Commit 1a0d1ad0 authored by Michał Zając's avatar Michał Zając

Handle different remediations values

The `remediations` key in metadata can be:

1. not present
2. be null
3. be [null]
4. array of Hashes with "summary" and "diff" keys
parent ca421dc9
......@@ -7,6 +7,10 @@ class VulnerabilityPresenter < Gitlab::View::Presenter::Delegated
vulnerability.links.map(&:with_indifferent_access)
end
def remediations
vulnerability.remediations.to_a.compact.map(&:with_indifferent_access)
end
def location_text
return file unless line
......
......@@ -86,6 +86,21 @@ FactoryBot.define do
end
end
trait :with_remediation do
after(:build) do |vulnerability|
finding = build(
:vulnerabilities_finding,
:identifier,
:with_remediation,
vulnerability: vulnerability,
report_type: vulnerability.report_type,
project: vulnerability.project
)
vulnerability.findings = [finding]
end
end
trait :with_findings do
after(:build) do |vulnerability|
findings_with_solution = build_list(
......
......@@ -16,7 +16,8 @@ FactoryBot.define do
raw_metadata.delete('solution')
raw_metadata['remediations'] = [
{
summary: evaluator.summary
summary: evaluator.summary,
diff: Base64.encode64("This ain't a diff")
}
]
finding.raw_metadata = raw_metadata.to_json
......@@ -114,7 +115,8 @@ FactoryBot.define do
raw_metadata.delete(:solution)
raw_metadata[:remediations] = [
{
summary: 'Use GCM mode which includes HMAC in the resulting encrypted data, providing integrity of the result.'
summary: 'Use GCM mode which includes HMAC in the resulting encrypted data, providing integrity of the result.',
diff: Base64.encode64("This is a diff")
}
]
finding.raw_metadata = raw_metadata.to_json
......
......@@ -6,7 +6,7 @@ RSpec.describe Issues::CreateFromVulnerabilityService, '#execute' do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, :public, :repository, namespace: group) }
let_it_be(:user) { create(:user) }
let_it_be(:vulnerability) { create(:vulnerability, :with_finding, project: project) }
let(:vulnerability) { create(:vulnerability, :with_finding, project: project) }
let(:params) { { vulnerability: vulnerability, link_type: Vulnerabilities::IssueLink.link_types[:created] } }
before do
......@@ -32,18 +32,48 @@ RSpec.describe Issues::CreateFromVulnerabilityService, '#execute' do
context 'when a vulnerability exists' do
let(:result) { described_class.new(container: project, current_user: user, params: params).execute }
context 'when raw_metadata has no remediations' do
before do
finding = vulnerability.finding
metadata = Gitlab::Json.parse(finding.raw_metadata)
metadata["remediations"] = [nil]
finding.raw_metadata = metadata.to_json
finding.save!
context 'is a vulnerability with remediations' do
let(:vulnerability) { create(:vulnerability, :with_remediation, project: project) }
context 'when raw_metadata has no remediations' do
before do
finding = vulnerability.finding
metadata = Gitlab::Json.parse(finding.raw_metadata)
metadata.delete("remediations")
finding.raw_metadata = metadata.to_json
finding.save!
end
it 'does not display Remediations section' do
expect(vulnerability.remediations).to eq(nil)
expect(result[:issue].description).not_to match(/Remediations/)
end
end
it 'does not display Remediations section' do
expect(vulnerability.remediations).to eq([nil])
expect(result[:issue].description).not_to match(/Remediations/)
context 'when raw_metadata has empty remediations key' do
before do
finding = vulnerability.finding
metadata = Gitlab::Json.parse(finding.raw_metadata)
metadata["remediations"] = [nil]
finding.raw_metadata = metadata.to_json
finding.save!
end
it 'does not display Remediations section' do
expect(vulnerability.remediations).to eq([nil])
expect(result[:issue].description).not_to match(/Remediations/)
end
end
context 'when raw_metadata has a remediation' do
it 'displays Remediations section' do
expect(vulnerability.remediations.length).to eq(1)
expect(result[:issue].description).to match(/Remediations/)
end
it 'attaches the diff' do
expect(result[:issue].description).to match(/This is a diff/)
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment