Prevent augmenting for orphan dependencies

4d180e42 · Tetiana Chupryna · f8aeff16 · 4d180e42 · 4d180e42
Commit 4d180e42 authored Nov 10, 2020 by Tetiana Chupryna
2 changed files
--- a/ee/lib/gitlab/ci/reports/dependency_list/report.rb
+++ b/ee/lib/gitlab/ci/reports/dependency_list/report.rb
@@ -51,7 +51,7 @@ module Gitlab

          def augment_ancestors!
            @dependencies.each_value do |dep|
-              next unless dep.iid
+              next unless dep.location[:ancestors]
              next if dep.location[:top_level]

              if dep.vulnerabilities.empty?

--- a/ee/spec/lib/gitlab/ci/reports/dependency_list/report_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/dependency_list/report_spec.rb
@@ -44,6 +44,19 @@ RSpec.describe Gitlab::Ci::Reports::DependencyList::Report do
        expect(ancestors.last).to eq({ name: direct[:name], version: direct[:version] })
      end

+      context 'when dependency path info is not full' do
+        let(:orphan_dependency) { build :dependency, :with_vulnerabilities, iid: 3 }
+
+        before do
+          report.add_dependency(orphan_dependency)
+        end
+
+        it 'returns array of hashes' do
+          expect(dependencies).to be_an(Array)
+          expect(dependencies.first).to be_a(Hash)
+        end
+      end
+
      context 'with multiple dependency files matching same package manager' do
        let(:indirect_other) { build :dependency, :with_vulnerabilities, iid: 32 }
        let(:direct_other) { build :dependency, :direct, :with_vulnerabilities }