Commit 5c3ee8d4 authored by Dheeraj Joshi's avatar Dheeraj Joshi Committed by Alex Kalderimis

Fix rendering vulnerability markdown description

Changelog: fixed
EE: true
parent ab1491be
......@@ -147,6 +147,10 @@ module Types
object.description || object.finding_description
end
def description_html_resolver
::MarkupHelper.markdown(description, context.to_h.dup)
end
def project
Gitlab::Graphql::Loaders::BatchModelLoader.new(Project, object.project_id).find
end
......
......@@ -73,7 +73,7 @@ module VulnerabilitiesHelper
def vulnerability_finding_data(vulnerability)
data = Vulnerabilities::FindingSerializer.new(current_user: current_user).represent(vulnerability.finding, only: FINDING_FIELDS)
data[:location].merge!('blob_path' => vulnerability.blob_path).compact!
data[:description_html] = markdown_field(vulnerability, :description)
data[:description_html] = markdown(vulnerability.present.description)
data
end
......
......@@ -129,7 +129,7 @@ module EE
joins(:findings).merge(Vulnerabilities::Finding.by_location_cluster_agent(agent_ids))
end
delegate :scanner_name, :scanner_external_id, :scanner_id, :metadata, :message, :description, :details, :uuid,
delegate :scanner_name, :scanner_external_id, :scanner_id, :metadata, :message, :description, :description_html, :details, :uuid,
to: :finding, prefix: true, allow_nil: true
delegate :default_branch, :name, to: :project, prefix: true, allow_nil: true
......
......@@ -352,6 +352,34 @@ RSpec.describe VulnerabilitiesHelper do
expect(dismissal_feedback[:comment_details][:comment]).to eq(feedback.comment)
end
end
context 'with markdown field for description' do
context 'when vulnerability has no description and finding has description' do
before do
vulnerability.description = nil
vulnerability.finding.description = '# Finding'
end
it 'returns finding information' do
rendered_markdown = '<h1 data-sourcepos="1:1-1:9" dir="auto">&#x000A;<a id="user-content-finding" class="anchor" href="#finding" aria-hidden="true"></a>Finding</h1>'
expect(subject[:description_html]).to eq(rendered_markdown)
end
end
context 'when vulnerability has description and finding has description' do
before do
vulnerability.description = '# Vulnerability'
vulnerability.finding.description = '# Finding'
end
it 'returns finding information' do
rendered_markdown = '<h1 data-sourcepos="1:1-1:15" dir="auto">&#x000A;<a id="user-content-vulnerability" class="anchor" href="#vulnerability" aria-hidden="true"></a>Vulnerability</h1>'
expect(subject[:description_html]).to eq(rendered_markdown)
end
end
end
end
describe '#vulnerability_scan_data?' do
......
......@@ -710,6 +710,8 @@ RSpec.describe Vulnerability do
describe 'delegations' do
it { is_expected.to delegate_method(:scanner_name).to(:finding).with_prefix.allow_nil }
it { is_expected.to delegate_method(:description).to(:finding).with_prefix.allow_nil }
it { is_expected.to delegate_method(:description_html).to(:finding).with_prefix.allow_nil }
it { is_expected.to delegate_method(:metadata).to(:finding).with_prefix.allow_nil }
it { is_expected.to delegate_method(:message).to(:finding).with_prefix.allow_nil }
it { is_expected.to delegate_method(:cve_value).to(:finding).allow_nil }
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Query.vulnerabilities.description' do
include GraphqlHelpers
let_it_be(:project) { create(:project) }
let_it_be(:user) { create(:user, security_dashboard_projects: [project]) }
let_it_be(:fields) do
<<~QUERY
description
descriptionHtml
QUERY
end
let_it_be(:query) do
graphql_query_for('vulnerabilities', {}, query_graphql_field('nodes', {}, fields))
end
let(:vulnerability_description) { nil }
let(:finding_description) { nil }
let!(:vulnerability) { create(:vulnerability, description: vulnerability_description, project: project, report_type: :container_scanning) }
let!(:finding) do
create(
:vulnerabilities_finding,
description: finding_description,
vulnerability: vulnerability
)
end
subject { graphql_data.dig('vulnerabilities', 'nodes') }
before do
project.add_developer(user)
stub_licensed_features(security_dashboard: true)
post_graphql(query, current_user: user)
end
context 'when vulnerability has no description and finding has description' do
let(:vulnerability_description) { nil }
let(:finding_description) { '# Finding' }
it 'returns finding information' do
rendered_markdown = '<h1 data-sourcepos="1:1-1:9" dir="auto">&#x000A;<a id="user-content-finding" class="anchor" href="#finding" aria-hidden="true"></a>Finding</h1>'
expect(subject.first['description']).to eq('# Finding')
expect(subject.first['descriptionHtml']).to eq(rendered_markdown)
end
end
context 'when vulnerability has description and finding has description' do
let(:vulnerability_description) { '# Vulnerability' }
let(:finding_description) { '# Finding' }
it 'returns finding information' do
rendered_markdown = '<h1 data-sourcepos="1:1-1:15" dir="auto">&#x000A;<a id="user-content-vulnerability" class="anchor" href="#vulnerability" aria-hidden="true"></a>Vulnerability</h1>'
expect(subject.first['description']).to eq('# Vulnerability')
expect(subject.first['descriptionHtml']).to eq(rendered_markdown)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment