DRY up code

- Move the project blob path for vulnerabiltity to model - Removed the duplicated specs

DRY up code
- Move the project blob path for vulnerabiltity to model - Removed the duplicated specs
b435b65e · Subashis · a380cabb · b435b65e · b435b65e · b435b65e
Commit b435b65e authored Jan 29, 2021 by Subashis
8 changed files
--- a/ee/app/graphql/types/vulnerability_type.rb
+++ b/ee/app/graphql/types/vulnerability_type.rb
@@ -116,12 +116,8 @@ module Types

    def location
      object_location = object.finding&.location
-      if object_location['file']
-        branch = object.finding.pipelines&.last&.sha || project.default_branch
-        blob_path = ::Gitlab::Routing.url_helpers.project_blob_path(object.project, File.join(branch, object_location['file']))
-        object_location&.merge!(blob_path: blob_path) 
-      end
-      object_location&.merge(report_type: object.report_type) 
+      object_location&.merge!(blob_path: object.blob_path) if object_location['file']
+      object_location&.merge(report_type: object.report_type)
    end

    def scanner

--- a/ee/app/helpers/vulnerabilities_helper.rb
+++ b/ee/app/helpers/vulnerabilities_helper.rb
@@ -63,14 +63,7 @@ module VulnerabilitiesHelper

  def vulnerability_finding_data(vulnerability)
    data = Vulnerabilities::FindingSerializer.new(current_user: current_user).represent(vulnerability.finding, only: FINDING_FIELDS)
-
-    if data[:location]['file']
-      branch = vulnerability.finding.pipelines&.last&.sha || vulnerability.project.default_branch
-      path = project_blob_path(vulnerability.project, tree_join(branch, data[:location]['file']))
-
-      data[:location]['blob_path'] = path
-    end
-
+    data[:location]['blob_path'] = vulnerability.blob_path if data[:location]['file']
    data
  end
 end
--- a/ee/app/models/ee/vulnerability.rb
+++ b/ee/app/models/ee/vulnerability.rb
@@ -161,11 +161,25 @@ module EE
        ::Vulnerabilities::StatDiff.new(self)
      end

+      def blob_path
+        return unless finding_file
+
+        ::Gitlab::Routing.url_helpers.project_blob_path(project, File.join(pipeline_branch, finding_file))
+      end
+
      private

      def user_notes_count_service
        @user_notes_count_service ||= ::Vulnerabilities::UserNotesCountService.new(self) # rubocop: disable CodeReuse/ServiceClass
      end
+
+      def pipeline_branch
+        finding.pipelines&.last&.sha || project.default_branch
+      end
+
+      def finding_file
+        finding.file
+      end
    end

    class_methods do

--- a/ee/spec/graphql/types/vulnerability_location/coverage_fuzzing_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_location/coverage_fuzzing_type_spec.rb
@@ -13,4 +13,4 @@ RSpec.describe GitlabSchema.types['VulnerabilityLocationCoverageFuzzing'] do
      :blob_path
    )
  end
-end
\ No newline at end of file
+end
--- a/ee/spec/graphql/types/vulnerability_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_type_spec.rb
@@ -74,70 +74,6 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
    end
  end

-  describe 'location' do
-    let_it_be(:pipeline) { create(:ci_pipeline, :success, project: project) }
-
-    context 'when there is file' do 
-      let(:query) do
-        %(
-          query {
-            project(fullPath: "#{project.full_path}") {
-              name
-              vulnerabilities {
-                nodes {
-                  location {
-                    ... on VulnerabilityLocationSast {
-                      file
-                      blobPath
-                    }
-                  }
-                }
-              }
-            }
-          }
-        )
-      end
-
-      let_it_be(:finding) { create(:vulnerabilities_finding, report_type: "sast", pipelines: [pipeline], project: project, vulnerability: vulnerability) }
-
-      it 'includes blobPath' do
-        location = subject.dig('data', 'project', 'vulnerabilities', 'nodes').first['location'] 
-        expect(location).to have_key('blobPath')
-        expect(location['blobPath']).to eq(
-          ::Gitlab::Routing.url_helpers.project_blob_path(project, File.join(finding.pipelines.last.sha, location['file']))
-        )
-      end
-    end  
-
-    context 'when there is no file' do
-      let(:query) do
-        %(
-          query {
-            project(fullPath: "#{project.full_path}") {
-              name
-              vulnerabilities {
-                nodes {
-                  location {
-                    ... on VulnerabilityLocationDast {
-                      path
-                    }
-                  }
-                }
-              }
-            }
-          }
-        )
-      end
-
-      let_it_be(:finding) { create(:vulnerabilities_finding, report_type: "dast", pipelines: [pipeline], project: project, vulnerability: vulnerability) }
-
-      it 'does not include blob_path' do
-        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')      
-        expect(vulnerabilities.first['location']).not_to have_key('blobPath')
-      end
-    end
-  end
-
  describe 'has_solutions' do
    let(:query) do
      %(

