From 1a1e6558a529a7fff0aa2728767b4327a7213abb Mon Sep 17 00:00:00 2001
From: Salil Sharma <150223667+salil-sharma-ar@users.noreply.github.com>
Date: Fri, 22 Nov 2024 13:53:07 +0530
Subject: [PATCH 01/10] Update sonarlint-core to support 10.x Sonarqube
---
analysis-engine/pom.xml | 2 +-
.../sonarapi/DefaultSensorContext.java | 3 +
.../sonarapi/DefaultSonarLintIssue.java | 12 +++-
client-api/pom.xml | 2 +-
commons/pom.xml | 2 +-
core/pom.xml | 2 +-
http/pom.xml | 2 +-
issue-tracking/pom.xml | 2 +-
its/plugins/custom-sensor-plugin/pom.xml | 4 +-
its/plugins/global-extension-plugin/pom.xml | 2 +-
its/plugins/java-custom-rules/pom.xml | 2 +-
its/pom.xml | 2 +-
its/tests/pom.xml | 2 +-
osgi/pom.xml | 2 +-
plugin-api/pom.xml | 2 +-
plugin-commons/pom.xml | 2 +-
pom.xml | 4 +-
report-aggregate/pom.xml | 2 +-
rule-extractor-cli/pom.xml | 2 +-
rule-extractor/pom.xml | 2 +-
server-api/pom.xml | 2 +-
.../core/serverapi/issue/IssueApi.java | 67 +++++++++++++++----
server-connection/pom.xml | 2 +-
slf4j-sonar-log/pom.xml | 2 +-
telemetry/pom.xml | 2 +-
vcs/pom.xml | 2 +-
26 files changed, 92 insertions(+), 40 deletions(-)
diff --git a/analysis-engine/pom.xml b/analysis-engine/pom.xml
index 5d50d675a6..4eecf486aa 100644
--- a/analysis-engine/pom.xml
+++ b/analysis-engine/pom.xml
@@ -3,7 +3,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-analysis-engine
SonarLint Core - Analysis Engine
diff --git a/analysis-engine/src/main/java/org/sonarsource/sonarlint/core/analysis/sonarapi/DefaultSensorContext.java b/analysis-engine/src/main/java/org/sonarsource/sonarlint/core/analysis/sonarapi/DefaultSensorContext.java
index 2e2fd32ad2..933fe77a3e 100644
--- a/analysis-engine/src/main/java/org/sonarsource/sonarlint/core/analysis/sonarapi/DefaultSensorContext.java
+++ b/analysis-engine/src/main/java/org/sonarsource/sonarlint/core/analysis/sonarapi/DefaultSensorContext.java
@@ -215,4 +215,7 @@ public WriteCache nextCache() {
throw unsupported();
}
+ @Override
+ public void addTelemetryProperty(String property, String value) {
+ }
}
diff --git a/analysis-engine/src/main/java/org/sonarsource/sonarlint/core/analysis/sonarapi/DefaultSonarLintIssue.java b/analysis-engine/src/main/java/org/sonarsource/sonarlint/core/analysis/sonarapi/DefaultSonarLintIssue.java
index c0f7e785d0..14e423eaea 100644
--- a/analysis-engine/src/main/java/org/sonarsource/sonarlint/core/analysis/sonarapi/DefaultSonarLintIssue.java
+++ b/analysis-engine/src/main/java/org/sonarsource/sonarlint/core/analysis/sonarapi/DefaultSonarLintIssue.java
@@ -22,7 +22,7 @@
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collections;
-import java.util.EnumMap;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
@@ -43,6 +43,7 @@
import org.sonarsource.sonarlint.core.analysis.container.analysis.issue.SensorQuickFix;
import org.sonarsource.sonarlint.plugin.api.issue.NewQuickFix;
import org.sonarsource.sonarlint.plugin.api.issue.NewSonarLintIssue;
+import org.sonar.api.issue.impact.SoftwareQuality;
import static java.util.Objects.requireNonNull;
@@ -225,4 +226,13 @@ public boolean isQuickFixAvailable() {
public Optional ruleDescriptionContextKey() {
return ruleDescriptionContextKey;
}
+
+ @Override
+ public NewIssue overrideImpact(SoftwareQuality var1, org.sonar.api.issue.impact.Severity var2) {
+ return null;
+ }
+ @Override
+ public Map overridenImpacts() {
+ return new HashMap();
+ }
}
diff --git a/client-api/pom.xml b/client-api/pom.xml
index 6f7062fa0f..d653f9650d 100644
--- a/client-api/pom.xml
+++ b/client-api/pom.xml
@@ -7,7 +7,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-client-api
SonarLint Core - Client API
diff --git a/commons/pom.xml b/commons/pom.xml
index 70c9cd1f14..8a61bcc1fa 100644
--- a/commons/pom.xml
+++ b/commons/pom.xml
@@ -3,7 +3,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-commons
SonarLint Core - Commons
diff --git a/core/pom.xml b/core/pom.xml
index 3f86cb3d57..b04395572b 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-core
SonarLint Core - Implementation
diff --git a/http/pom.xml b/http/pom.xml
index 328a6445a2..3147942114 100644
--- a/http/pom.xml
+++ b/http/pom.xml
@@ -3,7 +3,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-http
SonarLint Core - HTTP
diff --git a/issue-tracking/pom.xml b/issue-tracking/pom.xml
index 7b88c49b29..8831827dcc 100644
--- a/issue-tracking/pom.xml
+++ b/issue-tracking/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-issue-tracking
SonarLint Issue Tracking
diff --git a/its/plugins/custom-sensor-plugin/pom.xml b/its/plugins/custom-sensor-plugin/pom.xml
index 2ed4391d73..6b1f6e5a8f 100644
--- a/its/plugins/custom-sensor-plugin/pom.xml
+++ b/its/plugins/custom-sensor-plugin/pom.xml
@@ -5,14 +5,14 @@
org.sonarsource.sonarlint.core
sonarlint-core-its
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
../../pom.xml
org.sonarsource.plugins.example
custom-sensor-plugin
sonar-plugin
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
Example Plugin for SonarQube
Example of plugin for SonarQube
diff --git a/its/plugins/global-extension-plugin/pom.xml b/its/plugins/global-extension-plugin/pom.xml
index 7566c6d02f..e93b824034 100644
--- a/its/plugins/global-extension-plugin/pom.xml
+++ b/its/plugins/global-extension-plugin/pom.xml
@@ -5,7 +5,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-its
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
../../pom.xml
diff --git a/its/plugins/java-custom-rules/pom.xml b/its/plugins/java-custom-rules/pom.xml
index efa423389a..2e14ee3c02 100644
--- a/its/plugins/java-custom-rules/pom.xml
+++ b/its/plugins/java-custom-rules/pom.xml
@@ -6,7 +6,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-its
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
../../pom.xml
diff --git a/its/pom.xml b/its/pom.xml
index 6439c11fc1..20b7a8afc7 100644
--- a/its/pom.xml
+++ b/its/pom.xml
@@ -3,7 +3,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-core-its
SonarLint Core - ITs
diff --git a/its/tests/pom.xml b/its/tests/pom.xml
index 5c3d0a0aec..8cd140e74c 100644
--- a/its/tests/pom.xml
+++ b/its/tests/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-its
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-core-its-tests
SonarLint Core - ITs - Tests
diff --git a/osgi/pom.xml b/osgi/pom.xml
index 8aeef38379..8647ae380c 100644
--- a/osgi/pom.xml
+++ b/osgi/pom.xml
@@ -3,7 +3,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-core-osgi
SonarLint Core - OSGi bundle
diff --git a/plugin-api/pom.xml b/plugin-api/pom.xml
index a121a99982..90c98e53ea 100644
--- a/plugin-api/pom.xml
+++ b/plugin-api/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-plugin-api
jar
diff --git a/plugin-commons/pom.xml b/plugin-commons/pom.xml
index 7c7fd8bf7e..24eb2f1fc8 100644
--- a/plugin-commons/pom.xml
+++ b/plugin-commons/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-plugin-commons
SonarLint Core - Plugin Commons
diff --git a/pom.xml b/pom.xml
index 117e4ec31f..cbefe1ae3f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,7 +8,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
pom
SonarLint Core
Library used by SonarLint flavors (Eclipse, IntelliJ, VSCode...)
@@ -43,7 +43,7 @@
- 9.15-CODESCAN
+ 10.11-CODESCAN
9.9.1.69595
9.9.0.65466
7.9
diff --git a/report-aggregate/pom.xml b/report-aggregate/pom.xml
index 7012f2e94f..a27077e158 100644
--- a/report-aggregate/pom.xml
+++ b/report-aggregate/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-report-aggregate
SonarLint Coverage Reports Aggregator
diff --git a/rule-extractor-cli/pom.xml b/rule-extractor-cli/pom.xml
index ff8dac813d..8d58ad4174 100644
--- a/rule-extractor-cli/pom.xml
+++ b/rule-extractor-cli/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-rule-extractor-cli
SonarLint Core - Rule Extractor - CLI
diff --git a/rule-extractor/pom.xml b/rule-extractor/pom.xml
index 3f1aced516..62e478008f 100644
--- a/rule-extractor/pom.xml
+++ b/rule-extractor/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-rule-extractor
SonarLint Core - Rule Extractor
diff --git a/server-api/pom.xml b/server-api/pom.xml
index 48e05dc17a..70e8d26b01 100644
--- a/server-api/pom.xml
+++ b/server-api/pom.xml
@@ -3,7 +3,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-server-api
SonarLint Core - Server API
diff --git a/server-api/src/main/java/org/sonarsource/sonarlint/core/serverapi/issue/IssueApi.java b/server-api/src/main/java/org/sonarsource/sonarlint/core/serverapi/issue/IssueApi.java
index 1c33aa5550..6911278003 100644
--- a/server-api/src/main/java/org/sonarsource/sonarlint/core/serverapi/issue/IssueApi.java
+++ b/server-api/src/main/java/org/sonarsource/sonarlint/core/serverapi/issue/IssueApi.java
@@ -30,6 +30,7 @@
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
+import org.sonar.scanner.protocol.Constants;
import org.sonar.scanner.protocol.input.ScannerInput;
import org.sonarsource.sonarlint.core.commons.IssueStatus;
import org.sonarsource.sonarlint.core.commons.Language;
@@ -43,6 +44,7 @@
import org.sonarsource.sonarlint.core.serverapi.proto.sonarqube.ws.Issues;
import org.sonarsource.sonarlint.core.serverapi.proto.sonarqube.ws.Issues.Component;
import org.sonarsource.sonarlint.core.serverapi.proto.sonarqube.ws.Issues.Issue;
+import org.sonarsource.sonarlint.core.serverapi.proto.sonarqube.ws.Issues.SearchWsResponse;
import static java.util.Objects.requireNonNull;
import static org.sonarsource.sonarlint.core.http.HttpClient.FORM_URL_ENCODED_CONTENT_TYPE;
@@ -129,29 +131,66 @@ private static String getUrlBranchParameter(@Nullable String branchName) {
return "";
}
+// public List downloadAllFromBatchIssues(String key, @Nullable String branchName) {
+// var batchIssueUrl = new StringBuilder();
+// batchIssueUrl.append(getBatchIssuesUrl(key));
+// batchIssueUrl.append(getUrlBranchParameter(branchName));
+// return ServerApiHelper.processTimed(
+// () -> serverApiHelper.rawGet(batchIssueUrl.toString()),
+// response -> {
+// if (response.code() == 403 || response.code() == 404) {
+// return Collections.emptyList();
+// } else if (response.code() != 200) {
+// throw ServerApiHelper.handleError(response);
+// }
+// var input = response.bodyAsStream();
+// var parser = ScannerInput.ServerIssue.parser();
+// return readMessages(input, parser);
+// },
+// duration -> LOG.debug("Downloaded issues in {}ms", duration));
+// }
+
public List downloadAllFromBatchIssues(String key, @Nullable String branchName) {
var batchIssueUrl = new StringBuilder();
- batchIssueUrl.append(getBatchIssuesUrl(key));
+ batchIssueUrl.append(getSonar10BatchIssueUrl(key));
batchIssueUrl.append(getUrlBranchParameter(branchName));
- return ServerApiHelper.processTimed(
- () -> serverApiHelper.rawGet(batchIssueUrl.toString()),
- response -> {
- if (response.code() == 403 || response.code() == 404) {
- return Collections.emptyList();
- } else if (response.code() != 200) {
- throw ServerApiHelper.handleError(response);
- }
- var input = response.bodyAsStream();
- var parser = ScannerInput.ServerIssue.parser();
- return readMessages(input, parser);
- },
- duration -> LOG.debug("Downloaded issues in {}ms", duration));
+
+ List issues = new ArrayList<>();
+ List response = new ArrayList<>();
+
+ serverApiHelper.getPaginated(batchIssueUrl.toString(),
+ Issues.SearchWsResponse::parseFrom,
+ r -> r.getPaging().getTotal(),
+ SearchWsResponse::getIssuesList,
+ issues::add,
+ false,
+ new ProgressMonitor(null));
+
+
+ for(Issue fileIssue : issues) {
+ response.add(ScannerInput.ServerIssue.newBuilder()
+ .setKey(fileIssue.getKey())
+ .setRuleKey(fileIssue.getRule())
+ .setChecksum(fileIssue.getHash())
+ .setMsg(fileIssue.getMessage())
+ .setLine(fileIssue.getLine())
+ .setPath(fileIssue.getComponent())
+ .setType(fileIssue.getType().name())
+ .setSeverity(Constants.Severity.forNumber(fileIssue.getSeverity().getNumber() + 1))
+ .build());
+ }
+
+ return response;
}
private static String getBatchIssuesUrl(String key) {
return "/batch/issues?key=" + UrlUtils.urlEncode(key);
}
+ private static String getSonar10BatchIssueUrl(String key) {
+ return "/api/issues/search.protobuf?componentKeys=" + UrlUtils.urlEncode(key);
+ }
+
private static String getPullIssuesUrl(String projectKey, String branchName, Set enabledLanguages, @Nullable Long changedSince) {
var enabledLanguageKeys = enabledLanguages.stream().map(Language::getLanguageKey).collect(Collectors.joining(","));
var url = new StringBuilder()
diff --git a/server-connection/pom.xml b/server-connection/pom.xml
index 90ec090dfe..3ef06418df 100644
--- a/server-connection/pom.xml
+++ b/server-connection/pom.xml
@@ -3,7 +3,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-server-connection
SonarLint Core - Server Connection
diff --git a/slf4j-sonar-log/pom.xml b/slf4j-sonar-log/pom.xml
index c8ca2f9fd3..8ef4e25e8c 100644
--- a/slf4j-sonar-log/pom.xml
+++ b/slf4j-sonar-log/pom.xml
@@ -3,7 +3,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-slf4j-sonar-log
SonarLint Core - SLF4J log adaptor
diff --git a/telemetry/pom.xml b/telemetry/pom.xml
index 71c9ff59a0..9d521a9c76 100644
--- a/telemetry/pom.xml
+++ b/telemetry/pom.xml
@@ -4,7 +4,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-telemetry
SonarLint Core - Telemetry
diff --git a/vcs/pom.xml b/vcs/pom.xml
index f88467677c..3326bb4897 100644
--- a/vcs/pom.xml
+++ b/vcs/pom.xml
@@ -7,7 +7,7 @@
org.sonarsource.sonarlint.core
sonarlint-core-parent
- 9.1.2-CODESCAN
+ 9.1.3-CODESCAN
sonarlint-vcs
SonarLint Core - Version Control System
From 44692c7a26f73e4bbb8298df26eacb2173361034 Mon Sep 17 00:00:00 2001
From: Sandeep Pani
Date: Thu, 23 Jan 2025 17:46:06 +0530
Subject: [PATCH 02/10] CD-6294 Add info and blocker severities to
ImpactSeverity in ws-commons.proto
---
server-api/src/main/proto/sonarqube/ws-commons.proto | 2 ++
1 file changed, 2 insertions(+)
diff --git a/server-api/src/main/proto/sonarqube/ws-commons.proto b/server-api/src/main/proto/sonarqube/ws-commons.proto
index 6d0db1bd76..1640177f7a 100644
--- a/server-api/src/main/proto/sonarqube/ws-commons.proto
+++ b/server-api/src/main/proto/sonarqube/ws-commons.proto
@@ -92,6 +92,8 @@ enum ImpactSeverity {
LOW = 1;
MEDIUM = 2;
HIGH = 3;
+ ImpactSeverity_INFO = 4;
+ ImpactSeverity_BLOCKER = 5;
}
// Lines start at 1 and line offsets start at 0
From 45a04aaca70e4e431c5fc7b2e047ec9bb965b8f6 Mon Sep 17 00:00:00 2001
From: Sandeep Pani
Date: Tue, 28 Jan 2025 15:03:07 +0530
Subject: [PATCH 03/10] CD-6334 Change sonar plugin api version
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index cbefe1ae3f..ca0acb774d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
- 10.11-CODESCAN
+ 10.14-CODESCAN
9.9.1.69595
9.9.0.65466
7.9
From 263158aa50ec8add136aaf07745aad2784b3facc Mon Sep 17 00:00:00 2001
From: Rajashekar
Date: Thu, 26 Dec 2024 19:47:33 +0530
Subject: [PATCH 04/10] CD-6296 Disabling sonarlint_events api
---
.../serverconnection/events/ServerEventsAutoSubscriber.java | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/server-connection/src/main/java/org/sonarsource/sonarlint/core/serverconnection/events/ServerEventsAutoSubscriber.java b/server-connection/src/main/java/org/sonarsource/sonarlint/core/serverconnection/events/ServerEventsAutoSubscriber.java
index 407ca03a62..2f5250ea43 100644
--- a/server-connection/src/main/java/org/sonarsource/sonarlint/core/serverconnection/events/ServerEventsAutoSubscriber.java
+++ b/server-connection/src/main/java/org/sonarsource/sonarlint/core/serverconnection/events/ServerEventsAutoSubscriber.java
@@ -33,9 +33,11 @@ public class ServerEventsAutoSubscriber {
public void subscribePermanently(ServerApi serverApi, Set projectKeys, Set enabledLanguages, ServerEventHandler eventConsumer,
ClientLogOutput clientLogOutput) {
- cancelSubscription();
+ // cancelSubscription();
if (!projectKeys.isEmpty() && !enabledLanguages.isEmpty()) {
- attemptSubscription(serverApi, projectKeys, enabledLanguages, eventConsumer, clientLogOutput);
+ // Disabling sonarlint_events api
+
+ // attemptSubscription(serverApi, projectKeys, enabledLanguages, eventConsumer, clientLogOutput);
}
}
From 2faf794c6b1a1eb196cd6e0781cbefeca1fec540 Mon Sep 17 00:00:00 2001
From: Rajashekar-codescan
Date: Tue, 11 Mar 2025 12:57:29 +0530
Subject: [PATCH 05/10] CD-6238 - Fix for the issue with Windows OS in 2024.3.x
IntelliJ
---
.../loading/PluginInstancesLoader.java | 28 +++++++++++++++----
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/plugin-commons/src/main/java/org/sonarsource/sonarlint/core/plugin/commons/loading/PluginInstancesLoader.java b/plugin-commons/src/main/java/org/sonarsource/sonarlint/core/plugin/commons/loading/PluginInstancesLoader.java
index 6ca1fececa..da189a7e85 100644
--- a/plugin-commons/src/main/java/org/sonarsource/sonarlint/core/plugin/commons/loading/PluginInstancesLoader.java
+++ b/plugin-commons/src/main/java/org/sonarsource/sonarlint/core/plugin/commons/loading/PluginInstancesLoader.java
@@ -22,15 +22,18 @@
import java.io.Closeable;
import java.io.File;
import java.io.IOException;
-import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
import javax.annotation.CheckForNull;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.SystemUtils;
@@ -133,10 +136,25 @@ private static Path extractDependencyInTempFolder(PluginInfo info, String depend
}
}
- private static void extractFile(Path zipFile, String fileName, Path outputFile) throws IOException {
