SLVSCODE-966 add a separate notification for publishing taint vulnerabilities

Author: sophio-japharidze-sonarsource

src/main/java/org/sonarsource/sonarlint/ls/DiagnosticPublisher.java

@@ -22,7 +22,6 @@
 import java.net.URI;
 import java.util.Comparator;
 import java.util.Map;
-import java.util.stream.Stream;
 import javax.annotation.Nullable;
 import org.eclipse.lsp4j.Diagnostic;
 import org.eclipse.lsp4j.DiagnosticSeverity;
@@ -79,6 +78,10 @@ public void publishDiagnostics(URI f, boolean onlyIssues) {
     client.publishDiagnostics(createPublishDiagnosticsParams(f));
   }
 
+  public void publishTaints(URI f) {
+    client.publishTaintVulnerabilities(createPublishTaintsParams(f));
+  }
+
   public void publishHotspots(URI f) {
     client.publishSecurityHotspots(createPublishSecurityHotspotsParams(f));
   }
@@ -198,9 +201,22 @@ private PublishDiagnosticsParams createPublishDiagnosticsParams(URI newUri) {
       .stream()
       .filter(e -> !e.getValue().isResolved())
       .map(this::taintDtoToDiagnostic);
+
+    var diagnosticList = localDiagnostics
+      .sorted(DiagnosticPublisher.byLineNumber())
+      .toList();
+    p.setDiagnostics(diagnosticList);
+    p.setUri(newUri.toString());
+
+    return p;
+  }
+
+  private PublishDiagnosticsParams createPublishTaintsParams(URI newUri) {
+    var p = new PublishDiagnosticsParams();
+
     var taintDiagnostics = taintVulnerabilitiesCache.getAsDiagnostics(newUri, focusOnNewCode);
 
-    var diagnosticList = Stream.concat(localDiagnostics, taintDiagnostics)
+    var diagnosticList = taintDiagnostics
       .sorted(DiagnosticPublisher.byLineNumber())
       .toList();
     p.setDiagnostics(diagnosticList);

src/main/java/org/sonarsource/sonarlint/ls/SonarLintExtendedLanguageClient.java

@@ -768,6 +768,9 @@ public String getReason() {
   @JsonNotification("sonarlint/publishSecurityHotspots")
   void publishSecurityHotspots(PublishDiagnosticsParams publishDiagnosticsParams);
 
+  @JsonNotification("sonarlint/publishTaintVulnerabilities")
+  void publishTaintVulnerabilities(PublishDiagnosticsParams publishDiagnosticsParams);
+
   @JsonNotification("sonarlint/readyForTests")
   void readyForTests();
 

src/main/java/org/sonarsource/sonarlint/ls/clientapi/SonarLintVSCodeClient.java

@@ -456,7 +456,7 @@ private void handleAddedTaints(Map<URI, List<TaintVulnerabilityDto>> addedTaints
         addedTaintIssuesForFile.addAll(existingTaintVulnerabilitiesPerFile.get(fileUri));
       }
       taintVulnerabilitiesCache.reload(fileUri, addedTaintIssuesForFile);
-      diagnosticPublisher.publishDiagnostics(fileUri, true);
+      diagnosticPublisher.publishTaints(fileUri);
     });
   }
 
@@ -475,7 +475,7 @@ private void handleUpdatedTaints(Map<URI, List<TaintVulnerabilityDto>> updateTai
       } else {
         taintVulnerabilitiesCache.reload(fileUri, dtosToTaintIssues(folderUri, updates, isSonarCloud));
       }
-      diagnosticPublisher.publishDiagnostics(fileUri, true);
+      diagnosticPublisher.publishTaints(fileUri);
     });
   }
 
@@ -543,7 +543,7 @@ private void initializeTaintCache(Set<String> configurationScopeIds) {
           taintsByFile.forEach((fileUri, t) -> {
             var vulnerabilities = dtosToTaintIssues(configurationScopeId, t, isSonarCloud);
             taintVulnerabilitiesCache.reload(fileUri, vulnerabilities);
-            diagnosticPublisher.publishDiagnostics(fileUri, true);
+            diagnosticPublisher.publishTaints(fileUri);
           });
 
           return null;

src/test/java/org/sonarsource/sonarlint/ls/clientapi/SonarLintVSCodeClientTests.java

@@ -743,7 +743,7 @@ void shouldPopulateTaintsCacheOnAnalysisReadinessChangedAndPublishDiagnostics()
     assertThat(taintIssues).hasSize(2);
     assertThat(((TaintIssue) taintIssues.get(0)).getId()).isEqualTo(uuid1);
     assertThat(((TaintIssue) taintIssues.get(1)).getId()).isEqualTo(uuid2);
-    verify(diagnosticPublisher).publishDiagnostics(URIUtils.getFullFileUriFromFragments(workspaceFolderPath.toUri().toString(), filePath), true);
+    verify(diagnosticPublisher).publishTaints(URIUtils.getFullFileUriFromFragments(workspaceFolderPath.toUri().toString(), filePath));
   }
 
   @Test

src/test/java/org/sonarsource/sonarlint/ls/mediumtests/AbstractLanguageServerMediumTests.java

@@ -336,6 +336,7 @@ protected static void awaitLatch(CountDownLatch latch) {
   protected static class FakeLanguageClient implements SonarLintExtendedLanguageClient {
 
     Map<String, List<Diagnostic>> diagnostics = new ConcurrentHashMap<>();
+    Map<String, List<Diagnostic>> taints = new ConcurrentHashMap<>();
     Map<String, List<Diagnostic>> hotspots = new ConcurrentHashMap<>();
     Queue<MessageParams> logs = new ConcurrentLinkedQueue<>();
     Map<String, Object> globalSettings = new HashMap<>();
@@ -392,6 +393,10 @@ List<Diagnostic> getDiagnostics(String uri) {
       return diagnostics.getOrDefault(uri, List.of());
     }
 
+    List<Diagnostic> getTaints(String uri) {
+      return taints.getOrDefault(uri, List.of());
+    }
+
     List<Diagnostic> getHotspots(String uri) {
       return hotspots.getOrDefault(uri, List.of());
     }
@@ -406,6 +411,11 @@ public void publishSecurityHotspots(PublishDiagnosticsParams diagnostics) {
       this.hotspots.put(diagnostics.getUri(), diagnostics.getDiagnostics());
     }
 
+    @Override
+    public void publishTaintVulnerabilities(PublishDiagnosticsParams publishDiagnosticsParams) {
+      this.taints.put(publishDiagnosticsParams.getUri(), publishDiagnosticsParams.getDiagnostics());
+    }
+
     @Override
     public void showMessage(MessageParams messageParams) {
       shownMessages.add(messageParams);

src/test/java/org/sonarsource/sonarlint/ls/mediumtests/ConnectedModeMediumTests.java

@@ -1432,7 +1432,7 @@ void shouldReportTaintIssues() {
     var content = "def foo():\n  toto = 0\n  plouf = 0\n";
     didOpen(fileUri, "python", content);
 
-    awaitUntilAsserted(() -> assertThat(client.getDiagnostics(fileUri))
+    awaitUntilAsserted(() -> assertThat(client.getTaints(fileUri))
       .extracting(startLine(), startCharacter(), endLine(), endCharacter(), code(), Diagnostic::getSource, Diagnostic::getMessage,
         Diagnostic::getSeverity)
       .contains(tuple(0, 1, 0, 2, "ruleKey", "Latest SonarQube Server Analysis", "message", DiagnosticSeverity.Warning)));