Merge branch...

Merge branch '277133-insert-finding_uuid-values-into-the-vulnerability_feedback-while-creating-the-records' into 'master' Insert `finding_uuid` value into `vulnerability_feedback` when creating records See merge request gitlab-org/gitlab!49408

Merge branch...
Merge branch '277133-insert-finding_uuid-values-into-the-vulnerability_feedback-while-creating-the-records' into 'master' Insert `finding_uuid` value into `vulnerability_feedback` when creating records See merge request gitlab-org/gitlab!49408
7f9984b8 · Stan Hu · 85833e70 · d8f3c344 · 7f9984b8 · 7f9984b8
Commit 7f9984b8 authored Dec 11, 2020 by Stan Hu
5 changed files
--- a/ee/app/controllers/projects/vulnerability_feedback_controller.rb
+++ b/ee/app/controllers/projects/vulnerability_feedback_controller.rb
@@ -45,7 +45,7 @@ class Projects::VulnerabilityFeedbackController < Projects::ApplicationControlle
  end

  def update
-    service = VulnerabilityFeedbackModule::UpdateService.new(project, current_user, vulnerability_feedback_params )
+    service = VulnerabilityFeedbackModule::UpdateService.new(project, current_user, vulnerability_feedback_params)
    result = service.execute(vulnerability_feedback)

    if result[:status] == :success
@@ -100,6 +100,7 @@ class Projects::VulnerabilityFeedbackController < Projects::ApplicationControlle
      pipeline_id
      project_fingerprint
      comment
+      finding_uuid
      ] + [
        vulnerability_data: vulnerability_data_params_attributes
      ]

--- a/ee/changelogs/unreleased/277133-insert-finding_uuid-values-into-the-vulnerability_feedback-whil.yml
+++ b/ee/changelogs/unreleased/277133-insert-finding_uuid-values-into-the-vulnerability_feedback-whil.yml
+---
+title: Insert finding_uuid value into vulnerability_feedback when creating records
+merge_request: 49408
+author:
+type: changed
--- a/ee/spec/controllers/projects/vulnerability_feedback_controller_spec.rb
+++ b/ee/spec/controllers/projects/vulnerability_feedback_controller_spec.rb
@@ -163,7 +163,7 @@ RSpec.describe Projects::VulnerabilityFeedbackController do
        expect(response).to match_response_schema('vulnerability_feedback', dir: 'ee')
      end

-      context 'when id of finding is not provided' do
+      context 'when id of a vulnerability is not provided' do
        subject { create_feedback user: user, project: project, params: create_params.deep_merge(feedback_type: 'issue', vulnerability_data: { vulnerability_id: nil }) }

        it 'creates no vulnerability issue link for related vulnerability' do
@@ -176,7 +176,7 @@ RSpec.describe Projects::VulnerabilityFeedbackController do
          stub_licensed_features(security_dashboard: true)
        end

-        context 'when id of finding is provided' do
+        context 'when id of a vulnerability is provided' do
          let!(:vulnerability) { create(:vulnerability, :with_findings, project: project) }

          subject { create_feedback user: user, project: project, params: create_params.deep_merge(feedback_type: 'issue', vulnerability_data: { vulnerability_id: vulnerability.id }) }

--- a/ee/spec/models/vulnerabilities/feedback_spec.rb
+++ b/ee/spec/models/vulnerabilities/feedback_spec.rb
@@ -277,6 +277,32 @@ RSpec.describe Vulnerabilities::Feedback do
        expect(existing_feedback).to eq(feedback)
      end

+      context 'when a finding_uuid is provided' do
+        let(:finding) { create(:vulnerabilities_finding) }
+        let(:feedback_params_with_finding) { feedback_params.merge(finding_uuid: finding.uuid) }
+
+        subject(:feedback) { described_class.find_or_init_for(feedback_params_with_finding) }
+
+        it 'sets finding_uuid' do
+          feedback.save!
+
+          expect(feedback.finding_uuid).to eq(finding.uuid)
+        end
+      end
+
+      context 'when the finding_uuid provided is nil' do
+        let(:finding) { create(:vulnerabilities_finding) }
+        let(:feedback_params_with_finding) { feedback_params.merge(finding_uuid: nil) }
+
+        subject(:feedback) { described_class.find_or_init_for(feedback_params_with_finding) }
+
+        it 'sets finding_uuid as nil' do
+          feedback.save!
+
+          expect(feedback.finding_uuid).to be_nil
+        end
+      end
+
      context 'when attempting to save duplicate' do
        it 'raises ActiveRecord::RecordInvalid' do
          duplicate = described_class.find_or_init_for(feedback_params)

--- a/ee/spec/services/vulnerability_feedback/create_service_spec.rb
+++ b/ee/spec/services/vulnerability_feedback/create_service_spec.rb
@@ -172,6 +172,7 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do
        expect(feedback.issue).to be_an(Issue)
        expect(feedback.for_merge_request?).to eq(false)
        expect(feedback.merge_request).to be_nil
+        expect(feedback.finding_uuid).to be_nil
      end

      it 'updates the feedback when it already exists' do
@@ -389,6 +390,21 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do
        expect(branches.length).to eq 1
      end
    end
+
+    context 'when finding_uuid is provided' do
+      let(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+      let(:result) do
+        described_class.new(
+          project,
+          user,
+          feedback_params.merge(finding_uuid: vulnerability.finding.uuid)
+        ).execute
+      end
+
+      it 'sets the finding_uuid' do
+        expect(result[:vulnerability_feedback].finding_uuid).to eq(vulnerability.finding.uuid)
+      end
+    end
  end

  context 'when feedback exists' do