From d6b083849c60a53e15765e8c8b98122e4c082e6a Mon Sep 17 00:00:00 2001 From: Pierre Guillot <50145663+pierre-guillot-sonarsource@users.noreply.github.com> Date: Thu, 9 May 2019 18:03:38 +0200 Subject: [PATCH] SONAR-12026 introduce new status 'reviewed' and new transition 'resolve as reviewed' for hotspot --- .../SecurityStandardCategoryStatistics.java | 18 +++--- .../server/issue/workflow/IssueWorkflow.java | 23 +++++++- .../IssueWorkflowForSecurityHotspotsTest.java | 56 ++++++++++++++++++- .../issue/workflow/IssueWorkflowTest.java | 3 +- .../sonar/server/issue/index/IssueIndex.java | 16 +++--- .../server/issue/ws/DoTransitionAction.java | 3 +- .../changeevent/QGChangeEventListener.java | 3 +- .../QGChangeEventListenersImpl.java | 2 + .../index/IssueIndexSecurityReportsTest.java | 22 ++++---- .../QGChangeEventListenersImplTest.java | 2 + .../ws/ShowActionTest/empty.json | 22 ++++---- .../ws/ShowActionTest/owaspNoCwe.json | 22 ++++---- .../ws/ShowActionTest/sansWithCwe.json | 8 +-- .../sonarsourceSecurityNoCwe.json | 40 ++++++------- .../sonarsourceSecurityOnApplication.json | 42 +++++++------- .../sonarsourceSecurityWithCwe.json | 42 +++++++------- .../sonar/api/issue/DefaultTransitions.java | 7 ++- .../main/java/org/sonar/api/issue/Issue.java | 5 ++ sonar-ws/src/main/protobuf/ws-security.proto | 4 +- 19 files changed, 215 insertions(+), 125 deletions(-) diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/SecurityStandardCategoryStatistics.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/SecurityStandardCategoryStatistics.java index 4148b57c121..ba83500b124 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/SecurityStandardCategoryStatistics.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/index/SecurityStandardCategoryStatistics.java @@ -30,19 +30,19 @@ public class SecurityStandardCategoryStatistics { private final OptionalInt vulnerabiliyRating; private final long inReviewSecurityHotspots; private final long toReviewSecurityHotspots; - private final long wontFixSecurityHotspots; + private final long reviewedSecurityHotspots; private final List children; private long activeRules; private long totalRules; public SecurityStandardCategoryStatistics(String category, long vulnerabilities, OptionalInt vulnerabiliyRating, long inReviewSecurityHotspots, long toReviewSecurityHotspots, - long wontFixSecurityHotspots, @Nullable List children) { + long reviewedSecurityHotspots, @Nullable List children) { this.category = category; this.vulnerabilities = vulnerabilities; this.vulnerabiliyRating = vulnerabiliyRating; this.inReviewSecurityHotspots = inReviewSecurityHotspots; this.toReviewSecurityHotspots = toReviewSecurityHotspots; - this.wontFixSecurityHotspots = wontFixSecurityHotspots; + this.reviewedSecurityHotspots = reviewedSecurityHotspots; this.children = children; } @@ -66,8 +66,8 @@ public class SecurityStandardCategoryStatistics { return toReviewSecurityHotspots; } - public long getWontFixSecurityHotspots() { - return wontFixSecurityHotspots; + public long getReviewedSecurityHotspots() { + return reviewedSecurityHotspots; } public List getChildren() { @@ -78,15 +78,15 @@ public class SecurityStandardCategoryStatistics { return activeRules; } - public long getTotalRules() { - return totalRules; - } - public SecurityStandardCategoryStatistics setActiveRules(long activeRules) { this.activeRules = activeRules; return this; } + public long getTotalRules() { + return totalRules; + } + public SecurityStandardCategoryStatistics setTotalRules(long totalRules) { this.totalRules = totalRules; return this; diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java index eea7b1e28e7..631e6cb3480 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java @@ -43,6 +43,7 @@ import static org.sonar.api.issue.Issue.STATUS_IN_REVIEW; import static org.sonar.api.issue.Issue.STATUS_OPEN; import static org.sonar.api.issue.Issue.STATUS_REOPENED; import static org.sonar.api.issue.Issue.STATUS_RESOLVED; +import static org.sonar.api.issue.Issue.STATUS_REVIEWED; import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW; @ServerSide @@ -62,7 +63,8 @@ public class IssueWorkflow implements Startable { @Override public void start() { StateMachine.Builder builder = StateMachine.builder() - .states(STATUS_OPEN, STATUS_CONFIRMED, STATUS_REOPENED, STATUS_RESOLVED, STATUS_CLOSED, STATUS_TO_REVIEW, STATUS_IN_REVIEW); + .states(STATUS_OPEN, STATUS_CONFIRMED, STATUS_REOPENED, STATUS_RESOLVED, STATUS_CLOSED, + STATUS_TO_REVIEW, STATUS_IN_REVIEW, STATUS_REVIEWED); buildManualTransitions(builder); buildAutomaticTransitions(builder); buildSecurityHotspotTransitions(builder); @@ -155,7 +157,20 @@ public class IssueWorkflow implements Startable { .conditions(new HasType(RuleType.SECURITY_HOTSPOT)) .