Extract vulnerability finder methods from Group

These methods will be reused in Project once we add the project
security dashboard's vulnerability endpoints.

ee/app/models/concerns/ee/vulnerable.rb

+# frozen_string_literal: true
+
+module EE
+  module Vulnerable
+    extend ActiveSupport::Concern
+
+    def latest_vulnerabilities
+      Vulnerabilities::Occurrence
+        .for_pipelines(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
+    end
+
+    def latest_vulnerabilities_with_sha
+      Vulnerabilities::Occurrence
+        .for_pipelines_with_sha(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
+    end
+
+    def all_vulnerabilities
+      Vulnerabilities::Occurrence
+        .for_pipelines(all_pipelines.with_vulnerabilities.success)
+    end
+  end
+end

ee/app/models/ee/group.rb

@@ -10,6 +10,7 @@ module EE
     extend ::Gitlab::Utils::Override
 
     prepended do
+      include ::EE::Vulnerable # rubocop: disable Cop/InjectEnterpriseEditionModule
       include TokenAuthenticatable
       include InsightsFeature
 
@@ -108,21 +109,6 @@ module EE
       end
     end
 
-    def latest_vulnerabilities
-      Vulnerabilities::Occurrence
-        .for_pipelines(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
-    end
-
-    def latest_vulnerabilities_with_sha
-      Vulnerabilities::Occurrence
-        .for_pipelines_with_sha(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
-    end
-
-    def all_vulnerabilities
-      Vulnerabilities::Occurrence
-        .for_pipelines(all_pipelines.with_vulnerabilities.success)
-    end
-
     def human_ldap_access
       ::Gitlab::Access.options_with_owner.key(ldap_access)
     end

ee/spec/models/group_spec.rb

@@ -3,6 +3,7 @@ require 'spec_helper'
 describe Group do
   let(:group) { create(:group) }
 
+  it_behaves_like EE::Vulnerable
   it { is_expected.to include_module(EE::Group) }
 
   describe 'associations' do
@@ -291,91 +292,6 @@ describe Group do
     end
   end
 
-  describe 'Vulnerabilities::Occurrence collection methods' do
-    describe 'vulnerabilities finder methods' do
-      let(:project) { create(:project, namespace: group) }
-      let(:external_project) { create(:project) }
-      let(:failed_pipeline) { create(:ci_pipeline, :failed, project: project) }
-
-      let!(:old_vuln) { create_vulnerability(project) }
-      let!(:new_vuln) { create_vulnerability(project) }
-      let!(:external_vuln) { create_vulnerability(external_project) }
-      let!(:failed_vuln) { create_vulnerability(project, failed_pipeline) }
-
-      before do
-        pipeline_ran_against_new_sha = create(:ci_pipeline, :success, project: project, sha: '123')
-        new_vuln.pipelines << pipeline_ran_against_new_sha
-      end
-
-      def create_vulnerability(project, pipeline = nil)
-        pipeline ||= create(:ci_pipeline, :success, project: project)
-        create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project)
-      end
-
-      describe '#latest_vulnerabilities' do
-        subject { group.latest_vulnerabilities }
-
-        it 'returns vulns only for the latest successful pipelines of projects belonging to the group' do
-          is_expected.to contain_exactly(new_vuln)
-        end
-
-        context 'with vulnerabilities from other branches' do
-          let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
-          let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
-
-          # TODO: This should actually fail and we must scope vulns
-          # per branch as soon as we store them for other branches
-          # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
-          it 'includes vulnerabilities from all branches' do
-            is_expected.to contain_exactly(branch_vuln)
-          end
-        end
-      end
-
-      describe '#latest_vulnerabilities_with_sha' do
-        subject { group.latest_vulnerabilities_with_sha }
-
-        it 'returns vulns only for the latest successful pipelines of projects belonging to the group' do
-          is_expected.to contain_exactly(new_vuln)
-        end
-
-        it { is_expected.to all(respond_to(:sha)) }
-
-        context 'with vulnerabilities from other branches' do
-          let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
-          let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
-
-          # TODO: This should actually fail and we must scope vulns
-          # per branch as soon as we store them for other branches
-          # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
-          it 'includes vulnerabilities from all branches' do
-            is_expected.to contain_exactly(branch_vuln)
-          end
-        end
-      end
-
-      describe '#all_vulnerabilities' do
-        subject { group.all_vulnerabilities }
-
-        it 'returns vulns for all successful pipelines of projects belonging to the group' do
-          is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln)
-        end
-
-        context 'with vulnerabilities from other branches' do
-          let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
-          let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
-
-          # TODO: This should actually fail and we must scope vulns
-          # per branch as soon as we store them for other branches
-          # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
-          it 'includes vulnerabilities from all branches' do
-            is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln, branch_vuln)
-          end
-        end
-      end
-    end
-  end
-
   describe '#group_project_template_available?' do
     subject { group.group_project_template_available? }
 

ee/spec/support/shared_examples/models/concerns/ee/vulnerable_shared_examples.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+shared_examples_for EE::Vulnerable do
+  let(:project) { create(:project, namespace: group) }
+  let(:external_project) { create(:project) }
+  let(:failed_pipeline) { create(:ci_pipeline, :failed, project: project) }
+
+  let!(:old_vuln) { create_vulnerability(project) }
+  let!(:new_vuln) { create_vulnerability(project) }
+  let!(:external_vuln) { create_vulnerability(external_project) }
+  let!(:failed_vuln) { create_vulnerability(project, failed_pipeline) }
+
+  before do
+    pipeline_ran_against_new_sha = create(:ci_pipeline, :success, project: project, sha: '123')
+    new_vuln.pipelines << pipeline_ran_against_new_sha
+  end
+
+  def create_vulnerability(project, pipeline = nil)
+    pipeline ||= create(:ci_pipeline, :success, project: project)
+    create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project)
+  end
+
+  describe '#latest_vulnerabilities' do
+    subject { group.latest_vulnerabilities }
+
+    it 'returns vulnerabilities for the latest successful pipelines of projects belonging to the vulnerable entity' do
+      is_expected.to contain_exactly(new_vuln)
+    end
+
+    context 'with vulnerabilities from other branches' do
+      let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
+      let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
+
+      # TODO: This should actually fail and we must scope vulns
+      # per branch as soon as we store them for other branches
+      # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
+      it 'includes vulnerabilities from all branches' do
+        is_expected.to contain_exactly(branch_vuln)
+      end
+    end
+  end
+
+  describe '#latest_vulnerabilities_with_sha' do
+    subject { group.latest_vulnerabilities_with_sha }
+
+    it 'returns vulns only for the latest successful pipelines of projects belonging to the group' do
+      is_expected.to contain_exactly(new_vuln)
+    end
+
+    it { is_expected.to all(respond_to(:sha)) }
+
+    context 'with vulnerabilities from other branches' do
+      let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
+      let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
+
+      # TODO: This should actually fail and we must scope vulns
+      # per branch as soon as we store them for other branches
+      # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
+      it 'includes vulnerabilities from all branches' do
+        is_expected.to contain_exactly(branch_vuln)
+      end
+    end
+  end
+
+  describe '#all_vulnerabilities' do
+    subject { group.all_vulnerabilities }
+
+    it 'returns vulns for all successful pipelines of projects belonging to the group' do
+      is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln)
+    end
+
+    context 'with vulnerabilities from other branches' do
+      let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
+      let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
+
+      # TODO: This should actually fail and we must scope vulns
+      # per branch as soon as we store them for other branches
+      # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
+      it 'includes vulnerabilities from all branches' do
+        is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln, branch_vuln)
+      end
+    end
+  end
+end