Merge branch '325200-missing-finding-with-exports' into 'master'

Fix Vulnerability exports with missing Findings See merge request gitlab-org/gitlab!56903

Merge branch '325200-missing-finding-with-exports' into 'master'
Fix Vulnerability exports with missing Findings See merge request gitlab-org/gitlab!56903
3fe6077f · Dylan Griffith · 71c749f0 · 8a2c65cc · 3fe6077f · 3fe6077f
Commit 3fe6077f authored Mar 17, 2021 by Dylan Griffith
3 changed files
--- a/ee/app/services/vulnerability_exports/exporters/csv_service.rb
+++ b/ee/app/services/vulnerability_exports/exporters/csv_service.rb
@@ -4,7 +4,7 @@ module VulnerabilityExports
  module Exporters
    class CsvService
      IDENTIFIER_DELIMITER = '; '
-      IDENTIFIER_FORMATTER = -> (v) { v.other_identifier_values.to_csv(col_sep: IDENTIFIER_DELIMITER, row_sep: '') }
+      IDENTIFIER_FORMATTER = -> (v) { v&.other_identifier_values&.to_csv(col_sep: IDENTIFIER_DELIMITER, row_sep: '') }
      MAPPING = {
        'Group Name' => 'group_name',
        'Project Name' => 'project_name',

--- a/ee/changelogs/unreleased/325200-missing-finding-with-exports.yml
+++ b/ee/changelogs/unreleased/325200-missing-finding-with-exports.yml
+---
+title: Fix vulnerability exports when a finding is missing
+merge_request: 56903
+author:
+type: fixed
--- a/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
+++ b/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
@@ -25,39 +25,62 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
  end

  describe 'CSV content' do
-    before do
-      vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'GSO', name: 'GSO-1234;1234')
-      vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'TSO', name: 'TSO-1234')
-    end
+    context 'with valid findings' do
+      before do
+        vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'GSO', name: 'GSO-1234;1234')
+        vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'TSO', name: 'TSO-1234')
+      end

-    context 'when a project belongs to a group' do
-      let_it_be(:group) { create(:group) }
-      let_it_be(:project) { create(:project, :public, group: group) }
-      let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+      context 'when a project belongs to a group' do
+        let_it_be(:group) { create(:group) }
+        let_it_be(:project) { create(:project, :public, group: group) }
+        let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }

-      it 'includes proper values for each column type', :aggregate_failures do
-        expect(csv[0]['Group Name']).to eq group.name
-        expect(csv[0]['Project Name']).to eq project.name
-        expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
-        expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
-        expect(csv[0]['Status']).to eq vulnerability.state
-        expect(csv[0]['Vulnerability']).to eq vulnerability.title
-        expect(csv[0]['Details']).to eq vulnerability.finding_description
-        expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
-        expect(csv[0]['Severity']).to eq vulnerability.severity
-        expect(csv[0]['CVE']).to eq vulnerability.cve_value
-        expect(csv[0]['CWE']).to eq vulnerability.cwe_value
-        expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
+        it 'includes proper values for each column type', :aggregate_failures do
+          expect(csv[0]['Group Name']).to eq group.name
+          expect(csv[0]['Project Name']).to eq project.name
+          expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
+          expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
+          expect(csv[0]['Status']).to eq vulnerability.state
+          expect(csv[0]['Vulnerability']).to eq vulnerability.title
+          expect(csv[0]['Details']).to eq vulnerability.finding_description
+          expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
+          expect(csv[0]['Severity']).to eq vulnerability.severity
+          expect(csv[0]['CVE']).to eq vulnerability.cve_value
+          expect(csv[0]['CWE']).to eq vulnerability.cwe_value
+          expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
+        end
+      end
+
+      context 'when a project belongs to a user' do
+        let_it_be(:user) { create(:user) }
+        let_it_be(:project) { create(:project, :public, namespace: user.namespace ) }
+        let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+
+        it 'includes proper values for each column except group name' do
+          expect(csv[0]['Group Name']).to be_nil
+          expect(csv[0]['Project Name']).to eq project.name
+          expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
+          expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
+          expect(csv[0]['Status']).to eq vulnerability.state
+          expect(csv[0]['Vulnerability']).to eq vulnerability.title
+          expect(csv[0]['Details']).to eq vulnerability.finding_description
+          expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
+          expect(csv[0]['Severity']).to eq vulnerability.severity
+          expect(csv[0]['CVE']).to eq vulnerability.cve_value
+          expect(csv[0]['CWE']).to eq vulnerability.cwe_value
+          expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
+        end
      end
    end

-    context 'when a project belongs to a user' do
-      let_it_be(:user) { create(:user) }
-      let_it_be(:project) { create(:project, :public, namespace: user.namespace ) }
-      let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+    context 'when a vulnerability is missing a finding' do
+      let_it_be(:group) { create(:group) }
+      let_it_be(:project) { create(:project, :public, group: group) }
+      let_it_be(:vulnerability) { create(:vulnerability, project: project) }

-      it 'includes proper values for each column except group name' do
-        expect(csv[0]['Group Name']).to be_nil
+      it 'includes proper values for each column except Other Identifiers' do
+        expect(csv[0]['Group Name']).to eq group.name
        expect(csv[0]['Project Name']).to eq project.name
        expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
        expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
@@ -68,7 +91,7 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
        expect(csv[0]['Severity']).to eq vulnerability.severity
        expect(csv[0]['CVE']).to eq vulnerability.cve_value
        expect(csv[0]['CWE']).to eq vulnerability.cwe_value
-        expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
+        expect(csv[0]['Other Identifiers']).to be_nil
      end
    end
  end