SONAR-12723 Filter hotspots in api/issues/bulk_change

plugins/sonar-xoo-plugin/src/main/java/org/sonar/xoo/rule/XooRulesDefinition.java

         .addCwe(1, 89, 123, 863);
 
       oneVulnerabilityIssuePerModule
-        .addOwaspTop10(OwaspTop10.A1, OwaspTop10.A3)
-        .addCwe(1, 89, 123, 863);
+        .addOwaspTop10(OwaspTop10.A9, OwaspTop10.A10)
+        .addCwe(250, 564, 546, 943);
     }
 
     repo.done();

server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/component/SiblingComponentsWithOpenIssuesTest.java

     RuleDefinitionDto rule = db.rules().insert();
 
     fileWithOneOpenIssueOnBranch1Pr1 = db.components().insertComponent(ComponentTesting.newFileDto(branch1pr1, null));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1pr1, fileWithOneOpenIssueOnBranch1Pr1));
+    db.issues().insert(rule, branch1pr1, fileWithOneOpenIssueOnBranch1Pr1);
 
     fileWithOneResolvedIssueOnBranch1Pr1 = db.components().insertComponent(ComponentTesting.newFileDto(branch1pr1, null));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1pr1, fileWithOneResolvedIssueOnBranch1Pr1).setStatus("RESOLVED"));
+    db.issues().insert(rule, branch1pr1, fileWithOneResolvedIssueOnBranch1Pr1, i -> i.setStatus("RESOLVED"));
 
     fileWithOneOpenTwoResolvedIssuesOnBranch1Pr1 = db.components().insertComponent(ComponentTesting.newFileDto(branch1pr1, null));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1pr1, fileWithOneOpenTwoResolvedIssuesOnBranch1Pr1));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1pr1, fileWithOneOpenTwoResolvedIssuesOnBranch1Pr1).setStatus("RESOLVED"));
+    db.issues().insert(rule, branch1pr1, fileWithOneOpenTwoResolvedIssuesOnBranch1Pr1);
+    db.issues().insert(rule, branch1pr1, fileWithOneOpenTwoResolvedIssuesOnBranch1Pr1, i -> i.setStatus("RESOLVED"));
 
     String fileKey = "file-x";
     fileXWithOneResolvedIssueOnBranch1Pr1 = db.components().insertComponent(ComponentTesting.newFileDto(branch1pr1, null)
       .setDbKey(fileKey + ":BRANCH:branch1pr1"));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1pr1, fileXWithOneResolvedIssueOnBranch1Pr1).setStatus("RESOLVED"));
+    db.issues().insert(rule, branch1pr1, fileXWithOneResolvedIssueOnBranch1Pr1, i -> i.setStatus("RESOLVED"));
+
     fileXWithOneResolvedIssueOnBranch1Pr2 = db.components().insertComponent(ComponentTesting.newFileDto(branch1pr2, null)
       .setDbKey(fileKey + ":BRANCH:branch1pr2"));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1pr2, fileXWithOneResolvedIssueOnBranch1Pr2).setStatus("RESOLVED"));
+    db.issues().insert(rule, branch1pr2, fileXWithOneResolvedIssueOnBranch1Pr2, i -> i.setStatus("RESOLVED"));
 
     branch2 = db.components().insertProjectBranch(project, b -> b.setKey("branch2"), b -> b.setBranchType(BranchType.BRANCH));
     ComponentDto branch2pr1 = db.components().insertProjectBranch(project,
       b -> b.setMergeBranchUuid(branch2.uuid()));
 
     fileWithOneOpenIssueOnBranch2Pr1 = db.components().insertComponent(ComponentTesting.newFileDto(branch2pr1, null));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch2pr1, fileWithOneOpenIssueOnBranch2Pr1));
+    db.issues().insert(rule, branch2pr1, fileWithOneOpenIssueOnBranch2Pr1);
 
     fileWithOneResolvedIssueOnBranch2Pr1 = db.components().insertComponent(ComponentTesting.newFileDto(branch2pr1, null));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch2pr1, fileWithOneResolvedIssueOnBranch2Pr1).setStatus("RESOLVED"));
-
+    db.issues().insert(rule, branch2pr1, fileWithOneResolvedIssueOnBranch2Pr1, i -> i.setStatus("RESOLVED"));
     setRoot(branch1);
     underTest = new SiblingComponentsWithOpenIssues(treeRootHolder, metadataHolder, db.getDbClient());
   }
     RuleDefinitionDto rule = db.rules().insert();
 
     ComponentDto fileWithResolvedIssueOnPullrequest = db.components().insertComponent(ComponentTesting.newFileDto(pullRequest, null));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, pullRequest, fileWithResolvedIssueOnPullrequest).setStatus("RESOLVED"));
-
+    db.issues().insert(rule, pullRequest, fileWithResolvedIssueOnPullrequest, i -> i.setStatus("RESOLVED"));
     underTest = new SiblingComponentsWithOpenIssues(treeRootHolder, metadataHolder, db.getDbClient());
 
     assertThat(underTest.getUuids(fileWithResolvedIssueOnPullrequest.getKey())).hasSize(1);
     RuleDefinitionDto rule = db.rules().insert();
 
     ComponentDto fileWithResolvedIssueOnDerivedBranch = db.components().insertComponent(ComponentTesting.newFileDto(derivedBranch, null));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, derivedBranch, fileWithResolvedIssueOnDerivedBranch).setStatus("RESOLVED"));
+    db.issues().insert(rule, derivedBranch, fileWithResolvedIssueOnDerivedBranch, i -> i.setStatus("RESOLVED"));
 
     underTest = new SiblingComponentsWithOpenIssues(treeRootHolder, metadataHolder, db.getDbClient());
 

server/sonar-ce-task-projectanalysis/src/test/java/org/sonar/ce/task/projectanalysis/issue/SiblingsIssueMergerTest.java

 
   @Test
   public void do_nothing_if_no_new_issue() {
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1Dto, fileOnBranch1Dto).setKee("issue1").setStatus(Issue.STATUS_CONFIRMED).setLine(1).setChecksum("checksum"));
+    db.issues().insert(IssueTesting.newIssue(rule, branch1Dto, fileOnBranch1Dto).setKee("issue1").setStatus(Issue.STATUS_CONFIRMED).setLine(1).setChecksum("checksum"));
     copier.tryMerge(FILE_1, Collections.emptyList());
 
     verifyZeroInteractions(issueLifecycle);
 
   @Test
   public void merge_confirmed_issues() {
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1Dto, fileOnBranch1Dto).setKee("issue1").setStatus(Issue.STATUS_CONFIRMED).setLine(1).setChecksum("checksum"));
+    db.issues().insert(IssueTesting.newIssue(rule, branch1Dto, fileOnBranch1Dto).setKee("issue1").setStatus(Issue.STATUS_CONFIRMED).setLine(1).setChecksum("checksum"));
     DefaultIssue newIssue = createIssue("issue2", rule.getKey(), Issue.STATUS_OPEN, null, new Date());
 
     copier.tryMerge(FILE_1, Collections.singleton(newIssue));
   @Test
   public void prefer_more_recently_updated_issues() {
     Instant now = Instant.now();
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch1Dto, fileOnBranch1Dto).setKee("issue1").setStatus(Issue.STATUS_REOPENED).setLine(1).setChecksum("checksum")
+    db.issues().insert(IssueTesting.newIssue(rule, branch1Dto, fileOnBranch1Dto).setKee("issue1").setStatus(Issue.STATUS_REOPENED).setLine(1).setChecksum("checksum")
       .setIssueUpdateDate(Date.from(now.plus(2, ChronoUnit.SECONDS))));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch2Dto, fileOnBranch2Dto).setKee("issue2").setStatus(Issue.STATUS_OPEN).setLine(1).setChecksum("checksum")
+    db.issues().insert(IssueTesting.newIssue(rule, branch2Dto, fileOnBranch2Dto).setKee("issue2").setStatus(Issue.STATUS_OPEN).setLine(1).setChecksum("checksum")
       .setIssueUpdateDate(Date.from(now.plus(1, ChronoUnit.SECONDS))));
-    db.issues().insertIssue(IssueTesting.newIssue(rule, branch3Dto, fileOnBranch3Dto).setKee("issue3").setStatus(Issue.STATUS_OPEN).setLine(1).setChecksum("checksum")
+    db.issues().insert(IssueTesting.newIssue(rule, branch3Dto, fileOnBranch3Dto).setKee("issue3").setStatus(Issue.STATUS_OPEN).setLine(1).setChecksum("checksum")
       .setIssueUpdateDate(Date.from(now)));
     DefaultIssue newIssue = createIssue("newIssue", rule.getKey(), Issue.STATUS_OPEN, null, new Date());
 
   public void lazy_load_changes() {
     UserDto user = db.users().insertUser();
     IssueDto issue = db.issues()
-      .insertIssue(IssueTesting.newIssue(rule, branch2Dto, fileOnBranch2Dto).setKee("issue").setStatus(Issue.STATUS_CONFIRMED).setLine(1).setChecksum("checksum"));
+      .insert(IssueTesting.newIssue(rule, branch2Dto, fileOnBranch2Dto).setKee("issue").setStatus(Issue.STATUS_CONFIRMED).setLine(1).setChecksum("checksum"));
     db.issues().insertComment(issue, user, "A comment 2");
     db.issues().insertFieldDiffs(issue, FieldDiffs.parse("severity=BLOCKER|MINOR,assignee=foo|bar").setCreationDate(new Date()));
     DefaultIssue newIssue = createIssue("newIssue", rule.getKey(), Issue.STATUS_OPEN, null, new Date());

server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueTesting.java

  */
 package org.sonar.db.issue;
 
-import java.util.Arrays;
 import java.util.Date;
-import java.util.Random;
 import org.apache.commons.lang.math.RandomUtils;
 import org.sonar.api.issue.Issue;
 import org.sonar.api.resources.Qualifiers;
 import static org.apache.commons.lang.math.RandomUtils.nextLong;
 
 public class IssueTesting {
-  private static final RuleType[] RULE_TYPES_EXCEPT_HOTSPOTS = Arrays.stream(RuleType.values())
-    .filter(ruleType -> RuleType.SECURITY_HOTSPOT != ruleType).toArray(RuleType[]::new);
 
   private IssueTesting() {
     // only statics
     return new IssueDto()
       .setKee("uuid_" + randomAlphabetic(5))
       .setRule(rule)
-      .setType(RULE_TYPES_EXCEPT_HOTSPOTS[new Random().nextInt(RULE_TYPES_EXCEPT_HOTSPOTS.length)])
+      .setType(RuleType.values()[nextInt(RuleType.values().length)])
       .setProject(project)
       .setComponent(file)
       .setStatus(Issue.STATUS_OPEN)

server/sonar-server-common/src/test/java/org/sonar/server/issue/index/IssueIndexerTest.java

 
   @Test
   public void indexOnStartup_scrolls_db_and_adds_all_issues_to_index() {
-    IssueDto issue1 = db.issues().insertIssue(organization);
-    IssueDto issue2 = db.issues().insertIssue(organization);
+    IssueDto issue1 = db.issues().insert(organization);
+    IssueDto issue2 = db.issues().insert(organization);
 
     underTest.indexOnStartup(emptySet());
 
     ComponentDto project = db.components().insertPrivateProject(organization);
     ComponentDto dir = db.components().insertComponent(ComponentTesting.newDirectory(project, "src/main/java/foo"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, dir, "F1"));
-    IssueDto issue = db.issues().insertIssue(IssueTesting.newIssue(rule, project, file));
+    IssueDto issue = db.issues().insert(rule, project, file);
 
     underTest.indexOnStartup(emptySet());
 
     ComponentDto project = db.components().insertPrivateProject(organization);
     ComponentDto dir = db.components().insertComponent(ComponentTesting.newDirectory(project, "src/main/java/foo"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, dir, "F1"));
-    IssueDto issue = db.issues().insertIssue(IssueTesting.newIssue(rule, project, file));
+    IssueDto issue = db.issues().insert(rule, project, file);
 
     underTest.indexOnStartup(emptySet());
 
   @Test
   public void indexOnStartup_does_not_fail_on_errors_and_does_enable_recovery_mode() {
     es.lockWrites(TYPE_ISSUE);
-    db.issues().insertIssue(organization);
+    db.issues().insert(organization);
 
     try {
       // FIXME : test also message
     RuleDefinitionDto rule = db.rules().insert();
     ComponentDto project = db.components().insertPrivateProject(organization);
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    IssueDto issue = db.issues().insertIssue(IssueTesting.newIssue(rule, project, file));
+    IssueDto issue = db.issues().insert(rule, project, file);
     ComponentDto otherProject = db.components().insertPrivateProject(organization);
     ComponentDto fileOnOtherProject = db.components().insertComponent(newFileDto(otherProject));
 
     RuleDefinitionDto rule = db.rules().insert();
     ComponentDto project = db.components().insertPrivateProject(organization);
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    IssueDto issue = db.issues().insertIssue(IssueTesting.newIssue(rule, project, file));
+    IssueDto issue = db.issues().insert(rule, project, file);
 
     // orphan in the project
     addIssueToIndex(project.uuid(), "orphan");
   @Test
   public void indexOnAnalysis_does_not_fail_on_errors_and_does_not_enable_recovery_mode() {
     es.lockWrites(TYPE_ISSUE);
-    IssueDto issue = db.issues().insertIssue(organization);
+    IssueDto issue = db.issues().insert(organization);
 
     try {
       // FIXME : test also message
     // it's impossible to already have an issue on a project
     // that is being created, but it's just to verify that
     // indexing is disabled
-    IssueDto issue = db.issues().insertIssue(organization);
+    IssueDto issue = db.issues().insert(organization);
 
     IndexingResult result = indexProject(issue.getProjectUuid(), ProjectIndexer.Cause.PROJECT_CREATION);
     assertThat(result.getTotal()).isEqualTo(0L);
   @Test
   public void index_is_not_updated_when_updating_project_key() {
     // issue is inserted to verify that indexing of project is not triggered
-    IssueDto issue = db.issues().insertIssue(organization);
+    IssueDto issue = db.issues().insert(organization);
 
     IndexingResult result = indexProject(issue.getProjectUuid(), ProjectIndexer.Cause.PROJECT_KEY_UPDATE);
     assertThat(result.getTotal()).isEqualTo(0L);
   @Test
   public void index_is_not_updated_when_updating_tags() {
     // issue is inserted to verify that indexing of project is not triggered
-    IssueDto issue = db.issues().insertIssue(organization);
+    IssueDto issue = db.issues().insert(organization);
 
     IndexingResult result = indexProject(issue.getProjectUuid(), ProjectIndexer.Cause.PROJECT_TAGS_UPDATE);
     assertThat(result.getTotal()).isEqualTo(0L);
   public void commitAndIndexIssues_removes_issue_from_index_if_it_does_not_exist_in_db() {
     IssueDto issue1 = new IssueDto().setKee("I1").setProjectUuid("P1");
     addIssueToIndex(issue1.getProjectUuid(), issue1.getKey());
-    IssueDto issue2 = db.issues().insertIssue(organization);
+    IssueDto issue2 = db.issues().insert(organization);
 
     underTest.commitAndIndexIssues(db.getSession(), asList(issue1, issue2));
 
   @Test
   public void indexing_recovers_multiple_errors_on_the_same_issue() {
     es.lockWrites(TYPE_ISSUE);
-    IssueDto issue = db.issues().insertIssue(organization);
+    IssueDto issue = db.issues().insert(organization);
 
     // three changes on the same issue
     underTest.commitAndIndexIssues(db.getSession(), asList(issue));
     RuleDefinitionDto rule = db.rules().insert();
     ComponentDto project = db.components().insertPrivateProject(organization);
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    IssueDto issue1 = db.issues().insertIssue(IssueTesting.newIssue(rule, project, file));
-    IssueDto issue2 = db.issues().insertIssue(IssueTesting.newIssue(rule, project, file));
+    IssueDto issue1 = db.issues().insert(rule, project, file);
+    IssueDto issue2 = db.issues().insert(rule, project, file);
 
     es.lockWrites(TYPE_ISSUE);
 
     ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setKey("feature/foo"));
     ComponentDto dir = db.components().insertComponent(ComponentTesting.newDirectory(branch, "src/main/java/foo"));
     ComponentDto file = db.components().insertComponent(newFileDto(branch, dir, "F1"));
-    IssueDto issue = db.issues().insertIssue(IssueTesting.newIssue(rule, branch, file));
+    IssueDto issue = db.issues().insert(rule, branch, file);
 
     underTest.indexOnStartup(emptySet());
 

server/sonar-webserver-es/src/main/java/org/sonar/server/issue/index/IssueQueryFactory.java

 
 import com.google.common.base.Joiner;
 import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
 import java.time.Clock;
 import java.time.OffsetDateTime;
 import java.time.Period;
 import static java.lang.String.format;
 import static java.util.Collections.singleton;
 import static java.util.Collections.singletonList;
+import static org.sonar.api.issue.Issue.STATUSES;
+import static org.sonar.api.issue.Issue.STATUS_REVIEWED;
+import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW;
 import static org.sonar.api.utils.DateUtils.longToDate;
 import static org.sonar.api.utils.DateUtils.parseDateOrDateTime;
 import static org.sonar.api.utils.DateUtils.parseEndingDateOrDateTime;
 public class IssueQueryFactory {
 
   public static final String UNKNOWN = "<UNKNOWN>";
+  public static final List<String> ISSUE_STATUSES = STATUSES.stream()
+    .filter(s -> !s.equals(STATUS_TO_REVIEW))
+    .filter(s -> !s.equals(STATUS_REVIEWED))
+    .collect(ImmutableList.toImmutableList());
   private static final ComponentDto UNKNOWN_COMPONENT = new ComponentDto().setUuid(UNKNOWN).setProjectUuid(UNKNOWN);
 
   private final DbClient dbClient;

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/AuthorsAction.java

 
 import com.google.common.collect.ImmutableSet;
 import com.google.common.io.Resources;
+import java.util.EnumSet;
 import java.util.List;
 import java.util.Optional;
+import java.util.stream.Collectors;
 import javax.annotation.Nullable;
 import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.resources.Scopes;
+import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import static java.util.Optional.ofNullable;
 import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
 import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
-import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 import static org.sonar.server.exceptions.NotFoundException.checkFoundWithOptional;
+import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
 
 public class AuthorsAction implements IssuesWsAction {
 
+  private static final EnumSet<RuleType> ALL_RULE_TYPES_EXCEPT_SECURITY_HOTSPOTS = EnumSet.complementOf(EnumSet.of(RuleType.SECURITY_HOTSPOT));
   private static final String PARAM_ORGANIZATION = "organization";
   private static final String PARAM_PROJECT = "project";
 
       }
     });
     return issueIndex.searchAuthors(
-      issueQueryBuilder.build(),
+      issueQueryBuilder
+        .types(ALL_RULE_TYPES_EXCEPT_SECURITY_HOTSPOTS.stream().map(Enum::name).collect(Collectors.toList()))
+        .build(),
       request.param(TEXT_QUERY),
       request.mandatoryParamAsInt(PAGE_SIZE));
   }

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/BulkChangeAction.java

 import static org.sonar.api.issue.DefaultTransitions.SET_AS_IN_REVIEW;
 import static org.sonar.api.rule.Severity.BLOCKER;
 import static org.sonar.api.rules.RuleType.BUG;
+import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
 import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01;
 import static org.sonar.core.util.Uuids.UUID_EXAMPLE_02;
 import static org.sonar.core.util.stream.MoreCollectors.toSet;
         "Requires authentication.")
       .setSince("3.7")
       .setChangelog(
-        new Change("8.1", format("transitions '%s', '%s' and '%s' are no more supported", SET_AS_IN_REVIEW, RESOLVE_AS_REVIEWED, OPEN_AS_VULNERABILITY)),
+        new Change("8.2", "Security hotspots are no longer supported and will be ignored."),
+        new Change("8.2", format("transitions '%s', '%s' and '%s' are no more supported", SET_AS_IN_REVIEW, RESOLVE_AS_REVIEWED, OPEN_AS_VULNERABILITY)),
         new Change("6.3", "'actions' parameter is ignored"))
       .setHandler(this)
       .setResponseExample(getClass().getResource("bulk_change-example.json"))
 
       List<String> issueKeys = request.mandatoryParamAsStrings(PARAM_ISSUES);
       checkArgument(issueKeys.size() <= MAX_LIMIT, "Number of issues is limited to %s", MAX_LIMIT);
-      List<IssueDto> allIssues = dbClient.issueDao().selectByKeys(dbSession, issueKeys);
+      List<IssueDto> allIssues = dbClient.issueDao().selectByKeys(dbSession, issueKeys)
+        .stream()
+        .filter(issueDto -> SECURITY_HOTSPOT.getDbConstant() != issueDto.getType())
+        .collect(Collectors.toList());
 
       List<ComponentDto> allProjects = getComponents(dbSession, allIssues.stream().map(IssueDto::getProjectUuid).collect(MoreCollectors.toSet()));
       this.projectsByUuid = getAuthorizedProjects(allProjects).stream().collect(uniqueIndex(ComponentDto::uuid, identity()));
       this.issues = getAuthorizedIssues(allIssues);
       this.componentsByUuid = getComponents(dbSession,
         issues.stream().map(DefaultIssue::componentUuid).collect(MoreCollectors.toSet())).stream()
-        .collect(uniqueIndex(ComponentDto::uuid, identity()));
+          .collect(uniqueIndex(ComponentDto::uuid, identity()));
       this.rulesByKey = dbClient.ruleDao().selectDefinitionByKeys(dbSession,
         issues.stream().map(DefaultIssue::ruleKey).collect(MoreCollectors.toSet())).stream()
         .collect(uniqueIndex(RuleDefinitionDto::getKey, identity()));

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/SearchAction.java

 import static org.sonar.api.issue.Issue.RESOLUTIONS;
 import static org.sonar.api.issue.Issue.RESOLUTION_FIXED;
 import static org.sonar.api.issue.Issue.RESOLUTION_REMOVED;
-import static org.sonar.api.issue.Issue.STATUSES;
 import static org.sonar.api.issue.Issue.STATUS_IN_REVIEW;
 import static org.sonar.api.issue.Issue.STATUS_OPEN;
 import static org.sonar.api.issue.Issue.STATUS_REOPENED;
 import static org.sonar.server.issue.index.IssueIndex.FACET_ASSIGNED_TO_ME;
 import static org.sonar.server.issue.index.IssueIndex.FACET_PROJECTS;
 import static org.sonar.server.issue.index.IssueQuery.SORT_BY_ASSIGNEE;
+import static org.sonar.server.issue.index.IssueQueryFactory.ISSUE_STATUSES;
 import static org.sonar.server.issue.index.IssueQueryFactory.UNKNOWN;
 import static org.sonar.server.security.SecurityStandards.SANS_TOP_25_INSECURE_INTERACTION;
 import static org.sonar.server.security.SecurityStandards.SANS_TOP_25_POROUS_DEFENSES;
       .setSince("3.6")
       .setChangelog(
         new Change("8.2", "'REVIEWED', 'TO_REVIEW' status param values are no longer supported"),
-        new Change("8.2", "Security hotspots are no longer returned"),
+        new Change("8.2", "Security hotspots are no longer returned as type 'SECURITY_HOTSPOT' is not supported anymore, use dedicated api/hotspots"),
         new Change("8.2", "response field 'fromHotspot' has been deprecated and is no more populated"),
         new Change("8.2", "Status 'IN_REVIEW' for Security Hotspots has been deprecated"),
         new Change("7.8", format("added new Security Hotspots statuses : %s, %s and %s", STATUS_TO_REVIEW, STATUS_IN_REVIEW, STATUS_REVIEWED)),
     action.createParam(PARAM_STATUSES)
       .setDescription("Comma-separated list of statuses")
       .setExampleValue(STATUS_OPEN + "," + STATUS_REOPENED)
-      .setPossibleValues(getIssueStatuses());
+      .setPossibleValues(ISSUE_STATUSES);
     action.createParam(PARAM_RESOLUTIONS)
       .setDescription("Comma-separated list of resolutions")
       .setExampleValue(RESOLUTION_FIXED + "," + RESOLUTION_REMOVED)
       .setDefaultValue("false");
   }
 
-  private static List<String> getIssueStatuses() {
-    return STATUSES.stream().filter(s -> !s.equals(STATUS_TO_REVIEW)).filter(s -> !s.equals(STATUS_REVIEWED)).collect(toList());
-  }
-
   private static void addComponentRelatedParams(WebService.NewAction action) {
     action.createParam(PARAM_ON_COMPONENT_ONLY)
       .setDescription("Return only issues at a component's level, not on its descendants (modules, directories, files, etc). " +
 
   private void completeFacets(Facets facets, SearchRequest request, IssueQuery query) {
     addMandatoryValuesToFacet(facets, PARAM_SEVERITIES, Severity.ALL);
-    addMandatoryValuesToFacet(facets, PARAM_STATUSES, getIssueStatuses());
+    addMandatoryValuesToFacet(facets, PARAM_STATUSES, ISSUE_STATUSES);
     addMandatoryValuesToFacet(facets, PARAM_RESOLUTIONS, concat(singletonList(""), RESOLUTIONS));
     addMandatoryValuesToFacet(facets, FACET_PROJECTS, query.projectUuids());
     addMandatoryValuesToFacet(facets, PARAM_MODULE_UUIDS, query.moduleUuids());

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/SetTypeAction.java

 
 import com.google.common.io.Resources;
 import java.util.Date;
+import java.util.EnumSet;
 import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_TYPE;
 
 public class SetTypeAction implements IssuesWsAction {
+  private static final EnumSet<RuleType> ALL_RULE_TYPES_EXCEPT_SECURITY_HOTSPOTS = EnumSet.complementOf(EnumSet.of(RuleType.SECURITY_HOTSPOT));
 
   private final UserSession userSession;
   private final DbClient dbClient;
     action.createParam(PARAM_TYPE)
       .setDescription("New type")
       .setRequired(true)
-      .setPossibleValues(RuleType.names());
+      .setPossibleValues(ALL_RULE_TYPES_EXCEPT_SECURITY_HOTSPOTS);
   }
 
   @Override
     IssueDto issueDto = issueFinder.getByKey(session, issueKey);
     DefaultIssue issue = issueDto.toDefaultIssue();
 
-    if (SECURITY_HOTSPOT == issue.type()) {
-      throw new IllegalArgumentException("Changing type of a security hotspot is not permitted");
-    }
-
     userSession.checkComponentUuidPermission(ISSUE_ADMIN, issue.projectUuid());
 
     IssueChangeContext context = IssueChangeContext.createUser(new Date(system2.now()), userSession.getUuid());

server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/AddCommentActionTest.java

 import java.util.Date;
 import java.util.List;
 import java.util.Random;
-import java.util.function.Consumer;
 import javax.annotation.Nullable;
 import org.junit.Rule;
 import org.junit.Test;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.issue.IssueDto;
 import org.sonar.db.rule.RuleDefinitionDto;
-import org.sonar.db.rule.RuleTesting;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.UnauthorizedException;
 import static org.sonar.api.issue.Issue.STATUS_CLOSED;
 import static org.sonar.api.issue.Issue.STATUS_REVIEWED;
 import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW;
-import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
 import static org.sonar.db.component.ComponentTesting.newFileDto;
-import static org.sonar.db.issue.IssueTesting.newIssue;
 
 @RunWith(DataProviderRunner.class)
 public class AddCommentActionTest {
   public void fails_with_NotFoundException_if_issue_is_not_a_hotspot(RuleType ruleType) {
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(ruleType);
-    IssueDto notAHotspot = dbTester.issues().insertIssue(newIssue(rule, project, file).setType(ruleType));
+    RuleDefinitionDto rule = dbTester.rules().insert(t -> t.setType(ruleType));
+    IssueDto notAHotspot = dbTester.issues().insertIssue(rule, project, file, i -> i.setType(ruleType));
     userSessionRule.logIn();
     TestRequest request = newRequest(notAHotspot, randomAlphabetic(12));
 
   public void fails_with_NotFoundException_if_hotspot_is_closed() {
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto notAHotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_CLOSED));
+    RuleDefinitionDto rule = dbTester.rules().insertHotspotRule();
+    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_CLOSED));
     userSessionRule.logIn();
-    TestRequest request = newRequest(notAHotspot, randomAlphabetic(12));
+    TestRequest request = newRequest(hotspot, randomAlphabetic(12));
 
     assertThatThrownBy(request::execute)
       .isInstanceOf(NotFoundException.class)
-      .hasMessage("Hotspot '%s' does not exist", notAHotspot.getKey());
+      .hasMessage("Hotspot '%s' does not exist", hotspot.getKey());
   }
 
   @Test
     ComponentDto project = dbTester.components().insertPrivateProject();
     userSessionRule.logIn().registerComponents(project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+    RuleDefinitionDto rule = dbTester.rules().insertHotspotRule();
     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);
     String comment = randomAlphabetic(12);
     TestRequest request = newRequest(hotspot, comment);
     ComponentDto project = dbTester.components().insertPublicProject();
     userSessionRule.logIn().registerComponents(project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+    RuleDefinitionDto rule = dbTester.rules().insertHotspotRule();
     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);
     String comment = randomAlphabetic(12);
 
     ComponentDto project = dbTester.components().insertPrivateProject();
     userSessionRule.logIn().registerComponents(project).addProjectPermission(UserRole.USER, project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+    RuleDefinitionDto rule = dbTester.rules().insertHotspotRule();
     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);
     String comment = randomAlphabetic(12);
 
     ComponentDto project = dbTester.components().insertPublicProject();
     userSessionRule.logIn().registerComponents(project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
+    RuleDefinitionDto rule = dbTester.rules().insertHotspotRule();
     IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(currentStatus).setResolution(currentResolution));
     String comment = randomAlphabetic(12);
 
     };
   }
 
-  private static IssueDto newHotspot(ComponentDto project, ComponentDto file, RuleDefinitionDto rule) {
-    return newIssue(rule, project, file).setType(SECURITY_HOTSPOT);
-  }
-
   private TestRequest newRequest(IssueDto hotspot, String comment) {
     return actionTester.newRequest()
       .setParam("hotspot", hotspot.getKey())
       .setParam("comment", comment);
   }
 
-  private RuleDefinitionDto newRule(RuleType ruleType) {
-    return newRule(ruleType, t -> {
-    });
-  }
-
-  private RuleDefinitionDto newRule(RuleType ruleType, Consumer<RuleDefinitionDto> populate) {
-    RuleDefinitionDto ruleDefinition = RuleTesting.newRule()
-      .setType(ruleType);
-    populate.accept(ruleDefinition);
-    dbTester.rules().insert(ruleDefinition);
-    return ruleDefinition;
-  }
-
 }

server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/AssignActionTest.java

 import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW;
 import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
 import static org.sonar.db.component.ComponentTesting.newFileDto;
-import static org.sonar.db.issue.IssueTesting.newIssue;
 
 @RunWith(DataProviderRunner.class)
 public class AssignActionTest {
   public void assign_hotspot_to_someone_for_public_project() {
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     UserDto userDto = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn(userDto).registerComponents(project);
   public void assign_hotspot_to_me_for_public_project() {
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     UserDto me = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn(me).registerComponents(project);
   public void assign_hotspot_to_someone_for_private_project() {
     ComponentDto project = dbTester.components().insertPrivateProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), hotspot, project, UserRole.USER);
     UserDto assignee = insertUserWithProjectUserPermission(randomAlphanumeric(15), project);
   public void fail_if_assignee_does_not_have_access_for_private_project() {
     ComponentDto project = dbTester.components().insertPrivateProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), hotspot, project, UserRole.USER);
     UserDto assignee = insertUser(randomAlphanumeric(15));
     ComponentDto project = dbTester.components().insertPrivateProject();
 
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     UserDto me = insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), hotspot, project, UserRole.USER);
 
     ComponentDto project = dbTester.components().insertPublicProject();
 
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     UserDto userDto = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn(userDto).registerComponents(project);
   public void assign_twice_same_user_to_hotspot_does_not_reload() {
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     UserDto userDto = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn(userDto).registerComponents(project);
   public void fail_if_assigning_to_not_existing_user() {
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     UserDto userDto = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn(userDto).registerComponents(project);
     ComponentDto project = dbTester.components().insertPublicProject();
 
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(status));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file, h -> h.setStatus(status));
 
     UserDto userDto = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn(userDto).registerComponents(project);
   public void fail_if_assign_user_to_hotspot_for_OTHER_STATUSES_for_private_project(String status) {
     ComponentDto project = dbTester.components().insertPrivateProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(status));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file, h -> h.setStatus(status));
 
     UserDto userDto = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn(userDto).registerComponents(project);
   public void fail_if_not_authenticated() {
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     userSessionRule.anonymous();
 
   public void fail_if_missing_browse_permission() {
     ComponentDto project = dbTester.components().insertPrivateProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     UserDto me = insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), hotspot, project, UserRole.CODEVIEWER);
 
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule(ruleType);
-    IssueDto issue = dbTester.issues().insertIssue(
-      newIssue(rule, project, file)
-        .setStatus(status)
-        .setType(ruleType));
+    IssueDto issue = dbTester.issues().insertIssue(rule, project, file, i -> i
+      .setStatus(status)
+      .setType(ruleType));
+
     UserDto me = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn().registerComponents(project);
 
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto issue = dbTester.issues().insertHotspot(rule, project, file,
-      t -> t.setStatus(STATUS_CLOSED).setType(SECURITY_HOTSPOT));
+    IssueDto issue = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_CLOSED));
     UserDto me = insertUser(randomAlphanumeric(10));
     userSessionRule.logIn().registerComponents(project);
 

server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/ChangeStatusActionTest.java

