Commit 7f9984b8 authored by Stan Hu's avatar Stan Hu

Merge branch...

Merge branch '277133-insert-finding_uuid-values-into-the-vulnerability_feedback-while-creating-the-records' into 'master'

Insert `finding_uuid` value into `vulnerability_feedback` when creating records

See merge request gitlab-org/gitlab!49408
parents 85833e70 d8f3c344
...@@ -45,7 +45,7 @@ class Projects::VulnerabilityFeedbackController < Projects::ApplicationControlle ...@@ -45,7 +45,7 @@ class Projects::VulnerabilityFeedbackController < Projects::ApplicationControlle
end end
def update def update
service = VulnerabilityFeedbackModule::UpdateService.new(project, current_user, vulnerability_feedback_params ) service = VulnerabilityFeedbackModule::UpdateService.new(project, current_user, vulnerability_feedback_params)
result = service.execute(vulnerability_feedback) result = service.execute(vulnerability_feedback)
if result[:status] == :success if result[:status] == :success
...@@ -100,6 +100,7 @@ class Projects::VulnerabilityFeedbackController < Projects::ApplicationControlle ...@@ -100,6 +100,7 @@ class Projects::VulnerabilityFeedbackController < Projects::ApplicationControlle
pipeline_id pipeline_id
project_fingerprint project_fingerprint
comment comment
finding_uuid
] + [ ] + [
vulnerability_data: vulnerability_data_params_attributes vulnerability_data: vulnerability_data_params_attributes
] ]
......
---
title: Insert finding_uuid value into vulnerability_feedback when creating records
merge_request: 49408
author:
type: changed
...@@ -163,7 +163,7 @@ RSpec.describe Projects::VulnerabilityFeedbackController do ...@@ -163,7 +163,7 @@ RSpec.describe Projects::VulnerabilityFeedbackController do
expect(response).to match_response_schema('vulnerability_feedback', dir: 'ee') expect(response).to match_response_schema('vulnerability_feedback', dir: 'ee')
end end
context 'when id of finding is not provided' do context 'when id of a vulnerability is not provided' do
subject { create_feedback user: user, project: project, params: create_params.deep_merge(feedback_type: 'issue', vulnerability_data: { vulnerability_id: nil }) } subject { create_feedback user: user, project: project, params: create_params.deep_merge(feedback_type: 'issue', vulnerability_data: { vulnerability_id: nil }) }
it 'creates no vulnerability issue link for related vulnerability' do it 'creates no vulnerability issue link for related vulnerability' do
...@@ -176,7 +176,7 @@ RSpec.describe Projects::VulnerabilityFeedbackController do ...@@ -176,7 +176,7 @@ RSpec.describe Projects::VulnerabilityFeedbackController do
stub_licensed_features(security_dashboard: true) stub_licensed_features(security_dashboard: true)
end end
context 'when id of finding is provided' do context 'when id of a vulnerability is provided' do
let!(:vulnerability) { create(:vulnerability, :with_findings, project: project) } let!(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
subject { create_feedback user: user, project: project, params: create_params.deep_merge(feedback_type: 'issue', vulnerability_data: { vulnerability_id: vulnerability.id }) } subject { create_feedback user: user, project: project, params: create_params.deep_merge(feedback_type: 'issue', vulnerability_data: { vulnerability_id: vulnerability.id }) }
......
...@@ -277,6 +277,32 @@ RSpec.describe Vulnerabilities::Feedback do ...@@ -277,6 +277,32 @@ RSpec.describe Vulnerabilities::Feedback do
expect(existing_feedback).to eq(feedback) expect(existing_feedback).to eq(feedback)
end end
context 'when a finding_uuid is provided' do
let(:finding) { create(:vulnerabilities_finding) }
let(:feedback_params_with_finding) { feedback_params.merge(finding_uuid: finding.uuid) }
subject(:feedback) { described_class.find_or_init_for(feedback_params_with_finding) }
it 'sets finding_uuid' do
feedback.save!
expect(feedback.finding_uuid).to eq(finding.uuid)
end
end
context 'when the finding_uuid provided is nil' do
let(:finding) { create(:vulnerabilities_finding) }
let(:feedback_params_with_finding) { feedback_params.merge(finding_uuid: nil) }
subject(:feedback) { described_class.find_or_init_for(feedback_params_with_finding) }
it 'sets finding_uuid as nil' do
feedback.save!
expect(feedback.finding_uuid).to be_nil
end
end
context 'when attempting to save duplicate' do context 'when attempting to save duplicate' do
it 'raises ActiveRecord::RecordInvalid' do it 'raises ActiveRecord::RecordInvalid' do
duplicate = described_class.find_or_init_for(feedback_params) duplicate = described_class.find_or_init_for(feedback_params)
......
...@@ -172,6 +172,7 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do ...@@ -172,6 +172,7 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do
expect(feedback.issue).to be_an(Issue) expect(feedback.issue).to be_an(Issue)
expect(feedback.for_merge_request?).to eq(false) expect(feedback.for_merge_request?).to eq(false)
expect(feedback.merge_request).to be_nil expect(feedback.merge_request).to be_nil
expect(feedback.finding_uuid).to be_nil
end end
it 'updates the feedback when it already exists' do it 'updates the feedback when it already exists' do
...@@ -389,6 +390,21 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do ...@@ -389,6 +390,21 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do
expect(branches.length).to eq 1 expect(branches.length).to eq 1
end end
end end
context 'when finding_uuid is provided' do
let(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
let(:result) do
described_class.new(
project,
user,
feedback_params.merge(finding_uuid: vulnerability.finding.uuid)
).execute
end
it 'sets the finding_uuid' do
expect(result[:vulnerability_feedback].finding_uuid).to eq(vulnerability.finding.uuid)
end
end
end end
context 'when feedback exists' do context 'when feedback exists' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment