Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security hotspot link for Sq 8.5 #276

Closed
rockmagic opened this issue Nov 25, 2020 · 5 comments
Closed

Security hotspot link for Sq 8.5 #276

rockmagic opened this issue Nov 25, 2020 · 5 comments
Labels
bug Something isn't working

Comments

@rockmagic
Copy link

Describe the bug

In sq 8.5 security hotspots are not listed among all issues, so the link "View in SonarQube" in MR comment leads to empty issues page with notice:

Cannot open selected issue, as it's not part of the initial 1000 loaded issues.

To Reproduce
Steps to reproduce the behavior:

  1. Set up pull-request decoration for GitLab
  2. Run scanner for merge request with security problem, for example hardcode something like password = "Password"
  3. Go to Merge request, find the comment for this line, clink link "View in SonarQube"

Incorrect link:

https://sq.domain.name/project/issues?id=my%3Aproject&pullRequest=123&issues=AXX-ZP-9j1WiQQuk1P3v&open=AXX-ZP-9j1WiQQuk1P3v

Expected behavior
Link should head to Security Hotspots page in SonarQube

Corrent link:

https://sq.domain.name/security_hotspots?id=my%3Aproject&pullRequest=123&hotspots=AXX-UssNj1WiQQuk1If0

Screenshots

image

Software Versions

  • SonarQube Version: Version 8.5 (build 38104)
  • Plugin Version: 1.6.0
@rockmagic rockmagic added the bug Something isn't working label Nov 25, 2020
@mc1arke
Copy link
Owner

mc1arke commented Nov 27, 2020

Can you provide a screenshot of the reported issue in GitLab please?

@rockmagic
Copy link
Author

Sure, here's the discussion thread created by PR decoration:

image

@rockmagic
Copy link
Author

rockmagic commented Nov 27, 2020
edited
Loading

sonarqube-community-branch-plugin/src/main/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/AnalysisDetails.java

Line 119 in d5232b4

public String getIssueUrl(String issueKey) {

Maybe AnalysisDetails::getIssueUrl should receive whole issue object, or additional parameter to discover issue type.

mc1arke added a commit that referenced this issue Jul 2, 2021
@mc1arke
#276: Use correct link on Pull Request annotations for Hostspots
a0025ea 
Sonarqube uses a different URL format for issues compared to Security Hotspots, but the plugin was using the same format for both during Pull Request decoration, so linking to invalid URLS for hotspots. The URL generation has therefore been altered to take the issue type into account when generating a link to each issue.
mc1arke added a commit that referenced this issue Jul 2, 2021
@mc1arke
#276: Use correct link on Pull Request annotations for Hostspots
f7ba695 
Sonarqube uses a different URL format for issues compared to Security Hotspots, but the plugin was using the same format for both during Pull Request decoration, so linking to invalid URLS for hotspots. The URL generation has therefore been altered to take the issue type into account when generating a link to each issue.
@mc1arke mc1arke added the backport candidate This feature or fix should be included in another release branch label Jul 2, 2021
mc1arke added a commit that referenced this issue Jul 2, 2021
@mc1arke
#276: Use correct link on Pull Request annotations for Hostspots
732ba92 
Sonarqube uses a different URL format for issues compared to Security Hotspots, but the plugin was using the same format for both during Pull Request decoration, so linking to invalid URLS for hotspots. The URL generation has therefore been altered to take the issue type into account when generating a link to each issue.
@mc1arke mc1arke added the awaiting release Merged but not currently in release version label Jul 2, 2021
@mc1arke
Copy link
Owner

mc1arke commented Aug 14, 2021

Released in v1.9.0 of the plugin

@mc1arke mc1arke closed this as completed Aug 14, 2021
mc1arke added a commit that referenced this issue Aug 22, 2021
@mc1arke
#276: Use correct link on Pull Request annotations for Hostspots
6361ffa 
Sonarqube uses a different URL format for issues compared to Security Hotspots, but the plugin was using the same format for both during Pull Request decoration, so linking to invalid URLS for hotspots. The URL generation has therefore been altered to take the issue type into account when generating a link to each issue.

(cherry picked from commit 732ba92)
@mc1arke
Copy link
Owner

mc1arke commented Aug 23, 2021

Backported to 1.8.1 of the plugin for Sonarqube 8.9 support.

@mc1arke mc1arke removed awaiting release Merged but not currently in release version backport candidate This feature or fix should be included in another release branch labels Sep 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mc1arke @rockmagic