     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto closedHotspot = dbTester.issues().insertHotspot(rule, project, file,
-      t -> t.setType(SECURITY_HOTSPOT).setStatus(STATUS_CLOSED));
+    IssueDto closedHotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_CLOSED));
     userSessionRule.logIn();
     TestRequest request = actionTester.newRequest()
       .setParam("hotspot", closedHotspot.getKey())
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule(ruleType);
-    IssueDto notAHotspot = dbTester.issues().insertIssue(IssueTesting.newIssue(rule, project, file).setType(ruleType));
+    IssueDto notAHotspot = dbTester.issues().insert(IssueTesting.newIssue(rule, project, file).setType(ruleType));
     userSessionRule.logIn();
     TestRequest request = newRequest(notAHotspot, status, resolution, NO_COMMENT);
 
     userSessionRule.logIn().registerComponents(project)
       .addProjectPermission(permission, project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     Arrays.stream(validStatusAndResolutions())
       .forEach(o -> {
     userSessionRule.logIn().registerComponents(project)
       .addProjectPermission(permission, project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     Arrays.stream(validStatusAndResolutions())
       .forEach(o -> {
     userSessionRule.logIn().registerComponents(project)
       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     newRequest(hotspot, status, resolution, NO_COMMENT).execute().assertNoContent();
   }
     userSessionRule.logIn().registerComponents(project)
       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file);
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
 
     newRequest(hotspot, status, resolution, NO_COMMENT).execute().assertNoContent();
   }
     userSessionRule.logIn().registerComponents(project)
       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(status).setResolution(resolution));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file, h -> h.setStatus(status).setResolution(resolution));
 
     newRequest(hotspot, status, resolution, NO_COMMENT).execute().assertNoContent();
 
       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);
     ;
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_TO_REVIEW).setResolution(null));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file, h -> h.setStatus(STATUS_TO_REVIEW).setResolution(null));
     when(transitionService.doTransition(any(), any(), any())).thenReturn(transitionDone);
 
     newRequest(hotspot, STATUS_REVIEWED, resolution, NO_COMMENT).execute().assertNoContent();
     ComponentDto project = dbTester.components().insertPublicProject();
     userSessionRule.logIn().registerComponents(project)
       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);
-    ;
+
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(STATUS_REVIEWED).setResolution(resolution));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file, h -> h.setStatus(STATUS_REVIEWED).setResolution(resolution));
     when(transitionService.doTransition(any(), any(), any())).thenReturn(transitionDone);
 
     newRequest(hotspot, STATUS_TO_REVIEW, null, NO_COMMENT).execute().assertNoContent();
     ComponentDto project = dbTester.components().insertPublicProject();
     userSessionRule.logIn().registerComponents(project)
       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);
-    ;
+
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(currentStatus).setResolution(currentResolution));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file, h -> h.setStatus(currentStatus).setResolution(currentResolution));
     when(transitionService.doTransition(any(), any(), any())).thenReturn(transitionDone);
     String comment = randomAlphabetic(12);
 
       .addProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN, project);
     ;
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(status).setResolution(resolution));
+    IssueDto hotspot = dbTester.issues().insertHotspot(project, file, h -> h.setStatus(status).setResolution(resolution));
     String comment = randomAlphabetic(12);
 
     newRequest(hotspot, status, resolution, comment).execute().assertNoContent();

server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/SearchActionTest.java

     List<IssueDto> hotspotsInLeakPeriod = IntStream.range(0, 1 + RANDOM.nextInt(20))
       .mapToObj(i -> {
         long issueCreationDate = periodDate + ONE_MINUTE + (RANDOM.nextInt(300) * ONE_MINUTE);
-        return dbTester.issues().insertHotspot(rule, project, file, t -> t.setLine(i).setIssueCreationTime(issueCreationDate));
+        return dbTester.issues().insertHotspot(rule, project, file,
+          t -> t.setLine(i).setIssueCreationTime(issueCreationDate));
       })
       .collect(toList());
     // included because
     List<IssueDto> atLeakPeriod = IntStream.range(0, 1 + RANDOM.nextInt(20))
-      .mapToObj(i -> dbTester.issues().insertHotspot(rule, project, file, t -> t.setLine(i).setIssueCreationTime(periodDate)))
+      .mapToObj(i -> dbTester.issues().insertHotspot(rule, project, file,
+        t -> t.setType(SECURITY_HOTSPOT).setLine(i).setIssueCreationTime(periodDate)))
       .collect(toList());
     List<IssueDto> hotspotsBefore = IntStream.range(0, 1 + RANDOM.nextInt(20))
       .mapToObj(i -> {
         long issueCreationDate = periodDate - ONE_MINUTE - (RANDOM.nextInt(300) * ONE_MINUTE);
-        return dbTester.issues().insertHotspot(rule, project, file, t -> t.setLine(i).setIssueCreationTime(issueCreationDate));
+        return dbTester.issues().insertHotspot(rule, project, file,
+          t -> t.setLine(i).setIssueCreationTime(issueCreationDate));
       })
       .collect(toList());
     indexIssues();

server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/ShowActionTest.java

 import org.sonar.db.component.BranchType;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.issue.IssueDto;
-import org.sonar.db.issue.IssueTesting;
 import org.sonar.db.protobuf.DbCommons;
 import org.sonar.db.protobuf.DbIssues;
 import org.sonar.db.rule.RuleDefinitionDto;
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule(ruleType);
-    IssueDto notAHotspot = dbTester.issues().insertIssue(IssueTesting.newIssue(rule, project, file).setType(ruleType));
+    IssueDto notAHotspot = dbTester.issues().insertIssue(rule, project, file, i -> i.setType(ruleType));
     TestRequest request = newRequest(notAHotspot);
 
     assertThatThrownBy(request::execute)
     ComponentDto project = dbTester.components().insertPublicProject();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule(SECURITY_HOTSPOT);
-    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file,
-      t -> t.setStatus(Issue.STATUS_CLOSED));
+    IssueDto hotspot = dbTester.issues().insertHotspot(rule, project, file, t -> t.setStatus(Issue.STATUS_CLOSED));
     TestRequest request = newRequest(hotspot);
 
     assertThatThrownBy(request::execute)

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/AddCommentActionTest.java

 import static java.util.Collections.singletonList;
 import static java.util.Optional.ofNullable;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
     assertThat(issueChangePostProcessor.wasCalled()).isFalse();
   }
 
+  @Test
+  public void fail_if_add_comment_to_hotspot() {
+    IssueDto issueDto = issueDbTester.insertHotspot();
+    loginWithBrowsePermission(issueDto, USER);
+
+    assertThatThrownBy(() -> call(issueDto.getKey(), "please fix it"))
+      .isInstanceOf(NotFoundException.class)
+      .hasMessage("Issue with key '%s' does not exist", issueDto.getKey());
+  }
+
   @Test
   public void fail_when_missing_issue_key() {
     userSession.logIn("john");

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/AssignActionTest.java

 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.sonar.api.impl.utils.TestSystem2;
+import org.sonar.api.rules.RuleType;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.server.ws.WsActionTester;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.junit.rules.ExpectedException.none;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.sonar.api.rules.RuleType.CODE_SMELL;
+import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.api.web.UserRole.USER;
 import static org.sonar.server.tester.UserSessionRule.standalone;
       .execute();
   }
 
+  @Test
+  public void fail_when_trying_assign_to_hotspot() {
+    IssueDto hotspot = db.issues().insertHotspot(
+      h -> h
+        .setAssigneeUuid(PREVIOUS_ASSIGNEE)
+        .setCreatedAt(PAST).setIssueCreationTime(PAST)
+        .setUpdatedAt(PAST).setIssueUpdateTime(PAST)
+    );
+
+    setUserWithBrowsePermission(hotspot);
+    UserDto arthur = insertUser("arthur");
+
+    assertThatThrownBy(() -> ws.newRequest()
+      .setParam("issue", hotspot.getKey())
+      .setParam("assignee", arthur.getLogin())
+      .execute())
+        .isInstanceOf(NotFoundException.class)
+        .hasMessage("Issue with key '%s' does not exist", hotspot.getKey());
+  }
+
   @Test
   public void fail_when_assignee_is_disabled() {
     IssueDto issue = newIssueWithBrowsePermission();
   }
 
   private IssueDto newIssue(String assignee) {
+    return newIssue(assignee, CODE_SMELL);
+  }
+
+  private IssueDto newIssue(String assignee, RuleType ruleType) {
     return db.issues().insertIssue(
       issueDto -> issueDto
         .setAssigneeUuid(assignee)
         .setCreatedAt(PAST).setIssueCreationTime(PAST)
         .setUpdatedAt(PAST).setIssueUpdateTime(PAST)
-        .setType(CODE_SMELL));
+        .setType(ruleType));
   }
 
   private IssueDto newIssueWithBrowsePermission() {

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/AuthorsActionTest.java

     String luke = "luke.skywalker";
     ComponentDto project = db.components().insertPrivateProject();
     permissionIndexer.allowOnlyAnyone(project);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(leia));
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(luke));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(leia));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(luke));
     issueIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(db.getDefaultOrganization());
 
     String luke = "luke.skywalker";
     ComponentDto project = db.components().insertPrivateProject();
     permissionIndexer.allowOnlyAnyone(project);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(leia));
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(luke));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(leia));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(luke));
     issueIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(db.getDefaultOrganization());
 
     ComponentDto project1 = db.components().insertPrivateProject(organization1);
     ComponentDto project2 = db.components().insertPrivateProject(organization2);
     permissionIndexer.allowOnlyAnyone(project1, project2);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project1, project1, issue -> issue.setAuthorLogin(leia));
-    db.issues().insert(rule, project2, project2, issue -> issue.setAuthorLogin(luke));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project1, project1, issue -> issue.setAuthorLogin(leia));
+    db.issues().insertIssue(rule, project2, project2, issue -> issue.setAuthorLogin(luke));
     issueIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(organization1);
 
     ComponentDto project1 = db.components().insertPrivateProject(organization);
     ComponentDto project2 = db.components().insertPrivateProject(organization);
     permissionIndexer.allowOnlyAnyone(project1, project2);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project1, project1, issue -> issue.setAuthorLogin(leia));
-    db.issues().insert(rule, project2, project2, issue -> issue.setAuthorLogin(luke));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project1, project1, issue -> issue.setAuthorLogin(leia));
+    db.issues().insertIssue(rule, project2, project2, issue -> issue.setAuthorLogin(luke));
     issueIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(organization);
 
     ComponentDto project = db.components().insertPrivateProject(organization);
     db.components().insertComponent(newProjectCopy(project, portfolio));
     permissionIndexer.allowOnlyAnyone(project);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(leia));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(leia));
     issueIndexer.indexOnStartup(emptySet());
     viewIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(organization);
     ComponentDto project = db.components().insertPrivateProject(defaultOrganization);
     db.components().insertComponent(newProjectCopy(project, application));
     permissionIndexer.allowOnlyAnyone(project);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(leia));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(leia));
     issueIndexer.indexOnStartup(emptySet());
     viewIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(defaultOrganization);
     OrganizationDto otherOrganization = db.organizations().insert();
     ComponentDto project2 = db.components().insertPrivateProject(otherOrganization);
     permissionIndexer.allowOnlyAnyone(project1, project2);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project1, project1, issue -> issue.setAuthorLogin(leia));
-    db.issues().insert(rule, project2, project2, issue -> issue.setAuthorLogin(luke));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project1, project1, issue -> issue.setAuthorLogin(leia));
+    db.issues().insertIssue(rule, project2, project2, issue -> issue.setAuthorLogin(luke));
     issueIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(db.getDefaultOrganization());
 
     String luke = "luke.skywalker";
     ComponentDto project = db.components().insertPrivateProject();
     permissionIndexer.allowOnlyAnyone(project);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(han));
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(leia));
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(luke));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(han));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(leia));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(luke));
     issueIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(db.getDefaultOrganization());
 
   public void return_only_authors_from_issues_visible_by_current_user() {
     String leia = "leia.organa";
     String luke = "luke.skywalker";
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
     UserDto user = db.users().insertUser();
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(leia));
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin(luke));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(leia));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin(luke));
     issueIndexer.indexOnStartup(emptySet());
     userSession.logIn(user).addMembership(db.getDefaultOrganization());
 
     assertThat(ws.newRequest().executeProtobuf(AuthorsResponse.class).getAuthorsList()).isNotEmpty();
   }
 
+  @Test
+  public void should_ignore_authors_of_hotspot() {
+    String luke = "luke.skywalker";
+    ComponentDto project = db.components().insertPrivateProject();
+    permissionIndexer.allowOnlyAnyone(project);
+    db.issues().insertHotspot(project, project, issue -> issue
+      .setAuthorLogin(luke));
+    issueIndexer.indexOnStartup(emptySet());
+    userSession.logIn().addMembership(db.getDefaultOrganization());
+
+    AuthorsResponse result = ws.newRequest().executeProtobuf(AuthorsResponse.class);
+
+    assertThat(result.getAuthorsList()).isEmpty();
+  }
+
   @Test
   public void fail_when_user_is_not_logged() {
     userSession.anonymous();
   public void json_example() {
     ComponentDto project = db.components().insertPrivateProject();
     permissionIndexer.allowOnlyAnyone(project);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin("luke.skywalker"));
-    db.issues().insert(rule, project, project, issue -> issue.setAuthorLogin("leia.organa"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin("luke.skywalker"));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setAuthorLogin("leia.organa"));
     issueIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(db.getDefaultOrganization());
 

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/BulkChangeActionTest.java

 import static org.assertj.core.api.Assertions.tuple;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyZeroInteractions;
 import static org.sonar.api.issue.DefaultTransitions.RESOLVE_AS_REVIEWED;
 import static org.sonar.api.issue.Issue.RESOLUTION_FIXED;
 import static org.sonar.api.issue.Issue.STATUS_CLOSED;
 import static org.sonar.api.issue.Issue.STATUS_CONFIRMED;
 import static org.sonar.api.issue.Issue.STATUS_OPEN;
-import static org.sonar.api.issue.Issue.STATUS_REVIEWED;
-import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW;
 import static org.sonar.api.rule.Severity.MAJOR;
 import static org.sonar.api.rule.Severity.MINOR;
 import static org.sonar.api.rules.RuleType.BUG;
 import static org.sonar.api.rules.RuleType.CODE_SMELL;
-import static org.sonar.api.rules.RuleType.SECURITY_HOTSPOT;
 import static org.sonar.api.rules.RuleType.VULNERABILITY;
 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
 import static org.sonar.api.web.UserRole.SECURITYHOTSPOT_ADMIN;
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setSeverity(MAJOR).setType(CODE_SMELL)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setSeverity(MAJOR).setType(CODE_SMELL)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setTags(asList("tag1", "tag2"))
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setTags(asList("tag1", "tag2"))
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     UserDto assignee = db.users().insertUser();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setAssigneeUuid(assignee.getUuid())
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setAssigneeUuid(assignee.getUuid())
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     UserDto oldAssignee = db.users().insertUser();
     UserDto userToAssign = db.users().insertUser();
     db.organizations().addMember(db.getDefaultOrganization(), userToAssign);
-    IssueDto issue1 = db.issues().insert(rule, project, file,
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file,
       i -> i.setAssigneeUuid(oldAssignee.getUuid()).setType(BUG).setSeverity(MINOR).setStatus(STATUS_OPEN).setResolution(null));
-    IssueDto issue2 = db.issues().insert(rule, project, file,
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file,
       i -> i.setAssigneeUuid(userToAssign.getUuid()).setType(CODE_SMELL).setSeverity(MAJOR).setStatus(STATUS_OPEN).setResolution(null));
-    IssueDto issue3 = db.issues().insert(rule, project, file,
+    IssueDto issue3 = db.issues().insertIssue(rule, project, file,
       i -> i.setAssigneeUuid(null).setType(VULNERABILITY).setSeverity(MAJOR).setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
   }
 
   @Test
-  public void send_notification_on_hotspots() {
+  public void should_ignore_hotspots() {
     UserDto user = db.users().insertUser();
     userSession.logIn(user);
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, SECURITYHOTSPOT_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setType(SECURITY_HOTSPOT)
-      .setStatus(STATUS_TO_REVIEW).setResolution(null));
+    IssueDto issue = db.issues().insertHotspot(project, file);
 
     BulkChangeWsResponse response = call(builder()
       .setIssues(singletonList(issue.getKey()))
       .setSendNotifications(true)
       .build());
 
-    checkResponse(response, 1, 1, 0, 0);
-    verify(notificationManager).scheduleForSending(issueChangeNotificationCaptor.capture());
-    IssuesChangesNotificationBuilder builder = issuesChangesSerializer.from(issueChangeNotificationCaptor.getValue());
-    assertThat(builder.getIssues()).hasSize(1);
-    ChangedIssue changedIssue = builder.getIssues().iterator().next();
-    assertThat(changedIssue.getKey()).isEqualTo(issue.getKey());
-    assertThat(changedIssue.getNewStatus()).isEqualTo(STATUS_REVIEWED);
-    assertThat(changedIssue.getNewResolution()).hasValue(RESOLUTION_FIXED);
-    assertThat(changedIssue.getAssignee()).isEmpty();
-    assertThat(changedIssue.getRule()).isEqualTo(ruleOf(rule));
-    assertThat(builder.getChange()).isEqualTo(new UserChange(NOW, userOf(user)));
-    verifyPostProcessorCalled(file);
+    checkResponse(response, 0, 0, 0, 0);
+    verifyNoInteractions(notificationManager);
   }
 
   @Test
     ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setKey("feature").setBranchType(BranchType.BRANCH));
     ComponentDto fileOnBranch = db.components().insertComponent(newFileDto(branch));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, branch, fileOnBranch, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, branch, fileOnBranch, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setKey("feature").setBranchType(branchType));
     ComponentDto fileOnBranch = db.components().insertComponent(newFileDto(branch));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, branch, fileOnBranch, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, branch, fileOnBranch, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project, file, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
-    IssueDto issue2 = db.issues().insert(rule, project, file, i -> i.setType(BUG)
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
-    IssueDto issue3 = db.issues().insert(rule, project, file, i -> i.setType(VULNERABILITY)
+    IssueDto issue3 = db.issues().insertIssue(rule, project, file, i -> i.setType(VULNERABILITY)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto file1 = db.components().insertComponent(newFileDto(project));
     ComponentDto file2 = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project, file1, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file1, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
     // These 2 issues will be ignored as they are resolved, changing type is not possible
-    IssueDto issue2 = db.issues().insert(rule, project, file1, i -> i.setType(BUG)
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file1, i -> i.setType(BUG)
       .setStatus(STATUS_CLOSED).setResolution(RESOLUTION_FIXED));
-    IssueDto issue3 = db.issues().insert(rule, project, file2, i -> i.setType(BUG)
+    IssueDto issue3 = db.issues().insertIssue(rule, project, file2, i -> i.setType(BUG)
       .setStatus(STATUS_CLOSED).setResolution(RESOLUTION_FIXED));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto file1 = db.components().insertComponent(newFileDto(project));
     ComponentDto file2 = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project, file1, i -> i.setType(BUG).setSeverity(MINOR)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file1, i -> i.setType(BUG).setSeverity(MINOR)
       .setStatus(STATUS_OPEN).setResolution(null));
     // These 2 issues will be ignored as there's nothing to do
-    IssueDto issue2 = db.issues().insert(rule, project, file1, i -> i.setType(VULNERABILITY)
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file1, i -> i.setType(VULNERABILITY)
       .setStatus(STATUS_OPEN).setResolution(null));
-    IssueDto issue3 = db.issues().insert(rule, project, file2, i -> i.setType(VULNERABILITY)
+    IssueDto issue3 = db.issues().insertIssue(rule, project, file2, i -> i.setType(VULNERABILITY)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     ComponentDto file1 = db.components().insertComponent(newFileDto(project));
     ComponentDto file2 = db.components().insertComponent(newFileDto(project));
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project, file1, i -> i.setType(BUG).setSeverity(MINOR)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file1, i -> i.setType(BUG).setSeverity(MINOR)
       .setStatus(STATUS_OPEN).setResolution(null));
     // These 2 issues will be ignored as there's nothing to do
-    IssueDto issue2 = db.issues().insert(rule, project, file1, i -> i.setType(VULNERABILITY)
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file1, i -> i.setType(VULNERABILITY)
       .setStatus(STATUS_OPEN).setResolution(null));
-    IssueDto issue3 = db.issues().insert(rule, project, file2, i -> i.setType(VULNERABILITY)
+    IssueDto issue3 = db.issues().insertIssue(rule, project, file2, i -> i.setType(VULNERABILITY)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     userSession.logIn(user);
     ComponentDto project = db.components().insertPrivateProject();
     addUserProjectPermissions(user, project, USER, ISSUE_ADMIN);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, project, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
-    RuleDefinitionDto externalRule = db.rules().insert(r -> r.setIsExternal(true));
-    IssueDto externalIssue = db.issues().insert(externalRule, project, project, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, project, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
+    RuleDefinitionDto externalRule = db.rules().insertIssueRule(r -> r.setIsExternal(true));
+    IssueDto externalIssue = db.issues().insertIssue(externalRule, project, project, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
 
     BulkChangeWsResponse response = call(builder()
       .setIssues(asList(issue.getKey(), externalIssue.getKey()))
     ComponentDto project1 = db.components().insertPrivateProject();
     addUserProjectPermissions(user, project1, USER, ISSUE_ADMIN);
     ComponentDto project2 = db.components().insertPrivateProject();
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto authorizedIssue = db.issues().insert(rule, project1, project1, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto authorizedIssue = db.issues().insertIssue(rule, project1, project1, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
     // User has not browse permission on these 2 issues
-    IssueDto notAuthorizedIssue1 = db.issues().insert(rule, project2, project2, i -> i.setType(BUG)
+    IssueDto notAuthorizedIssue1 = db.issues().insertIssue(rule, project2, project2, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
-    IssueDto notAuthorizedIssue2 = db.issues().insert(rule, project2, project2, i -> i.setType(BUG)
+    IssueDto notAuthorizedIssue2 = db.issues().insertIssue(rule, project2, project2, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     addUserProjectPermissions(user, project1, USER, ISSUE_ADMIN);
     ComponentDto project2 = db.components().insertPrivateProject();
     addUserProjectPermissions(user, project2, USER);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto authorizedIssue1 = db.issues().insert(rule, project1, project1, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto authorizedIssue1 = db.issues().insertIssue(rule, project1, project1, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
     // User has not issue admin permission on these 2 issues
-    IssueDto notAuthorizedIssue1 = db.issues().insert(rule, project2, project2, i -> i.setType(BUG)
+    IssueDto notAuthorizedIssue1 = db.issues().insertIssue(rule, project2, project2, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
-    IssueDto notAuthorizedIssue2 = db.issues().insert(rule, project2, project2, i -> i.setType(BUG)
+    IssueDto notAuthorizedIssue2 = db.issues().insertIssue(rule, project2, project2, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     BulkChangeWsResponse response = call(builder()
     addUserProjectPermissions(user, project1, USER, ISSUE_ADMIN);
     ComponentDto project2 = db.components().insertPrivateProject();
     addUserProjectPermissions(user, project2, USER);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto authorizedIssue1 = db.issues().insert(rule, project1, project1, i -> i.setSeverity(MAJOR)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto authorizedIssue1 = db.issues().insertIssue(rule, project1, project1, i -> i.setSeverity(MAJOR)
       .setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
     // User has not issue admin permission on these 2 issues
-    IssueDto notAuthorizedIssue1 = db.issues().insert(rule, project2, project2, i -> i.setSeverity(MAJOR)
+    IssueDto notAuthorizedIssue1 = db.issues().insertIssue(rule, project2, project2, i -> i.setSeverity(MAJOR)
       .setStatus(STATUS_OPEN).setResolution(null).setType(BUG));
-    IssueDto notAuthorizedIssue2 = db.issues().insert(rule, project2, project2, i -> i.setSeverity(MAJOR)
+    IssueDto notAuthorizedIssue2 = db.issues().insertIssue(rule, project2, project2, i -> i.setSeverity(MAJOR)
       .setStatus(STATUS_OPEN).setResolution(null).setType(VULNERABILITY));
 
     BulkChangeWsResponse response = call(builder()
     userSession.logIn(user);
     ComponentDto project = db.components().insertPrivateProject();
     addUserProjectPermissions(user, project, USER);
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, project, i -> i.setType(BUG)
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, project, i -> i.setType(BUG)
       .setStatus(STATUS_OPEN).setResolution(null));
 
     expectedException.expectMessage("At least one action must be provided");

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/ChangelogActionTest.java

 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.issue.IssueDto;
 import org.sonar.db.organization.OrganizationDto;
+import org.sonar.db.rule.RuleDefinitionDto;
 import org.sonar.db.rule.RuleDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.db.user.UserTesting;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.issue.AvatarResolverImpl;
 import org.sonar.server.issue.IssueChangeWSSupport;
 import org.sonar.server.issue.IssueFinder;
 
 import static java.util.Optional.ofNullable;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.groups.Tuple.tuple;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.api.web.UserRole.USER;
   @Test
   public void return_changelog() {
     UserDto user = insertUser();
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
   @Test
   public void return_empty_changelog_when_not_member() {
     UserDto user = insertUser();
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addProjectPermission(USER, project, file);
     db.issues().insertFieldDiffs(issueDto, new FieldDiffs().setUserUuid(user.getUuid()).setDiff("severity", "MAJOR", "BLOCKER").setCreationDate(new Date()));
 
   @Test
   public void changelog_of_file_move_is_empty_when_files_does_not_exists() {
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
   @Test
   public void return_changelog_on_user_without_email() {
     UserDto user = db.users().insertUser(UserTesting.newUserDto("john", "John", null));
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
 
   @Test
   public void return_changelog_not_having_user() {
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
 
   @Test
   public void return_changelog_on_none_existing_user() {
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
   @Test
   public void return_changelog_on_deactivated_user() {
     UserDto user = db.users().insertDisabledUser();
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
   @Test
   public void return_multiple_diffs() {
     UserDto user = insertUser();
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
   @Test
   public void return_changelog_when_no_old_value() {
     UserDto user = insertUser();
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
   @Test
   public void return_changelog_when_no_new_value() {
     UserDto user = insertUser();
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
   @Test
   public void return_many_changelog() {
     UserDto user = insertUser();
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
   @Test
   public void replace_technical_debt_key_by_effort() {
     UserDto user = insertUser();
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
 
   @Test
   public void return_empty_changelog_when_no_changes_on_issue() {
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john").addProjectPermission(USER, project, file);
 
     ChangelogWsResponse result = call(issueDto.getKey());
 
   @Test
   public void fail_when_not_enough_permission() {
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john").addProjectPermission(CODEVIEWER, project, file);
 
     expectedException.expect(ForbiddenException.class);
     call(issueDto.getKey());
   }
 
+  @Test
+  public void fail_when_trying_to_get_changelog_of_hotspot() {
+    IssueDto issueDto = db.issues().insertHotspot();
+    userSession.logIn("john").addProjectPermission(USER, project, file);
+
+    assertThatThrownBy(() -> call(issueDto.getKey()))
+      .isInstanceOf(NotFoundException.class)
+      .hasMessage("Issue with key '%s' does not exist", issueDto.getKey());
+  }
+
   @Test
   public void test_example() {
     UserDto user = db.users().insertUser(newUserDto("john.smith", "John Smith", "john@smith.com"));
-    IssueDto issueDto = db.issues().insertIssue(newIssue());
+    IssueDto issueDto = insertNewIssue();
     userSession.logIn("john")
       .addMembership(db.getDefaultOrganization())
       .addProjectPermission(USER, project, file);
     return request.executeProtobuf(ChangelogWsResponse.class);
   }
 
-  private IssueDto newIssue() {
-    RuleDto rule = db.rules().insertRule(newRuleDto());
-    return newDto(rule, file, project);
+  private IssueDto insertNewIssue() {
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    return db.issues().insertIssue(rule, project, file);
   }
 
   private UserDto insertUser() {

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/DeleteCommentActionTest.java

 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.mockito.ArgumentCaptor;
+import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
 
 import static java.util.Optional.ofNullable;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
     call(commentDto.getKey());
   }
 
+  @Test
+  public void fail_when_hotspot() {
+    IssueDto hotspot = issueDbTester.insertHotspot();
+    UserDto user = dbTester.users().insertUser();
+    IssueChangeDto commentDto = issueDbTester.insertComment(hotspot, user, "please fix it");
+    loginAndAddProjectPermission(user, hotspot, USER);
+
+    assertThatThrownBy(() -> call(commentDto.getKey()))
+    .isInstanceOf(NotFoundException.class)
+    .hasMessage("Issue with key '%s' does not exist", hotspot.getKey());
+  }
+
   @Test
   public void test_definition() {
     WebService.Action action = tester.getDef();

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/DoTransitionActionTest.java

 import org.junit.rules.ExpectedException;
 import org.mockito.ArgumentCaptor;
 import org.sonar.api.impl.utils.TestSystem2;
+import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.utils.System2;
 import org.sonar.server.ws.WsActionTester;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
   private WsActionTester tester = new WsActionTester(underTest);
 
   @Before
-  public void setUp() throws Exception {
+  public void setUp() {
     workflow.start();
   }
 
   public void do_transition() {
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
     userSession.logIn(db.users().insertUser()).addProjectPermission(USER, project, file);
 
     call(issue.getKey(), "confirm");
   public void fail_if_external_issue() {
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto externalRule = db.rules().insert(r -> r.setIsExternal(true));
-    IssueDto externalIssue = db.issues().insert(externalRule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
+    RuleDefinitionDto externalRule = db.rules().insertIssueRule(r -> r.setIsExternal(true));
+    IssueDto externalIssue = db.issues().insertIssue(externalRule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
     userSession.logIn().addProjectPermission(USER, project, file);
 
     expectedException.expect(IllegalArgumentException.class);
     call(externalIssue.getKey(), "confirm");
   }
 
+  @Test
+  public void fail_if_hotspot() {
+    ComponentDto project = db.components().insertPrivateProject();
+    ComponentDto file = db.components().insertComponent(newFileDto(project));
+    RuleDefinitionDto rule = db.rules().insertHotspotRule();
+    IssueDto hotspot = db.issues().insertHotspot(rule, project, file, i -> i.setType(RuleType.SECURITY_HOTSPOT));
+    userSession.logIn().addProjectPermission(USER, project, file);
+
+    assertThatThrownBy(() -> call(hotspot.getKey(), "confirm"))
+      .isInstanceOf(NotFoundException.class)
+      .hasMessage("Issue with key '%s' does not exist", hotspot.getKey());
+  }
+
   @Test
   public void fail_if_issue_does_not_exist() {
     userSession.logIn();
   public void fail_if_no_transition_param() {
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
     userSession.logIn().addProjectPermission(USER, project, file);
 
     expectedException.expect(IllegalArgumentException.class);
   public void fail_if_not_enough_permission_to_access_issue() {
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
     userSession.logIn().addProjectPermission(CODEVIEWER, project, file);
 
     expectedException.expect(ForbiddenException.class);
   public void fail_if_not_enough_permission_to_apply_transition() {
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setStatus(STATUS_OPEN).setResolution(null).setType(CODE_SMELL));
     userSession.logIn().addProjectPermission(USER, project, file);
 
     // False-positive transition is requiring issue admin permission

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/EditCommentActionTest.java

  */
 package org.sonar.server.issue.ws;
 
-import java.util.Arrays;
-import java.util.Random;
 import javax.annotation.Nullable;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.mockito.ArgumentCaptor;
-import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
 
 import static java.util.Optional.ofNullable;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 public class EditCommentActionTest {
 
   private static final long NOW = 10_000_000_000L;
-  private static final RuleType[] RULE_TYPES_EXCEPT_HOTSPOTS = Arrays.stream(RuleType.values())
-    .filter(ruleType -> RuleType.SECURITY_HOTSPOT != ruleType).toArray(RuleType[]::new);
 
   @Rule
   public ExpectedException expectedException = ExpectedException.none();
     new EditCommentAction(system2, userSession, dbClient, new IssueFinder(dbClient, userSession), responseWriter));
 
   @Before
-  public void setUp() throws Exception {
+  public void setUp() {
     when(system2.now()).thenReturn(NOW);
   }
 
     assertThat(issueComment.getUpdatedAt()).isEqualTo(NOW);
   }
 
+  @Test
+  public void fail_when_comment_is_for_hotspot() {
+    IssueDto hotspot = issueDbTester.insertHotspot();
+    UserDto user = dbTester.users().insertUser();
+    IssueChangeDto commentDto = issueDbTester.insertComment(hotspot, user, "please fix it");
+    UserDto another = dbTester.users().insertUser();
+    loginWithBrowsePermission(another, USER, hotspot);
+
+    assertThatThrownBy(() -> call(commentDto.getKey(), "please have a look"))
+    .isInstanceOf(NotFoundException.class)
+    .hasMessage("Issue with key '%s' does not exist", hotspot.getKey());
+  }
+
   @Test
   public void fail_when_comment_does_not_belong_to_current_user() {
     IssueDto issueDto = newIssue();
 
   @Test
   public void fail_NFE_if_security_hotspots() {
-    IssueDto issueDto = issueDbTester.insertIssue(i -> i.setType(RuleType.SECURITY_HOTSPOT));
+    IssueDto issueDto = issueDbTester.insertHotspot();
     UserDto user = dbTester.users().insertUser();
     IssueChangeDto commentDto = issueDbTester.insertComment(issueDto, user, "please fix it");
     loginWithBrowsePermission(user, CODEVIEWER, issueDto);
   }
 
   private IssueDto newIssue() {
-    return issueDbTester.insertIssue(i -> i.setType(RULE_TYPES_EXCEPT_HOTSPOTS[new Random().nextInt(RULE_TYPES_EXCEPT_HOTSPOTS.length)]));
+    return issueDbTester.insertIssue();
   }
 
   private void loginWithBrowsePermission(UserDto user, String permission, IssueDto issueDto) {

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/IssueUpdaterTest.java

 import org.junit.rules.ExpectedException;
 import org.mockito.ArgumentCaptor;
 import org.sonar.api.rule.RuleStatus;
-import org.sonar.api.rules.RuleType;
 import org.sonar.api.utils.System2;
 import org.sonar.core.issue.DefaultIssue;
 import org.sonar.core.issue.IssueChangeContext;
 import org.sonar.db.component.BranchType;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.issue.IssueDto;
-import org.sonar.db.issue.IssueTesting;
 import org.sonar.db.rule.RuleDefinitionDto;
-import org.sonar.db.rule.RuleDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.es.EsTester;
 import org.sonar.server.issue.IssueFieldsSetter;
 import org.sonar.server.organization.TestDefaultOrganizationProvider;
 import org.sonar.server.rule.DefaultRuleFinder;
 
