SONAR-10992 Set default value for types of issues/search: bug, vulnerability, code smell

server/sonar-db-dao/src/main/java/org/sonar/db/issue/IssueTesting.java

     return new IssueDto()
       .setKee("uuid_" + randomAlphabetic(5))
       .setRule(rule)
-      .setType(RuleType.values()[nextInt(RuleType.values().length)])
+      // exclude security hotspots
+      .setType(RuleType.values()[nextInt(RuleType.values().length - 1)])
       .setProject(project)
       .setComponent(file)
       .setStatus(Issue.STATUS_OPEN)

server/sonar-db-dao/src/test/java/org/sonar/db/rule/RuleTesting.java

       .setName("name_" + randomAlphanumeric(5))
       .setDescription("description_" + randomAlphanumeric(5))
       .setDescriptionFormat(Format.HTML)
-      .setType(RuleType.values()[nextInt(RuleType.values().length)])
+      // exclude security hotspots
+      .setType(RuleType.values()[nextInt(RuleType.values().length - 1)])
       .setStatus(RuleStatus.READY)
       .setConfigKey("configKey_" + randomAlphanumeric(5))
       .setSeverity(Severity.ALL.get(nextInt(Severity.ALL.size())))

server/sonar-server/src/main/java/org/sonar/server/issue/ws/SearchAction.java

 import org.sonar.api.issue.Issue;
 import org.sonar.api.rule.RuleKey;
 import org.sonar.api.rule.Severity;
+import org.sonar.api.rules.Rule;
 import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
       .setDescription("Comma-separated list of types.")
       .setSince("5.5")
       .setPossibleValues((Object[]) RuleType.values())
+      .setDefaultValue(format("%s,%s,%s", RuleType.BUG, RuleType.VULNERABILITY, RuleType.CODE_SMELL))
       .setExampleValue(format("%s,%s", RuleType.CODE_SMELL, RuleType.BUG));
     action.createParam(PARAM_OWASP_TOP_10)
       .setDescription("Comma-separated list of OWASP Top 10 lowercase categories. Use '" + UNKNOWN_STANDARD + "' to select issues not associated to any OWASP Top 10 category.")

server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionTest.java

 import org.junit.rules.ExpectedException;
 import org.sonar.api.resources.Languages;
 import org.sonar.api.rule.RuleStatus;
+import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.DateUtils;
 import org.sonar.api.utils.Durations;
 import org.sonar.db.permission.GroupPermissionDto;
 import org.sonar.db.protobuf.DbCommons;
 import org.sonar.db.protobuf.DbIssues;
+import org.sonar.db.rule.RuleDefinitionDto;
 import org.sonar.db.rule.RuleDto;
 import org.sonar.db.rule.RuleTesting;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 import org.sonar.server.ws.WsResponseCommonFormat;
+import org.sonarqube.ws.Common;
 import org.sonarqube.ws.Issues;
 
 import static java.util.Arrays.asList;
     result.assertJson(this.getClass(), "empty_result.json");
   }
 
+  @Test
+  public void security_hotspot_type_excluded_by_default() {
+    ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setDbKey("PROJECT_KEY"));
+    ComponentDto file = insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY"));
+
+    RuleDefinitionDto rule = newRule().getDefinition();
+    db.issues().insert(rule, project, file, i -> i.setType(RuleType.BUG));
+    db.issues().insert(rule, project, file, i -> i.setType(RuleType.VULNERABILITY));
+    db.issues().insert(rule, project, file, i -> i.setType(RuleType.CODE_SMELL));
+    db.issues().insert(rule, project, file, i -> i.setType(RuleType.SECURITY_HOTSPOT));
+
+    indexPermissions();
+    indexIssues();
+
+    Issues.SearchWsResponse result = ws.newRequest().executeProtobuf(Issues.SearchWsResponse.class);
+
+    assertThat(result.getIssuesCount()).isEqualTo(3);
+    assertThat(result.getIssuesList())
+      .extracting(Issues.Issue::getType)
+      .containsExactlyInAnyOrder(Common.RuleType.BUG, Common.RuleType.VULNERABILITY, Common.RuleType.CODE_SMELL);
+  }
+
+  @Test
+  public void security_hotspot_type_included_when_explicitly_selected() {
+    ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setDbKey("PROJECT_KEY"));
+    ComponentDto file = insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY"));
+
+    RuleDefinitionDto rule = newRule().getDefinition();
+    db.issues().insert(rule, project, file, i -> i.setType(RuleType.BUG));
+    db.issues().insert(rule, project, file, i -> i.setType(RuleType.VULNERABILITY));
+    db.issues().insert(rule, project, file, i -> i.setType(RuleType.CODE_SMELL));
+    db.issues().insert(rule, project, file, i -> i.setType(RuleType.SECURITY_HOTSPOT));
+
+    indexPermissions();
+    indexIssues();
+
+    Issues.SearchWsResponse result = ws.newRequest()
+      .setParam("types", RuleType.SECURITY_HOTSPOT.toString())
+      .executeProtobuf(Issues.SearchWsResponse.class);
+
+    assertThat(result.getIssuesCount()).isEqualTo(1);
+    assertThat(result.getIssuesList())
+      .extracting(Issues.Issue::getType)
+      .containsExactly(Common.RuleType.SECURITY_HOTSPOT);
+
+    Issues.SearchWsResponse result2 = ws.newRequest()
+      .setParam("types", String.format("%s,%s", RuleType.BUG, RuleType.SECURITY_HOTSPOT))
+      .executeProtobuf(Issues.SearchWsResponse.class);
+
+    assertThat(result2.getIssuesCount()).isEqualTo(2);
+    assertThat(result2.getIssuesList())
+      .extracting(Issues.Issue::getType)
+      .containsExactlyInAnyOrder(Common.RuleType.BUG, Common.RuleType.SECURITY_HOTSPOT);
+  }
+
   @Test
   public void response_contains_all_fields_except_additional_fields() {
     UserDto simon = db.users().insertUser(u -> u.setLogin("simon").setName("Simon").setEmail("simon@email.com"));
-    UserDto fabrice = db.users().insertUser(u -> u.setLogin("fabrice").setName("Fabrice").setEmail("fabrice@email.com"));
 
     ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setDbKey("PROJECT_KEY"));
     indexPermissions();
       .setTags(asList("bug", "owasp"))
       .setIssueCreationDate(DateUtils.parseDateTime("2014-09-04T00:00:00+0100"))
       .setIssueUpdateDate(DateUtils.parseDateTime("2017-12-04T00:00:00+0100"));
-    dbClient.issueDao().insert(session, issue);
-    session.commit();
-    issueIndexer.indexOnStartup(issueIndexer.getIndexTypes());
+    db.issues().insertIssue(issue);
+    indexIssues();
 
     ws.newRequest().execute().assertJson(this.getClass(), "response_contains_all_fields_except_additional_fields.json");
   }
   public void display_zero_valued_facets_for_selected_items() {
     UserDto john = db.users().insertUser(u -> u.setLogin("john").setName("John").setEmail("john@email.com"));
 
-
     ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setDbKey("PROJECT_KEY"));
     indexPermissions();
     ComponentDto file = insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY"));
     UserDto john = db.users().insertUser(u -> u.setLogin("john").setName("John").setEmail("john@email.com"));
     UserDto alice = db.users().insertUser(u -> u.setLogin("alice").setName("Alice").setEmail("alice@email.com"));
 
-
     ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "PROJECT_ID").setDbKey("PROJECT_KEY"));
     indexPermissions();
     ComponentDto file = insertComponent(newFileDto(project, null, "FILE_ID").setDbKey("FILE_KEY"));
 
     // TODO : check test title w julien
 
-
     UserDto alice = db.users().insertUser(u -> u.setLogin("alice").setName("Alice").setEmail("alice@email.com"));
     UserDto john = db.users().insertUser(u -> u.setLogin("john").setName("John").setEmail("john@email.com"));