Merge branch '294289-create-vulnerability-issue-link-for-finding' into 'master'

Create vulnerability issue link after merging the MR. See merge request gitlab-org/gitlab!56038

Merge branch '294289-create-vulnerability-issue-link-for-finding' into 'master'
Create vulnerability issue link after merging the MR. See merge request gitlab-org/gitlab!56038
0d347294 · Sean McGivern · 23ddfb5b · 13c5ed14 · 0d347294 · 0d347294
Commit 0d347294 authored Mar 09, 2021 by Sean McGivern
3 changed files
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -213,11 +213,21 @@ module Security
    end

    def create_vulnerability(vulnerability_finding, pipeline)
-      if vulnerability_finding.vulnerability_id
-        Vulnerabilities::UpdateService.new(vulnerability_finding.project, pipeline.user, finding: vulnerability_finding, resolved_on_default_branch: false).execute
-      else
-        Vulnerabilities::CreateService.new(vulnerability_finding.project, pipeline.user, finding_id: vulnerability_finding.id).execute
-      end
+      vulnerability = if vulnerability_finding.vulnerability_id
+                        Vulnerabilities::UpdateService.new(vulnerability_finding.project, pipeline.user, finding: vulnerability_finding, resolved_on_default_branch: false).execute
+                      else
+                        Vulnerabilities::CreateService.new(vulnerability_finding.project, pipeline.user, finding_id: vulnerability_finding.id).execute
+                      end
+
+      create_vulnerability_issue_link(vulnerability)
+      vulnerability
+    end
+
+    def create_vulnerability_issue_link(vulnerability)
+      vulnerability_issue_feedback = vulnerability.finding.feedback(feedback_type: 'issue')
+      return unless vulnerability_issue_feedback
+
+      vulnerability.issue_links.create!(issue_id: vulnerability_issue_feedback.issue_id)
    end

    def scanners_objects

--- a/ee/changelogs/unreleased/294289-create-vulnerability-issue-link-for-finding.yml
+++ b/ee/changelogs/unreleased/294289-create-vulnerability-issue-link-for-finding.yml
+---
+title: Create vulnerability issue link after merging the MR
+merge_request: 56038
+author:
+type: added
--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -277,6 +277,46 @@ RSpec.describe Security::StoreReportService, '#execute' do
        expect(Gitlab::AppLogger).to have_received(:warn).exactly(new_report.findings.length).times
      end
    end
+
+    context 'vulnerability issue link' do
+      context 'when there is no assoiciated issue feedback with finding' do
+        it 'does not insert issue links from the new pipeline' do
+          expect { subject }.to change { Vulnerabilities::IssueLink.count }.by(0)
+        end
+      end
+
+      context 'when there is an associated issue feedback with finding' do
+        let(:issue) { create(:issue, project: project) }
+        let!(:issue_feedback) do
+          create(
+            :vulnerability_feedback,
+            :sast,
+            :issue,
+            issue: issue,
+            project: project,
+            project_fingerprint: new_report.findings.first.project_fingerprint
+          )
+        end
+
+        it 'inserts issue links from the new pipeline' do
+          expect { subject }.to change { Vulnerabilities::IssueLink.count }.by(1)
+        end
+
+        it 'the issue link is valid' do
+          subject
+
+          finding = Vulnerabilities::Finding.find_by(uuid: new_report.findings.first.uuid)
+          vulnerability_id = finding.vulnerability_id
+          issue_id = issue.id
+          issue_link = Vulnerabilities::IssueLink.find_by(
+            vulnerability_id: vulnerability_id,
+            issue_id: issue_id
+          )
+
+          expect(issue_link).not_to be_nil
+        end
+      end
+    end
  end

  context 'with existing data from same pipeline' do