wip

Author: kirill-knize-sonarsource

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/SonarLintDatabase.java

@@ -24,9 +24,11 @@
 import java.sql.Connection;
 import java.sql.SQLException;
 import java.util.Set;
+import java.util.function.Consumer;
 import org.apache.commons.lang3.StringUtils;
 import org.flywaydb.core.Flyway;
 import org.h2.jdbcx.JdbcConnectionPool;
+import org.jooq.Configuration;
 import org.jooq.DSLContext;
 import org.jooq.SQLDialect;
 import org.jooq.impl.DSL;
@@ -96,6 +98,10 @@ public Connection getConnection() throws SQLException {
     return dataSource.getConnection();
   }
 
+  public void withTransaction(Consumer<Configuration> transaction) {
+    dsl.transaction(transaction::accept);
+  }
+
   public void shutdown() {
     try {
       dataSource.dispose();

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/FileLevelServerIssue.java

@@ -0,0 +1,37 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+import java.nio.file.Path;
+import java.time.Instant;
+import java.util.Map;
+import java.util.UUID;
+import javax.annotation.Nullable;
+import org.sonarsource.sonarlint.core.commons.ImpactSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueStatus;
+import org.sonarsource.sonarlint.core.commons.RuleType;
+import org.sonarsource.sonarlint.core.commons.SoftwareQuality;
+
+public record FileLevelServerIssue(UUID id, String serverKey, boolean resolved, @Nullable IssueStatus resolutionStatus,
+                                   String ruleKey, String message, Path filePath, Instant creationDate,
+                                   @Nullable IssueSeverity userSeverity, RuleType type,
+                                   Map<SoftwareQuality, ImpactSeverity> impacts) implements ServerIssue {
+}

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/LineLevelServerIssue.java

@@ -0,0 +1,37 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+import java.nio.file.Path;
+import java.time.Instant;
+import java.util.Map;
+import java.util.UUID;
+import javax.annotation.Nullable;
+import org.sonarsource.sonarlint.core.commons.ImpactSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueStatus;
+import org.sonarsource.sonarlint.core.commons.RuleType;
+import org.sonarsource.sonarlint.core.commons.SoftwareQuality;
+
+public record LineLevelServerIssue(UUID id, String serverKey, boolean resolved, @Nullable IssueStatus resolutionStatus,
+                                   String ruleKey, String message, Path filePath, Instant creationDate,
+                                   @Nullable IssueSeverity userSeverity, RuleType type,
+                                   Map<SoftwareQuality, ImpactSeverity> impacts, int line, String lineHash) implements ServerIssue {
+}

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/RangeLevelServerIssue.java

@@ -0,0 +1,38 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+import java.nio.file.Path;
+import java.time.Instant;
+import java.util.Map;
+import java.util.UUID;
+import javax.annotation.Nullable;
+import org.sonarsource.sonarlint.core.commons.ImpactSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueStatus;
+import org.sonarsource.sonarlint.core.commons.RuleType;
+import org.sonarsource.sonarlint.core.commons.SoftwareQuality;
+import org.sonarsource.sonarlint.core.commons.api.TextRangeWithHash;
+
+public record RangeLevelServerIssue(UUID id, String serverKey, boolean resolved, @Nullable IssueStatus resolutionStatus,
+                                    String ruleKey, String message, Path filePath, Instant creationDate,
+                                    @Nullable IssueSeverity userSeverity, RuleType type,
+                                    Map<SoftwareQuality, ImpactSeverity> impacts, TextRangeWithHash textRange)  implements ServerIssue {
+}

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/ServerDependencyRisk.java

@@ -0,0 +1,61 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+import javax.annotation.Nullable;
+
+public record ServerDependencyRisk(UUID key, Type type, Severity severity, SoftwareQuality quality,
+                                   Status status, String packageName, String packageVersion, @Nullable String vulnerabilityId,
+                                   @Nullable String cvssScore, List<Transition> transitions) {
+
+  public ServerDependencyRisk withStatus(Status newStatus) {
+    var newTransitions = new ArrayList<>(Arrays.asList(Transition.values()));
+    newTransitions.remove(Transition.FIXED);
+    newTransitions.remove(newStatus.equals(Status.OPEN) ? Transition.REOPEN : Transition.valueOf(newStatus.name()));
+    return new ServerDependencyRisk(key, type, severity, quality, newStatus, packageName, packageVersion,
+      vulnerabilityId, cvssScore, newTransitions);
+  }
+
+  public enum Severity {
+    INFO, LOW, MEDIUM, HIGH, BLOCKER
+  }
+
+  public enum SoftwareQuality {
+    MAINTAINABILITY,
+    RELIABILITY,
+    SECURITY
+  }
+
+  public enum Type {
+    VULNERABILITY, PROHIBITED_LICENSE
+  }
+
+  public enum Status {
+    OPEN, CONFIRM, ACCEPT, SAFE, FIXED
+  }
+
+  public enum Transition {
+    CONFIRM, REOPEN, SAFE, FIXED, ACCEPT
+  }
+}

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/ServerFinding.java

@@ -0,0 +1,24 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+public interface ServerFinding {
+  String getRuleKey();
+}

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/ServerFindingType.java

@@ -0,0 +1,26 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+public enum ServerFindingType {
+  ISSUE,
+  HOTSPOT,
+  TAINT
+}

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/ServerHotspot.java

@@ -0,0 +1,40 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+import java.nio.file.Path;
+import java.time.Instant;
+import java.util.UUID;
+import javax.annotation.Nullable;
+import org.sonarsource.sonarlint.core.commons.HotspotReviewStatus;
+import org.sonarsource.sonarlint.core.commons.VulnerabilityProbability;
+import org.sonarsource.sonarlint.core.commons.api.TextRange;
+
+public record ServerHotspot(UUID id,
+                            String key,
+                            String ruleKey,
+                            String message,
+                            Path filePath,
+                            TextRange textRange,
+                            Instant creationDate,
+                            HotspotReviewStatus status,
+                            VulnerabilityProbability vulnerabilityProbability,
+                            @Nullable String assignee) {
+}

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/ServerIssue.java

@@ -0,0 +1,51 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+import java.nio.file.Path;
+import java.time.Instant;
+import java.util.Map;
+import java.util.UUID;
+import javax.annotation.Nullable;
+import org.sonarsource.sonarlint.core.commons.ImpactSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueStatus;
+import org.sonarsource.sonarlint.core.commons.RuleType;
+import org.sonarsource.sonarlint.core.commons.SoftwareQuality;
+
+public sealed interface ServerIssue extends ServerFinding permits FileLevelServerIssue, LineLevelServerIssue, RangeLevelServerIssue {
+  UUID id();
+  String serverKey();
+  boolean resolved();
+  @Nullable IssueStatus resolutionStatus();
+  String ruleKey();
+  String message();
+  Path filePath();
+  Instant creationDate();
+  @Nullable IssueSeverity userSeverity();
+  RuleType type();
+  Map<SoftwareQuality, ImpactSeverity> impacts();
+
+  @Override
+  default String getRuleKey() {
+    return ruleKey();
+  }
+}
+

backend/commons/src/main/java/org/sonarsource/sonarlint/core/commons/storage/model/ServerTaintIssue.java

@@ -0,0 +1,48 @@
+/*
+ * SonarLint Core - Commons
+ * Copyright (C) 2016-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.commons.storage.model;
+
+import java.nio.file.Path;
+import java.time.Instant;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import javax.annotation.Nullable;
+import org.sonarsource.sonarlint.core.commons.CleanCodeAttribute;
+import org.sonarsource.sonarlint.core.commons.ImpactSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueSeverity;
+import org.sonarsource.sonarlint.core.commons.IssueStatus;
+import org.sonarsource.sonarlint.core.commons.RuleType;
+import org.sonarsource.sonarlint.core.commons.SoftwareQuality;
+import org.sonarsource.sonarlint.core.commons.api.TextRangeWithHash;
+
+public record ServerTaintIssue(UUID id, String key, boolean resolved, @Nullable IssueStatus resolutionStatus, String ruleKey,
+                               String message, Path filePath, Instant creationDate, IssueSeverity severity, RuleType type,
+                               @Nullable TextRangeWithHash textRange, @Nullable String ruleDescriptionContextKey, @Nullable CleanCodeAttribute cleanCodeAttribute,
+                               Map<SoftwareQuality, ImpactSeverity> impacts, List<Flow> flows) implements ServerFinding {
+  @Override
+  public String getRuleKey() {
+    return ruleKey;
+  }
+
+  public record Flow(List<ServerIssueLocation> locations) { }
+
+  public record ServerIssueLocation(@Nullable Path filePath, @Nullable TextRangeWithHash textRange, @Nullable String message) { }
+}