Format feedback issue content for CS vulns

Align with the content displayed in the UI Support upcoming CS vulnerability objects coming from the group dashboard.

Format feedback issue content for CS vulns
Align with the content displayed in the UI Support upcoming CS vulnerability objects coming from the group dashboard.
909fc0e4 · Olivier Gonzalez · Lin Jen-Shin · 7261c0f8 · 909fc0e4 · 909fc0e4
Commit 909fc0e4 authored Feb 26, 2019 by Olivier Gonzalez Committed by Lin Jen-Shin Feb 26, 2019
4 changed files
--- a/ee/changelogs/unreleased/9897-adapt_feedback_for_container_scanning.yml
+++ b/ee/changelogs/unreleased/9897-adapt_feedback_for_container_scanning.yml
+---
+title: Adapt feedback for Container Scanning vulnerabilities
+merge_request: 9655
+author:
+type: added
--- a/ee/lib/gitlab/vulnerabilities/container_scanning_vulnerability.rb
+++ b/ee/lib/gitlab/vulnerabilities/container_scanning_vulnerability.rb
@@ -3,10 +3,6 @@
 module Gitlab
  module Vulnerabilities
    class ContainerScanningVulnerability < BaseVulnerability
-      def title
-        "#{@data[:vulnerability]} in #{@data[:namespace]}"
-      end
-
      # Passthrough properties
      %i[
        confidence
@@ -19,18 +15,50 @@ module Gitlab
        end
      end

+      def title
+        format_data(
+          :name =>
+            '%{name}',
+          %i[vulnerability featurename] =>
+            '%{vulnerability} in %{featurename}',
+          :vulnerability =>
+            '%{vulnerability}'
+        )
+      end
+
      def description
-        @data[:description].presence ||
-          "**#{@data[:namespace]}** is affected by #{@data[:vulnerability]}"
+        format_data(
+          :description =>
+            '%{description}',
+          %i[featurename featureversion] =>
+            '**%{featurename}** `%{featureversion}` is affected by %{vulnerability}',
+          :featurename =>
+            '**%{featurename}** is affected by %{vulnerability}',
+          :namespace =>
+            '**%{namespace}** is affected by %{vulnerability}'
+        )
      end

      def solution
-        if @data[:fixedby].present? &&
-            @data[:featurename].present? &&
-            @data[:featureversion].present?
+        format_data(
+          :solution =>
+            '%{solution}',
+          %i[fixedby featurename featureversion] =>
+            'Upgrade **%{featurename}** from `%{featureversion}` to `%{fixedby}`',
+          %i[fixedby featurename] =>
+            'Upgrade **%{featurename}** to `%{fixedby}`',
+          :fixedby => 'Upgrade to `%{fixedby}`'
+        )
+      end

-          "Upgrade **#{@data[:featurename]}** from `#{@data[:featureversion]}` to `#{@data[:fixedby]}`"
+      private
+
+      def format_data(definitions)
+        format = definitions.find do |keys, _|
+          data.values_at(*Array.wrap(keys)).all?(&:present?)
        end
+
+        sprintf(format.last, data) if format
      end
    end
  end

--- a/ee/spec/lib/gitlab/vulnerabilities/container_scanning_vulnerability_spec.rb
+++ b/ee/spec/lib/gitlab/vulnerabilities/container_scanning_vulnerability_spec.rb
@@ -3,22 +3,26 @@
 require 'spec_helper'

 describe Gitlab::Vulnerabilities::ContainerScanningVulnerability do
-  let(:vulnerability) { described_class.new(data) }
-
  let(:data) do
    {
-      vulnerability: 'vulnerability',
-      namespace: 'namespace',
-      description: 'desc',
+      featurename: 'foo',
+      featureversion: '1.2.3',
+      vulnerability: 'CVE-2018-777',
+      namespace: 'debian:9',
+      link: 'https://security-tracker.debian.org/tracker/CVE-2018-777',
      severity: 'high',
+      fixedby: '1.4',
      confidence: 'low',
      identifiers: '42',
      links: 'link'
    }
  end

+  describe 'getters' do
+    let(:vulnerability) { described_class.new(data) }
+
    where(:getter) do
-    %i(description severity confidence solution identifiers links)
+      %i[severity confidence identifiers links]
    end

    with_them do
@@ -26,39 +30,122 @@ describe Gitlab::Vulnerabilities::ContainerScanningVulnerability do
        expect(vulnerability.public_send(getter)).to eq(data[getter])
      end
    end
+  end

  describe '#title' do
-    it 'composes properly' do
-      expect(vulnerability.title).to eq('vulnerability in namespace')
+    subject { described_class.new(data).title }
+
+    context 'when there is a name' do
+      before do
+        data[:name] = 'Foo is affected by CVE-2018-777'
+      end
+      it 'returns the provided name' do
+        is_expected.to eq('Foo is affected by CVE-2018-777')
+      end
+    end
+
+    context 'when there is no featurename' do
+      before do
+        data[:featurename] = ''
+      end
+
+      it 'formats title using the vulnerability only' do
+        is_expected.to eq('CVE-2018-777')
+      end
+    end
+
+    context 'when there is a featurename' do
+      it 'formats title using the featurename' do
+        is_expected.to eq('CVE-2018-777 in foo')
+      end
    end
  end

  describe '#description' do
-    context 'without description param' do
-      let(:vulnerability) { described_class.new(data.without(:description)) }
+    subject { described_class.new(data).description }

-      subject { vulnerability.description }
+    context 'when there is a description' do
+      before do
+        data[:description] = 'SSE2-optimized memmove implementation problem.'
+      end

-      it 'returns composed description' do
-        is_expected.to eq('**namespace** is affected by vulnerability')
+      it 'returns the provided description' do
+        is_expected.to eq('SSE2-optimized memmove implementation problem.')
+      end
+    end
+    context 'when there is no featurename' do
+      before do
+        data[:featurename] = ''
+      end
+
+      it 'formats description using the namespace' do
+        is_expected.to eq('**debian:9** is affected by CVE-2018-777')
+      end
+    end
+
+    context 'when there is no featureversion' do
+      before do
+        data[:featureversion] = ''
+      end
+
+      it 'formats description using the featurename only' do
+        is_expected.to eq('**foo** is affected by CVE-2018-777')
+      end
+    end
+
+    context 'when featurename and featureversion are present' do
+      it 'formats description using the featurename and featureversion' do
+        is_expected.to eq('**foo** `1.2.3` is affected by CVE-2018-777')
+      end
    end
  end

  describe '#solution' do
-      context 'without needed params' do
-        it 'returns empty solution' do
-          expect(vulnerability.solution).to be_nil
+    subject { described_class.new(data).solution }
+
+    context 'when there is a solution' do
+      before do
+        data[:solution] = 'Do something about it!'
+      end
+
+      it 'returns the provided solution' do
+        is_expected.to eq('Do something about it!')
+      end
    end
+
+    context 'when there is no fixedby' do
+      before do
+        data[:fixedby] = ''
      end

-      context 'with all params' do
-        let(:vulnerability) { described_class.new(fixedby: 'eleven', featurename: 'tardis', featureversion: 'ten') }
+      it 'returns nil' do
+        is_expected.to be_nil
+      end
+    end

-        subject { vulnerability.solution }
+    context 'when there is no featurename' do
+      before do
+        data[:featurename] = ''
+      end

-        it 'composes properly' do
-          is_expected.to eq('Upgrade **tardis** from `ten` to `eleven`')
+      it 'formats solution using the fixedby only' do
+        is_expected.to eq('Upgrade to `1.4`')
+      end
    end
+
+    context 'when there is no featureversion' do
+      before do
+        data[:featureversion] = ''
+      end
+
+      it 'formats solution using the featurename only' do
+        is_expected.to eq('Upgrade **foo** to `1.4`')
+      end
+    end
+
+    context 'when featurename and featureversion are present' do
+      it 'formats solution using the featurename and featureversion' do
+        is_expected.to eq('Upgrade **foo** from `1.2.3` to `1.4`')
      end
    end
  end

--- a/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
+++ b/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
@@ -274,7 +274,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            }]
          }
        end
-        let(:expected_title) { 'Investigate vulnerability: CVE-2017-15650 in alpine:v3.4' }
+        let(:expected_title) { 'Investigate vulnerability: CVE-2017-15650 in musl' }
        let(:expected_description) do
          <<~DESC.chomp
            ### Description:
@@ -317,12 +317,12 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            }]
          }
        end
-        let(:expected_title) { 'Investigate vulnerability: CVE-2017-15650 in alpine:v3.4' }
+        let(:expected_title) { 'Investigate vulnerability: CVE-2017-15650 in musl' }
        let(:expected_description) do
          <<~DESC.chomp
            ### Description:

-            **alpine:v3.4** is affected by CVE-2017-15650
+            **musl** `1.1.14-r15` is affected by CVE-2017-15650

            * Severity: Low