79. Design a Bug Bounty Program Management System

Design a Bug Bounty Program Management System
We are planning to build an in-house platform to manage our Bug Bounty Program where anyone can report a potential bug in the app and we’ll reward them with a bounty based on the criticality and impact of the bug being reported.

For simplicity, we will be getting bug reports via email and then employees will be registering these bug reports manually into this system.
  • User - Employees who will be using this system.
  • Reporter - End-user who reported the bug via email and will receive the bounty reward.
  • BugReport - Entity corresponding to the bug report shared via email.

Requirements

  • We should have a user entity with basic profile like name, email, role, etc. (these users will be employees working on these reports).
  • For simplicity, we can hardcode the users initially with basic profile like name, email, role, etc.
  • A user should be able to create, edit, and view BugReports.
  • A user should be able to assign BugReports to any of the users.
  • A user should be able to change the status of a BugReport assigned to them.
  • A user should be able to edit a BugReport.
  • A user should be able to add comments to a BugReport (comments visible only to users, not the reporter).
  • A user with the admin role should be able to delete a BugReport. Non-admin users must be restricted from deleting.
  • A user should be able to view:
    • List of all BugReports.
    • BugReports assigned to them.
    • BugReports assigned to them that are not completed.
    • BugReports assigned to them that are completed.

Workflow Rules

The system must ensure status transitions (updates) happen only in the allowed order:
  • From Open to ReportReview only.
  • From ReportReview to either Rejected or Acknowledged only.
  • From Rejected to Closed only.
  • From Acknowledged to BountyReview only.
  • From BountyReview to BountyPaid only.
  • From BountyPaid to Closed only.

Class and Method Signatures

Initialization

The system is initialized with preloaded (hardcoded) users.
BugBountyProgram(List<String> preloadedUsers)
  • Users are provided as strings in List<String> form, for example: "name=user1,email=user1@fk.com,role=admin"
  • 1 ≤ preloadedUsers.size() (users are preloaded/hardcoded for simplicity).
  • A user is identified by the "name" value in the preloaded user strings; all *ByUser and assignedUser parameters refer to that name.

Methods

String createBugReport(String title, String createdByUser, List<String> fields)
  • createdByUser must match an existing preloaded user.
  • title is the BugReport identifier (must be non-empty and unique).
  • BugReport fields stored for each report (this system maintains all of these):
    • title (passed as a method parameter)
    • description
    • status
    • severity
    • bountyAmount
    • reporterEmail
    • assignedUser
    • createdTimeStamp
    • closedTimeStamp
  • reporterEmail must be a non-empty string.
  • severity is a string (values: P0, P1, P2 and P3).
  • bountyAmount ≥ 0.
  • Possible values of status: Open, ReportReview, Rejected, Acknowledged, BountyReview, BountyPaid, Closed.
  • Creation rules:
    • The BugReport is created only if no report already exists with the same title.
    • Required keys in fields (each as "key=value"): description, severity, reporterEmail.
    • On create, the system sets: status=Open, bountyAmount=0, assignedUser="", createdTimeStamp to the current system timestamp, and closedTimeStamp="".
  • Allowed keys in fields (create-time input):
    • description
    • severity
    • reporterEmail
  • Return codes (in same order): OK, ERROR_INVALID_USER, ERROR_DUPLICATE_TITLE, ERROR_MISSING_REQUIRED_FIELDS
String updateBugReport(String title, String updatedByUser, List<String> updates)
  • updatedByUser must match an existing preloaded user.
  • title must refer to an existing BugReport.
  • Allowed update keys in updates (each as "key=value"):
    • description
    • severity
    • status
    • bountyAmount
    • assignedUser
    • comment (adds a user-visible-only comment; not shown to reporter)
  • Assignment rule: assignedUser must be one of the preloaded users.
  • Status rule: only the assigned user can update status, and transitions must be valid per workflow rules. If status becomes Closed, the system sets closedTimeStamp to the current system timestamp.
  • Return codes (in same order): OK, ERROR_INVALID_USER, ERROR_NOT_FOUND, ERROR_INVALID_USER_FOR_ASSIGNMENT, ERROR_FORBIDDEN, ERROR_INVALID_TRANSITION
String deleteBugReport(String title, String deletedByUser)
  • deletedByUser must match an existing preloaded user.
  • title must refer to an existing BugReport.
  • Delete rule: deletion is allowed only if deletedByUser has role admin.
  • Return codes (in same order): OK, ERROR_INVALID_USER, ERROR_NOT_FOUND, ERROR_FORBIDDEN
List<String> listBugReports(String viewType, String requestedByUser)
  • requestedByUser must match an existing preloaded user.
  • Returns BugReports as a List<String>, one string per BugReport.
  • Supported viewType values:
    • all (all BugReports)
    • assignedToMe (BugReports assigned to requestedByUser)
    • assignedToMe:completed (assigned to me and completed)
    • assignedToMe:incomplete (assigned to me and not completed)
  • Completion definition: a BugReport is considered completed if status == 'Closed'.
  • If requestedByUser is invalid, return an empty list.

Examples

Example 1: Preload users and create two BugReports

BugBountyProgram(preloadedUsers = [ "name=user1,email=user1@fk.com,role=admin", "name=user2,email=user2@fk.com,role=agent" ])
createBugReport( title = "Bug Title 1", createdByUser = "user1", fields = [ "description=Bug Description 1", "severity=P0", "reporterEmail=reporter.b1@email.com" ] )
Output: "OK"
createBugReport( title = "Bug Title 2", createdByUser = "user1", fields = [ "description=Bug Description 2", "severity=P0", "reporterEmail=reporter.b2@email.com" ] )
Output: "OK"

Example 2: Assign, update status, set bounty, add comment

updateBugReport( title = "Bug Title 1", updatedByUser = "user1", updates = ["assignedUser=user1"] )
Output: "OK"
updateBugReport( title = "Bug Title 2", updatedByUser = "user1", updates = ["assignedUser=user2"] )
Output: "OK"
updateBugReport( title = "Bug Title 1", updatedByUser = "user1", updates = ["status=ReportReview"] )
Output: "OK"
updateBugReport( title = "Bug Title 1", updatedByUser = "user1", updates = ["status=Acknowledged"] )
Output: "OK"
updateBugReport( title = "Bug Title 1", updatedByUser = "user1", updates = ["status=BountyReview", "bountyAmount=1000", "comment=comment text 1"] )
Output: "OK"

Example 3: Admin delete and list views

deleteBugReport( title = "Bug Title 2", deletedByUser = "user1" )
Output: "OK"
Note: "Bug Title 2" is hard-deleted, so it will not appear in any list results.
listBugReports(viewType = "all", requestedByUser = "user1")
Output (example): [ "title=Bug Title 1,status=BountyReview,severity=P0,bountyAmount=1000,reporterEmail=reporter.b1@email.com,assignedUser=user1" ]
listBugReports(viewType = "assignedToMe", requestedByUser = "user1")
Output (example): [ "title=Bug Title 1,status=BountyReview,severity=P0,bountyAmount=1000,reporterEmail=reporter.b1@email.com,assignedUser=user1" ]
listBugReports(viewType = "assignedToMe:incomplete", requestedByUser = "user1")
Output (example): [ "title=Bug Title 1,status=BountyReview,severity=P0,bountyAmount=1000,reporterEmail=reporter.b1@email.com,assignedUser=user1" ]
listBugReports(viewType = "assignedToMe:completed", requestedByUser = "user1")
Output (example): []




Please use Laptop/Desktop or any other large screen to add/edit code.