Remove attributes_for from UpdateCsVulnerabilityConfidenceColumn

With https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52182 we
banned `attributes_for` in migration specs. This refactors one of the
offending migrations.

ee/spec/migrations/update_cs_vulnerability_confidence_column_spec.rb

@@ -4,12 +4,14 @@ require 'spec_helper'
 require_migration!
 
 RSpec.describe UpdateCsVulnerabilityConfidenceColumn do
+  include MigrationHelpers::VulnerabilitiesFindingsHelper
+
   let(:vulnerabilities) { table(:vulnerability_occurrences) }
   let(:identifiers) { table(:vulnerability_identifiers) }
   let(:scanners) { table(:vulnerability_scanners) }
   let(:projects) { table(:projects) }
-  let(:vul1) { attributes_for(:vulnerabilities_finding, id: 1, report_type: 2, confidence: 5) } # rubocop: disable RSpec/FactoriesInMigrationSpecs
-  let(:vul2) { attributes_for(:vulnerabilities_finding, id: 2, report_type: 2, confidence: 5) } # rubocop: disable RSpec/FactoriesInMigrationSpecs
+  let(:finding1_attributes) { attributes_for_vulnerabilities_finding }
+  let(:finding2_attributes) { attributes_for_vulnerabilities_finding }
 
   before do
     stub_const("#{described_class}::BATCH_SIZE", 2)
@@ -34,33 +36,33 @@ RSpec.describe UpdateCsVulnerabilityConfidenceColumn do
 
     scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
 
-    vulnerabilities.create!(id: vul1[:id],
+    vulnerabilities.create!(id: 1,
                             severity: 2,
                             confidence: 5,
                             report_type: 2,
                             project_id: 123,
                             scanner_id: 6,
                             primary_identifier_id: 1,
-                            project_fingerprint: vul1[:project_fingerprint],
-                            location_fingerprint: vul1[:location_fingerprint],
-                            uuid: vul1[:uuid],
-                            name: vul1[:name],
-                            metadata_version: '1.3',
-                            raw_metadata: vul1[:raw_metadata])
+                            project_fingerprint: finding1_attributes[:project_fingerprint],
+                            location_fingerprint: finding1_attributes[:location_fingerprint],
+                            uuid: finding1_attributes[:uuid],
+                            name: finding1_attributes[:name],
+                            metadata_version: finding1_attributes[:metadata_version],
+                            raw_metadata: finding1_attributes[:raw_metadata])
 
-    vulnerabilities.create!(id: vul2[:id],
+    vulnerabilities.create!(id: 2,
                             severity: 2,
                             confidence: 5,
                             report_type: 2,
                             project_id: 123,
                             scanner_id: 6,
                             primary_identifier_id: 2,
-                            project_fingerprint: vul2[:project_fingerprint],
-                            location_fingerprint: vul2[:location_fingerprint],
-                            uuid: vul2[:uuid],
-                            name: vul2[:name],
-                            metadata_version: '1.3',
-                            raw_metadata: vul2[:raw_metadata])
+                            project_fingerprint: finding2_attributes[:project_fingerprint],
+                            location_fingerprint: finding2_attributes[:location_fingerprint],
+                            uuid: finding2_attributes[:uuid],
+                            name: finding2_attributes[:name],
+                            metadata_version: finding2_attributes[:metadata_version],
+                            raw_metadata: finding2_attributes[:raw_metadata])
 
     expect(vulnerabilities.where(report_type: 2, confidence: 2).count). to eq(0)
     expect(vulnerabilities.exists?(report_type: 2, confidence: 5)).to be_truthy

spec/support/migrations_helpers/vulnerabilities_findings_helper.rb

+# frozen_string_literal: true
+
+module MigrationHelpers
+  module VulnerabilitiesFindingsHelper
+    def attributes_for_vulnerabilities_finding
+      uuid = SecureRandom.uuid
+
+      {
+        project_fingerprint: SecureRandom.hex(20),
+        location_fingerprint: Digest::SHA1.hexdigest(SecureRandom.hex(10)),
+        uuid: uuid,
+        name: "Vulnerability Finding #{uuid}",
+        metadata_version: '1.3',
+        raw_metadata: raw_metadata
+      }
+    end
+
+    def raw_metadata
+      {
+        "description" => "The cipher does not provide data integrity update 1",
+        "message" => "The cipher does not provide data integrity",
+        "cve" => "818bf5dacb291e15d9e6dc3c5ac32178:CIPHER",
+        "solution" => "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
+        "location" => {
+          "file" => "maven/src/main/java/com/gitlab/security_products/tests/App.java",
+          "start_line" => 29,
+          "end_line" => 29,
+          "class" => "com.gitlab.security_products.tests.App",
+          "method" => "insecureCypher"
+        },
+        "links" => [
+          {
+            "name" => "Cipher does not check for integrity first?",
+             "url" => "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
+          }
+        ],
+        "assets" => [
+          {
+            "type" => "postman",
+            "name" => "Test Postman Collection",
+             "url" => "http://localhost/test.collection"
+          }
+        ],
+        "evidence" => {
+          "summary" => "Credit card detected",
+          "request" => {
+            "method" => "GET",
+            "url" => "http://goat:8080/WebGoat/logout",
+            "body" => nil,
+            "headers" => [
+              {
+                 "name" => "Accept",
+                "value" => "*/*"
+              }
+            ]
+          },
+          "response" => {
+            "reason_phrase" => "OK",
+            "status_code" => 200,
+            "body" => nil,
+            "headers" => [
+              {
+                 "name" => "Content-Length",
+                "value" => "0"
+              }
+            ]
+          },
+          "source" => {
+            "id" => "assert:Response Body Analysis",
+            "name" => "Response Body Analysis",
+            "url" => "htpp://hostname/documentation"
+          },
+          "supporting_messages" => [
+            {
+              "name" => "Origional",
+              "request" => {
+                "method" => "GET",
+                "url" => "http://goat:8080/WebGoat/logout",
+                "body" => "",
+                "headers" => [
+                  {
+                    "name" => "Accept",
+                    "value" => "*/*"
+                  }
+                ]
+              }
+            },
+            {
+              "name" => "Recorded",
+              "request" => {
+                "method" => "GET",
+                "url" => "http://goat:8080/WebGoat/logout",
+                "body" => "",
+                "headers" => [
+                    {
+                      "name" => "Accept",
+                      "value" => "*/*"
+                    }
+                ]
+              },
+              "response" => {
+                "reason_phrase" => "OK",
+                "status_code" => 200,
+                "body" => "",
+                "headers" => [
+                  {
+                    "name" => "Content-Length",
+                    "value" => "0"
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      }
+    end
+  end
+end