From cbfa24ea51b7c8fa40b17bfce4e39ece9aa1aa99 Mon Sep 17 00:00:00 2001 From: Tobias Hahnen Date: Wed, 6 Nov 2024 16:43:31 +0100 Subject: [PATCH 1/2] SLCORE-1029: Shade/relocate JGit into OSGi bundle In order for SonarLint for Eclipse to make use of the same JGit version as SonarLint CORE uses, we shade/relocate it into the OSGi bundle as well. --- client/java-client-dependencies/pom.xml | 16 ++++++++++++++++ client/java-client-osgi/java-client-osgi.bnd | 7 ++++--- client/java-client-osgi/pom.xml | 2 ++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/client/java-client-dependencies/pom.xml b/client/java-client-dependencies/pom.xml index ae1c451410..213cb078b2 100644 --- a/client/java-client-dependencies/pom.xml +++ b/client/java-client-dependencies/pom.xml @@ -22,6 +22,16 @@ org.eclipse.lsp4j.jsonrpc ${lsp4j.version} + + org.eclipse.jgit + org.eclipse.jgit + ${jgit.version} + + + org.slf4j + slf4j-api + ${slf4j.version} + @@ -48,6 +58,8 @@ com.google.code.gson:gson org.eclipse.lsp4j:org.eclipse.lsp4j.jsonrpc + org.eclipse.jgit:org.eclipse.jgit + org.slf4j:slf4j-api @@ -59,6 +71,8 @@ com.google.gson.** org.eclipse.lsp4j.** + org.eclipse.jgit.** + org.slf4j.** @@ -69,11 +83,13 @@ *:* module-info.class + about.html META-INF/*.SF META-INF/*.DSA META-INF/*.RSA META-INF/LICENSE* META-INF/NOTICE* + OSGI-INF/ LICENSE* NOTICE* *.proto diff --git a/client/java-client-osgi/java-client-osgi.bnd b/client/java-client-osgi/java-client-osgi.bnd index c0904ea000..8c942a22d8 100644 --- a/client/java-client-osgi/java-client-osgi.bnd +++ b/client/java-client-osgi/java-client-osgi.bnd @@ -8,9 +8,10 @@ Export-Package: org.sonarsource.sonarlint.core.client.legacy.*;version="${projec org.sonarsource.sonarlint.core.rpc.client.*;version="${project.version}",\ org.sonarsource.sonarlint.core.rpc.protocol.*;version="${project.version}",\ org.sonarsource.sonarlint.shaded.com.google.gson.*;version="${gson.version}",\ - org.sonarsource.sonarlint.shaded.org.eclipse.lsp4j.jsonrpc.*;version="${lsp4j.version}", -Import-Package: javax.annotation.*;resolution:=optional,\ - org.eclipse.jgit.*;resolution:=optional, + org.sonarsource.sonarlint.shaded.org.eclipse.lsp4j.jsonrpc.*;version="${lsp4j.version}",\ + org.sonarsource.sonarlint.shaded.org.eclipse.jgit.*;version="${jgit.version}",\ + org.sonarsource.sonarlint.shaded.org.slf4j.*;version="${slf4j.version}", +Import-Package: javax.annotation.*;resolution:=optional, # BND configuration to export packages from 'sonarlint-analysis-engine.jar' / 'sonarlint-common.jar' / 'sonarlint-plugins-commons.jar' # without copying them from the included JAR archive (resource, see instruction below) to the normal JAR archive! diff --git a/client/java-client-osgi/pom.xml b/client/java-client-osgi/pom.xml index 79cf3d6dcc..a8354cdc06 100644 --- a/client/java-client-osgi/pom.xml +++ b/client/java-client-osgi/pom.xml @@ -137,6 +137,8 @@ com.google.gson.** org.eclipse.lsp4j.** + org.eclipse.jgit.** + org.slf4j.** From a0f38ca7edab8f83eeb095c7ce419f2a2c184596 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Lievremont Date: Fri, 18 Oct 2024 16:34:02 +0200 Subject: [PATCH 2/2] Fix override of taint vulnerability impact severity in SQ 10.8+ --- .../src/test/java/its/SonarQubeDeveloperEditionTests.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/its/tests/src/test/java/its/SonarQubeDeveloperEditionTests.java b/its/tests/src/test/java/its/SonarQubeDeveloperEditionTests.java index ff6403c815..bdf1ac28ab 100644 --- a/its/tests/src/test/java/its/SonarQubeDeveloperEditionTests.java +++ b/its/tests/src/test/java/its/SonarQubeDeveloperEditionTests.java @@ -837,8 +837,13 @@ void shouldSyncTaintVulnerabilities() throws ExecutionException, InterruptedExce assertThat(taintVulnerability.getType()).isEqualTo(org.sonarsource.sonarlint.core.rpc.protocol.common.RuleType.VULNERABILITY); assertThat(taintVulnerability.getRuleDescriptionContextKey()).isEqualTo("java_se"); - if (ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 2)) { + if (ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 8)) { assertThat(taintVulnerability.getCleanCodeAttribute()).isEqualTo(CleanCodeAttribute.COMPLETE); + // In SQ 10.8+, old MAJOR severity maps to overridden MEDIUM impact + assertThat(taintVulnerability.getImpacts()).containsExactly(entry(SoftwareQuality.SECURITY, ImpactSeverity.MEDIUM)); + } else if (ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 2)) { + assertThat(taintVulnerability.getCleanCodeAttribute()).isEqualTo(CleanCodeAttribute.COMPLETE); + // In 10.2 <= SQ < 10.8, the impact severity is not overridden assertThat(taintVulnerability.getImpacts()).containsExactly(entry(SoftwareQuality.SECURITY, ImpactSeverity.HIGH)); } else { assertThat(taintVulnerability.getCleanCodeAttribute()).isNull();