SONAR-10980 apply feedback (#502)

6 files changed, 45 insertions, 19 deletions

diff --git a/server/sonar-web/src/main/js/apps/issues/sidebar/StandardFacet.tsx b/server/sonar-web/src/main/js/apps/issues/sidebar/StandardFacet.tsx
index f305748e479..febd7e1cbdd 100644
--- a/server/sonar-web/src/main/js/apps/issues/sidebar/StandardFacet.tsx
+++ b/server/sonar-web/src/main/js/apps/issues/sidebar/StandardFacet.tsx
@@ -60,7 +60,14 @@ export default class StandardFacet extends React.PureComponent<Props, State> {
 
   componentDidMount() {
     this.mounted = true;
-    if (this.props.open) {
+
+    // load standards.json only if the facet is open, or there is a selected value
+    if (
+      this.props.open ||
+      this.props.owaspTop10.length > 0 ||
+      this.props.cwe.length > 0 ||
+      this.props.sansTop25.length > 0
+    ) {
       this.loadStandards();
     }
   }
@@ -90,8 +97,12 @@ export default class StandardFacet extends React.PureComponent<Props, State> {
 
   getValues = () => {
     return [
-      ...this.props.owaspTop10.map(item => renderOwaspTop10Category(this.state.standards, item)),
-      ...this.props.sansTop25.map(item => renderSansTop25Category(this.state.standards, item)),
+      ...this.props.owaspTop10.map(item =>
+        renderOwaspTop10Category(this.state.standards, item, true)
+      ),
+      ...this.props.sansTop25.map(item =>
+        renderSansTop25Category(this.state.standards, item, true)
+      ),
       ...this.props.cwe.map(item => renderCWECategory(this.state.standards, item))
     ];
   };
diff --git a/server/sonar-web/src/main/js/apps/issues/sidebar/__tests__/StandardFacet-test.tsx b/server/sonar-web/src/main/js/apps/issues/sidebar/__tests__/StandardFacet-test.tsx
index 6e90bf2c6a8..f36d3c29176 100644
--- a/server/sonar-web/src/main/js/apps/issues/sidebar/__tests__/StandardFacet-test.tsx
+++ b/server/sonar-web/src/main/js/apps/issues/sidebar/__tests__/StandardFacet-test.tsx
@@ -114,11 +114,11 @@ it('should display correct selection', () => {
     cwe: ['42', '1111', 'unknown']
   });
   checkValues('standards', [
-    'A1 - a1 title',
-    'A3',
+    'OWASP A1 - a1 title',
+    'OWASP A3',
     'Not OWAPS',
-    'Risky Resource Management',
-    'foo',
+    'SANS Risky Resource Management',
+    'SANS foo',
     'CWE-42 - cwe-42 title',
     'CWE-1111',
     'Unknown CWE'
diff --git a/server/sonar-web/src/main/js/apps/issues/sidebar/__tests__/__snapshots__/StandardFacet-test.tsx.snap b/server/sonar-web/src/main/js/apps/issues/sidebar/__tests__/__snapshots__/StandardFacet-test.tsx.snap
index 56d67a59bfe..1982863f389 100644
--- a/server/sonar-web/src/main/js/apps/issues/sidebar/__tests__/__snapshots__/StandardFacet-test.tsx.snap
+++ b/server/sonar-web/src/main/js/apps/issues/sidebar/__tests__/__snapshots__/StandardFacet-test.tsx.snap
@@ -44,8 +44,8 @@ exports[`should render sub-facets 1`] = `
     open={true}
     values={
       Array [
-        "A3",
-        "Risky Resource Management",
+        "OWASP A3",
+        "SANS Risky Resource Management",
         "CWE-42 - cwe-42 title",
       ]
     }
diff --git a/server/sonar-web/src/main/js/apps/securityReports/utils.ts b/server/sonar-web/src/main/js/apps/securityReports/utils.ts
index 02de49d1c29..d7e82afcfa2 100755
--- a/server/sonar-web/src/main/js/apps/securityReports/utils.ts
+++ b/server/sonar-web/src/main/js/apps/securityReports/utils.ts
@@ -23,14 +23,18 @@ export interface Standards {
   cwe: { [x: string]: { title: string; description?: string } };
 }
 
-export function renderOwaspTop10Category(standards: Standards, category: string): string {
+export function renderOwaspTop10Category(
+  standards: Standards,
+  category: string,
+  withPrefix = false
+): string {
   const record = standards.owaspTop10[category];
   if (!record) {
-    return category.toUpperCase();
+    return addPrefix(category.toUpperCase(), 'OWASP', withPrefix);
   } else if (category === 'unknown') {
     return record.title;
   } else {
-    return `${category.toUpperCase()} - ${record.title}`;
+    return addPrefix(`${category.toUpperCase()} - ${record.title}`, 'OWASP', withPrefix);
   }
 }
 
@@ -45,7 +49,15 @@ export function renderCWECategory(standards: Standards, category: string): strin
   }
 }
 
-export function renderSansTop25Category(standards: Standards, category: string): string {
+export function renderSansTop25Category(
+  standards: Standards,
+  category: string,
+  withPrefix = false
+): string {
   const record = standards.sansTop25[category];
-  return record ? record.title : category;
+  return addPrefix(record ? record.title : category, 'SANS', withPrefix);
+}
+
+function addPrefix(title: string, prefix: string, withPrefix: boolean) {
+  return withPrefix ? `${prefix} ${title}` : title;
 }
diff --git a/server/sonar-web/src/main/js/components/issue/components/IssueActionsBar.js b/server/sonar-web/src/main/js/components/issue/components/IssueActionsBar.js
index 52204effb61..f46c484ec4e 100644
--- a/server/sonar-web/src/main/js/components/issue/components/IssueActionsBar.js
+++ b/server/sonar-web/src/main/js/components/issue/components/IssueActionsBar.js
@@ -79,7 +79,10 @@ export default class IssueActionsBar extends React.PureComponent {
 
   handleTransition = (issue /*: Issue */) => {
     this.props.onChange(issue);
-    if (['FALSE-POSITIVE', 'WONTFIX'].includes(issue.resolution)) {
+    if (
+      issue.resolution === 'FALSE-POSITIVE' ||
+      (issue.resolution === 'WONTFIX' && issue.type !== 'SECURITY_HOTSPOT')
+    ) {
       this.toggleComment(true, translate('issue.comment.tell_why'));
     }
   };
diff --git a/server/sonar-web/src/main/js/helpers/standards.json b/server/sonar-web/src/main/js/helpers/standards.json
index cea1023329c..9a937e7c842 100644
--- a/server/sonar-web/src/main/js/helpers/standards.json
+++ b/server/sonar-web/src/main/js/helpers/standards.json
@@ -3,12 +3,12 @@
     "a1": {
       "title": "Injection",
       "description":
-        "Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization."
+        "Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization."
     },
     "a2": {
       "title": "Broken Authentication",
       "description":
-        "Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently."
+        "Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities temporarily or permanently."
     },
     "a3": {
       "title": "Sensitive Data Exposure",
@@ -23,7 +23,7 @@
     "a5": {
       "title": "Broken Access Control",
       "description":
-        "Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users’ data, change access rights, etc."
+        "Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users' data, change access rights, etc."
     },
     "a6": {
       "title": "Security Misconfiguration",
@@ -33,7 +33,7 @@
     "a7": {
       "title": "Cross-Site Scripting (XSS)",
       "description":
-        "XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites."
+        "XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim's browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites."
     },
     "a8": {
       "title": "Insecure Deserialization",