Merge branch '45340-sast-all-issues' into 'master'

Resolve SAST report in MR widget is not rendering list of `all` issues

Closes #5664 and gitlab-ce#45352

See merge request gitlab-org/gitlab-ee!5363

ee/app/assets/javascripts/vue_shared/security_reports/components/issues_list.vue

@@ -34,16 +34,21 @@ export default {
       required: false,
       default: () => [],
     },
-    isFullReportVisible: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
     type: {
       type: String,
       required: true,
     },
   },
+  data() {
+    return {
+      isFullReportVisible: false,
+    };
+  },
+  methods: {
+    openFullReport() {
+      this.isFullReportVisible = true;
+    },
+  },
 };
 </script>
 <template>
@@ -81,5 +86,14 @@ export default {
       status="success"
       :issues="resolvedIssues"
     />
+
+    <button
+      v-if="allIssues.length && !isFullReportVisible"
+      type="button"
+      class="btn-link btn-blank prepend-left-10 js-expand-full-list break-link"
+      @click="openFullReport"
+    >
+      {{ s__("ciReport|Show complete code vulnerabilities report") }}
+    </button>
   </div>
 </template>

ee/app/assets/javascripts/vue_shared/security_reports/components/report_section.vue

@@ -78,7 +78,6 @@ export default {
     return {
       collapseText: __('Expand'),
       isCollapsed: true,
-      isFullReportVisible: false,
     };
   },
 
@@ -125,9 +124,6 @@ export default {
       const text = this.isCollapsed ? __('Expand') : __('Collapse');
       this.collapseText = text;
     },
-    openFullReport() {
-      this.isFullReportVisible = true;
-    },
   },
 };
 </script>
@@ -182,17 +178,7 @@ export default {
           :resolved-issues="resolvedIssues"
           :all-issues="allIssues"
           :type="type"
-          :is-full-report-visible="isFullReportVisible"
         />
-
-        <button
-          v-if="allIssues.length && !isFullReportVisible"
-          type="button"
-          class="btn-link btn-blank prepend-left-10 js-expand-full-list break-link"
-          @click="openFullReport"
-        >
-          {{ s__("ciReport|Show complete code vulnerabilities report") }}
-        </button>
       </slot>
     </div>
   </section>

ee/app/assets/javascripts/vue_shared/security_reports/grouped_security_reports_app.vue

@@ -189,8 +189,8 @@
         />
 
         <issues-list
-          class="report-block-group-list"
-          v-if="sast.newIssues.length"
+          class="js-sast-issue-list report-block-group-list"
+          v-if="sast.newIssues.length || sast.resolvedIssues.length || sast.allIssues.length"
           :unresolved-issues="sast.newIssues"
           :resolved-issues="sast.resolvedIssues"
           :all-issues="sast.allIssues"
@@ -207,8 +207,9 @@
         />
 
         <issues-list
-          class="report-block-group-list"
-          v-if="dependencyScanning.newIssues.length"
+          class="js-dss-issue-list report-block-group-list"
+          v-if="dependencyScanning.newIssues.length ||
+          dependencyScanning.resolvedIssues.length || dependencyScanning.allIssues.length"
           :unresolved-issues="dependencyScanning.newIssues"
           :resolved-issues="dependencyScanning.resolvedIssues"
           :all-issues="dependencyScanning.allIssues"
@@ -226,7 +227,7 @@
 
         <issues-list
           class="report-block-group-list"
-          v-if="sastContainer.newIssues.length"
+          v-if="sastContainer.newIssues.length || sastContainer.resolvedIssues.length"
           :unresolved-issues="sastContainer.newIssues"
           :neutral-issues="sastContainer.resolvedIssues"
           :type="$options.sastContainer"
@@ -243,7 +244,7 @@
 
         <issues-list
           class="report-block-group-list"
-          v-if="dast.newIssues.length"
+          v-if="dast.newIssues.length || dast.resolvedIssues.length"
           :unresolved-issues="dast.newIssues"
           :resolved-issues="dast.resolvedIssues"
           :type="$options.dast"

ee/app/assets/stylesheets/pages/security_reports.scss

 .split-report-section {
   border-bottom: 1px solid $gray-darker;
 
-  .report-block-list {
+  .report-block-container {
     max-height: 500px;
     overflow: auto;
   }

ee/changelogs/unreleased/45340-sast-all-issues.yml

+---
+title: Render show all report for sast and dependency scanning
+merge_request: 5363
+author:
+type: fixed

spec/javascripts/vue_shared/security_reports/grouped_security_reports_app_spec.js

