Merge branch...

Merge branch '332139-vulnerability-counts-are-not-updated-when-a-scanner-filter-is-applied' into 'master' Add Scanner ID filter to vulnerabilitySeveritiesCount See merge request gitlab-org/gitlab!63335

Merge branch...
Merge branch '332139-vulnerability-counts-are-not-updated-when-a-scanner-filter-is-applied' into 'master' Add Scanner ID filter to vulnerabilitySeveritiesCount See merge request gitlab-org/gitlab!63335
aa564dc9 · Kerri Miller · 19001b63 · b5336ba1 · aa564dc9 · aa564dc9
Commit aa564dc9 authored Jun 08, 2021 by Kerri Miller
7 changed files
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -9551,6 +9551,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="groupvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="groupvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="groupvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
+| <a id="groupvulnerabilityseveritiescountscannerid"></a>`scannerId` | [`[VulnerabilitiesScannerID!]`](#vulnerabilitiesscannerid) | Filter vulnerabilities by scanner ID. |
 | <a id="groupvulnerabilityseveritiescountseverity"></a>`severity` | [`[VulnerabilitySeverity!]`](#vulnerabilityseverity) | Filter vulnerabilities by severity. |
 | <a id="groupvulnerabilityseveritiescountstate"></a>`state` | [`[VulnerabilityState!]`](#vulnerabilitystate) | Filter vulnerabilities by state. |
@@ -9719,6 +9720,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
+| <a id="instancesecuritydashboardvulnerabilityseveritiescountscannerid"></a>`scannerId` | [`[VulnerabilitiesScannerID!]`](#vulnerabilitiesscannerid) | Filter vulnerabilities by scanner ID. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountseverity"></a>`severity` | [`[VulnerabilitySeverity!]`](#vulnerabilityseverity) | Filter vulnerabilities by severity. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountstate"></a>`state` | [`[VulnerabilityState!]`](#vulnerabilitystate) | Filter vulnerabilities by state. |
@@ -11955,6 +11957,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="projectvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="projectvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="projectvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
+| <a id="projectvulnerabilityseveritiescountscannerid"></a>`scannerId` | [`[VulnerabilitiesScannerID!]`](#vulnerabilitiesscannerid) | Filter vulnerabilities by scanner ID. |
 | <a id="projectvulnerabilityseveritiescountseverity"></a>`severity` | [`[VulnerabilitySeverity!]`](#vulnerabilityseverity) | Filter vulnerabilities by severity. |
 | <a id="projectvulnerabilityseveritiescountstate"></a>`state` | [`[VulnerabilityState!]`](#vulnerabilitystate) | Filter vulnerabilities by state. |

--- a/ee/app/assets/javascripts/security_dashboard/graphql/queries/vulnerability_severities_count.query.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/queries/vulnerability_severities_count.query.graphql
@@ -7,6 +7,7 @@ query vulnerabilitySeveritiesCount(
  $reportType: [VulnerabilityReportType!]
  $scanner: [String!]
  $state: [VulnerabilityState!]
+  $scannerId: [VulnerabilitiesScannerID!]
  $isGroup: Boolean = false
  $isProject: Boolean = false
  $isInstance: Boolean = false
@@ -18,6 +19,7 @@ query vulnerabilitySeveritiesCount(
      reportType: $reportType
      scanner: $scanner
      state: $state
+      scannerId: $scannerId
    ) {
      ...VulnerabilitySeveritiesCount
    }
@@ -29,6 +31,7 @@ query vulnerabilitySeveritiesCount(
      reportType: $reportType
      scanner: $scanner
      state: $state
+      scannerId: $scannerId
    ) {
      ...VulnerabilitySeveritiesCount
    }
@@ -39,6 +42,7 @@ query vulnerabilitySeveritiesCount(
      reportType: $reportType
      scanner: $scanner
      state: $state
+      scannerId: $scannerId
    ) {
      ...VulnerabilitySeveritiesCount
    }

--- a/ee/app/graphql/resolvers/vulnerabilities_base_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_base_resolver.rb
@@ -35,5 +35,11 @@ module Resolvers
      # dashboard
      object.nil? && current_user.present?
    end
+    def resolve_gids(gids, gid_class)
+      gids.map do |gid|
+        Types::GlobalIDType[gid_class].coerce_isolated_input(gid).model_id
+      end
+    end
  end
 end
--- a/ee/app/graphql/resolvers/vulnerabilities_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_resolver.rb
@@ -55,12 +55,6 @@ module Resolvers
    private
-    def resolve_gids(gids, gid_class)
-      gids.map do |gid|
-        Types::GlobalIDType[gid_class].coerce_isolated_input(gid).model_id
-      end
-    end
    def vulnerabilities(params)
      Security::VulnerabilitiesFinder.new(vulnerable, params).execute
    end

--- a/ee/app/graphql/resolvers/vulnerability_severities_count_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerability_severities_count_resolver.rb
@@ -29,9 +29,15 @@ module Resolvers
             required: false,
             description: 'Filter vulnerabilities by scanner.'
+    argument :scanner_id, [::Types::GlobalIDType[::Vulnerabilities::Scanner]],
+             required: false,
+             description: 'Filter vulnerabilities by scanner ID.'
    def resolve(**args)
      return Vulnerability.none unless vulnerable
+      args[:scanner_id] = resolve_gids(args[:scanner_id], ::Vulnerabilities::Scanner) if args[:scanner_id]
      Hash.new(0)
        .merge(vulnerabilities(args).grouped_by_severity.count)
    end

--- a/ee/spec/graphql/resolvers/vulnerability_severities_count_resolver_spec.rb
+++ b/ee/spec/graphql/resolvers/vulnerability_severities_count_resolver_spec.rb
@@ -63,6 +63,14 @@ RSpec.describe Resolvers::VulnerabilitySeveritiesCountResolver do
        end
      end
+      context 'when given scanner ID' do
+        let(:filters) { { scanner_id: [GitlabSchema.id_from_object(high_vulnerability.finding.scanner)] } }
+        it 'only returns count for vulnerabilities with scanner ID' do
+          is_expected.to eq('high' => 1)
+        end
+      end
      context 'when given report types' do
        let(:filters) { { report_type: %i[dast sast] } }

--- a/ee/spec/requests/api/graphql/project/vulnerability_severities_count_spec.rb
+++ b/ee/spec/requests/api/graphql/project/vulnerability_severities_count_spec.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe 'Query.project(fullPath).vulnerabilitySeveritiesCount' do
  let_it_be(:project) { create(:project) }
  let_it_be(:user) { create(:user) }
-  let_it_be(:vulnerability) { create(:vulnerability, :high, project: project) }
+  let_it_be(:vulnerability) { create(:vulnerability, :high, :with_finding, project: project) }
  let_it_be(:query) do
    %(
@@ -32,4 +32,24 @@ RSpec.describe 'Query.project(fullPath).vulnerabilitySeveritiesCount' do
    expect(high_count).to eq(1)
  end
+  context 'with scannerId filter' do
+    let(:query) do
+      %(
+        query {
+          project(fullPath: "#{project.full_path}") {
+            vulnerabilitySeveritiesCount(scannerId: "#{GitlabSchema.id_from_object(vulnerability.finding.scanner)}") {
+              high
+            }
+          }
+        }
+      )
+    end
+    it 'counts vulnerabilities with issues' do
+      high_count = subject.dig('data', 'project', 'vulnerabilitySeveritiesCount', 'high')
+      expect(high_count).to eq(1)
+    end
+  end
 end