Commit 65464692 authored by Michał Zając's avatar Michał Zając

Check for remediations nonemptiness

`Vulnerabilities::Finding#raw_metadata` can have a key `remediations`
of value `[null]` which will get serialized to `[nil]` and the passed to
`ee/app/views/vulnerabilities/issue_description.md.erb` which will
satisfy `vulnerability.remediations.present?` check but will fail upon
accessing any keys.
parent da0c0f0b
...@@ -42,7 +42,7 @@ ...@@ -42,7 +42,7 @@
<% end %> <% end %>
<% end %> <% end %>
<% if vulnerability.remediations.present? %> <% if vulnerability.remediations.present? && vulnerability.remediations.any? %>
### <%= _("Remediations") %>: ### <%= _("Remediations") %>:
<% vulnerability.remediations.each do |remediation| %> <% vulnerability.remediations.each do |remediation| %>
......
...@@ -32,6 +32,21 @@ RSpec.describe Issues::CreateFromVulnerabilityService, '#execute' do ...@@ -32,6 +32,21 @@ RSpec.describe Issues::CreateFromVulnerabilityService, '#execute' do
context 'when a vulnerability exists' do context 'when a vulnerability exists' do
let(:result) { described_class.new(container: project, current_user: user, params: params).execute } let(:result) { described_class.new(container: project, current_user: user, params: params).execute }
context 'when raw_metadata has no remediations' do
before do
finding = vulnerability.finding
metadata = Gitlab::Json.parse(finding.raw_metadata)
metadata["remediations"] = [nil]
finding.raw_metadata = metadata.to_json
finding.save!
end
it 'does not display Remediations section' do
expect(vulnerability.remediations).to eq([nil])
expect(result[:issue].description).not_to match(/Remediations/)
end
end
context 'when user does not have permission to create issue' do context 'when user does not have permission to create issue' do
before do before do
allow_next_instance_of(described_class) do |instance| allow_next_instance_of(described_class) do |instance|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment