Commit a6373205 authored by Natalia Tepluhina's avatar Natalia Tepluhina

Merge branch '209896-fix-blank-vulnerability' into 'master'

Add finding information to vulnerability component

See merge request gitlab-org/gitlab!27542
parents 818364b7 7d8a62ab
......@@ -122,6 +122,7 @@ export default {
project_fingerprint: this.projectFingerprint,
vulnerability_data: {
...this.vulnerability,
...this.finding,
category: this.vulnerability.report_type,
vulnerability_id: this.vulnerability.id,
},
......
......@@ -239,7 +239,7 @@ module Vulnerabilities
end
def solution
metadata.dig('solution')
metadata.dig('solution') || remediations&.first&.dig('summary')
end
def location
......
......@@ -5,6 +5,25 @@ FactoryBot.define do
SecureRandom.uuid
end
factory :vulnerabilities_occurrence_with_remediation, parent: :vulnerabilities_occurrence do
transient do
summary { nil }
end
after(:build) do |finding, evaluator|
if evaluator.summary
raw_metadata = JSON.parse(finding.raw_metadata)
raw_metadata.delete("solution")
raw_metadata["remediations"] = [
{
summary: evaluator.summary
}
]
finding.raw_metadata = raw_metadata.to_json
end
end
end
factory :vulnerabilities_occurrence, class: 'Vulnerabilities::Occurrence', aliases: [:vulnerabilities_finding] do
name { 'Cipher with no integrity' }
project
......
......@@ -26,7 +26,7 @@ describe('Vulnerability management app', () => {
state: 'detected',
};
const defaultFinding = {
const findingWithIssue = {
description: 'description',
identifiers: 'identifiers',
links: 'links',
......@@ -37,6 +37,14 @@ describe('Vulnerability management app', () => {
},
};
const findingWithoutIssue = {
description: 'description',
identifiers: 'identifiers',
links: 'links',
location: 'location',
name: 'name',
};
const dataset = {
createIssueUrl: 'create_issue_url',
projectFingerprint: 'abc123',
......@@ -60,7 +68,7 @@ describe('Vulnerability management app', () => {
const findResolutionAlert = () => wrapper.find(ResolutionAlert);
const findStatusDescription = () => wrapper.find(StatusDescription);
const createWrapper = (vulnerability = {}, finding = {}) => {
const createWrapper = (vulnerability = {}, finding = findingWithoutIssue) => {
wrapper = shallowMount(App, {
propsData: {
...dataset,
......@@ -115,7 +123,7 @@ describe('Vulnerability management app', () => {
});
it('does not display if there is an issue already created', () => {
createWrapper({}, defaultFinding);
createWrapper({}, findingWithIssue);
expect(findCreateIssueButton().exists()).toBe(false);
});
......@@ -137,6 +145,7 @@ describe('Vulnerability management app', () => {
project_fingerprint: dataset.projectFingerprint,
vulnerability_data: {
...defaultVulnerability,
...findingWithoutIssue,
category: defaultVulnerability.report_type,
vulnerability_id: defaultVulnerability.id,
},
......
......@@ -91,34 +91,21 @@ describe VulnerabilitiesHelper do
end
describe '#vulnerability_finding_data' do
let(:finding) { build(:vulnerabilities_occurrence) }
subject { helper.vulnerability_finding_data(finding) }
it "returns finding information" do
expect(subject).to include(
it 'returns finding information' do
expect(subject).to match(
description: finding.description,
identifiers: finding.identifiers,
identifiers: kind_of(Array),
issue_feedback: anything,
links: finding.links,
location: finding.location,
name: finding.name,
issue_feedback: anything,
project: anything
project: kind_of(Grape::Entity::Exposure::NestingExposure::OutputBuilder),
solution: kind_of(String)
)
end
context "when finding has a remediations key" do
let(:finding) { vulnerability.findings.select { |finding| finding.raw_metadata.include?("remediations") }.first }
it "uses the first remediation summary" do
expect(subject[:solution]).to start_with "Use GCM mode"
end
end
context "when finding has a solution key" do
let(:finding) { vulnerability.findings.select { |finding| finding.raw_metadata.include?("solution") }.first }
it "uses the solution key" do
expect(subject[:solution]).to start_with "GCM mode"
end
end
end
end
......@@ -550,4 +550,22 @@ describe Vulnerabilities::Occurrence do
it { is_expected.to eq(vulnerabilities_occurrence.scanner.name) }
end
describe '#solution' do
subject { vulnerabilities_occurrence.solution }
context 'when solution metadata key is present' do
let(:vulnerabilities_occurrence) { build(:vulnerabilities_occurrence) }
it { is_expected.to eq(vulnerabilities_occurrence.metadata['solution']) }
end
context 'when remediations key is present' do
let(:vulnerabilities_occurrence) do
build(:vulnerabilities_occurrence_with_remediation, summary: "Test remediation")
end
it { is_expected.to eq(vulnerabilities_occurrence.remediations.dig(0, 'summary')) }
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment