Commit cac10f1d authored by Subashis's avatar Subashis

Add specs for non happy paths

- Non happy path specs
- Address feedbacks
- Update docs
parent 0064b594
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -5,7 +5,7 @@ module Types ...@@ -5,7 +5,7 @@ module Types
class PipelineSecurityReportFindingType < BaseObject class PipelineSecurityReportFindingType < BaseObject
graphql_name 'PipelineSecurityReportFinding' graphql_name 'PipelineSecurityReportFinding'
description 'Represents vulnerability finding of a security report on the pipeline' description 'Represents vulnerability finding of a security report on the pipeline.'
field :report_type, VulnerabilityReportTypeEnum, null: true, field :report_type, VulnerabilityReportTypeEnum, null: true,
description: 'Type of the security report that found the vulnerability finding.' description: 'Type of the security report that found the vulnerability finding.'
......
...@@ -49,20 +49,25 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do ...@@ -49,20 +49,25 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
) )
end end
subject { GitlabSchema.execute(query, context: { current_user: user }).as_json }
let(:security_report_findings) { subject.dig('data', 'project', 'pipeline', 'securityReportFindings', 'nodes') }
context 'when `sast` and `dast` features are enabled' do
before do before do
stub_licensed_features(sast: true, dast: true) stub_licensed_features(sast: true, dast: true)
project.add_developer(user)
end end
subject { GitlabSchema.execute(query, context: { current_user: user }).as_json } context 'when user is memeber of the project' do
before do
let(:security_report_findings) { subject.dig('data', 'project', 'pipeline', 'securityReportFindings', 'nodes') } project.add_developer(user)
end
it 'returns all the vulnerability findings' do it 'returns all the vulnerability findings' do
expect(security_report_findings.length).to eq(53) expect(security_report_findings.length).to eq(53)
end end
it 'returns all the queried fields' do it 'returns all the queried fields', :aggregate_failures do
security_report_finding = security_report_findings.first security_report_finding = security_report_findings.first
expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path) expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path)
...@@ -77,4 +82,22 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do ...@@ -77,4 +82,22 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
expect(security_report_finding['solution']).not_to be_nil expect(security_report_finding['solution']).not_to be_nil
expect(security_report_finding['description']).not_to be_nil expect(security_report_finding['description']).not_to be_nil
end end
end
context 'when user is not memeber of the project' do
it 'returns no vulnerability findings' do
expect(security_report_findings).to be_nil
end
end
end
context 'when `sast` and `dast` both features are disabled' do
before do
stub_licensed_features(sast: false, dast: false)
end
it 'returns no vulnerability findings' do
expect(security_report_findings).to be_nil
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment