Merge branch...

Merge branch '212983-the-resolved_on_default_branch-data-point-is-not-available-on-the-standalone-vulnerability' into 'master' Create VulnerabilitySerializer See merge request gitlab-org/gitlab!28543

Merge branch...
Merge branch '212983-the-resolved_on_default_branch-data-point-is-not-available-on-the-standalone-vulnerability' into 'master' Create VulnerabilitySerializer See merge request gitlab-org/gitlab!28543
6a03dc87 · Rémy Coutable · 9a3de96f · 94c29a86 · 6a03dc87 · 6a03dc87
Commit 6a03dc87 authored Apr 06, 2020 by Rémy Coutable
5 changed files
--- a/ee/app/helpers/vulnerabilities_helper.rb
+++ b/ee/app/helpers/vulnerabilities_helper.rb
@@ -5,7 +5,7 @@ module VulnerabilitiesHelper
    return unless vulnerability

    {
-      vulnerability_json: vulnerability.to_json,
+      vulnerability_json: VulnerabilitySerializer.new.represent(vulnerability).to_json,
      project_fingerprint: vulnerability.finding.project_fingerprint,
      create_issue_url: create_vulnerability_feedback_issue_path(vulnerability.finding.project),
      pipeline_json: vulnerability_pipeline_data(pipeline).to_json,

--- a/ee/app/serializers/vulnerability_entity.rb
+++ b/ee/app/serializers/vulnerability_entity.rb
+# frozen_string_literal: true
+
+class VulnerabilityEntity < Grape::Entity
+  include RequestAwareEntity
+
+  expose :id,
+    :title,
+    :state,
+    :severity,
+    :confidence,
+    :report_type,
+    :resolved_on_default_branch,
+    :project_default_branch,
+    :resolved_by_id,
+    :dismissed_by_id,
+    :confirmed_by_id
+end
--- a/ee/app/serializers/vulnerability_serializer.rb
+++ b/ee/app/serializers/vulnerability_serializer.rb
+# frozen_string_literal: true
+
+class VulnerabilitySerializer < BaseSerializer
+  entity VulnerabilityEntity
+end
--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -3,29 +3,65 @@
 require 'spec_helper'

 describe VulnerabilitiesHelper do
+  let_it_be(:user) { build(:user) }
+  let_it_be(:vulnerability) { create(:vulnerability, :with_findings, title: "My vulnerability") }
+  let_it_be(:finding) { vulnerability.finding }
+  let(:vulnerability_serializer_hash) do
+    vulnerability.slice(
+      :id,
+      :title,
+      :state,
+      :severity,
+      :confidence,
+      :report_type,
+      :resolved_on_default_branch,
+      :project_default_branch,
+      :resolved_by_id,
+      :dismissed_by_id,
+      :confirmed_by_id
+    )
+  end
+  let(:occurrence_serializer_hash) do
+    finding.slice(:description,
+      :identifiers,
+      :links,
+      :location,
+      :name,
+      :issue_feedback,
+      :project,
+      :solution
+    )
+  end
+
+  before do
+    allow(helper).to receive(:can?).and_return(true)
+    allow(helper).to receive(:current_user).and_return(user)
+  end
+
  RSpec.shared_examples 'vulnerability properties' do
+    before do
+      vulnerability_serializer_stub = instance_double("VulnerabilitySerializer")
+      expect(VulnerabilitySerializer).to receive(:new).and_return(vulnerability_serializer_stub)
+      expect(vulnerability_serializer_stub).to receive(:represent).with(vulnerability).and_return(vulnerability_serializer_hash)
+
+      occurrence_serializer_stub = instance_double("Vulnerabilities::OccurrenceSerializer")
+      expect(Vulnerabilities::OccurrenceSerializer).to receive(:new).and_return(occurrence_serializer_stub)
+      expect(occurrence_serializer_stub).to receive(:represent).with(finding).and_return(occurrence_serializer_hash)
+    end
+
    it 'has expected vulnerability properties' do
      expect(subject).to include(
-        vulnerability_json: vulnerability.to_json,
+        vulnerability_json: kind_of(String),
        project_fingerprint: vulnerability.finding.project_fingerprint,
-        create_issue_url: anything,
+        create_issue_url: kind_of(String),
        has_mr: anything,
-        vulnerability_feedback_help_path: anything,
-        finding_json: anything
+        vulnerability_feedback_help_path: kind_of(String),
+        finding_json: kind_of(String)
      )
    end
  end

-  before do
-    allow(helper).to receive(:can?).and_return(true)
-    allow(helper).to receive(:current_user).and_return(user)
-  end
-
-  let(:user) { build(:user) }
-
  describe '#vulnerability_data' do
-    let(:vulnerability) { create(:vulnerability, :with_findings) }
-
    subject { helper.vulnerability_data(vulnerability, pipeline) }

    describe 'when pipeline exists' do
@@ -55,9 +91,6 @@ describe VulnerabilitiesHelper do
  end

  describe '#vulnerability_finding_data' do
-    let(:vulnerability) { create(:vulnerability, :with_findings) }
-    let(:finding) { vulnerability.finding }
-
    subject { helper.vulnerability_finding_data(finding) }

    it "returns finding information" do

--- a/ee/spec/serializers/vulnerability_entity_spec.rb
+++ b/ee/spec/serializers/vulnerability_entity_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe VulnerabilityEntity do
+  let(:vulnerability) { create(:vulnerability, project: project, author: user) }
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+
+  subject { described_class.new(vulnerability).as_json }
+
+  it 'exposes vulnerability-specific elements' do
+    expect(subject).to match(
+      id: vulnerability.id,
+      title: vulnerability.title,
+      state: vulnerability.state,
+      severity: vulnerability.severity,
+      confidence: vulnerability.confidence,
+      report_type: vulnerability.report_type,
+      resolved_on_default_branch: vulnerability.resolved_on_default_branch,
+      project_default_branch: vulnerability.project_default_branch,
+      resolved_by_id: vulnerability.resolved_by_id,
+      dismissed_by_id: vulnerability.dismissed_by_id,
+      confirmed_by_id: vulnerability.confirmed_by_id
+    )
+  end
+end