Use scan information in issue template

60aae797 · can eldem · ccb66e2f · 60aae797 · 60aae797 · 60aae797
Commit 60aae797 authored Oct 07, 2020 by can eldem
5 changed files
--- a/ee/app/views/vulnerabilities/issue_description.md.erb
+++ b/ee/app/views/vulnerabilities/issue_description.md.erb
@@ -60,3 +60,23 @@
  </details>
 <% end %>
 <% end %>
+
+<% if vulnerability.try(:scan).present? && vulnerability.try(:scanner).present? %>
+### <%= _("Scanner") %>:
+
+<% if vulnerability&.scanner[:name].present? %>
+* <%= _("Name") %>: <%= vulnerability.scanner[:name] %>
+<% end %>
+<% if vulnerability&.scan[:type].present? %>
+* <%= _("Type") %>: <%= vulnerability.scan[:type] %>
+<% end %>
+<% if vulnerability&.scan[:status].present? %>
+* <%= _("Status") %>: <%= vulnerability.scan[:status] %>
+<% end %>
+<% if vulnerability&.scan[:start_time].present? %>
+* <%= _("Start Time") %>: <%= vulnerability.scan[:start_time] %>
+<% end %>
+<% if vulnerability&.scan[:end_time].present? %>
+* <%= _("End Time") %>: <%= vulnerability.scan[:end_time] %>
+<% end %>
+<% end %>
--- a/ee/changelogs/unreleased/use-scan-information.yml
+++ b/ee/changelogs/unreleased/use-scan-information.yml
+---
+title: Include additional information related from scan in issue template
+merge_request: 44620
+author:
+type: added
--- a/ee/spec/lib/gitlab/vulnerabilities/base_vulnerability_spec.rb
+++ b/ee/spec/lib/gitlab/vulnerabilities/base_vulnerability_spec.rb
@@ -21,7 +21,7 @@ RSpec.describe Gitlab::Vulnerabilities::BaseVulnerability do
      location: { file: 'main.rb', start_line: 14, blob_path: '/bar/foo/main.rb#14' },
      solution: 'upgrade dependencies',
      scanner: { external_id: 'gemnasium', name: 'Gemnasium' },
-      scan: { external_id: 'gemnasium', name: 'Gemnasium' }
+      scan: { type: 'dependency_scanning', status: 'success', start_time: 'placeholder', end_time: 'placeholder' }
    }
  end


--- a/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
+++ b/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
@@ -86,7 +86,9 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
              url: 'https;//example.com/blog-post'
            }, {
              url: 'https://example.com/another-link'
-            }]
+            }],
+            scanner: { external_id: 'gemnasium', name: 'Gemnasium' },
+            scan: { type: 'dependency_scanning', status: 'success', start_time: 'placeholder', end_time: 'placeholder' }
          }
        end

@@ -115,6 +117,15 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do

            * [Awesome-security blog post](https;//example.com/blog-post)
            * https://example.com/another-link
+
+
+            ### Scanner:
+
+            * Name: Gemnasium
+            * Type: dependency_scanning
+            * Status: success
+            * Start Time: placeholder
+            * End Time: placeholder
          DESC
        end

@@ -132,7 +143,9 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            line: '15',
            cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
            title: 'Predictable pseudorandom number generator',
-            tool: 'find_sec_bugs'
+            tool: 'find_sec_bugs',
+            scanner: { external_id: 'gemnasium', name: 'Gemnasium' },
+            scan: { type: 'dependency_scanning', status: 'success', start_time: 'placeholder', end_time: 'placeholder' }
          }
        end

@@ -150,6 +163,17 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            ### Solution:

            Please do something!
+
+
+
+
+            ### Scanner:
+
+            * Name: Gemnasium
+            * Type: dependency_scanning
+            * Status: success
+            * Start Time: placeholder
+            * End Time: placeholder
          DESC
        end


--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -9808,6 +9808,9 @@ msgstr ""
 msgid "Encountered an error while rendering: %{err}"
 msgstr ""

+msgid "End Time"
+msgstr ""
+
 msgid "Ends at (UTC)"
 msgstr ""

@@ -22554,6 +22557,9 @@ msgstr ""
 msgid "Saving project."
 msgstr ""

+msgid "Scanner"
+msgstr ""
+
 msgid "Schedule a new pipeline"
 msgstr ""

@@ -24643,6 +24649,9 @@ msgstr ""
 msgid "Start Date"
 msgstr ""

+msgid "Start Time"
+msgstr ""
+
 msgid "Start Web Terminal"
 msgstr ""