-import static org.apache.commons.lang.math.RandomUtils.nextInt;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
   @Test
   public void verify_notification_without_resolution() {
     UserDto assignee = db.users().insertUser();
-    RuleDto rule = db.rules().insertRule();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleType randomTypeExceptHotspot = RuleType.values()[nextInt(RuleType.values().length - 1)];
-    DefaultIssue issue = db.issues().insertIssue(IssueTesting.newIssue(rule.getDefinition(), project, file)
-      .setType(randomTypeExceptHotspot))
-      .setSeverity(MAJOR)
-      .setAssigneeUuid(assignee.getUuid())
+    DefaultIssue issue = db.issues().insertIssue(rule, project, file,
+      t -> t.setSeverity(MAJOR).setAssigneeUuid(assignee.getUuid()))
       .toDefaultIssue();
     UserDto changeAuthor = db.users().insertUser();
     IssueChangeContext context = IssueChangeContext.createUser(new Date(), changeAuthor.getUuid());
   @Test
   public void verify_notification_with_resolution() {
     UserDto assignee = db.users().insertUser();
-    RuleDto rule = db.rules().insertRule();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleType randomTypeExceptHotspot = RuleType.values()[nextInt(RuleType.values().length - 1)];
-    DefaultIssue issue = db.issues().insertIssue(IssueTesting.newIssue(rule.getDefinition(), project, file)
-      .setType(randomTypeExceptHotspot))
-      .setSeverity(MAJOR)
-      .setAssigneeUuid(assignee.getUuid())
+    DefaultIssue issue = db.issues().insertIssue(rule, project, file,
+      t -> t.setSeverity(MAJOR).setAssigneeUuid(assignee.getUuid()))
       .toDefaultIssue();
     UserDto changeAuthor = db.users().insertUser();
     IssueChangeContext context = IssueChangeContext.createUser(new Date(), changeAuthor.getUuid());
 
   @Test
   public void verify_notification_on_branch() {
-    RuleDto rule = db.rules().insertRule();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto branch = db.components().insertProjectBranch(project, t -> t.setBranchType(BRANCH));
     ComponentDto file = db.components().insertComponent(newFileDto(branch));
-    RuleType randomTypeExceptHotspot = RuleType.values()[nextInt(RuleType.values().length - 1)];
-    DefaultIssue issue = db.issues().insertIssue(IssueTesting.newIssue(rule.getDefinition(), branch, file)
-      .setType(randomTypeExceptHotspot)).setSeverity(MAJOR).toDefaultIssue();
+    DefaultIssue issue = db.issues().insertIssue(rule, branch, file,
+      t -> t.setSeverity(MAJOR)).toDefaultIssue();
     UserDto changeAuthor = db.users().insertUser();
     IssueChangeContext context = IssueChangeContext.createUser(new Date(), changeAuthor.getUuid());
     issueFieldsSetter.setSeverity(issue, BLOCKER, context);
 
   @Test
   public void verify_no_notification_on_pr() {
-    RuleDto rule = db.rules().insertRule();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto branch = db.components().insertProjectBranch(project, t -> t.setBranchType(BranchType.PULL_REQUEST));
     ComponentDto file = db.components().insertComponent(newFileDto(branch));
-    RuleType randomTypeExceptHotspot = RuleType.values()[nextInt(RuleType.values().length - 1)];
-    DefaultIssue issue = db.issues().insertIssue(IssueTesting.newIssue(rule.getDefinition(), branch, file)
-      .setType(randomTypeExceptHotspot)).setSeverity(MAJOR).toDefaultIssue();
+    DefaultIssue issue = db.issues().insertIssue(rule, branch, file, t -> t.setSeverity(MAJOR)).toDefaultIssue();
     IssueChangeContext context = IssueChangeContext.createUser(new Date(), "user_uuid");
     issueFieldsSetter.setSeverity(issue, BLOCKER, context);
 
 
   @Test
   public void verify_notification_when_issue_is_linked_on_removed_rule() {
-    RuleDto rule = db.rules().insertRule(r -> r.setStatus(RuleStatus.REMOVED));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setStatus(RuleStatus.REMOVED));
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleType randomTypeExceptHotspot = RuleType.values()[nextInt(RuleType.values().length - 1)];
-    DefaultIssue issue = db.issues().insertIssue(IssueTesting.newIssue(rule.getDefinition(), project, file)
-      .setType(randomTypeExceptHotspot)).setSeverity(MAJOR).toDefaultIssue();
+    DefaultIssue issue = db.issues().insertIssue(rule, project, file, t -> t.setSeverity(MAJOR)).toDefaultIssue();
     IssueChangeContext context = IssueChangeContext.createUser(new Date(), "user_uuid");
     issueFieldsSetter.setSeverity(issue, BLOCKER, context);
 
   @Test
   public void verify_notification_when_assignee_has_changed() {
     UserDto oldAssignee = db.users().insertUser();
-    RuleDto rule = db.rules().insertRule();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleType randomTypeExceptHotspot = RuleType.values()[nextInt(RuleType.values().length - 1)];
-    DefaultIssue issue = db.issues().insertIssue(IssueTesting.newIssue(rule.getDefinition(), project, file)
-      .setType(randomTypeExceptHotspot))
-      .setAssigneeUuid(oldAssignee.getUuid())
+    DefaultIssue issue = db.issues().insertIssue(rule, project, file, t -> t.setAssigneeUuid(oldAssignee.getUuid()))
       .toDefaultIssue();
     UserDto changeAuthor = db.users().insertUser();
     IssueChangeContext context = IssueChangeContext.createUser(new Date(), changeAuthor.getUuid());
 
   @Test
   public void saveIssue_populates_specified_SearchResponseData_with_rule_project_and_component_retrieved_from_DB() {
-    RuleDto rule = db.rules().insertRule();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    IssueDto issueDto = IssueTesting.newIssue(rule.getDefinition(), project, file);
-    DefaultIssue issue = db.issues().insert(issueDto).setSeverity(MAJOR).toDefaultIssue();
+    IssueDto issueDto = db.issues().insertIssue(rule, project, file);
+    DefaultIssue issue = issueDto.setSeverity(MAJOR).toDefaultIssue();
     UserDto changeAuthor = db.users().insertUser();
     IssueChangeContext context = IssueChangeContext.createUser(new Date(), changeAuthor.getUuid());
     issueFieldsSetter.setSeverity(issue, BLOCKER, context);
 
   @Test
   public void saveIssue_populates_specified_SearchResponseData_with_no_rule_but_with_project_and_component_if_rule_is_removed() {
-    RuleDto rule = db.rules().insertRule(r -> r.setStatus(RuleStatus.REMOVED));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setStatus(RuleStatus.REMOVED));
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    IssueDto issueDto = IssueTesting.newIssue(rule.getDefinition(), project, file);
-    DefaultIssue issue = db.issues().insert(issueDto).setSeverity(MAJOR).toDefaultIssue();
+    IssueDto issueDto = db.issues().insertIssue(rule, project, file);
+    DefaultIssue issue = issueDto.setSeverity(MAJOR).toDefaultIssue();
     IssueChangeContext context = IssueChangeContext.createUser(new Date(), "user_uuid");
     issueFieldsSetter.setSeverity(issue, BLOCKER, context);
 

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsTest.java

 
   @Test
   public void search_all_issues_when_no_parameter() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto projectFile = db.components().insertComponent(newFileDto(project));
-    IssueDto issue = db.issues().insert(rule, project, projectFile);
+    IssueDto issue = db.issues().insertIssue(rule, project, projectFile);
     allowAnyoneOnProjects(project);
     indexIssues();
 
 
   @Test
   public void issues_on_different_projects() {
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
     OrganizationDto organization1 = db.organizations().insert();
     ComponentDto project = db.components().insertPublicProject(organization1);
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    IssueDto issue1 = db.issues().insert(rule, project, file);
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file);
     OrganizationDto organization2 = db.organizations().insert();
     ComponentDto project2 = db.components().insertPublicProject(organization2);
     ComponentDto file2 = db.components().insertComponent(newFileDto(project2));
-    IssueDto issue2 = db.issues().insert(rule, project2, file2);
+    IssueDto issue2 = db.issues().insertIssue(rule, project2, file2);
     allowAnyoneOnProjects(project, project2);
     indexIssues();
 
     ComponentDto file1 = db.components().insertComponent(newFileDto(module1));
     ComponentDto module2 = db.components().insertComponent(newModuleDto(project));
     ComponentDto file2 = db.components().insertComponent(newFileDto(module2));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project, file1);
-    IssueDto issue2 = db.issues().insert(rule, project, file2);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file1);
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file2);
     allowAnyoneOnProjects(project);
     indexIssues();
 
     ComponentDto project = db.components().insertPublicProject(p -> p.setDbKey("PK1"));
     ComponentDto module = db.components().insertComponent(newModuleDto("M1", project).setDbKey("MK1"));
     ComponentDto file = db.components().insertComponent(newFileDto(module, null, "F1").setDbKey("FK1"));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    db.issues().insert(rule, project, file, i -> i.setKee("ISSUE_IN_MODULE"));
-    db.issues().insert(rule, project, project, i -> i.setKee("ISSUE_IN_ROOT_MODULE"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    db.issues().insertIssue(rule, project, file, i -> i.setKee("ISSUE_IN_MODULE"));
+    db.issues().insertIssue(rule, project, project, i -> i.setKee("ISSUE_IN_ROOT_MODULE"));
     allowAnyoneOnProjects(project);
     indexIssues();
 
     ComponentDto project = db.components().insertPublicProject(p -> p.setDbKey("PK1"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "F1").setDbKey("FK1"));
     db.components().insertSnapshot(project, a -> a.setPeriodDate(parseDateTime("2015-09-03T00:00:00+0100").getTime()));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    IssueDto issueAfterLeak = db.issues().insert(rule, project, file, i -> i.setKee(UUID_EXAMPLE_01)
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    IssueDto issueAfterLeak = db.issues().insertIssue(rule, project, file, i -> i.setKee(UUID_EXAMPLE_01)
       .setIssueCreationDate(parseDateTime("2015-09-04T00:00:00+0100"))
       .setIssueUpdateDate(parseDateTime("2015-10-04T00:00:00+0100")));
-    IssueDto issueBeforeLeak = db.issues().insert(rule, project, file, i -> i.setKee(UUID_EXAMPLE_02)
+    IssueDto issueBeforeLeak = db.issues().insertIssue(rule, project, file, i -> i.setKee(UUID_EXAMPLE_02)
       .setIssueCreationDate(parseDateTime("2014-09-04T00:00:00+0100"))
       .setIssueUpdateDate(parseDateTime("2015-10-04T00:00:00+0100")));
     allowAnyoneOnProjects(project);
     ComponentDto module = db.components().insertComponent(newModuleDto(project));
     ComponentDto file = db.components().insertComponent(newFileDto(module, null, "F1").setDbKey("FK1"));
     db.components().insertSnapshot(project, a -> a.setPeriodDate(parseDateTime("2015-09-03T00:00:00+0100").getTime()));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    IssueDto issueAfterLeak = db.issues().insert(rule, project, file, i -> i.setKee(UUID_EXAMPLE_01)
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    IssueDto issueAfterLeak = db.issues().insertIssue(rule, project, file, i -> i.setKee(UUID_EXAMPLE_01)
       .setIssueCreationDate(parseDateTime("2015-09-04T00:00:00+0100"))
       .setIssueUpdateDate(parseDateTime("2015-10-04T00:00:00+0100")));
-    IssueDto issueBeforeLeak = db.issues().insert(rule, project, file, i -> i.setKee(UUID_EXAMPLE_02)
+    IssueDto issueBeforeLeak = db.issues().insertIssue(rule, project, file, i -> i.setKee(UUID_EXAMPLE_02)
       .setIssueCreationDate(parseDateTime("2014-09-04T00:00:00+0100"))
       .setIssueUpdateDate(parseDateTime("2015-10-04T00:00:00+0100")));
     allowAnyoneOnProjects(project);
   public void search_by_file_uuid() {
     ComponentDto project = db.components().insertPublicProject(p -> p.setDbKey("PK1"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "F1").setDbKey("FK1"));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
     allowAnyoneOnProjects(project);
     indexIssues();
 
     ComponentDto project = db.components().insertPublicProject(p -> p.setDbKey("PK1"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "F1").setDbKey("FK1"));
     ComponentDto unitTest = db.components().insertComponent(newFileDto(project, null, "F2").setQualifier(Qualifiers.UNIT_TEST_FILE).setDbKey("FK2"));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    IssueDto issueOnFile = db.issues().insert(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
-    IssueDto issueOnTest = db.issues().insert(rule, project, unitTest, i -> i.setKee("2bd4eac2-b650-4037-80bc-7b1182fd47d4"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    IssueDto issueOnFile = db.issues().insertIssue(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    IssueDto issueOnTest = db.issues().insertIssue(rule, project, unitTest, i -> i.setKee("2bd4eac2-b650-4037-80bc-7b1182fd47d4"));
     allowAnyoneOnProjects(project);
     indexIssues();
 
     ComponentDto project = db.components().insertPublicProject(p -> p.setDbKey("PK1"));
     ComponentDto directory = db.components().insertComponent(newDirectory(project, "D1", "src/main/java/dir"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "F1").setDbKey("FK1").setPath(directory.path() + "/MyComponent.java"));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    db.issues().insert(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    db.issues().insertIssue(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
     allowAnyoneOnProjects(project);
     indexIssues();
 
     ComponentDto directory2 = db.components().insertComponent(newDirectory(module2, "D2", "src/main/java/dir"));
     ComponentDto file1 = db.components().insertComponent(newFileDto(module1, directory1, "F1").setDbKey("FK1").setPath(directory1.path() + "/MyComponent.java"));
     db.components().insertComponent(newFileDto(module2, directory2, "F2").setDbKey("FK2").setPath(directory2.path() + "/MyComponent.java"));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    db.issues().insert(rule, project, file1, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    db.issues().insertIssue(rule, project, file1, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
     allowAnyoneOnProjects(project);
     indexIssues();
 
     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "F1").setDbKey("FK1"));
     ComponentDto view = db.components().insertComponent(newView(db.getDefaultOrganization(), "V1").setDbKey("MyView"));
     db.components().insertComponent(newProjectCopy(project, view));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    db.issues().insert(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    db.issues().insertIssue(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
     allowAnyoneOnProjects(project, view);
     indexIssuesAndViews();
 
   public void search_by_sub_view_uuid() {
     ComponentDto project = db.components().insertPublicProject(p -> p.setDbKey("PK1"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "F1").setDbKey("FK1"));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    db.issues().insert(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    db.issues().insertIssue(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
     ComponentDto view = db.components().insertComponent(newView(db.getDefaultOrganization(), "V1").setDbKey("MyView"));
     ComponentDto subView = db.components().insertComponent(newSubView(view, "SV1", "MySubView"));
     db.components().insertComponent(newProjectCopy(project, subView));
   public void search_by_sub_view_uuid_return_only_authorized_view() {
     ComponentDto project = db.components().insertPublicProject(p -> p.setDbKey("PK1"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "F1").setDbKey("FK1"));
-    RuleDefinitionDto rule = db.rules().insert(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
-    db.issues().insert(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule(r -> r.setRuleKey(RuleKey.of("xoo", "x1")));
+    db.issues().insertIssue(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
     ComponentDto view = db.components().insertComponent(newView(db.getDefaultOrganization(), "V1").setDbKey("MyView"));
     ComponentDto subView = db.components().insertComponent(newSubView(view, "SV1", "MySubView"));
     db.components().insertComponent(newProjectCopy(project, subView));
     ComponentDto project2 = db.components().insertPrivateProject();
     db.components().insertComponents(newProjectCopy(project1, application));
     db.components().insertComponents(newProjectCopy(project2, application));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project1, project1);
-    IssueDto issue2 = db.issues().insert(rule, project2, project2);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project1, project1);
+    IssueDto issue2 = db.issues().insertIssue(rule, project2, project2);
     allowAnyoneOnProjects(project1, project2, application);
     userSession.addProjectPermission(USER, application);
     indexIssuesAndViews();
     db.components().insertComponents(newProjectCopy(project2, applicationBranch1));
     db.components().insertComponents(newProjectCopy(project1Branch2, applicationBranch2));
 
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issueOnProject1 = db.issues().insert(rule, project1, project1);
-    IssueDto issueOnProject1Branch1 = db.issues().insert(rule, project1Branch1, project1Branch1);
-    IssueDto issueOnFileOnProject1Branch1 = db.issues().insert(rule, project1Branch1, fileOnProject1Branch1);
-    IssueDto issueOnProject1Branch2 = db.issues().insert(rule, project1Branch2, project1Branch2);
-    IssueDto issueOnProject2 = db.issues().insert(rule, project2, project2);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issueOnProject1 = db.issues().insertIssue(rule, project1, project1);
+    IssueDto issueOnProject1Branch1 = db.issues().insertIssue(rule, project1Branch1, project1Branch1);
+    db.issues().insertHotspot(rule, project1Branch1, project1Branch1);
+    IssueDto issueOnFileOnProject1Branch1 = db.issues().insertIssue(rule, project1Branch1, fileOnProject1Branch1);
+    IssueDto issueOnProject1Branch2 = db.issues().insertIssue(rule, project1Branch2, project1Branch2);
+    IssueDto issueOnProject2 = db.issues().insertIssue(rule, project2, project2);
+    db.issues().insertHotspot(rule, project2, project2);
     allowAnyoneOnProjects(project1, project2, application);
     userSession.addProjectPermission(USER, application);
     indexIssuesAndViews();
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto application = db.components().insertApplication(db.getDefaultOrganization());
     db.components().insertComponents(newProjectCopy("PC1", project, application));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project);
     allowAnyoneOnProjects(project);
     indexIssuesAndViews();
 
   public void search_application_without_projects() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto application = db.components().insertApplication(db.getDefaultOrganization());
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project);
     allowAnyoneOnProjects(project, application);
     indexIssuesAndViews();
 
   @Test
   public void search_by_application_and_by_leak() {
     Date now = new Date();
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto application = db.components().insertApplication(db.getDefaultOrganization());
     // Project 1
     ComponentDto project1 = db.components().insertPublicProject();
     db.components().insertSnapshot(project1, s -> s.setPeriodDate(addDays(now, -14).getTime()));
     db.components().insertComponents(newProjectCopy("PC1", project1, application));
-    IssueDto project1Issue1 = db.issues().insert(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -10)));
-    IssueDto project1Issue2 = db.issues().insert(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -20)));
+    IssueDto project1Issue1 = db.issues().insertIssue(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -10)));
+    IssueDto project1Issue2 = db.issues().insertIssue(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -20)));
     // Project 2
     ComponentDto project2 = db.components().insertPublicProject();
     db.components().insertSnapshot(project2, s -> s.setPeriodDate(addDays(now, -25).getTime()));
     db.components().insertComponents(newProjectCopy("PC2", project2, application));
-    IssueDto project2Issue1 = db.issues().insert(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -15)));
-    IssueDto project2Issue2 = db.issues().insert(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -30)));
+    IssueDto project2Issue1 = db.issues().insertIssue(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -15)));
+    IssueDto project2Issue2 = db.issues().insertIssue(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -30)));
     // Permissions and index
     allowAnyoneOnProjects(project1, project2, application);
     indexIssuesAndViews();
     ComponentDto application = db.components().insertApplication(db.getDefaultOrganization());
     db.components().insertComponents(newProjectCopy("PC1", project1, application));
     db.components().insertComponents(newProjectCopy("PC2", project2, application));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project1, project1);
-    IssueDto issue2 = db.issues().insert(rule, project2, project2);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project1, project1);
+    IssueDto issue2 = db.issues().insertIssue(rule, project2, project2);
     allowAnyoneOnProjects(project1, project2, application);
     indexIssuesAndViews();
 
   @Test
   public void search_by_application_and_project_and_leak() {
     Date now = new Date();
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto application = db.components().insertApplication(db.getDefaultOrganization());
     // Project 1
     ComponentDto project1 = db.components().insertPublicProject();
     db.components().insertSnapshot(project1, s -> s.setPeriodDate(addDays(now, -14).getTime()));
     db.components().insertComponents(newProjectCopy("PC1", project1, application));
-    IssueDto project1Issue1 = db.issues().insert(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -10)));
-    IssueDto project1Issue2 = db.issues().insert(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -20)));
+    IssueDto project1Issue1 = db.issues().insertIssue(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -10)));
+    IssueDto project1Issue2 = db.issues().insertIssue(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -20)));
     // Project 2
     ComponentDto project2 = db.components().insertPublicProject();
     db.components().insertSnapshot(project2, s -> s.setPeriodDate(addDays(now, -25).getTime()));
     db.components().insertComponents(newProjectCopy("PC2", project2, application));
-    IssueDto project2Issue1 = db.issues().insert(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -15)));
-    IssueDto project2Issue2 = db.issues().insert(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -30)));
+    IssueDto project2Issue1 = db.issues().insertIssue(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -15)));
+    IssueDto project2Issue2 = db.issues().insertIssue(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -30)));
     // Permissions and index
     allowAnyoneOnProjects(project1, project2, application);
     indexIssuesAndViews();
   @Test
   public void search_by_application_and_by_leak_when_one_project_has_no_leak() {
     Date now = new Date();
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto application = db.components().insertApplication(db.getDefaultOrganization());
     // Project 1
     ComponentDto project1 = db.components().insertPublicProject();
     db.components().insertSnapshot(project1, s -> s.setPeriodDate(addDays(now, -14).getTime()));
     db.components().insertComponents(newProjectCopy("PC1", project1, application));
-    IssueDto project1Issue1 = db.issues().insert(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -10)));
-    IssueDto project1Issue2 = db.issues().insert(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -20)));
+    IssueDto project1Issue1 = db.issues().insertIssue(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -10)));
+    IssueDto project1Issue2 = db.issues().insertIssue(rule, project1, project1, i -> i.setIssueCreationDate(addDays(now, -20)));
     // Project 2, without leak => no issue form it should be returned
     ComponentDto project2 = db.components().insertPublicProject();
     db.components().insertSnapshot(project2, s -> s.setPeriodDate(null));
     db.components().insertComponents(newProjectCopy("PC2", project2, application));
-    IssueDto project2Issue1 = db.issues().insert(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -15)));
-    IssueDto project2Issue2 = db.issues().insert(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -30)));
+    IssueDto project2Issue1 = db.issues().insertIssue(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -15)));
+    IssueDto project2Issue2 = db.issues().insertIssue(rule, project2, project2, i -> i.setIssueCreationDate(addDays(now, -30)));
     // Permissions and index
     allowAnyoneOnProjects(project1, project2, application);
     indexIssuesAndViews();
 
   @Test
   public void search_by_branch() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    IssueDto issue = db.issues().insert(rule, project, file);
+    IssueDto issue = db.issues().insertIssue(rule, project, file);
 
     ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setBranchType(BRANCH));
     ComponentDto branchFile = db.components().insertComponent(newFileDto(branch));
-    IssueDto branchIssue = db.issues().insert(rule, branch, branchFile);
+    IssueDto branchIssue = db.issues().insertIssue(rule, branch, branchFile);
     allowAnyoneOnProjects(project);
     indexIssuesAndViews();
 
 
   @Test
   public void return_branch_in_component_list() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto projectFile = db.components().insertComponent(newFileDto(project));
-    IssueDto projectIssue = db.issues().insert(rule, project, projectFile);
+    IssueDto projectIssue = db.issues().insertIssue(rule, project, projectFile);
     ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setBranchType(BRANCH));
     ComponentDto branchFile = db.components().insertComponent(newFileDto(branch));
-    IssueDto branchIssue = db.issues().insert(rule, branch, branchFile);
+    IssueDto branchIssue = db.issues().insertIssue(rule, branch, branchFile);
     allowAnyoneOnProjects(project);
     indexIssuesAndViews();
 
 
   @Test
   public void search_by_pull_request() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto projectFile = db.components().insertComponent(newFileDto(project));
-    IssueDto projectIssue = db.issues().insert(rule, project, projectFile);
+    IssueDto projectIssue = db.issues().insertIssue(rule, project, projectFile);
     ComponentDto pullRequest = db.components().insertProjectBranch(project, b -> b.setBranchType(PULL_REQUEST));
     ComponentDto pullRequestFile = db.components().insertComponent(newFileDto(pullRequest));
-    IssueDto pullRequestIssue = db.issues().insert(rule, pullRequest, pullRequestFile);
+    IssueDto pullRequestIssue = db.issues().insertIssue(rule, pullRequest, pullRequestFile);
     allowAnyoneOnProjects(project);
     indexIssuesAndViews();
 
 
   @Test
   public void search_using_main_branch_name() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertMainBranch();
     ComponentDto projectFile = db.components().insertComponent(newFileDto(project));
-    IssueDto projectIssue = db.issues().insert(rule, project, projectFile);
+    IssueDto projectIssue = db.issues().insertIssue(rule, project, projectFile);
     allowAnyoneOnProjects(project);
     indexIssuesAndViews();
 
 
   @Test
   public void does_not_return_branch_issues_on_not_contextualized_search() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto projectFile = db.components().insertComponent(newFileDto(project));
-    IssueDto projectIssue = db.issues().insert(rule, project, projectFile);
+    IssueDto projectIssue = db.issues().insertIssue(rule, project, projectFile);
     ComponentDto branch = db.components().insertProjectBranch(project);
     ComponentDto branchFile = db.components().insertComponent(newFileDto(branch));
-    IssueDto branchIssue = db.issues().insert(rule, branch, branchFile);
+    IssueDto branchIssue = db.issues().insertIssue(rule, branch, branchFile);
     allowAnyoneOnProjects(project);
     indexIssuesAndViews();
 
 
   @Test
   public void does_not_return_branch_issues_when_using_db_key() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
     ComponentDto projectFile = db.components().insertComponent(newFileDto(project));
-    IssueDto projectIssue = db.issues().insert(rule, project, projectFile);
+    IssueDto projectIssue = db.issues().insertIssue(rule, project, projectFile);
     ComponentDto branch = db.components().insertProjectBranch(project);
     ComponentDto branchFile = db.components().insertComponent(newFileDto(branch));
-    IssueDto branchIssue = db.issues().insert(rule, branch, branchFile);
+    IssueDto branchIssue = db.issues().insertIssue(rule, branch, branchFile);
     allowAnyoneOnProjects(project);
     indexIssues();
 

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/SearchActionFacetsTest.java

 
 import com.google.common.collect.ImmutableMap;
 import java.time.Clock;
-import java.util.Arrays;
 import java.util.Map;
 import java.util.Random;
 import java.util.stream.IntStream;
 
 public class SearchActionFacetsTest {
 
-  private static final RuleType[] RULE_TYPES_EXCEPT_HOTSPOT = Arrays.stream(RuleType.values()).filter(ruleType -> RuleType.SECURITY_HOTSPOT != ruleType).toArray(RuleType[]::new);
   private static final String[] ISSUE_STATUSES = Issue.STATUSES.stream().filter(s -> !Issue.STATUS_TO_REVIEW.equals(s)).filter(s -> !Issue.STATUS_REVIEWED.equals(s))
     .toArray(String[]::new);
 
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto module = db.components().insertComponent(newModuleDto(project));
     ComponentDto file = db.components().insertComponent(newFileDto(module));
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     UserDto user = db.users().insertUser();
-    db.issues().insert(rule, project, file, i -> i
+    db.issues().insertIssue(rule, project, file, i -> i
       .setSeverity("MAJOR")
       .setStatus("OPEN")
       .setType(RuleType.CODE_SMELL)
   public void display_facets_in_effort_mode() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file, i -> i
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file, i -> i
       .setSeverity("MAJOR")
       .setStatus("OPEN")
       .setType(RuleType.CODE_SMELL)
   public void display_projects_facet() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file);
     indexPermissions();
     indexIssues();
 
     ComponentDto file1 = db.components().insertComponent(newFileDto(project1));
     ComponentDto file2 = db.components().insertComponent(newFileDto(project2));
     ComponentDto file3 = db.components().insertComponent(newFileDto(project3));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project1, file1);
-    db.issues().insert(rule, project2, file2);
-    db.issues().insert(rule, project3, file3);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project1, file1);
+    db.issues().insertIssue(rule, project2, file2);
+    db.issues().insertIssue(rule, project3, file3);
     indexPermissions();
     indexIssues();
 
     ComponentDto subModule3 = db.components().insertComponent(newModuleDto(module));
     ComponentDto file1 = db.components().insertComponent(newFileDto(subModule1));
     ComponentDto file2 = db.components().insertComponent(newFileDto(subModule2));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file1);
-    db.issues().insert(rule, project, file2);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file1);
+    db.issues().insertIssue(rule, project, file2);
     indexPermissions();
     indexIssues();
 
     ComponentDto subModule3 = db.components().insertComponent(newModuleDto(module));
     ComponentDto file1 = db.components().insertComponent(newFileDto(subModule1));
     ComponentDto file2 = db.components().insertComponent(newFileDto(subModule2));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file1);
-    db.issues().insert(rule, project, file2);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file1);
+    db.issues().insertIssue(rule, project, file2);
     indexPermissions();
     indexIssues();
 
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto module = db.components().insertComponent(newModuleDto(project));
     ComponentDto file = db.components().insertComponent(newFileDto(module, null));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file);
     indexPermissions();
     indexIssues();
 
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto directory = db.components().insertComponent(newDirectory(project, "src/main/java/dir"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, directory));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file);
     indexPermissions();
     indexIssues();
 
     ComponentDto project = db.components().insertPublicProject(organization);
     ComponentDto directory = db.components().insertComponent(newDirectory(project, "src/main/java/dir"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, directory));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file);
     indexPermissions();
     indexIssues();
 
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto directory = db.components().insertComponent(newDirectory(project, "src"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, directory));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file);
     indexPermissions();
     indexIssues();
 
     ComponentDto file1 = db.components().insertComponent(newFileDto(project));
     ComponentDto file2 = db.components().insertComponent(newFileDto(project));
     ComponentDto file3 = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file1);
-    db.issues().insert(rule, project, file2);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file1);
+    db.issues().insertIssue(rule, project, file2);
     indexPermissions();
     indexIssues();
 
     ComponentDto file1 = db.components().insertComponent(newFileDto(project));
     ComponentDto file2 = db.components().insertComponent(newFileDto(project));
     ComponentDto file3 = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file1);
-    db.issues().insert(rule, project, file2);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file1);
+    db.issues().insertIssue(rule, project, file2);
     indexPermissions();
     indexIssues();
 
   public void fail_to_display_fileUuids_facet_when_no_organization_or_project_is_set() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file);
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file);
     indexPermissions();
     indexIssues();
 
         ComponentDto directory = db.components().insertComponent(newDirectory(module, "dir" + index));
         ComponentDto file = db.components().insertComponent(newFileDto(directory));
 
-        RuleDefinitionDto rule = db.rules().insert(ruleDefinitionDto -> ruleDefinitionDto.setType(RULE_TYPES_EXCEPT_HOTSPOT[random.nextInt(RULE_TYPES_EXCEPT_HOTSPOT.length)]));
-        db.issues().insert(rule, project, file, i -> i.setAssigneeUuid(user.getUuid())
+        RuleDefinitionDto rule = db.rules().insertIssueRule();
+        db.issues().insertIssue(rule, project, file, i -> i.setAssigneeUuid(user.getUuid())
           .setStatus(ISSUE_STATUSES[random.nextInt(ISSUE_STATUSES.length)])
           .setType(rule.getType()));
       });
         ComponentDto directory = db.components().insertComponent(newDirectory(module, "dir" + index));
         ComponentDto file = db.components().insertComponent(newFileDto(directory));
 
-        RuleDefinitionDto rule = db.rules().insert(ruleDefinitionDto -> ruleDefinitionDto.setType(RuleType.SECURITY_HOTSPOT));
-        db.issues().insert(rule, project, file, i -> i.setAssigneeUuid(user.getUuid())
-          .setStatus(random.nextBoolean() ? Issue.STATUS_TO_REVIEW : Issue.STATUS_REVIEWED)
-          .setType(rule.getType()));
+        db.issues().insertHotspot(project, file, i -> i.setAssigneeUuid(user.getUuid())
+          .setStatus(random.nextBoolean() ? Issue.STATUS_TO_REVIEW : Issue.STATUS_REVIEWED));
       });
 
     indexPermissions();
 
   @Test
   public void check_projects_facet_max_size() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     IntStream.rangeClosed(1, 110)
       .forEach(i -> {
         ComponentDto project = db.components().insertPublicProject();
-        db.issues().insert(rule, project, project);
+        db.issues().insertIssue(rule, project, project);
       });
     indexPermissions();
     indexIssues();
     ComponentDto project2 = db.components().insertPublicProject();
     ComponentDto file1 = db.components().insertComponent(newFileDto(module1));
     ComponentDto file2 = db.components().insertComponent(newFileDto(module1));
-    RuleDefinitionDto rule1 = db.rules().insert();
-    RuleDefinitionDto rule2 = db.rules().insert();
+    RuleDefinitionDto rule1 = db.rules().insertIssueRule();
+    RuleDefinitionDto rule2 = db.rules().insertIssueRule();
     UserDto user1 = db.users().insertUser();
     UserDto user2 = db.users().insertUser();
-    db.issues().insert(rule1, project1, file1, i -> i
+    db.issues().insertIssue(rule1, project1, file1, i -> i
       .setSeverity("MAJOR")
       .setStatus("OPEN")
       .setResolution(null)
     ComponentDto project = db.components().insertPublicProject();
     indexPermissions();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     UserDto john = db.users().insertUser();
     UserDto alice = db.users().insertUser();
-    db.issues().insert(rule, project, file, i -> i.setAssigneeUuid(john.getUuid()));
-    db.issues().insert(rule, project, file, i -> i.setAssigneeUuid(alice.getUuid()));
-    db.issues().insert(rule, project, file, i -> i.setAssigneeUuid(null));
+    db.issues().insertIssue(rule, project, file, i -> i.setAssigneeUuid(john.getUuid()));
+    db.issues().insertIssue(rule, project, file, i -> i.setAssigneeUuid(alice.getUuid()));
+    db.issues().insertIssue(rule, project, file, i -> i.setAssigneeUuid(null));
     indexIssues();
     userSession.logIn(john);
 

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/SearchActionTest.java

  */
 package org.sonar.server.issue.ws;
 
+import com.google.common.collect.Sets;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonParser;
 import java.time.Clock;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.List;
+import java.util.Random;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
+import java.util.stream.Stream;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.sonar.db.component.ComponentTesting;
 import org.sonar.db.issue.IssueChangeDto;
 import org.sonar.db.issue.IssueDto;
-import org.sonar.db.issue.IssueTesting;
 import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.permission.GroupPermissionDto;
 import org.sonar.db.protobuf.DbCommons;
 import static java.util.Arrays.asList;
 import static java.util.Collections.singletonList;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.groups.Tuple.tuple;
 import static org.junit.rules.ExpectedException.none;
 import static org.sonar.api.issue.Issue.RESOLUTION_FIXED;
 import static org.sonarqube.ws.Common.RuleType.VULNERABILITY;
 import static org.sonarqube.ws.client.component.ComponentsWsParameters.PARAM_BRANCH;
 import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_ADDITIONAL_FIELDS;
+import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_ASSIGNEES;
 import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_COMPONENT_KEYS;
 import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_CREATED_AFTER;
 import static org.sonarqube.ws.client.issue.IssuesWsParameters.PARAM_HIDE_COMMENTS;
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     UserDto simon = db.users().insertUser();
     RuleDefinitionDto rule = newRule().getDefinition();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i
       .setEffort(10L)
       .setLine(42)
       .setChecksum("a227e508d6646b55a086ee11d63b21e9")
     ComponentDto project = db.components().insertPublicProject(organization);
     indexPermissions();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert(RuleTesting.EXTERNAL_XOO, r -> r.setIsExternal(true).setLanguage("xoo"));
-    IssueDto issue = db.issues().insert(rule, project, file);
+    RuleDefinitionDto rule = db.rules().insertIssueRule(RuleTesting.EXTERNAL_XOO, r -> r.setIsExternal(true).setLanguage("xoo"));
+    IssueDto issue = db.issues().insertIssue(rule, project, file);
     indexIssues();
 
     SearchWsResponse response = ws.newRequest()
     indexPermissions();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule().getDefinition();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setAuthorLogin("John"));
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("John"));
     indexIssues();
 
     SearchWsResponse response = ws.newRequest()
           .build())
         .build())));
     RuleDefinitionDto rule = newRule().getDefinition();
-    db.issues().insert(rule, project, file, i -> i.setLocations(locations.build()));
+    db.issues().insertIssue(rule, project, file, i -> i.setLocations(locations.build()));
     indexIssues();
 
     SearchWsResponse result = ws.newRequest().executeProtobuf(SearchWsResponse.class);
     indexPermissions();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule().getDefinition();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
     dbClient.issueChangeDao().insert(session,
       new IssueChangeDto().setIssueKey(issue.getKey())
         .setKey("COMMENT-ABCD")
     indexPermissions();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule().getDefinition();
-    IssueDto issue = db.issues().insert(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
+    IssueDto issue = db.issues().insertIssue(rule, project, file, i -> i.setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"));
     dbClient.issueChangeDao().insert(session,
       new IssueChangeDto().setIssueKey(issue.getKey())
         .setKey("COMMENT-ABCD")
     indexPermissions();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule().getDefinition();
-    db.issues().insert(rule, project, file, i -> i.setAssigneeUuid(simon.getUuid()).setType(CODE_SMELL));
+    db.issues().insertIssue(rule, project, file, i -> i.setAssigneeUuid(simon.getUuid()).setType(CODE_SMELL));
     indexIssues();
     userSession.logIn("john");
 
     ComponentDto project = db.components().insertComponent(ComponentTesting.newPublicProjectDto(organization, "PROJECT_ID").setDbKey("PROJECT_KEY").setLanguage("java"));
     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY").setLanguage("java"));
 
-    IssueDto issue = IssueTesting.newIssue(rule.getDefinition(), project, file);
-    dbClient.issueDao().insert(session, issue);
+    db.issues().insertIssue(rule.getDefinition(), project, file);
     session.commit();
     indexIssues();
 
   public void search_by_author() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project, null));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project, file, i -> i.setAuthorLogin("leia"));
-    IssueDto issue2 = db.issues().insert(rule, project, file, i -> i.setAuthorLogin("luke"));
-    IssueDto issue3 = db.issues().insert(rule, project, file, i -> i.setAuthorLogin("han, solo"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("leia"));
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("luke"));
+    IssueDto issue3 = db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("han, solo"));
     indexPermissions();
     indexIssues();
 
   public void search_by_deprecated_authors_parameter() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project, null));
-    RuleDefinitionDto rule = db.rules().insert();
-    IssueDto issue1 = db.issues().insert(rule, project, file, i -> i.setAuthorLogin("leia"));
-    IssueDto issue2 = db.issues().insert(rule, project, file, i -> i.setAuthorLogin("luke"));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("leia"));
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("luke"));
     indexPermissions();
     indexIssues();
 
   public void security_hotspots_are_not_returned_by_default() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.BUG));
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.VULNERABILITY));
-    db.issues().insert(rule, project, file, i -> i.setType(CODE_SMELL));
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.SECURITY_HOTSPOT));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file, i -> i.setType(RuleType.BUG));
+    db.issues().insertIssue(rule, project, file, i -> i.setType(RuleType.VULNERABILITY));
+    db.issues().insertIssue(rule, project, file, i -> i.setType(CODE_SMELL));
+    db.issues().insertHotspot(project, file);
     indexPermissions();
     indexIssues();
 
       .containsExactlyInAnyOrder(BUG, VULNERABILITY, Common.RuleType.CODE_SMELL);
   }
 
+  @Test
+  public void security_hotspots_are_not_returned_by_issues_param() {
+    ComponentDto project = db.components().insertPublicProject();
+    ComponentDto file = db.components().insertComponent(newFileDto(project));
+    RuleDefinitionDto issueRule = db.rules().insertIssueRule();
+    IssueDto bugIssue = db.issues().insertIssue(issueRule, project, file, i -> i.setType(RuleType.BUG));
+    IssueDto vulnerabilityIssue = db.issues().insertIssue(issueRule, project, file, i -> i.setType(RuleType.VULNERABILITY));
+    IssueDto codeSmellIssue = db.issues().insertIssue(issueRule, project, file, i -> i.setType(CODE_SMELL));
+    RuleDefinitionDto hotspotRule = db.rules().insertHotspotRule();
+    IssueDto hotspot = db.issues().insertHotspot(hotspotRule, project, file);
+    indexPermissions();
+    indexIssues();
+
+    SearchWsResponse result = ws.newRequest()
+      .setParam("issues", Stream.of(bugIssue, vulnerabilityIssue, codeSmellIssue, hotspot).map(IssueDto::getKey).collect(Collectors.joining(",")))
+      .executeProtobuf(SearchWsResponse.class);
+
+    assertThat(result.getIssuesList())
+      .extracting(Issue::getType)
+      .containsExactlyInAnyOrder(BUG, VULNERABILITY, Common.RuleType.CODE_SMELL);
+  }
+
+  @Test
+  public void security_hotspots_are_not_returned_by_cwe() {
+    ComponentDto project = db.components().insertPublicProject();
+    ComponentDto file = db.components().insertComponent(newFileDto(project));
+    Consumer<RuleDefinitionDto> ruleConsumer = ruleDefinitionDto -> ruleDefinitionDto
+      .setSecurityStandards(Sets.newHashSet("cwe:20", "cwe:564", "cwe:89", "cwe:943", "owaspTop10:a1"))
+      .setSystemTags(Sets.newHashSet("bad-practice", "cwe", "owasp-a1", "sans-top25-insecure", "sql"));
+    Consumer<IssueDto> issueConsumer = issueDto -> issueDto.setTags(Sets.newHashSet("bad-practice", "cwe", "owasp-a1", "sans-top25-insecure", "sql"));
+    RuleDefinitionDto hotspotRule = db.rules().insertHotspotRule(ruleConsumer);
+    db.issues().insertHotspot(hotspotRule, project, file, issueConsumer);
+    RuleDefinitionDto issueRule = db.rules().insertIssueRule(ruleConsumer);
+    IssueDto issueDto1 = db.issues().insertIssue(issueRule, project, file, issueConsumer);
+    IssueDto issueDto2 = db.issues().insertIssue(issueRule, project, file, issueConsumer);
+    indexPermissions();
+    indexIssues();
+
+    SearchWsResponse result = ws.newRequest()
+      .setParam("cwe", "20")
+      .executeProtobuf(SearchWsResponse.class);
+
+    assertThat(result.getIssuesList())
+      .extracting(Issue::getKey)
+      .containsExactlyInAnyOrder(issueDto1.getKey(), issueDto2.getKey());
+  }
+
+  @Test
+  public void security_hotspots_are_not_returned_by_assignees() {
+    UserDto user = db.users().insertUser();
+    ComponentDto project = db.components().insertPublicProject();
+    ComponentDto file = db.components().insertComponent(newFileDto(project));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertHotspot(rule, project, file, issueDto -> issueDto.setAssigneeUuid(user.getUuid()));
+    IssueDto issueDto1 = db.issues().insertIssue(rule, project, file, issueDto -> issueDto.setAssigneeUuid(user.getUuid()));
+    IssueDto issueDto2 = db.issues().insertIssue(rule, project, file, issueDto -> issueDto.setAssigneeUuid(user.getUuid()));
+    IssueDto issueDto3 = db.issues().insertIssue(rule, project, file, issueDto -> issueDto.setAssigneeUuid(user.getUuid()));
+    IssueDto issueDto4 = db.issues().insertIssue(rule, project, file, issueDto -> issueDto.setAssigneeUuid(user.getUuid()));
+
+    indexPermissions();
+    indexIssues();
+
+    SearchWsResponse result = ws.newRequest()
+      .setParam(PARAM_ASSIGNEES, user.getLogin())
+      .executeProtobuf(SearchWsResponse.class);
+
+    assertThat(result.getIssuesList())
+      .extracting(Issue::getKey)
+      .containsExactlyInAnyOrder(issueDto1.getKey(), issueDto2.getKey(), issueDto3.getKey(), issueDto4.getKey());
+  }
+
+  @Test
+  public void security_hotspots_are_not_returned_by_rule() {
+    ComponentDto project = db.components().insertPublicProject();
+    ComponentDto file = db.components().insertComponent(newFileDto(project));
+    RuleDefinitionDto hotspotRule = db.rules().insertHotspotRule();
+    db.issues().insertHotspot(hotspotRule, project, file);
+    indexPermissions();
+    indexIssues();
+
+    SearchWsResponse result = ws.newRequest()
+      .setParam("rules", hotspotRule.getKey().toString())
+      .executeProtobuf(SearchWsResponse.class);
+
+    assertThat(result.getIssuesList()).isEmpty();
+  }
+
+  @Test
+  public void security_hotspots_are_not_returned_by_issues_param_only() {
+    ComponentDto project = db.components().insertPublicProject();
+    ComponentDto file = db.components().insertComponent(newFileDto(project));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    List<IssueDto> hotspots = IntStream.range(1, 2 + new Random().nextInt(10))
+      .mapToObj(value -> db.issues().insertHotspot(rule, project, file))
+      .collect(Collectors.toList());
+    indexPermissions();
+    indexIssues();
+
+    SearchWsResponse result = ws.newRequest()
+      .setParam("issues", hotspots.stream().map(IssueDto::getKey).collect(Collectors.joining(",")))
+      .executeProtobuf(SearchWsResponse.class);
+
+    assertThat(result.getIssuesList())
+      .isEmpty();
+  }
+
   @Test
   public void fail_if_trying_to_filter_issues_by_hotspots() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
     RuleDefinitionDto rule = newRule().getDefinition();
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.BUG));
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.VULNERABILITY));
-    db.issues().insert(rule, project, file, i -> i.setType(CODE_SMELL));
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.SECURITY_HOTSPOT));
+    db.issues().insertIssue(rule, project, file, i -> i.setType(RuleType.BUG));
+    db.issues().insertIssue(rule, project, file, i -> i.setType(RuleType.VULNERABILITY));
+    db.issues().insertIssue(rule, project, file, i -> i.setType(CODE_SMELL));
+    db.issues().insertHotspot(rule, project, file);
     indexPermissions();
     indexIssues();
 
-    expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Value of parameter 'types' (SECURITY_HOTSPOT) must be one of: [CODE_SMELL, BUG, VULNERABILITY]");
-
-    ws.newRequest()
+    assertThatThrownBy(() -> ws.newRequest()
       .setParam("types", RuleType.SECURITY_HOTSPOT.toString())
-      .execute();
+      .execute())
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessage("Value of parameter 'types' (SECURITY_HOTSPOT) must be one of: [CODE_SMELL, BUG, VULNERABILITY]");
   }
 
   @Test
   public void security_hotspot_are_ignored_when_filtering_by_severities() {
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.BUG).setSeverity(Severity.MAJOR.name()));
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.VULNERABILITY).setSeverity(Severity.MAJOR.name()));
-    db.issues().insert(rule, project, file, i -> i.setType(CODE_SMELL).setSeverity(Severity.MAJOR.name()));
-    db.issues().insert(rule, project, file, i -> i.setType(RuleType.SECURITY_HOTSPOT).setSeverity(Severity.MAJOR.name()));
+    RuleDefinitionDto issueRule = db.rules().insertIssueRule();
+    IssueDto bugIssue = db.issues().insertIssue(issueRule, project, file, i -> i.setType(RuleType.BUG).setSeverity(Severity.MAJOR.name()));
+    IssueDto vulnerabilityIssue = db.issues().insertIssue(issueRule, project, file, i -> i.setType(RuleType.VULNERABILITY).setSeverity(Severity.MAJOR.name()));
+    IssueDto codeSmellIssue = db.issues().insertIssue(issueRule, project, file, i -> i.setType(CODE_SMELL).setSeverity(Severity.MAJOR.name()));
+    RuleDefinitionDto hotspotRule = db.rules().insertHotspotRule();
+    db.issues().insertHotspot(hotspotRule, project, file, i -> i.setSeverity(Severity.MAJOR.name()));
     indexPermissions();
     indexIssues();
 
       .executeProtobuf(SearchWsResponse.class);
 
     assertThat(result.getIssuesList())
-      .extracting(Issue::getType)
-      .containsExactlyInAnyOrder(BUG, VULNERABILITY, Common.RuleType.CODE_SMELL);
+      .extracting(Issue::getKey, Issue::getType)
+      .containsExactlyInAnyOrder(
+        tuple(bugIssue.getKey(), BUG),
+        tuple(vulnerabilityIssue.getKey(), VULNERABILITY),
+        tuple(codeSmellIssue.getKey(), Common.RuleType.CODE_SMELL));
     assertThat(result.getFacets().getFacets(0).getValuesList())
       .extracting(Common.FacetValue::getVal, Common.FacetValue::getCount)
       .containsExactlyInAnyOrder(tuple("MAJOR", 3L), tuple("INFO", 0L), tuple("MINOR", 0L), tuple("CRITICAL", 0L), tuple("BLOCKER", 0L));
   public void return_total_effort() {
     UserDto john = db.users().insertUser();
     userSession.logIn(john);
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project));
-    IssueDto issue1 = db.issues().insert(rule, project, file, i -> i.setEffort(10L));
-    IssueDto issue2 = db.issues().insert(rule, project, file, i -> i.setEffort(15L));
+    IssueDto issue1 = db.issues().insertIssue(rule, project, file, i -> i.setEffort(10L));
+    IssueDto issue2 = db.issues().insertIssue(rule, project, file, i -> i.setEffort(15L));
     indexPermissions();
     indexIssues();
 

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/SetSeverityActionTest.java

 import org.sonar.db.issue.IssueDbTester;
 import org.sonar.db.issue.IssueDto;
 import org.sonar.db.rule.RuleDefinitionDto;
-import org.sonar.db.rule.RuleDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.es.EsTester;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.issue.IssueFieldsSetter;
 import org.sonar.server.issue.IssueFinder;
 
 import static java.util.Optional.ofNullable;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.sonar.api.rule.Severity.MINOR;
 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
 import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.db.component.ComponentTesting.newFileDto;
-import static org.sonar.db.issue.IssueTesting.newDto;
-import static org.sonar.db.rule.RuleTesting.newRuleDto;
 
 public class SetSeverityActionTest {
 
 
   private IssueIndexer issueIndexer = new IssueIndexer(es.client(), dbClient, new IssueIteratorFactory(dbClient));
   private TestIssueChangePostProcessor issueChangePostProcessor = new TestIssueChangePostProcessor();
-  private IssuesChangesNotificationSerializer issuesChangesSerializer =  new IssuesChangesNotificationSerializer();
+  private IssuesChangesNotificationSerializer issuesChangesSerializer = new IssuesChangesNotificationSerializer();
   private WsActionTester tester = new WsActionTester(new SetSeverityAction(userSession, dbClient, new IssueFinder(dbClient, userSession), new IssueFieldsSetter(),
     new IssueUpdater(dbClient,
-      new WebIssueStorage(system2, dbClient, new DefaultRuleFinder(dbClient, defaultOrganizationProvider), issueIndexer), mock(NotificationManager.class), issueChangePostProcessor, issuesChangesSerializer),
+      new WebIssueStorage(system2, dbClient, new DefaultRuleFinder(dbClient, defaultOrganizationProvider), issueIndexer), mock(NotificationManager.class), issueChangePostProcessor,
+      issuesChangesSerializer),
     responseWriter));
 
   @Test
   public void set_severity() {
-    IssueDto issueDto = issueDbTester.insertIssue(newIssue().setSeverity(MAJOR));
+    IssueDto issueDto = issueDbTester.insertIssue(i -> i.setSeverity(MAJOR));
     setUserWithBrowseAndAdministerIssuePermission(issueDto);
 
     call(issueDto.getKey(), MINOR);
 
   @Test
   public void insert_entry_in_changelog_when_setting_severity() {
-    IssueDto issueDto = issueDbTester.insertIssue(newIssue().setSeverity(MAJOR));
+    IssueDto issueDto = issueDbTester.insertIssue(i -> i.setSeverity(MAJOR));
     setUserWithBrowseAndAdministerIssuePermission(issueDto);
 
     call(issueDto.getKey(), MINOR);
 
   @Test
   public void fail_if_bad_severity() {
-    IssueDto issueDto = issueDbTester.insertIssue(newIssue().setSeverity("unknown"));
+    IssueDto issueDto = issueDbTester.insertIssue(i -> i.setSeverity("unknown"));
     setUserWithBrowseAndAdministerIssuePermission(issueDto);
 
     expectedException.expect(IllegalArgumentException.class);
     call(issueDto.getKey(), "unknown");
   }
 
+  @Test
+  public void fail_NFE_if_hotspot() {
+    IssueDto hotspot = issueDbTester.insertHotspot(h -> h.setSeverity("CRITICAL"));
+    setUserWithBrowseAndAdministerIssuePermission(hotspot);
+
+    assertThatThrownBy(() -> call(hotspot.getKey(), "MAJOR"))
+      .isInstanceOf(NotFoundException.class)
+      .hasMessage("Issue with key '%s' does not exist", hotspot.getKey());
+  }
+
   @Test
   public void fail_when_not_authenticated() {
     expectedException.expect(UnauthorizedException.class);
     return request.execute();
   }
 
-  private IssueDto newIssue() {
-    RuleDto rule = dbTester.rules().insertRule(newRuleDto());
-    ComponentDto project = dbTester.components().insertMainBranch();
-    ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    return newDto(rule, file, project);
-  }
-
   private void logInAndAddProjectPermission(IssueDto issueDto, String permission) {
     UserDto user = dbTester.users().insertUser("john");
     userSession.logIn(user)

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/SetTagsActionTest.java

 import com.google.common.base.Joiner;
 import java.util.Arrays;
 import java.util.List;
+import java.util.function.Consumer;
 import javax.annotation.Nullable;
 import org.junit.Rule;
 import org.junit.Test;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.issue.IssueDto;
-import org.sonar.db.issue.IssueTesting;
 import org.sonar.db.rule.RuleDefinitionDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.es.EsTester;
 
   @Test
   public void set_tags() {
-    IssueDto issueDto = db.issues().insert(newIssue().setTags(singletonList("old-tag")));
+    IssueDto issueDto = insertIssueForPublicProject(i -> i.setTags(singletonList("old-tag")));
     logIn(issueDto);
 
     call(issueDto.getKey(), "bug", "todo");
 
   @Test
   public void remove_existing_tags_when_value_is_not_set() {
-    IssueDto issueDto = db.issues().insert(newIssue().setTags(singletonList("old-tag")));
+    IssueDto issueDto = insertIssueForPublicProject(i -> i.setTags(singletonList("old-tag")));
     logIn(issueDto);
 
     call(issueDto.getKey());
 
   @Test
   public void remove_existing_tags_when_value_is_empty_string() {
-    IssueDto issueDto = db.issues().insert(newIssue().setTags(singletonList("old-tag")));
+    IssueDto issueDto = insertIssueForPublicProject(i -> i.setTags(singletonList("old-tag")));
     logIn(issueDto);
 
     call(issueDto.getKey(), "");
 
   @Test
   public void set_tags_using_deprecated_key_param() {
-    IssueDto issueDto = db.issues().insert(newIssue().setTags(singletonList("old-tag")));
+    IssueDto issueDto = insertIssueForPublicProject(i -> i.setTags(singletonList("old-tag")));
     logIn(issueDto);
 
     ws.newRequest().setParam("key", issueDto.getKey()).setParam("tags", "bug").execute();
 
   @Test
   public void tags_are_stored_as_lowercase() {
-    IssueDto issueDto = db.issues().insert(newIssue().setTags(singletonList("old-tag")));
+    IssueDto issueDto = insertIssueForPublicProject(i -> i.setTags(singletonList("old-tag")));
     logIn(issueDto);
 
     call(issueDto.getKey(), "bug", "Convention");
 
   @Test
   public void empty_tags_are_ignored() {
-    IssueDto issueDto = db.issues().insert(newIssue().setTags(singletonList("old-tag")));
+    IssueDto issueDto = insertIssueForPublicProject(i -> i.setTags(singletonList("old-tag")));
     logIn(issueDto);
 
     call(issueDto.getKey(), "security", "", "convention");
 
   @Test
   public void insert_entry_in_changelog_when_setting_tags() {
-    IssueDto issueDto = db.issues().insert(newIssue().setTags(singletonList("old-tag")));
+    IssueDto issueDto = insertIssueForPublicProject(i -> i.setTags(singletonList("old-tag")));
     logIn(issueDto);
 
     call(issueDto.getKey(), "new-tag");
 
   @Test
   public void fail_when_tag_use_bad_format() {
-    IssueDto issueDto = db.issues().insert(newIssue().setTags(singletonList("old-tag")));
+    IssueDto issueDto = insertIssueForPublicProject(i -> i.setTags(singletonList("old-tag")));
     logIn(issueDto);
 
     expectedException.expect(IllegalArgumentException.class);
     assertThat(pageSize.exampleValue()).isNotEmpty();
   }
 
+  @SafeVarargs
+  private final IssueDto insertIssueForPublicProject(Consumer<IssueDto>... consumers) {
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    ComponentDto project = db.components().insertMainBranch(newPublicProjectDto(db.getDefaultOrganization()));
+    ComponentDto file = db.components().insertComponent(newFileDto(project));
+    return db.issues().insertIssue(rule, project, file, consumers);
+  }
+
   private TestResponse call(@Nullable String issueKey, String... tags) {
     TestRequest request = ws.newRequest();
     ofNullable(issueKey).ifPresent(issue -> request.setParam("issue", issue));
     return request.execute();
   }
 
-  private IssueDto newIssue() {
-    RuleDefinitionDto rule = db.rules().insert();
-    ComponentDto project = db.components().insertMainBranch(newPublicProjectDto(db.getDefaultOrganization()));
-    ComponentDto file = db.components().insertComponent(newFileDto(project));
-    return IssueTesting.newIssue(rule, project, file);
-  }
-
   private void logIn(IssueDto issueDto) {
     UserDto user = db.users().insertUser("john");
     userSession.logIn(user)

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/SetTypeActionTest.java

 import org.sonar.db.issue.IssueDbTester;
 import org.sonar.db.issue.IssueDto;
 import org.sonar.db.rule.RuleDefinitionDto;
-import org.sonar.db.rule.RuleDto;
 import org.sonar.server.es.EsTester;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 
 import static java.util.Optional.ofNullable;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
 import static org.sonar.api.web.UserRole.USER;
 import static org.sonar.db.component.ComponentTesting.newFileDto;
-import static org.sonar.db.issue.IssueTesting.newDto;
-import static org.sonar.db.rule.RuleTesting.newRuleDto;
 
 @RunWith(DataProviderRunner.class)
 public class SetTypeActionTest {
   public void set_type(RuleType from, RuleType to) {
     long now = 1_999_777_234L;
     when(system2.now()).thenReturn(now);
-    IssueDto issueDto = issueDbTester.insertIssue(newIssue().setType(from));
+    IssueDto issueDto = newIssueWithProject(from);
     setUserWithBrowseAndAdministerIssuePermission(issueDto);
 
     call(issueDto.getKey(), to.name());
 
   @Test
   public void insert_entry_in_changelog_when_setting_type() {
-    IssueDto issueDto = issueDbTester.insertIssue(newIssue().setType(CODE_SMELL));
+    IssueDto issueDto = newIssueWithProject(CODE_SMELL);
     setUserWithBrowseAndAdministerIssuePermission(issueDto);
 
     call(issueDto.getKey(), BUG.name());
 
   @Test
   public void fail_if_bad_type_value() {
-    IssueDto issueDto = issueDbTester.insertIssue(newIssue().setType(CODE_SMELL));
+    IssueDto issueDto = newIssueWithProject(CODE_SMELL);
     setUserWithBrowseAndAdministerIssuePermission(issueDto);
 
-    expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Value of parameter 'type' (unknown) must be one of: [CODE_SMELL, BUG, VULNERABILITY, SECURITY_HOTSPOT]");
-    call(issueDto.getKey(), "unknown");
+    assertThatThrownBy(() -> call(issueDto.getKey(), "unknown"))
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessage("Value of parameter 'type' (unknown) must be one of: [CODE_SMELL, BUG, VULNERABILITY]");
+  }
+
+  @Test
+  public void fail_if_SECURITY_HOTSPOT_value() {
+    IssueDto issueDto = newIssueWithProject(CODE_SMELL);
+    setUserWithBrowseAndAdministerIssuePermission(issueDto);
+
+    assertThatThrownBy(() -> call(issueDto.getKey(), "SECURITY_HOTSPOT"))
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessage("Value of parameter 'type' (SECURITY_HOTSPOT) must be one of: [CODE_SMELL, BUG, VULNERABILITY]");
   }
 
   @Test
   public void fail_NFE_if_trying_to_change_type_of_a_hotspot(RuleType type) {
     long now = 1_999_777_234L;
     when(system2.now()).thenReturn(now);
-    IssueDto issueDto = issueDbTester.insertHotspot();
-    setUserWithBrowseAndAdministerIssuePermission(issueDto);
+    IssueDto hotspot = issueDbTester.insertHotspot();
+    setUserWithBrowseAndAdministerIssuePermission(hotspot);
 
-    expectedException.expect(NotFoundException.class);
-    expectedException.expectMessage(String.format("Issue with key '%s' does not exist", issueDto.getKey()));
-    call(issueDto.getKey(), type.name());
+    assertThatThrownBy(() -> call(hotspot.getKey(), type.name()))
+      .isInstanceOf(NotFoundException.class)
+      .hasMessage("Issue with key '%s' does not exist", hotspot.getKey());
   }
 
   @Test
     return request.execute();
   }
 
-  private IssueDto newIssue() {
-    RuleDto rule = dbTester.rules().insertRule(newRuleDto());
+  private IssueDto newIssueWithProject(RuleType type) {
+    RuleDefinitionDto rule = dbTester.rules().insert();
     ComponentDto project = dbTester.components().insertMainBranch();
     ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
-    return newDto(rule, file, project);
+    return issueDbTester.insert(rule, project, file, i -> i.setType(type));
   }
 
   private void setUserWithBrowseAndAdministerIssuePermission(IssueDto issueDto) {

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/TagsActionTest.java

 
   @Test
   public void search_tags() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
-    db.issues().insert(rule, project, project, issue -> issue.setTags(asList("tag1", "tag2")));
-    db.issues().insert(rule, project, project, issue -> issue.setTags(asList("tag3", "tag4", "tag5")));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(asList("tag1", "tag2")));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(asList("tag3", "tag4", "tag5")));
     issueIndexer.indexOnStartup(emptySet());
     permissionIndexer.allowOnlyAnyone(project);
 
 
   @Test
   public void search_tags_by_query() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
-    db.issues().insert(rule, project, project, issue -> issue.setTags(asList("tag1", "tag2")));
-    db.issues().insert(rule, project, project, issue -> issue.setTags(asList("tag12", "tag4", "tag5")));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(asList("tag1", "tag2")));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(asList("tag12", "tag4", "tag5")));
     issueIndexer.indexOnStartup(emptySet());
     permissionIndexer.allowOnlyAnyone(project);
 
 
   @Test
   public void search_tags_by_organization() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     // Tags on issues of organization 1
     OrganizationDto organization1 = db.organizations().insert();
     ComponentDto project1 = db.components().insertPrivateProject(organization1);
-    db.issues().insert(rule, project1, project1, issue -> issue.setTags(asList("tag1", "tag2")));
+    db.issues().insertIssue(rule, project1, project1, issue -> issue.setTags(asList("tag1", "tag2")));
     // Tags on issues of organization 2
     OrganizationDto organization2 = db.organizations().insert();
     ComponentDto project2 = db.components().insertPrivateProject(organization2);
-    db.issues().insert(rule, project2, project2, issue -> issue.setTags(singletonList("tag3")));
+    db.issues().insertIssue(rule, project2, project2, issue -> issue.setTags(singletonList("tag3")));
     issueIndexer.indexOnStartup(emptySet());
     permissionIndexer.allowOnlyAnyone(project1, project2);
 
 
   @Test
   public void search_tags_by_project() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     OrganizationDto organization = db.organizations().insert();
     ComponentDto project1 = db.components().insertPrivateProject(organization);
     ComponentDto project2 = db.components().insertPrivateProject(organization);
-    db.issues().insert(rule, project1, project1, issue -> issue.setTags(singletonList("tag1")));
-    db.issues().insert(rule, project2, project2, issue -> issue.setTags(singletonList("tag2")));
+    db.issues().insertIssue(rule, project1, project1, issue -> issue.setTags(singletonList("tag1")));
+    db.issues().insertIssue(rule, project2, project2, issue -> issue.setTags(singletonList("tag2")));
     issueIndexer.indexOnStartup(emptySet());
     permissionIndexer.allowOnlyAnyone(project1, project2);
 
     ComponentDto project = db.components().insertPrivateProject(organization);
     db.components().insertComponent(newProjectCopy(project, portfolio));
     permissionIndexer.allowOnlyAnyone(project);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project, issue -> issue.setTags(singletonList("cwe")));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(singletonList("cwe")));
     issueIndexer.indexOnStartup(emptySet());
     viewIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(organization);
     ComponentDto project = db.components().insertPrivateProject(organization);
     db.components().insertComponent(newProjectCopy(project, application));
     permissionIndexer.allowOnlyAnyone(project);
-    RuleDefinitionDto rule = db.rules().insert();
-    db.issues().insert(rule, project, project, issue -> issue.setTags(singletonList("cwe")));
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(singletonList("cwe")));
     issueIndexer.indexOnStartup(emptySet());
     viewIndexer.indexOnStartup(emptySet());
     userSession.logIn().addMembership(organization);
 
   @Test
   public void return_limited_size() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
-    db.issues().insert(rule, project, project, issue -> issue.setTags(asList("tag1", "tag2")));
-    db.issues().insert(rule, project, project, issue -> issue.setTags(asList("tag3", "tag4", "tag5")));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(asList("tag1", "tag2")));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(asList("tag3", "tag4", "tag5")));
     issueIndexer.indexOnStartup(emptySet());
     permissionIndexer.allowOnlyAnyone(project);
 
 
   @Test
   public void do_not_return_issues_without_permission() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project1 = db.components().insertPrivateProject();
     ComponentDto project2 = db.components().insertPrivateProject();
-    db.issues().insert(rule, project1, project1, issue -> issue.setTags(asList("tag1", "tag2")));
-    db.issues().insert(rule, project2, project2, issue -> issue.setTags(asList("tag3", "tag4", "tag5")));
+    db.issues().insertIssue(rule, project1, project1, issue -> issue.setTags(asList("tag1", "tag2")));
+    db.issues().insertIssue(rule, project2, project2, issue -> issue.setTags(asList("tag3", "tag4", "tag5")));
     issueIndexer.indexOnStartup(emptySet());
     // Project 2 is not visible to current user
     permissionIndexer.allowOnlyAnyone(project1);
 
   @Test
   public void without_organization_parameter_is_cross_organization() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     // Tags on issues of organization 1
     OrganizationDto organization1 = db.organizations().insert();
     ComponentDto project1 = db.components().insertPrivateProject(organization1);
-    db.issues().insert(rule, project1, project1, issue -> issue.setTags(asList("tag1", "tag2")));
+    db.issues().insertIssue(rule, project1, project1, issue -> issue.setTags(asList("tag1", "tag2")));
     // Tags on issues of organization 2
     OrganizationDto organization2 = db.organizations().insert();
     ComponentDto project2 = db.components().insertPrivateProject(organization2);
-    db.issues().insert(rule, project2, project2, issue -> issue.setTags(singletonList("tag3")));
+    db.issues().insertIssue(rule, project2, project2, issue -> issue.setTags(singletonList("tag3")));
     issueIndexer.indexOnStartup(emptySet());
     permissionIndexer.allowOnlyAnyone(project1, project2);
 
 
   @Test
   public void json_example() {
-    RuleDefinitionDto rule = db.rules().insert();
+    RuleDefinitionDto rule = db.rules().insertIssueRule();
     ComponentDto project = db.components().insertPrivateProject();
-    db.issues().insert(rule, project, project, issue -> issue.setTags(asList("convention", "security")));
-    db.issues().insert(rule, project, project, issue -> issue.setTags(singletonList("cwe")));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(asList("convention", "security")));
+    db.issues().insertIssue(rule, project, project, issue -> issue.setTags(singletonList("cwe")));
     issueIndexer.indexOnStartup(emptySet());
     permissionIndexer.allowOnlyAnyone(project);