Commit 3ad73fc5 authored by Dheeraj Joshi's avatar Dheeraj Joshi

Adds graphql markdown field for Vulnerability Description

This exposes descriptionHtml field for rendering markdown
content in Vulnerability description

Changelog: added
EE: true
parent ab991fa8
...@@ -16,3 +16,4 @@ GraphQL/FieldDefinitions: ...@@ -16,3 +16,4 @@ GraphQL/FieldDefinitions:
- ee/app/graphql/types/group_release_stats_type.rb - ee/app/graphql/types/group_release_stats_type.rb
- ee/app/graphql/types/iteration_type.rb - ee/app/graphql/types/iteration_type.rb
- ee/app/graphql/types/requirements_management/requirement_type.rb - ee/app/graphql/types/requirements_management/requirement_type.rb
- ee/app/graphql/types/vulnerability_type.rb
...@@ -15312,6 +15312,7 @@ Represents a vulnerability. ...@@ -15312,6 +15312,7 @@ Represents a vulnerability.
| <a id="vulnerabilityconfirmedat"></a>`confirmedAt` | [`Time`](#time) | Timestamp of when the vulnerability state was changed to confirmed. | | <a id="vulnerabilityconfirmedat"></a>`confirmedAt` | [`Time`](#time) | Timestamp of when the vulnerability state was changed to confirmed. |
| <a id="vulnerabilityconfirmedby"></a>`confirmedBy` | [`UserCore`](#usercore) | User that confirmed the vulnerability. | | <a id="vulnerabilityconfirmedby"></a>`confirmedBy` | [`UserCore`](#usercore) | User that confirmed the vulnerability. |
| <a id="vulnerabilitydescription"></a>`description` | [`String`](#string) | Description of the vulnerability. | | <a id="vulnerabilitydescription"></a>`description` | [`String`](#string) | Description of the vulnerability. |
| <a id="vulnerabilitydescriptionhtml"></a>`descriptionHtml` | [`String`](#string) | The GitLab Flavored Markdown rendering of `description`. |
| <a id="vulnerabilitydetails"></a>`details` | [`[VulnerabilityDetail!]!`](#vulnerabilitydetail) | Details of the vulnerability. | | <a id="vulnerabilitydetails"></a>`details` | [`[VulnerabilityDetail!]!`](#vulnerabilitydetail) | Details of the vulnerability. |
| <a id="vulnerabilitydetectedat"></a>`detectedAt` | [`Time!`](#time) | Timestamp of when the vulnerability was first detected. | | <a id="vulnerabilitydetectedat"></a>`detectedAt` | [`Time!`](#time) | Timestamp of when the vulnerability was first detected. |
| <a id="vulnerabilitydiscussions"></a>`discussions` | [`DiscussionConnection!`](#discussionconnection) | All discussions on this noteable. (see [Connections](#connections)) | | <a id="vulnerabilitydiscussions"></a>`discussions` | [`DiscussionConnection!`](#discussionconnection) | All discussions on this noteable. (see [Connections](#connections)) |
...@@ -19,6 +19,7 @@ module Types ...@@ -19,6 +19,7 @@ module Types
field :description, GraphQL::Types::String, null: true, field :description, GraphQL::Types::String, null: true,
description: 'Description of the vulnerability.' description: 'Description of the vulnerability.'
markdown_field :description_html, null: true
field :message, GraphQL::Types::String, null: true, field :message, GraphQL::Types::String, null: true,
description: "Short text description of the vulnerability. This may include the finding's specific information.", description: "Short text description of the vulnerability. This may include the finding's specific information.",
......
...@@ -11,6 +11,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do ...@@ -11,6 +11,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
id id
title title
description description
descriptionHtml
message message
user_notes_count user_notes_count
state state
...@@ -220,4 +221,44 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do ...@@ -220,4 +221,44 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
end end
end end
end end
describe '#descriptionHtml' do
let_it_be(:vulnerability_with_finding) { create(:vulnerability, :with_findings, project: project) }
let(:query) do
%(
query {
project(fullPath: "#{project.full_path}") {
name
vulnerabilities {
nodes {
descriptionHtml
}
}
}
}
)
end
context 'when the vulnerability descriptionHtml field is populated' do
it 'returns the description for the vulnerability' do
vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
expect(vulnerabilities.first['descriptionHtml']).to eq(vulnerability_with_finding.description_html)
end
end
context 'when the vulnerability descriptionHtml field is empty' do
before do
vulnerability_with_finding.description_html = nil
vulnerability_with_finding.save!
end
it 'returns the descriptionHtml for the vulnerability finding' do
vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
expect(vulnerabilities.first['descriptionHtml']).to eq(vulnerability_with_finding.description_html)
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment