Merge branch '320860_introduce_new_fields_for_vulnerability_type' into 'master'

Add `links` and `message` field to VulnerabilityType See merge request gitlab-org/gitlab!71207

Merge branch '320860_introduce_new_fields_for_vulnerability_type' into 'master'
Add `links` and `message` field to VulnerabilityType See merge request gitlab-org/gitlab!71207
75c06be4 · Vitali Tatarintev · 82664385 · 3360a18c · 75c06be4 · 75c06be4
Commit 75c06be4 authored Sep 28, 2021 by Vitali Tatarintev
5 changed files
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -14731,8 +14731,10 @@ Represents a vulnerability.
 | <a id="vulnerabilityhassolutions"></a>`hasSolutions` | [`Boolean`](#boolean) | Indicates whether there is a solution available for this vulnerability. |
 | <a id="vulnerabilityid"></a>`id` | [`ID!`](#id) | GraphQL ID of the vulnerability. |
 | <a id="vulnerabilityidentifiers"></a>`identifiers` | [`[VulnerabilityIdentifier!]!`](#vulnerabilityidentifier) | Identifiers of the vulnerability. |
+| <a id="vulnerabilitylinks"></a>`links` | [`[VulnerabilityLink!]!`](#vulnerabilitylink) | List of links associated with the vulnerability. |
 | <a id="vulnerabilitylocation"></a>`location` | [`VulnerabilityLocation`](#vulnerabilitylocation) | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability. |
 | <a id="vulnerabilitymergerequest"></a>`mergeRequest` | [`MergeRequest`](#mergerequest) | Merge request that fixes the vulnerability. |
+| <a id="vulnerabilitymessage"></a>`message` | [`String`](#string) | Short text description of the vulnerability. This may include the finding's specific information. |
 | <a id="vulnerabilitynotes"></a>`notes` | [`NoteConnection!`](#noteconnection) | All notes on this noteable. (see [Connections](#connections)) |
 | <a id="vulnerabilityprimaryidentifier"></a>`primaryIdentifier` | [`VulnerabilityIdentifier`](#vulnerabilityidentifier) | Primary identifier of the vulnerability. |
 | <a id="vulnerabilityproject"></a>`project` | [`Project`](#project) | Project on which the vulnerability was found. |
@@ -14978,6 +14980,17 @@ Represents an issue link of a vulnerability.
 | <a id="vulnerabilityissuelinkissue"></a>`issue` | [`Issue!`](#issue) | Issue attached to issue link. |
 | <a id="vulnerabilityissuelinklinktype"></a>`linkType` | [`VulnerabilityIssueLinkType!`](#vulnerabilityissuelinktype) | Type of the issue link. |

+### `VulnerabilityLink`
+
+Represents a link related to a vulnerability.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="vulnerabilitylinkname"></a>`name` | [`String`](#string) | Name of the link. |
+| <a id="vulnerabilitylinkurl"></a>`url` | [`String!`](#string) | URL of the link. |
+
 ### `VulnerabilityLocationContainerScanning`

 Represents the location of a vulnerability found by a container security scan.

--- a/ee/app/graphql/types/vulnerabilities/link_type.rb
+++ b/ee/app/graphql/types/vulnerabilities/link_type.rb
+# frozen_string_literal: true
+
+module Types
+  module Vulnerabilities
+    class LinkType < BaseObject # rubocop:disable Graphql/AuthorizeTypes(This can be only accessible through vulnerability type)
+      graphql_name 'VulnerabilityLink'
+      description 'Represents a link related to a vulnerability'
+
+      field :name, GraphQL::Types::String, null: true,
+            description: 'Name of the link.'
+
+      field :url, GraphQL::Types::String, null: false,
+            description: 'URL of the link.'
+    end
+  end
+end
--- a/ee/app/graphql/types/vulnerability_type.rb
+++ b/ee/app/graphql/types/vulnerability_type.rb
@@ -20,6 +20,10 @@ module Types
    field :description, GraphQL::Types::String, null: true,
          description: 'Description of the vulnerability.'

+    field :message, GraphQL::Types::String, null: true,
+          description: "Short text description of the vulnerability. This may include the finding's specific information.",
+          method: :finding_message
+
    field :state, VulnerabilityStateEnum, null: true,
          description: "State of the vulnerability (#{::Vulnerability.states.keys.join(', ').upcase})"

@@ -45,6 +49,9 @@ module Types
    field :external_issue_links, ::Types::Vulnerability::ExternalIssueLinkType.connection_type, null: false,
          description: 'List of external issue links related to the vulnerability.'

+    field :links, [::Types::Vulnerabilities::LinkType], null: false,
+          description: 'List of links associated with the vulnerability.'
+
    field :location, VulnerabilityLocationType, null: true,
          description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability.'


--- a/ee/spec/graphql/types/vulnerabilities/link_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerabilities/link_type_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GitlabSchema.types['VulnerabilityLink'] do
+  let(:expected_fields) { %i[name url] }
+
+  subject { described_class }
+
+  it { is_expected.to have_graphql_fields(expected_fields) }
+end
--- a/ee/spec/graphql/types/vulnerability_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_type_spec.rb
@@ -11,6 +11,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
       id
       title
       description
+       message
       user_notes_count
       state
       severity
@@ -29,6 +30,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
       dismissed_at
       notes
       external_issue_links
+       links
       has_solutions
       false_positive
       merge_request