Merge branch '33899-refactor-vulnerability-findings-actions' into 'master'

Clean up vulnerability findings actions Closes #33899 See merge request gitlab-org/gitlab!21279

Merge branch '33899-refactor-vulnerability-findings-actions' into 'master'
Clean up vulnerability findings actions Closes #33899 See merge request gitlab-org/gitlab!21279
89ffa9d8 · Nick Thomas · d81f132a · 499527c6 · 89ffa9d8 · 89ffa9d8
Commit 89ffa9d8 authored Dec 12, 2019 by Nick Thomas
14 changed files
--- a/ee/app/controllers/concerns/vulnerability_findings_history.rb
+++ b/ee/app/controllers/concerns/vulnerability_findings_history.rb
 # frozen_string_literal: true

-module VulnerabilityFindingsHistory
+module ProjectCollectionVulnerabilityFindingsActions
  extend ActiveSupport::Concern
+  include ProjectVulnerabilityFindingsActions

  included do
    def history
-      history_count = Gitlab::Vulnerabilities::History.new(group, filter_params).findings_counter
+      history_count = Gitlab::Vulnerabilities::History.new(vulnerable, filter_params).findings_counter

      respond_to do |format|
        format.json do

--- a/ee/app/controllers/concerns/vulnerability_findings_actions.rb
+++ b/ee/app/controllers/concerns/vulnerability_findings_actions.rb
 # frozen_string_literal: true

-# The VulnerabilityFindingsActions concern contains actions that are used to populate findings
+# The ProjectVulnerabilityFindingsActions concern contains actions that are used to populate findings
 # on security dashboards.
 #
 # Note: Consumers of this module will need to define a `def vulnerable` method, which must return
 # an object with an interface that matches the one provided by the Vulnerable model concern.

-module VulnerabilityFindingsActions
+module ProjectVulnerabilityFindingsActions
  extend ActiveSupport::Concern

  def index

--- a/ee/app/controllers/groups/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerabilities_controller.rb
@@ -3,8 +3,7 @@
 class Groups::Security::VulnerabilitiesController < Groups::ApplicationController
  include VulnerabilitiesApiFeatureGate # must come first
  include SecurityDashboardsPermissions
-  include VulnerabilityFindingsActions
-  include VulnerabilityFindingsHistory
+  include ProjectCollectionVulnerabilityFindingsActions

  alias_method :vulnerable, :group


--- a/ee/app/controllers/groups/security/vulnerability_findings_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerability_findings_controller.rb
@@ -3,8 +3,7 @@
 class Groups::Security::VulnerabilityFindingsController < Groups::ApplicationController
  include VulnerabilitiesApiFeatureGate # must come first
  include SecurityDashboardsPermissions
-  include VulnerabilityFindingsActions
-  include VulnerabilityFindingsHistory
+  include ProjectCollectionVulnerabilityFindingsActions

  alias_method :vulnerable, :group


--- a/ee/app/controllers/projects/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerabilities_controller.rb
@@ -3,7 +3,7 @@
 class Projects::Security::VulnerabilitiesController < Projects::ApplicationController
  include VulnerabilitiesApiFeatureGate # must come first
  include SecurityDashboardsPermissions
-  include VulnerabilityFindingsActions
+  include ProjectVulnerabilityFindingsActions

  alias_method :vulnerable, :project


--- a/ee/app/controllers/projects/security/vulnerability_findings_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerability_findings_controller.rb
@@ -3,7 +3,7 @@
 class Projects::Security::VulnerabilityFindingsController < Projects::ApplicationController
  include VulnerabilitiesApiFeatureGate # must come first
  include SecurityDashboardsPermissions
-  include VulnerabilityFindingsActions
+  include ProjectVulnerabilityFindingsActions

  alias_method :vulnerable, :project


--- a/ee/lib/gitlab/vulnerabilities/history.rb
+++ b/ee/lib/gitlab/vulnerabilities/history.rb
@@ -5,12 +5,12 @@ require 'vulnerabilities/history_serializer'
 module Gitlab
  module Vulnerabilities
    class History
-      attr_reader :group, :filters
+      attr_reader :vulnerable, :filters

      HISTORY_RANGE = 3.months

-      def initialize(group, filters)
-        @group = group
+      def initialize(vulnerable, filters)
+        @vulnerable = vulnerable
        @filters = filters
      end

@@ -24,14 +24,14 @@ module Gitlab
      private

      def vulnerability_findings
-        ::Security::VulnerabilityFindingsFinder.new(group, params: filters).execute(:all)
+        ::Security::VulnerabilityFindingsFinder.new(vulnerable, params: filters).execute(:all)
      end

      def cached_vulnerability_history
        history = { undefined: {}, info: {}, unknown: {}, low: {}, medium: {}, high: {}, critical: {}, total: {} }

        project_ids_to_fetch.each do |project_id|
-          project_history = Gitlab::Vulnerabilities::HistoryCache.new(group, project_id).fetch(HISTORY_RANGE)
+          project_history = Gitlab::Vulnerabilities::HistoryCache.new(vulnerable, project_id).fetch(HISTORY_RANGE)
          history.each do |key, value|
            value.merge!(project_history[key]) { |k, aggregate, project_count| aggregate + project_count }
          end
@@ -56,7 +56,7 @@ module Gitlab
      def project_ids_to_fetch
        return filters[:project_id] if filters.key?('project_id')

-        group.project_ids_with_security_reports
+        vulnerable.project_ids_with_security_reports
      end
    end
  end

--- a/ee/lib/gitlab/vulnerabilities/history_cache.rb
+++ b/ee/lib/gitlab/vulnerabilities/history_cache.rb
@@ -3,17 +3,17 @@
 module Gitlab
  module Vulnerabilities
    class HistoryCache
-      attr_reader :group, :project_id
+      attr_reader :vulnerable, :project_id

-      def initialize(group, project_id)
-        @group = group
+      def initialize(vulnerable, project_id)
+        @vulnerable = vulnerable
        @project_id = project_id
      end

      def fetch(range, force: false)
        Rails.cache.fetch(cache_key, force: force, expires_in: 1.day) do
          findings = ::Security::VulnerabilityFindingsFinder
-            .new(group, params: { project_id: [project_id] })
+            .new(vulnerable, params: { project_id: [project_id] })
            .execute(:all)
            .count_by_day_and_severity(range)
          ::Vulnerabilities::HistorySerializer.new.represent(findings)

--- a/ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
+++ b/ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
@@ -10,7 +10,7 @@ describe Groups::Security::VulnerabilitiesController do
  # when new Vulnerability Findings API is enabled this controller is not,
  # its actions are "moved" Groups::Security::VulnerabilityFindingsController

-  it_behaves_like 'VulnerabilityFindingsActions disabled' do
+  it_behaves_like 'ProjectVulnerabilityFindingsActions disabled' do
    let(:vulnerable) { group }
    let(:vulnerable_params) { params }
  end
@@ -29,7 +29,7 @@ describe Groups::Security::VulnerabilitiesController do

    # when new Vulnerability Findings API is disabled, we fall back to this controller

-    it_behaves_like VulnerabilityFindingsActions do
+    it_behaves_like ProjectVulnerabilityFindingsActions do
      let(:vulnerable) { group }
      let(:vulnerable_params) { params }
    end

--- a/ee/spec/controllers/groups/security/vulnerability_findings_controller_spec.rb
+++ b/ee/spec/controllers/groups/security/vulnerability_findings_controller_spec.rb
@@ -9,7 +9,7 @@ describe Groups::Security::VulnerabilityFindingsController do

  # when new Vulnerability Findings API is enabled, this controller is enabled as well

-  it_behaves_like VulnerabilityFindingsActions do
+  it_behaves_like ProjectVulnerabilityFindingsActions do
    let(:vulnerable) { group }
    let(:vulnerable_params) { params }
  end
@@ -29,7 +29,7 @@ describe Groups::Security::VulnerabilityFindingsController do
    # when new Vulnerability Findings API is disabled, this controller is disabled as well
    # and its actions are "moved" to Groups::Security::VulnerabilitiesController

-    it_behaves_like 'VulnerabilityFindingsActions disabled' do
+    it_behaves_like 'ProjectVulnerabilityFindingsActions disabled' do
      let(:vulnerable) { group }
      let(:vulnerable_params) { params }
    end

--- a/ee/spec/controllers/projects/security/vulnerabilities_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/vulnerabilities_controller_spec.rb
@@ -9,7 +9,7 @@ describe Projects::Security::VulnerabilitiesController do
  # when new Vulnerability Findings API is enabled, this controller is not
  # and its actions are "moved" to Projects::Security::VulnerabilityFindingsController

-  it_behaves_like 'VulnerabilityFindingsActions disabled' do
+  it_behaves_like 'ProjectVulnerabilityFindingsActions disabled' do
    let(:vulnerable) { project }
    let(:vulnerable_params) { params }
  end
@@ -26,7 +26,7 @@ describe Projects::Security::VulnerabilitiesController do

    # when new Vulnerability Findings API is disabled, we fall back to this controller

-    it_behaves_like VulnerabilityFindingsActions do
+    it_behaves_like ProjectVulnerabilityFindingsActions do
      let(:vulnerable) { project }
      let(:vulnerable_params) { params }
    end

--- a/ee/spec/controllers/projects/security/vulnerability_findings_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/vulnerability_findings_controller_spec.rb
@@ -8,7 +8,7 @@ describe Projects::Security::VulnerabilityFindingsController do

  # when new Vulnerability Findings API is enabled, this controller serves it

-  it_behaves_like VulnerabilityFindingsActions do
+  it_behaves_like ProjectVulnerabilityFindingsActions do
    let(:vulnerable) { project }
    let(:vulnerable_params) { params }
  end
@@ -26,7 +26,7 @@ describe Projects::Security::VulnerabilityFindingsController do
    # new Vulnerability Findings API is disabled and we fall back to
    # Projects::Security::VulnerabilitiesController

-    it_behaves_like 'VulnerabilityFindingsActions disabled' do
+    it_behaves_like 'ProjectVulnerabilityFindingsActions disabled' do
      let(:vulnerable) { project }
      let(:vulnerable_params) { params }
    end

--- a/ee/spec/support/shared_examples/controllers/concerns/vulnerability_findings_actions_disabled_shared_examples.rb
+++ b/ee/spec/support/shared_examples/controllers/concerns/vulnerability_findings_actions_disabled_shared_examples.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-shared_examples 'VulnerabilityFindingsActions disabled' do
+shared_examples 'ProjectVulnerabilityFindingsActions disabled' do
  include ApiHelpers
  include VulnerableHelpers


--- a/ee/spec/support/shared_examples/controllers/concerns/vulnerability_findings_actions_shared_examples.rb
+++ b/ee/spec/support/shared_examples/controllers/concerns/vulnerability_findings_actions_shared_examples.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-shared_examples VulnerabilityFindingsActions do
+shared_examples ProjectVulnerabilityFindingsActions do
  include ApiHelpers
  include VulnerableHelpers

@@ -140,12 +140,12 @@ shared_examples VulnerabilityFindingsActions do
    end

    context 'with enabled filters' do
-      let(:action_params) { vulnerable_params.merge(report_type: %w[sast dast], severity: %[high low]) }
+      let(:action_params) { vulnerable_params.merge(report_type: %w[sast dast], severity: %w[high low]) }

      it 'returns counts for filtered vulnerability findings' do
        expect(json_response['high']).to eq(3)
        expect(json_response['low']).to eq(0)
-        expect(json_response['medium']).to eq(2)
+        expect(json_response['medium']).to eq(0)
      end
    end
  end