Pass the 'raw' URL instead of 'blob' URL in revocation api call

ee/app/presenters/vulnerability_presenter.rb

@@ -17,23 +17,24 @@ class VulnerabilityPresenter < Gitlab::View::Presenter::Delegated
     "#{file}:#{line}"
   end
 
-  def location_link
-    return location_text unless blob_path
+  def location_link_with_raw_path
+    location_link_for(raw_path)
+  end
 
-    "#{root_url}#{blob_path}"
+  def location_link
+    location_link_for(blob_path)
   end
 
-  def blob_path
+  def raw_path
     return unless file
 
-    branch = finding.pipelines&.last&.sha || project.default_branch
-    path = project_blob_path(vulnerability.project, File.join(branch, file))
-
-    return unless path
+    path_with_line_number(project_raw_path(vulnerability.project, File.join(pipeline_branch, file)))
+  end
 
-    path = path.gsub(/^\//, '')
+  def blob_path
+    return unless file
 
-    add_line_numbers(path, finding.location['start_line'], finding.location['end_line'])
+    path_with_line_number(project_blob_path(vulnerability.project, File.join(pipeline_branch, file)))
   end
 
   def scanner
@@ -46,6 +47,24 @@ class VulnerabilityPresenter < Gitlab::View::Presenter::Delegated
 
   private
 
+  def location_link_for(path)
+    return location_text unless path
+
+    "#{root_url}#{path}"
+  end
+
+  def pipeline_branch
+    finding.pipelines&.last&.sha || project.default_branch
+  end
+
+  def path_with_line_number(path)
+    return unless path
+
+    path = path.gsub(/^\//, '')
+
+    add_line_numbers(path, finding.location['start_line'], finding.location['end_line'])
+  end
+
   def root_url
     Gitlab::Routing.url_helpers.root_url
   end

ee/app/workers/scan_security_report_secrets_worker.rb

@@ -37,7 +37,7 @@ class ScanSecurityReportSecretsWorker # rubocop:disable Scalability/IdempotentWo
       {
         type: revocation_type(vulnerability_finding),
         token: vulnerability_finding.metadata['raw_source_code_extract'],
-        location: vulnerability_finding.vulnerability.present.location_link
+        location: vulnerability_finding.vulnerability.present.location_link_with_raw_path
       }
     end
   end

ee/changelogs/unreleased/raw_url.yml

+---
+title: Pass the 'raw' URL instead of 'blob' URL in revocation api call
+merge_request: 49170
+author:
+type: added

ee/spec/presenters/vulnerability_presenter_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe VulnerabilityPresenter do
+  let(:project) { create(:project) }
+  let(:pipeline) { create(:ci_pipeline, :success, project: project) }
+  let(:finding) { create(:vulnerabilities_finding, :with_secret_detection, pipelines: [pipeline], project: project) }
+
+  subject  { described_class.new(finding.vulnerability) }
+
+  describe '#location_link_with_raw_path' do
+    it 'returns the location link in raw format' do
+      path = subject.location_link_with_raw_path
+
+      expect(path).to include('raw')
+      expect(path).to include(finding.file)
+      expect(path).to include("#L#{finding.location['start_line']}")
+    end
+  end
+
+  describe '#location_link' do
+    it 'returns the location link in blob format' do
+      path = subject.location_link
+
+      expect(path).to include('blob')
+      expect(path).to include(finding.file)
+      expect(path).to include("#L#{finding.location['start_line']}")
+    end
+  end
+end

ee/spec/workers/scan_security_report_secrets_worker_spec.rb

@@ -66,6 +66,7 @@ RSpec.describe  ScanSecurityReportSecretsWorker do
       expect(key[:type]).to eql(revocation_key_type)
       expect(key[:token]).to eql(api_key)
       expect(key[:location]).to include(file)
+      expect(key[:location]).to include('raw')
     end
   end
 end