Merge branch '325200-missing-finding-with-exports' into 'master'

Fix Vulnerability exports with missing Findings See merge request gitlab-org/gitlab!56903

Merge branch '325200-missing-finding-with-exports' into 'master'
Fix Vulnerability exports with missing Findings See merge request gitlab-org/gitlab!56903
3fe6077f · Dylan Griffith · 71c749f0 · 8a2c65cc · 3fe6077f · 3fe6077f
Commit 3fe6077f authored Mar 17, 2021 by Dylan Griffith
3 changed files
--- a/ee/app/services/vulnerability_exports/exporters/csv_service.rb
+++ b/ee/app/services/vulnerability_exports/exporters/csv_service.rb
@@ -4,7 +4,7 @@ module VulnerabilityExports
  module Exporters
    class CsvService
      IDENTIFIER_DELIMITER = '; '
-      IDENTIFIER_FORMATTER = -> (v) { v.other_identifier_values.to_csv(col_sep: IDENTIFIER_DELIMITER, row_sep: '') }
+      IDENTIFIER_FORMATTER = -> (v) { v&.other_identifier_values&.to_csv(col_sep: IDENTIFIER_DELIMITER, row_sep: '') }
      MAPPING = {
        'Group Name' => 'group_name',
        'Project Name' => 'project_name',

--- a/ee/changelogs/unreleased/325200-missing-finding-with-exports.yml
+++ b/ee/changelogs/unreleased/325200-missing-finding-with-exports.yml
+---
+title: Fix vulnerability exports when a finding is missing
+merge_request: 56903
+author:
+type: fixed
--- a/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
+++ b/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
@@ -25,6 +25,7 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
  end

  describe 'CSV content' do
+    context 'with valid findings' do
      before do
        vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'GSO', name: 'GSO-1234;1234')
        vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'TSO', name: 'TSO-1234')
@@ -72,4 +73,26 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
        end
      end
    end
+
+    context 'when a vulnerability is missing a finding' do
+      let_it_be(:group) { create(:group) }
+      let_it_be(:project) { create(:project, :public, group: group) }
+      let_it_be(:vulnerability) { create(:vulnerability, project: project) }
+
+      it 'includes proper values for each column except Other Identifiers' do
+        expect(csv[0]['Group Name']).to eq group.name
+        expect(csv[0]['Project Name']).to eq project.name
+        expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
+        expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
+        expect(csv[0]['Status']).to eq vulnerability.state
+        expect(csv[0]['Vulnerability']).to eq vulnerability.title
+        expect(csv[0]['Details']).to eq vulnerability.finding_description
+        expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
+        expect(csv[0]['Severity']).to eq vulnerability.severity
+        expect(csv[0]['CVE']).to eq vulnerability.cve_value
+        expect(csv[0]['CWE']).to eq vulnerability.cwe_value
+        expect(csv[0]['Other Identifiers']).to be_nil
+      end
+    end
+  end
 end