SONAR-12026 Add transition "Open as Vulnerability"

author: Pierre Guillot <50145663+pierre-guillot-sonarsource@users.noreply.github.com> 2019-05-10 16:44:14 +0200
committer: SonarTech <sonartech@sonarsource.com> 2019-05-22 20:21:14 +0200
commit: 020c4390d4d830041ec5f640a543d2f56101c16f (patch)
tree: fa2af9accba07045b0af34fa932694e30c2d0b02 /server
parent: d6b083849c60a53e15765e8c8b98122e4c082e6a (diff)
download: sonarqube-020c4390d4d830041ec5f640a543d2f56101c16f.tar.gz
sonarqube-020c4390d4d830041ec5f640a543d2f56101c16f.zip
3 files changed, 103 insertions, 4 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java b/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java
index 631e6cb3480..4304fb721c8 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/issue/workflow/IssueWorkflow.java
@@ -169,6 +169,32 @@ public class IssueWorkflow implements Startable {
         .functions(new SetResolution(RESOLUTION_FIXED))
         .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
         .build())
+      .transition(Transition.builder(DefaultTransitions.RESOLVE_AS_REVIEWED)
+        .from(STATUS_OPEN).to(STATUS_REVIEWED)
+        .conditions(new HasType(RuleType.VULNERABILITY), IsManualVulnerability.INSTANCE)
+        .functions(new SetType(RuleType.SECURITY_HOTSPOT), new SetResolution(RESOLUTION_FIXED))
+        .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
+        .build())
+
+      .transition(Transition.builder(DefaultTransitions.OPEN_AS_VULNERABILITY)
+        .from(STATUS_REVIEWED).to(STATUS_OPEN)
+        .conditions(new HasType(RuleType.SECURITY_HOTSPOT))
+        .functions(new SetResolution(null))
+        .functions(new SetType(RuleType.VULNERABILITY))
+        .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
+        .build())
+      .transition(Transition.builder(DefaultTransitions.OPEN_AS_VULNERABILITY)
+        .from(STATUS_IN_REVIEW).to(STATUS_OPEN)
+        .conditions(new HasType(RuleType.SECURITY_HOTSPOT))
+        .functions(new SetType(RuleType.VULNERABILITY))
+        .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
+        .build())
+      .transition(Transition.builder(DefaultTransitions.OPEN_AS_VULNERABILITY)
+        .from(STATUS_TO_REVIEW).to(STATUS_OPEN)
+        .conditions(new HasType(RuleType.SECURITY_HOTSPOT))
+        .functions(new SetType(RuleType.VULNERABILITY))
+        .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
+        .build())
 
       // all transitions below have to be removed by the end of the MMF-1635
       .transition(Transition.builder(DefaultTransitions.DETECT)
diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java
index 519873b3324..6e37f7bca71 100644
--- a/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java
+++ b/server/sonar-server-common/src/test/java/org/sonar/server/issue/workflow/IssueWorkflowForSecurityHotspotsTest.java
@@ -48,6 +48,7 @@ import static org.sonar.api.issue.Issue.RESOLUTION_REMOVED;
 import static org.sonar.api.issue.Issue.RESOLUTION_WONT_FIX;
 import static org.sonar.api.issue.Issue.STATUS_CLOSED;
 import static org.sonar.api.issue.Issue.STATUS_IN_REVIEW;
+import static org.sonar.api.issue.Issue.STATUS_OPEN;
 import static org.sonar.api.issue.Issue.STATUS_RESOLVED;
 import static org.sonar.api.issue.Issue.STATUS_REVIEWED;
 import static org.sonar.api.issue.Issue.STATUS_TO_REVIEW;
@@ -71,7 +72,7 @@ public class IssueWorkflowForSecurityHotspotsTest {
 
     List<Transition> transitions = underTest.outTransitions(issue);
 
-    assertThat(keys(transitions)).containsOnly("setinreview", "detect", "clear", "resolveasreviewed");
+    assertThat(keys(transitions)).containsOnly("setinreview", "detect", "clear", "resolveasreviewed", "openasvulnerability");
   }
 
   @Test
@@ -81,7 +82,27 @@ public class IssueWorkflowForSecurityHotspotsTest {
 
     List<Transition> transitions = underTest.outTransitions(issue);
 
-    assertThat(keys(transitions)).containsOnly("resolveasreviewed");
+    assertThat(keys(transitions)).containsOnly("resolveasreviewed", "openasvulnerability");
+  }
+
+  @Test
+  public void list_out_transitions_in_status_reviwed() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue().setType(RuleType.SECURITY_HOTSPOT).setStatus(STATUS_REVIEWED);
+
+    List<Transition> transitions = underTest.outTransitions(issue);
+
+    assertThat(keys(transitions)).containsOnly("openasvulnerability");
+  }
+
+  @Test
+  public void list_out_transitions_in_status_open() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue().setType(RuleType.VULNERABILITY).setStatus(STATUS_OPEN).setResolution(RESOLUTION_FIXED).setIsFromHotspot(true);
+
+    List<Transition> transitions = underTest.outTransitions(issue);
+
+    assertThat(keys(transitions)).containsOnly("resolveasreviewed", "dismiss"); // dismiss to be remove by the end of the MMF-1635
   }
 
   @Test
@@ -120,14 +141,65 @@ public class IssueWorkflowForSecurityHotspotsTest {
     DefaultIssue issue = new DefaultIssue()
       .setType(RuleType.SECURITY_HOTSPOT)
       .setIsFromHotspot(true)
-      .setStatus(STATUS_IN_REVIEW);
+      .setStatus(STATUS_IN_REVIEW)
+      .setResolution(null);
 
     boolean result = underTest.doManualTransition(issue, DefaultTransitions.RESOLVE_AS_REVIEWED, IssueChangeContext.createUser(new Date(), "USER1"));
 
     assertThat(result).isTrue();
     assertThat(issue.getStatus()).isEqualTo(STATUS_REVIEWED);
     assertThat(issue.resolution()).isEqualTo(RESOLUTION_FIXED);
+  }
+
+  @Test
+  public void open_as_vulnerability_from_in_review() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue()
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setIsFromHotspot(true)
+      .setStatus(STATUS_IN_REVIEW)
+      .setResolution(null);
+
+    boolean result = underTest.doManualTransition(issue, DefaultTransitions.OPEN_AS_VULNERABILITY, IssueChangeContext.createUser(new Date(), "USER1"));
+
+    assertThat(result).isTrue();
+    assertThat(issue.type()).isEqualTo(RuleType.VULNERABILITY);
+    assertThat(issue.getStatus()).isEqualTo(Issue.STATUS_OPEN);
+    assertThat(issue.resolution()).isNull();
+  }
 
+  @Test
+  public void open_as_vulnerability_from_to_review() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue()
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setIsFromHotspot(true)
+      .setStatus(STATUS_TO_REVIEW)
+      .setResolution(null);
+
+    boolean result = underTest.doManualTransition(issue, DefaultTransitions.OPEN_AS_VULNERABILITY, IssueChangeContext.createUser(new Date(), "USER1"));
+
+    assertThat(result).isTrue();
+    assertThat(issue.type()).isEqualTo(RuleType.VULNERABILITY);
+    assertThat(issue.getStatus()).isEqualTo(Issue.STATUS_OPEN);
+    assertThat(issue.resolution()).isNull();
+  }
+
+  @Test
+  public void open_as_vulnerability_from_reviewed() {
+    underTest.start();
+    DefaultIssue issue = new DefaultIssue()
+      .setType(RuleType.SECURITY_HOTSPOT)
+      .setIsFromHotspot(true)
+      .setResolution(RESOLUTION_FIXED)
+      .setStatus(STATUS_REVIEWED);
+
+    boolean result = underTest.doManualTransition(issue, DefaultTransitions.OPEN_AS_VULNERABILITY, IssueChangeContext.createUser(new Date(), "USER1"));
+
+    assertThat(result).isTrue();
+    assertThat(issue.type()).isEqualTo(RuleType.VULNERABILITY);
+    assertThat(issue.getStatus()).isEqualTo(Issue.STATUS_OPEN);
+    assertThat(issue.resolution()).isNull();
   }
 
   @Test
diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java
index e11c4dfdedb..463f1cd52f4 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java
@@ -39,6 +39,7 @@ import org.sonar.server.issue.TransitionService;
 import org.sonar.server.user.UserSession;
 
 import static java.lang.String.format;
+import static org.sonar.api.issue.DefaultTransitions.OPEN_AS_VULNERABILITY;
 import static org.sonar.api.issue.DefaultTransitions.RESOLVE_AS_REVIEWED;
 import static org.sonar.api.issue.DefaultTransitions.SET_AS_IN_REVIEW;
 import static org.sonarqube.ws.client.issue.IssuesWsParameters.ACTION_DO_TRANSITION;
@@ -74,7 +75,7 @@ public class DoTransitionAction implements IssuesWsAction {
         "The transitions involving security hotspots require the permission 'Administer Security Hotspot'.")
       .setSince("3.6")
       .setChangelog(
-        new Change("7.8", format("added transitions '%s' and %s for security hotspots ", SET_AS_IN_REVIEW, RESOLVE_AS_REVIEWED)),
+        new Change("7.8", format("added '%s', %s and %s transitions for security hotspots ", SET_AS_IN_REVIEW, RESOLVE_AS_REVIEWED, OPEN_AS_VULNERABILITY)),
         new Change("7.3", "added transitions for security hotspots"),
         new Change("6.5", "the database ids of the components are removed from the response"),
         new Change("6.5", "the response field components.uuid is deprecated. Use components.key instead."))
author	Pierre Guillot <50145663+pierre-guillot-sonarsource@users.noreply.github.com>	2019-05-10 16:44:14 +0200
committer	SonarTech <sonartech@sonarsource.com>	2019-05-22 20:21:14 +0200
commit	020c4390d4d830041ec5f640a543d2f56101c16f (patch)
tree	fa2af9accba07045b0af34fa932694e30c2d0b02 /server
parent	d6b083849c60a53e15765e8c8b98122e4c082e6a (diff)
download	sonarqube-020c4390d4d830041ec5f640a543d2f56101c16f.tar.gz sonarqube-020c4390d4d830041ec5f640a543d2f56101c16f.zip