--- a/ee/spec/models/ee/vulnerability_spec.rb
+++ b/ee/spec/models/ee/vulnerability_spec.rb
@@ -763,4 +763,18 @@ RSpec.describe Vulnerability do

    it { is_expected.to be_an_instance_of(Vulnerabilities::StatDiff) }
  end
+
+  describe '#blob_path' do
+    let_it_be(:vulnerability) { create(:vulnerability) }
+    let_it_be(:pipeline) { create(:ci_pipeline) }
+    let_it_be(:finding) { create(:vulnerabilities_finding, pipelines: [pipeline], vulnerability: vulnerability) }
+
+    subject { vulnerability.blob_path }
+
+    it 'returns project blob path' do
+      expect(subject).to eq(
+        ::Gitlab::Routing.url_helpers.project_blob_path(vulnerability.project, File.join(pipeline.sha, vulnerability.finding.file))
+      )
+    end
+  end
 end
--- a/ee/spec/presenters/vulnerabilities/finding_presenter_spec.rb
+++ b/ee/spec/presenters/vulnerabilities/finding_presenter_spec.rb
@@ -4,7 +4,8 @@ require 'spec_helper'

 RSpec.describe Vulnerabilities::FindingPresenter do
  let(:presenter) { described_class.new(occurrence) }
-  let(:occurrence) { build_stubbed(:vulnerabilities_finding) }
+  let(:vulnerability) { create(:vulnerability) }
+  let(:occurrence) { create(:vulnerabilities_finding, vulnerability: vulnerability) }

  describe '#title' do
    subject { presenter.title }

--- a/ee/spec/requests/api/graphql/vulnerabilities/location_spec.rb
+++ b/ee/spec/requests/api/graphql/vulnerabilities/location_spec.rb
@@ -32,6 +32,7 @@ RSpec.describe 'Query.vulnerabilities.location' do
              name
            }
          }
+          blobPath
        }
        ... on VulnerabilityLocationDast {
          hostname
@@ -45,6 +46,7 @@ RSpec.describe 'Query.vulnerabilities.location' do
          startLine
          vulnerableClass
          vulnerableMethod
+          blobPath
        }
        ... on VulnerabilityLocationSecretDetection {
          endLine
@@ -52,6 +54,7 @@ RSpec.describe 'Query.vulnerabilities.location' do
          startLine
          vulnerableClass
          vulnerableMethod
+          blobPath
        }
      }
    QUERY
@@ -112,6 +115,8 @@ RSpec.describe 'Query.vulnerabilities.location' do
      create(:vulnerability, project: project, report_type: :dependency_scanning)
    end

+    let_it_be(:pipeline) { create(:ci_pipeline, :success, project: project) }
+
    let_it_be(:metadata) do
      {
        location: {
@@ -130,7 +135,8 @@ RSpec.describe 'Query.vulnerabilities.location' do
      create(
        :vulnerabilities_finding,
        vulnerability: vulnerability,
-        raw_metadata: metadata.to_json
+        raw_metadata: metadata.to_json,
+        pipelines: [pipeline]
      )
    end

@@ -149,6 +155,8 @@ RSpec.describe 'Query.vulnerabilities.location' do
      create(:vulnerability, project: project, report_type: :sast)
    end

+    let_it_be(:pipeline) { create(:ci_pipeline, :success, project: project) }
+
    let_it_be(:metadata) do
      {
        location: {
@@ -156,7 +164,8 @@ RSpec.describe 'Query.vulnerabilities.location' do
          method: 'vulnerable_method',
          file: 'vulnerable_file',
          start_line: '420',
-          end_line: '666'
+          end_line: '666',
+          blob_path: 'blob/vulnerable_file'
        }
      }
    end
@@ -165,7 +174,8 @@ RSpec.describe 'Query.vulnerabilities.location' do
      create(
        :vulnerabilities_finding,
        vulnerability: vulnerability,
-        raw_metadata: metadata.to_json
+        raw_metadata: metadata.to_json,
+        pipelines: [pipeline]
      )
    end

@@ -186,6 +196,8 @@ RSpec.describe 'Query.vulnerabilities.location' do
      create(:vulnerability, project: project, report_type: :secret_detection)
    end

+    let_it_be(:pipeline) { create(:ci_pipeline, :success, project: project) }
+
    let_it_be(:metadata) do
      {
        location: {
@@ -202,7 +214,8 @@ RSpec.describe 'Query.vulnerabilities.location' do
      create(
        :vulnerabilities_finding,
        vulnerability: vulnerability,
-        raw_metadata: metadata.to_json
+        raw_metadata: metadata.to_json,
+        pipelines: [pipeline]
      )
    end