Merge branch '209896-fix-blank-vulnerability' into 'master'

Add finding information to vulnerability component

See merge request gitlab-org/gitlab!27542

ee/app/assets/javascripts/vulnerabilities/components/app.vue

@@ -122,6 +122,7 @@ export default {
             project_fingerprint: this.projectFingerprint,
             vulnerability_data: {
               ...this.vulnerability,
+              ...this.finding,
               category: this.vulnerability.report_type,
               vulnerability_id: this.vulnerability.id,
             },

ee/app/models/vulnerabilities/occurrence.rb

@@ -239,7 +239,7 @@ module Vulnerabilities
     end
 
     def solution
-      metadata.dig('solution')
+      metadata.dig('solution') || remediations&.first&.dig('summary')
     end
 
     def location

ee/spec/factories/vulnerabilities/occurrences.rb

@@ -5,6 +5,25 @@ FactoryBot.define do
     SecureRandom.uuid
   end
 
+  factory :vulnerabilities_occurrence_with_remediation, parent: :vulnerabilities_occurrence do
+    transient do
+      summary { nil }
+    end
+
+    after(:build) do |finding, evaluator|
+      if evaluator.summary
+        raw_metadata = JSON.parse(finding.raw_metadata)
+        raw_metadata.delete("solution")
+        raw_metadata["remediations"] = [
+          {
+            summary: evaluator.summary
+          }
+        ]
+        finding.raw_metadata = raw_metadata.to_json
+      end
+    end
+  end
+
   factory :vulnerabilities_occurrence, class: 'Vulnerabilities::Occurrence', aliases: [:vulnerabilities_finding] do
     name { 'Cipher with no integrity' }
     project

ee/spec/frontend/vulnerabilities/app_spec.js

@@ -26,7 +26,7 @@ describe('Vulnerability management app', () => {
     state: 'detected',
   };
 
-  const defaultFinding = {
+  const findingWithIssue = {
     description: 'description',
     identifiers: 'identifiers',
     links: 'links',
@@ -37,6 +37,14 @@ describe('Vulnerability management app', () => {
     },
   };
 
+  const findingWithoutIssue = {
+    description: 'description',
+    identifiers: 'identifiers',
+    links: 'links',
+    location: 'location',
+    name: 'name',
+  };
+
   const dataset = {
     createIssueUrl: 'create_issue_url',
     projectFingerprint: 'abc123',
@@ -60,7 +68,7 @@ describe('Vulnerability management app', () => {
   const findResolutionAlert = () => wrapper.find(ResolutionAlert);
   const findStatusDescription = () => wrapper.find(StatusDescription);
 
-  const createWrapper = (vulnerability = {}, finding = {}) => {
+  const createWrapper = (vulnerability = {}, finding = findingWithoutIssue) => {
     wrapper = shallowMount(App, {
       propsData: {
         ...dataset,
@@ -115,7 +123,7 @@ describe('Vulnerability management app', () => {
     });
 
     it('does not display if there is an issue already created', () => {
-      createWrapper({}, defaultFinding);
+      createWrapper({}, findingWithIssue);
       expect(findCreateIssueButton().exists()).toBe(false);
     });
 
@@ -137,6 +145,7 @@ describe('Vulnerability management app', () => {
             project_fingerprint: dataset.projectFingerprint,
             vulnerability_data: {
               ...defaultVulnerability,
+              ...findingWithoutIssue,
               category: defaultVulnerability.report_type,
               vulnerability_id: defaultVulnerability.id,
             },

ee/spec/helpers/vulnerabilities_helper_spec.rb

@@ -91,34 +91,21 @@ describe VulnerabilitiesHelper do
   end
 
   describe '#vulnerability_finding_data' do
+    let(:finding) { build(:vulnerabilities_occurrence) }
+
     subject { helper.vulnerability_finding_data(finding) }
 
-    it "returns finding information" do
-      expect(subject).to include(
+    it 'returns finding information' do
+      expect(subject).to match(
         description: finding.description,
-        identifiers: finding.identifiers,
+        identifiers: kind_of(Array),
+        issue_feedback: anything,
         links: finding.links,
         location: finding.location,
         name: finding.name,
-        issue_feedback: anything,
-        project: anything
+        project: kind_of(Grape::Entity::Exposure::NestingExposure::OutputBuilder),
+        solution: kind_of(String)
       )
     end
-
-    context "when finding has a remediations key" do
-      let(:finding) { vulnerability.findings.select { |finding| finding.raw_metadata.include?("remediations") }.first }
-
-      it "uses the first remediation summary" do
-        expect(subject[:solution]).to start_with "Use GCM mode"
-      end
-    end
-
-    context "when finding has a solution key" do
-      let(:finding) { vulnerability.findings.select { |finding| finding.raw_metadata.include?("solution") }.first }
-
-      it "uses the solution key" do
-        expect(subject[:solution]).to start_with "GCM mode"
-      end
-    end
   end
 end

ee/spec/models/vulnerabilities/occurrence_spec.rb

@@ -550,4 +550,22 @@ describe Vulnerabilities::Occurrence do
 
     it { is_expected.to eq(vulnerabilities_occurrence.scanner.name) }
   end
+
+  describe '#solution' do
+    subject { vulnerabilities_occurrence.solution }
+
+    context 'when solution metadata key is present' do
+      let(:vulnerabilities_occurrence) { build(:vulnerabilities_occurrence) }
+
+      it { is_expected.to eq(vulnerabilities_occurrence.metadata['solution']) }
+    end
+
+    context 'when remediations key is present' do
+      let(:vulnerabilities_occurrence) do
+        build(:vulnerabilities_occurrence_with_remediation, summary: "Test remediation")
+      end
+
+      it { is_expected.to eq(vulnerabilities_occurrence.remediations.dig(0, 'summary')) }
+    end
+  end
 end