From 4c58564a9ae62bf092879c6a7386a361bf6d50b2 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Lievremont Date: Fri, 18 Oct 2024 16:34:02 +0200 Subject: [PATCH] Fix override of taint vulnerability impact severity in SQ 10.8+ --- .../src/test/java/its/SonarQubeDeveloperEditionTests.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/its/tests/src/test/java/its/SonarQubeDeveloperEditionTests.java b/its/tests/src/test/java/its/SonarQubeDeveloperEditionTests.java index ff6403c815..bdf1ac28ab 100644 --- a/its/tests/src/test/java/its/SonarQubeDeveloperEditionTests.java +++ b/its/tests/src/test/java/its/SonarQubeDeveloperEditionTests.java @@ -837,8 +837,13 @@ void shouldSyncTaintVulnerabilities() throws ExecutionException, InterruptedExce assertThat(taintVulnerability.getType()).isEqualTo(org.sonarsource.sonarlint.core.rpc.protocol.common.RuleType.VULNERABILITY); assertThat(taintVulnerability.getRuleDescriptionContextKey()).isEqualTo("java_se"); - if (ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 2)) { + if (ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 8)) { assertThat(taintVulnerability.getCleanCodeAttribute()).isEqualTo(CleanCodeAttribute.COMPLETE); + // In SQ 10.8+, old MAJOR severity maps to overridden MEDIUM impact + assertThat(taintVulnerability.getImpacts()).containsExactly(entry(SoftwareQuality.SECURITY, ImpactSeverity.MEDIUM)); + } else if (ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 2)) { + assertThat(taintVulnerability.getCleanCodeAttribute()).isEqualTo(CleanCodeAttribute.COMPLETE); + // In 10.2 <= SQ < 10.8, the impact severity is not overridden assertThat(taintVulnerability.getImpacts()).containsExactly(entry(SoftwareQuality.SECURITY, ImpactSeverity.HIGH)); } else { assertThat(taintVulnerability.getCleanCodeAttribute()).isNull();