Avoid setting Impact for SonarQube Cloud

SonarSource · Dec 11, 2024 · a99b300 · a99b300
1 parent d5c35fe
commit a99b300
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 6 deletions.
diff --git a/sonar-go-plugin/src/main/java/org/sonar/go/externalreport/GolangCILintReportSensor.java b/sonar-go-plugin/src/main/java/org/sonar/go/externalreport/GolangCILintReportSensor.java
@@ -21,6 +21,8 @@
 import java.util.Locale;
 import java.util.function.Consumer;
 import javax.annotation.Nullable;
+import org.sonar.api.SonarEdition;
+import org.sonar.api.SonarProduct;
 import org.sonar.api.batch.rule.Severity;
 import org.sonar.api.batch.sensor.SensorContext;
 import org.sonar.api.issue.impact.SoftwareQuality;
@@ -50,9 +52,11 @@ public Consumer<File> reportConsumer(SensorContext context) {
   private static class GolangCILintCheckstyleFormatImporter extends CheckstyleFormatImporter {
 
     private static final String GOSEC = "gosec";
+    private final SensorContext context;
 
     public GolangCILintCheckstyleFormatImporter(SensorContext context, String linterKey) {
       super(context, linterKey);
+      this.context = context;
     }
 
     /**
@@ -86,10 +90,15 @@ protected RuleKey createRuleKey(String source, RuleType ruleType, Severity ruleS
 
     @Override
     protected List<Impact> impacts(String severity, String source) {
-      if (GOSEC.equals(source)) {
-        return List.of(new Impact(SoftwareQuality.SECURITY, org.sonar.api.issue.impact.Severity.MEDIUM));
+      var isSonarCloud = context.runtime().getProduct() == SonarProduct.SONARQUBE && context.runtime().getEdition() == SonarEdition.SONARCLOUD;
+      if (!isSonarCloud) {
+        // SonarQube Cloud does not yet support the `impact` field for external issues
+        if (GOSEC.equals(source)) {
+          return List.of(new Impact(SoftwareQuality.SECURITY, org.sonar.api.issue.impact.Severity.MEDIUM));
+        }
+        return List.of(new Impact(SoftwareQuality.MAINTAINABILITY, org.sonar.api.issue.impact.Severity.MEDIUM));
       }
-      return List.of(new Impact(SoftwareQuality.MAINTAINABILITY, org.sonar.api.issue.impact.Severity.MEDIUM));
+      return List.of();
     }
   }
 }
diff --git a/sonar-go-plugin/src/test/java/org/sonar/go/externalreport/GolangCILintReportSensorTest.java b/sonar-go-plugin/src/test/java/org/sonar/go/externalreport/GolangCILintReportSensorTest.java
@@ -22,17 +22,23 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
+import org.mockito.Mockito;
 import org.slf4j.event.Level;
+import org.sonar.api.SonarEdition;
+import org.sonar.api.SonarProduct;
+import org.sonar.api.SonarRuntime;
 import org.sonar.api.batch.rule.Severity;
 import org.sonar.api.batch.sensor.internal.DefaultSensorDescriptor;
 import org.sonar.api.batch.sensor.internal.SensorContextTester;
 import org.sonar.api.batch.sensor.issue.ExternalIssue;
 import org.sonar.api.issue.impact.SoftwareQuality;
 import org.sonar.api.rules.RuleType;
+import org.sonar.api.utils.Version;
 import org.sonarsource.slang.testing.ThreadLocalLogTester;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.entry;
+import static org.mockito.Mockito.when;
 import static org.sonar.go.externalreport.ExternalLinterSensorHelper.REPORT_BASE_PATH;
 
 class GolangCILintReportSensorTest {
@@ -48,7 +54,7 @@ void setup() {
   public ThreadLocalLogTester logTester = new ThreadLocalLogTester();
 
