Automatic merge of gitlab-org/gitlab master

ee/app/models/ee/vulnerability.rb

@@ -2,6 +2,7 @@
 
 module EE
   module Vulnerability
+    include ::Gitlab::Utils::StrongMemoize
     extend ActiveSupport::Concern
 
     prepended do
@@ -134,8 +135,17 @@ module EE
         findings.first
       end
 
+      # TODO: Remove this attribute reader overrides with #262112
+      def dismissed_at
+        return unless dismissed?
+
+        super || fallback_dismissal_feedback&.created_at
+      end
+
       def dismissed_by_id
-        super || finding&.dismissal_feedback&.author_id
+        return unless dismissed?
+
+        super || fallback_dismissal_feedback&.author_id
       end
 
       def resource_parent
@@ -165,6 +175,15 @@ module EE
       def user_notes_count_service
         @user_notes_count_service ||= ::Vulnerabilities::UserNotesCountService.new(self) # rubocop: disable CodeReuse/ServiceClass
       end
+
+      # TODO: Remove this with #262112
+      def fallback_dismissal_feedback
+        strong_memoize(:fallback_dismissal_feedback) do
+          ::Gitlab::AppJsonLogger.warn(message: 'Fallback dismissal_feedback has been called!', vulnerability_id: id)
+
+          finding&.dismissal_feedback
+        end
+      end
     end
 
     class_methods do

ee/app/views/projects/merge_requests/show.html.haml

@@ -11,7 +11,7 @@
     window.gl.mrWidgetData.container_scanning_help_path = '#{help_page_path("user/application_security/container_scanning/index")}';
     window.gl.mrWidgetData.dast_help_path = '#{help_page_path("user/application_security/dast/index")}';
     window.gl.mrWidgetData.dependency_scanning_help_path = '#{help_page_path("user/application_security/dependency_scanning/index")}';
-    window.gl.mrWidgetData.coverage_fuzzinghelp_path = '#{help_page_path("user/application_security/coverage_fuzzing/index")}';
+    window.gl.mrWidgetData.coverage_fuzzing_help_path = '#{help_page_path("user/application_security/coverage_fuzzing/index")}';
     window.gl.mrWidgetData.vulnerability_feedback_help_path = '#{help_page_path("user/application_security/index")}';
     window.gl.mrWidgetData.visual_review_app_available = '#{@project.feature_available?(:visual_review_app)}' === 'true';
     window.gl.mrWidgetData.license_scanning_comparison_path = '#{license_scanning_reports_project_merge_request_path(@project, @merge_request) if @project.feature_available?(:license_scanning)}'

ee/spec/models/ee/vulnerability_spec.rb

@@ -555,6 +555,74 @@ RSpec.describe Vulnerability do
     end
   end
 
+  describe '#dismissed_at' do
+    let_it_be(:project) { create(:project) }
+    let_it_be(:finding) do
+      create(
+        :vulnerabilities_finding,
+        report_type: :dependency_scanning,
+        project: project
+      )
+    end
+
+    let(:vulnerability) { create(:vulnerability, findings: [finding]) }
+    let(:feedback_created_at) { -2.days.from_now }
+    let!(:dismissal_feedback) do
+      create(
+        :vulnerability_feedback,
+        :dependency_scanning,
+        :dismissal,
+        project: project,
+        project_fingerprint: finding.project_fingerprint,
+        created_at: feedback_created_at
+      )
+    end
+
+    subject(:dismissed_at) { vulnerability.dismissed_at }
+
+    around do |example|
+      freeze_time { example.run }
+    end
+
+    context 'when the vulnerability is not dismissed' do
+      before do
+        vulnerability.update_attribute(:dismissed_at, Time.current)
+      end
+
+      it { is_expected.to be_nil }
+    end
+
+    context 'when the vulnerability is dismissed' do
+      before do
+        vulnerability.dismissed!
+      end
+
+      context 'when the `dismissed_at` exists' do
+        let(:vulnerability_dismissed_at) { -1.day.from_now }
+
+        before do
+          vulnerability.update_attribute(:dismissed_at, vulnerability_dismissed_at)
+        end
+
+        it { is_expected.to eq(vulnerability_dismissed_at) }
+      end
+
+      context 'when the `dismissed_at` does not exist' do
+        before do
+          allow(::Gitlab::AppJsonLogger).to receive(:warn)
+        end
+
+        it { is_expected.to eq(feedback_created_at) }
+
+        it 'puts a warning log' do
+          dismissed_at
+
+          expect(::Gitlab::AppJsonLogger).to have_received(:warn)
+        end
+      end
+    end
+  end
+
   describe '#dismissed_by_id' do
     let_it_be(:user_1) { create(:user) }
     let_it_be(:user_2) { create(:user) }
@@ -579,18 +647,42 @@ RSpec.describe Vulnerability do
 
     let(:vulnerability) { create(:vulnerability, findings: [occurrence]) }
 
-    subject { vulnerability.dismissed_by_id }
+    subject(:dismissed_by_id) { vulnerability.dismissed_by_id }
 
-    context 'when the `dismissed_by_id` exists' do
+    context 'when the vulnerability is not dismissed' do
       before do
-        vulnerability.update_attribute(:dismissed_by_id, user_2.id)
+        vulnerability.update_attribute(:dismissed_by_id, user_1.id)
       end
 
-      it { is_expected.to eq(user_2.id) }
+      it { is_expected.to be_nil }
     end
 
-    context 'when the `dismissed_by_id` does not exist' do
-      it { is_expected.to eq(user_1.id) }
+    context 'when the vulnerability is dismissed' do
+      before do
+        vulnerability.dismissed!
+      end
+
+      context 'when the `dismissed_by_id` exists' do
+        before do
+          vulnerability.update_attribute(:dismissed_by_id, user_2.id)
+        end
+
+        it { is_expected.to eq(user_2.id) }
+      end
+
+      context 'when the `dismissed_by_id` does not exist' do
+        before do
+          allow(::Gitlab::AppJsonLogger).to receive(:warn)
+        end
+
+        it { is_expected.to eq(user_1.id) }
+
+        it 'puts a warning log' do
+          dismissed_by_id
+
+          expect(::Gitlab::AppJsonLogger).to have_received(:warn)
+        end
+      end
     end
   end