Fix exports for missing vuln findings

ee/app/services/vulnerability_exports/exporters/csv_service.rb

@@ -4,7 +4,7 @@ module VulnerabilityExports
   module Exporters
     class CsvService
       IDENTIFIER_DELIMITER = '; '
-      IDENTIFIER_FORMATTER = -> (v) { v.other_identifier_values.to_csv(col_sep: IDENTIFIER_DELIMITER, row_sep: '') }
+      IDENTIFIER_FORMATTER = -> (v) { v&.other_identifier_values&.to_csv(col_sep: IDENTIFIER_DELIMITER, row_sep: '') }
       MAPPING = {
         'Group Name' => 'group_name',
         'Project Name' => 'project_name',

ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb

@@ -25,39 +25,62 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
   end
 
   describe 'CSV content' do
-    before do
-      vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'GSO', name: 'GSO-1234;1234')
-      vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'TSO', name: 'TSO-1234')
-    end
+    context 'with valid findings' do
+      before do
+        vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'GSO', name: 'GSO-1234;1234')
+        vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'TSO', name: 'TSO-1234')
+      end
 
-    context 'when a project belongs to a group' do
-      let_it_be(:group) { create(:group) }
-      let_it_be(:project) { create(:project, :public, group: group) }
-      let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+      context 'when a project belongs to a group' do
+        let_it_be(:group) { create(:group) }
+        let_it_be(:project) { create(:project, :public, group: group) }
+        let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
 
-      it 'includes proper values for each column type', :aggregate_failures do
-        expect(csv[0]['Group Name']).to eq group.name
-        expect(csv[0]['Project Name']).to eq project.name
-        expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
-        expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
-        expect(csv[0]['Status']).to eq vulnerability.state
-        expect(csv[0]['Vulnerability']).to eq vulnerability.title
-        expect(csv[0]['Details']).to eq vulnerability.finding_description
-        expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
-        expect(csv[0]['Severity']).to eq vulnerability.severity
-        expect(csv[0]['CVE']).to eq vulnerability.cve_value
-        expect(csv[0]['CWE']).to eq vulnerability.cwe_value
-        expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
+        it 'includes proper values for each column type', :aggregate_failures do
+          expect(csv[0]['Group Name']).to eq group.name
+          expect(csv[0]['Project Name']).to eq project.name
+          expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
+          expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
+          expect(csv[0]['Status']).to eq vulnerability.state
+          expect(csv[0]['Vulnerability']).to eq vulnerability.title
+          expect(csv[0]['Details']).to eq vulnerability.finding_description
+          expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
+          expect(csv[0]['Severity']).to eq vulnerability.severity
+          expect(csv[0]['CVE']).to eq vulnerability.cve_value
+          expect(csv[0]['CWE']).to eq vulnerability.cwe_value
+          expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
+        end
+      end
+
+      context 'when a project belongs to a user' do
+        let_it_be(:user) { create(:user) }
+        let_it_be(:project) { create(:project, :public, namespace: user.namespace ) }
+        let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+
+        it 'includes proper values for each column except group name' do
+          expect(csv[0]['Group Name']).to be_nil
+          expect(csv[0]['Project Name']).to eq project.name
+          expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
+          expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
+          expect(csv[0]['Status']).to eq vulnerability.state
+          expect(csv[0]['Vulnerability']).to eq vulnerability.title
+          expect(csv[0]['Details']).to eq vulnerability.finding_description
+          expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
+          expect(csv[0]['Severity']).to eq vulnerability.severity
+          expect(csv[0]['CVE']).to eq vulnerability.cve_value
+          expect(csv[0]['CWE']).to eq vulnerability.cwe_value
+          expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
+        end
       end
     end
 
-    context 'when a project belongs to a user' do
-      let_it_be(:user) { create(:user) }
-      let_it_be(:project) { create(:project, :public, namespace: user.namespace ) }
-      let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+    context 'when a vulnerability is missing a finding' do
+      let_it_be(:group) { create(:group) }
+      let_it_be(:project) { create(:project, :public, group: group) }
+      let_it_be(:vulnerability) { create(:vulnerability, project: project) }
 
-      it 'includes proper values for each column except group name' do
-        expect(csv[0]['Group Name']).to be_nil
+      it 'includes proper values for each column except Other Identifiers' do
+        expect(csv[0]['Group Name']).to eq group.name
         expect(csv[0]['Project Name']).to eq project.name
         expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
         expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
@@ -68,7 +91,7 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
         expect(csv[0]['Severity']).to eq vulnerability.severity
         expect(csv[0]['CVE']).to eq vulnerability.cve_value
         expect(csv[0]['CWE']).to eq vulnerability.cwe_value
-        expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
+        expect(csv[0]['Other Identifiers']).to be_nil
       end
     end
   end