()) {
-      List<ISonarLintIssuable> filesWithAtLeastOneIssue = filesWithAtLeastOneIssue(rawIssuesPerResource);
-      if (!filesWithAtLeastOneIssue.isEmpty()) {
-        trackServerIssuesAsync(engineFacade, filesWithAtLeastOneIssue, docPerFile, triggerType);
-      }
+      trackServerIssuesAsync(engineFacade, rawIssuesPerResource.keySet(), docPerFile, triggerType);
     }
   }
 
@@ -97,13 +94,6 @@ protected Collection<Trackable> trackFileIssues(ISonarLintFile file, List<Tracka
 
   }
 
-  private static List<ISonarLintIssuable> filesWithAtLeastOneIssue(Map<ISonarLintIssuable, List<Issue>> rawIssuesPerResource) {
-    return rawIssuesPerResource.entrySet().stream()
-      .filter(e -> !e.getValue().isEmpty())
-      .map(Map.Entry::getKey)
-      .collect(Collectors.toList());
-  }
-
   private void trackServerIssuesAsync(ConnectedEngineFacade engineFacade, Collection<ISonarLintIssuable> resources, Map<ISonarLintFile, IDocument> docPerFile,
     TriggerType triggerType) {
     SonarLintCorePlugin.getInstance().getServerIssueUpdater().updateAsync(engineFacade, getProject(),