- try (var fileSystem = FileSystems.newFileSystem(zipFile, (ClassLoader) null)) {
- var fileToExtract = fileSystem.getPath(fileName);
- Files.copy(fileToExtract, outputFile);
+
+ private static void extractFile(Path zipFilePath, String fileName, Path outputFile) throws IOException {
+ try (ZipFile zipFile = new ZipFile(String.valueOf(zipFilePath))) {
+ Enumeration entries = zipFile.entries();
+ while (entries.hasMoreElements()) {
+ ZipEntry entry = entries.nextElement();
+ String normalizedFileName = fileName.replace("\\", "/");
+ String normalizedJarName = entry.getName().replace("\\","/");
+ if (normalizedJarName.equals(normalizedFileName)) {
+ try{
+ Files.copy(zipFile.getInputStream(entry), outputFile, StandardCopyOption.REPLACE_EXISTING);
+ LOG.debug("File successfully extracted");
+ } catch (IOException e) {
+ throw new IOException("Error extracting file from ZIP: " + fileName, e);
+ }
+ return;
+ }
+ }
+ LOG.debug("File " + fileName + " not found in " + zipFilePath);
}
}
From 9a8ae37d7c73e3655a57aab5aa9d12bb1f0c3459 Mon Sep 17 00:00:00 2001
From: Rajashekar-codescan
Date: Wed, 12 Mar 2025 14:25:50 +0530
Subject: [PATCH 06/10] CD-6238 Modified debug log statements
---
.../core/plugin/commons/loading/PluginInstancesLoader.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/plugin-commons/src/main/java/org/sonarsource/sonarlint/core/plugin/commons/loading/PluginInstancesLoader.java b/plugin-commons/src/main/java/org/sonarsource/sonarlint/core/plugin/commons/loading/PluginInstancesLoader.java
index da189a7e85..d2e4da37f2 100644
--- a/plugin-commons/src/main/java/org/sonarsource/sonarlint/core/plugin/commons/loading/PluginInstancesLoader.java
+++ b/plugin-commons/src/main/java/org/sonarsource/sonarlint/core/plugin/commons/loading/PluginInstancesLoader.java
@@ -149,12 +149,13 @@ private static void extractFile(Path zipFilePath, String fileName, Path outputFi
Files.copy(zipFile.getInputStream(entry), outputFile, StandardCopyOption.REPLACE_EXISTING);
LOG.debug("File successfully extracted");
} catch (IOException e) {
- throw new IOException("Error extracting file from ZIP: " + fileName, e);
+ LOG.error("Error extracting file from ZIP: {}", fileName);
+ throw new IOException(e);
}
return;
}
}
- LOG.debug("File " + fileName + " not found in " + zipFilePath);
+ LOG.debug("File {} not found in {}", fileName, zipFilePath);
}
}
From 89f5528a464602af7766287a46a895e9fef9d7b8 Mon Sep 17 00:00:00 2001
From: Salil Sharma <150223667+salil-sharma-ar@users.noreply.github.com>
Date: Thu, 10 Apr 2025 17:34:05 +0530
Subject: [PATCH 07/10] IntelliJ IDE security fixes
---
.../core/commons/objectstore/HashingPathMapper.java | 2 +-
its/plugins/custom-sensor-plugin/pom.xml | 4 ++--
its/plugins/global-extension-plugin/pom.xml | 4 ++--
its/plugins/java-custom-rules/pom.xml | 6 +++---
.../sonarlint/core/serverconnection/StoredPlugin.java | 3 ++-
vcs/pom.xml | 2 +-
6 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/commons/src/main/java/org/sonarsource/sonarlint/core/commons/objectstore/HashingPathMapper.java b/commons/src/main/java/org/sonarsource/sonarlint/core/commons/objectstore/HashingPathMapper.java
index 51f3690e34..bd0b561310 100644
--- a/commons/src/main/java/org/sonarsource/sonarlint/core/commons/objectstore/HashingPathMapper.java
+++ b/commons/src/main/java/org/sonarsource/sonarlint/core/commons/objectstore/HashingPathMapper.java
@@ -30,7 +30,7 @@
public class HashingPathMapper implements PathMapper {
