npm - opencode-sonarqube - Versions diffs - 2.1.1 → 2.1.3 - Mend

opencode-sonarqube 2.1.1 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +122 -38
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -19313,6 +19313,10 @@ class SonarQubeAPI {
     };
   }
 }
+function createSonarQubeAPIWithCredentials(url2, user, password, logger4) {
+  const client = createClientWithCredentials(url2, user, password, logger4?.child("client"));
+  return new SonarQubeAPI(client, logger4);
+}
 function createSonarQubeAPIWithToken(url2, token, logger4) {
   const client = createClientWithToken(url2, token, logger4?.child("client"));
   return new SonarQubeAPI(client, logger4);
@@ -20374,6 +20378,50 @@ Please fix the failed checks before proceeding.`;
   return output;
 }
 // src/tools/handlers/security.ts
+var HOTSPOT_AUTH_ERROR = `**Hotspot review requires admin credentials.**
+Project tokens don't have permission to review security hotspots.
+The plugin needs valid admin credentials configured in one of these locations:
+**Option 1: Environment variables**
+\`\`\`
+export SONAR_HOST_URL=https://your-sonarqube-server.com
+export SONAR_USER=admin
+export SONAR_PASSWORD=your-password
+\`\`\`
+**Option 2: opencode.json**
+\`\`\`json
+{
+  "plugins": {
+    "opencode-sonarqube": {
+      "url": "https://your-sonarqube-server.com",
+      "user": "admin",
+      "password": "your-password"
+    }
+  }
+}
+\`\`\`
+**Option 3: .sonarqube/config.json** (in your project root)
+\`\`\`json
+{
+  "url": "https://your-sonarqube-server.com",
+  "user": "admin",
+  "password": "your-password"
+}
+\`\`\`
+The user needs the **"Administer Security Hotspot"** permission in SonarQube.`;
+function createAdminAPI(ctx) {
+  return createSonarQubeAPIWithCredentials(ctx.config.url, ctx.config.user, ctx.config.password);
+}
+function isAuthError(error45) {
+  if (!(error45 instanceof Error))
+    return false;
+  const msg = error45.message.toLowerCase();
+  return msg.includes("insufficient permissions") || msg.includes("invalid credentials") || msg.includes("401") || msg.includes("403");
+}
 async function handleHotspots(ctx) {
   const { api: api2, projectKey } = ctx;
   const hotspots = await api2.issues.getSecurityHotspots(projectKey);
@@ -20441,56 +20489,92 @@ sonarqube({ action: "reviewhotspot", resolution: "SAFE", comment: "Bulk review:
   }
   return output;
 }
-async function handleReviewHotspot(ctx, hotspotKey, resolution, comment) {
-  const { api: api2, projectKey } = ctx;
-  const validResolutions = ["SAFE", "FIXED", "ACKNOWLEDGED"];
-  const res = resolution?.toUpperCase() ?? "SAFE";
-  if (!validResolutions.includes(res)) {
-    return `**Error:** Invalid resolution "${resolution}". Must be one of: SAFE, FIXED, ACKNOWLEDGED`;
-  }
-  if (!hotspotKey) {
-    const toReview = await api2.issues.getSecurityHotspotsToReview(projectKey);
-    if (toReview.length === 0) {
-      return formatSuccess("Review Hotspots", "No pending hotspots to review. All hotspots have already been reviewed.");
+async function getAuthenticatedAdminAPI(ctx) {
+  try {
+    const adminApi = createAdminAPI(ctx);
+    await adminApi.client.validateAuth();
+    return adminApi;
+  } catch (error45) {
+    if (isAuthError(error45)) {
+      return HOTSPOT_AUTH_ERROR;
     }
-    const result = await api2.issues.bulkReviewHotspots(toReview.map((h) => h.key), res, comment ?? `Bulk reviewed as ${res} via opencode-sonarqube plugin`);
-    let output = `## Hotspot Bulk Review Complete
+    const msg = error45 instanceof Error ? error45.message : String(error45);
+    return `**Error connecting to SonarQube:** ${msg}
-**Project:** \`${projectKey}\`
-**Resolution:** ${res}
-**Reviewed:** ${result.success} hotspots
-**Failed:** ${result.failed} hotspots
-`;
-    if (result.errors.length > 0) {
-      output += `
-### Errors
-`;
-      for (const err of result.errors.slice(0, 10)) {
-        output += `- ${err}
-`;
-      }
+${HOTSPOT_AUTH_ERROR}`;
+  }
+}
+async function bulkReviewAllHotspots(api2, adminApi, projectKey, res, comment) {
+  const toReview = await api2.issues.getSecurityHotspotsToReview(projectKey);
+  if (toReview.length === 0) {
+    return formatSuccess("Review Hotspots", "No pending hotspots to review. All hotspots have already been reviewed.");
+  }
+  const result = await adminApi.issues.bulkReviewHotspots(toReview.map((h) => h.key), res, comment ?? `Bulk reviewed as ${res} via opencode-sonarqube plugin`);
+  if (result.failed > 0 && result.success === 0 && result.errors.some((e) => e.includes("Insufficient permissions"))) {
+    return HOTSPOT_AUTH_ERROR;
+  }
+  return formatBulkReviewResult(projectKey, res, result);
+}
+function formatBulkReviewResult(projectKey, res, result) {
+  const lines = [
+    "## Hotspot Bulk Review Complete",
+    "",
+    `**Project:** \`${projectKey}\``,
+    `**Resolution:** ${res}`,
+    `**Reviewed:** ${result.success} hotspots`,
+    `**Failed:** ${result.failed} hotspots`
+  ];
+  if (result.errors.length > 0) {
+    lines.push("", "### Errors");
+    for (const err of result.errors.slice(0, 10)) {
+      lines.push(`- ${err}`);
     }
-    output += `
-> Run \`sonarqube({ action: "status" })\` to check the updated Quality Gate.`;
-    return output;
   }
+  lines.push("", '> Run `sonarqube({ action: "status" })` to check the updated Quality Gate.');
+  return lines.join(`
+`);
+}
+async function reviewSingleHotspot(adminApi, hotspotKey, res, comment) {
   try {
-    await api2.issues.reviewHotspot(hotspotKey, "REVIEWED", res, comment ?? `Reviewed as ${res} via opencode-sonarqube plugin`);
-    return `## Hotspot Reviewed
-**Hotspot:** \`${hotspotKey}\`
-**Status:** REVIEWED
-**Resolution:** ${res}
-${comment ? `**Comment:** ${comment}` : ""}
-> Run \`sonarqube({ action: "hotspots" })\` to see remaining hotspots.`;
+    await adminApi.issues.reviewHotspot(hotspotKey, "REVIEWED", res, comment ?? `Reviewed as ${res} via opencode-sonarqube plugin`);
+    const lines = [
+      "## Hotspot Reviewed",
+      "",
+      `**Hotspot:** \`${hotspotKey}\``,
+      "**Status:** REVIEWED",
+      `**Resolution:** ${res}`
+    ];
+    if (comment) {
+      lines.push(`**Comment:** ${comment}`);
+    }
+    lines.push("", '> Run `sonarqube({ action: "hotspots" })` to see remaining hotspots.');
+    return lines.join(`
+`);
   } catch (error45) {
+    if (isAuthError(error45)) {
+      return HOTSPOT_AUTH_ERROR;
+    }
     const msg = error45 instanceof Error ? error45.message : String(error45);
     return `**Error reviewing hotspot:** ${msg}
 Make sure the hotspot key is correct. Use \`sonarqube({ action: "hotspots" })\` to list hotspot keys.`;
   }
 }
+async function handleReviewHotspot(ctx, hotspotKey, resolution, comment) {
+  const validResolutions = ["SAFE", "FIXED", "ACKNOWLEDGED"];
+  const res = resolution?.toUpperCase() ?? "SAFE";
+  if (!validResolutions.includes(res)) {
+    return `**Error:** Invalid resolution "${resolution}". Must be one of: SAFE, FIXED, ACKNOWLEDGED`;
+  }
+  const adminApiOrError = await getAuthenticatedAdminAPI(ctx);
+  if (typeof adminApiOrError === "string") {
+    return adminApiOrError;
+  }
+  if (!hotspotKey) {
+    return bulkReviewAllHotspots(ctx.api, adminApiOrError, ctx.projectKey, res, comment);
+  }
+  return reviewSingleHotspot(adminApiOrError, hotspotKey, res, comment);
+}
 // src/tools/handlers/duplications.ts
 async function handleDuplications(ctx) {
   const { api: api2, projectKey } = ctx;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-sonarqube",
-  "version": "2.1.1",
+  "version": "2.1.3",
   "description": "OpenCode Plugin for SonarQube integration - Enterprise-level code quality from the start",
   "type": "module",
   "main": "dist/index.js",