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN) .build()) + .transition(Transition.builder(DefaultTransitions.RESOLVE_AS_REVIEWED) + .from(STATUS_TO_REVIEW).to(STATUS_REVIEWED) + .conditions(new HasType(RuleType.SECURITY_HOTSPOT)) + .functions(new SetResolution(RESOLUTION_FIXED)) + .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN) + .build()) + .transition(Transition.builder(DefaultTransitions.RESOLVE_AS_REVIEWED) + .from(STATUS_IN_REVIEW).to(STATUS_REVIEWED) + .conditions(new HasType(RuleType.SECURITY_HOTSPOT)) + .functions(new SetResolution(RESOLUTION_FIXED)) + .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN) + .build()) + // all transitions below have to be removed by the end of the MMF-1635 .transition(Transition.builder(DefaultTransitions.DETECT) .from(STATUS_TO_REVIEW).to(STATUS_OPEN) .conditions(new HasType(RuleType.SECURITY_HOTSPOT)) @@ -239,6 +254,12 @@ public class IssueWorkflow implements Startable { .functions(SetClosed.INSTANCE, SetCloseDate.INSTANCE) .automatic() .build()) + .transition(Transition.builder(AUTOMATIC_CLOSE_TRANSITION) + .from(STATUS_REVIEWED).to(STATUS_CLOSED) + .conditions(IsBeingClosed.INSTANCE, new HasType(RuleType.SECURITY_HOTSPOT)) + .functions(SetClosed.INSTANCE, SetCloseDate.INSTANCE) + .automatic() + .build()) // Reopen issues that are marked as resolved but that are still alive. .transition(Transition.builder("automaticreopen") diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java index 03bb3584109..519873b3324 100644 --- a/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java +++ b/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java @@ -34,6 +34,7 @@ import org.apache.commons.lang.time.DateUtils; import org.junit.Test; import org.junit.runner.RunWith; import org.sonar.api.issue.DefaultTransitions; +import org.sonar.api.issue.Issue; import org.sonar.api.rule.RuleKey; import org.sonar.api.rules.RuleType; import org.sonar.core.issue.DefaultIssue; @@ -48,6 +49,7 @@ import static org.sonar.api.issue.Issue.RESOLUTION_WONT_FIX; import static org.sonar.api.issue.Issue.STATUS_CLOSED; import static org.sonar.api.issue.Issue.STATUS_IN_REVIEW; import static org.sonar.api.issue.Issue.STATUS_RESOLVED; +import static org.sonar.api.issue.Issue.STATUS_REVIEWED; import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW; import static org.sonar.db.rule.RuleTesting.XOO_X1; @@ -69,7 +71,7 @@ public class IssueWorkflowForSecurityHotspotsTest { List transitions = underTest.outTransitions(issue); - assertThat(keys(transitions)).containsOnly("setinreview", "detect", "clear"); + assertThat(keys(transitions)).containsOnly("setinreview", "detect", "clear", "resolveasreviewed"); } @Test @@ -79,7 +81,7 @@ public class IssueWorkflowForSecurityHotspotsTest { List transitions = underTest.outTransitions(issue); - assertThat(keys(transitions)).isEmpty(); + assertThat(keys(transitions)).containsOnly("resolveasreviewed"); } @Test @@ -97,6 +99,37 @@ public class IssueWorkflowForSecurityHotspotsTest { assertThat(issue.resolution()).isNull(); } + @Test + public void resolve_as_reviewed_from_to_review() { + underTest.start(); + DefaultIssue issue = new DefaultIssue() + .setType(RuleType.SECURITY_HOTSPOT) + .setIsFromHotspot(true) + .setStatus(STATUS_TO_REVIEW); + + boolean result = underTest.doManualTransition(issue, DefaultTransitions.RESOLVE_AS_REVIEWED, IssueChangeContext.createUser(new Date(), "USER1")); + + assertThat(result).isTrue(); + assertThat(issue.getStatus()).isEqualTo(STATUS_REVIEWED); + assertThat(issue.resolution()).isEqualTo(RESOLUTION_FIXED); + } + + @Test + public void resolve_as_reviewed_from_in_review() { + underTest.start(); + DefaultIssue issue = new DefaultIssue() + .setType(RuleType.SECURITY_HOTSPOT) + .setIsFromHotspot(true) + .setStatus(STATUS_IN_REVIEW); + + boolean result = underTest.doManualTransition(issue, DefaultTransitions.RESOLVE_AS_REVIEWED, IssueChangeContext.createUser(new Date(), "USER1")); + + assertThat(result).isTrue(); + assertThat(issue.getStatus()).isEqualTo(STATUS_REVIEWED); + assertThat(issue.resolution()).isEqualTo(RESOLUTION_FIXED); + + } + @Test public void automatically_close_resolved_security_hotspots_in_status_to_review() { underTest.start(); @@ -135,6 +168,25 @@ public class IssueWorkflowForSecurityHotspotsTest { assertThat(issue.updateDate()).isEqualTo(DateUtils.truncate(now, Calendar.SECOND)); } + @Test + public void automatically_close_resolved_security_hotspots_in_status_reviewed() { + underTest.start(); + DefaultIssue issue = new DefaultIssue() + .setType(RuleType.SECURITY_HOTSPOT) + .setResolution(RESOLUTION_FIXED) + .setStatus(STATUS_REVIEWED) + .setNew(false) + .setBeingClosed(true); + Date