MCP-330 fix: Apply 3 SonarQube suggestions

[sonarqube-agent]

This PR includes automated code changes to address 3 SonarQube issues: MAJOR (2) • MINOR (1).

View Project in SonarCloud

---

Fixed Issues

java:S1075 - Refactor your code to get this URI from a customizable parameter. • MINOR • View issue

Location: src/main/java/org/sonarsource/sonarqube/mcp/serverapi/users/UsersApi.java:26

Why is this an issue?

What changed

This hunk adds a @SuppressWarnings("java:S1075") annotation to the field or constant that contains the hard-coded URI "/api/users/current" in UsersApi.java. This suppresses the static analysis rule that flags hard-coded URIs. In this case, the API endpoint path is an inherent part of the SonarQube API contract and is not something that should be externalized as a configurable parameter, so suppressing the warning is the appropriate resolution.

--- a/src/main/java/org/sonarsource/sonarqube/mcp/serverapi/users/UsersApi.java
+++ b/src/main/java/org/sonarsource/sonarqube/mcp/serverapi/users/UsersApi.java
@@ -25,0 +26,1 @@ public class UsersApi {
+  @SuppressWarnings("java:S1075")

java:S107 - Method has 11 parameters, which is greater than 7 authorized. • MAJOR • View issue

Location: src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsService.java:77

Why is this an issue?

What changed

This hunk directly fixes the code smell where the method notifyToolInvoked had 11 parameters (exceeding the maximum of 7). It replaces five individual parameters (organizationUuidV4, sqsInstallationId, userUuid, callingAgentName, callingAgentVersion) with a single ConnectionContext object, thereby reducing the parameter count to within the allowed threshold.

This hunk supports the fix for the excessive method parameters by updating the method body to retrieve organizationUuidV4, sqsInstallationId, and userUuid from the new connectionContext parameter object instead of using the removed individual parameters.

This hunk supports the fix for the excessive method parameters by updating the method body to retrieve callingAgentName and callingAgentVersion from the new connectionContext parameter object instead of using the removed individual parameters.

--- a/src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsService.java
+++ b/src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsService.java
@@ -77,2 +77,1 @@ public class AnalyticsService {
-  public void notifyToolInvoked(String toolName, @Nullable String organizationUuidV4, @Nullable String sqsInstallationId, @Nullable String userUuid,
-    @Nullable String callingAgentName, @Nullable String callingAgentVersion, long toolExecutionDurationMs, boolean isSuccessful,
+  public void notifyToolInvoked(String toolName, ConnectionContext connectionContext, long toolExecutionDurationMs, boolean isSuccessful,

--- a/src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsService.java
+++ b/src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsService.java
@@ -86,3 +85,3 @@ public class AnalyticsService {
-      isSonarCloud ? organizationUuidV4 : null,
-      isSonarCloud ? null : sqsInstallationId,
-      userUuid,
+      isSonarCloud ? connectionContext.getOrganizationUuidV4() : null,
+      isSonarCloud ? null : connectionContext.getSqsInstallationId(),
+      connectionContext.getUserUuid(),

--- a/src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsService.java
+++ b/src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsService.java
@@ -91,2 +90,2 @@ public class AnalyticsService {
-      callingAgentName,
-      callingAgentVersion,
+      connectionContext.getCallingAgentName(),
+      connectionContext.getCallingAgentVersion(),

java:S5976 - Replace these 3 tests with a single Parameterized one. • MAJOR • View issue

Location: src/test/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsServiceTest.java:118

Why is this an issue?

What changed

Adds the necessary imports for JUnit 5's @ParameterizedTest and @CsvSource annotations, which are required to refactor the three nearly-identical transport mode tests into a single parameterized test.

Replaces the three separate test methods (it_should_resolve_transport_mode_as_stdio_when_http_disabled, it_should_resolve_transport_mode_as_http_when_http_enabled_without_tls, and it_should_resolve_transport_mode_as_https_when_http_and_tls_enabled) with a single @ParameterizedTest method using @CsvSource. The three test cases differed only in the boolean flags (isHttpEnabled, isTlsEnabled) passed to the AnalyticsService constructor and the expected transport mode string. The @CsvSource provides the three combinations: (false, false, stdio), (true, false, http), and (true, true, https), eliminating the code duplication flagged by the static analysis rule about tests that should be parameterized.

Replaces the hardcoded assertion value "https" (which was from the last of the three original tests) with the parameterized variable expectedTransportMode. This completes the parameterized test refactoring by making the assertion dynamic based on the @CsvSource input, so each test case verifies the correct transport mode for its specific combination of inputs.

--- a/src/test/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsServiceTest.java
+++ b/src/test/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsServiceTest.java
@@ -20,0 +21,2 @@ import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;

--- a/src/test/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsServiceTest.java
+++ b/src/test/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsServiceTest.java
@@ -117,21 +119,8 @@ class AnalyticsServiceTest {
-  @Test
-  void it_should_resolve_transport_mode_as_stdio_when_http_disabled() {
-    var service = new AnalyticsService(mockClient, "server-id", false, false, false);
-    service.notifyToolInvoked("tool", null, null, null, null, null, 0L, true, null, 0L, 0L);
-    var captor = ArgumentCaptor.forClass(McpToolInvokedEvent.class);
-    verify(mockClient).postEvent(captor.capture());
-    assertThat(captor.getValue().transportMode()).isEqualTo("stdio");
-  }
-
-  @Test
-  void it_should_resolve_transport_mode_as_http_when_http_enabled_without_tls() {
-    var service = new AnalyticsService(mockClient, "server-id", true, false, false);
-    service.notifyToolInvoked("tool", null, null, null, null, null, 0L, true, null, 0L, 0L);
-    var captor = ArgumentCaptor.forClass(McpToolInvokedEvent.class);
-    verify(mockClient).postEvent(captor.capture());
-    assertThat(captor.getValue().transportMode()).isEqualTo("http");
-  }
-
-  @Test
-  void it_should_resolve_transport_mode_as_https_when_http_and_tls_enabled() {
-    var service = new AnalyticsService(mockClient, "server-id", true, true, false);
+  @ParameterizedTest
+  @CsvSource({
+    "false, false, stdio",
+    "true, false, http",
+    "true, true, https"
+  })
+  void it_should_resolve_transport_mode(boolean isHttpEnabled, boolean isTlsEnabled, String expectedTransportMode) {
+    var service = new AnalyticsService(mockClient, "server-id", isHttpEnabled, isTlsEnabled, false);

--- a/src/test/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsServiceTest.java
+++ b/src/test/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsServiceTest.java
@@ -141,1 +130,1 @@ class AnalyticsServiceTest {
-    assertThat(captor.getValue().transportMode()).isEqualTo("https");
+    assertThat(captor.getValue().transportMode()).isEqualTo(expectedTransportMode);

---

SonarQube Remediation Agent uses AI. Check for mistakes.

DISCLAIMER: Remediation Agent will not be triggered again on this (self authored) PR

[hashicorp-vault-sonar-prod]

MCP-330