private static final String HEX_LETTERS = "0123456789abcdef";
- private static final String HASHING_ALGORITHM = "SHA1";
+ private static final String HASHING_ALGORITHM = "SHA-256";
private static final int HASH_LENGTH = 40;
private final Path base;
diff --git a/its/plugins/custom-sensor-plugin/pom.xml b/its/plugins/custom-sensor-plugin/pom.xml
index 6b1f6e5a8f..87db2727f1 100644
--- a/its/plugins/custom-sensor-plugin/pom.xml
+++ b/its/plugins/custom-sensor-plugin/pom.xml
@@ -19,8 +19,8 @@
UTF-8
- 5.6
- 11
+ 9.14.0.375
+ 17
diff --git a/its/plugins/global-extension-plugin/pom.xml b/its/plugins/global-extension-plugin/pom.xml
index e93b824034..30f8947687 100644
--- a/its/plugins/global-extension-plugin/pom.xml
+++ b/its/plugins/global-extension-plugin/pom.xml
@@ -18,8 +18,8 @@
UTF-8
- 7.0
- 11
+ 9.14.0.375
+ 17
diff --git a/its/plugins/java-custom-rules/pom.xml b/its/plugins/java-custom-rules/pom.xml
index 2e14ee3c02..bcb74b0e7a 100644
--- a/its/plugins/java-custom-rules/pom.xml
+++ b/its/plugins/java-custom-rules/pom.xml
@@ -18,15 +18,15 @@
Java Custom Rules
- 5.13.1.18282
- 1.14.1.690
+ 7.16.0.30901
+ 2.11.0.2861
org.sonarsource.sonarqube
sonar-plugin-api
- 7.9
+ 9.14.0.375
provided
diff --git a/server-connection/src/main/java/org/sonarsource/sonarlint/core/serverconnection/StoredPlugin.java b/server-connection/src/main/java/org/sonarsource/sonarlint/core/serverconnection/StoredPlugin.java
index defd3f8a2c..617b885d98 100644
--- a/server-connection/src/main/java/org/sonarsource/sonarlint/core/serverconnection/StoredPlugin.java
+++ b/server-connection/src/main/java/org/sonarsource/sonarlint/core/serverconnection/StoredPlugin.java
@@ -20,6 +20,7 @@
package org.sonarsource.sonarlint.core.serverconnection;
import java.nio.file.Path;
+import java.security.MessageDigest;
import org.sonarsource.sonarlint.core.serverapi.plugins.ServerPlugin;
public class StoredPlugin {
@@ -46,6 +47,6 @@ public Path getJarPath() {
}
public boolean hasSameHash(ServerPlugin serverPlugin) {
- return getHash().equals(serverPlugin.getHash());
+ return MessageDigest.isEqual(getHash().getBytes(), serverPlugin.getHash().getBytes());
}
}
diff --git a/vcs/pom.xml b/vcs/pom.xml
index 3326bb4897..a293854cf4 100644
--- a/vcs/pom.xml
+++ b/vcs/pom.xml
@@ -29,7 +29,7 @@
org.eclipse.jgit
org.eclipse.jgit
- 6.0.0.202111291000-r
+ 6.10.0.202406032230-r
provided
true
From 306920ba52ab881264e58c785608a7b56925244e Mon Sep 17 00:00:00 2001
From: Salil Sharma <150223667+salil-sharma-ar@users.noreply.github.com>
Date: Thu, 10 Apr 2025 19:17:10 +0530
Subject: [PATCH 08/10] Update kotlin version to fix vulnerability
---
.cirrus/Dockerfile | 10 ----------
pom.xml | 2 +-
2 files changed, 1 insertion(+), 11 deletions(-)
diff --git a/.cirrus/Dockerfile b/.cirrus/Dockerfile
index 77e96f6da3..e69de29bb2 100644
--- a/.cirrus/Dockerfile
+++ b/.cirrus/Dockerfile
@@ -1,10 +0,0 @@
-ARG CIRRUS_AWS_ACCOUNT
-ARG JDK_VERSION
-FROM ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j${JDK_VERSION}-m3-latest
-
-USER root
-
-ENV NODE_VERSION=18
-RUN apt-get update && apt-get install -y nodejs=${NODE_VERSION}.*
-
-USER sonarsource
diff --git a/pom.xml b/pom.xml
index ca0acb774d..9a88c45adf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -56,7 +56,7 @@
11
2.10
4.9.0
- 1.7.22
+ 1.9.25
0.19.0
3.1.2
From 0ce28363763b0e3e092809a0440e6df8dc2e185b Mon Sep 17 00:00:00 2001
