SONAR-12026 Add transition "Open as Vulnerability"

4 files changed, 109 insertions, 5 deletions

diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java
index 631e6cb3480..4304fb721c8 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java
@@ -169,6 +169,32 @@ public class IssueWorkflow implements Startable {
         .functions(new SetResolution(RESOLUTION_FIXED))
         .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
         .build())
+      .transition(Transition.builder(DefaultTransitions.RESOLVE_AS_REVIEWED)
+        .from(STATUS_OPEN).to(STATUS_REVIEWED)
+        .conditions(new HasType(RuleType.VULNERABILITY), IsManualVulnerability.INSTANCE)
+        .functions(new SetType(RuleType.SECURITY_HOTSPOT), new SetResolution(RESOLUTION_FIXED))
+        .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
+        .build())
+
+      .transition(Transition.builder(DefaultTransitions.OPEN_AS_VULNERABILITY)
+        .from(STATUS_REVIEWED).to(STATUS_OPEN)
+        .conditions(new HasType(RuleType.SECURITY_HOTSPOT))
+        .functions(new SetResolution(null))
+        .functions(new SetType(RuleType.VULNERABILITY))
+        .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
+        .build())
+      .transition(Transition.builder(DefaultTransitions.OPEN_AS_VULNERABILITY)
+        .from(STATUS_IN_REVIEW).to(STATUS_OPEN)
+        .conditions(new HasType(RuleType.SECURITY_HOTSPOT))
+        .functions(new SetType(RuleType.VULNERABILITY))
+        .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
+        .build())
+      .transition(Transition.builder(DefaultTransitions.OPEN_AS_VULNERABILITY)
+        .from(STATUS_TO_REVIEW).to(STATUS_OPEN)
+        .conditions(new HasType(RuleType.SECURITY_HOTSPOT))
+        .functions(new SetType(RuleType.VULNERABILITY))
+        .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
+        .build())
 
       // all transitions below have to be removed by the end of the MMF-1635
       .transition(Transition.builder(DefaultTransitions.DETECT)
diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java
index 519873b3324..6e37f7bca71 100644
--- a/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java
+++ b/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java
@@ -48,6 +48,7 @@ import static org.sonar.api.issue.Issue.RESOLUTION_REMOVED;
 import static org.sonar.api.issue.Issue.RESOLUTION_WONT_FIX;
 import static org.sonar.api.issue.Issue.STATUS_CLOSED;
 import static org.sonar.api.issue.Issue.STATUS_IN_REVIEW;
+import static org.sonar.api.issue.Issue.STATUS_OPEN;
 import static org.sonar.api.issue.Issue.STATUS_RESOLVED;
 import static org.sonar.api.issue.Issue.STATUS_REVIEWED;
 import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW;
@@ -71,7 +72,7 @@ public class IssueWorkflowForSecurityHotspotsTest {
 
     List<Transition> transitions = underTest.outTransitions(issue);
 
-    assertThat(keys(transitions)).containsOnly("setinreview", "detect", "clear", "resolveasreviewed");
+    assertThat(keys(transitions)).containsOnly("setinreview", "detect", "clear", "resolveasreviewed", "openasvulnerability");
   }
 
   @Test
@@ -81,7 +82,27 @@ public class IssueWorkflowForSecurityHotspotsTest {
 
     List<Transition> transitions = underTest.outTransitions(issue);
 
-    assertThat(keys(transitions)).containsOnly("resolveasreviewed");
+    assertThat(keys(transitions)).containsOnly("resolveasreviewed", "openasvulnerability");
+  }
+
+  @Test
+  public void list_out_transitions_in_status_reviwed() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue().setType(RuleType.SECURITY_HOTSPOT).setStatus(STATUS_REVIEWED);
+
+    List<Transition> transitions = underTest.outTransitions(issue);
+
+    assertThat(keys(transitions)).containsOnly("openasvulnerability");
+  }
+
+  @Test
+  public void list_out_transitions_in_status_open() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue().setType(RuleType.VULNERABILITY).setStatus(STATUS_OPEN).setResolution(RESOLUTION_FIXED).setIsFromHotspot(true);
+
+    List<Transition> transitions = underTest.outTransitions(issue);
+
+    assertThat(keys(transitions)).containsOnly("resolveasreviewed", "dismiss"); // dismiss to be remove by the end of the MMF-1635
   }
 
   @Test
@@ -120,14 +141,65 @@ public class IssueWorkflowForSecurityHotspotsTest {
     DefaultIssue issue = new DefaultIssue()
       .setType(RuleType.SECURITY_HOTSPOT)
       .setIsFromHotspot(true)
-      .setStatus(STATUS_IN_REVIEW);
+      .setStatus(STATUS_IN_REVIEW)
+      .setResolution(null);
 
     boolean result = underTest.doManualTransition(issue, DefaultTransitions.RESOLVE_AS_REVIEWED, IssueChangeContext.createUser(new Date(), "USER1"));
 
     assertThat(result).isTrue();
     assertThat(issue.getStatus()).isEqualTo(STATUS_REVIEWED);
     assertThat(issue.resolution()).isEqualTo(RESOLUTION_FIXED);
+  }
+
+  @Test
+  public void open_as_vulnerability_from_in_review() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue()
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setIsFromHotspot(true)
+      .setStatus(STATUS_IN_REVIEW)
+      .setResolution(null);
+
+    boolean result = underTest.doManualTransition(issue, DefaultTransitions.OPEN_AS_VULNERABILITY, IssueChangeContext.createUser(new Date(), "USER1"));
+
+    assertThat(result).isTrue();
+    assertThat(issue.type()).isEqualTo(RuleType.VULNERABILITY);
+    assertThat(issue.getStatus()).isEqualTo(Issue.STATUS_OPEN);
+    assertThat(issue.resolution()).isNull();
+  }
 
+  @Test
+  public void open_as_vulnerability_from_to_review() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue()
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setIsFromHotspot(true)
+      .setStatus(STATUS_TO_REVIEW)
+      .setResolution(null);
+
+    boolean result = underTest.doManualTransition(issue, DefaultTransitions.OPEN_AS_VULNERABILITY, IssueChangeContext.createUser(new Date(), "USER1"));
+
+    assertThat(result).isTrue();
+    assertThat(issue.type()).isEqualTo(RuleType.VULNERABILITY);
+    assertThat(issue.getStatus()).isEqualTo(Issue.STATUS_OPEN);
+    assertThat(issue.resolution()).isNull();
+  }
+
+  @Test
+  public void open_as_vulnerability_from_reviewed() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue()
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setIsFromHotspot(true)
+      .setResolution(RESOLUTION_FIXED)
+      .setStatus(STATUS_REVIEWED);
+
+    boolean result = underTest.doManualTransition(issue, DefaultTransitions.OPEN_AS_VULNERABILITY, IssueChangeContext.createUser(new Date(), "USER1"));
+
+    assertThat(result).isTrue();
+    assertThat(issue.type()).isEqualTo(RuleType.VULNERABILITY);
+    assertThat(issue.getStatus()).isEqualTo(Issue.STATUS_OPEN);
+    assertThat(issue.resolution()).isNull();
   }
 
   @Test
diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java
index e11c4dfdedb..463f1cd52f4 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java
@@ -39,6 +39,7 @@ import org.sonar.server.issue.TransitionService;
 import org.sonar.server.user.UserSession;
 
 import static java.lang.String.format;
+import static org.sonar.api.issue.DefaultTransitions.OPEN_AS_VULNERABILITY;
 import static org.sonar.api.issue.DefaultTransitions.RESOLVE_AS_REVIEWED;
 import static org.sonar.api.issue.DefaultTransitions.SET_AS_IN_REVIEW;
 import static org.sonarqube.ws.client.issue.IssuesWsParameters.ACTION_DO_TRANSITION;
@@ -74,7 +75,7 @@ public class DoTransitionAction implements IssuesWsAction {
         "The transitions involving security hotspots require the permission 'Administer Security Hotspot'.")
       .setSince("3.6")
       .setChangelog(
-        new Change("7.8", format("added transitions '%s' and %s for security hotspots ", SET_AS_IN_REVIEW, RESOLVE_AS_REVIEWED)),
+        new Change("7.8", format("added '%s', %s and %s transitions for security hotspots ", SET_AS_IN_REVIEW, RESOLVE_AS_REVIEWED, OPEN_AS_VULNERABILITY)),
         new Change("7.3", "added transitions for security hotspots"),
         new Change("6.5", "the database ids of the components are removed from the response"),
         new Change("6.5", "the response field components.uuid is deprecated. Use components.key instead."))
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/issue/DefaultTransitions.java b/sonar-plugin-api/src/main/java/org/sonar/api/issue/DefaultTransitions.java
index b6869181373..b000f18aa21 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/issue/DefaultTransitions.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/issue/DefaultTransitions.java
@@ -62,8 +62,13 @@ public interface DefaultTransitions {
   String RESOLVE_AS_REVIEWED = "resolveasreviewed";
 
   /**
+   * @since 7.8
+   */
+  String OPEN_AS_VULNERABILITY = "openasvulnerability";
+
+  /**
    * @since 4.4
    */
   List<String> ALL = unmodifiableList(asList(CONFIRM, UNCONFIRM, REOPEN, RESOLVE, FALSE_POSITIVE, WONT_FIX, CLOSE,
-    DETECT, DISMISS, REJECT, SET_AS_IN_REVIEW, ACCEPT, CLEAR, REOPEN_HOTSPOT, RESOLVE_AS_REVIEWED));
+    DETECT, DISMISS, REJECT, SET_AS_IN_REVIEW, ACCEPT, CLEAR, REOPEN_HOTSPOT, RESOLVE_AS_REVIEWED, OPEN_AS_VULNERABILITY));
 }