From a7098dbbb6f271f1a3168d0b539424578d798fad Mon Sep 17 00:00:00 2001
From: Dave Pisek <dpisek@gitlab.com>
Date: Mon, 21 Jun 2021 16:28:54 +1000
Subject: [PATCH] Fix link for commit-type security report items

This commit fixes an issue that happened on the pipeline security tab.

It prevented a correct link from showing when a GitLab instance was
installed under a relative URL.

Changelog: fixed
EE: true
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64565
---
 .../security_dashboard/pipeline_init.js       |  2 ++
 .../generic_report/types/commit.vue           | 16 ++++---------
 .../vulnerabilities/vulnerabilities_init.js   |  5 +++-
 .../pipelines/_tabs_content.html.haml         |  1 +
 .../security/vulnerabilities/show.html.haml   |  4 ++--
 .../generic_report/types/commit_spec.js       | 23 ++++++++-----------
 6 files changed, 23 insertions(+), 28 deletions(-)

diff --git a/ee/app/assets/javascripts/security_dashboard/pipeline_init.js b/ee/app/assets/javascripts/security_dashboard/pipeline_init.js
index a00cdde5434..ca5e211d3de 100644
--- a/ee/app/assets/javascripts/security_dashboard/pipeline_init.js
+++ b/ee/app/assets/javascripts/security_dashboard/pipeline_init.js
@@ -23,6 +23,7 @@ export default () => {
     vulnerabilitiesEndpoint,
     emptyStateUnauthorizedSvgPath,
     emptyStateForbiddenSvgPath,
+    projectCommitPath,
     projectFullPath,
     pipelineJobsPath,
     canAdminVulnerability,
@@ -43,6 +44,7 @@ export default () => {
     provide: {
       dashboardType: DASHBOARD_TYPES.PIPELINE,
       projectId: parseInt(projectId, 10),
+      projectCommitPath,
       projectFullPath,
       dashboardDocumentation,
       emptyStateSvgPath,
diff --git a/ee/app/assets/javascripts/vulnerabilities/components/generic_report/types/commit.vue b/ee/app/assets/javascripts/vulnerabilities/components/generic_report/types/commit.vue
index 0945e7dc963..4e0133bd615 100644
--- a/ee/app/assets/javascripts/vulnerabilities/components/generic_report/types/commit.vue
+++ b/ee/app/assets/javascripts/vulnerabilities/components/generic_report/types/commit.vue
@@ -1,12 +1,11 @@
 <script>
 import { GlLink } from '@gitlab/ui';
-import { isRootRelative } from '~/lib/utils/url_utility';
 
 export default {
   components: {
     GlLink,
   },
-  inject: ['projectFullPath'],
+  inject: ['projectCommitPath'],
   props: {
     value: {
       type: String,
@@ -14,20 +13,13 @@ export default {
     },
   },
   computed: {
-    commitPath() {
-      const { projectFullPath, value } = this;
-      // `projectFullPath` comes in two flavors: relative (e.g.: `group/project`) and  absolute (e.g.: `/group/project`)
-      // adding a leading slash to the relative path makes sure we always link to an absolute path
-      const absoluteProjectPath = isRootRelative(projectFullPath)
-        ? projectFullPath
-        : `/${projectFullPath}`;
-
-      return `${absoluteProjectPath}/-/commit/${value}`;
+    linkToCommit() {
+      return `${this.projectCommitPath}/${this.value}`;
     },
   },
 };
 </script>
 
 <template>
-  <gl-link :href="commitPath">{{ value }}</gl-link>
+  <gl-link :href="linkToCommit">{{ value }}</gl-link>
 </template>
diff --git a/ee/app/assets/javascripts/vulnerabilities/vulnerabilities_init.js b/ee/app/assets/javascripts/vulnerabilities/vulnerabilities_init.js
index c4b390db091..0dd78268591 100644
--- a/ee/app/assets/javascripts/vulnerabilities/vulnerabilities_init.js
+++ b/ee/app/assets/javascripts/vulnerabilities/vulnerabilities_init.js
@@ -8,7 +8,9 @@ export default (el) => {
     return null;
   }
 
-  const vulnerability = convertObjectPropsToCamelCase(JSON.parse(el.dataset.vulnerability), {
+  const { vulnerability: rawVulnerability, projectCommitPath } = el.dataset;
+
+  const vulnerability = convertObjectPropsToCamelCase(JSON.parse(rawVulnerability), {
     deep: true,
   });
 
@@ -18,6 +20,7 @@ export default (el) => {
     provide: {
       reportType: vulnerability.reportType,
       newIssueUrl: vulnerability.newIssueUrl,
+      projectCommitPath,
       projectFingerprint: vulnerability.projectFingerprint,
       projectFullPath: vulnerability.project?.fullPath,
       vulnerabilityId: vulnerability.id,
diff --git a/ee/app/views/projects/pipelines/_tabs_content.html.haml b/ee/app/views/projects/pipelines/_tabs_content.html.haml
index ca2f70981bb..455229b80f2 100644
--- a/ee/app/views/projects/pipelines/_tabs_content.html.haml
+++ b/ee/app/views/projects/pipelines/_tabs_content.html.haml
@@ -21,6 +21,7 @@
     empty_state_unauthorized_svg_path: image_path('illustrations/user-not-logged-in.svg'),
     empty_state_forbidden_svg_path: image_path('illustrations/lock_promotion.svg'),
     project_full_path: project.path_with_namespace,
+    project_commit_path: "#{project_path(project)}/-/commit",
     can_admin_vulnerability: can?(current_user, :admin_vulnerability, project).to_s,
     security_report_help_page_link: help_page_path('user/application_security/index', anchor: 'security-report-validation') } }
 
diff --git a/ee/app/views/projects/security/vulnerabilities/show.html.haml b/ee/app/views/projects/security/vulnerabilities/show.html.haml
index e5c1ccc2e82..da024ff3f31 100644
--- a/ee/app/views/projects/security/vulnerabilities/show.html.haml
+++ b/ee/app/views/projects/security/vulnerabilities/show.html.haml
@@ -3,7 +3,7 @@
 - breadcrumb_title @vulnerability.id
 - page_title @vulnerability.title
 - page_description @vulnerability.description
-- vulnerability_init_details = { vulnerability: vulnerability_details_json(@vulnerability, @pipeline)}
 - add_page_specific_style 'page_bundles/security_dashboard'
 
-#js-vulnerability-main{ data: vulnerability_init_details }
+#js-vulnerability-main{ data: { vulnerability: vulnerability_details_json(@vulnerability, @pipeline),
+                                project_commit_path: "#{project_path(@vulnerability.project)}/-/commit" } }
diff --git a/ee/spec/frontend/vulnerabilities/generic_report/types/commit_spec.js b/ee/spec/frontend/vulnerabilities/generic_report/types/commit_spec.js
index 8786130f8e3..13644da59cc 100644
--- a/ee/spec/frontend/vulnerabilities/generic_report/types/commit_spec.js
+++ b/ee/spec/frontend/vulnerabilities/generic_report/types/commit_spec.js
@@ -5,36 +5,33 @@ import Commit from 'ee/vulnerabilities/components/generic_report/types/commit.vu
 const TEST_DATA = {
   value: '24922148',
 };
+const TEST_PROJECT_COMMIT_PATH = '/foo/bar';
 
 describe('ee/vulnerabilities/components/generic_report/types/commit.vue', () => {
   let wrapper;
 
-  const createWrapper = ({ provide } = {}) => {
+  const createWrapper = () => {
     return shallowMount(Commit, {
       propsData: TEST_DATA,
       provide: {
-        projectFullPath: '',
-        ...provide,
+        projectCommitPath: TEST_PROJECT_COMMIT_PATH,
       },
     });
   };
 
   const findLink = () => wrapper.findComponent(GlLink);
 
+  beforeEach(() => {
+    wrapper = createWrapper();
+  });
+
   afterEach(() => {
     wrapper.destroy();
   });
 
-  it.each(['/foo/bar', 'foo/bar'])(
-    'given `projectFullPath` is "%s" it links to the absolute path of the commit',
-    (projectFullPath) => {
-      const absoluteCommitPath = `/foo/bar/-/commit/${TEST_DATA.value}`;
-
-      wrapper = createWrapper({ provide: { projectFullPath } });
-
-      expect(findLink().attributes('href')).toBe(absoluteCommitPath);
-    },
-  );
+  it('links to the given commit hash', () => {
+    expect(findLink().attributes('href')).toBe(`${TEST_PROJECT_COMMIT_PATH}/${TEST_DATA.value}`);
+  });
 
   it('shows the value as the link-text', () => {
     wrapper = createWrapper();
-- 
2.30.9