now = new Date(); + + underTest.doAutomaticTransition(issue, IssueChangeContext.createScan(now)); + + assertThat(issue.resolution()).isEqualTo(RESOLUTION_FIXED); + assertThat(issue.status()).isEqualTo(STATUS_CLOSED); + assertThat(issue.closeDate()).isNotNull(); + assertThat(issue.updateDate()).isEqualTo(DateUtils.truncate(now, Calendar.SECOND)); + } + @Test @UseDataProvider("allStatusesLeadingToClosed") public void do_not_automatically_reopen_closed_issues_of_security_hotspots(String previousStatus) { diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowTest.java index a8b7c9998d4..60c6596b710 100644 --- a/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowTest.java +++ b/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowTest.java @@ -56,6 +56,7 @@ import static org.sonar.api.issue.Issue.STATUS_IN_REVIEW; import static org.sonar.api.issue.Issue.STATUS_OPEN; import static org.sonar.api.issue.Issue.STATUS_REOPENED; import static org.sonar.api.issue.Issue.STATUS_RESOLVED; +import static org.sonar.api.issue.Issue.STATUS_REVIEWED; import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW; @RunWith(DataProviderRunner.class) @@ -73,7 +74,7 @@ public class IssueWorkflowTest { // issues statuses expectedStatus.addAll(Arrays.asList(STATUS_OPEN, STATUS_CONFIRMED, STATUS_REOPENED, STATUS_RESOLVED, STATUS_CLOSED)); // hostpots statuses - expectedStatus.addAll(Arrays.asList(STATUS_TO_REVIEW, STATUS_IN_REVIEW)); + expectedStatus.addAll(Arrays.asList(STATUS_TO_REVIEW, STATUS_IN_REVIEW, STATUS_REVIEWED)); assertThat(underTest.statusKeys()).containsExactlyInAnyOrder(expectedStatus.toArray(new String[]{})); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java index b2949e27210..7ec91b1dbbe 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java @@ -194,7 +194,7 @@ public class IssueIndex { private static final String AGG_SEVERITIES = "severities"; private static final String AGG_TO_REVIEW_SECURITY_HOTSPOTS = "toReviewSecurityHotspots"; private static final String AGG_IN_REVIEW_SECURITY_HOTSPOTS = "inReviewSecurityHotspots"; - private static final String AGG_WONT_FIX_SECURITY_HOTSPOTS = "wontFixSecurityHotspots"; + private static final String AGG_REVIEWED_SECURITY_HOTSPOTS = "reviewedSecurityHotspots"; private static final String AGG_CWES = "cwes"; private static final BoolQueryBuilder NON_RESOLVED_VULNERABILITIES_FILTER = boolQuery() .filter(termQuery(FIELD_ISSUE_TYPE, VULNERABILITY.name())) @@ -207,10 +207,10 @@ public class IssueIndex { .filter(termQuery(FIELD_ISSUE_TYPE, SECURITY_HOTSPOT.name())) .filter(termQuery(FIELD_ISSUE_STATUS, Issue.STATUS_TO_REVIEW)) .mustNot(existsQuery(FIELD_ISSUE_RESOLUTION)); - private static final BoolQueryBuilder WONT_FIX_HOTSPOTS_FILTER = boolQuery() + private static final BoolQueryBuilder REVIEWED_HOTSPOTS_FILTER = boolQuery() .filter(termQuery(FIELD_ISSUE_TYPE, SECURITY_HOTSPOT.name())) - .filter(termQuery(FIELD_ISSUE_STATUS, Issue.STATUS_RESOLVED)) - .filter(termQuery(FIELD_ISSUE_RESOLUTION, Issue.RESOLUTION_WONT_FIX)); + .filter(termQuery(FIELD_ISSUE_STATUS, Issue.STATUS_REVIEWED)) + .filter(termQuery(FIELD_ISSUE_RESOLUTION, Issue.RESOLUTION_FIXED)); public enum Facet { SEVERITIES(PARAM_SEVERITIES, FIELD_ISSUE_SEVERITY, Severity.ALL.size()), @@ -932,11 +932,11 @@ public class IssueIndex { .getValue(); long inReviewSecurityHotspots = ((InternalValueCount) ((InternalFilter) categoryBucket.getAggregations().get(AGG_IN_REVIEW_SECURITY_HOTSPOTS)).getAggregations().get(AGG_COUNT)) .getValue(); - long wontFixSecurityHotspots = ((InternalValueCount) ((InternalFilter) categoryBucket.getAggregations().get(AGG_WONT_FIX_SECURITY_HOTSPOTS)).getAggregations().get(AGG_COUNT)) + long reviewedSecurityHotspots = ((InternalValueCount) ((InternalFilter) categoryBucket.getAggregations().get(AGG_REVIEWED_SECURITY_HOTSPOTS)).getAggregations().get(AGG_COUNT)) .getValue(); return new SecurityStandardCategoryStatistics(categoryName, vulnerabilities, severityRating, inReviewSecurityHotspots, toReviewSecurityHotspots, - wontFixSecurityHotspots, children); + reviewedSecurityHotspots, children); } private static AggregationBuilder addSecurityReportSubAggregations(AggregationBuilder categoriesAggs, boolean includeCwe, Optional> cwesInCategory) { @@ -969,7 +969,7 @@ public class IssueIndex { .subAggregation(AggregationBuilders.filter(AGG_IN_REVIEW_SECURITY_HOTSPOTS, IN_REVIEW_HOTSPOTS_FILTER) .subAggregation( AggregationBuilders.count(AGG_COUNT).field(FIELD_ISSUE_KEY))) - .subAggregation(AggregationBuilders.filter(AGG_WONT_FIX_SECURITY_HOTSPOTS, WONT_FIX_HOTSPOTS_FILTER) + .subAggregation(AggregationBuilders.filter(AGG_REVIEWED_SECURITY_HOTSPOTS, REVIEWED_HOTSPOTS_FILTER) .subAggregation( AggregationBuilders.count(AGG_COUNT).field(FIELD_ISSUE_KEY))); } @@ -993,7 +993,7 @@ public class IssueIndex { .should(NON_RESOLVED_VULNERABILITIES_FILTER) .should(TO_REVIEW_HOTSPOTS_FILTER) .should(IN_REVIEW_HOTSPOTS_FILTER) - .should(WONT_FIX_HOTSPOTS_FILTER) + .should(REVIEWED_HOTSPOTS_FILTER) .minimumShouldMatch(1)) .setSize(0); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java index 972e8f7c38b..e11c4dfdedb 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java @@ -39,6 +39,7 @@ import org.sonar.server.issue.TransitionService; import org.sonar.server.user.UserSession; import static java.lang.String.format; +import static org.sonar.api.issue.DefaultTransitions.RESOLVE_AS_REVIEWED; import static org.sonar.api.issue.DefaultTransitions.SET_AS_IN_REVIEW; import static org.sonarqube.ws.client.issue.IssuesWsParameters.ACTION_DO_TRANSITION; import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_ISSUE; @@ -73,7 +74,7 @@ public class DoTransitionAction implements IssuesWsAction { "The transitions involving security hotspots require the permission 'Administer Security Hotspot'.") .setSince("3.6") .setChangelog( - new Change("7.8", format("added transition '%s' for security hotspots ", SET_AS_IN_REVIEW)), + new Change("7.8", format("added transitions '%s' and %s for security hotspots ", SET_AS_IN_REVIEW, RESOLVE_AS_REVIEWED)), new Change("7.3", "added transitions for security hotspots"), new Change("6.5", "the database ids of the components are removed from the response"), new Change("6.5", "the response field components.uuid is deprecated. Use components.key instead.")) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListener.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListener.java index 1e93e6ff96c..c3baf201471 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListener.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListener.java @@ -57,7 +57,8 @@ public interface QGChangeEventListener { RESOLVED_WF, RESOLVED_FIXED, TO_REVIEW, - IN_REVIEW; + IN_REVIEW, + REVIEWED; protected static final Set CLOSED_STATUSES = EnumSet.of(CONFIRMED, RESOLVED_FIXED, RESOLVED_FP, RESOLVED_WF); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListenersImpl.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListenersImpl.java index ba51aef85fd..76a4c2bebf1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListenersImpl.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListenersImpl.java @@ -122,6 +122,8 @@ public class QGChangeEventListenersImpl implements QGChangeEventListeners { return QGChangeEventListener.Status.TO_REVIEW; case Issue.STATUS_IN_REVIEW: return QGChangeEventListener.Status.IN_REVIEW; + case Issue.STATUS_REVIEWED: + return QGChangeEventListener.Status.REVIEWED; case Issue.STATUS_RESOLVED: return statusOfResolved(issue); default: diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java index ce04036104c..d4d757b87e0 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexSecurityReportsTest.java @@ -176,14 +176,14 @@ public class IssueIndexSecurityReportsTest { assertThat(cweByOwasp.get("a1")).extracting(SecurityStandardCategoryStatistics::getCategory, SecurityStandardCategoryStatistics::getVulnerabilities, SecurityStandardCategoryStatistics::getVulnerabiliyRating, SecurityStandardCategoryStatistics::getToReviewSecurityHotspots, - SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getWontFixSecurityHotspots) + SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getReviewedSecurityHotspots) .containsExactlyInAnyOrder( tuple("123", 1L /* openvul1 */, OptionalInt.of(3)/* MAJOR = C */, 0L, 0L, 0L), tuple("456", 1L /* openvul1 */, OptionalInt.of(3)/* MAJOR = C */, 0L, 0L, 0L), tuple("unknown", 0L, OptionalInt.empty(), 1L /* openhotspot1 */, 0L, 0L)); assertThat(cweByOwasp.get("a3")).extracting(SecurityStandardCategoryStatistics::getCategory, SecurityStandardCategoryStatistics::getVulnerabilities, SecurityStandardCategoryStatistics::getVulnerabiliyRating, SecurityStandardCategoryStatistics::getToReviewSecurityHotspots, - SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getWontFixSecurityHotspots) + SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getReviewedSecurityHotspots) .containsExactlyInAnyOrder( tuple("123", 2L /* openvul1, openvul2 */, OptionalInt.of(3)/* MAJOR = C */, 0L, 0L, 0L), tuple("456", 1L /* openvul1 */, OptionalInt.of(3)/* MAJOR = C */, 0L, 1L /* toReviewHotspot */, 0L), @@ -200,23 +200,23 @@ public class IssueIndexSecurityReportsTest { newDoc("toreviewhotspot1", project).setOwaspTop10(asList("a1", "a3")).setCwe(singletonList(UNKNOWN_STANDARD)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW), newDoc("toreviewhotspot2", project).setOwaspTop10(asList("a3", "a6")).