Commit cac10f1d authored by Subashis's avatar Subashis

Add specs for non happy paths

- Non happy path specs
- Address feedbacks
- Update docs
parent 0064b594
This diff is collapsed.
This diff is collapsed.
...@@ -5,7 +5,7 @@ module Types ...@@ -5,7 +5,7 @@ module Types
class PipelineSecurityReportFindingType < BaseObject class PipelineSecurityReportFindingType < BaseObject
graphql_name 'PipelineSecurityReportFinding' graphql_name 'PipelineSecurityReportFinding'
description 'Represents vulnerability finding of a security report on the pipeline' description 'Represents vulnerability finding of a security report on the pipeline.'
field :report_type, VulnerabilityReportTypeEnum, null: true, field :report_type, VulnerabilityReportTypeEnum, null: true,
description: 'Type of the security report that found the vulnerability finding.' description: 'Type of the security report that found the vulnerability finding.'
......
...@@ -49,20 +49,25 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do ...@@ -49,20 +49,25 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
) )
end end
subject { GitlabSchema.execute(query, context: { current_user: user }).as_json }
let(:security_report_findings) { subject.dig('data', 'project', 'pipeline', 'securityReportFindings', 'nodes') }
context 'when `sast` and `dast` features are enabled' do
before do before do
stub_licensed_features(sast: true, dast: true) stub_licensed_features(sast: true, dast: true)
project.add_developer(user)
end end
subject { GitlabSchema.execute(query, context: { current_user: user }).as_json } context 'when user is memeber of the project' do
before do
let(:security_report_findings) { subject.dig('data', 'project', 'pipeline', 'securityReportFindings', 'nodes') } project.add_developer(user)
end
it 'returns all the vulnerability findings' do it 'returns all the vulnerability findings' do
expect(security_report_findings.length).to eq(53) expect(security_report_findings.length).to eq(53)
end end
it 'returns all the queried fields' do it 'returns all the queried fields', :aggregate_failures do
security_report_finding = security_report_findings.first security_report_finding = security_report_findings.first
expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path) expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path)
...@@ -77,4 +82,22 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do ...@@ -77,4 +82,22 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
expect(security_report_finding['solution']).not_to be_nil expect(security_report_finding['solution']).not_to be_nil
expect(security_report_finding['description']).not_to be_nil expect(security_report_finding['description']).not_to be_nil
end end
end
context 'when user is not memeber of the project' do
it 'returns no vulnerability findings' do
expect(security_report_findings).to be_nil
end
end
end
context 'when `sast` and `dast` both features are disabled' do
before do
stub_licensed_features(sast: false, dast: false)
end
it 'returns no vulnerability findings' do
expect(security_report_findings).to be_nil
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment