Commit acb38fa0 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Merge branch 'expose-more-vulnerability-data' into 'master'

Add #finding method to Vulnerability

See merge request gitlab-org/gitlab!22346
parents e3d13c2c bdd36bab
......@@ -45,4 +45,9 @@ class Vulnerability < ApplicationRecord
validates :description_html, length: { maximum: Issuable::DESCRIPTION_HTML_LENGTH_MAX }, allow_blank: true
scope :with_findings, -> { includes(:findings) }
# There will only be one finding associated with a vulnerability for the foreseeable future
def finding
findings.first
end
end
......@@ -953,6 +953,8 @@ module EE
expose :project, using: ::API::Entities::ProjectIdentity
expose :finding
expose :author_id
expose :updated_by_id
expose :last_edited_by_id
......
......@@ -79,4 +79,17 @@ describe Vulnerability do
end
end
end
describe '#finding' do
let_it_be(:project) { create(:project, :with_vulnerabilities) }
let_it_be(:vulnerability) { project.vulnerabilities.first }
let_it_be(:finding1) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
let_it_be(:finding2) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
subject { vulnerability.finding }
context 'with multiple findings' do
it { is_expected.to eq(finding1) }
end
end
end
......@@ -61,6 +61,7 @@ describe API::Vulnerabilities do
describe 'GET /vulnerabilities/:id' do
let_it_be(:project) { create(:project, :with_vulnerabilities) }
let_it_be(:vulnerability) { project.vulnerabilities.first }
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
let(:vulnerability_id) { vulnerability.id }
subject(:get_vulnerability) { get api("/vulnerabilities/#{vulnerability_id}", user) }
......@@ -78,6 +79,14 @@ describe API::Vulnerabilities do
expect(json_response['id']).to eq vulnerability_id
end
it 'returns the desired findings' do
get_vulnerability
expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/vulnerability', dir: 'ee')
expect(json_response['finding']['id']).to eq finding.id
end
it_behaves_like 'responds with "not found" for an unknown vulnerability ID'
it_behaves_like 'forbids actions on vulnerability in case of disabled features'
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment