Merge branch 'djadmin-vuln-graphql-markdown-description' into 'master'

Add markdown field for Vulnerability Description See merge request gitlab-org/gitlab!76202

Merge branch 'djadmin-vuln-graphql-markdown-description' into 'master'
Add markdown field for Vulnerability Description See merge request gitlab-org/gitlab!76202
327a25c5 · Sean McGivern · d1b4137e · 3ad73fc5 · 327a25c5 · 327a25c5
Commit 327a25c5 authored Dec 08, 2021 by Sean McGivern
4 changed files
--- a/.rubocop_todo/graphql/field_definitions.yml
+++ b/.rubocop_todo/graphql/field_definitions.yml
@@ -16,3 +16,4 @@ GraphQL/FieldDefinitions:
  - ee/app/graphql/types/group_release_stats_type.rb
  - ee/app/graphql/types/iteration_type.rb
  - ee/app/graphql/types/requirements_management/requirement_type.rb
+  - ee/app/graphql/types/vulnerability_type.rb
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -15312,6 +15312,7 @@ Represents a vulnerability.
 | <a id="vulnerabilityconfirmedat"></a>`confirmedAt` | [`Time`](#time) | Timestamp of when the vulnerability state was changed to confirmed. |
 | <a id="vulnerabilityconfirmedby"></a>`confirmedBy` | [`UserCore`](#usercore) | User that confirmed the vulnerability. |
 | <a id="vulnerabilitydescription"></a>`description` | [`String`](#string) | Description of the vulnerability. |
+| <a id="vulnerabilitydescriptionhtml"></a>`descriptionHtml` | [`String`](#string) | The GitLab Flavored Markdown rendering of `description`. |
 | <a id="vulnerabilitydetails"></a>`details` | [`[VulnerabilityDetail!]!`](#vulnerabilitydetail) | Details of the vulnerability. |
 | <a id="vulnerabilitydetectedat"></a>`detectedAt` | [`Time!`](#time) | Timestamp of when the vulnerability was first detected. |
 | <a id="vulnerabilitydiscussions"></a>`discussions` | [`DiscussionConnection!`](#discussionconnection) | All discussions on this noteable. (see [Connections](#connections)) |
--- a/ee/app/graphql/types/vulnerability_type.rb
+++ b/ee/app/graphql/types/vulnerability_type.rb
@@ -19,6 +19,7 @@ module Types

    field :description, GraphQL::Types::String, null: true,
          description: 'Description of the vulnerability.'
+    markdown_field :description_html, null: true

    field :message, GraphQL::Types::String, null: true,
          description: "Short text description of the vulnerability. This may include the finding's specific information.",

--- a/ee/spec/graphql/types/vulnerability_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_type_spec.rb
@@ -11,6 +11,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
       id
       title
       description
+       descriptionHtml
       message
       user_notes_count
       state
@@ -220,4 +221,44 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
      end
    end
  end
+
+  describe '#descriptionHtml' do
+    let_it_be(:vulnerability_with_finding) { create(:vulnerability, :with_findings, project: project) }
+
+    let(:query) do
+      %(
+        query {
+          project(fullPath: "#{project.full_path}") {
+            name
+            vulnerabilities {
+              nodes {
+                descriptionHtml
+              }
+            }
+          }
+        }
+      )
+    end
+
+    context 'when the vulnerability descriptionHtml field is populated' do
+      it 'returns the description for the vulnerability' do
+        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
+
+        expect(vulnerabilities.first['descriptionHtml']).to eq(vulnerability_with_finding.description_html)
+      end
+    end
+
+    context 'when the vulnerability descriptionHtml field is empty' do
+      before do
+        vulnerability_with_finding.description_html = nil
+        vulnerability_with_finding.save!
+      end
+
+      it 'returns the descriptionHtml for the vulnerability finding' do
+        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
+
+        expect(vulnerabilities.first['descriptionHtml']).to eq(vulnerability_with_finding.description_html)
+      end
+    end
+  end
 end