SLCORE-1526 allow clients to record dependency risk interaction telemetry

Author: sophio-japharidze-sonarsource

API_CHANGES.md

@@ -5,6 +5,11 @@
 * Allow changing status of SCA issues via `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.ScaRpcService.changeStatus`.
   * Required parameters are `configScopeId`, `issueId` and `transition`.
   * If transition is `ACCEPT`, `FIXED`, or `SAFE`, a `comment` field is mandatory
+* Allow clients to open dependency risk (SCA issues) in browser
+  * Introduce `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.ScaRpcService.openDependencyRiskInBrowser` that accepts `configScopeId` and `dependencyRiskKey` (UUID) parameters
+* Allow clients to record interactions with dependency risks (SCA issues) in telemetry
+  * Introduce `org.sonarsource.sonarlint.core.rpc.protocol.backend.telemetry.TelemetryRpcService.dependencyRiskInvestigatedLocally` method
+  * Introduce `org.sonarsource.sonarlint.core.rpc.protocol.backend.telemetry.TelemetryRpcService.dependencyRiskInvestigatedRemotely` method
 * Add a new `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.ScaRpcService.getDependencyRiskDetails`.
 
 # 10.26

backend/core/src/main/java/org/sonarsource/sonarlint/core/sca/ScaService.java

@@ -55,9 +55,8 @@ public class ScaService {
   private final SonarLintRpcClient client;
   private final TelemetryService telemetryService;
 
-  public ScaService(ConfigurationRepository configurationRepository, ConnectionConfigurationRepository connectionRepository,
-    StorageService storageService, SonarQubeClientManager sonarQubeClientManager,
-    SonarProjectBranchTrackingService branchTrackingService, SonarLintRpcClient client, TelemetryService telemetryService) {
+  public ScaService(ConfigurationRepository configurationRepository, ConnectionConfigurationRepository connectionRepository, StorageService storageService,
+    SonarQubeClientManager sonarQubeClientManager, SonarProjectBranchTrackingService branchTrackingService, SonarLintRpcClient client, TelemetryService telemetryService) {
     this.configurationRepository = configurationRepository;
     this.connectionRepository = connectionRepository;
     this.storageService = storageService;
@@ -170,17 +169,17 @@ public void openDependencyRiskInBrowser(String configurationScopeId, String depe
 
     client.openUrlInBrowser(new OpenUrlInBrowserParams(url));
 
-    // TODO: Add SCA-specific telemetry method when available
-    // telemetryService.dependencyRiskOpenedInBrowser();
+    telemetryService.dependencyRiskInvestigatedRemotely();
   }
 
-  static String buildScaBrowseUrl(String projectKey, String branch, String dependencyKey, EndpointParams endpointParams) {
-    var relativePath = "/dependency-risks/"
-      + UrlUtils.urlEncode(dependencyKey)
-      + "/what?id="
-      + UrlUtils.urlEncode(projectKey)
-      + "&branch="
-      + UrlUtils.urlEncode(branch);
+  static String buildScaBrowseUrl(String projectKey, String branch, UUID dependencyKey, EndpointParams endpointParams) {
+    var relativePath = new StringBuilder("/dependency-risks/")
+      .append(UrlUtils.urlEncode(dependencyKey.toString()))
+      .append("/what?id=")
+      .append(UrlUtils.urlEncode(projectKey))
+      .append("&branch=")
+      .append(UrlUtils.urlEncode(branch))
+      .toString();
 
     return ServerApiHelper.concat(endpointParams.getBaseUrl(), relativePath);
   }

backend/core/src/main/java/org/sonarsource/sonarlint/core/telemetry/TelemetryService.java

@@ -258,6 +258,14 @@ public void issueInvestigatedLocally() {
     updateTelemetry(TelemetryLocalStorage::incrementIssueInvestigatedLocallyCount);
   }
 
+  public void dependencyRiskInvestigatedRemotely() {
+    updateTelemetry(TelemetryLocalStorage::incrementDependencyRiskInvestigatedRemotelyCount);
+  }
+
+  public void dependencyRiskInvestigatedLocally() {
+    updateTelemetry(TelemetryLocalStorage::incrementDependencyRiskInvestigatedLocallyCount);
+  }
+
   public void findingsFiltered(String filterType) {
     updateTelemetry(localStorage -> localStorage.findingsFiltered(filterType));
   }

backend/core/src/test/java/org/sonarsource/sonarlint/core/sca/ScaServiceTests.java

@@ -19,6 +19,7 @@
  */
 package org.sonarsource.sonarlint.core.sca;
 
+import java.util.UUID;
 import org.junit.jupiter.api.Test;
 import org.sonarsource.sonarlint.core.serverapi.EndpointParams;
 
@@ -28,8 +29,8 @@ class ScaServiceTests {
 
   @Test
   void testBuildSonarQubeServerScaUrl() {
-    assertThat(ScaService.buildScaBrowseUrl("myProject", "myBranch", "dependencyKey", new EndpointParams("http://foo.com", "", false, null)))
-      .isEqualTo("http://foo.com/dependency-risks/dependencyKey/what?id=myProject&branch=myBranch");
+    var dependencyKey = UUID.randomUUID();
+    assertThat(ScaService.buildScaBrowseUrl("myProject", "myBranch", dependencyKey, new EndpointParams("http://foo.com", "", false, null)))
+      .isEqualTo(String.format("http://foo.com/dependency-risks/%s/what?id=myProject&branch=myBranch", dependencyKey));
   }
-
-} 
+}

backend/rpc-impl/src/main/java/org/sonarsource/sonarlint/core/rpc/impl/TelemetryRpcServiceDelegate.java

@@ -149,6 +149,16 @@ public void issueInvestigatedLocally() {
     notify(() -> getBean(TelemetryService.class).issueInvestigatedLocally());
   }
 
+  @Override
+  public void dependencyRiskInvestigatedLocally() {
+    notify(() -> getBean(TelemetryService.class).dependencyRiskInvestigatedLocally());
+  }
+
+  @Override
+  public void dependencyRiskInvestigatedRemotely() {
+    notify(() -> getBean(TelemetryService.class).dependencyRiskInvestigatedRemotely());
+  }
+
   @Override
   public void findingsFiltered(FindingsFilteredParams params) {
     notify(() -> getBean(TelemetryService.class).findingsFiltered(params.getFilterType()));

backend/telemetry/src/main/java/org/sonarsource/sonarlint/core/telemetry/TelemetryLocalStorage.java

@@ -85,6 +85,8 @@ public class TelemetryLocalStorage {
   private int hotspotInvestigatedLocallyCount;
   private int hotspotInvestigatedRemotelyCount;
   private int issueInvestigatedLocallyCount;
+  private int dependencyRiskInvestigatedRemotelyCount;
+  private int dependencyRiskInvestigatedLocallyCount;
 
   TelemetryLocalStorage() {
     enabled = true;
@@ -240,6 +242,8 @@ void clearAfterPing() {
     issuesFixedCount = 0;
     biggestNumberOfFilesInConfigScope = 0;
     calledToolsByName.clear();
+    dependencyRiskInvestigatedLocallyCount = 0;
+    dependencyRiskInvestigatedRemotelyCount = 0;
   }
 
   public long numUseDays() {
@@ -563,6 +567,16 @@ public void incrementIssueInvestigatedLocallyCount() {
     issueInvestigatedLocallyCount++;
   }
 