@@ -11,6 +11,8 @@ import {
   dockerBaseReport,
   dast,
   dastBase,
+  sastHeadAllIssues,
+  sastBaseAllIssues,
 } from './mock_data';
 
 describe('Grouped security reports app', () => {
@@ -72,9 +74,15 @@ describe('Grouped security reports app', () => {
         );
         expect(vm.$el.querySelector('.js-collapse-btn').textContent.trim()).toEqual('Expand');
 
-        expect(removeBreakLine(vm.$el.textContent)).toContain('SAST resulted in error while loading results');
-        expect(removeBreakLine(vm.$el.textContent)).toContain('Dependency scanning resulted in error while loading results');
-        expect(vm.$el.textContent).toContain('Container scanning resulted in error while loading results');
+        expect(removeBreakLine(vm.$el.textContent)).toContain(
+          'SAST resulted in error while loading results',
+        );
+        expect(removeBreakLine(vm.$el.textContent)).toContain(
+          'Dependency scanning resulted in error while loading results',
+        );
+        expect(vm.$el.textContent).toContain(
+          'Container scanning resulted in error while loading results',
+        );
         expect(vm.$el.textContent).toContain('DAST resulted in error while loading results');
         done();
       }, 0);
@@ -161,12 +169,80 @@ describe('Grouped security reports app', () => {
         );
         expect(vm.$el.querySelector('.js-collapse-btn').textContent.trim()).toEqual('Expand');
 
-        expect(removeBreakLine(vm.$el.textContent)).toContain('SAST detected 2 new vulnerabilities and 1 fixed vulnerability');
-        expect(removeBreakLine(vm.$el.textContent)).toContain('Dependency scanning detected 2 new vulnerabilities and 1 fixed vulnerability');
+        expect(removeBreakLine(vm.$el.textContent)).toContain(
+          'SAST detected 2 new vulnerabilities and 1 fixed vulnerability',
+        );
+        expect(removeBreakLine(vm.$el.textContent)).toContain(
+          'Dependency scanning detected 2 new vulnerabilities and 1 fixed vulnerability',
+        );
         expect(vm.$el.textContent).toContain('Container scanning detected 1 new vulnerability');
         expect(vm.$el.textContent).toContain('DAST detected 1 new vulnerability');
         done();
       }, 0);
     });
   });
+
+  describe('with all issues for sast and dependency scanning', () => {
+    beforeEach(() => {
+      mock.onGet('sast_head.json').reply(200, sastHeadAllIssues);
+      mock.onGet('sast_base.json').reply(200, sastBaseAllIssues);
+      mock.onGet('dast_head.json').reply(200, dast);
+      mock.onGet('dast_base.json').reply(200, dastBase);
+      mock.onGet('sast_container_head.json').reply(200, dockerReport);
+      mock.onGet('sast_container_base.json').reply(200, dockerBaseReport);
+      mock.onGet('dss_head.json').reply(200, sastHeadAllIssues);
+      mock.onGet('dss_base.json').reply(200, sastBaseAllIssues);
+
+      vm = mountComponent(Component, {
+        headBlobPath: 'path',
+        baseBlobPath: 'path',
+        sastHeadPath: 'sast_head.json',
+        sastBasePath: 'sast_base.json',
+        dastHeadPath: 'dast_head.json',
+        dastBasePath: 'dast_base.json',
+        sastContainerHeadPath: 'sast_container_head.json',
+        sastContainerBasePath: 'sast_container_base.json',
+        dependencyScanningHeadPath: 'dss_head.json',
+        dependencyScanningBasePath: 'dss_base.json',
+        sastHelpPath: 'path',
+        sastContainerHelpPath: 'path',
+        dastHelpPath: 'path',
+        dependencyScanningHelpPath: 'path',
+      });
+    });
+
+    it('render show all issues button for sast', done => {
+      setTimeout(() => {
+        expect(vm.$el.querySelector('.js-sast-issue-list .js-expand-full-list')).not.toBeNull();
+        vm.$el.querySelector('.js-sast-issue-list .js-expand-full-list').click();
+
+        vm
+          .$nextTick()
+          .then(() => {
+            expect(vm.$el.querySelector('.js-sast-issue-list').textContent).toContain(
+              sastHeadAllIssues[0].message,
+            );
+          })
+          .then(done)
+          .catch(done.fail);
+      }, 0);
+    });
+
+    it('render show all issues button for dependency scanning', done => {
+      setTimeout(() => {
+        expect(vm.$el.querySelector('.js-dss-issue-list .js-expand-full-list')).not.toBeNull();
+        vm.$el.querySelector('.js-dss-issue-list .js-expand-full-list').click();
+
+        vm
+          .$nextTick()
+          .then(() => {
+            expect(vm.$el.querySelector('.js-dss-issue-list').textContent).toContain(
+              sastHeadAllIssues[0].message,
+            );
+          })
+          .then(done)
+          .catch(done.fail);
+      }, 0);
+    });
+  });
 });