Merge branch '262112_fallback_for_dismissed_at' into 'master'

Implement fallback for Vulnerability#dismissed_at See merge request gitlab-org/gitlab!46378

Merge branch '262112_fallback_for_dismissed_at' into 'master'
Implement fallback for Vulnerability#dismissed_at See merge request gitlab-org/gitlab!46378
1e0cb3d5 · James Lopez · 041d04e3 · 08e047a5 · 1e0cb3d5 · 1e0cb3d5
Commit 1e0cb3d5 authored Oct 30, 2020 by James Lopez
Hide whitespace changes
Inline Side-by-side

Showing with 118 additions and 7 deletions

ee/app/models/ee/vulnerability.rb ee/app/models/ee/vulnerability.rb +20 -1

ee/spec/models/ee/vulnerability_spec.rb ee/spec/models/ee/vulnerability_spec.rb +98 -6

No files found.
--- a/ee/app/models/ee/vulnerability.rb
+++ b/ee/app/models/ee/vulnerability.rb
@@ -2,6 +2,7 @@

 module EE
  module Vulnerability
+    include ::Gitlab::Utils::StrongMemoize
    extend ActiveSupport::Concern

    prepended do
@@ -134,8 +135,17 @@ module EE
        findings.first
      end

+      # TODO: Remove this attribute reader overrides with #262112
+      def dismissed_at
+        return unless dismissed?
+
+        super || fallback_dismissal_feedback&.created_at
+      end
+
      def dismissed_by_id
-        super || finding&.dismissal_feedback&.author_id
+        return unless dismissed?
+
+        super || fallback_dismissal_feedback&.author_id
      end

      def resource_parent
@@ -165,6 +175,15 @@ module EE
      def user_notes_count_service
        @user_notes_count_service ||= ::Vulnerabilities::UserNotesCountService.new(self) # rubocop: disable CodeReuse/ServiceClass
      end
+
+      # TODO: Remove this with #262112
+      def fallback_dismissal_feedback
+        strong_memoize(:fallback_dismissal_feedback) do
+          ::Gitlab::AppJsonLogger.warn(message: 'Fallback dismissal_feedback has been called!', vulnerability_id: id)
+
+          finding&.dismissal_feedback
+        end
+      end
    end

    class_methods do

--- a/ee/spec/models/ee/vulnerability_spec.rb
+++ b/ee/spec/models/ee/vulnerability_spec.rb
@@ -555,6 +555,74 @@ RSpec.describe Vulnerability do
    end
  end

+  describe '#dismissed_at' do
+    let_it_be(:project) { create(:project) }
+    let_it_be(:finding) do
+      create(
+        :vulnerabilities_finding,
+        report_type: :dependency_scanning,
+        project: project
+      )
+    end
+
+    let(:vulnerability) { create(:vulnerability, findings: [finding]) }
+    let(:feedback_created_at) { -2.days.from_now }
+    let!(:dismissal_feedback) do
+      create(
+        :vulnerability_feedback,
+        :dependency_scanning,
+        :dismissal,
+        project: project,
+        project_fingerprint: finding.project_fingerprint,
+        created_at: feedback_created_at
+      )
+    end
+
+    subject(:dismissed_at) { vulnerability.dismissed_at }
+
+    around do |example|
+      freeze_time { example.run }
+    end
+
+    context 'when the vulnerability is not dismissed' do
+      before do
+        vulnerability.update_attribute(:dismissed_at, Time.current)
+      end
+
+      it { is_expected.to be_nil }
+    end
+
+    context 'when the vulnerability is dismissed' do
+      before do
+        vulnerability.dismissed!
+      end
+
+      context 'when the `dismissed_at` exists' do
+        let(:vulnerability_dismissed_at) { -1.day.from_now }
+
+        before do
+          vulnerability.update_attribute(:dismissed_at, vulnerability_dismissed_at)
+        end
+
+        it { is_expected.to eq(vulnerability_dismissed_at) }
+      end
+
+      context 'when the `dismissed_at` does not exist' do
+        before do
+          allow(::Gitlab::AppJsonLogger).to receive(:warn)
+        end
+
+        it { is_expected.to eq(feedback_created_at) }
+
+        it 'puts a warning log' do
+          dismissed_at
+
+          expect(::Gitlab::AppJsonLogger).to have_received(:warn)
+        end
+      end
+    end
+  end
+
  describe '#dismissed_by_id' do
    let_it_be(:user_1) { create(:user) }
    let_it_be(:user_2) { create(:user) }
@@ -579,18 +647,42 @@ RSpec.describe Vulnerability do

    let(:vulnerability) { create(:vulnerability, findings: [occurrence]) }

-    subject { vulnerability.dismissed_by_id }
+    subject(:dismissed_by_id) { vulnerability.dismissed_by_id }

-    context 'when the `dismissed_by_id` exists' do
+    context 'when the vulnerability is not dismissed' do
      before do
-        vulnerability.update_attribute(:dismissed_by_id, user_2.id)
+        vulnerability.update_attribute(:dismissed_by_id, user_1.id)
      end

-      it { is_expected.to eq(user_2.id) }
+      it { is_expected.to be_nil }
    end

-    context 'when the `dismissed_by_id` does not exist' do
-      it { is_expected.to eq(user_1.id) }
+    context 'when the vulnerability is dismissed' do
+      before do
+        vulnerability.dismissed!
+      end
+
+      context 'when the `dismissed_by_id` exists' do
+        before do
+          vulnerability.update_attribute(:dismissed_by_id, user_2.id)
+        end
+
+        it { is_expected.to eq(user_2.id) }
+      end
+
+      context 'when the `dismissed_by_id` does not exist' do
+        before do
+          allow(::Gitlab::AppJsonLogger).to receive(:warn)
+        end
+
+        it { is_expected.to eq(user_1.id) }
+
+        it 'puts a warning log' do
+          dismissed_by_id
+
+          expect(::Gitlab::AppJsonLogger).to have_received(:warn)
+        end
+      end
    end
  end