Merge branch '294173-description-of-vulnerability-is-empty-in-graphql' into 'master'

Populate description of vulnerability from finding if needed See merge request gitlab-org/gitlab!52619

Merge branch '294173-description-of-vulnerability-is-empty-in-graphql' into 'master'
Populate description of vulnerability from finding if needed See merge request gitlab-org/gitlab!52619
173af671 · Michael Kozono · 6b1ce745 · 330a1180 · 173af671 · 173af671
Commit 173af671 authored Jan 29, 2021 by Michael Kozono
3 changed files
--- a/ee/app/graphql/types/vulnerability_type.rb
+++ b/ee/app/graphql/types/vulnerability_type.rb
@@ -130,6 +130,10 @@ module Types
      object.finding&.identifiers
    end

+    def description
+      object.description || object.finding_description
+    end
+
    def project
      Gitlab::Graphql::Loaders::BatchModelLoader.new(Project, object.project_id).find
    end

--- a/ee/changelogs/unreleased/294173-description-of-vulnerability-is-empty-in-graphql.yml
+++ b/ee/changelogs/unreleased/294173-description-of-vulnerability-is-empty-in-graphql.yml
+---
+title: Properly populate description in an issue created from a vulnerability
+merge_request: 52619
+author:
+type: fixed
--- a/ee/spec/graphql/types/vulnerability_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_type_spec.rb
@@ -106,4 +106,44 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
      end
    end
  end
+
+  describe '#description' do
+    let_it_be(:vulnerability_with_finding) { create(:vulnerability, :with_findings, project: project) }
+
+    let(:query) do
+      %(
+        query {
+          project(fullPath: "#{project.full_path}") {
+            name
+            vulnerabilities {
+              nodes {
+                description
+              }
+            }
+          }
+        }
+      )
+    end
+
+    context 'when the vulnerability description field is populated' do
+      it 'returns the description for the vulnerability' do
+        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
+
+        expect(vulnerabilities.first['description']).to eq(vulnerability_with_finding.description)
+      end
+    end
+
+    context 'when the vulnerability description field is empty' do
+      before do
+        vulnerability_with_finding.description = nil
+        vulnerability_with_finding.save!
+      end
+
+      it 'returns the description for the vulnerability finding' do
+        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
+
+        expect(vulnerabilities.first['description']).to eq(vulnerability_with_finding.finding.description)
+      end
+    end
+  end
 end