Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-12026

Replace transitions on Security Hotspots by more meaningful transitions

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.8
    • Component/s: Security Hotspots, Web, Web API
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      The ws api/system/migrate_hotspots must be executed to migrate all security hotposts to new statuses, then api/system/migrate_es must be executed after to reindex all issues.

      Description

      Description

      Remove following transitions :

      • Detect, Dismiss, Reject, Request review, Clear, Reopen Hotspot, Accept

      Add new transitions :

      • Resolve as reviewed, Return to review, Set a In review, Reset as to review, Resolved as reviewed, Open as vulnerability, Return as security hotspot to review
      Start Transition Mouse Over Result
      Hotspot To Review (Unresolved) Resolve as Reviewed There is no vulnerability in the code Hotspot Reviewed (Fixed)
        Set as In Review A review is in progress to check for a vulnerability Hotspot In Review (Unresolved)
        Open as Vulnerability There's a vulnerability in the code that must be fixed Vulnerability Open (Unresolved)
      Hotspot In Review (Unresolved) Reset as To Review The security hotspot should be analyzed again Hotspot To Review (Unresolved)
        Resolve as Reviewed There is no vulnerability in the code Hotspot Reviewed (Fixed)
        Open as Vulnerability There's a vulnerability in the code that must be fixed Vulnerability Open (Unresolved)
      Hotspot Reviewed (Fixed) Reset as To Review The security hotspot should be analyzed again Hotspot To Review (Unresolved)
        Open as Vulnerability There's a vulnerability in the code that must be fixed Vulnerability Open (Unresolved)
      Vulnerability Unresolved (Open) Reset as To Review The vulnerability can't be fixed as is and needs more details. The security hotspot needs to be reviewed again Hotspot To Review (Unresolved)
        Resolve as Reviewed The vulnerability has been fixed. The security hotspot is considered reviewed Hotspot Reviewed (Fixed)

      Technical details

      Web services

      Update api/issues/do_transition 

      • Remove transitions : detect, dismiss, reject, requestreview, clear, accept, clear, reopenhotspot
      • Add new transitions : resolvereviewed, setinreview, resettoreview, openvulnerability

      Update api/security_reports/show by updating the response fields :

      • toReviewSecurityHotspots by inReviewSecurityHotspots
      • openSecurityHotspots by toReviewSecurityHotspots
      • wontFixSecurityHotspots by reviewedSecurityHotspots

      Include new hotspots statuses in facet statuses of api/issues/search

      • To Review
      • In Review
      • Reviewed

      Compute engine

      When a Security Hotspots is created, it must be set to status "To Review" and resolution "Unresolved".

      Database migration

      Update all existing hotspots

      • Migrate the ones having status "Open" and resolution "Unresolved" to status "To Review" and resolution "Unresolved" 
      • Migrate the ones having status "Resolved" and resolution "Fixed" to status "In Review" and resolution "Unresolved" 
      • Migrate the ones having status "Resolved" and resolution "Won't Fix" to status "Reviewed" and resolution "Fixed"

       

       

        Attachments

          Activity

            People

            Assignee:
            julien.lancelot Julien Lancelot
            Reporter:
            julien.lancelot Julien Lancelot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: