Reinstate security hotspot rule definition

[NIGCH]

Related to #870
SonarQube 10.2 requires the security hotspot rule to be defined, otherwise it throws an error:

Rule was removed: OWASP:UsingComponentWithKnownVulnerabilitySecurityHotspot

[Reamer]

The two rules should be different. One with the marking that it is a security hotspot rule.

[NIGCH]

@Reamer Apologies for the delay. Is it just the name that needs to change, i.e. "Using Components with Known Vulnerabilities Security Hotspot"?

[Reamer]

I have finally found time to test the latest version of the SonarQube. I noticed the following regarding the security hotspot.

Security hotspots appear to be deprecated.
This is why the type was also removed here.
https://github.com/dependency-check/dependency-check-sonar-plugin/pull/895/files#diff-5965cba5b1809185b468ca61b3e32a8c4c564dcaad9262ea6ae8461680904250L45

[Reamer]

I think I have found a solution. What do you think? Does it work for you?

diff --git a/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java b/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java
index 436f3c5..f311a3e 100644
--- a/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java
+++ b/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java
@@ -21,9 +21,9 @@ package org.sonar.dependencycheck.rule;
 
 import javax.annotation.ParametersAreNonnullByDefault;
 
+import org.sonar.api.issue.impact.Severity;
 import org.sonar.api.issue.impact.SoftwareQuality;
 import org.sonar.api.rule.RuleStatus;
-import org.sonar.api.issue.impact.Severity;
 import org.sonar.api.server.rule.RulesDefinition;
 import org.sonar.dependencycheck.base.DependencyCheckConstants;
 
@@ -40,6 +40,7 @@ public class KnownCveRuleDefinition implements RulesDefinition {
 
         NewRule rule = repo.createRule(DependencyCheckConstants.RULE_KEY);
         fillOWASPRule(rule);
+        rule.addDeprecatedRuleKey(DependencyCheckConstants.REPOSITORY_KEY, DependencyCheckConstants.RULE_KEY_WITH_SECURITY_HOTSPOT);
         repo.done();
     }
 
diff --git a/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/NeutralProfile.java b/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/NeutralProfile.java
index 99ac009..d57e849 100644
--- a/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/NeutralProfile.java
+++ b/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/NeutralProfile.java
@@ -28,8 +28,6 @@ public class NeutralProfile implements BuiltInQualityProfilesDefinition {
     public void define(Context context) {
         NewBuiltInQualityProfile dependencyCheckWay = context.createBuiltInQualityProfile("Neutral", DependencyCheckConstants.LANGUAGE_KEY);
         dependencyCheckWay.activateRule(DependencyCheckConstants.REPOSITORY_KEY, DependencyCheckConstants.RULE_KEY);
-        dependencyCheckWay.activateRule(DependencyCheckConstants.REPOSITORY_KEY,
-                DependencyCheckConstants.RULE_KEY_WITH_SECURITY_HOTSPOT);
         dependencyCheckWay.done();
     }
 }

[NIGCH]

I see, thank you for this. The changes work for me in so far as I can now start SonarQube again with the plugin installed. I have still managed to produce security hotspots on the dashboard's overview tab but trying to view them is giving me an error. I'll try to come back to this next week.

[NIGCH]

Whatever issue I'd hit on Friday I can't now recreate using 10.2.1 or 10.3.0. I still have security hotspots but I can view them without any issues. I hope you don't mind, I've pushed your suggested changes.