+  public void incrementDependencyRiskInvestigatedRemotelyCount() {
+    markSonarLintAsUsedToday();
+    dependencyRiskInvestigatedRemotelyCount++;
+  }
+
+  public void incrementDependencyRiskInvestigatedLocallyCount() {
+    markSonarLintAsUsedToday();
+    dependencyRiskInvestigatedLocallyCount++;
+  }
+
   public int getHotspotInvestigatedRemotelyCount() {
     return hotspotInvestigatedRemotelyCount;
   }
@@ -582,4 +596,12 @@ public int getTaintInvestigatedLocallyCount() {
   public int getIssueInvestigatedLocallyCount() {
     return issueInvestigatedLocallyCount;
   }
+
+  public int getDependencyRiskInvestigatedRemotelyCount() {
+    return dependencyRiskInvestigatedRemotelyCount;
+  }
+
+  public int getDependencyRiskInvestigatedLocallyCount() {
+    return dependencyRiskInvestigatedLocallyCount;
+  }
 }

backend/telemetry/src/main/java/org/sonarsource/sonarlint/core/telemetry/measures/payload/TelemetryMeasuresBuilder.java

@@ -80,6 +80,9 @@ private void addFindingInvestigationMeasures(ArrayList<TelemetryMeasuresValue> v
     values.add(new TelemetryMeasuresValue("findings_investigation.hotspots_locally", String.valueOf(storage.getHotspotInvestigatedLocallyCount()), INTEGER, DAILY));
     values.add(new TelemetryMeasuresValue("findings_investigation.hotspots_remotely", String.valueOf(storage.getHotspotInvestigatedRemotelyCount()), INTEGER, DAILY));
     values.add(new TelemetryMeasuresValue("findings_investigation.issues_locally", String.valueOf(storage.getIssueInvestigatedLocallyCount()), INTEGER, DAILY));
+    values.add(new TelemetryMeasuresValue("findings_investigation.dependency_risks_locally", String.valueOf(storage.getDependencyRiskInvestigatedLocallyCount()), INTEGER, DAILY));
+    values.add(new TelemetryMeasuresValue("findings_investigation.dependency_risks_remotely",
+      String.valueOf(storage.getDependencyRiskInvestigatedRemotelyCount()), INTEGER, DAILY));
   }
 
   private void addConnectedModeMeasures(ArrayList<TelemetryMeasuresValue> values) {

backend/telemetry/src/test/java/org/sonarsource/sonarlint/core/telemetry/TelemetryLocalStorageTests.java

@@ -250,4 +250,35 @@ void should_clear_findings_filtered_counters() {
     data.clearAfterPing();
     assertThat(data.getFindingsFilteredCountersByType()).isEmpty();
   }
+
+  @Test
+  void should_track_dependency_risk_investigated() {
+    var data = new TelemetryLocalStorage();
+    assertThat(data.getDependencyRiskInvestigatedRemotelyCount()).isZero();
+    assertThat(data.getDependencyRiskInvestigatedLocallyCount()).isZero();
+
+    data.incrementDependencyRiskInvestigatedRemotelyCount();
+    data.incrementDependencyRiskInvestigatedLocallyCount();
+    assertThat(data.getDependencyRiskInvestigatedRemotelyCount()).isEqualTo(1);
+    assertThat(data.getDependencyRiskInvestigatedLocallyCount()).isEqualTo(1);
+
+    data.incrementDependencyRiskInvestigatedRemotelyCount();
+    data.incrementDependencyRiskInvestigatedLocallyCount();
+    assertThat(data.getDependencyRiskInvestigatedRemotelyCount()).isEqualTo(2);
+    assertThat(data.getDependencyRiskInvestigatedLocallyCount()).isEqualTo(2);
+  }
+
+  @Test
+  void should_clear_dependency_risk_investigated_counts_after_ping() {
+    var data = new TelemetryLocalStorage();
+
+    data.incrementDependencyRiskInvestigatedRemotelyCount();
+    data.incrementDependencyRiskInvestigatedLocallyCount();
+    assertThat(data.getDependencyRiskInvestigatedRemotelyCount()).isEqualTo(1);
+    assertThat(data.getDependencyRiskInvestigatedLocallyCount()).isEqualTo(1);
+
+    data.clearAfterPing();
+    assertThat(data.getDependencyRiskInvestigatedRemotelyCount()).isZero();
+    assertThat(data.getDependencyRiskInvestigatedLocallyCount()).isZero();
+  }
 }

medium-tests/src/test/java/mediumtest/TelemetryMediumTests.java

@@ -338,6 +338,26 @@ void it_should_accumulate_investigated_taint_vulnerabilities(SonarLintTestHarnes
       .containsExactly(3, 2));
   }
 
+  @SonarLintTest
+  void it_should_accumulate_investigated_dependency_risks(SonarLintTestHarness harness) {
+    var backend = setupClientAndBackend(harness);
+
+    backend.getTelemetryService().dependencyRiskInvestigatedRemotely();
+    backend.getTelemetryService().dependencyRiskInvestigatedLocally();
+
+    await().untilAsserted(() -> assertThat(backend.telemetryFileContent())
+      .extracting(TelemetryLocalStorage::getDependencyRiskInvestigatedRemotelyCount, TelemetryLocalStorage::getDependencyRiskInvestigatedLocallyCount)
+        .containsExactly(1, 1));
+
+    backend.getTelemetryService().dependencyRiskInvestigatedRemotely();
+    backend.getTelemetryService().dependencyRiskInvestigatedLocally();
+    backend.getTelemetryService().dependencyRiskInvestigatedLocally();
+
+    await().untilAsserted(() -> assertThat(backend.telemetryFileContent())
+      .extracting(TelemetryLocalStorage::getDependencyRiskInvestigatedRemotelyCount, TelemetryLocalStorage::getDependencyRiskInvestigatedLocallyCount)
+      .containsExactly(2, 3));
+  }
+
   @SonarLintTest
   void it_should_accumulate_clicked_dev_notifications(SonarLintTestHarness harness) {
     var backend = setupClientAndBackend(harness);

medium-tests/src/test/java/mediumtest/sca/OpenDependencyRiskInBrowserMediumTests.java

@@ -26,17 +26,19 @@
 import org.sonarsource.sonarlint.core.test.utils.junit5.SonarLintTest;
 import org.sonarsource.sonarlint.core.test.utils.junit5.SonarLintTestHarness;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.awaitility.Awaitility.await;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.timeout;
 import static org.mockito.Mockito.verify;
 import static org.sonarsource.sonarlint.core.serverapi.UrlUtils.urlEncode;
 
 class OpenDependencyRiskInBrowserMediumTests {
-  public static final String CONNECTION_ID = "connectionId";
-  public static final String SCOPE_ID = "scopeId";
-  public static final String PROJECT_KEY = "projectKey";
-  public static final String DEPENDENCY_KEY = UUID.randomUUID().toString();
-  public static final String BRANCH_NAME = "master";
+  static final String CONNECTION_ID = "connectionId";
+  static final String SCOPE_ID = "scopeId";
+  static final String PROJECT_KEY = "projectKey";
+  static final UUID DEPENDENCY_KEY = UUID.randomUUID();
+  static final String BRANCH_NAME = "master";
 
   @SonarLintTest
   void it_should_open_dependency_risk_in_sonarqube(SonarLintTestHarness harness) throws IOException {
@@ -51,9 +53,10 @@ void it_should_open_dependency_risk_in_sonarqube(SonarLintTestHarness harness) t
       SCOPE_ID, DEPENDENCY_KEY));
 
     var expectedUrl = String.format("http://localhost:12345/dependency-risks/%s/what?id=%s&branch=%s",
-      urlEncode(DEPENDENCY_KEY), urlEncode(PROJECT_KEY), urlEncode(BRANCH_NAME));
+      urlEncode(DEPENDENCY_KEY.toString()), urlEncode(PROJECT_KEY), urlEncode(BRANCH_NAME));
 
     verify(fakeClient, timeout(5000)).openUrlInBrowser(new URL(expectedUrl));
+    await().untilAsserted(() -> assertThat(backend.telemetryFileContent().getDependencyRiskInvestigatedRemotelyCount()).isEqualTo(1));
   }
 
   @SonarLintTest
@@ -68,4 +71,4 @@ void it_should_not_open_dependency_risk_if_unbound(SonarLintTestHarness harness)
 
     verify(fakeClient, timeout(5000).times(0)).openUrlInBrowser(any(URL.class));
   }
-} 
+}