Merge branch 'expose-more-vulnerability-data' into 'master'

Add #finding method to Vulnerability See merge request gitlab-org/gitlab!22346

Merge branch 'expose-more-vulnerability-data' into 'master'
Add #finding method to Vulnerability See merge request gitlab-org/gitlab!22346
acb38fa0 · Lin Jen-Shin · e3d13c2c · bdd36bab · acb38fa0 · acb38fa0
Commit acb38fa0 authored Jan 03, 2020 by Lin Jen-Shin
4 changed files
--- a/ee/app/models/vulnerability.rb
+++ b/ee/app/models/vulnerability.rb
@@ -45,4 +45,9 @@ class Vulnerability < ApplicationRecord
  validates :description_html, length: { maximum: Issuable::DESCRIPTION_HTML_LENGTH_MAX }, allow_blank: true

  scope :with_findings, -> { includes(:findings) }
+
+  # There will only be one finding associated with a vulnerability for the foreseeable future
+  def finding
+    findings.first
+  end
 end
--- a/ee/lib/ee/api/entities.rb
+++ b/ee/lib/ee/api/entities.rb
@@ -953,6 +953,8 @@ module EE

        expose :project, using: ::API::Entities::ProjectIdentity

+        expose :finding
+
        expose :author_id
        expose :updated_by_id
        expose :last_edited_by_id

--- a/ee/spec/models/vulnerability_spec.rb
+++ b/ee/spec/models/vulnerability_spec.rb
@@ -79,4 +79,17 @@ describe Vulnerability do
      end
    end
  end
+
+  describe '#finding' do
+    let_it_be(:project) { create(:project, :with_vulnerabilities) }
+    let_it_be(:vulnerability) { project.vulnerabilities.first }
+    let_it_be(:finding1) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
+    let_it_be(:finding2) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
+
+    subject { vulnerability.finding }
+
+    context 'with multiple findings' do
+      it { is_expected.to eq(finding1) }
+    end
+  end
 end
--- a/ee/spec/requests/api/vulnerabilities_spec.rb
+++ b/ee/spec/requests/api/vulnerabilities_spec.rb
@@ -61,6 +61,7 @@ describe API::Vulnerabilities do
  describe 'GET /vulnerabilities/:id' do
    let_it_be(:project) { create(:project, :with_vulnerabilities) }
    let_it_be(:vulnerability) { project.vulnerabilities.first }
+    let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
    let(:vulnerability_id) { vulnerability.id }

    subject(:get_vulnerability) { get api("/vulnerabilities/#{vulnerability_id}", user) }
@@ -78,6 +79,14 @@ describe API::Vulnerabilities do
        expect(json_response['id']).to eq vulnerability_id
      end

+      it 'returns the desired findings' do
+        get_vulnerability
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(response).to match_response_schema('public_api/v4/vulnerability', dir: 'ee')
+        expect(json_response['finding']['id']).to eq finding.id
+      end
+
      it_behaves_like 'responds with "not found" for an unknown vulnerability ID'
      it_behaves_like 'forbids actions on vulnerability in case of disabled features'
    end