From: Salil Sharma <150223667+salil-sharma-ar@users.noreply.github.com>
Date: Thu, 10 Apr 2025 19:46:26 +0530
Subject: [PATCH 09/10] Removed unnecessary variables from pom.xml
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 9a88c45adf..f757d071ba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -62,9 +62,9 @@
3.1.2
https://app.codescan.io
- e0b1aba256426ca4d4bf0312062d7e2129eb88df
+
- c0ae17aade58da85a4d275acfcd30a4c
+ org
sonar-plugin-api
${artifactId}
From 556e26ec85f2cca8e829d0c2b0196c8a0844baf7 Mon Sep 17 00:00:00 2001
From: Rajashekar-codescan
Date: Fri, 4 Jul 2025 11:51:12 +0530
Subject: [PATCH 10/10] add cvss related changes to support the plugin
---
.../rule/extractor/SecurityStandards.java | 20 +++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/rule-extractor/src/main/java/org/sonarsource/sonarlint/core/rule/extractor/SecurityStandards.java b/rule-extractor/src/main/java/org/sonarsource/sonarlint/core/rule/extractor/SecurityStandards.java
index b76e53434d..52d5a7395f 100644
--- a/rule-extractor/src/main/java/org/sonarsource/sonarlint/core/rule/extractor/SecurityStandards.java
+++ b/rule-extractor/src/main/java/org/sonarsource/sonarlint/core/rule/extractor/SecurityStandards.java
@@ -40,6 +40,7 @@ public final class SecurityStandards {
public static final String UNKNOWN_STANDARD = "unknown";
private static final String CWE_PREFIX = "cwe:";
+ private static final String CVSS_PREFIX = "cvss:";
public enum SLCategory {
BUFFER_OVERFLOW("buffer-overflow", HIGH),
@@ -111,12 +112,14 @@ public VulnerabilityProbability getVulnerability() {
private final Set standards;
private final Set cwe;
+ private final Set cvss;
private final SLCategory sLCategory;
private final Set ignoredSLCategories;
- private SecurityStandards(Set standards, Set cwe, SLCategory sLCategory, Set ignoredSLCategories) {
+ private SecurityStandards(Set standards, Set cwe, Set cvss, SLCategory sLCategory, Set ignoredSLCategories) {
this.standards = standards;
this.cwe = cwe;
+ this.cvss = cvss;
this.sLCategory = sLCategory;
this.ignoredSLCategories = ignoredSLCategories;
}
@@ -140,16 +143,21 @@ public Set getCwe() {
return cwe;
}
+ public Set getCvss() {
+ return cvss;
+ }
+
/**
* @throws IllegalStateException if {@code securityStandards} maps to multiple {@link SLCategory SLCategories}
*/
public static SecurityStandards fromSecurityStandards(Set securityStandards) {
Set standards = securityStandards.stream().filter(Objects::nonNull).collect(toSet());
Set cwe = toCwes(standards);
+ Set cvss = toCvsss(standards);
List sl = toSLCategories(cwe);
var slCategory = sl.iterator().next();
Set ignoredSLCategories = sl.stream().skip(1).collect(toSet());
- return new SecurityStandards(standards, cwe, slCategory, ignoredSLCategories);
+ return new SecurityStandards(standards, cwe, cvss, slCategory, ignoredSLCategories);
}
private static Set toCwes(Collection securityStandards) {
@@ -160,6 +168,14 @@ private static Set toCwes(Collection securityStandards) {
return result.isEmpty() ? singleton(UNKNOWN_STANDARD) : result;
}
+ private static Set toCvsss(Collection securityStandards) {
+ Set result = securityStandards.stream()
+ .filter(s -> s.startsWith(CVSS_PREFIX))
+ .map(s -> s.substring(CVSS_PREFIX.length()))
+ .collect(toSet());
+ return result.isEmpty() ? singleton(UNKNOWN_STANDARD) : result;
+ }
+
private static List toSLCategories(Collection cwe) {
List result = CWES_BY_SL_CATEGORY
.keySet()