   @Test
-  void test_descriptor() {
+  void shouldValidateDescriptor() {
     DefaultSensorDescriptor sensorDescriptor = new DefaultSensorDescriptor();
     golangCILintReportSensor().describe(sensorDescriptor);
     assertThat(sensorDescriptor.name()).isEqualTo("Import of GolangCI-Lint issues");
@@ -60,7 +66,7 @@ private GolangCILintReportSensor golangCILintReportSensor() {
   }
 
   @Test
-  void issues_with_sonarqube() throws IOException {
+  void shouldValidateWithSonarqube() throws IOException {
     SensorContextTester context = ExternalLinterSensorHelper.createContext();
     context.settings().setProperty("sonar.go.golangci-lint.reportPaths", REPORT_BASE_PATH.resolve("golandci-lint-report.xml").toString());
     List<ExternalIssue> externalIssues = ExternalLinterSensorHelper.executeSensor(golangCILintReportSensor(), context);
@@ -88,9 +94,44 @@ void issues_with_sonarqube() throws IOException {
     assertThat(logTester.logs(Level.ERROR)).isEmpty();
   }
 
+  @Test
+  void shouldValidateWithSonarcloud() throws IOException {
+    SensorContextTester context = ExternalLinterSensorHelper.createContext();
+    var sonarRuntime = Mockito.mock(SonarRuntime.class);
+    when(sonarRuntime.getProduct()).thenReturn(SonarProduct.SONARQUBE);
+    when(sonarRuntime.getEdition()).thenReturn(SonarEdition.SONARCLOUD);
+    when(sonarRuntime.getApiVersion()).thenReturn(Version.create(7,2));
+    context.setRuntime(sonarRuntime);
+    context.settings().setProperty("sonar.go.golangci-lint.reportPaths", REPORT_BASE_PATH.resolve("golandci-lint-report.xml").toString());
+    List<ExternalIssue> externalIssues = ExternalLinterSensorHelper.executeSensor(golangCILintReportSensor(), context);
+    assertThat(externalIssues).hasSize(2);
+
+    org.sonar.api.batch.sensor.issue.ExternalIssue first = externalIssues.get(0);
+    assertThat(first.type()).isEqualTo(RuleType.BUG);
+    assertThat(first.severity()).isEqualTo(Severity.MAJOR);
+    assertThat(first.ruleKey().repository()).isEqualTo("external_golangci-lint");
+    assertThat(first.ruleKey().rule()).isEqualTo("deadcode.bug.major");
+    // For SonarQube Cloud the impact should be empty as it is not supported
+    assertThat(first.impacts()).isEmpty();
+    assertThat(first.primaryLocation().message()).isEqualTo("`three` is unused");
+    assertThat(first.primaryLocation().textRange().start().line()).isEqualTo(3);
+
+    ExternalIssue second = externalIssues.get(1);
+    assertThat(second.type()).isEqualTo(RuleType.VULNERABILITY);
+    assertThat(second.severity()).isEqualTo(Severity.MAJOR);
+    assertThat(second.ruleKey().repository()).isEqualTo("external_golangci-lint");
+    assertThat(second.ruleKey().rule()).isEqualTo("gosec");
+    assertThat(first.impacts()).isEmpty();
+    assertThat(second.primaryLocation().message()).isEqualTo("G402: TLS InsecureSkipVerify set true.");
+    assertThat(second.primaryLocation().inputComponent().key()).isEqualTo("module:main.go");
+    assertThat(second.primaryLocation().textRange().start().line()).isEqualTo(4);
+
+    assertThat(logTester.logs(Level.ERROR)).isEmpty();
+  }
+
 
   @Test
-  void import_check_style_report_same_source_different_key() throws IOException {
+  void shouldImportSameSourceDifferentKey() throws IOException {
     // Check that rules have different key based on the severity
     SensorContextTester context = ExternalLinterSensorHelper.createContext();
     context.settings().setProperty("sonar.go.golangci-lint.reportPaths", REPORT_BASE_PATH.resolve("checkstyle-different-severity.xml").toString());