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW), newDoc("inreviewhotspot", project).setOwaspTop10(asList("a5", "a3")).setCwe(asList("456")).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_IN_REVIEW), - newDoc("WFHotspot", project).setOwaspTop10(asList("a3", "a8")).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_RESOLVED).setResolution(Issue.RESOLUTION_WONT_FIX), + newDoc("reviewedHotspot", project).setOwaspTop10(asList("a3", "a8")).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_REVIEWED).setResolution(Issue.RESOLUTION_FIXED), newDoc("notowasphotspot", project).setOwaspTop10(singletonList(UNKNOWN_STANDARD)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW)); List owaspTop10Report = underTest.getOwaspTop10Report(project.uuid(), false, includeCwe); assertThat(owaspTop10Report) .extracting(SecurityStandardCategoryStatistics::getCategory, SecurityStandardCategoryStatistics::getVulnerabilities, SecurityStandardCategoryStatistics::getVulnerabiliyRating, SecurityStandardCategoryStatistics::getToReviewSecurityHotspots, - SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getWontFixSecurityHotspots) + SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getReviewedSecurityHotspots) .containsExactlyInAnyOrder( tuple("a1", 1L /* openvul1 */, OptionalInt.of(3)/* MAJOR = C */, 1L /* toreviewhotspot1 */, 0L, 0L), tuple("a2", 0L, OptionalInt.empty(), 0L, 0L, 0L), - tuple("a3", 2L /* openvul1,openvul2 */, OptionalInt.of(3)/* MAJOR = C */, 2L/* toreviewhotspot1,toreviewhotspot2 */, 1L /* inReviewHotspot */, 1L /* WFHotspot */), + tuple("a3", 2L /* openvul1,openvul2 */, OptionalInt.of(3)/* MAJOR = C */, 2L/* toreviewhotspot1,toreviewhotspot2 */, 1L /* inReviewHotspot */, 1L /* reviewedHotspot */), tuple("a4", 0L, OptionalInt.empty(), 0L, 0L, 0L), tuple("a5", 0L, OptionalInt.empty(), 0L, 1L/* inReviewHotspot */, 0L), tuple("a6", 1L /* openvul2 */, OptionalInt.of(2) /* MINOR = B */, 1L /* toreviewhotspot2 */, 0L, 0L), tuple("a7", 0L, OptionalInt.empty(), 0L, 0L, 0L), - tuple("a8", 0L, OptionalInt.empty(), 0L, 0L, 1L /* WFHotspot */), + tuple("a8", 0L, OptionalInt.empty(), 0L, 0L, 1L /* reviewedHotspot */), tuple("a9", 0L, OptionalInt.empty(), 0L, 0L, 0L), tuple("a10", 0L, OptionalInt.empty(), 0L, 0L, 0L), tuple("unknown", 1L /* notowaspvul */, OptionalInt.of(4) /* CRITICAL = D */, 1L /* notowasphotspot */, 0L, 0L)); @@ -239,17 +239,17 @@ public class IssueIndexSecurityReportsTest { newDoc("toreviewhotspot1", project).setSansTop25(asList(SANS_TOP_25_INSECURE_INTERACTION, SANS_TOP_25_RISKY_RESOURCE)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW), newDoc("toreviewhotspot2", project).setSansTop25(asList(SANS_TOP_25_RISKY_RESOURCE, SANS_TOP_25_POROUS_DEFENSES)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW), newDoc("inReviewHotspot", project).setSansTop25(asList(SANS_TOP_25_RISKY_RESOURCE)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_IN_REVIEW), - newDoc("WFHotspot", project).setSansTop25(asList(SANS_TOP_25_RISKY_RESOURCE)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_RESOLVED).setResolution(Issue.RESOLUTION_WONT_FIX), + newDoc("reviewedHotspot", project).setSansTop25(asList(SANS_TOP_25_RISKY_RESOURCE)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_REVIEWED).setResolution(Issue.RESOLUTION_FIXED), newDoc("notowasphotspot", project).setSansTop25(singletonList(UNKNOWN_STANDARD)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW)); List sansTop25Report = underTest.getSansTop25Report(project.uuid(), false, false); assertThat(sansTop25Report) .extracting(SecurityStandardCategoryStatistics::getCategory, SecurityStandardCategoryStatistics::getVulnerabilities, SecurityStandardCategoryStatistics::getVulnerabiliyRating, SecurityStandardCategoryStatistics::getToReviewSecurityHotspots, - SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getWontFixSecurityHotspots) + SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getReviewedSecurityHotspots) .containsExactlyInAnyOrder( tuple(SANS_TOP_25_INSECURE_INTERACTION, 1L /* openvul1 */, OptionalInt.of(3)/* MAJOR = C */, 1L /* toreviewhotspot1 */, 0L, 0L), - tuple(SANS_TOP_25_RISKY_RESOURCE, 2L /* openvul1,openvul2 */, OptionalInt.of(3)/* MAJOR = C */, 2L/* toreviewhotspot1,toreviewhotspot2 */, 1L /* inReviewHotspot */,1L /* WFHotspot */), + tuple(SANS_TOP_25_RISKY_RESOURCE, 2L /* openvul1,openvul2 */, OptionalInt.of(3)/* MAJOR = C */, 2L/* toreviewhotspot1,toreviewhotspot2 */, 1L /* inReviewHotspot */,1L /* reviewedHotspot */), tuple(SANS_TOP_25_POROUS_DEFENSES, 1L /* openvul2 */, OptionalInt.of(2)/* MINOR = B */, 1L/* openhotspot2 */, 0L, 0L)); assertThat(sansTop25Report).allMatch(category -> category.getChildren().isEmpty()); @@ -274,7 +274,7 @@ public class IssueIndexSecurityReportsTest { newDoc("toreviewhotspot1", project1).setSansTop25(asList(SANS_TOP_25_INSECURE_INTERACTION, SANS_TOP_25_RISKY_RESOURCE)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW), newDoc("toreviewhotspot2", project2).setSansTop25(asList(SANS_TOP_25_RISKY_RESOURCE, SANS_TOP_25_POROUS_DEFENSES)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW), newDoc("inReviewHotspot", project1).setSansTop25(asList(SANS_TOP_25_RISKY_RESOURCE)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_IN_REVIEW), - newDoc("WFHotspot", project2).setSansTop25(asList(SANS_TOP_25_RISKY_RESOURCE)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_RESOLVED).setResolution(Issue.RESOLUTION_WONT_FIX), + newDoc("reviewedHotspot", project2).setSansTop25(asList(SANS_TOP_25_RISKY_RESOURCE)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_REVIEWED).setResolution(Issue.RESOLUTION_FIXED), newDoc("notowasphotspot", project1).setSansTop25(singletonList(UNKNOWN_STANDARD)).setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_TO_REVIEW)); indexView(portfolio1.uuid(), singletonList(project1.uuid())); @@ -284,7 +284,7 @@ public class IssueIndexSecurityReportsTest { assertThat(sansTop25Report) .extracting(SecurityStandardCategoryStatistics::getCategory, SecurityStandardCategoryStatistics::getVulnerabilities, SecurityStandardCategoryStatistics::getVulnerabiliyRating, SecurityStandardCategoryStatistics::getToReviewSecurityHotspots, - SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getWontFixSecurityHotspots) + SecurityStandardCategoryStatistics::getInReviewSecurityHotspots, SecurityStandardCategoryStatistics::getReviewedSecurityHotspots) .containsExactlyInAnyOrder( tuple(SANS_TOP_25_INSECURE_INTERACTION, 1L /* openvul1 */, OptionalInt.of(3)/* MAJOR = C */, 1L /* toreviewhotspot1 */, 0L, 0L), tuple(SANS_TOP_25_RISKY_RESOURCE, 1L /* openvul1 */, OptionalInt.of(3)/* MAJOR = C */, 1L/* toreviewhotspot1 */, 1L /* inReviewHotspot */, 0L), diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListenersImplTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListenersImplTest.java index 21961822894..964637487fb 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListenersImplTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/changeevent/QGChangeEventListenersImplTest.java @@ -290,6 +290,8 @@ public class QGChangeEventListenersImplTest { .isEqualTo(QGChangeEventListener.Status.TO_REVIEW); assertThat(ChangedIssueImpl.statusOf(new DefaultIssue().setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_IN_REVIEW))) .isEqualTo(QGChangeEventListener.Status.IN_REVIEW); + assertThat(ChangedIssueImpl.statusOf(new DefaultIssue().setType(RuleType.SECURITY_HOTSPOT).setStatus(Issue.STATUS_REVIEWED))) + .isEqualTo(QGChangeEventListener.Status.REVIEWED); } private void verifyListenerCalled(QGChangeEventListener listener, QGChangeEvent changeEvent, DefaultIssue... issues) { diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/empty.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/empty.json index c7c300c51a5..e249486597c 100644 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/empty.json +++ b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/empty.json @@ -5,7 +5,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -15,7 +15,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -25,7 +25,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 1 @@ -35,7 +35,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -45,7 +45,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -55,7 +55,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -65,7 +65,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -75,7 +75,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -85,7 +85,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -95,7 +95,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -105,7 +105,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 2 diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/owaspNoCwe.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/owaspNoCwe.json index 3e4614196f9..30e6a1057dc 100644 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/owaspNoCwe.json +++ b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/owaspNoCwe.json @@ -5,7 +5,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -16,7 +16,7 @@ "vulnerabilityRating": 3, "inReviewSecurityHotspots": 1, "toReviewSecurityHotspots": 1, - "wontFixSecurityHotspots": 1, + "resolvedSecurityHotspots": 1, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -26,7 +26,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 1 @@ -36,7 +36,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -46,7 +46,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -56,7 +56,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -66,7 +66,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -76,7 +76,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -86,7 +86,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -96,7 +96,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -106,7 +106,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 2 diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sansWithCwe.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sansWithCwe.json index 7d7cb59ac97..036ffff353d 100644 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sansWithCwe.json +++ b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sansWithCwe.json @@ -5,7 +5,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 1 @@ -15,7 +15,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -26,7 +26,7 @@ "vulnerabilityRating": 3, "inReviewSecurityHotspots": 1, "toReviewSecurityHotspots": 1, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [ { "cwe": "89", @@ -34,7 +34,7 @@ "vulnerabilityRating": 3, "inReviewSecurityHotspots": 1, "toReviewSecurityHotspots": 1, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "activeRules": 1, "totalRules": 1 } diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityNoCwe.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityNoCwe.json index f5e6c4eb702..9d0acd1dc28 100644 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityNoCwe.json +++ b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityNoCwe.json @@ -5,7 +5,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -15,7 +15,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -25,7 +25,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -35,7 +35,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -45,7 +45,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -55,7 +55,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -65,7 +65,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -75,7 +75,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -85,7 +85,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -95,7 +95,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -105,7 +105,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -115,7 +115,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -126,7 +126,7 @@ "vulnerabilityRating": 3, "inReviewSecurityHotspots": 1, "toReviewSecurityHotspots": 1, - "wontFixSecurityHotspots": 1, + "resolvedSecurityHotspots": 1, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -136,7 +136,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -146,7 +146,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -156,7 +156,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -166,7 +166,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -176,7 +176,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -186,7 +186,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -196,7 +196,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityOnApplication.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityOnApplication.json index a01609a9d19..258c0756f96 100644 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityOnApplication.json +++ b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityOnApplication.json @@ -5,7 +5,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -13,7 +13,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -21,7 +21,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -29,7 +29,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -37,7 +37,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -45,7 +45,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -53,7 +53,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -61,7 +61,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -69,7 +69,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -77,7 +77,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -85,7 +85,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -93,7 +93,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -102,7 +102,7 @@ "vulnerabilityRating": 3, "inReviewSecurityHotspots": 1, "toReviewSecurityHotspots": 1, - "wontFixSecurityHotspots": 1, + "resolvedSecurityHotspots": 1, "distribution": [ { "cwe": "89", @@ -110,7 +110,7 @@ "vulnerabilityRating": 3, "inReviewSecurityHotspots": 1, "toReviewSecurityHotspots": 1, - "wontFixSecurityHotspots": 1 + "resolvedSecurityHotspots": 1 } ] }, @@ -119,7 +119,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -127,7 +127,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -135,7 +135,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -143,7 +143,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -151,7 +151,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -159,7 +159,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] }, { @@ -167,7 +167,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [] } ] diff --git a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityWithCwe.json b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityWithCwe.json index 61f4ca5cacd..712067d6d7e 100644 --- a/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityWithCwe.json +++ b/server/sonar-server/src/test/resources/com/sonar/governance/securityreport/ws/ShowActionTest/sonarsourceSecurityWithCwe.json @@ -5,7 +5,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -15,7 +15,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -25,7 +25,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -35,7 +35,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -45,7 +45,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -55,7 +55,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -65,7 +65,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -75,7 +75,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -85,7 +85,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -95,7 +95,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -105,7 +105,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -115,7 +115,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -126,7 +126,7 @@ "vulnerabilityRating": 3, "inReviewSecurityHotspots": 1, "toReviewSecurityHotspots": 1, - "wontFixSecurityHotspots": 1, + "resolvedSecurityHotspots": 1, "distribution": [ { "cwe": "89", @@ -134,7 +134,7 @@ "vulnerabilityRating": 3, "inReviewSecurityHotspots": 1, "toReviewSecurityHotspots": 1, - "wontFixSecurityHotspots": 1, + "resolvedSecurityHotspots": 1, "activeRules": 1, "totalRules": 1 } @@ -147,7 +147,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -157,7 +157,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -167,7 +167,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -177,7 +177,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 @@ -187,7 +187,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -197,7 +197,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 1, "totalRules": 1 @@ -207,7 +207,7 @@ "vulnerabilities": 0, "inReviewSecurityHotspots": 0, "toReviewSecurityHotspots": 0, - "wontFixSecurityHotspots": 0, + "resolvedSecurityHotspots": 0, "distribution": [], "activeRules": 0, "totalRules": 0 diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/issue/DefaultTransitions.java b/sonar-plugin-api/src/main/java/org/sonar/api/issue/DefaultTransitions.java index 106dfb0cbd7..b6869181373 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/issue/DefaultTransitions.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/issue/DefaultTransitions.java @@ -56,9 +56,14 @@ public interface DefaultTransitions { */ String SET_AS_IN_REVIEW = "setinreview"; + /** + * @since 7.8 + */ + String RESOLVE_AS_REVIEWED = "resolveasreviewed"; + /** * @since 4.4 */ List ALL = unmodifiableList(asList(CONFIRM, UNCONFIRM, REOPEN, RESOLVE, FALSE_POSITIVE, WONT_FIX, CLOSE, - DETECT, DISMISS, REJECT, SET_AS_IN_REVIEW, ACCEPT, CLEAR, REOPEN_HOTSPOT)); + DETECT, DISMISS, REJECT, SET_AS_IN_REVIEW, ACCEPT, CLEAR, REOPEN_HOTSPOT, RESOLVE_AS_REVIEWED)); } diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/issue/Issue.java b/sonar-plugin-api/src/main/java/org/sonar/api/issue/Issue.java index 49db5e45f31..63d072a014a 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/issue/Issue.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/issue/Issue.java @@ -85,6 +85,11 @@ public interface Issue extends Serializable { */ String STATUS_IN_REVIEW = "INREVIEW"; + /** + * @since 7.8 + */ + String STATUS_REVIEWED = "REVIEWED"; + /** * Return all available statuses * diff --git a/sonar-ws/src/main/protobuf/ws-security.proto b/sonar-ws/src/main/protobuf/ws-security.proto index 059bd1666da..17b894f8673 100644 --- a/sonar-ws/src/main/protobuf/ws-security.proto +++ b/sonar-ws/src/main/protobuf/ws-security.proto @@ -37,7 +37,7 @@ message SecurityStandardCategoryStatistics { optional int64 vulnerabilityRating = 3; optional int64 inReviewSecurityHotspots = 4; optional int64 toReviewSecurityHotspots = 5; - optional int64 wontFixSecurityHotspots = 6; + optional int64 resolvedSecurityHotspots = 6; repeated CweStatistics distribution = 7; optional int64 activeRules = 8; optional int64 totalRules = 9; @@ -49,7 +49,7 @@ message CweStatistics { optional int64 vulnerabilityRating = 3; optional int64 inReviewSecurityHotspots = 4; optional int64 toReviewSecurityHotspots = 5; - optional int64 wontFixSecurityHotspots = 6; + optional int64 resolvedSecurityHotspots = 6; optional int64 activeRules = 7; optional int64 totalRules = 8; } -- 2.39.5