Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SONARJAVA-5383 Lookup Spring-web dependency version to filter out visitors #5053

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

SONARJAVA-5383 Lookup Spring-web dependency version to filter out visitors #5053

wants to merge 5 commits into from

Conversation

romainbrenguier
Copy link
Contributor

@romainbrenguier romainbrenguier commented Mar 11, 2025
edited by jira bot
Loading

SONARJAVA-5383

Minimal example of what can be achieved by looking at dependency versions.
Improves the SpringComposedRequestMappingCheck

@romainbrenguier romainbrenguier force-pushed the romain/SONARJAVA-5383-MPV branch 6 times, most recently from 8d299c6 to 70d7cd8 Compare March 12, 2025 11:57
leonardo-pilastri-sonarsource
leonardo-pilastri-sonarsource requested changes Mar 12, 2025
View reviewed changes
its/autoscan/src/test/java/org/sonar/java/it/AutoScanTest.java
@@ -120,7 +120,7 @@ public void javaCheckTestSources() throws Exception {
.setProjectName(PROJECT_NAME)
.setProjectVersion("0.1.0-SNAPSHOT")
.setSourceEncoding("UTF-8")
.setSourceDirs("aws/src/main/java/,default/src/main/java/,java-17/src/main/java/,spring-3.2/src/main/java/")
.setSourceDirs("aws/src/main/java/,default/src/main/java/,java-17/src/main/java/,spring-3.2/src/main/java/,spring-web-4.0/src/main/java/")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the root folder of sonar-java we have the .cirrus.yml file where in some parts we exclude test source modules to avoid FPs on Mend for instance, at line 89 of this yml file for instance

We will need to add this new module in such places as well

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's just at line 89 and 121

java-checks-testkit/src/main/java/org/sonar/java/checks/Constants.java Outdated
@@ -23,4 +23,6 @@ private Constants() {

public static final String SPRING_3_2 = "../java-checks-test-sources/spring-3.2";
public static final String SPRING_3_2_CLASSPATH = SPRING_3_2 + "/target/test-classpath.txt";
public static final String SPRING_WEB_4_0 = "../java-checks-test-sources/spring-web-4.0";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a strong opinion on this one, I let you decide

We should probably name this/these constants differently, as their usages will look like Constants.SPRING_WEB_4_0 which is not clear what it represents, to something like SPRING_WEB_4_0_PROJECT or SPRING_WEB_4_0_ROOT. I don't know if we want to change also the SPRING_3_2 right now for consistency, or skip it for the sake of smaller scope possible of the PR

java-frontend/src/main/java/org/sonar/java/classpath/Version.java Outdated
private static final Pattern VERSION_PATTERN = Pattern.compile(VERSION_REGEX);

/**
* matcher must come from a match again a pattern that contains {@link #VERSION_REGEX} and no other groups.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* matcher must come from a match again a pattern that contains {@link #VERSION_REGEX} and no other groups.
* matcher must come from a match against a pattern that contains {@link #VERSION_REGEX} and no other groups.

@romainbrenguier romainbrenguier force-pushed the romain/SONARJAVA-5383-MPV branch from 70d7cd8 to 73266fd Compare March 12, 2025 14:21
@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
1 Fixed issue
2 Accepted issues

Measures
0 Security Hotspots
99.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

leonardo-pilastri-sonarsource
leonardo-pilastri-sonarsource approved these changes Mar 12, 2025
View reviewed changes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@romainbrenguier romainbrenguier marked this pull request as ready for review March 12, 2025 14:59
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource approved these changes

@alban-auzeill alban-auzeill Awaiting requested review from alban-auzeill

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@romainbrenguier @leonardo-pilastri-sonarsource