Commit acb38fa0 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Merge branch 'expose-more-vulnerability-data' into 'master'

Add #finding method to Vulnerability

See merge request gitlab-org/gitlab!22346
parents e3d13c2c bdd36bab
...@@ -45,4 +45,9 @@ class Vulnerability < ApplicationRecord ...@@ -45,4 +45,9 @@ class Vulnerability < ApplicationRecord
validates :description_html, length: { maximum: Issuable::DESCRIPTION_HTML_LENGTH_MAX }, allow_blank: true validates :description_html, length: { maximum: Issuable::DESCRIPTION_HTML_LENGTH_MAX }, allow_blank: true
scope :with_findings, -> { includes(:findings) } scope :with_findings, -> { includes(:findings) }
# There will only be one finding associated with a vulnerability for the foreseeable future
def finding
findings.first
end
end end
...@@ -953,6 +953,8 @@ module EE ...@@ -953,6 +953,8 @@ module EE
expose :project, using: ::API::Entities::ProjectIdentity expose :project, using: ::API::Entities::ProjectIdentity
expose :finding
expose :author_id expose :author_id
expose :updated_by_id expose :updated_by_id
expose :last_edited_by_id expose :last_edited_by_id
......
...@@ -79,4 +79,17 @@ describe Vulnerability do ...@@ -79,4 +79,17 @@ describe Vulnerability do
end end
end end
end end
describe '#finding' do
let_it_be(:project) { create(:project, :with_vulnerabilities) }
let_it_be(:vulnerability) { project.vulnerabilities.first }
let_it_be(:finding1) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
let_it_be(:finding2) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
subject { vulnerability.finding }
context 'with multiple findings' do
it { is_expected.to eq(finding1) }
end
end
end end
...@@ -61,6 +61,7 @@ describe API::Vulnerabilities do ...@@ -61,6 +61,7 @@ describe API::Vulnerabilities do
describe 'GET /vulnerabilities/:id' do describe 'GET /vulnerabilities/:id' do
let_it_be(:project) { create(:project, :with_vulnerabilities) } let_it_be(:project) { create(:project, :with_vulnerabilities) }
let_it_be(:vulnerability) { project.vulnerabilities.first } let_it_be(:vulnerability) { project.vulnerabilities.first }
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
let(:vulnerability_id) { vulnerability.id } let(:vulnerability_id) { vulnerability.id }
subject(:get_vulnerability) { get api("/vulnerabilities/#{vulnerability_id}", user) } subject(:get_vulnerability) { get api("/vulnerabilities/#{vulnerability_id}", user) }
...@@ -78,6 +79,14 @@ describe API::Vulnerabilities do ...@@ -78,6 +79,14 @@ describe API::Vulnerabilities do
expect(json_response['id']).to eq vulnerability_id expect(json_response['id']).to eq vulnerability_id
end end
it 'returns the desired findings' do
get_vulnerability
expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/vulnerability', dir: 'ee')
expect(json_response['finding']['id']).to eq finding.id
end
it_behaves_like 'responds with "not found" for an unknown vulnerability ID' it_behaves_like 'responds with "not found" for an unknown vulnerability ID'
it_behaves_like 'forbids actions on vulnerability in case of disabled features' it_behaves_like 'forbids actions on vulnerability in case of disabled features'
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment