Populate description of vulnerability from finding if needed

ee/app/graphql/types/vulnerability_type.rb

@@ -130,6 +130,10 @@ module Types
       object.finding&.identifiers
     end
 
+    def description
+      object.description || object.finding_description
+    end
+
     def project
       Gitlab::Graphql::Loaders::BatchModelLoader.new(Project, object.project_id).find
     end

ee/changelogs/unreleased/294173-description-of-vulnerability-is-empty-in-graphql.yml

+---
+title: Properly populate description in an issue created from a vulnerability
+merge_request: 52619
+author:
+type: fixed

ee/spec/graphql/types/vulnerability_type_spec.rb

@@ -106,4 +106,44 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
       end
     end
   end
+
+  describe '#description' do
+    let_it_be(:vulnerability_with_finding) { create(:vulnerability, :with_findings, project: project) }
+
+    let(:query) do
+      %(
+        query {
+          project(fullPath: "#{project.full_path}") {
+            name
+            vulnerabilities {
+              nodes {
+                description
+              }
+            }
+          }
+        }
+      )
+    end
+
+    context 'when the vulnerability description field is populated' do
+      it 'returns the description for the vulnerability' do
+        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
+
+        expect(vulnerabilities.first['description']).to eq(vulnerability_with_finding.description)
+      end
+    end
+
+    context 'when the vulnerability description field is empty' do
+      before do
+        vulnerability_with_finding.description = nil
+        vulnerability_with_finding.save!
+      end
+
+      it 'returns the description for the vulnerability finding' do
+        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
+
+        expect(vulnerabilities.first['description']).to eq(vulnerability_with_finding.finding.description)
+      end
+    end
+  end
 end