Add vulnerabilities to response

Private endpoint /dependencies now returns array of vulnerabilities for each dependency

Add vulnerabilities to response
Private endpoint /dependencies now returns array of vulnerabilities for each dependency
90b42fbc · Tetiana Chupryna · Thong Kuah · f8880b1f · 90b42fbc · 90b42fbc
Commit 90b42fbc authored Jul 24, 2019 by Tetiana Chupryna Committed by Thong Kuah Jul 24, 2019
5 changed files
--- a/ee/app/serializers/dependency_entity.rb
+++ b/ee/app/serializers/dependency_entity.rb
@@ -5,6 +5,11 @@ class DependencyEntity < Grape::Entity
    expose :blob_path, :path
  end

+  class VulnerabilityEntity < Grape::Entity
+    expose :name, :severity
+  end
+
  expose :name, :packager, :version
  expose :location, using: LocationEntity
+  expose :vulnerabilities, using: VulnerabilityEntity
 end
--- a/ee/changelogs/unreleased/12406-vulnerabilities-to-dl-response.yml
+++ b/ee/changelogs/unreleased/12406-vulnerabilities-to-dl-response.yml
+---
+title: Add vulnerabilities to dependency list
+merge_request: 14761
+author:
+type: added
--- a/ee/spec/fixtures/api/schemas/dependency.json
+++ b/ee/spec/fixtures/api/schemas/dependency.json
@@ -4,7 +4,8 @@
    "name",
    "packager",
    "version",
-    "location"
+    "location",
+    "vulnerabilities"
  ],
  "properties": {
    "name": {
@@ -23,6 +24,17 @@
      "path": {
        "type": "string"
      }
+    },
+    "vulnerabilities": {
+      "type": "array",
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "severity": {
+          "type": "string"
+        }
+      }
    }
  },
  "additionalProperties": false

--- a/ee/spec/serializers/dependency_entity_spec.rb
+++ b/ee/spec/serializers/dependency_entity_spec.rb
@@ -12,7 +12,16 @@ describe DependencyEntity do
        location: {
          blob_path: '/some_project/path/Gemfile.lock',
          path:      'Gemfile.lock'
-        }
+        },
+        vulnerabilities:
+          [{
+             name:     'DDoS',
+             severity: 'high'
+           },
+           {
+             name:     'XSS vulnerability',
+             severity: 'low'
+           }]
      }
    end


--- a/ee/spec/serializers/dependency_list_serializer_spec.rb
+++ b/ee/spec/serializers/dependency_list_serializer_spec.rb
@@ -15,7 +15,12 @@ describe DependencyListSerializer do
       location: {
         blob_path: '/some_project/path/Gemfile.lock',
         path:      'Gemfile.lock'
-       }
+       },
+       vulnerabilities:
+         [{
+            name:     'XSS',
+            severity: 'low'
+          }]
     }]
  end